Mercurial > noffle
annotate src/authenticate.c @ 493:4d3a1597813a noffle
[svn] updated FSF address
author | godisch |
---|---|
date | Sun, 16 Apr 2006 07:20:58 +0100 |
parents | 20abd71918ad |
children |
rev | line source |
---|---|
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
1 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
2 authenticate.c |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
3 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
4 Do client authentication |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
5 |
475
20abd71918ad
[svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents:
291
diff
changeset
|
6 $Id: authenticate.c 622 2004-03-16 10:24:18Z bears $ |
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
7 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
8 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
9 #if HAVE_CONFIG_H |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
10 #include <config.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
11 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
12 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
13 #include <errno.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
14 #include <stdio.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
15 #include <string.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
16 #include <sys/types.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
17 #include <sys/stat.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
18 #include <unistd.h> |
475
20abd71918ad
[svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents:
291
diff
changeset
|
19 #include <grp.h> |
20abd71918ad
[svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents:
291
diff
changeset
|
20 #include <pwd.h> |
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
21 #include "common.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
22 #include "authenticate.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
23 #include "configfile.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
24 #include "log.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
25 #include "portable.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
26 #include "util.h" |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
27 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
28 #if USE_AUTH |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
29 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
30 #if USE_PAM |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
31 #include <security/pam_appl.h> |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
32 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
33 static const char *password; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
34 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
35 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
36 * It's a bit tricky to go around asking PAM questions at this stage, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
37 * as well as not fitting NNTP, so just repond to all PAM questions |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
38 * with the password and hope that works. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
39 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
40 static int noffle_conv( int num_msg, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
41 const struct pam_message **msgm, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
42 struct pam_response **response, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
43 void *appdata_ptr ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
44 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
45 struct pam_response *reply; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
46 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
47 UNUSED(appdata_ptr); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
48 UNUSED(msgm); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
49 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
50 reply = calloc( num_msg, sizeof (struct pam_response) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
51 reply->resp = strdup( password ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
52 reply->resp_retcode = 0; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
53 *response = reply; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
54 return PAM_SUCCESS; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
55 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
56 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
57 static struct pam_conv conv = { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
58 noffle_conv, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
59 NULL |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
60 }; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
61 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
62 static pam_handle_t *pamh = NULL; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
63 static Bool pam_session_opened = FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
64 static Bool pam_set_cred = FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
65 static uid_t oldEuid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
66 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
67 static Bool |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
68 PAM_open( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
69 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
70 int retval; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
71 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
72 /* To use PAM successfully we need to be root. */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
73 ASSERT ( getuid() == 0 ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
74 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
75 ASSERT( pamh == NULL ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
76 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
77 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
78 * Preserve old eUid to be restored when PAM closes and set |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
79 * current euid to root for PAMs benefit. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
80 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
81 oldEuid = geteuid(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
82 if ( seteuid( 0 ) < 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
83 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
84 Log_err( "Cannot set euid to root: %s", strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
85 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
86 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
87 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
88 retval = pam_start( "noffle", NULL, &conv, &pamh ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
89 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
90 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
91 Log_err( "Cannot starting authentication: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
92 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
93 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
94 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
95 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
96 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
97 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
98 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
99 static enum AuthResult |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
100 PAM_authenticate( const char *user, const char *pass ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
101 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
102 int retval; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
103 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
104 ASSERT( pamh != NULL ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
105 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
106 password = pass; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
107 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
108 retval = pam_set_item( pamh, PAM_USER, user ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
109 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
110 Log_dbg( LOG_DBG_AUTH, "pam_set_item failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
111 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
112 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
113 if ( retval == PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
114 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
115 retval = pam_authenticate( pamh, PAM_SILENT ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
116 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
117 Log_dbg( LOG_DBG_AUTH, "pam_authenticate failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
118 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
119 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
120 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
121 if ( retval == PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
122 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
123 retval = pam_setcred( pamh, PAM_ESTABLISH_CRED ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
124 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
125 Log_dbg( LOG_DBG_AUTH, "pam_setcred failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
126 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
127 else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
128 pam_set_cred = TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
129 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
130 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
131 if ( retval == PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
132 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
133 retval = pam_open_session( pamh, 0 ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
134 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
135 Log_dbg( LOG_DBG_AUTH, "pam_open_session failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
136 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
137 else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
138 pam_session_opened = TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
139 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
140 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
141 switch ( retval ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
142 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
143 case PAM_SUCCESS: |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
144 return AUTH_OK; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
145 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
146 case PAM_MAXTRIES: |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
147 return AUTH_DISCONNECT; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
148 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
149 case PAM_ABORT: |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
150 return AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
151 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
152 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
153 return AUTH_FAILED; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
154 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
155 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
156 static void |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
157 PAM_close( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
158 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
159 int retval = 0; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
160 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
161 ASSERT ( pamh != NULL ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
162 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
163 if ( pam_session_opened ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
164 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
165 pam_session_opened = FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
166 retval = pam_close_session( pamh, 0 ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
167 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
168 Log_dbg( LOG_DBG_AUTH, "pam_close_session failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
169 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
170 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
171 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
172 if ( pam_set_cred ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
173 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
174 pam_set_cred = FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
175 retval = pam_setcred( pamh, PAM_DELETE_CRED ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
176 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
177 Log_dbg( LOG_DBG_AUTH, "pam_set_cred failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
178 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
179 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
180 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
181 retval = pam_end( pamh, retval ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
182 if ( retval != PAM_SUCCESS ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
183 Log_dbg( LOG_DBG_AUTH, "pam_end failed: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
184 pam_strerror( pamh, retval ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
185 pamh = NULL; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
186 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
187 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
188 * For completeness set euid back to original value, though it'll |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
189 * probably be set again by Auth_dropPrivs. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
190 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
191 if ( seteuid( oldEuid ) < 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
192 Log_err( "Cannot set euid back to %d: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
193 oldEuid, strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
194 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
195 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
196 #else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
197 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
198 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
199 * No PAM, so provide a simple alternative. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
200 * |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
201 * USERSFILE is a simple plain-text file consisting of username password |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
202 * pairs, one pair per line. Comments are prefixed by '#'. Blank lines |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
203 * are ignored. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
204 * |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
205 * By way of a simple security check, the users file MUST be only |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
206 * readable and writable by the owner. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
207 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
208 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
209 #define AUTH_MAX_TRIES 3 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
210 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
211 static int authTries = 0; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
212 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
213 static enum AuthResult |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
214 file_authenticate( const char *user, const char *pass ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
215 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
216 Str file, line; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
217 FILE *f; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
218 struct stat statBuf; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
219 enum AuthResult res = AUTH_FAILED; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
220 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
221 Utl_cpyStr( file, USERSFILE ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
222 if ( stat( file, &statBuf ) < 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
223 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
224 Log_err( "Cannot read %s (%s)", file, strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
225 return AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
226 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
227 if ( !S_ISREG( statBuf.st_mode ) ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
228 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
229 Log_err( "%s must be a regular file, not a link", file ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
230 return AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
231 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
232 if ( ( statBuf.st_mode & ( S_IRWXG | S_IRWXO ) ) != 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
233 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
234 Log_err( "%s must be readable only by its owner", file ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
235 return AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
236 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
237 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
238 if ( ! ( f = fopen( file, "r" ) ) ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
239 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
240 Log_err( "Cannot read %s (%s)", file, strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
241 return AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
242 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
243 while ( res == AUTH_FAILED && fgets( line, MAXCHAR, f ) ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
244 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
245 Str theUser, thePass; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
246 char *p; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
247 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
248 p = Utl_stripWhiteSpace( line ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
249 Utl_stripComment( p ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
250 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
251 if ( *p == '\0' ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
252 continue; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
253 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
254 if ( sscanf( p, MAXCHAR_FMT " " MAXCHAR_FMT, theUser, thePass ) != 2 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
255 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
256 res = AUTH_ERROR; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
257 Log_err( "Badly formatted line %s in %s", p, file ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
258 break; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
259 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
260 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
261 if ( strcmp( user, theUser ) == 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
262 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
263 if ( strcmp( pass, thePass ) == 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
264 res = AUTH_OK; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
265 break; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
266 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
267 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
268 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
269 fclose( f ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
270 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
271 if ( res == AUTH_FAILED ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
272 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
273 authTries++; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
274 sleep( authTries * authTries ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
275 if ( authTries >= AUTH_MAX_TRIES ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
276 res = AUTH_DISCONNECT; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
277 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
278 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
279 return res; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
280 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
281 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
282 #endif /* USE_PAM */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
283 #endif /* USE_AUTH */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
284 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
285 /* Open authentication session. */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
286 Bool |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
287 Auth_open( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
288 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
289 #if USE_AUTH |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
290 #if USE_PAM |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
291 return PAM_open(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
292 #else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
293 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
294 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
295 #else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
296 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
297 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
298 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
299 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
300 /* Authenticate a user and password. */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
301 enum AuthResult |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
302 Auth_authenticate( const char *user, const char *pass ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
303 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
304 #if USE_AUTH |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
305 #if USE_PAM |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
306 return PAM_authenticate( user, pass ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
307 #else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
308 return file_authenticate( user, pass ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
309 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
310 #else |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
311 UNUSED(user); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
312 UNUSED(pass); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
313 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
314 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
315 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
316 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
317 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
318 /* Authentication session now closed. */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
319 void |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
320 Auth_close( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
321 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
322 #if USE_AUTH && USE_PAM |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
323 PAM_close(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
324 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
325 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
326 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
327 static uid_t noffleUid = (uid_t) -1; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
328 static gid_t noffleGid= (gid_t) -1; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
329 static Bool adminUser = FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
330 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
331 /* Check we have appropriate privs for authentication. */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
332 Bool |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
333 Auth_checkPrivs( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
334 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
335 uid_t euid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
336 gid_t egid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
337 uid_t ruid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
338 struct passwd* pwnam; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
339 struct group* grnam; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
340 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
341 euid = geteuid(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
342 egid = getegid(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
343 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
344 pwnam = getpwnam( Cfg_noffleUser() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
345 if ( pwnam == NULL ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
346 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
347 Log_err( "Noffle user %s is not a known user", Cfg_noffleUser() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
348 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
349 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
350 noffleUid = pwnam->pw_uid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
351 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
352 grnam = getgrnam( Cfg_noffleGroup() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
353 if ( grnam == NULL ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
354 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
355 Log_err( "Noffle group %s is not a known group", Cfg_noffleGroup() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
356 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
357 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
358 noffleGid = grnam->gr_gid; |
291
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
359 |
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
360 ruid = getuid(); |
291
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
361 |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
362 /* Determine if admin user - root, news... */ |
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
363 adminUser = ( ruid == 0 || ruid == noffleUid ); |
291
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
364 if ( ! adminUser && grnam->gr_mem != NULL ) |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
365 { |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
366 /* ... or member of group news. */ |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
367 pwnam = getpwuid( ruid ); |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
368 if ( pwnam != NULL ) |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
369 { |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
370 char* name = pwnam->pw_name; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
371 char** grpmembers = grnam->gr_mem; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
372 char* grpmember; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
373 |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
374 for ( grpmember = *grpmembers; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
375 grpmember != NULL; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
376 grpmember = *++grpmembers ) |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
377 { |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
378 if ( strcmp( name, grpmember ) == 0 ) |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
379 { |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
380 adminUser = TRUE; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
381 break; |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
382 } |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
383 } |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
384 } |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
385 else |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
386 Log_err( "Cannot get user info for uid %d: %s", |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
387 ruid, strerror( errno ) ); |
bf200dccbce5
[svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents:
288
diff
changeset
|
388 } |
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
389 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
390 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
391 * If we're really root, we will set the privs we require later. Otherwise |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
392 * we need to check that everything is as it should be. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
393 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
394 if ( ruid != 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
395 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
396 #if USE_AUTH && USE_PAM |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
397 if( Cfg_needClientAuth() ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
398 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
399 Log_err( "Noffle must run as root to use PAM authentication" ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
400 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
401 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
402 #endif |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
403 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
404 if ( noffleUid != euid ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
405 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
406 Log_err( "Noffle needs to run as root or user %s", Cfg_noffleUser() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
407 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
408 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
409 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
410 if ( noffleGid != egid ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
411 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
412 Log_err( "Noffle needs to run as root or as group %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
413 Cfg_noffleGroup() ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
414 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
415 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
416 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
417 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
418 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
419 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
420 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
421 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
422 * See if we should be permitted admin access. Admins can do anything, |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
423 * non-admins can only read articles, list groups and post. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
424 * |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
425 * This must be called after Auth_checkPrivs. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
426 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
427 Bool |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
428 Auth_admin( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
429 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
430 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
431 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
432 return adminUser; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
433 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
434 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
435 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
436 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
437 * Drop any privs required for authentication. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
438 * |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
439 * Must be called AFTER Auth_checkPrivs. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
440 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
441 Bool |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
442 Auth_dropPrivs( void ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
443 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
444 uid_t euid; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
445 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
446 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
447 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
448 /* |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
449 * We only need to drop privs if we're currently root. We |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
450 * should have already checked we're the news user on startup. |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
451 */ |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
452 euid = geteuid(); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
453 if ( euid != 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
454 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
455 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
456 if ( setgid( noffleGid ) != 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
457 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
458 Log_err( "Can't set group %s: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
459 Cfg_noffleGroup(), strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
460 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
461 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
462 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
463 if ( setuid( noffleUid ) != 0 ) |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
464 { |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
465 Log_err( "Can't set user to %s: %s", |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
466 Cfg_noffleUser(), strerror( errno ) ); |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
467 return FALSE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
468 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
469 |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
470 return TRUE; |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
471 } |
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
472 |