Mercurial > noffle
annotate src/authenticate.c @ 288:c02c4eb95f95 noffle
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
and noffle-group configs.
* src/configfile.c,src/fetch.c,src/fetchlist.c,src/protocol.c,
src/server.c: Replace strcpy() with Utl_cpyStr() where appropriate.
See Debian bug 168128.
* src/control.c,src/configfile.c,src/noffle.c: Replace [s]scanf("%s")
with [s]scanf(MAXCHAR_FMT).
* src/noffle.c: Log warning if noffle.conf is world readable.
* src/noffle.c: Restrict most options to news admins; i.e. those who
are root or news on running Noffle.
* Makefile.in,acconfig.h,aclocal.m4,config.h.in,configure,configure.in,
docs/Makefile.in,docs/noffle.conf.5,packages/Makefile.in,
packages/redhat/Makefile.in,src/Makefile.am,src/Makefile.in,
src/authenticate.c,src/authenticate.h,src/noffle.c,src/server.c:
Add basic authentication using either Noffle-specific user file
or authenticating via PAM (service 'noffle'). PAM authentication
needs to run as root, so a Noffle server that needs PAM
must be started by root. Helpful (?) error messages will be logged
if not. Noffle will switch ruid and euid to 'news' (or whatever
is configured) ASAP.
* src/noffle.c: Add uid checking.
| author | bears |
|---|---|
| date | Fri, 10 Jan 2003 23:25:45 +0000 |
| parents | |
| children | bf200dccbce5 |
| rev | line source |
|---|---|
|
288
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
1 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
2 authenticate.c |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
3 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
4 Do client authentication |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
5 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
6 $Id: authenticate.c 420 2003-01-10 23:25:45Z bears $ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
7 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
8 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
9 #if HAVE_CONFIG_H |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
10 #include <config.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
11 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
12 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
13 #include <errno.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
14 #include <grp.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
15 #include <pwd.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
16 #include <stdio.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
17 #include <string.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
18 #include <sys/types.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
19 #include <sys/stat.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
20 #include <unistd.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
21 #include "common.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
22 #include "authenticate.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
23 #include "configfile.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
24 #include "log.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
25 #include "portable.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
26 #include "util.h" |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
27 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
28 #if USE_AUTH |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
29 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
30 #if USE_PAM |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
31 #include <security/pam_appl.h> |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
32 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
33 static const char *password; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
34 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
35 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
36 * It's a bit tricky to go around asking PAM questions at this stage, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
37 * as well as not fitting NNTP, so just repond to all PAM questions |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
38 * with the password and hope that works. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
39 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
40 static int noffle_conv( int num_msg, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
41 const struct pam_message **msgm, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
42 struct pam_response **response, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
43 void *appdata_ptr ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
44 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
45 struct pam_response *reply; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
46 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
47 UNUSED(appdata_ptr); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
48 UNUSED(msgm); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
49 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
50 reply = calloc( num_msg, sizeof (struct pam_response) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
51 reply->resp = strdup( password ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
52 reply->resp_retcode = 0; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
53 *response = reply; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
54 return PAM_SUCCESS; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
55 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
56 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
57 static struct pam_conv conv = { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
58 noffle_conv, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
59 NULL |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
60 }; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
61 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
62 static pam_handle_t *pamh = NULL; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
63 static Bool pam_session_opened = FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
64 static Bool pam_set_cred = FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
65 static uid_t oldEuid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
66 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
67 static Bool |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
68 PAM_open( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
69 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
70 int retval; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
71 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
72 /* To use PAM successfully we need to be root. */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
73 ASSERT ( getuid() == 0 ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
74 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
75 ASSERT( pamh == NULL ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
76 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
77 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
78 * Preserve old eUid to be restored when PAM closes and set |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
79 * current euid to root for PAMs benefit. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
80 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
81 oldEuid = geteuid(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
82 if ( seteuid( 0 ) < 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
83 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
84 Log_err( "Cannot set euid to root: %s", strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
85 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
86 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
87 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
88 retval = pam_start( "noffle", NULL, &conv, &pamh ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
89 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
90 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
91 Log_err( "Cannot starting authentication: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
92 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
93 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
94 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
95 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
96 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
97 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
98 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
99 static enum AuthResult |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
100 PAM_authenticate( const char *user, const char *pass ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
101 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
102 int retval; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
103 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
104 ASSERT( pamh != NULL ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
105 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
106 password = pass; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
107 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
108 retval = pam_set_item( pamh, PAM_USER, user ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
109 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
110 Log_dbg( LOG_DBG_AUTH, "pam_set_item failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
111 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
112 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
113 if ( retval == PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
114 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
115 retval = pam_authenticate( pamh, PAM_SILENT ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
116 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
117 Log_dbg( LOG_DBG_AUTH, "pam_authenticate failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
118 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
119 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
120 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
121 if ( retval == PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
122 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
123 retval = pam_setcred( pamh, PAM_ESTABLISH_CRED ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
124 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
125 Log_dbg( LOG_DBG_AUTH, "pam_setcred failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
126 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
127 else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
128 pam_set_cred = TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
129 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
130 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
131 if ( retval == PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
132 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
133 retval = pam_open_session( pamh, 0 ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
134 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
135 Log_dbg( LOG_DBG_AUTH, "pam_open_session failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
136 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
137 else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
138 pam_session_opened = TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
139 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
140 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
141 switch ( retval ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
142 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
143 case PAM_SUCCESS: |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
144 return AUTH_OK; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
145 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
146 case PAM_MAXTRIES: |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
147 return AUTH_DISCONNECT; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
148 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
149 case PAM_ABORT: |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
150 return AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
151 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
152 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
153 return AUTH_FAILED; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
154 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
155 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
156 static void |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
157 PAM_close( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
158 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
159 int retval = 0; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
160 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
161 ASSERT ( pamh != NULL ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
162 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
163 if ( pam_session_opened ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
164 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
165 pam_session_opened = FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
166 retval = pam_close_session( pamh, 0 ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
167 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
168 Log_dbg( LOG_DBG_AUTH, "pam_close_session failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
169 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
170 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
171 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
172 if ( pam_set_cred ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
173 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
174 pam_set_cred = FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
175 retval = pam_setcred( pamh, PAM_DELETE_CRED ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
176 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
177 Log_dbg( LOG_DBG_AUTH, "pam_set_cred failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
178 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
179 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
180 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
181 retval = pam_end( pamh, retval ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
182 if ( retval != PAM_SUCCESS ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
183 Log_dbg( LOG_DBG_AUTH, "pam_end failed: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
184 pam_strerror( pamh, retval ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
185 pamh = NULL; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
186 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
187 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
188 * For completeness set euid back to original value, though it'll |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
189 * probably be set again by Auth_dropPrivs. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
190 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
191 if ( seteuid( oldEuid ) < 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
192 Log_err( "Cannot set euid back to %d: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
193 oldEuid, strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
194 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
195 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
196 #else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
197 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
198 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
199 * No PAM, so provide a simple alternative. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
200 * |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
201 * USERSFILE is a simple plain-text file consisting of username password |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
202 * pairs, one pair per line. Comments are prefixed by '#'. Blank lines |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
203 * are ignored. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
204 * |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
205 * By way of a simple security check, the users file MUST be only |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
206 * readable and writable by the owner. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
207 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
208 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
209 #define AUTH_MAX_TRIES 3 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
210 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
211 static int authTries = 0; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
212 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
213 static enum AuthResult |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
214 file_authenticate( const char *user, const char *pass ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
215 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
216 Str file, line; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
217 FILE *f; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
218 struct stat statBuf; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
219 enum AuthResult res = AUTH_FAILED; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
220 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
221 Utl_cpyStr( file, USERSFILE ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
222 if ( stat( file, &statBuf ) < 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
223 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
224 Log_err( "Cannot read %s (%s)", file, strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
225 return AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
226 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
227 if ( !S_ISREG( statBuf.st_mode ) ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
228 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
229 Log_err( "%s must be a regular file, not a link", file ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
230 return AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
231 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
232 if ( ( statBuf.st_mode & ( S_IRWXG | S_IRWXO ) ) != 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
233 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
234 Log_err( "%s must be readable only by its owner", file ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
235 return AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
236 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
237 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
238 if ( ! ( f = fopen( file, "r" ) ) ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
239 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
240 Log_err( "Cannot read %s (%s)", file, strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
241 return AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
242 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
243 while ( res == AUTH_FAILED && fgets( line, MAXCHAR, f ) ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
244 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
245 Str theUser, thePass; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
246 char *p; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
247 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
248 p = Utl_stripWhiteSpace( line ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
249 Utl_stripComment( p ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
250 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
251 if ( *p == '\0' ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
252 continue; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
253 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
254 if ( sscanf( p, MAXCHAR_FMT " " MAXCHAR_FMT, theUser, thePass ) != 2 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
255 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
256 res = AUTH_ERROR; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
257 Log_err( "Badly formatted line %s in %s", p, file ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
258 break; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
259 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
260 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
261 if ( strcmp( user, theUser ) == 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
262 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
263 if ( strcmp( pass, thePass ) == 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
264 res = AUTH_OK; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
265 break; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
266 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
267 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
268 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
269 fclose( f ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
270 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
271 if ( res == AUTH_FAILED ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
272 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
273 authTries++; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
274 sleep( authTries * authTries ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
275 if ( authTries >= AUTH_MAX_TRIES ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
276 res = AUTH_DISCONNECT; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
277 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
278 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
279 return res; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
280 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
281 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
282 #endif /* USE_PAM */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
283 #endif /* USE_AUTH */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
284 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
285 /* Open authentication session. */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
286 Bool |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
287 Auth_open( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
288 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
289 #if USE_AUTH |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
290 #if USE_PAM |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
291 return PAM_open(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
292 #else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
293 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
294 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
295 #else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
296 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
297 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
298 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
299 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
300 /* Authenticate a user and password. */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
301 enum AuthResult |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
302 Auth_authenticate( const char *user, const char *pass ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
303 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
304 #if USE_AUTH |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
305 #if USE_PAM |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
306 return PAM_authenticate( user, pass ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
307 #else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
308 return file_authenticate( user, pass ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
309 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
310 #else |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
311 UNUSED(user); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
312 UNUSED(pass); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
313 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
314 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
315 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
316 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
317 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
318 /* Authentication session now closed. */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
319 void |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
320 Auth_close( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
321 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
322 #if USE_AUTH && USE_PAM |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
323 PAM_close(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
324 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
325 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
326 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
327 static uid_t noffleUid = (uid_t) -1; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
328 static gid_t noffleGid= (gid_t) -1; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
329 static Bool adminUser = FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
330 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
331 /* Check we have appropriate privs for authentication. */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
332 Bool |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
333 Auth_checkPrivs( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
334 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
335 uid_t euid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
336 gid_t egid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
337 uid_t ruid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
338 struct passwd* pwnam; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
339 struct group* grnam; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
340 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
341 euid = geteuid(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
342 egid = getegid(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
343 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
344 pwnam = getpwnam( Cfg_noffleUser() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
345 if ( pwnam == NULL ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
346 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
347 Log_err( "Noffle user %s is not a known user", Cfg_noffleUser() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
348 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
349 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
350 noffleUid = pwnam->pw_uid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
351 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
352 grnam = getgrnam( Cfg_noffleGroup() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
353 if ( grnam == NULL ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
354 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
355 Log_err( "Noffle group %s is not a known group", Cfg_noffleGroup() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
356 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
357 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
358 noffleGid = grnam->gr_gid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
359 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
360 ruid = getuid(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
361 adminUser = ( ruid == 0 || ruid == noffleUid ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
362 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
363 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
364 * If we're really root, we will set the privs we require later. Otherwise |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
365 * we need to check that everything is as it should be. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
366 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
367 if ( ruid != 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
368 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
369 #if USE_AUTH && USE_PAM |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
370 if( Cfg_needClientAuth() ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
371 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
372 Log_err( "Noffle must run as root to use PAM authentication" ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
373 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
374 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
375 #endif |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
376 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
377 if ( noffleUid != euid ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
378 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
379 Log_err( "Noffle needs to run as root or user %s", Cfg_noffleUser() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
380 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
381 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
382 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
383 if ( noffleGid != egid ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
384 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
385 Log_err( "Noffle needs to run as root or as group %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
386 Cfg_noffleGroup() ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
387 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
388 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
389 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
390 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
391 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
392 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
393 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
394 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
395 * See if we should be permitted admin access. Admins can do anything, |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
396 * non-admins can only read articles, list groups and post. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
397 * |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
398 * This must be called after Auth_checkPrivs. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
399 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
400 Bool |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
401 Auth_admin( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
402 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
403 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
404 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
405 return adminUser; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
406 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
407 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
408 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
409 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
410 * Drop any privs required for authentication. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
411 * |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
412 * Must be called AFTER Auth_checkPrivs. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
413 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
414 Bool |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
415 Auth_dropPrivs( void ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
416 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
417 uid_t euid; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
418 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
419 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
420 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
421 /* |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
422 * We only need to drop privs if we're currently root. We |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
423 * should have already checked we're the news user on startup. |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
424 */ |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
425 euid = geteuid(); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
426 if ( euid != 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
427 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
428 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
429 if ( setgid( noffleGid ) != 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
430 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
431 Log_err( "Can't set group %s: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
432 Cfg_noffleGroup(), strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
433 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
434 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
435 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
436 if ( setuid( noffleUid ) != 0 ) |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
437 { |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
438 Log_err( "Can't set user to %s: %s", |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
439 Cfg_noffleUser(), strerror( errno ) ); |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
440 return FALSE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
441 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
442 |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
443 return TRUE; |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
444 } |
|
c02c4eb95f95
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff
changeset
|
445 |