annotate src/authenticate.c @ 500:614a3177b15c noffle tip

Add mail-from option. Some modern mail systems will try and ensure the sender email is a legitimate address. Which will fail if there isn't such an address.
author Jim Hague <jim.hague@acm.org>
date Wed, 14 Aug 2013 12:04:39 +0100
parents 20abd71918ad
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
1 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
2 authenticate.c
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
3
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
4 Do client authentication
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
5
475
20abd71918ad [svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents: 291
diff changeset
6 $Id: authenticate.c 622 2004-03-16 10:24:18Z bears $
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
7 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
8
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
9 #if HAVE_CONFIG_H
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
10 #include <config.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
11 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
12
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
13 #include <errno.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
14 #include <stdio.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
15 #include <string.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
16 #include <sys/types.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
17 #include <sys/stat.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
18 #include <unistd.h>
475
20abd71918ad [svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents: 291
diff changeset
19 #include <grp.h>
20abd71918ad [svn] * src/authenticate.c: Move includes of grp.h and pwd.h to after the
bears
parents: 291
diff changeset
20 #include <pwd.h>
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
21 #include "common.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
22 #include "authenticate.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
23 #include "configfile.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
24 #include "log.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
25 #include "portable.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
26 #include "util.h"
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
27
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
28 #if USE_AUTH
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
29
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
30 #if USE_PAM
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
31 #include <security/pam_appl.h>
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
32
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
33 static const char *password;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
34
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
35 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
36 * It's a bit tricky to go around asking PAM questions at this stage,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
37 * as well as not fitting NNTP, so just repond to all PAM questions
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
38 * with the password and hope that works.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
39 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
40 static int noffle_conv( int num_msg,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
41 const struct pam_message **msgm,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
42 struct pam_response **response,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
43 void *appdata_ptr )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
44 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
45 struct pam_response *reply;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
46
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
47 UNUSED(appdata_ptr);
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
48 UNUSED(msgm);
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
49
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
50 reply = calloc( num_msg, sizeof (struct pam_response) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
51 reply->resp = strdup( password );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
52 reply->resp_retcode = 0;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
53 *response = reply;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
54 return PAM_SUCCESS;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
55 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
56
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
57 static struct pam_conv conv = {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
58 noffle_conv,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
59 NULL
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
60 };
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
61
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
62 static pam_handle_t *pamh = NULL;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
63 static Bool pam_session_opened = FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
64 static Bool pam_set_cred = FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
65 static uid_t oldEuid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
66
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
67 static Bool
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
68 PAM_open( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
69 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
70 int retval;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
71
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
72 /* To use PAM successfully we need to be root. */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
73 ASSERT ( getuid() == 0 );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
74
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
75 ASSERT( pamh == NULL );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
76
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
77 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
78 * Preserve old eUid to be restored when PAM closes and set
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
79 * current euid to root for PAMs benefit.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
80 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
81 oldEuid = geteuid();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
82 if ( seteuid( 0 ) < 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
83 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
84 Log_err( "Cannot set euid to root: %s", strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
85 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
86 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
87
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
88 retval = pam_start( "noffle", NULL, &conv, &pamh );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
89 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
90 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
91 Log_err( "Cannot starting authentication: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
92 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
93 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
94 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
95
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
96 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
97 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
98
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
99 static enum AuthResult
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
100 PAM_authenticate( const char *user, const char *pass )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
101 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
102 int retval;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
103
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
104 ASSERT( pamh != NULL );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
105
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
106 password = pass;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
107
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
108 retval = pam_set_item( pamh, PAM_USER, user );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
109 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
110 Log_dbg( LOG_DBG_AUTH, "pam_set_item failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
111 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
112
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
113 if ( retval == PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
114 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
115 retval = pam_authenticate( pamh, PAM_SILENT );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
116 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
117 Log_dbg( LOG_DBG_AUTH, "pam_authenticate failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
118 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
119 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
120
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
121 if ( retval == PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
122 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
123 retval = pam_setcred( pamh, PAM_ESTABLISH_CRED );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
124 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
125 Log_dbg( LOG_DBG_AUTH, "pam_setcred failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
126 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
127 else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
128 pam_set_cred = TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
129 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
130
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
131 if ( retval == PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
132 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
133 retval = pam_open_session( pamh, 0 );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
134 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
135 Log_dbg( LOG_DBG_AUTH, "pam_open_session failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
136 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
137 else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
138 pam_session_opened = TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
139 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
140
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
141 switch ( retval )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
142 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
143 case PAM_SUCCESS:
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
144 return AUTH_OK;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
145
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
146 case PAM_MAXTRIES:
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
147 return AUTH_DISCONNECT;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
148
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
149 case PAM_ABORT:
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
150 return AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
151 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
152
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
153 return AUTH_FAILED;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
154 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
155
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
156 static void
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
157 PAM_close( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
158 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
159 int retval = 0;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
160
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
161 ASSERT ( pamh != NULL );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
162
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
163 if ( pam_session_opened )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
164 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
165 pam_session_opened = FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
166 retval = pam_close_session( pamh, 0 );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
167 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
168 Log_dbg( LOG_DBG_AUTH, "pam_close_session failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
169 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
170 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
171
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
172 if ( pam_set_cred )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
173 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
174 pam_set_cred = FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
175 retval = pam_setcred( pamh, PAM_DELETE_CRED );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
176 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
177 Log_dbg( LOG_DBG_AUTH, "pam_set_cred failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
178 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
179 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
180
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
181 retval = pam_end( pamh, retval );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
182 if ( retval != PAM_SUCCESS )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
183 Log_dbg( LOG_DBG_AUTH, "pam_end failed: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
184 pam_strerror( pamh, retval ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
185 pamh = NULL;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
186
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
187 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
188 * For completeness set euid back to original value, though it'll
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
189 * probably be set again by Auth_dropPrivs.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
190 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
191 if ( seteuid( oldEuid ) < 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
192 Log_err( "Cannot set euid back to %d: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
193 oldEuid, strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
194 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
195
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
196 #else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
197
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
198 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
199 * No PAM, so provide a simple alternative.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
200 *
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
201 * USERSFILE is a simple plain-text file consisting of username password
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
202 * pairs, one pair per line. Comments are prefixed by '#'. Blank lines
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
203 * are ignored.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
204 *
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
205 * By way of a simple security check, the users file MUST be only
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
206 * readable and writable by the owner.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
207 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
208
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
209 #define AUTH_MAX_TRIES 3
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
210
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
211 static int authTries = 0;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
212
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
213 static enum AuthResult
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
214 file_authenticate( const char *user, const char *pass )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
215 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
216 Str file, line;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
217 FILE *f;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
218 struct stat statBuf;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
219 enum AuthResult res = AUTH_FAILED;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
220
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
221 Utl_cpyStr( file, USERSFILE );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
222 if ( stat( file, &statBuf ) < 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
223 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
224 Log_err( "Cannot read %s (%s)", file, strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
225 return AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
226 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
227 if ( !S_ISREG( statBuf.st_mode ) )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
228 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
229 Log_err( "%s must be a regular file, not a link", file );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
230 return AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
231 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
232 if ( ( statBuf.st_mode & ( S_IRWXG | S_IRWXO ) ) != 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
233 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
234 Log_err( "%s must be readable only by its owner", file );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
235 return AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
236 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
237
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
238 if ( ! ( f = fopen( file, "r" ) ) )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
239 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
240 Log_err( "Cannot read %s (%s)", file, strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
241 return AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
242 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
243 while ( res == AUTH_FAILED && fgets( line, MAXCHAR, f ) )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
244 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
245 Str theUser, thePass;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
246 char *p;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
247
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
248 p = Utl_stripWhiteSpace( line );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
249 Utl_stripComment( p );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
250
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
251 if ( *p == '\0' )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
252 continue;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
253
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
254 if ( sscanf( p, MAXCHAR_FMT " " MAXCHAR_FMT, theUser, thePass ) != 2 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
255 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
256 res = AUTH_ERROR;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
257 Log_err( "Badly formatted line %s in %s", p, file );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
258 break;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
259 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
260
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
261 if ( strcmp( user, theUser ) == 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
262 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
263 if ( strcmp( pass, thePass ) == 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
264 res = AUTH_OK;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
265 break;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
266 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
267 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
268
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
269 fclose( f );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
270
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
271 if ( res == AUTH_FAILED )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
272 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
273 authTries++;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
274 sleep( authTries * authTries );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
275 if ( authTries >= AUTH_MAX_TRIES )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
276 res = AUTH_DISCONNECT;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
277 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
278
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
279 return res;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
280 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
281
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
282 #endif /* USE_PAM */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
283 #endif /* USE_AUTH */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
284
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
285 /* Open authentication session. */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
286 Bool
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
287 Auth_open( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
288 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
289 #if USE_AUTH
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
290 #if USE_PAM
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
291 return PAM_open();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
292 #else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
293 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
294 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
295 #else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
296 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
297 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
298 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
299
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
300 /* Authenticate a user and password. */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
301 enum AuthResult
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
302 Auth_authenticate( const char *user, const char *pass )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
303 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
304 #if USE_AUTH
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
305 #if USE_PAM
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
306 return PAM_authenticate( user, pass );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
307 #else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
308 return file_authenticate( user, pass );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
309 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
310 #else
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
311 UNUSED(user);
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
312 UNUSED(pass);
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
313
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
314 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
315 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
316 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
317
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
318 /* Authentication session now closed. */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
319 void
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
320 Auth_close( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
321 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
322 #if USE_AUTH && USE_PAM
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
323 PAM_close();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
324 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
325 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
326
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
327 static uid_t noffleUid = (uid_t) -1;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
328 static gid_t noffleGid= (gid_t) -1;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
329 static Bool adminUser = FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
330
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
331 /* Check we have appropriate privs for authentication. */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
332 Bool
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
333 Auth_checkPrivs( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
334 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
335 uid_t euid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
336 gid_t egid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
337 uid_t ruid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
338 struct passwd* pwnam;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
339 struct group* grnam;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
340
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
341 euid = geteuid();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
342 egid = getegid();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
343
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
344 pwnam = getpwnam( Cfg_noffleUser() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
345 if ( pwnam == NULL )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
346 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
347 Log_err( "Noffle user %s is not a known user", Cfg_noffleUser() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
348 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
349 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
350 noffleUid = pwnam->pw_uid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
351
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
352 grnam = getgrnam( Cfg_noffleGroup() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
353 if ( grnam == NULL )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
354 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
355 Log_err( "Noffle group %s is not a known group", Cfg_noffleGroup() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
356 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
357 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
358 noffleGid = grnam->gr_gid;
291
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
359
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
360 ruid = getuid();
291
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
361
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
362 /* Determine if admin user - root, news... */
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
363 adminUser = ( ruid == 0 || ruid == noffleUid );
291
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
364 if ( ! adminUser && grnam->gr_mem != NULL )
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
365 {
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
366 /* ... or member of group news. */
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
367 pwnam = getpwuid( ruid );
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
368 if ( pwnam != NULL )
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
369 {
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
370 char* name = pwnam->pw_name;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
371 char** grpmembers = grnam->gr_mem;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
372 char* grpmember;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
373
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
374 for ( grpmember = *grpmembers;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
375 grpmember != NULL;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
376 grpmember = *++grpmembers )
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
377 {
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
378 if ( strcmp( name, grpmember ) == 0 )
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
379 {
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
380 adminUser = TRUE;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
381 break;
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
382 }
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
383 }
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
384 }
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
385 else
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
386 Log_err( "Cannot get user info for uid %d: %s",
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
387 ruid, strerror( errno ) );
bf200dccbce5 [svn] * src/authenticate.c: Extend news admins to all those in group news.
bears
parents: 288
diff changeset
388 }
288
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
389
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
390 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
391 * If we're really root, we will set the privs we require later. Otherwise
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
392 * we need to check that everything is as it should be.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
393 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
394 if ( ruid != 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
395 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
396 #if USE_AUTH && USE_PAM
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
397 if( Cfg_needClientAuth() )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
398 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
399 Log_err( "Noffle must run as root to use PAM authentication" );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
400 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
401 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
402 #endif
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
403
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
404 if ( noffleUid != euid )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
405 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
406 Log_err( "Noffle needs to run as root or user %s", Cfg_noffleUser() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
407 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
408 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
409
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
410 if ( noffleGid != egid )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
411 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
412 Log_err( "Noffle needs to run as root or as group %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
413 Cfg_noffleGroup() );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
414 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
415 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
416 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
417
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
418 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
419 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
420
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
421 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
422 * See if we should be permitted admin access. Admins can do anything,
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
423 * non-admins can only read articles, list groups and post.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
424 *
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
425 * This must be called after Auth_checkPrivs.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
426 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
427 Bool
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
428 Auth_admin( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
429 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
430 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
431
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
432 return adminUser;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
433 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
434
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
435
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
436 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
437 * Drop any privs required for authentication.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
438 *
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
439 * Must be called AFTER Auth_checkPrivs.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
440 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
441 Bool
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
442 Auth_dropPrivs( void )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
443 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
444 uid_t euid;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
445
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
446 ASSERT( noffleUid != (uid_t) -1 && noffleGid != (gid_t) -1 );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
447
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
448 /*
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
449 * We only need to drop privs if we're currently root. We
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
450 * should have already checked we're the news user on startup.
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
451 */
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
452 euid = geteuid();
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
453 if ( euid != 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
454 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
455
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
456 if ( setgid( noffleGid ) != 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
457 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
458 Log_err( "Can't set group %s: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
459 Cfg_noffleGroup(), strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
460 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
461 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
462
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
463 if ( setuid( noffleUid ) != 0 )
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
464 {
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
465 Log_err( "Can't set user to %s: %s",
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
466 Cfg_noffleUser(), strerror( errno ) );
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
467 return FALSE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
468 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
469
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
470 return TRUE;
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
471 }
c02c4eb95f95 [svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
bears
parents:
diff changeset
472