3616b334 |
1 | /* |
2 | * Dolda Connect - Modular multiuser Direct Connect-style client |
3 | * Copyright (C) 2004 Fredrik Tolf (fredrik@dolda2000.com) |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License |
16 | * along with this program; if not, write to the Free Software |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
18 | */ |
19 | |
20 | #include <pwd.h> |
21 | #include <sys/un.h> |
22 | #include <errno.h> |
23 | #include <string.h> |
24 | #include <wchar.h> |
25 | |
26 | #ifdef HAVE_CONFIG_H |
27 | #include <config.h> |
28 | #endif |
29 | #include "auth.h" |
30 | #include "utils.h" |
31 | #include "module.h" |
32 | #include "conf.h" |
33 | |
34 | struct unixdata { |
35 | char *username; |
36 | }; |
37 | |
38 | static int inithandle(struct authhandle *auth, char *username) |
39 | { |
40 | struct unixdata *data; |
41 | |
42 | data = smalloc(sizeof(*data)); |
43 | memset(data, 0, sizeof(*data)); |
44 | data->username = sstrdup(username); |
45 | auth->mechdata = data; |
46 | return(0); |
47 | } |
48 | |
49 | static void release(struct authhandle *auth) |
50 | { |
51 | struct unixdata *data; |
52 | |
53 | data = auth->mechdata; |
54 | free(data->username); |
55 | free(data); |
56 | } |
57 | |
58 | static int unixauth(struct authhandle *auth, struct socket *sk, char *passdata) |
59 | { |
60 | struct passwd *pwd; |
61 | struct unixdata *data; |
62 | |
63 | data = auth->mechdata; |
64 | if((pwd = getpwnam(data->username)) == NULL) |
65 | return(AUTH_ERR); |
66 | if(sk->ucred.pid == 0) { |
67 | errno = EBADE; |
68 | return(AUTH_ERR); |
69 | } |
516eedd9 |
70 | if(pwd->pw_uid == sk->ucred.uid) { |
71 | flog(LOG_INFO, "process %i successfully authenticated as %s with Unix credentials (uid=%i, gid=%i)", sk->ucred.pid, data->username, sk->ucred.uid, sk->ucred.gid); |
3616b334 |
72 | return(AUTH_SUCCESS); |
516eedd9 |
73 | } |
3616b334 |
74 | auth->text = swcsdup(L"Unix credentials do not match supplied user name"); |
75 | return(AUTH_DENIED); |
76 | } |
77 | |
78 | static int available(struct socket *sk) |
79 | { |
80 | return((sk->family == PF_UNIX) && (sk->ucred.pid != 0)); |
81 | } |
82 | |
83 | static struct authmech mechdesc = { |
84 | .inithandle = inithandle, |
85 | .release = release, |
86 | .authenticate = unixauth, |
87 | .available = available, |
88 | .name = L"unix", |
89 | .enabled = 1 |
90 | }; |
91 | |
92 | static int init(int hup) |
93 | { |
94 | if(!hup) |
95 | regmech(&mechdesc); |
96 | return(0); |
97 | } |
98 | |
99 | static struct module me = { |
100 | .init = init, |
101 | .name = "auth-unix" |
102 | }; |
103 | MODULE(me) |