]> git.cameronkatri.com Git - pw-darwin.git/blob - libutil/login_cap.c
git.ckatri.com / pw-darwin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
$Id$ -> $FreeBSD$
[pw-darwin.git] / libutil / login_cap.c
1 /*-
2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
5 * All rights reserved.
6 *
7 * Portions copyright (c) 1995,1997
8 * Berkeley Software Design, Inc.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
24 * conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 *
28 * $FreeBSD$
29 */
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <errno.h>
35 #include <fcntl.h>
36 #include <unistd.h>
37
38 #include <sys/types.h>
39 #include <sys/time.h>
40 #include <sys/resource.h>
41 #include <sys/param.h>
42 #include <pwd.h>
43 #include <libutil.h>
44 #include <syslog.h>
45 #include <login_cap.h>
46
47 /*
48 * allocstr()
49 * Manage a single static pointer for handling a local char* buffer,
50 * resizing as necessary to contain the string.
51 *
52 * allocarray()
53 * Manage a static array for handling a group of strings, resizing
54 * when necessary.
55 */
56
57 static int lc_object_count = 0;
58
59 static size_t internal_stringsz = 0;
60 static char * internal_string = NULL;
61 static size_t internal_arraysz = 0;
62 static char ** internal_array = NULL;
63
64 static char *
65 allocstr(char *str)
66 {
67 char *p;
68
69 size_t sz = strlen(str) + 1; /* realloc() only if necessary */
70 if (sz <= internal_stringsz)
71 p = strcpy(internal_string, str);
72 else if ((p = realloc(internal_string, sz)) != NULL) {
73 internal_stringsz = sz;
74 internal_string = strcpy(p, str);
75 }
76 return p;
77 }
78
79
80 static char **
81 allocarray(size_t sz)
82 {
83 char **p;
84
85 if (sz <= internal_arraysz)
86 p = internal_array;
87 else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) {
88 internal_arraysz = sz;
89 internal_array = p;
90 }
91 return p;
92 }
93
94
95 /*
96 * arrayize()
97 * Turn a simple string <str> seperated by any of
98 * the set of <chars> into an array. The last element
99 * of the array will be NULL, as is proper.
100 * Free using freearraystr()
101 */
102
103 static char **
104 arrayize(char *str, const char *chars, int *size)
105 {
106 int i;
107 char *ptr;
108 char **res = NULL;
109
110 /* count the sub-strings */
111 for (i = 0, ptr = str; *ptr; i++) {
112 int count = strcspn(ptr, chars);
113 ptr += count;
114 if (*ptr)
115 ++ptr;
116 }
117
118 /* alloc the array */
119 if ((ptr = allocstr(str)) != NULL) {
120 if ((res = allocarray(++i)) == NULL)
121 free(str);
122 else {
123 /* now split the string */
124 i = 0;
125 while (*ptr) {
126 int count = strcspn(ptr, chars);
127 res[i++] = ptr;
128 ptr += count;
129 if (*ptr)
130 *ptr++ = '\0';
131 }
132 res[i] = NULL;
133 }
134 }
135
136 if (size)
137 *size = i;
138
139 return res;
140 }
141
142
143 /*
144 * login_close()
145 * Frees up all resources relating to a login class
146 *
147 */
148
149 void
150 login_close(login_cap_t * lc)
151 {
152 if (lc) {
153 free(lc->lc_style);
154 free(lc->lc_class);
155 free(lc);
156 if (--lc_object_count == 0) {
157 free(internal_string);
158 free(internal_array);
159 internal_array = NULL;
160 internal_arraysz = 0;
161 internal_string = NULL;
162 internal_stringsz = 0;
163 cgetclose();
164 }
165 }
166 }
167
168
169 /*
170 * login_getclassbyname() get the login class by its name.
171 * If the name given is NULL or empty, the default class
172 * LOGIN_DEFCLASS (ie. "default") is fetched. If the
173 * 'dir' argument contains a non-NULL non-empty string,
174 * then the file _FILE_LOGIN_CONF is picked up from that
175 * directory instead of the system login database.
176 * Return a filled-out login_cap_t structure, including
177 * class name, and the capability record buffer.
178 */
179
180 login_cap_t *
181 login_getclassbyname(char const *name, const struct passwd *pwd)
182 {
183 login_cap_t *lc;
184
185 if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
186 int r, i = 0;
187 uid_t euid = 0;
188 gid_t egid = 0;
189 const char *msg = NULL;
190 const char *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
191 char userpath[MAXPATHLEN];
192
193 static char *login_dbarray[] = { NULL, NULL, NULL };
194
195 /* Switch to user mode before checking/reading its ~/.login_conf */
196 /* - some NFSes have root read access disabled. */
197 if (dir) {
198 euid = geteuid();
199 egid = getegid();
200 (void)setegid(pwd->pw_gid);
201 (void)seteuid(pwd->pw_uid);
202 }
203
204 if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir,
205 _FILE_LOGIN_CONF) < MAXPATHLEN) {
206 login_dbarray[i] = userpath;
207 if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
208 i++; /* only use 'secure' data */
209 }
210 if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
211 login_dbarray[i++] = _PATH_LOGIN_CONF;
212 login_dbarray[i] = NULL;
213
214 memset(lc, 0, sizeof(login_cap_t));
215 lc->lc_cap = lc->lc_class = lc->lc_style = NULL;
216
217 if (name == NULL || *name == '\0')
218 name = LOGIN_DEFCLASS;
219
220 switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
221 case -1: /* Failed, entry does not exist */
222 if (strcmp(name, LOGIN_MECLASS) == 0)
223 break; /* Don't retry default on 'me' */
224 if (i == 0)
225 r = -1;
226 else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0)
227 close(r);
228 /*
229 * If there's at least one login class database,
230 * and we aren't searching for a default class
231 * then complain about a non-existent class.
232 */
233 if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0)
234 syslog(LOG_ERR, "login_getclass: unknown class '%s'", name);
235 /* fall-back to default class */
236 name = LOGIN_DEFCLASS;
237 msg = "%s: no default/fallback class '%s'";
238 if (cgetent(&lc->lc_cap, login_dbarray, (char*)name) != 0 && r >= 0)
239 break;
240 /* Fallthru - just return system defaults */
241 case 0: /* success! */
242 if ((lc->lc_class = strdup(name)) != NULL) {
243 if (dir) {
244 (void)seteuid(euid);
245 (void)setegid(egid);
246 }
247 ++lc_object_count;
248 return lc;
249 }
250 msg = "%s: strdup: %m";
251 break;
252 case -2:
253 msg = "%s: retrieving class information: %m";
254 break;
255 case -3:
256 msg = "%s: 'tc=' reference loop '%s'";
257 break;
258 case 1:
259 msg = "couldn't resolve 'tc=' reference in '%s'";
260 break;
261 default:
262 msg = "%s: unexpected cgetent() error '%s': %m";
263 break;
264 }
265 if (dir) {
266 (void)seteuid(euid);
267 (void)setegid(egid);
268 }
269 if (msg != NULL)
270 syslog(LOG_ERR, msg, "login_getclass", name);
271 free(lc);
272 }
273
274 return NULL;
275 }
276
277
278
279 /*
280 * login_getclass()
281 * Get the login class for the system (only) login class database.
282 * Return a filled-out login_cap_t structure, including
283 * class name, and the capability record buffer.
284 */
285
286 login_cap_t *
287 login_getclass(const char *cls)
288 {
289 return login_getclassbyname(cls, NULL);
290 }
291
292
293 /*
294 * login_getclass()
295 * Get the login class for a given password entry from
296 * the system (only) login class database.
297 * If the password entry's class field is not set, or
298 * the class specified does not exist, then use the
299 * default of LOGIN_DEFCLASS (ie. "default").
300 * Return a filled-out login_cap_t structure, including
301 * class name, and the capability record buffer.
302 */
303
304 login_cap_t *
305 login_getpwclass(const struct passwd *pwd)
306 {
307 const char *cls = NULL;
308
309 if (pwd != NULL) {
310 cls = pwd->pw_class;
311 if (cls == NULL || *cls == '\0')
312 cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS;
313 }
314 return login_getclassbyname(cls, pwd);
315 }
316
317
318 /*
319 * login_getuserclass()
320 * Get the login class for a given password entry, allowing user
321 * overrides via ~/.login_conf.
322 */
323
324 login_cap_t *
325 login_getuserclass(const struct passwd *pwd)
326 {
327 return login_getclassbyname(LOGIN_MECLASS, pwd);
328 }
329
330
331
332 /*
333 * login_getcapstr()
334 * Given a login_cap entry, and a capability name, return the
335 * value defined for that capability, a defualt if not found, or
336 * an error string on error.
337 */
338
339 char *
340 login_getcapstr(login_cap_t *lc, const char *cap, char *def, char *error)
341 {
342 char *res;
343 int ret;
344
345 if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0')
346 return def;
347
348 if ((ret = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
349 return def;
350 return (ret >= 0) ? res : error;
351 }
352
353
354 /*
355 * login_getcaplist()
356 * Given a login_cap entry, and a capability name, return the
357 * value defined for that capability split into an array of
358 * strings.
359 */
360
361 char **
362 login_getcaplist(login_cap_t *lc, const char *cap, const char *chars)
363 {
364 char *lstring;
365
366 if (chars == NULL)
367 chars = ", \t";
368 if ((lstring = login_getcapstr(lc, (char*)cap, NULL, NULL)) != NULL)
369 return arrayize(lstring, chars, NULL);
370 return NULL;
371 }
372
373
374 /*
375 * login_getpath()
376 * From the login_cap_t <lc>, get the capability <cap> which is
377 * formatted as either a space or comma delimited list of paths
378 * and append them all into a string and separate by semicolons.
379 * If there is an error of any kind, return <error>.
380 */
381
382 char *
383 login_getpath(login_cap_t *lc, const char *cap, char * error)
384 {
385 char *str;
386
387 if ((str = login_getcapstr(lc, (char*)cap, NULL, NULL)) == NULL)
388 str = error;
389 else {
390 char *ptr = str;
391
392 while (*ptr) {
393 int count = strcspn(ptr, ", \t");
394 ptr += count;
395 if (*ptr)
396 *ptr++ = ':';
397 }
398 }
399 return str;
400 }
401
402
403 static int
404 isinfinite(const char *s)
405 {
406 static const char *infs[] = {
407 "infinity",
408 "inf",
409 "unlimited",
410 "unlimit",
411 "-1",
412 NULL
413 };
414 const char **i = &infs[0];
415
416 while (*i != NULL) {
417 if (strcasecmp(s, *i) == 0)
418 return 1;
419 ++i;
420 }
421 return 0;
422 }
423
424
425 static u_quad_t
426 rmultiply(u_quad_t n1, u_quad_t n2)
427 {
428 u_quad_t m, r;
429 int b1, b2;
430
431 static int bpw = 0;
432
433 /* Handle simple cases */
434 if (n1 == 0 || n2 == 0)
435 return 0;
436 if (n1 == 1)
437 return n2;
438 if (n2 == 1)
439 return n1;
440
441 /*
442 * sizeof() returns number of bytes needed for storage.
443 * This may be different from the actual number of useful bits.
444 */
445 if (!bpw) {
446 bpw = sizeof(u_quad_t) * 8;
447 while (((u_quad_t)1 << (bpw-1)) == 0)
448 --bpw;
449 }
450
451 /*
452 * First check the magnitude of each number. If the sum of the
453 * magnatude is way to high, reject the number. (If this test
454 * is not done then the first multiply below may overflow.)
455 */
456 for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1)
457 ;
458 for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2)
459 ;
460 if (b1 + b2 - 2 > bpw) {
461 errno = ERANGE;
462 return (UQUAD_MAX);
463 }
464
465 /*
466 * Decompose the multiplication to be:
467 * h1 = n1 & ~1
468 * h2 = n2 & ~1
469 * l1 = n1 & 1
470 * l2 = n2 & 1
471 * (h1 + l1) * (h2 + l2)
472 * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
473 *
474 * Since h1 && h2 do not have the low bit set, we can then say:
475 *
476 * (h1>>1 * h2>>1 * 4) + ...
477 *
478 * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
479 * overflow.
480 *
481 * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
482 * then adding in residual amout will cause an overflow.
483 */
484
485 m = (n1 >> 1) * (n2 >> 1);
486 if (m >= ((u_quad_t)1 << (bpw-2))) {
487 errno = ERANGE;
488 return (UQUAD_MAX);
489 }
490 m *= 4;
491
492 r = (n1 & n2 & 1)
493 + (n2 & 1) * (n1 & ~(u_quad_t)1)
494 + (n1 & 1) * (n2 & ~(u_quad_t)1);
495
496 if ((u_quad_t)(m + r) < m) {
497 errno = ERANGE;
498 return (UQUAD_MAX);
499 }
500 m += r;
501
502 return (m);
503 }
504
505
506 /*
507 * login_getcaptime()
508 * From the login_cap_t <lc>, get the capability <cap>, which is
509 * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not
510 * present in <lc>, return <def>; if there is an error of some kind,
511 * return <error>.
512 */
513
514 rlim_t
515 login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
516 {
517 char *res, *ep, *oval;
518 int r;
519 rlim_t tot;
520
521 errno = 0;
522 if (lc == NULL || lc->lc_cap == NULL)
523 return def;
524
525 /*
526 * Look for <cap> in lc_cap.
527 * If it's not there (-1), return <def>.
528 * If there's an error, return <error>.
529 */
530
531 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
532 return def;
533 else if (r < 0) {
534 errno = ERANGE;
535 return error;
536 }
537
538 /* "inf" and "infinity" are special cases */
539 if (isinfinite(res))
540 return RLIM_INFINITY;
541
542 /*
543 * Now go through the string, turning something like 1h2m3s into
544 * an integral value. Whee.
545 */
546
547 errno = 0;
548 tot = 0;
549 oval = res;
550 while (*res) {
551 rlim_t tim = strtoq(res, &ep, 0);
552 rlim_t mult = 1;
553
554 if (ep == NULL || ep == res || errno != 0) {
555 invalid:
556 syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s",
557 lc->lc_class, cap, oval);
558 errno = ERANGE;
559 return error;
560 }
561 /* Look for suffixes */
562 switch (*ep++) {
563 case 0:
564 ep--;
565 break; /* end of string */
566 case 's': case 'S': /* seconds */
567 break;
568 case 'm': case 'M': /* minutes */
569 mult = 60;
570 break;
571 case 'h': case 'H': /* hours */
572 mult = 60L * 60L;
573 break;
574 case 'd': case 'D': /* days */
575 mult = 60L * 60L * 24L;
576 break;
577 case 'w': case 'W': /* weeks */
578 mult = 60L * 60L * 24L * 7L;
579 break;
580 case 'y': case 'Y': /* 365-day years */
581 mult = 60L * 60L * 24L * 365L;
582 break;
583 default:
584 goto invalid;
585 }
586 res = ep;
587 tot += rmultiply(tim, mult);
588 if (errno)
589 goto invalid;
590 }
591
592 return tot;
593 }
594
595
596 /*
597 * login_getcapnum()
598 * From the login_cap_t <lc>, extract the numerical value <cap>.
599 * If it is not present, return <def> for a default, and return
600 * <error> if there is an error.
601 * Like login_getcaptime(), only it only converts to a number, not
602 * to a time; "infinity" and "inf" are 'special.'
603 */
604
605 rlim_t
606 login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
607 {
608 char *ep, *res;
609 int r;
610 rlim_t val;
611
612 if (lc == NULL || lc->lc_cap == NULL)
613 return def;
614
615 /*
616 * For BSDI compatibility, try for the tag=<val> first
617 */
618 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) {
619 long lval;
620 /* string capability not present, so try for tag#<val> as numeric */
621 if ((r = cgetnum(lc->lc_cap, (char *)cap, &lval)) == -1)
622 return def; /* Not there, so return default */
623 else if (r >= 0)
624 return (rlim_t)lval;
625 }
626
627 if (r < 0) {
628 errno = ERANGE;
629 return error;
630 }
631
632 if (isinfinite(res))
633 return RLIM_INFINITY;
634
635 errno = 0;
636 val = strtoq(res, &ep, 0);
637 if (ep == NULL || ep == res || errno != 0) {
638 syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s",
639 lc->lc_class, cap, res);
640 errno = ERANGE;
641 return error;
642 }
643
644 return val;
645 }
646
647
648
649 /*
650 * login_getcapsize()
651 * From the login_cap_t <lc>, extract the capability <cap>, which is
652 * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
653 * If not present, return <def>, or <error> if there is an error of
654 * some sort.
655 */
656
657 rlim_t
658 login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
659 {
660 char *ep, *res, *oval;
661 int r;
662 rlim_t tot;
663
664 if (lc == NULL || lc->lc_cap == NULL)
665 return def;
666
667 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
668 return def;
669 else if (r < 0) {
670 errno = ERANGE;
671 return error;
672 }
673
674 if (isinfinite(res))
675 return RLIM_INFINITY;
676
677 errno = 0;
678 tot = 0;
679 oval = res;
680 while (*res) {
681 rlim_t siz = strtoq(res, &ep, 0);
682 rlim_t mult = 1;
683
684 if (ep == NULL || ep == res || errno != 0) {
685 invalid:
686 syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s",
687 lc->lc_class, cap, oval);
688 errno = ERANGE;
689 return error;
690 }
691 switch (*ep++) {
692 case 0: /* end of string */
693 ep--;
694 break;
695 case 'b': case 'B': /* 512-byte blocks */
696 mult = 512;
697 break;
698 case 'k': case 'K': /* 1024-byte Kilobytes */
699 mult = 1024;
700 break;
701 case 'm': case 'M': /* 1024-k kbytes */
702 mult = 1024 * 1024;
703 break;
704 case 'g': case 'G': /* 1Gbyte */
705 mult = 1024 * 1024 * 1024;
706 break;
707 case 't': case 'T': /* 1TBte */
708 mult = 1024LL * 1024LL * 1024LL * 1024LL;
709 break;
710 default:
711 goto invalid;
712 }
713 res = ep;
714 tot += rmultiply(siz, mult);
715 if (errno)
716 goto invalid;
717 }
718
719 return tot;
720 }
721
722
723 /*
724 * login_getcapbool()
725 * From the login_cap_t <lc>, check for the existance of the capability
726 * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return
727 * the whether or not <cap> exists there.
728 */
729
730 int
731 login_getcapbool(login_cap_t *lc, const char *cap, int def)
732 {
733 if (lc == NULL || lc->lc_cap == NULL)
734 return def;
735 return (cgetcap(lc->lc_cap, (char *)cap, ':') != NULL);
736 }
737
738
739 /*
740 * login_getstyle()
741 * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
742 * and optionally a style <style>, find the style that best suits these
743 * rules:
744 * 1. If <auth> is non-null, look for an "auth-<auth>=" string
745 * in the capability; if not present, default to "auth=".
746 * 2. If there is no auth list found from (1), default to
747 * "passwd" as an authorization list.
748 * 3. If <style> is non-null, look for <style> in the list of
749 * authorization methods found from (2); if <style> is NULL, default
750 * to LOGIN_DEFSTYLE ("passwd").
751 * 4. If the chosen style is found in the chosen list of authorization
752 * methods, return that; otherwise, return NULL.
753 * E.g.:
754 * login_getstyle(lc, NULL, "ftp");
755 * login_getstyle(lc, "login", NULL);
756 * login_getstyle(lc, "skey", "network");
757 */
758
759 char *
760 login_getstyle(login_cap_t *lc, char *style, const char *auth)
761 {
762 int i;
763 char **authtypes = NULL;
764 char *auths= NULL;
765 char realauth[64];
766
767 static char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL };
768
769 if (auth != NULL && *auth != '\0') {
770 if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < sizeof realauth)
771 authtypes = login_getcaplist(lc, realauth, NULL);
772 }
773
774 if (authtypes == NULL)
775 authtypes = login_getcaplist(lc, "auth", NULL);
776
777 if (authtypes == NULL)
778 authtypes = defauthtypes;
779
780 /*
781 * We have at least one authtype now; auths is a comma-seperated
782 * (or space-separated) list of authentication types. We have to
783 * convert from this to an array of char*'s; authtypes then gets this.
784 */
785 i = 0;
786 if (style != NULL && *style != '\0') {
787 while (authtypes[i] != NULL && strcmp(style, authtypes[i]) != 0)
788 i++;
789 }
790
791 lc->lc_style = NULL;
792 if (authtypes[i] != NULL && (auths = strdup(authtypes[i])) != NULL)
793 lc->lc_style = auths;
794
795 if (lc->lc_style != NULL)
796 lc->lc_style = strdup(lc->lc_style);
797
798 return lc->lc_style;
799 }
A port of FreeBSDs pw for Darwin