shishi/lib authorize.c cfg.c init.c internal.h ...

shishi-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shishi/lib authorize.c cfg.c init.c internal.h ...

From:	shishi-commit
Subject:	shishi/lib authorize.c cfg.c init.c internal.h ...
Date:	Thu, 09 Oct 2003 19:11:02 -0400
CVSROOT:        /cvsroot/shishi
Module name:    shishi
Branch:         
Changes by:     Simon Josefsson <address@hidden>        03/10/09 19:11:02

Modified files:
        lib            : authorize.c cfg.c init.c internal.h shishi.h.in 

Log message:
        Enhance authorization system, from Nicolas Pouvesle <address@hidden>.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/authorize.c.diff?tr1=1.2&tr2=1.3&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/cfg.c.diff?tr1=1.38&tr2=1.39&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/init.c.diff?tr1=1.48&tr2=1.49&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/internal.h.diff?tr1=1.71&tr2=1.72&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/shishi.h.in.diff?tr1=1.179&tr2=1.180&r1=text&r2=text

Patches:
Index: shishi/lib/authorize.c
diff -u shishi/lib/authorize.c:1.2 shishi/lib/authorize.c:1.3
--- shishi/lib/authorize.c:1.2  Sun Sep 28 19:38:02 2003
+++ shishi/lib/authorize.c      Thu Oct  9 19:11:01 2003
@@ -21,6 +21,115 @@
 
 #include "internal.h"
 
+int
+shishi_authorize_strcmp (Shishi * handle, const char *principal,
+                        const char *authzname)
+{
+  if (strcmp (principal, authzname) == 0)
+    return 1;
+
+  return 0;
+}
+
+/* MIT/Heimdal kerberos 5 authorization method */
+int
+shishi_authorize_k5login (Shishi * handle, const char *principal,
+                         const char *authzname)
+{
+  struct passwd *pwd;
+  struct stat sta;
+  FILE *fic;
+  char *ficname;
+  char *line = NULL;
+  size_t linelength = 0;
+  int authorized = 0;
+
+  pwd = getpwnam (authzname);
+  if (pwd == NULL)
+    return authorized;
+
+  asprintf (&ficname, "%s%s", pwd->pw_dir, ".k5login");
+
+  if (stat (ficname, &sta) != 0)
+    /* If file .k5login does not exist */
+    if (strcmp (principal, authzname) == 0)
+      return shishi_authorize_strcmp (handle, principal, authzname);
+
+  /* Owner should be user or root */
+  if ((sta.st_uid != pwd->pw_uid) && (sta.st_uid != 0))
+    {
+      free (pwd);
+      free (ficname);
+      return authorized;
+    }
+
+  fic = fopen (ficname, "r");
+  if (fic == NULL)
+    {
+      free (pwd);
+      free (ficname);
+      return authorized;
+    }
+
+  while (!feof (fic))
+    {
+      if (getline (&line, &linelength, fic) == -1)
+       break;
+      line[linelength - 1] = '\0';
+
+      if (strcmp (principal, line) == 0)
+       {
+         authorized = 1;
+         break;
+       }
+    }
+
+  fclose (fic);
+  free (pwd);
+  free (ficname);
+  free (line);
+
+  return authorized;
+}
+
+static struct
+{
+  char *name;
+  int type;
+} authorization_aliases[] =
+{
+  {
+  "basic", SHISHI_AUTHORIZATION_BASIC},
+  {
+  "k5login", SHISHI_AUTHORIZATION_K5LOGIN}
+};
+
+/**
+ * shishi_authorization_parse:
+ * @cipher: name of authorization type, e.g. "basic".
+ *
+ * Return value: Return authorization type corresponding to a string.
+ **/
+int
+shishi_authorization_parse (const char *authorization)
+{
+  size_t i;
+  char *endptr;
+
+  i = strtol (authorization, &endptr, 0);
+
+  if (endptr != authorization)
+    return i;
+
+  for (i = 0;
+       i < sizeof (authorization_aliases) / sizeof (authorization_aliases[0]);
+       i++)
+    if (strcasecmp (authorization, authorization_aliases[i].name) == 0)
+      return authorization_aliases[i].type;
+
+  return -1;
+}
+
 /**
  * shishi_authorized_p:
  * @handle: shishi handle as allocated by shishi_init().
@@ -40,6 +149,7 @@
   char cname[BUFSIZ];          /* XXX */
   size_t cnamelen = sizeof (cname);
   int rc;
+  int i;
 
   rc = shishi_encticketpart_cname_get (handle,
                                       shishi_tkt_encticketpart (tkt),
@@ -47,8 +157,21 @@
   if (rc != SHISHI_OK)
     return 0;
 
-  if (strcmp (cname, authzname) == 0)
-    return 1;
+  for (i = 0; i < handle->nauthorizationtypes; i++)
+    {
+      switch (handle->authorizationtypes[i])
+       {
+       case SHISHI_AUTHORIZATION_BASIC:
+         if (shishi_authorize_strcmp (handle, cname, authzname))
+           return 1;
+         break;
+
+       case SHISHI_AUTHORIZATION_K5LOGIN:
+         if (shishi_authorize_k5login (handle, cname, authzname))
+           return 1;
+         break;
+       }
+    }
 
   return 0;
 }
Index: shishi/lib/cfg.c
diff -u shishi/lib/cfg.c:1.38 shishi/lib/cfg.c:1.39
--- shishi/lib/cfg.c:1.38       Tue Sep 23 18:07:45 2003
+++ shishi/lib/cfg.c    Thu Oct  9 19:11:01 2003
@@ -32,6 +32,7 @@
   KDC_RETRIES_OPTION,
   TICKET_LIFE_OPTION,
   RENEW_LIFE_OPTION,
+  AUTHORIZATION_TYPES_OPTION,
   VERBOSE_CRYPTO_NOICE_OPTION,
   VERBOSE_CRYPTO_OPTION,
   VERBOSE_ASN1_OPTION,
@@ -51,6 +52,7 @@
   /* [KDC_RETRIES_OPTION] =          */ "kdc-retries",
   /* [TICKET_LIFE_OPTION] =          */ "ticket-life",
   /* [RENEW_LIFE_OPTION] =           */ "renew-life",
+  /* [AUTHORIZATION_TYPES_OPTION] =  */ "authorization-types",
   /* [VERBOSE_CRYPTO_NOICE_OPTION] = */ "verbose-crypto-noice",
   /* [VERBOSE_CRYPTO_OPTION] =       */ "verbose-crypto",
   /* [VERBOSE_ASN1_OPTION] =         */ "verbose-asn1",
@@ -219,6 +221,12 @@
            return res;
          break;
 
+       case AUTHORIZATION_TYPES_OPTION:
+         res = shishi_cfg_authorizationtype_set (handle, value);
+         if (res != SHISHI_OK)
+           return res;
+         break;
+
        case STRINGPROCESS_OPTION:
          handle->stringprocess = xstrdup (value);
          break;
@@ -532,6 +540,51 @@
          handle->clientkdcetypes = new;
          handle->clientkdcetypes[tot - 1] = etype;
          handle->nclientkdcetypes = tot;
+       }
+    }
+
+  return SHISHI_OK;
+}
+
+/**
+ * shishi_cfg_authorizationtype_set:
+ * @handle: Shishi library handle create by shishi_init().
+ * @value: string with authorization types.
+ *
+ * Set the "authorization-types" configuration option from given string.
+ * The string contains authorization types (integer or names) separated
+ * by comma or whitespace, e.g. "basic k5login".
+ *
+ * Return value: Return SHISHI_OK iff successful.
+ **/
+int
+shishi_cfg_authorizationtype_set (Shishi * handle, char *value)
+{
+  char *ptrptr;
+  char *val;
+  int i;
+  int tot = 0;
+
+  if (value == NULL || *value == '\0')
+    return SHISHI_OK;
+
+  for (i = 0; (val = strtok_r (i == 0 ? value : NULL, ", \t", &ptrptr)); i++)
+    {
+      int atype = shishi_authorization_parse (val);
+
+      if (atype == -1)
+       shishi_warn (handle, "Ignoring unknown authorization type: `%s'",
+                    val);
+      else
+       {
+         int *new;
+
+         tot++;
+         new = xrealloc (handle->authorizationtypes,
+                         tot * sizeof (*handle->authorizationtypes));
+         handle->authorizationtypes = new;
+         handle->authorizationtypes[tot - 1] = atype;
+         handle->nauthorizationtypes = tot;
        }
     }
 
Index: shishi/lib/init.c
diff -u shishi/lib/init.c:1.48 shishi/lib/init.c:1.49
--- shishi/lib/init.c:1.48      Sun Sep 28 19:38:03 2003
+++ shishi/lib/init.c   Thu Oct  9 19:11:01 2003
@@ -61,6 +61,11 @@
                                     handle->nclientkdcetypes);
   handle->clientkdcetypes[0] = SHISHI_AES256_CTS_HMAC_SHA1_96;
 
+  handle->nauthorizationtypes = 1;
+  handle->authorizationtypes = xmalloc (sizeof (*handle->authorizationtypes) *
+                                       handle->nauthorizationtypes);
+  handle->authorizationtypes[0] = SHISHI_AUTHORIZATION_BASIC;
+
   return handle;
 }
 
@@ -128,6 +133,8 @@
     free (handle->hostkeysdefaultfile);
   if (handle->clientkdcetypes)
     free (handle->clientkdcetypes);
+  if (handle->authorizationtypes)
+    free (handle->authorizationtypes);
 
   if (handle->asn1)
     shishi_asn1_done (handle, handle->asn1);
Index: shishi/lib/internal.h
diff -u shishi/lib/internal.h:1.71 shishi/lib/internal.h:1.72
--- shishi/lib/internal.h:1.71  Tue Sep 23 20:45:05 2003
+++ shishi/lib/internal.h       Thu Oct  9 19:11:01 2003
@@ -194,6 +194,8 @@
   int renewlife;
   int32_t *clientkdcetypes;
   size_t nclientkdcetypes;
+  int32_t *authorizationtypes;
+  size_t nauthorizationtypes;
   struct Shishi_realminfo *realminfos;
   size_t nrealminfos;
   char *kdc;
Index: shishi/lib/shishi.h.in
diff -u shishi/lib/shishi.h.in:1.179 shishi/lib/shishi.h.in:1.180
--- shishi/lib/shishi.h.in:1.179        Sun Sep 28 19:38:03 2003
+++ shishi/lib/shishi.h.in      Thu Oct  9 19:11:01 2003
@@ -309,6 +309,13 @@
 
 typedef enum
 {
+  SHISHI_AUTHORIZATION_BASIC = 0,
+  SHISHI_AUTHORIZATION_K5LOGIN
+}
+Shishi_authorization;
+
+typedef enum
+{
   /* 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
      client key */
   SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP = 1,
@@ -587,6 +594,7 @@
 extern const char *shishi_cfg_default_userfile (Shishi * handle);
 extern int shishi_cfg_clientkdcetype (Shishi * handle, int32_t ** etypes);
 extern int shishi_cfg_clientkdcetype_set (Shishi * handle, char *value);
+extern int shishi_cfg_authorizationtype_set (Shishi * handle, char *value);
 
 /* error.c */
 extern const char *shishi_strerror (int err);
@@ -1978,5 +1986,6 @@
 /* authorize.c */
 extern int shishi_authorized_p (Shishi * handle,
                                Shishi_tkt * tkt, const char *authzname);
+extern int shishi_authorization_parse (const char *authorization);
 
 #endif
[Prev in Thread]
Current Thread
[Next in Thread]
shishi/lib authorize.c cfg.c init.c internal.h ..., shishi-commit <=
Prev by Date: shishi/lib password.c
Next by Date: shishi/lib Makefile.am
Previous by thread: shishi/lib password.c
Next by thread: shishi/lib Makefile.am
Index(es):
- Date
- Thread