[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shishi/lib authorize.c cfg.c init.c internal.h ...
From: |
shishi-commit |
Subject: |
shishi/lib authorize.c cfg.c init.c internal.h ... |
Date: |
Thu, 09 Oct 2003 19:11:02 -0400 |
CVSROOT: /cvsroot/shishi
Module name: shishi
Branch:
Changes by: Simon Josefsson <address@hidden> 03/10/09 19:11:02
Modified files:
lib : authorize.c cfg.c init.c internal.h shishi.h.in
Log message:
Enhance authorization system, from Nicolas Pouvesle <address@hidden>.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/authorize.c.diff?tr1=1.2&tr2=1.3&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/cfg.c.diff?tr1=1.38&tr2=1.39&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/init.c.diff?tr1=1.48&tr2=1.49&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/internal.h.diff?tr1=1.71&tr2=1.72&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/lib/shishi.h.in.diff?tr1=1.179&tr2=1.180&r1=text&r2=text
Patches:
Index: shishi/lib/authorize.c
diff -u shishi/lib/authorize.c:1.2 shishi/lib/authorize.c:1.3
--- shishi/lib/authorize.c:1.2 Sun Sep 28 19:38:02 2003
+++ shishi/lib/authorize.c Thu Oct 9 19:11:01 2003
@@ -21,6 +21,115 @@
#include "internal.h"
+int
+shishi_authorize_strcmp (Shishi * handle, const char *principal,
+ const char *authzname)
+{
+ if (strcmp (principal, authzname) == 0)
+ return 1;
+
+ return 0;
+}
+
+/* MIT/Heimdal kerberos 5 authorization method */
+int
+shishi_authorize_k5login (Shishi * handle, const char *principal,
+ const char *authzname)
+{
+ struct passwd *pwd;
+ struct stat sta;
+ FILE *fic;
+ char *ficname;
+ char *line = NULL;
+ size_t linelength = 0;
+ int authorized = 0;
+
+ pwd = getpwnam (authzname);
+ if (pwd == NULL)
+ return authorized;
+
+ asprintf (&ficname, "%s%s", pwd->pw_dir, ".k5login");
+
+ if (stat (ficname, &sta) != 0)
+ /* If file .k5login does not exist */
+ if (strcmp (principal, authzname) == 0)
+ return shishi_authorize_strcmp (handle, principal, authzname);
+
+ /* Owner should be user or root */
+ if ((sta.st_uid != pwd->pw_uid) && (sta.st_uid != 0))
+ {
+ free (pwd);
+ free (ficname);
+ return authorized;
+ }
+
+ fic = fopen (ficname, "r");
+ if (fic == NULL)
+ {
+ free (pwd);
+ free (ficname);
+ return authorized;
+ }
+
+ while (!feof (fic))
+ {
+ if (getline (&line, &linelength, fic) == -1)
+ break;
+ line[linelength - 1] = '\0';
+
+ if (strcmp (principal, line) == 0)
+ {
+ authorized = 1;
+ break;
+ }
+ }
+
+ fclose (fic);
+ free (pwd);
+ free (ficname);
+ free (line);
+
+ return authorized;
+}
+
+static struct
+{
+ char *name;
+ int type;
+} authorization_aliases[] =
+{
+ {
+ "basic", SHISHI_AUTHORIZATION_BASIC},
+ {
+ "k5login", SHISHI_AUTHORIZATION_K5LOGIN}
+};
+
+/**
+ * shishi_authorization_parse:
+ * @cipher: name of authorization type, e.g. "basic".
+ *
+ * Return value: Return authorization type corresponding to a string.
+ **/
+int
+shishi_authorization_parse (const char *authorization)
+{
+ size_t i;
+ char *endptr;
+
+ i = strtol (authorization, &endptr, 0);
+
+ if (endptr != authorization)
+ return i;
+
+ for (i = 0;
+ i < sizeof (authorization_aliases) / sizeof (authorization_aliases[0]);
+ i++)
+ if (strcasecmp (authorization, authorization_aliases[i].name) == 0)
+ return authorization_aliases[i].type;
+
+ return -1;
+}
+
/**
* shishi_authorized_p:
* @handle: shishi handle as allocated by shishi_init().
@@ -40,6 +149,7 @@
char cname[BUFSIZ]; /* XXX */
size_t cnamelen = sizeof (cname);
int rc;
+ int i;
rc = shishi_encticketpart_cname_get (handle,
shishi_tkt_encticketpart (tkt),
@@ -47,8 +157,21 @@
if (rc != SHISHI_OK)
return 0;
- if (strcmp (cname, authzname) == 0)
- return 1;
+ for (i = 0; i < handle->nauthorizationtypes; i++)
+ {
+ switch (handle->authorizationtypes[i])
+ {
+ case SHISHI_AUTHORIZATION_BASIC:
+ if (shishi_authorize_strcmp (handle, cname, authzname))
+ return 1;
+ break;
+
+ case SHISHI_AUTHORIZATION_K5LOGIN:
+ if (shishi_authorize_k5login (handle, cname, authzname))
+ return 1;
+ break;
+ }
+ }
return 0;
}
Index: shishi/lib/cfg.c
diff -u shishi/lib/cfg.c:1.38 shishi/lib/cfg.c:1.39
--- shishi/lib/cfg.c:1.38 Tue Sep 23 18:07:45 2003
+++ shishi/lib/cfg.c Thu Oct 9 19:11:01 2003
@@ -32,6 +32,7 @@
KDC_RETRIES_OPTION,
TICKET_LIFE_OPTION,
RENEW_LIFE_OPTION,
+ AUTHORIZATION_TYPES_OPTION,
VERBOSE_CRYPTO_NOICE_OPTION,
VERBOSE_CRYPTO_OPTION,
VERBOSE_ASN1_OPTION,
@@ -51,6 +52,7 @@
/* [KDC_RETRIES_OPTION] = */ "kdc-retries",
/* [TICKET_LIFE_OPTION] = */ "ticket-life",
/* [RENEW_LIFE_OPTION] = */ "renew-life",
+ /* [AUTHORIZATION_TYPES_OPTION] = */ "authorization-types",
/* [VERBOSE_CRYPTO_NOICE_OPTION] = */ "verbose-crypto-noice",
/* [VERBOSE_CRYPTO_OPTION] = */ "verbose-crypto",
/* [VERBOSE_ASN1_OPTION] = */ "verbose-asn1",
@@ -219,6 +221,12 @@
return res;
break;
+ case AUTHORIZATION_TYPES_OPTION:
+ res = shishi_cfg_authorizationtype_set (handle, value);
+ if (res != SHISHI_OK)
+ return res;
+ break;
+
case STRINGPROCESS_OPTION:
handle->stringprocess = xstrdup (value);
break;
@@ -532,6 +540,51 @@
handle->clientkdcetypes = new;
handle->clientkdcetypes[tot - 1] = etype;
handle->nclientkdcetypes = tot;
+ }
+ }
+
+ return SHISHI_OK;
+}
+
+/**
+ * shishi_cfg_authorizationtype_set:
+ * @handle: Shishi library handle create by shishi_init().
+ * @value: string with authorization types.
+ *
+ * Set the "authorization-types" configuration option from given string.
+ * The string contains authorization types (integer or names) separated
+ * by comma or whitespace, e.g. "basic k5login".
+ *
+ * Return value: Return SHISHI_OK iff successful.
+ **/
+int
+shishi_cfg_authorizationtype_set (Shishi * handle, char *value)
+{
+ char *ptrptr;
+ char *val;
+ int i;
+ int tot = 0;
+
+ if (value == NULL || *value == '\0')
+ return SHISHI_OK;
+
+ for (i = 0; (val = strtok_r (i == 0 ? value : NULL, ", \t", &ptrptr)); i++)
+ {
+ int atype = shishi_authorization_parse (val);
+
+ if (atype == -1)
+ shishi_warn (handle, "Ignoring unknown authorization type: `%s'",
+ val);
+ else
+ {
+ int *new;
+
+ tot++;
+ new = xrealloc (handle->authorizationtypes,
+ tot * sizeof (*handle->authorizationtypes));
+ handle->authorizationtypes = new;
+ handle->authorizationtypes[tot - 1] = atype;
+ handle->nauthorizationtypes = tot;
}
}
Index: shishi/lib/init.c
diff -u shishi/lib/init.c:1.48 shishi/lib/init.c:1.49
--- shishi/lib/init.c:1.48 Sun Sep 28 19:38:03 2003
+++ shishi/lib/init.c Thu Oct 9 19:11:01 2003
@@ -61,6 +61,11 @@
handle->nclientkdcetypes);
handle->clientkdcetypes[0] = SHISHI_AES256_CTS_HMAC_SHA1_96;
+ handle->nauthorizationtypes = 1;
+ handle->authorizationtypes = xmalloc (sizeof (*handle->authorizationtypes) *
+ handle->nauthorizationtypes);
+ handle->authorizationtypes[0] = SHISHI_AUTHORIZATION_BASIC;
+
return handle;
}
@@ -128,6 +133,8 @@
free (handle->hostkeysdefaultfile);
if (handle->clientkdcetypes)
free (handle->clientkdcetypes);
+ if (handle->authorizationtypes)
+ free (handle->authorizationtypes);
if (handle->asn1)
shishi_asn1_done (handle, handle->asn1);
Index: shishi/lib/internal.h
diff -u shishi/lib/internal.h:1.71 shishi/lib/internal.h:1.72
--- shishi/lib/internal.h:1.71 Tue Sep 23 20:45:05 2003
+++ shishi/lib/internal.h Thu Oct 9 19:11:01 2003
@@ -194,6 +194,8 @@
int renewlife;
int32_t *clientkdcetypes;
size_t nclientkdcetypes;
+ int32_t *authorizationtypes;
+ size_t nauthorizationtypes;
struct Shishi_realminfo *realminfos;
size_t nrealminfos;
char *kdc;
Index: shishi/lib/shishi.h.in
diff -u shishi/lib/shishi.h.in:1.179 shishi/lib/shishi.h.in:1.180
--- shishi/lib/shishi.h.in:1.179 Sun Sep 28 19:38:03 2003
+++ shishi/lib/shishi.h.in Thu Oct 9 19:11:01 2003
@@ -309,6 +309,13 @@
typedef enum
{
+ SHISHI_AUTHORIZATION_BASIC = 0,
+ SHISHI_AUTHORIZATION_K5LOGIN
+}
+Shishi_authorization;
+
+typedef enum
+{
/* 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
client key */
SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP = 1,
@@ -587,6 +594,7 @@
extern const char *shishi_cfg_default_userfile (Shishi * handle);
extern int shishi_cfg_clientkdcetype (Shishi * handle, int32_t ** etypes);
extern int shishi_cfg_clientkdcetype_set (Shishi * handle, char *value);
+extern int shishi_cfg_authorizationtype_set (Shishi * handle, char *value);
/* error.c */
extern const char *shishi_strerror (int err);
@@ -1978,5 +1986,6 @@
/* authorize.c */
extern int shishi_authorized_p (Shishi * handle,
Shishi_tkt * tkt, const char *authzname);
+extern int shishi_authorization_parse (const char *authorization);
#endif
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- shishi/lib authorize.c cfg.c init.c internal.h ...,
shishi-commit <=