search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly
[dragonfly.git] / lib / libutil / login_cap.c
blob4bc609f59793356d015fb9a4ebcc634995344455
1 /*-
2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
5 * All rights reserved.
6 *
7 * Portions copyright (c) 1995,1997
8 * Berkeley Software Design, Inc.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
24 * conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 *
28 * $FreeBSD: src/lib/libutil/login_cap.c,v 1.17.2.4 2001/10/21 19:42:13 ache Exp $
29 * $DragonFly: src/lib/libutil/login_cap.c,v 1.4 2008/10/29 22:03:12 swildner Exp $
30 */
31
32 #include <sys/types.h>
33 #include <sys/time.h>
34 #include <sys/resource.h>
35 #include <sys/param.h>
36
37 #include <errno.h>
38 #include <fcntl.h>
39 #include <pwd.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <syslog.h>
44 #include <unistd.h>
45
46 #include "libutil.h"
47 #include "login_cap.h"
48
49 /*
50 * allocstr()
51 * Manage a single static pointer for handling a local char* buffer,
52 * resizing as necessary to contain the string.
53 *
54 * allocarray()
55 * Manage a static array for handling a group of strings, resizing
56 * when necessary.
57 */
58
59 static int lc_object_count = 0;
60
61 static size_t internal_stringsz = 0;
62 static char * internal_string = NULL;
63 static size_t internal_arraysz = 0;
64 static char ** internal_array = NULL;
65
66 static char *
67 allocstr(char *str)
68 {
69 char *p;
70
71 size_t sz = strlen(str) + 1; /* realloc() only if necessary */
72 if (sz <= internal_stringsz)
73 p = strcpy(internal_string, str);
74 else if ((p = realloc(internal_string, sz)) != NULL) {
75 internal_stringsz = sz;
76 internal_string = strcpy(p, str);
77 }
78 return p;
79 }
80
81
82 static char **
83 allocarray(size_t sz)
84 {
85 char **p;
86
87 if (sz <= internal_arraysz)
88 p = internal_array;
89 else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) {
90 internal_arraysz = sz;
91 internal_array = p;
92 }
93 return p;
94 }
95
96
97 /*
98 * arrayize()
99 * Turn a simple string <str> separated by any of
100 * the set of <chars> into an array. The last element
101 * of the array will be NULL, as is proper.
102 * Free using freearraystr()
103 */
104
105 static char **
106 arrayize(char *str, const char *chars, int *size)
107 {
108 int i;
109 char *ptr;
110 char **res = NULL;
111
112 /* count the sub-strings */
113 for (i = 0, ptr = str; *ptr; i++) {
114 int count = strcspn(ptr, chars);
115 ptr += count;
116 if (*ptr)
117 ++ptr;
118 }
119
120 /* alloc the array */
121 if ((ptr = allocstr(str)) != NULL) {
122 if ((res = allocarray(++i)) == NULL)
123 free(str);
124 else {
125 /* now split the string */
126 i = 0;
127 while (*ptr) {
128 int count = strcspn(ptr, chars);
129 res[i++] = ptr;
130 ptr += count;
131 if (*ptr)
132 *ptr++ = '\0';
133 }
134 res[i] = NULL;
135 }
136 }
137
138 if (size)
139 *size = i;
140
141 return res;
142 }
143
144
145 /*
146 * login_close()
147 * Frees up all resources relating to a login class
148 *
149 */
150
151 void
152 login_close(login_cap_t * lc)
153 {
154 if (lc) {
155 free(lc->lc_style);
156 free(lc->lc_class);
157 free(lc->lc_cap);
158 free(lc);
159 if (--lc_object_count == 0) {
160 free(internal_string);
161 free(internal_array);
162 internal_array = NULL;
163 internal_arraysz = 0;
164 internal_string = NULL;
165 internal_stringsz = 0;
166 cgetclose();
167 }
168 }
169 }
170
171
172 /*
173 * login_getclassbyname() get the login class by its name.
174 * If the name given is NULL or empty, the default class
175 * LOGIN_DEFCLASS (ie. "default") is fetched. If the
176 * 'dir' argument contains a non-NULL non-empty string,
177 * then the file _FILE_LOGIN_CONF is picked up from that
178 * directory instead of the system login database.
179 * Return a filled-out login_cap_t structure, including
180 * class name, and the capability record buffer.
181 */
182
183 login_cap_t *
184 login_getclassbyname(char const *name, const struct passwd *pwd)
185 {
186 login_cap_t *lc;
187
188 if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
189 int r, me, i = 0;
190 uid_t euid = 0;
191 gid_t egid = 0;
192 const char *msg = NULL;
193 const char *dir;
194 char userpath[MAXPATHLEN];
195
196 static char *login_dbarray[] = { NULL, NULL, NULL };
197
198 me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
199 dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
200 /*
201 * Switch to user mode before checking/reading its ~/.login_conf
202 * - some NFSes have root read access disabled.
203 *
204 * XXX: This fails to configure additional groups.
205 */
206 if (dir) {
207 euid = geteuid();
208 egid = getegid();
209 (void)setegid(pwd->pw_gid);
210 (void)seteuid(pwd->pw_uid);
211 }
212
213 if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir,
214 _FILE_LOGIN_CONF) < MAXPATHLEN) {
215 login_dbarray[i] = userpath;
216 if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
217 i++; /* only use 'secure' data */
218 }
219 if (_secure_path(_PATH_LOGIN_CONF, 0, 0) != -1)
220 login_dbarray[i++] = _PATH_LOGIN_CONF;
221 login_dbarray[i] = NULL;
222
223 memset(lc, 0, sizeof(login_cap_t));
224 lc->lc_cap = lc->lc_class = lc->lc_style = NULL;
225
226 if (name == NULL || *name == '\0')
227 name = LOGIN_DEFCLASS;
228
229 switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) {
230 case -1: /* Failed, entry does not exist */
231 if (me)
232 break; /* Don't retry default on 'me' */
233 if (i == 0)
234 r = -1;
235 else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0)
236 close(r);
237 /*
238 * If there's at least one login class database,
239 * and we aren't searching for a default class
240 * then complain about a non-existent class.
241 */
242 if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0)
243 syslog(LOG_ERR, "login_getclass: unknown class '%s'", name);
244 /* fall-back to default class */
245 name = LOGIN_DEFCLASS;
246 msg = "%s: no default/fallback class '%s'";
247 if (cgetent(&lc->lc_cap, login_dbarray, (char*)name) != 0 && r >= 0)
248 break;
249 /* Fallthru - just return system defaults */
250 case 0: /* success! */
251 if ((lc->lc_class = strdup(name)) != NULL) {
252 if (dir) {
253 (void)seteuid(euid);
254 (void)setegid(egid);
255 }
256 ++lc_object_count;
257 return lc;
258 }
259 msg = "%s: strdup: %m";
260 break;
261 case -2:
262 msg = "%s: retrieving class information: %m";
263 break;
264 case -3:
265 msg = "%s: 'tc=' reference loop '%s'";
266 break;
267 case 1:
268 msg = "couldn't resolve 'tc=' reference in '%s'";
269 break;
270 default:
271 msg = "%s: unexpected cgetent() error '%s': %m";
272 break;
273 }
274 if (dir) {
275 (void)seteuid(euid);
276 (void)setegid(egid);
277 }
278 if (msg != NULL)
279 syslog(LOG_ERR, msg, "login_getclass", name);
280 free(lc);
281 }
282
283 return NULL;
284 }
285
286
287
288 /*
289 * login_getclass()
290 * Get the login class for the system (only) login class database.
291 * Return a filled-out login_cap_t structure, including
292 * class name, and the capability record buffer.
293 */
294
295 login_cap_t *
296 login_getclass(const char *cls)
297 {
298 return login_getclassbyname(cls, NULL);
299 }
300
301
302 /*
303 * login_getclass()
304 * Get the login class for a given password entry from
305 * the system (only) login class database.
306 * If the password entry's class field is not set, or
307 * the class specified does not exist, then use the
308 * default of LOGIN_DEFCLASS (ie. "default").
309 * Return a filled-out login_cap_t structure, including
310 * class name, and the capability record buffer.
311 */
312
313 login_cap_t *
314 login_getpwclass(const struct passwd *pwd)
315 {
316 const char *cls = NULL;
317
318 if (pwd != NULL) {
319 cls = pwd->pw_class;
320 if (cls == NULL || *cls == '\0')
321 cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS;
322 }
323 return login_getclassbyname(cls, pwd);
324 }
325
326
327 /*
328 * login_getuserclass()
329 * Get the login class for a given password entry, allowing user
330 * overrides via ~/.login_conf.
331 */
332
333 login_cap_t *
334 login_getuserclass(const struct passwd *pwd)
335 {
336 return login_getclassbyname(LOGIN_MECLASS, pwd);
337 }
338
339
340
341 /*
342 * login_getcapstr()
343 * Given a login_cap entry, and a capability name, return the
344 * value defined for that capability, a defualt if not found, or
345 * an error string on error.
346 */
347
348 char *
349 login_getcapstr(login_cap_t *lc, const char *cap, char *def, char *error)
350 {
351 char *res;
352 int ret;
353
354 if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0')
355 return def;
356
357 if ((ret = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
358 return def;
359 return (ret >= 0) ? res : error;
360 }
361
362
363 /*
364 * login_getcaplist()
365 * Given a login_cap entry, and a capability name, return the
366 * value defined for that capability split into an array of
367 * strings.
368 */
369
370 char **
371 login_getcaplist(login_cap_t *lc, const char *cap, const char *chars)
372 {
373 char *lstring;
374
375 if (chars == NULL)
376 chars = ", \t";
377 if ((lstring = login_getcapstr(lc, (char*)cap, NULL, NULL)) != NULL)
378 return arrayize(lstring, chars, NULL);
379 return NULL;
380 }
381
382
383 /*
384 * login_getpath()
385 * From the login_cap_t <lc>, get the capability <cap> which is
386 * formatted as either a space or comma delimited list of paths
387 * and append them all into a string and separate by semicolons.
388 * If there is an error of any kind, return <error>.
389 */
390
391 char *
392 login_getpath(login_cap_t *lc, const char *cap, char * error)
393 {
394 char *str;
395
396 if ((str = login_getcapstr(lc, (char*)cap, NULL, NULL)) == NULL)
397 str = error;
398 else {
399 char *ptr = str;
400
401 while (*ptr) {
402 int count = strcspn(ptr, ", \t");
403 ptr += count;
404 if (*ptr)
405 *ptr++ = ':';
406 }
407 }
408 return str;
409 }
410
411
412 static int
413 isinfinite(const char *s)
414 {
415 static const char *infs[] = {
416 "infinity",
417 "inf",
418 "unlimited",
419 "unlimit",
420 "-1",
421 NULL
422 };
423 const char **i = &infs[0];
424
425 while (*i != NULL) {
426 if (strcasecmp(s, *i) == 0)
427 return 1;
428 ++i;
429 }
430 return 0;
431 }
432
433
434 static u_quad_t
435 rmultiply(u_quad_t n1, u_quad_t n2)
436 {
437 u_quad_t m, r;
438 int b1, b2;
439
440 static int bpw = 0;
441
442 /* Handle simple cases */
443 if (n1 == 0 || n2 == 0)
444 return 0;
445 if (n1 == 1)
446 return n2;
447 if (n2 == 1)
448 return n1;
449
450 /*
451 * sizeof() returns number of bytes needed for storage.
452 * This may be different from the actual number of useful bits.
453 */
454 if (!bpw) {
455 bpw = sizeof(u_quad_t) * 8;
456 while (((u_quad_t)1 << (bpw-1)) == 0)
457 --bpw;
458 }
459
460 /*
461 * First check the magnitude of each number. If the sum of the
462 * magnatude is way to high, reject the number. (If this test
463 * is not done then the first multiply below may overflow.)
464 */
465 for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1)
466 ;
467 for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2)
468 ;
469 if (b1 + b2 - 2 > bpw) {
470 errno = ERANGE;
471 return (UQUAD_MAX);
472 }
473
474 /*
475 * Decompose the multiplication to be:
476 * h1 = n1 & ~1
477 * h2 = n2 & ~1
478 * l1 = n1 & 1
479 * l2 = n2 & 1
480 * (h1 + l1) * (h2 + l2)
481 * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
482 *
483 * Since h1 && h2 do not have the low bit set, we can then say:
484 *
485 * (h1>>1 * h2>>1 * 4) + ...
486 *
487 * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
488 * overflow.
489 *
490 * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
491 * then adding in residual amout will cause an overflow.
492 */
493
494 m = (n1 >> 1) * (n2 >> 1);
495 if (m >= ((u_quad_t)1 << (bpw-2))) {
496 errno = ERANGE;
497 return (UQUAD_MAX);
498 }
499 m *= 4;
500
501 r = (n1 & n2 & 1)
502 + (n2 & 1) * (n1 & ~(u_quad_t)1)
503 + (n1 & 1) * (n2 & ~(u_quad_t)1);
504
505 if ((u_quad_t)(m + r) < m) {
506 errno = ERANGE;
507 return (UQUAD_MAX);
508 }
509 m += r;
510
511 return (m);
512 }
513
514
515 /*
516 * login_getcaptime()
517 * From the login_cap_t <lc>, get the capability <cap>, which is
518 * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not
519 * present in <lc>, return <def>; if there is an error of some kind,
520 * return <error>.
521 */
522
523 rlim_t
524 login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
525 {
526 char *res, *ep, *oval;
527 int r;
528 rlim_t tot;
529
530 errno = 0;
531 if (lc == NULL || lc->lc_cap == NULL)
532 return def;
533
534 /*
535 * Look for <cap> in lc_cap.
536 * If it's not there (-1), return <def>.
537 * If there's an error, return <error>.
538 */
539
540 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
541 return def;
542 else if (r < 0) {
543 errno = ERANGE;
544 return error;
545 }
546
547 /* "inf" and "infinity" are special cases */
548 if (isinfinite(res))
549 return RLIM_INFINITY;
550
551 /*
552 * Now go through the string, turning something like 1h2m3s into
553 * an integral value. Whee.
554 */
555
556 errno = 0;
557 tot = 0;
558 oval = res;
559 while (*res) {
560 rlim_t tim = strtoq(res, &ep, 0);
561 rlim_t mult = 1;
562
563 if (ep == NULL || ep == res || errno != 0) {
564 invalid:
565 syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s",
566 lc->lc_class, cap, oval);
567 errno = ERANGE;
568 return error;
569 }
570 /* Look for suffixes */
571 switch (*ep++) {
572 case 0:
573 ep--;
574 break; /* end of string */
575 case 's': case 'S': /* seconds */
576 break;
577 case 'm': case 'M': /* minutes */
578 mult = 60;
579 break;
580 case 'h': case 'H': /* hours */
581 mult = 60L * 60L;
582 break;
583 case 'd': case 'D': /* days */
584 mult = 60L * 60L * 24L;
585 break;
586 case 'w': case 'W': /* weeks */
587 mult = 60L * 60L * 24L * 7L;
588 break;
589 case 'y': case 'Y': /* 365-day years */
590 mult = 60L * 60L * 24L * 365L;
591 break;
592 default:
593 goto invalid;
594 }
595 res = ep;
596 tot += rmultiply(tim, mult);
597 if (errno)
598 goto invalid;
599 }
600
601 return tot;
602 }
603
604
605 /*
606 * login_getcapnum()
607 * From the login_cap_t <lc>, extract the numerical value <cap>.
608 * If it is not present, return <def> for a default, and return
609 * <error> if there is an error.
610 * Like login_getcaptime(), only it only converts to a number, not
611 * to a time; "infinity" and "inf" are 'special.'
612 */
613
614 rlim_t
615 login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
616 {
617 char *ep, *res;
618 int r;
619 rlim_t val;
620
621 if (lc == NULL || lc->lc_cap == NULL)
622 return def;
623
624 /*
625 * For BSDI compatibility, try for the tag=<val> first
626 */
627 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) {
628 long lval;
629 /* string capability not present, so try for tag#<val> as numeric */
630 if ((r = cgetnum(lc->lc_cap, (char *)cap, &lval)) == -1)
631 return def; /* Not there, so return default */
632 else if (r >= 0)
633 return (rlim_t)lval;
634 }
635
636 if (r < 0) {
637 errno = ERANGE;
638 return error;
639 }
640
641 if (isinfinite(res))
642 return RLIM_INFINITY;
643
644 errno = 0;
645 val = strtoq(res, &ep, 0);
646 if (ep == NULL || ep == res || errno != 0) {
647 syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s",
648 lc->lc_class, cap, res);
649 errno = ERANGE;
650 return error;
651 }
652
653 return val;
654 }
655
656
657
658 /*
659 * login_getcapsize()
660 * From the login_cap_t <lc>, extract the capability <cap>, which is
661 * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
662 * If not present, return <def>, or <error> if there is an error of
663 * some sort.
664 */
665
666 rlim_t
667 login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
668 {
669 char *ep, *res, *oval;
670 int r;
671 rlim_t tot;
672
673 if (lc == NULL || lc->lc_cap == NULL)
674 return def;
675
676 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1)
677 return def;
678 else if (r < 0) {
679 errno = ERANGE;
680 return error;
681 }
682
683 if (isinfinite(res))
684 return RLIM_INFINITY;
685
686 errno = 0;
687 tot = 0;
688 oval = res;
689 while (*res) {
690 rlim_t siz = strtoq(res, &ep, 0);
691 rlim_t mult = 1;
692
693 if (ep == NULL || ep == res || errno != 0) {
694 invalid:
695 syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s",
696 lc->lc_class, cap, oval);
697 errno = ERANGE;
698 return error;
699 }
700 switch (*ep++) {
701 case 0: /* end of string */
702 ep--;
703 break;
704 case 'b': case 'B': /* 512-byte blocks */
705 mult = 512;
706 break;
707 case 'k': case 'K': /* 1024-byte Kilobytes */
708 mult = 1024;
709 break;
710 case 'm': case 'M': /* 1024-k kbytes */
711 mult = 1024 * 1024;
712 break;
713 case 'g': case 'G': /* 1Gbyte */
714 mult = 1024 * 1024 * 1024;
715 break;
716 case 't': case 'T': /* 1TBte */
717 mult = 1024LL * 1024LL * 1024LL * 1024LL;
718 break;
719 default:
720 goto invalid;
721 }
722 res = ep;
723 tot += rmultiply(siz, mult);
724 if (errno)
725 goto invalid;
726 }
727
728 return tot;
729 }
730
731
732 /*
733 * login_getcapbool()
734 * From the login_cap_t <lc>, check for the existance of the capability
735 * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return
736 * the whether or not <cap> exists there.
737 */
738
739 int
740 login_getcapbool(login_cap_t *lc, const char *cap, int def)
741 {
742 if (lc == NULL || lc->lc_cap == NULL)
743 return def;
744 return (cgetcap(lc->lc_cap, (char *)cap, ':') != NULL);
745 }
746
747
748 /*
749 * login_getstyle()
750 * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
751 * and optionally a style <style>, find the style that best suits these
752 * rules:
753 * 1. If <auth> is non-null, look for an "auth-<auth>=" string
754 * in the capability; if not present, default to "auth=".
755 * 2. If there is no auth list found from (1), default to
756 * "passwd" as an authorization list.
757 * 3. If <style> is non-null, look for <style> in the list of
758 * authorization methods found from (2); if <style> is NULL, default
759 * to LOGIN_DEFSTYLE ("passwd").
760 * 4. If the chosen style is found in the chosen list of authorization
761 * methods, return that; otherwise, return NULL.
762 * E.g.:
763 * login_getstyle(lc, NULL, "ftp");
764 * login_getstyle(lc, "login", NULL);
765 * login_getstyle(lc, "skey", "network");
766 */
767
768 char *
769 login_getstyle(login_cap_t *lc, char *style, const char *auth)
770 {
771 int i;
772 char **authtypes = NULL;
773 char *auths= NULL;
774 char realauth[64];
775
776 static char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL };
777
778 if (auth != NULL && *auth != '\0') {
779 if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < (int)sizeof(realauth))
780 authtypes = login_getcaplist(lc, realauth, NULL);
781 }
782
783 if (authtypes == NULL)
784 authtypes = login_getcaplist(lc, "auth", NULL);
785
786 if (authtypes == NULL)
787 authtypes = defauthtypes;
788
789 /*
790 * We have at least one authtype now; auths is a comma-separated
791 * (or space-separated) list of authentication types. We have to
792 * convert from this to an array of char*'s; authtypes then gets this.
793 */
794 i = 0;
795 if (style != NULL && *style != '\0') {
796 while (authtypes[i] != NULL && strcmp(style, authtypes[i]) != 0)
797 i++;
798 }
799
800 lc->lc_style = NULL;
801 if (authtypes[i] != NULL && (auths = strdup(authtypes[i])) != NULL)
802 lc->lc_style = auths;
803
804 if (lc->lc_style != NULL)
805 lc->lc_style = strdup(lc->lc_style);
806
807 return lc->lc_style;
808 }
DragonFly BSD