| blob | 5903fc0e390c8524735e19f834e514a28a0f68eb |
1 /*-
2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
5 * All rights reserved.
6 *
7 * Portions copyright (c) 1995,1997
8 * Berkeley Software Design, Inc.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
24 * conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 *
28 * $FreeBSD: head/lib/libutil/login_cap.c 255007 2013-08-28 21:10:37Z jilles $
29 */
31 #include <sys/types.h>
32 #include <sys/time.h>
33 #include <sys/resource.h>
34 #include <sys/param.h>
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <libutil.h>
38 #include <login_cap.h>
39 #include <pwd.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <syslog.h>
44 #include <unistd.h>
46 /*
47 * allocstr()
48 * Manage a single static pointer for handling a local char* buffer,
49 * resizing as necessary to contain the string.
50 *
51 * allocarray()
52 * Manage a static array for handling a group of strings, resizing
53 * when necessary.
54 */
67 {
76 }
78 }
83 {
91 }
93 }
96 /*
97 * arrayize()
98 * Turn a simple string <str> separated by any of
99 * the set of <chars> into an array. The last element
100 * of the array will be NULL, as is proper.
101 * Free using freearraystr()
102 */
106 {
112 /* count the sub-strings */
118 }
120 /* alloc the array */
125 /* now split the string */
133 }
135 }
136 }
142 }
145 /*
146 * login_close()
147 * Frees up all resources relating to a login class
148 *
149 */
151 void
153 {
167 }
168 }
169 }
172 /*
173 * login_getclassbyname()
174 * Get the login class by its name.
175 * If the name given is NULL or empty, the default class
176 * LOGIN_DEFCLASS (i.e., "default") is fetched.
177 * If the name given is LOGIN_MECLASS and
178 * 'pwd' argument is non-NULL and contains an non-NULL
179 * dir entry, then the file _FILE_LOGIN_CONF is picked
180 * up from that directory and used before the system
181 * login database. In that case the system login database
182 * is looked up using LOGIN_MECLASS, too, which is a bug.
183 * Return a filled-out login_cap_t structure, including
184 * class name, and the capability record buffer.
185 */
187 login_cap_t *
189 {
204 /*
205 * Switch to user mode before checking/reading its ~/.login_conf
206 * - some NFSes have root read access disabled.
207 *
208 * XXX: This fails to configure additional groups.
209 */
215 }
221 }
222 /*
223 * XXX: Why to add the system database if the class is `me'?
224 */
243 /*
244 * If there's at least one login class database,
245 * and we aren't searching for a default class
246 * then complain about a non-existent class.
247 */
250 /* fall-back to default class */
255 /* FALLTHROUGH - just return system defaults */
261 }
264 }
279 }
283 }
287 }
290 }
294 /*
295 * login_getclass()
296 * Get the login class for the system (only) login class database.
297 * Return a filled-out login_cap_t structure, including
298 * class name, and the capability record buffer.
299 */
301 login_cap_t *
303 {
305 }
308 /*
309 * login_getpwclass()
310 * Get the login class for a given password entry from
311 * the system (only) login class database.
312 * If the password entry's class field is not set, or
313 * the class specified does not exist, then use the
314 * default of LOGIN_DEFCLASS (i.e., "default") for an unprivileged
315 * user or that of LOGIN_DEFROOTCLASS (i.e., "root") for a super-user.
316 * Return a filled-out login_cap_t structure, including
317 * class name, and the capability record buffer.
318 */
320 login_cap_t *
322 {
329 }
330 /*
331 * XXX: pwd should be unused by login_getclassbyname() unless cls is `me',
332 * so NULL can be passed instead of pwd for more safety.
333 */
335 }
338 /*
339 * login_getuserclass()
340 * Get the `me' login class, allowing user overrides via ~/.login_conf.
341 * Note that user overrides are allowed only in the `me' class.
342 */
344 login_cap_t *
346 {
348 }
351 /*
352 * login_getcapstr()
353 * Given a login_cap entry, and a capability name, return the
354 * value defined for that capability, a default if not found, or
355 * an error string on error.
356 */
360 {
370 }
373 /*
374 * login_getcaplist()
375 * Given a login_cap entry, and a capability name, return the
376 * value defined for that capability split into an array of
377 * strings.
378 */
382 {
390 }
393 /*
394 * login_getpath()
395 * From the login_cap_t <lc>, get the capability <cap> which is
396 * formatted as either a space or comma delimited list of paths
397 * and append them all into a string and separate by semicolons.
398 * If there is an error of any kind, return <error>.
399 */
403 {
417 }
419 }
422 static int
424 {
431 NULL
432 };
439 }
441 }
444 static u_quad_t
446 {
452 /* Handle simple cases */
460 /*
461 * sizeof() returns number of bytes needed for storage.
462 * This may be different from the actual number of useful bits.
463 */
468 }
470 /*
471 * First check the magnitude of each number. If the sum of the
472 * magnatude is way to high, reject the number. (If this test
473 * is not done then the first multiply below may overflow.)
474 */
476 ;
478 ;
482 }
484 /*
485 * Decompose the multiplication to be:
486 * h1 = n1 & ~1
487 * h2 = n2 & ~1
488 * l1 = n1 & 1
489 * l2 = n2 & 1
490 * (h1 + l1) * (h2 + l2)
491 * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
492 *
493 * Since h1 && h2 do not have the low bit set, we can then say:
494 *
495 * (h1>>1 * h2>>1 * 4) + ...
496 *
497 * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
498 * overflow.
499 *
500 * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
501 * then adding in residual amout will cause an overflow.
502 */
508 }
518 }
522 }
525 /*
526 * login_getcaptime()
527 * From the login_cap_t <lc>, get the capability <cap>, which is
528 * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not
529 * present in <lc>, return <def>; if there is an error of some kind,
530 * return <error>.
531 */
533 rlim_t
535 {
538 rlim_t tot;
544 /*
545 * Look for <cap> in lc_cap.
546 * If it's not there (-1), return <def>.
547 * If there's an error, return <error>.
548 */
555 }
557 /* "inf" and "infinity" are special cases */
561 /*
562 * Now go through the string, turning something like 1h2m3s into
563 * an integral value. Whee.
564 */
574 invalid:
579 }
580 /* Look for suffixes */
583 ep--;
604 }
609 }
612 }
615 /*
616 * login_getcapnum()
617 * From the login_cap_t <lc>, extract the numerical value <cap>.
618 * If it is not present, return <def> for a default, and return
619 * <error> if there is an error.
620 * Like login_getcaptime(), only it only converts to a number, not
621 * to a time; "infinity" and "inf" are 'special.'
622 */
624 rlim_t
626 {
629 rlim_t val;
634 /*
635 * For BSDI compatibility, try for the tag=<val> first
636 */
639 /* string capability not present, so try for tag#<val> as numeric */
644 }
649 }
661 }
664 }
668 /*
669 * login_getcapsize()
670 * From the login_cap_t <lc>, extract the capability <cap>, which is
671 * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
672 * If not present, return <def>, or <error> if there is an error of
673 * some sort.
674 */
676 rlim_t
678 {
681 rlim_t tot;
691 }
704 invalid:
709 }
712 ep--;
731 }
736 }
739 }
742 /*
743 * login_getcapbool()
744 * From the login_cap_t <lc>, check for the existance of the capability
745 * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return
746 * the whether or not <cap> exists there.
747 */
749 int
751 {
755 }
758 /*
759 * login_getstyle()
760 * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
761 * and optionally a style <style>, find the style that best suits these
762 * rules:
763 * 1. If <auth> is non-null, look for an "auth-<auth>=" string
764 * in the capability; if not present, default to "auth=".
765 * 2. If there is no auth list found from (1), default to
766 * "passwd" as an authorization list.
767 * 3. If <style> is non-null, look for <style> in the list of
768 * authorization methods found from (2); if <style> is NULL, default
769 * to LOGIN_DEFSTYLE ("passwd").
770 * 4. If the chosen style is found in the chosen list of authorization
771 * methods, return that; otherwise, return NULL.
772 * E.g.:
773 * login_getstyle(lc, NULL, "ftp");
774 * login_getstyle(lc, "login", NULL);
775 * login_getstyle(lc, "skey", "network");
776 */
780 {
791 }
799 /*
800 * We have at least one authtype now; auths is a comma-separated
801 * (or space-separated) list of authentication types. We have to
802 * convert from this to an array of char*'s; authtypes then gets this.
803 */
807 i++;
808 }
818 }