2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
7 * Portions copyright (c) 1995,1997
8 * Berkeley Software Design, Inc.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
26 * Low-level routines relating to the user capabilities database
28 * $FreeBSD: src/lib/libutil/login_cap.c,v 1.17.2.4 2001/10/21 19:42:13 ache Exp $
29 * $DragonFly: src/lib/libutil/login_cap.c,v 1.3 2005/03/04 05:31:11 cpressey Exp $
32 #include <sys/types.h>
34 #include <sys/resource.h>
35 #include <sys/param.h>
47 #include "login_cap.h"
51 * Manage a single static pointer for handling a local char* buffer,
52 * resizing as necessary to contain the string.
55 * Manage a static array for handling a group of strings, resizing
59 static int lc_object_count
= 0;
61 static size_t internal_stringsz
= 0;
62 static char * internal_string
= NULL
;
63 static size_t internal_arraysz
= 0;
64 static char ** internal_array
= NULL
;
71 size_t sz
= strlen(str
) + 1; /* realloc() only if necessary */
72 if (sz
<= internal_stringsz
)
73 p
= strcpy(internal_string
, str
);
74 else if ((p
= realloc(internal_string
, sz
)) != NULL
) {
75 internal_stringsz
= sz
;
76 internal_string
= strcpy(p
, str
);
87 if (sz
<= internal_arraysz
)
89 else if ((p
= realloc(internal_array
, sz
* sizeof(char*))) != NULL
) {
90 internal_arraysz
= sz
;
99 * Turn a simple string <str> separated by any of
100 * the set of <chars> into an array. The last element
101 * of the array will be NULL, as is proper.
102 * Free using freearraystr()
106 arrayize(char *str
, const char *chars
, int *size
)
112 /* count the sub-strings */
113 for (i
= 0, ptr
= str
; *ptr
; i
++) {
114 int count
= strcspn(ptr
, chars
);
120 /* alloc the array */
121 if ((ptr
= allocstr(str
)) != NULL
) {
122 if ((res
= allocarray(++i
)) == NULL
)
125 /* now split the string */
128 int count
= strcspn(ptr
, chars
);
147 * Frees up all resources relating to a login class
152 login_close(login_cap_t
* lc
)
159 if (--lc_object_count
== 0) {
160 free(internal_string
);
161 free(internal_array
);
162 internal_array
= NULL
;
163 internal_arraysz
= 0;
164 internal_string
= NULL
;
165 internal_stringsz
= 0;
173 * login_getclassbyname() get the login class by its name.
174 * If the name given is NULL or empty, the default class
175 * LOGIN_DEFCLASS (ie. "default") is fetched. If the
176 * 'dir' argument contains a non-NULL non-empty string,
177 * then the file _FILE_LOGIN_CONF is picked up from that
178 * directory instead of the system login database.
179 * Return a filled-out login_cap_t structure, including
180 * class name, and the capability record buffer.
184 login_getclassbyname(char const *name
, const struct passwd
*pwd
)
188 if ((lc
= malloc(sizeof(login_cap_t
))) != NULL
) {
192 const char *msg
= NULL
;
194 char userpath
[MAXPATHLEN
];
196 static char *login_dbarray
[] = { NULL
, NULL
, NULL
};
198 me
= (name
!= NULL
&& strcmp(name
, LOGIN_MECLASS
) == 0);
199 dir
= (!me
|| pwd
== NULL
) ? NULL
: pwd
->pw_dir
;
201 * Switch to user mode before checking/reading its ~/.login_conf
202 * - some NFSes have root read access disabled.
204 * XXX: This fails to configure additional groups.
209 (void)setegid(pwd
->pw_gid
);
210 (void)seteuid(pwd
->pw_uid
);
213 if (dir
&& snprintf(userpath
, MAXPATHLEN
, "%s/%s", dir
,
214 _FILE_LOGIN_CONF
) < MAXPATHLEN
) {
215 login_dbarray
[i
] = userpath
;
216 if (_secure_path(userpath
, pwd
->pw_uid
, pwd
->pw_gid
) != -1)
217 i
++; /* only use 'secure' data */
219 if (_secure_path(_PATH_LOGIN_CONF
, 0, 0) != -1)
220 login_dbarray
[i
++] = _PATH_LOGIN_CONF
;
221 login_dbarray
[i
] = NULL
;
223 memset(lc
, 0, sizeof(login_cap_t
));
224 lc
->lc_cap
= lc
->lc_class
= lc
->lc_style
= NULL
;
226 if (name
== NULL
|| *name
== '\0')
227 name
= LOGIN_DEFCLASS
;
229 switch (cgetent(&lc
->lc_cap
, login_dbarray
, (char*)name
)) {
230 case -1: /* Failed, entry does not exist */
232 break; /* Don't retry default on 'me' */
235 else if ((r
= open(login_dbarray
[0], O_RDONLY
)) >= 0)
238 * If there's at least one login class database,
239 * and we aren't searching for a default class
240 * then complain about a non-existent class.
242 if (r
>= 0 || strcmp(name
, LOGIN_DEFCLASS
) != 0)
243 syslog(LOG_ERR
, "login_getclass: unknown class '%s'", name
);
244 /* fall-back to default class */
245 name
= LOGIN_DEFCLASS
;
246 msg
= "%s: no default/fallback class '%s'";
247 if (cgetent(&lc
->lc_cap
, login_dbarray
, (char*)name
) != 0 && r
>= 0)
249 /* Fallthru - just return system defaults */
250 case 0: /* success! */
251 if ((lc
->lc_class
= strdup(name
)) != NULL
) {
259 msg
= "%s: strdup: %m";
262 msg
= "%s: retrieving class information: %m";
265 msg
= "%s: 'tc=' reference loop '%s'";
268 msg
= "couldn't resolve 'tc=' reference in '%s'";
271 msg
= "%s: unexpected cgetent() error '%s': %m";
279 syslog(LOG_ERR
, msg
, "login_getclass", name
);
290 * Get the login class for the system (only) login class database.
291 * Return a filled-out login_cap_t structure, including
292 * class name, and the capability record buffer.
296 login_getclass(const char *cls
)
298 return login_getclassbyname(cls
, NULL
);
304 * Get the login class for a given password entry from
305 * the system (only) login class database.
306 * If the password entry's class field is not set, or
307 * the class specified does not exist, then use the
308 * default of LOGIN_DEFCLASS (ie. "default").
309 * Return a filled-out login_cap_t structure, including
310 * class name, and the capability record buffer.
314 login_getpwclass(const struct passwd
*pwd
)
316 const char *cls
= NULL
;
320 if (cls
== NULL
|| *cls
== '\0')
321 cls
= (pwd
->pw_uid
== 0) ? LOGIN_DEFROOTCLASS
: LOGIN_DEFCLASS
;
323 return login_getclassbyname(cls
, pwd
);
328 * login_getuserclass()
329 * Get the login class for a given password entry, allowing user
330 * overrides via ~/.login_conf.
334 login_getuserclass(const struct passwd
*pwd
)
336 return login_getclassbyname(LOGIN_MECLASS
, pwd
);
343 * Given a login_cap entry, and a capability name, return the
344 * value defined for that capability, a defualt if not found, or
345 * an error string on error.
349 login_getcapstr(login_cap_t
*lc
, const char *cap
, char *def
, char *error
)
354 if (lc
== NULL
|| cap
== NULL
|| lc
->lc_cap
== NULL
|| *cap
== '\0')
357 if ((ret
= cgetstr(lc
->lc_cap
, (char *)cap
, &res
)) == -1)
359 return (ret
>= 0) ? res
: error
;
365 * Given a login_cap entry, and a capability name, return the
366 * value defined for that capability split into an array of
371 login_getcaplist(login_cap_t
*lc
, const char *cap
, const char *chars
)
377 if ((lstring
= login_getcapstr(lc
, (char*)cap
, NULL
, NULL
)) != NULL
)
378 return arrayize(lstring
, chars
, NULL
);
385 * From the login_cap_t <lc>, get the capability <cap> which is
386 * formatted as either a space or comma delimited list of paths
387 * and append them all into a string and separate by semicolons.
388 * If there is an error of any kind, return <error>.
392 login_getpath(login_cap_t
*lc
, const char *cap
, char * error
)
396 if ((str
= login_getcapstr(lc
, (char*)cap
, NULL
, NULL
)) == NULL
)
402 int count
= strcspn(ptr
, ", \t");
413 isinfinite(const char *s
)
415 static const char *infs
[] = {
423 const char **i
= &infs
[0];
426 if (strcasecmp(s
, *i
) == 0)
435 rmultiply(u_quad_t n1
, u_quad_t n2
)
442 /* Handle simple cases */
443 if (n1
== 0 || n2
== 0)
451 * sizeof() returns number of bytes needed for storage.
452 * This may be different from the actual number of useful bits.
455 bpw
= sizeof(u_quad_t
) * 8;
456 while (((u_quad_t
)1 << (bpw
-1)) == 0)
461 * First check the magnitude of each number. If the sum of the
462 * magnatude is way to high, reject the number. (If this test
463 * is not done then the first multiply below may overflow.)
465 for (b1
= bpw
; (((u_quad_t
)1 << (b1
-1)) & n1
) == 0; --b1
)
467 for (b2
= bpw
; (((u_quad_t
)1 << (b2
-1)) & n2
) == 0; --b2
)
469 if (b1
+ b2
- 2 > bpw
) {
475 * Decompose the multiplication to be:
480 * (h1 + l1) * (h2 + l2)
481 * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
483 * Since h1 && h2 do not have the low bit set, we can then say:
485 * (h1>>1 * h2>>1 * 4) + ...
487 * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
490 * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
491 * then adding in residual amout will cause an overflow.
494 m
= (n1
>> 1) * (n2
>> 1);
495 if (m
>= ((u_quad_t
)1 << (bpw
-2))) {
502 + (n2
& 1) * (n1
& ~(u_quad_t
)1)
503 + (n1
& 1) * (n2
& ~(u_quad_t
)1);
505 if ((u_quad_t
)(m
+ r
) < m
) {
517 * From the login_cap_t <lc>, get the capability <cap>, which is
518 * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not
519 * present in <lc>, return <def>; if there is an error of some kind,
524 login_getcaptime(login_cap_t
*lc
, const char *cap
, rlim_t def
, rlim_t error
)
526 char *res
, *ep
, *oval
;
531 if (lc
== NULL
|| lc
->lc_cap
== NULL
)
535 * Look for <cap> in lc_cap.
536 * If it's not there (-1), return <def>.
537 * If there's an error, return <error>.
540 if ((r
= cgetstr(lc
->lc_cap
, (char *)cap
, &res
)) == -1)
547 /* "inf" and "infinity" are special cases */
549 return RLIM_INFINITY
;
552 * Now go through the string, turning something like 1h2m3s into
553 * an integral value. Whee.
560 rlim_t tim
= strtoq(res
, &ep
, 0);
563 if (ep
== NULL
|| ep
== res
|| errno
!= 0) {
565 syslog(LOG_WARNING
, "login_getcaptime: class '%s' bad value %s=%s",
566 lc
->lc_class
, cap
, oval
);
570 /* Look for suffixes */
574 break; /* end of string */
575 case 's': case 'S': /* seconds */
577 case 'm': case 'M': /* minutes */
580 case 'h': case 'H': /* hours */
583 case 'd': case 'D': /* days */
584 mult
= 60L * 60L * 24L;
586 case 'w': case 'W': /* weeks */
587 mult
= 60L * 60L * 24L * 7L;
589 case 'y': case 'Y': /* 365-day years */
590 mult
= 60L * 60L * 24L * 365L;
596 tot
+= rmultiply(tim
, mult
);
607 * From the login_cap_t <lc>, extract the numerical value <cap>.
608 * If it is not present, return <def> for a default, and return
609 * <error> if there is an error.
610 * Like login_getcaptime(), only it only converts to a number, not
611 * to a time; "infinity" and "inf" are 'special.'
615 login_getcapnum(login_cap_t
*lc
, const char *cap
, rlim_t def
, rlim_t error
)
621 if (lc
== NULL
|| lc
->lc_cap
== NULL
)
625 * For BSDI compatibility, try for the tag=<val> first
627 if ((r
= cgetstr(lc
->lc_cap
, (char *)cap
, &res
)) == -1) {
629 /* string capability not present, so try for tag#<val> as numeric */
630 if ((r
= cgetnum(lc
->lc_cap
, (char *)cap
, &lval
)) == -1)
631 return def
; /* Not there, so return default */
642 return RLIM_INFINITY
;
645 val
= strtoq(res
, &ep
, 0);
646 if (ep
== NULL
|| ep
== res
|| errno
!= 0) {
647 syslog(LOG_WARNING
, "login_getcapnum: class '%s' bad value %s=%s",
648 lc
->lc_class
, cap
, res
);
660 * From the login_cap_t <lc>, extract the capability <cap>, which is
661 * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
662 * If not present, return <def>, or <error> if there is an error of
667 login_getcapsize(login_cap_t
*lc
, const char *cap
, rlim_t def
, rlim_t error
)
669 char *ep
, *res
, *oval
;
673 if (lc
== NULL
|| lc
->lc_cap
== NULL
)
676 if ((r
= cgetstr(lc
->lc_cap
, (char *)cap
, &res
)) == -1)
684 return RLIM_INFINITY
;
690 rlim_t siz
= strtoq(res
, &ep
, 0);
693 if (ep
== NULL
|| ep
== res
|| errno
!= 0) {
695 syslog(LOG_WARNING
, "login_getcapsize: class '%s' bad value %s=%s",
696 lc
->lc_class
, cap
, oval
);
701 case 0: /* end of string */
704 case 'b': case 'B': /* 512-byte blocks */
707 case 'k': case 'K': /* 1024-byte Kilobytes */
710 case 'm': case 'M': /* 1024-k kbytes */
713 case 'g': case 'G': /* 1Gbyte */
714 mult
= 1024 * 1024 * 1024;
716 case 't': case 'T': /* 1TBte */
717 mult
= 1024LL * 1024LL * 1024LL * 1024LL;
723 tot
+= rmultiply(siz
, mult
);
734 * From the login_cap_t <lc>, check for the existance of the capability
735 * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return
736 * the whether or not <cap> exists there.
740 login_getcapbool(login_cap_t
*lc
, const char *cap
, int def
)
742 if (lc
== NULL
|| lc
->lc_cap
== NULL
)
744 return (cgetcap(lc
->lc_cap
, (char *)cap
, ':') != NULL
);
750 * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
751 * and optionally a style <style>, find the style that best suits these
753 * 1. If <auth> is non-null, look for an "auth-<auth>=" string
754 * in the capability; if not present, default to "auth=".
755 * 2. If there is no auth list found from (1), default to
756 * "passwd" as an authorization list.
757 * 3. If <style> is non-null, look for <style> in the list of
758 * authorization methods found from (2); if <style> is NULL, default
759 * to LOGIN_DEFSTYLE ("passwd").
760 * 4. If the chosen style is found in the chosen list of authorization
761 * methods, return that; otherwise, return NULL.
763 * login_getstyle(lc, NULL, "ftp");
764 * login_getstyle(lc, "login", NULL);
765 * login_getstyle(lc, "skey", "network");
769 login_getstyle(login_cap_t
*lc
, char *style
, const char *auth
)
772 char **authtypes
= NULL
;
776 static char *defauthtypes
[] = { LOGIN_DEFSTYLE
, NULL
};
778 if (auth
!= NULL
&& *auth
!= '\0') {
779 if (snprintf(realauth
, sizeof realauth
, "auth-%s", auth
) < sizeof realauth
)
780 authtypes
= login_getcaplist(lc
, realauth
, NULL
);
783 if (authtypes
== NULL
)
784 authtypes
= login_getcaplist(lc
, "auth", NULL
);
786 if (authtypes
== NULL
)
787 authtypes
= defauthtypes
;
790 * We have at least one authtype now; auths is a comma-separated
791 * (or space-separated) list of authentication types. We have to
792 * convert from this to an array of char*'s; authtypes then gets this.
795 if (style
!= NULL
&& *style
!= '\0') {
796 while (authtypes
[i
] != NULL
&& strcmp(style
, authtypes
[i
]) != 0)
801 if (authtypes
[i
] != NULL
&& (auths
= strdup(authtypes
[i
])) != NULL
)
802 lc
->lc_style
= auths
;
804 if (lc
->lc_style
!= NULL
)
805 lc
->lc_style
= strdup(lc
->lc_style
);