2 * $Id: uam.c,v 1.15.2.5 2002-03-18 19:39:13 jmarcus Exp $
4 * Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu)
5 * All Rights Reserved. See COPYRIGHT.
10 #endif /* HAVE_CONFIG_H */
18 #else /* STDC_HEADERS */
22 #endif /* HAVE_STRCHR */
23 char *strchr (), *strrchr ();
25 #define memcpy(d,s,n) bcopy ((s), (d), (n))
26 #define memmove(d,s,n) bcopy ((s), (d), (n))
27 #endif /* ! HAVE_MEMCPY */
28 #endif /* STDC_HEADERS */
32 #endif /* HAVE_UNISTD_H */
35 #endif /* HAVE_FCNTL_H */
38 #include <sys/param.h>
39 #include <sys/socket.h>
43 #endif /* HAVE_DLFCN_H */
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
48 #include <netatalk/endian.h>
49 #include <atalk/asp.h>
50 #include <atalk/dsi.h>
51 #include <atalk/afp.h>
52 #include <atalk/util.h>
55 #include "afp_config.h"
66 /* --- server uam functions -- */
68 /* uam_load. uams must have a uam_setup function. */
69 struct uam_mod *uam_load(const char *path, const char *name)
71 char buf[MAXPATHLEN + 1], *p;
75 if ((module = mod_open(path)) == NULL) {
76 syslog(LOG_ERR, "uam_load(%s): failed to load: %s", name, mod_error());
80 if ((mod = (struct uam_mod *) malloc(sizeof(struct uam_mod))) == NULL) {
81 syslog(LOG_ERR, "uam_load(%s): malloc failed", name);
85 strncpy(buf, name, sizeof(buf));
86 buf[sizeof(buf) - 1] = '\0';
87 if ((p = strchr(buf, '.')))
89 if ((mod->uam_fcn = mod_symbol(module, buf)) == NULL) {
90 syslog(LOG_ERR, "uam_load(%s): mod_symbol error for symbol %s",
96 if (mod->uam_fcn->uam_type != UAM_MODULE_SERVER) {
97 syslog(LOG_ERR, "uam_load(%s): attempted to load a non-server module",
102 /* version check would go here */
104 if (!mod->uam_fcn->uam_setup ||
105 ((*mod->uam_fcn->uam_setup)(name) < 0)) {
106 syslog(LOG_ERR, "uam_load(%s): uam_setup failed", name);
110 mod->uam_module = module;
120 /* unload the module. we check for a cleanup function, but we don't
121 * die if one doesn't exist. however, things are likely to leak without one.
123 void uam_unload(struct uam_mod *mod)
125 if (mod->uam_fcn->uam_cleanup)
126 (*mod->uam_fcn->uam_cleanup)();
127 mod_close(mod->uam_module);
131 /* -- client-side uam functions -- */
133 /* set up stuff for this uam. */
134 int uam_register(const int type, const char *path, const char *name, ...)
142 /* see if it already exists. */
143 if ((uam = auth_uamfind(type, name, strlen(name)))) {
144 if (strcmp(uam->uam_path, path)) {
145 /* it exists, but it's not the same module. */
146 syslog(LOG_ERR, "uam_register: \"%s\" already loaded by %s",
154 /* allocate space for uam */
155 if ((uam = calloc(1, sizeof(struct uam_obj))) == NULL)
158 uam->uam_name = name;
159 uam->uam_path = strdup(path);
164 case UAM_SERVER_LOGIN: /* expect three arguments */
165 uam->u.uam_login.login = va_arg(ap, void *);
166 uam->u.uam_login.logincont = va_arg(ap, void *);
167 uam->u.uam_login.logout = va_arg(ap, void *);
169 case UAM_SERVER_CHANGEPW: /* one argument */
170 uam->u.uam_changepw = va_arg(ap, void *);
172 case UAM_SERVER_PRINTAUTH: /* x arguments */
178 /* attach to other uams */
179 if (auth_register(type, uam) < 0) {
188 void uam_unregister(const int type, const char *name)
195 uam = auth_uamfind(type, name, strlen(name));
196 if (!uam || --uam->uam_count > 0)
199 auth_unregister(uam);
204 /* --- helper functions for plugin uams --- */
206 struct passwd *uam_getname(char *name, const int len)
208 struct passwd *pwent;
212 if ((pwent = getpwnam(name)))
215 #ifndef NO_REAL_USER_NAME
216 for (i = 0; i < len; i++)
217 name[i] = tolower(name[i]);
220 while ((pwent = getpwent())) {
221 if ((user = strchr(pwent->pw_gecos, ',')))
223 user = pwent->pw_gecos;
225 /* check against both the gecos and the name fields. the user
226 * might have just used a different capitalization. */
227 if ((strncasecmp(user, name, len) == 0) ||
228 (strncasecmp(pwent->pw_name, name, len) == 0)) {
229 strncpy(name, pwent->pw_name, len);
230 name[len - 1] = '\0';
235 #endif /* ! NO_REAL_USER_NAME */
237 /* os x server doesn't keep anything useful if we do getpwent */
238 return pwent ? getpwnam(name) : NULL;
241 int uam_checkuser(const struct passwd *pwd)
248 #ifndef DISABLE_SHELLCHECK
249 if (!pwd->pw_shell || (*pwd->pw_shell == '\0')) {
250 syslog(LOG_INFO, "uam_checkuser: User %s does not have a shell", pwd->pw_name);
255 while ((p = getusershell())) {
256 if ( strcmp( p, pwd->pw_shell ) == 0 )
261 #ifndef DISABLE_SHELLCHECK
263 syslog( LOG_INFO, "illegal shell %s for %s", pwd->pw_shell, pwd->pw_name);
266 #endif /* DISABLE_SHELLCHECK */
271 /* afp-specific functions */
272 int uam_afpserver_option(void *private, const int what, void *option,
275 AFPObj *obj = private;
276 char **buf = (char **) option; /* most of the options are this */
284 case UAM_OPTION_USERNAME:
285 *buf = (void *) obj->username;
287 *len = sizeof(obj->username) - 1;
290 case UAM_OPTION_GUEST:
291 *buf = (void *) obj->options.guest;
293 *len = strlen(obj->options.guest);
296 case UAM_OPTION_PASSWDOPT:
301 case UAM_PASSWD_FILENAME:
302 *buf = (void *) obj->options.passwdfile;
303 *len = strlen(obj->options.passwdfile);
306 case UAM_PASSWD_MINLENGTH:
307 *((int *) option) = obj->options.passwdminlen;
308 *len = sizeof(obj->options.passwdminlen);
311 case UAM_PASSWD_MAXFAIL:
312 *((int *) option) = obj->options.loginmaxfail;
313 *len = sizeof(obj->options.loginmaxfail);
316 case UAM_PASSWD_EXPIRETIME: /* not implemented */
323 case UAM_OPTION_SIGNATURE:
324 *buf = (void *) (((AFPConfig *)obj->config)->signature);
329 case UAM_OPTION_RANDNUM: /* returns a random number in 4-byte units. */
330 if (!len || (*len < 0) || (*len % sizeof(result)))
333 /* construct a random number */
334 if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
337 char *randnum = (char *) option;
340 if (gettimeofday(&tv, &tz) < 0)
342 srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->handle);
343 for (i = 0; i < *len; i += sizeof(result)) {
345 memcpy(randnum + i, &result, sizeof(result));
348 result = read(fd, option, *len);
355 case UAM_OPTION_HOSTNAME:
356 *buf = (void *) obj->options.hostname;
358 *len = strlen(obj->options.hostname);
361 case UAM_OPTION_PROTOCOL:
362 *buf = (void *) obj->proto;
364 case UAM_OPTION_CLIENTNAME:
366 struct DSI *dsi = obj->handle;
369 hp = gethostbyaddr( (char *) &dsi->client.sin_addr,
370 sizeof( struct in_addr ),
371 dsi->client.sin_family );
373 *buf = (void *) hp->h_name;
375 *buf = (void *) inet_ntoa( dsi->client.sin_addr );
378 case UAM_OPTION_COOKIE:
379 /* it's up to the uam to actually store something useful here.
380 * this just passes back a handle to the cookie. the uam side
381 * needs to do something like **buf = (void *) cookie to store
383 *buf = (void *) &obj->uam_cookie;
394 /* if we need to maintain a connection, this is how we do it.
395 * because an action pointer gets passed in, we can stream
397 int uam_afp_read(void *handle, char *buf, int *buflen,
398 int (*action)(void *, void *, const int))
400 AFPObj *obj = handle;
406 switch (obj->proto) {
408 if ((len = asp_wrtcont(obj->handle, buf, buflen )) < 0)
409 goto uam_afp_read_err;
410 return action(handle, buf, *buflen);
414 len = dsi_writeinit(obj->handle, buf, *buflen);
415 if (!len || ((len = action(handle, buf, len)) < 0)) {
416 dsi_writeflush(obj->handle);
417 goto uam_afp_read_err;
420 while ((len = (dsi_write(obj->handle, buf, *buflen)))) {
421 if ((len = action(handle, buf, len)) < 0) {
422 dsi_writeflush(obj->handle);
423 goto uam_afp_read_err;
436 void uam_afp_getcmdline( int *ac, char ***av )
438 afp_get_cmdline( ac, av );
441 int uam_sia_validate_user(sia_collect_func_t * collect, int argc, char **argv,
442 char *hostname, char *username, char *tty,
443 int colinput, char *gssapi, char *passphrase)
444 /* A clone of the Tru64 system function sia_validate_user() that calls
445 * sia_ses_authent() rather than sia_ses_reauthent()
446 * Added extra code to take into account suspected SIA bug whereby it clobbers
447 * the signal handler on SIGALRM (tickle) installed by Netatalk/afpd
450 SIAENTITY *entity = NULL;
451 struct sigaction act;
454 if ((rc=sia_ses_init(&entity, argc, argv, hostname, username, tty,
455 colinput, gssapi)) != SIASUCCESS) {
456 syslog(LOG_ERR, "cannot initialise SIA");
460 /* save old action for restoration later */
461 if (sigaction(SIGALRM, NULL, &act))
462 syslog(LOG_ERR, "cannot save SIGALRM handler");
464 if ((rc=sia_ses_authent(collect, passphrase, entity)) != SIASUCCESS) {
465 /* restore old action after clobbering by sia_ses_authent() */
466 if (sigaction(SIGALRM, &act, NULL))
467 syslog(LOG_ERR, "cannot restore SIGALRM");
468 syslog(LOG_ERR, "unsuccessful login for %s",
469 (hostname?hostname:"(null)"));
472 syslog(LOG_ERR, "successful login for %s",
473 (hostname?hostname:"(null)"));
475 /* restore old action after clobbering by sia_ses_authent() */
476 if (sigaction(SIGALRM, &act, NULL))
477 syslog(LOG_ERR, "cannot restore SIGALRM handler");
478 sia_ses_release(&entity);
484 /* --- papd-specific functions (just placeholders) --- */
485 void append(void *pf, char *data, int len)