2 * $Id: uam.c,v 1.26 2007-12-03 14:50:39 didg Exp $
4 * Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu)
5 * All Rights Reserved. See COPYRIGHT.
10 #endif /* HAVE_CONFIG_H */
18 #else /* STDC_HEADERS */
22 #endif /* HAVE_STRCHR */
23 char *strchr (), *strrchr ();
25 #define memcpy(d,s,n) bcopy ((s), (d), (n))
26 #define memmove(d,s,n) bcopy ((s), (d), (n))
27 #endif /* ! HAVE_MEMCPY */
28 #endif /* STDC_HEADERS */
32 #endif /* HAVE_UNISTD_H */
35 #endif /* HAVE_FCNTL_H */
37 #include <atalk/logger.h>
38 #include <sys/param.h>
39 #include <sys/socket.h>
43 #endif /* HAVE_DLFCN_H */
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
48 #include <netatalk/endian.h>
49 #include <atalk/asp.h>
50 #include <atalk/dsi.h>
51 #include <atalk/afp.h>
52 #include <atalk/util.h>
55 #include "afp_config.h"
60 #define utf8_encoding() (afp_version >= 30)
62 #define utf8_encoding() (0)
72 /* --- server uam functions -- */
74 extern int uam_setup(const char *path);
77 /* uam_load. uams must have a uam_setup function. */
78 struct uam_mod *uam_load(const char *path, const char *name)
80 char buf[MAXPATHLEN + 1], *p;
85 if ((module = mod_open(path)) == NULL) {
86 LOG(log_error, logtype_afpd, "uam_load(%s): failed to load: %s", name, mod_error());
91 if ((mod = (struct uam_mod *) malloc(sizeof(struct uam_mod))) == NULL) {
92 LOG(log_error, logtype_afpd, "uam_load(%s): malloc failed", name);
96 strlcpy(buf, name, sizeof(buf));
97 if ((p = strchr(buf, '.')))
101 if ((mod->uam_fcn = mod_symbol(module, buf)) == NULL) {
102 LOG(log_error, logtype_afpd, "uam_load(%s): mod_symbol error for symbol %s",
108 if (mod->uam_fcn->uam_type != UAM_MODULE_SERVER) {
109 LOG(log_error, logtype_afpd, "uam_load(%s): attempted to load a non-server module",
114 /* version check would go here */
116 if (!mod->uam_fcn->uam_setup ||
117 ((*mod->uam_fcn->uam_setup)(name) < 0)) {
118 LOG(log_error, logtype_afpd, "uam_load(%s): uam_setup failed", name);
125 mod->uam_module = module;
135 /* unload the module. we check for a cleanup function, but we don't
136 * die if one doesn't exist. however, things are likely to leak without one.
138 void uam_unload(struct uam_mod *mod)
140 if (mod->uam_fcn->uam_cleanup)
141 (*mod->uam_fcn->uam_cleanup)();
144 mod_close(mod->uam_module);
149 /* -- client-side uam functions -- */
151 /* set up stuff for this uam. */
152 int uam_register(const int type, const char *path, const char *name, ...)
161 /* see if it already exists. */
162 if ((uam = auth_uamfind(type, name, strlen(name)))) {
163 if (strcmp(uam->uam_path, path)) {
164 /* it exists, but it's not the same module. */
165 LOG(log_error, logtype_afpd, "uam_register: \"%s\" already loaded by %s",
173 /* allocate space for uam */
174 if ((uam = calloc(1, sizeof(struct uam_obj))) == NULL)
177 uam->uam_name = name;
178 uam->uam_path = strdup(path);
183 case UAM_SERVER_LOGIN_EXT: /* expect four arguments */
184 uam->u.uam_login.login = va_arg(ap, void *);
185 uam->u.uam_login.logincont = va_arg(ap, void *);
186 uam->u.uam_login.logout = va_arg(ap, void *);
187 uam->u.uam_login.login_ext = va_arg(ap, void *);
190 case UAM_SERVER_LOGIN: /* expect three arguments */
191 uam->u.uam_login.login_ext = NULL;
192 uam->u.uam_login.login = va_arg(ap, void *);
193 uam->u.uam_login.logincont = va_arg(ap, void *);
194 uam->u.uam_login.logout = va_arg(ap, void *);
196 case UAM_SERVER_CHANGEPW: /* one argument */
197 uam->u.uam_changepw = va_arg(ap, void *);
199 case UAM_SERVER_PRINTAUTH: /* x arguments */
205 /* attach to other uams */
206 ret = auth_register(type, uam);
217 int uam_register_fn(const int type, const char *path, const char *name, void *fn1, void *fn2,
218 void *fn3, void *fn4)
226 /* see if it already exists. */
227 if ((uam = auth_uamfind(type, name, strlen(name)))) {
228 if (strcmp(uam->uam_path, path)) {
229 /* it exists, but it's not the same module. */
230 LOG(log_error, logtype_afpd, "uam_register: \"%s\" already loaded by %s",
238 /* allocate space for uam */
239 if ((uam = calloc(1, sizeof(struct uam_obj))) == NULL)
242 uam->uam_name = name;
243 uam->uam_path = strdup(path);
247 case UAM_SERVER_LOGIN_EXT: /* expect four arguments */
248 uam->u.uam_login.login_ext = fn4;
249 uam->u.uam_login.login = fn1;
250 uam->u.uam_login.logincont = fn2;
251 uam->u.uam_login.logout = fn3;
253 case UAM_SERVER_LOGIN: /* expect three arguments */
254 uam->u.uam_login.login_ext = NULL;
255 uam->u.uam_login.login = fn1;
256 uam->u.uam_login.logincont = fn2;
257 uam->u.uam_login.logout = fn3;
259 case UAM_SERVER_CHANGEPW: /* one argument */
260 uam->u.uam_changepw = fn1;
262 case UAM_SERVER_PRINTAUTH: /* x arguments */
267 /* attach to other uams */
268 if (auth_register(type, uam) < 0) {
278 void uam_unregister(const int type, const char *name)
285 uam = auth_uamfind(type, name, strlen(name));
286 if (!uam || --uam->uam_count > 0)
289 auth_unregister(uam);
294 /* --- helper functions for plugin uams ---
296 * len: size of name buffer.
299 struct passwd *uam_getname(void *private, char *name, const int len)
301 AFPObj *obj = private;
302 struct passwd *pwent;
303 static char username[256];
304 static char user[256];
305 static char pwname[256];
307 size_t namelen, gecoslen = 0, pwnamelen = 0;
309 if ((pwent = getpwnam(name)))
312 /* if we have a NT domain name try with it */
313 if (obj->options.ntdomain && obj->options.ntseparator) {
314 /* FIXME What about charset ? */
315 size_t ulen = strlen(obj->options.ntdomain) + strlen(obj->options.ntseparator) + strlen(name);
316 if ((p = malloc(ulen +1))) {
317 strcpy(p, obj->options.ntdomain);
318 strcat(p, obj->options.ntseparator);
323 int len = strlen(pwent->pw_name);
324 if (len < MAXUSERLEN) {
325 strncpy(name,pwent->pw_name, MAXUSERLEN);
327 LOG(log_error, logtype_uams, "MAJOR:The name %s is longer than %d",pwent->pw_name,MAXUSERLEN);
334 #ifndef NO_REAL_USER_NAME
336 if ( (size_t) -1 == (namelen = convert_string((utf8_encoding())?CH_UTF8_MAC:obj->options.maccharset,
337 CH_UCS2, name, strlen(name), username, sizeof(username))))
341 while ((pwent = getpwent())) {
342 if ((p = strchr(pwent->pw_gecos, ',')))
345 if ((size_t)-1 == ( gecoslen = convert_string(obj->options.unixcharset, CH_UCS2,
346 pwent->pw_gecos, strlen(pwent->pw_gecos), user, sizeof(username))) )
348 if ((size_t)-1 == ( pwnamelen = convert_string(obj->options.unixcharset, CH_UCS2,
349 pwent->pw_name, strlen(pwent->pw_name), pwname, sizeof(username))) )
353 /* check against both the gecos and the name fields. the user
354 * might have just used a different capitalization. */
356 if ( (namelen == gecoslen && strncasecmp_w((ucs2_t*)user, (ucs2_t*)username, len) == 0) ||
357 ( namelen == pwnamelen && strncasecmp_w ( (ucs2_t*) pwname, (ucs2_t*) username, len) == 0)) {
358 strlcpy(name, pwent->pw_name, len);
363 #endif /* ! NO_REAL_USER_NAME */
365 /* os x server doesn't keep anything useful if we do getpwent */
366 return pwent ? getpwnam(name) : NULL;
369 int uam_checkuser(const struct passwd *pwd)
376 #ifndef DISABLE_SHELLCHECK
377 if (!pwd->pw_shell || (*pwd->pw_shell == '\0')) {
378 LOG(log_info, logtype_afpd, "uam_checkuser: User %s does not have a shell", pwd->pw_name);
382 while ((p = getusershell())) {
383 if ( strcmp( p, pwd->pw_shell ) == 0 )
389 LOG(log_info, logtype_afpd, "illegal shell %s for %s", pwd->pw_shell, pwd->pw_name);
392 #endif /* DISABLE_SHELLCHECK */
397 int uam_random_string (AFPObj *obj, char *buf, int len)
403 if ( (len <= 0) || (len % sizeof(result)))
406 /* construct a random number */
407 if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
412 if (gettimeofday(&tv, &tz) < 0)
414 srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->handle);
415 for (i = 0; i < len; i += sizeof(result)) {
417 memcpy(buf + i, &result, sizeof(result));
420 ret = read(fd, buf, len);
428 /* afp-specific functions */
429 int uam_afpserver_option(void *private, const int what, void *option,
432 AFPObj *obj = private;
433 char **buf = (char **) option; /* most of the options are this */
434 struct session_info **sinfo = (struct session_info **) option;
440 case UAM_OPTION_USERNAME:
441 *buf = obj->username;
443 *len = sizeof(obj->username) - 1;
446 case UAM_OPTION_GUEST:
447 *buf = obj->options.guest;
449 *len = strlen(obj->options.guest);
452 case UAM_OPTION_PASSWDOPT:
457 case UAM_PASSWD_FILENAME:
458 *buf = obj->options.passwdfile;
459 *len = strlen(obj->options.passwdfile);
462 case UAM_PASSWD_MINLENGTH:
463 *((int *) option) = obj->options.passwdminlen;
464 *len = sizeof(obj->options.passwdminlen);
467 case UAM_PASSWD_MAXFAIL:
468 *((int *) option) = obj->options.loginmaxfail;
469 *len = sizeof(obj->options.loginmaxfail);
472 case UAM_PASSWD_EXPIRETIME: /* not implemented */
479 case UAM_OPTION_SIGNATURE:
480 *buf = (void *) (((AFPConfig *)obj->config)->signature);
485 case UAM_OPTION_RANDNUM: /* returns a random number in 4-byte units. */
489 return uam_random_string(obj, option, *len);
492 case UAM_OPTION_HOSTNAME:
493 *buf = obj->options.hostname;
495 *len = strlen(obj->options.hostname);
498 case UAM_OPTION_PROTOCOL:
499 *((int *) option) = obj->proto;
502 case UAM_OPTION_CLIENTNAME:
504 struct DSI *dsi = obj->handle;
507 hp = gethostbyaddr( (char *) &dsi->client.sin_addr,
508 sizeof( struct in_addr ),
509 dsi->client.sin_family );
513 *buf = inet_ntoa( dsi->client.sin_addr );
516 case UAM_OPTION_COOKIE:
517 /* it's up to the uam to actually store something useful here.
518 * this just passes back a handle to the cookie. the uam side
519 * needs to do something like **buf = (void *) cookie to store
521 *buf = (void *) &obj->uam_cookie;
523 case UAM_OPTION_KRB5SERVICE:
524 *buf = obj->options.k5service;
526 *len = (*buf)?strlen(*buf):0;
528 case UAM_OPTION_KRB5REALM:
529 *buf = obj->options.k5realm;
531 *len = (*buf)?strlen(*buf):0;
533 case UAM_OPTION_FQDN:
534 *buf = obj->options.fqdn;
536 *len = (*buf)?strlen(*buf):0;
538 case UAM_OPTION_MACCHARSET:
539 *((int *) option) = obj->options.maccharset;
540 *len = sizeof(obj->options.maccharset);
542 case UAM_OPTION_UNIXCHARSET:
543 *((int *) option) = obj->options.unixcharset;
544 *len = sizeof(obj->options.unixcharset);
546 case UAM_OPTION_SESSIONINFO:
547 *sinfo = &(obj->sinfo);
557 /* if we need to maintain a connection, this is how we do it.
558 * because an action pointer gets passed in, we can stream
560 int uam_afp_read(void *handle, char *buf, int *buflen,
561 int (*action)(void *, void *, const int))
563 AFPObj *obj = handle;
569 switch (obj->proto) {
571 if ((len = asp_wrtcont(obj->handle, buf, buflen )) < 0)
572 goto uam_afp_read_err;
573 return action(handle, buf, *buflen);
577 len = dsi_writeinit(obj->handle, buf, *buflen);
578 if (!len || ((len = action(handle, buf, len)) < 0)) {
579 dsi_writeflush(obj->handle);
580 goto uam_afp_read_err;
583 while ((len = (dsi_write(obj->handle, buf, *buflen)))) {
584 if ((len = action(handle, buf, len)) < 0) {
585 dsi_writeflush(obj->handle);
586 goto uam_afp_read_err;
599 void uam_afp_getcmdline( int *ac, char ***av )
601 afp_get_cmdline( ac, av );
604 int uam_sia_validate_user(sia_collect_func_t * collect, int argc, char **argv,
605 char *hostname, char *username, char *tty,
606 int colinput, char *gssapi, char *passphrase)
607 /* A clone of the Tru64 system function sia_validate_user() that calls
608 * sia_ses_authent() rather than sia_ses_reauthent()
609 * Added extra code to take into account suspected SIA bug whereby it clobbers
610 * the signal handler on SIGALRM (tickle) installed by Netatalk/afpd
613 SIAENTITY *entity = NULL;
614 struct sigaction act;
617 if ((rc=sia_ses_init(&entity, argc, argv, hostname, username, tty,
618 colinput, gssapi)) != SIASUCCESS) {
619 LOG(log_error, logtype_afpd, "cannot initialise SIA");
623 /* save old action for restoration later */
624 if (sigaction(SIGALRM, NULL, &act))
625 LOG(log_error, logtype_afpd, "cannot save SIGALRM handler");
627 if ((rc=sia_ses_authent(collect, passphrase, entity)) != SIASUCCESS) {
628 /* restore old action after clobbering by sia_ses_authent() */
629 if (sigaction(SIGALRM, &act, NULL))
630 LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
632 LOG(log_info, logtype_afpd, "unsuccessful login for %s",
633 (hostname?hostname:"(null)"));
636 LOG(log_info, logtype_afpd, "successful login for %s",
637 (hostname?hostname:"(null)"));
639 /* restore old action after clobbering by sia_ses_authent() */
640 if (sigaction(SIGALRM, &act, NULL))
641 LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
643 sia_ses_release(&entity);
649 /* --- papd-specific functions (just placeholders) --- */
650 void append(void *pf _U_, char *data _U_, int len _U_)
projects / netatalk.git / blob