3 * Copyright (c) 1999 Adrian Sun (asun@zoology.washington.edu)
4 * All Rights Reserved. See COPYRIGHT.
9 #endif /* HAVE_CONFIG_H */
17 #include <atalk/logger.h>
18 #include <sys/param.h>
19 #include <sys/socket.h>
23 #endif /* HAVE_DLFCN_H */
25 #include <netinet/in.h>
26 #include <arpa/inet.h>
28 #include <atalk/dsi.h>
29 #include <atalk/afp.h>
30 #include <atalk/util.h>
31 #include <atalk/globals.h>
32 #include <atalk/volume.h>
33 #include <atalk/bstrlib.h>
35 #include "afp_config.h"
46 /* --- server uam functions -- */
48 /* uam_load. uams must have a uam_setup function. */
49 struct uam_mod *uam_load(AFPObj *obj, const char *path, const char *name)
51 char buf[MAXPATHLEN + 1], *p;
55 if ((module = mod_open(path)) == NULL) {
56 LOG(log_error, logtype_afpd, "uam_load(%s): failed to load: %s", name, mod_error());
60 if ((mod = (struct uam_mod *) malloc(sizeof(struct uam_mod))) == NULL) {
61 LOG(log_error, logtype_afpd, "uam_load(%s): malloc failed", name);
65 strlcpy(buf, name, sizeof(buf));
66 if ((p = strchr(buf, '.')))
69 if ((mod->uam_fcn = mod_symbol(module, buf)) == NULL) {
70 LOG(log_error, logtype_afpd, "uam_load(%s): mod_symbol error for symbol %s",
76 if (mod->uam_fcn->uam_type != UAM_MODULE_SERVER) {
77 LOG(log_error, logtype_afpd, "uam_load(%s): attempted to load a non-server module",
82 /* version check would go here */
84 if (!mod->uam_fcn->uam_setup ||
85 ((*mod->uam_fcn->uam_setup)(obj, name) < 0)) {
86 LOG(log_error, logtype_afpd, "uam_load(%s): uam_setup failed", name);
90 mod->uam_module = module;
100 /* unload the module. we check for a cleanup function, but we don't
101 * die if one doesn't exist. however, things are likely to leak without one.
103 void uam_unload(struct uam_mod *mod)
105 if (mod->uam_fcn->uam_cleanup)
106 (*mod->uam_fcn->uam_cleanup)();
108 mod_close(mod->uam_module);
112 /* -- client-side uam functions -- */
113 /* set up stuff for this uam. */
114 int uam_register(const int type, const char *path, const char *name, ...)
123 /* see if it already exists. */
124 if ((uam = auth_uamfind(type, name, strlen(name)))) {
125 if (strcmp(uam->uam_path, path)) {
126 /* it exists, but it's not the same module. */
127 LOG(log_error, logtype_afpd, "uam_register: \"%s\" already loaded by %s",
135 /* allocate space for uam */
136 if ((uam = calloc(1, sizeof(struct uam_obj))) == NULL)
139 uam->uam_name = name;
140 uam->uam_path = strdup(path);
145 case UAM_SERVER_LOGIN_EXT: /* expect four arguments */
146 uam->u.uam_login.login = va_arg(ap, void *);
147 uam->u.uam_login.logincont = va_arg(ap, void *);
148 uam->u.uam_login.logout = va_arg(ap, void *);
149 uam->u.uam_login.login_ext = va_arg(ap, void *);
152 case UAM_SERVER_LOGIN: /* expect three arguments */
153 uam->u.uam_login.login_ext = NULL;
154 uam->u.uam_login.login = va_arg(ap, void *);
155 uam->u.uam_login.logincont = va_arg(ap, void *);
156 uam->u.uam_login.logout = va_arg(ap, void *);
158 case UAM_SERVER_CHANGEPW: /* one argument */
159 uam->u.uam_changepw = va_arg(ap, void *);
161 case UAM_SERVER_PRINTAUTH: /* x arguments */
167 /* attach to other uams */
168 ret = auth_register(type, uam);
177 void uam_unregister(const int type, const char *name)
184 uam = auth_uamfind(type, name, strlen(name));
185 if (!uam || --uam->uam_count > 0)
188 auth_unregister(uam);
193 /* --- helper functions for plugin uams ---
195 * len: size of name buffer.
198 struct passwd *uam_getname(void *private, char *name, const int len)
200 AFPObj *obj = private;
201 struct passwd *pwent;
202 static char username[256];
203 static char user[256];
204 static char pwname[256];
206 size_t namelen, gecoslen = 0, pwnamelen = 0;
208 if ((pwent = getpwnam(name)))
211 /* if we have a NT domain name try with it */
212 if (obj->options.addomain || (obj->options.ntdomain && obj->options.ntseparator)) {
213 /* FIXME What about charset ? */
215 if (obj->options.addomain)
216 princ = bformat("%s@%s", name, obj->options.addomain);
218 princ = bformat("%s%s%s", obj->options.ntdomain, obj->options.ntseparator, name);
219 pwent = getpwnam(bdata(princ));
223 int len = strlen(pwent->pw_name);
224 if (len < MAXUSERLEN) {
225 strncpy(name,pwent->pw_name, MAXUSERLEN);
227 LOG(log_error, logtype_uams, "The name '%s' is longer than %d", pwent->pw_name, MAXUSERLEN);
232 #ifndef NO_REAL_USER_NAME
234 if ( (size_t) -1 == (namelen = convert_string((utf8_encoding(obj))?CH_UTF8_MAC:obj->options.maccharset,
235 CH_UCS2, name, -1, username, sizeof(username))))
239 while ((pwent = getpwent())) {
240 if ((p = strchr(pwent->pw_gecos, ',')))
243 gecoslen = convert_string(obj->options.unixcharset, CH_UCS2,
244 pwent->pw_gecos, -1, user, sizeof(username));
245 pwnamelen = convert_string(obj->options.unixcharset, CH_UCS2,
246 pwent->pw_name, -1, pwname, sizeof(username));
247 if ((size_t)-1 == gecoslen && (size_t)-1 == pwnamelen)
251 /* check against both the gecos and the name fields. the user
252 * might have just used a different capitalization. */
254 if ( (namelen == gecoslen && strncasecmp_w((ucs2_t*)user, (ucs2_t*)username, len) == 0) ||
255 ( namelen == pwnamelen && strncasecmp_w ( (ucs2_t*) pwname, (ucs2_t*) username, len) == 0)) {
256 strlcpy(name, pwent->pw_name, len);
261 #endif /* ! NO_REAL_USER_NAME */
263 /* os x server doesn't keep anything useful if we do getpwent */
264 return pwent ? getpwnam(name) : NULL;
267 int uam_checkuser(const struct passwd *pwd)
274 #ifndef DISABLE_SHELLCHECK
275 if (!pwd->pw_shell || (*pwd->pw_shell == '\0')) {
276 LOG(log_info, logtype_afpd, "uam_checkuser: User %s does not have a shell", pwd->pw_name);
280 while ((p = getusershell())) {
281 if ( strcmp( p, pwd->pw_shell ) == 0 )
287 LOG(log_info, logtype_afpd, "illegal shell %s for %s", pwd->pw_shell, pwd->pw_name);
290 #endif /* DISABLE_SHELLCHECK */
295 int uam_random_string (AFPObj *obj, char *buf, int len)
301 if ( (len <= 0) || (len % sizeof(result)))
304 /* construct a random number */
305 if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
310 if (gettimeofday(&tv, &tz) < 0)
312 srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->dsi);
313 for (i = 0; i < len; i += sizeof(result)) {
315 memcpy(buf + i, &result, sizeof(result));
318 ret = read(fd, buf, len);
326 /* afp-specific functions */
327 int uam_afpserver_option(void *private, const int what, void *option,
330 AFPObj *obj = private;
331 const char **buf = (const char **) option; /* most of the options are this */
332 struct session_info **sinfo = (struct session_info **) option;
338 case UAM_OPTION_USERNAME:
339 *buf = &(obj->username[0]);
341 *len = sizeof(obj->username) - 1;
344 case UAM_OPTION_GUEST:
345 *buf = obj->options.guest;
347 *len = strlen(obj->options.guest);
350 case UAM_OPTION_PASSWDOPT:
355 case UAM_PASSWD_FILENAME:
356 *buf = obj->options.passwdfile;
357 *len = strlen(obj->options.passwdfile);
360 case UAM_PASSWD_MINLENGTH:
361 *((int *) option) = obj->options.passwdminlen;
362 *len = sizeof(obj->options.passwdminlen);
365 case UAM_PASSWD_EXPIRETIME: /* not implemented */
372 case UAM_OPTION_SIGNATURE:
373 *buf = (void *)obj->dsi->signature;
378 case UAM_OPTION_RANDNUM: /* returns a random number in 4-byte units. */
382 return uam_random_string(obj, option, *len);
385 case UAM_OPTION_HOSTNAME:
386 *buf = obj->options.hostname;
388 *len = strlen(obj->options.hostname);
391 case UAM_OPTION_CLIENTNAME:
393 struct DSI *dsi = obj->dsi;
394 const struct sockaddr *sa;
395 static char hbuf[NI_MAXHOST];
397 sa = (struct sockaddr *)&dsi->client;
398 if (getnameinfo(sa, sizeof(dsi->client), hbuf, sizeof(hbuf), NULL, 0, 0) == 0)
401 *buf = getip_string((struct sockaddr *)&dsi->client);
405 case UAM_OPTION_COOKIE:
406 /* it's up to the uam to actually store something useful here.
407 * this just passes back a handle to the cookie. the uam side
408 * needs to do something like **buf = (void *) cookie to store
410 *buf = (void *) &obj->uam_cookie;
412 case UAM_OPTION_KRB5SERVICE:
413 *buf = obj->options.k5service;
415 *len = (*buf)?strlen(*buf):0;
417 case UAM_OPTION_KRB5REALM:
418 *buf = obj->options.k5realm;
420 *len = (*buf)?strlen(*buf):0;
422 case UAM_OPTION_FQDN:
423 *buf = obj->options.fqdn;
425 *len = (*buf)?strlen(*buf):0;
427 case UAM_OPTION_MACCHARSET:
428 *((int *) option) = obj->options.maccharset;
429 *len = sizeof(obj->options.maccharset);
431 case UAM_OPTION_UNIXCHARSET:
432 *((int *) option) = obj->options.unixcharset;
433 *len = sizeof(obj->options.unixcharset);
435 case UAM_OPTION_SESSIONINFO:
436 *sinfo = &(obj->sinfo);
446 /* if we need to maintain a connection, this is how we do it.
447 * because an action pointer gets passed in, we can stream
449 int uam_afp_read(void *handle, char *buf, size_t *buflen,
450 int (*action)(void *, void *, const int))
452 AFPObj *obj = handle;
458 len = dsi_writeinit(obj->dsi, buf, *buflen);
459 if (!len || ((len = action(handle, buf, len)) < 0)) {
460 dsi_writeflush(obj->dsi);
461 goto uam_afp_read_err;
464 while ((len = (dsi_write(obj->dsi, buf, *buflen)))) {
465 if ((len = action(handle, buf, len)) < 0) {
466 dsi_writeflush(obj->dsi);
467 goto uam_afp_read_err;
478 void uam_afp_getcmdline( int *ac, char ***av )
480 afp_get_cmdline( ac, av );
483 int uam_sia_validate_user(sia_collect_func_t * collect, int argc, char **argv,
484 char *hostname, char *username, char *tty,
485 int colinput, char *gssapi, char *passphrase)
486 /* A clone of the Tru64 system function sia_validate_user() that calls
487 * sia_ses_authent() rather than sia_ses_reauthent()
488 * Added extra code to take into account suspected SIA bug whereby it clobbers
489 * the signal handler on SIGALRM (tickle) installed by Netatalk/afpd
492 SIAENTITY *entity = NULL;
493 struct sigaction act;
496 if ((rc=sia_ses_init(&entity, argc, argv, hostname, username, tty,
497 colinput, gssapi)) != SIASUCCESS) {
498 LOG(log_error, logtype_afpd, "cannot initialise SIA");
502 /* save old action for restoration later */
503 if (sigaction(SIGALRM, NULL, &act))
504 LOG(log_error, logtype_afpd, "cannot save SIGALRM handler");
506 if ((rc=sia_ses_authent(collect, passphrase, entity)) != SIASUCCESS) {
507 /* restore old action after clobbering by sia_ses_authent() */
508 if (sigaction(SIGALRM, &act, NULL))
509 LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
511 LOG(log_info, logtype_afpd, "unsuccessful login for %s",
512 (hostname?hostname:"(null)"));
515 LOG(log_info, logtype_afpd, "successful login for %s",
516 (hostname?hostname:"(null)"));
518 /* restore old action after clobbering by sia_ses_authent() */
519 if (sigaction(SIGALRM, &act, NULL))
520 LOG(log_error, logtype_afpd, "cannot restore SIGALRM handler");
522 sia_ses_release(&entity);
528 /* --- papd-specific functions (just placeholders) --- */
531 UAM_MODULE_EXPORT void append(struct papfile *pf _U_, const char *data _U_, int len _U_)