[4469] | 1 | //auth.c: |
---|
| 2 | |
---|
| 3 | /* |
---|
[4708] | 4 | * Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2010-2011 |
---|
[4469] | 5 | * |
---|
| 6 | * This file is part of roard a part of RoarAudio, |
---|
| 7 | * a cross-platform sound system for both, home and professional use. |
---|
| 8 | * See README for details. |
---|
| 9 | * |
---|
| 10 | * This file is free software; you can redistribute it and/or modify |
---|
| 11 | * it under the terms of the GNU General Public License version 3 |
---|
| 12 | * as published by the Free Software Foundation. |
---|
| 13 | * |
---|
| 14 | * RoarAudio is distributed in the hope that it will be useful, |
---|
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | * GNU General Public License for more details. |
---|
| 18 | * |
---|
| 19 | * You should have received a copy of the GNU General Public License |
---|
| 20 | * along with this software; see the file COPYING. If not, write to |
---|
| 21 | * the Free Software Foundation, 51 Franklin Street, Fifth Floor, |
---|
| 22 | * Boston, MA 02110-1301, USA. |
---|
| 23 | * |
---|
| 24 | */ |
---|
| 25 | |
---|
| 26 | #include "roard.h" |
---|
| 27 | |
---|
| 28 | #define _NONE ROAR_AUTH_T_AUTO |
---|
| 29 | |
---|
| 30 | int auth_init (void) { |
---|
| 31 | int i; |
---|
| 32 | |
---|
| 33 | memset(g_auth_keyring, 0, sizeof(g_auth_keyring)); |
---|
| 34 | |
---|
| 35 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 36 | g_auth_keyring[i].type = _NONE; |
---|
| 37 | } |
---|
| 38 | |
---|
[4476] | 39 | #if 0 |
---|
| 40 | // test password for API tests... |
---|
| 41 | auth_addkey_password(ACCLEV_ALL, "test"); |
---|
| 42 | #endif |
---|
| 43 | |
---|
[4478] | 44 | #if 0 |
---|
| 45 | // test trust for API tests... |
---|
| 46 | auth_addkey_trust(ACCLEV_ALL, -1, 0, getuid()+1, -1, getgid()+1, -1); |
---|
| 47 | #endif |
---|
| 48 | |
---|
[4469] | 49 | return 0; |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | int auth_free (void) { |
---|
| 53 | return 0; |
---|
| 54 | } |
---|
| 55 | |
---|
[4474] | 56 | union auth_typeunion * auth_regkey_simple(int type, enum roard_client_acclev acclev) { |
---|
| 57 | struct auth_key * key; |
---|
| 58 | int i; |
---|
| 59 | |
---|
| 60 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 61 | if ( (key = &(g_auth_keyring[i]))->type == _NONE ) { |
---|
| 62 | memset(key, 0, sizeof(struct auth_key)); |
---|
| 63 | key->type = type; |
---|
| 64 | key->acclev = acclev; |
---|
| 65 | return &(key->at_data); |
---|
| 66 | } |
---|
| 67 | } |
---|
| 68 | |
---|
| 69 | return NULL; |
---|
| 70 | } |
---|
| 71 | |
---|
[4478] | 72 | static int _ck_cookie(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
| 73 | if ( key->at_data.cookie.len == authmes->len ) { |
---|
| 74 | if ( memcmp(key->at_data.cookie.cookie, authmes->data, authmes->len) ) { |
---|
| 75 | return -1; |
---|
| 76 | } else { |
---|
| 77 | return 1; |
---|
| 78 | } |
---|
| 79 | } |
---|
| 80 | |
---|
| 81 | return -1; |
---|
| 82 | } |
---|
| 83 | |
---|
[4474] | 84 | static int _ck_password(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
| 85 | size_t len = strlen(key->at_data.password.password); |
---|
| 86 | |
---|
| 87 | // need to check here if we have a padding \0-byte. |
---|
| 88 | |
---|
| 89 | if ( len == authmes->len ) { |
---|
| 90 | if ( memcmp(key->at_data.password.password, authmes->data, len) ) { |
---|
| 91 | return -1; |
---|
| 92 | } else { |
---|
| 93 | return 1; |
---|
| 94 | } |
---|
| 95 | } |
---|
| 96 | |
---|
| 97 | return -1; |
---|
| 98 | } |
---|
| 99 | |
---|
[4478] | 100 | static int _ck_trust(struct auth_key * key, struct roar_auth_message * authmes, struct roar_client_server * cs) { |
---|
| 101 | struct at_trust * t = &(key->at_data.trust); |
---|
| 102 | size_t i; |
---|
| 103 | |
---|
| 104 | // we ship pids at the moment as cs does not contain a verifyed one. |
---|
| 105 | |
---|
| 106 | for (i = 0; i < t->uids_len; i++) |
---|
| 107 | if ( t->uids[i] == ROAR_CLIENT(cs)->uid ) |
---|
| 108 | return 1; |
---|
| 109 | |
---|
| 110 | for (i = 0; i < t->gids_len; i++) |
---|
| 111 | if ( t->gids[i] == ROAR_CLIENT(cs)->gid ) |
---|
| 112 | return 1; |
---|
| 113 | |
---|
| 114 | return -1; |
---|
| 115 | } |
---|
| 116 | |
---|
[4745] | 117 | int auth_client_ckeck(struct roar_client_server * cs, struct roar_auth_message * authmes, int * next) { |
---|
[4474] | 118 | struct auth_key * key; |
---|
| 119 | int i; |
---|
| 120 | int ret; |
---|
| 121 | |
---|
[4745] | 122 | if ( cs == NULL || authmes == NULL || next == NULL ) |
---|
[4474] | 123 | return -1; |
---|
| 124 | |
---|
[4745] | 125 | *next = -1; |
---|
| 126 | |
---|
[4474] | 127 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 128 | if ( (key = &(g_auth_keyring[i]))->type == authmes->type ) { |
---|
| 129 | ret = -1; |
---|
| 130 | switch (key->type) { |
---|
| 131 | case ROAR_AUTH_T_NONE: |
---|
| 132 | ret = 1; |
---|
| 133 | break; |
---|
| 134 | case ROAR_AUTH_T_PASSWORD: |
---|
| 135 | ret = _ck_password(key, authmes); |
---|
| 136 | break; |
---|
[4478] | 137 | case ROAR_AUTH_T_COOKIE: |
---|
| 138 | ret = _ck_cookie(key, authmes); |
---|
| 139 | break; |
---|
[4474] | 140 | case ROAR_AUTH_T_TRUST: |
---|
[4478] | 141 | ret = _ck_trust(key, authmes, cs); |
---|
| 142 | break; |
---|
[4474] | 143 | case ROAR_AUTH_T_SYSUSER: |
---|
| 144 | case ROAR_AUTH_T_RHOST: |
---|
| 145 | default: |
---|
| 146 | /* don't know what to do... */ |
---|
| 147 | return -1; |
---|
| 148 | break; |
---|
| 149 | } |
---|
| 150 | switch (ret) { |
---|
| 151 | case -1: |
---|
| 152 | /* ignore this case and continue */ |
---|
| 153 | break; |
---|
[4745] | 154 | case 0: // fatal auth error (server side auth cancel) |
---|
[4474] | 155 | return 0; |
---|
| 156 | break; |
---|
| 157 | case 1: |
---|
| 158 | cs->acclev = key->acclev; |
---|
| 159 | return 1; |
---|
| 160 | break; |
---|
| 161 | default: /* error! */ |
---|
| 162 | return -1; |
---|
| 163 | break; |
---|
| 164 | } |
---|
| 165 | } |
---|
| 166 | } |
---|
| 167 | |
---|
[4745] | 168 | // make a better guess: |
---|
| 169 | /* |
---|
| 170 | if ( authmes->type == ROAR_AUTH_T_PASSWORD ) { |
---|
| 171 | *next = -1; |
---|
| 172 | } else { |
---|
| 173 | *next = ROAR_AUTH_T_PASSWORD; |
---|
| 174 | } |
---|
| 175 | */ |
---|
| 176 | |
---|
[4474] | 177 | return -1; |
---|
| 178 | } |
---|
| 179 | |
---|
[4476] | 180 | int auth_addkey_anonymous(enum roard_client_acclev acclev) { |
---|
| 181 | if ( auth_regkey_simple(ROAR_AUTH_T_NONE, acclev) == NULL ) |
---|
| 182 | return -1; |
---|
| 183 | return 0; |
---|
| 184 | } |
---|
| 185 | |
---|
| 186 | int auth_addkey_password(enum roard_client_acclev acclev, const char * password) { |
---|
| 187 | union auth_typeunion * pw; |
---|
| 188 | |
---|
| 189 | if ( (pw = auth_regkey_simple(ROAR_AUTH_T_PASSWORD, acclev)) == NULL ) |
---|
| 190 | return -1; |
---|
| 191 | |
---|
| 192 | pw->password.password = password; |
---|
| 193 | |
---|
| 194 | return 0; |
---|
| 195 | } |
---|
| 196 | |
---|
[4478] | 197 | int auth_addkey_cookie(enum roard_client_acclev acclev, const void * cookie, const size_t len) { |
---|
| 198 | union auth_typeunion * key; |
---|
| 199 | |
---|
| 200 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_COOKIE, acclev)) == NULL ) |
---|
| 201 | return -1; |
---|
| 202 | |
---|
| 203 | key->cookie.cookie = (void*)cookie; |
---|
| 204 | key->cookie.len = len; |
---|
| 205 | |
---|
| 206 | return 0; |
---|
| 207 | } |
---|
| 208 | |
---|
| 209 | int auth_addkey_trust(enum roard_client_acclev acclev, ...) { |
---|
| 210 | union auth_typeunion * key; |
---|
| 211 | size_t i; |
---|
| 212 | va_list va; |
---|
[4739] | 213 | pid_t pid = -1; |
---|
| 214 | uid_t uid = -1; |
---|
| 215 | gid_t gid = -1; |
---|
[4478] | 216 | int err = 0; |
---|
| 217 | |
---|
| 218 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_TRUST, acclev)) == NULL ) |
---|
| 219 | return -1; |
---|
| 220 | |
---|
| 221 | // zerosize all counters. |
---|
| 222 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
| 223 | |
---|
| 224 | va_start(va, acclev); |
---|
| 225 | |
---|
| 226 | do { // eval block we can leave with continue. |
---|
| 227 | |
---|
| 228 | #define _block(var,type,array) i = 0; \ |
---|
| 229 | do { \ |
---|
| 230 | if ( i == AT_TRUST_MAX_ENTRYS ) { err = 1; continue; } \ |
---|
| 231 | var = va_arg(va, type); \ |
---|
| 232 | key->trust.array[i] = var; \ |
---|
| 233 | i++; \ |
---|
| 234 | } while (var != -1); \ |
---|
| 235 | if ( err ) continue; \ |
---|
| 236 | key->trust.array ## _len = i; |
---|
| 237 | |
---|
| 238 | |
---|
| 239 | _block(pid, pid_t, pids); |
---|
| 240 | _block(uid, uid_t, uids); |
---|
| 241 | _block(gid, gid_t, gids); |
---|
| 242 | |
---|
| 243 | #undef _block |
---|
| 244 | |
---|
| 245 | } while(0); |
---|
| 246 | |
---|
| 247 | va_end(va); |
---|
| 248 | |
---|
| 249 | if ( !err ) |
---|
| 250 | return 0; |
---|
| 251 | |
---|
| 252 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
| 253 | |
---|
| 254 | return -1; |
---|
| 255 | } |
---|
| 256 | |
---|
[4469] | 257 | //ll |
---|