[4469] | 1 | //auth.c: |
---|
| 2 | |
---|
| 3 | /* |
---|
[4708] | 4 | * Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2010-2011 |
---|
[4469] | 5 | * |
---|
| 6 | * This file is part of roard a part of RoarAudio, |
---|
| 7 | * a cross-platform sound system for both, home and professional use. |
---|
| 8 | * See README for details. |
---|
| 9 | * |
---|
| 10 | * This file is free software; you can redistribute it and/or modify |
---|
| 11 | * it under the terms of the GNU General Public License version 3 |
---|
| 12 | * as published by the Free Software Foundation. |
---|
| 13 | * |
---|
| 14 | * RoarAudio is distributed in the hope that it will be useful, |
---|
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | * GNU General Public License for more details. |
---|
| 18 | * |
---|
| 19 | * You should have received a copy of the GNU General Public License |
---|
| 20 | * along with this software; see the file COPYING. If not, write to |
---|
| 21 | * the Free Software Foundation, 51 Franklin Street, Fifth Floor, |
---|
| 22 | * Boston, MA 02110-1301, USA. |
---|
| 23 | * |
---|
| 24 | */ |
---|
| 25 | |
---|
| 26 | #include "roard.h" |
---|
| 27 | |
---|
| 28 | #define _NONE ROAR_AUTH_T_AUTO |
---|
| 29 | |
---|
[5192] | 30 | // declared 'extern' |
---|
| 31 | struct auth_key g_auth_keyring[AUTH_KEYRING_LEN]; |
---|
| 32 | |
---|
[4469] | 33 | int auth_init (void) { |
---|
| 34 | int i; |
---|
| 35 | |
---|
| 36 | memset(g_auth_keyring, 0, sizeof(g_auth_keyring)); |
---|
| 37 | |
---|
| 38 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 39 | g_auth_keyring[i].type = _NONE; |
---|
| 40 | } |
---|
| 41 | |
---|
[4476] | 42 | #if 0 |
---|
| 43 | // test password for API tests... |
---|
| 44 | auth_addkey_password(ACCLEV_ALL, "test"); |
---|
| 45 | #endif |
---|
| 46 | |
---|
[4478] | 47 | #if 0 |
---|
| 48 | // test trust for API tests... |
---|
| 49 | auth_addkey_trust(ACCLEV_ALL, -1, 0, getuid()+1, -1, getgid()+1, -1); |
---|
| 50 | #endif |
---|
| 51 | |
---|
[4469] | 52 | return 0; |
---|
| 53 | } |
---|
| 54 | |
---|
| 55 | int auth_free (void) { |
---|
| 56 | return 0; |
---|
| 57 | } |
---|
| 58 | |
---|
[4474] | 59 | union auth_typeunion * auth_regkey_simple(int type, enum roard_client_acclev acclev) { |
---|
| 60 | struct auth_key * key; |
---|
| 61 | int i; |
---|
| 62 | |
---|
| 63 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 64 | if ( (key = &(g_auth_keyring[i]))->type == _NONE ) { |
---|
| 65 | memset(key, 0, sizeof(struct auth_key)); |
---|
| 66 | key->type = type; |
---|
| 67 | key->acclev = acclev; |
---|
| 68 | return &(key->at_data); |
---|
| 69 | } |
---|
| 70 | } |
---|
| 71 | |
---|
| 72 | return NULL; |
---|
| 73 | } |
---|
| 74 | |
---|
[4478] | 75 | static int _ck_cookie(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
| 76 | if ( key->at_data.cookie.len == authmes->len ) { |
---|
| 77 | if ( memcmp(key->at_data.cookie.cookie, authmes->data, authmes->len) ) { |
---|
| 78 | return -1; |
---|
| 79 | } else { |
---|
| 80 | return 1; |
---|
| 81 | } |
---|
| 82 | } |
---|
| 83 | |
---|
| 84 | return -1; |
---|
| 85 | } |
---|
| 86 | |
---|
[4474] | 87 | static int _ck_password(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
| 88 | size_t len = strlen(key->at_data.password.password); |
---|
| 89 | |
---|
| 90 | // need to check here if we have a padding \0-byte. |
---|
| 91 | |
---|
| 92 | if ( len == authmes->len ) { |
---|
| 93 | if ( memcmp(key->at_data.password.password, authmes->data, len) ) { |
---|
| 94 | return -1; |
---|
| 95 | } else { |
---|
| 96 | return 1; |
---|
| 97 | } |
---|
| 98 | } |
---|
| 99 | |
---|
| 100 | return -1; |
---|
| 101 | } |
---|
| 102 | |
---|
[4478] | 103 | static int _ck_trust(struct auth_key * key, struct roar_auth_message * authmes, struct roar_client_server * cs) { |
---|
| 104 | struct at_trust * t = &(key->at_data.trust); |
---|
| 105 | size_t i; |
---|
| 106 | |
---|
| 107 | // we ship pids at the moment as cs does not contain a verifyed one. |
---|
| 108 | |
---|
| 109 | for (i = 0; i < t->uids_len; i++) |
---|
| 110 | if ( t->uids[i] == ROAR_CLIENT(cs)->uid ) |
---|
| 111 | return 1; |
---|
| 112 | |
---|
| 113 | for (i = 0; i < t->gids_len; i++) |
---|
| 114 | if ( t->gids[i] == ROAR_CLIENT(cs)->gid ) |
---|
| 115 | return 1; |
---|
| 116 | |
---|
| 117 | return -1; |
---|
| 118 | } |
---|
| 119 | |
---|
[4745] | 120 | int auth_client_ckeck(struct roar_client_server * cs, struct roar_auth_message * authmes, int * next) { |
---|
[4474] | 121 | struct auth_key * key; |
---|
| 122 | int i; |
---|
| 123 | int ret; |
---|
| 124 | |
---|
[4745] | 125 | if ( cs == NULL || authmes == NULL || next == NULL ) |
---|
[4474] | 126 | return -1; |
---|
| 127 | |
---|
[4745] | 128 | *next = -1; |
---|
| 129 | |
---|
[4474] | 130 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
| 131 | if ( (key = &(g_auth_keyring[i]))->type == authmes->type ) { |
---|
[5146] | 132 | ROAR_DBG("auth_client_ckeck(cs=%p, authmes=%p, next=%p{%i}): key=%p{.type=%i, ...}", cs, authmes, next, *next, key, key->type); |
---|
| 133 | ret = -1; |
---|
[4474] | 134 | switch (key->type) { |
---|
| 135 | case ROAR_AUTH_T_NONE: |
---|
| 136 | ret = 1; |
---|
| 137 | break; |
---|
| 138 | case ROAR_AUTH_T_PASSWORD: |
---|
| 139 | ret = _ck_password(key, authmes); |
---|
| 140 | break; |
---|
[4478] | 141 | case ROAR_AUTH_T_COOKIE: |
---|
| 142 | ret = _ck_cookie(key, authmes); |
---|
| 143 | break; |
---|
[4474] | 144 | case ROAR_AUTH_T_TRUST: |
---|
[4478] | 145 | ret = _ck_trust(key, authmes, cs); |
---|
| 146 | break; |
---|
[4474] | 147 | case ROAR_AUTH_T_SYSUSER: |
---|
| 148 | case ROAR_AUTH_T_RHOST: |
---|
| 149 | default: |
---|
| 150 | /* don't know what to do... */ |
---|
| 151 | return -1; |
---|
| 152 | break; |
---|
| 153 | } |
---|
| 154 | switch (ret) { |
---|
| 155 | case -1: |
---|
| 156 | /* ignore this case and continue */ |
---|
| 157 | break; |
---|
[4745] | 158 | case 0: // fatal auth error (server side auth cancel) |
---|
[4474] | 159 | return 0; |
---|
| 160 | break; |
---|
| 161 | case 1: |
---|
| 162 | cs->acclev = key->acclev; |
---|
| 163 | return 1; |
---|
| 164 | break; |
---|
| 165 | default: /* error! */ |
---|
| 166 | return -1; |
---|
| 167 | break; |
---|
| 168 | } |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | |
---|
[4745] | 172 | // make a better guess: |
---|
| 173 | /* |
---|
| 174 | if ( authmes->type == ROAR_AUTH_T_PASSWORD ) { |
---|
| 175 | *next = -1; |
---|
| 176 | } else { |
---|
| 177 | *next = ROAR_AUTH_T_PASSWORD; |
---|
| 178 | } |
---|
| 179 | */ |
---|
| 180 | |
---|
[4474] | 181 | return -1; |
---|
| 182 | } |
---|
| 183 | |
---|
[4476] | 184 | int auth_addkey_anonymous(enum roard_client_acclev acclev) { |
---|
| 185 | if ( auth_regkey_simple(ROAR_AUTH_T_NONE, acclev) == NULL ) |
---|
| 186 | return -1; |
---|
| 187 | return 0; |
---|
| 188 | } |
---|
| 189 | |
---|
| 190 | int auth_addkey_password(enum roard_client_acclev acclev, const char * password) { |
---|
| 191 | union auth_typeunion * pw; |
---|
| 192 | |
---|
| 193 | if ( (pw = auth_regkey_simple(ROAR_AUTH_T_PASSWORD, acclev)) == NULL ) |
---|
| 194 | return -1; |
---|
| 195 | |
---|
| 196 | pw->password.password = password; |
---|
| 197 | |
---|
| 198 | return 0; |
---|
| 199 | } |
---|
| 200 | |
---|
[4478] | 201 | int auth_addkey_cookie(enum roard_client_acclev acclev, const void * cookie, const size_t len) { |
---|
| 202 | union auth_typeunion * key; |
---|
| 203 | |
---|
| 204 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_COOKIE, acclev)) == NULL ) |
---|
| 205 | return -1; |
---|
| 206 | |
---|
| 207 | key->cookie.cookie = (void*)cookie; |
---|
| 208 | key->cookie.len = len; |
---|
| 209 | |
---|
| 210 | return 0; |
---|
| 211 | } |
---|
| 212 | |
---|
| 213 | int auth_addkey_trust(enum roard_client_acclev acclev, ...) { |
---|
| 214 | union auth_typeunion * key; |
---|
| 215 | size_t i; |
---|
| 216 | va_list va; |
---|
[4739] | 217 | pid_t pid = -1; |
---|
| 218 | uid_t uid = -1; |
---|
| 219 | gid_t gid = -1; |
---|
[4478] | 220 | int err = 0; |
---|
| 221 | |
---|
| 222 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_TRUST, acclev)) == NULL ) |
---|
| 223 | return -1; |
---|
| 224 | |
---|
| 225 | // zerosize all counters. |
---|
| 226 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
| 227 | |
---|
| 228 | va_start(va, acclev); |
---|
| 229 | |
---|
| 230 | do { // eval block we can leave with continue. |
---|
| 231 | |
---|
| 232 | #define _block(var,type,array) i = 0; \ |
---|
| 233 | do { \ |
---|
| 234 | if ( i == AT_TRUST_MAX_ENTRYS ) { err = 1; continue; } \ |
---|
| 235 | var = va_arg(va, type); \ |
---|
| 236 | key->trust.array[i] = var; \ |
---|
| 237 | i++; \ |
---|
| 238 | } while (var != -1); \ |
---|
| 239 | if ( err ) continue; \ |
---|
| 240 | key->trust.array ## _len = i; |
---|
| 241 | |
---|
| 242 | |
---|
| 243 | _block(pid, pid_t, pids); |
---|
| 244 | _block(uid, uid_t, uids); |
---|
| 245 | _block(gid, gid_t, gids); |
---|
| 246 | |
---|
| 247 | #undef _block |
---|
| 248 | |
---|
| 249 | } while(0); |
---|
| 250 | |
---|
| 251 | va_end(va); |
---|
| 252 | |
---|
| 253 | if ( !err ) |
---|
| 254 | return 0; |
---|
| 255 | |
---|
| 256 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
| 257 | |
---|
| 258 | return -1; |
---|
| 259 | } |
---|
| 260 | |
---|
[4469] | 261 | //ll |
---|