1 | //auth.c: |
---|
2 | |
---|
3 | /* |
---|
4 | * Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2010-2014 |
---|
5 | * |
---|
6 | * This file is part of roard a part of RoarAudio, |
---|
7 | * a cross-platform sound system for both, home and professional use. |
---|
8 | * See README for details. |
---|
9 | * |
---|
10 | * This file is free software; you can redistribute it and/or modify |
---|
11 | * it under the terms of the GNU General Public License version 3 |
---|
12 | * as published by the Free Software Foundation. |
---|
13 | * |
---|
14 | * RoarAudio is distributed in the hope that it will be useful, |
---|
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
17 | * GNU General Public License for more details. |
---|
18 | * |
---|
19 | * You should have received a copy of the GNU General Public License |
---|
20 | * along with this software; see the file COPYING. If not, write to |
---|
21 | * the Free Software Foundation, 51 Franklin Street, Fifth Floor, |
---|
22 | * Boston, MA 02110-1301, USA. |
---|
23 | * |
---|
24 | */ |
---|
25 | |
---|
26 | #include "roard.h" |
---|
27 | |
---|
28 | #define _NONE ROAR_AUTH_T_AUTO |
---|
29 | |
---|
30 | // declared 'extern' |
---|
31 | struct auth_key g_auth_keyring[AUTH_KEYRING_LEN]; |
---|
32 | |
---|
33 | int auth_init (void) { |
---|
34 | int i; |
---|
35 | |
---|
36 | memset(g_auth_keyring, 0, sizeof(g_auth_keyring)); |
---|
37 | |
---|
38 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
39 | g_auth_keyring[i].type = _NONE; |
---|
40 | } |
---|
41 | |
---|
42 | #if 0 |
---|
43 | // test password for API tests... |
---|
44 | auth_addkey_password(ACCLEV_ALL, "test"); |
---|
45 | #endif |
---|
46 | |
---|
47 | #if 0 |
---|
48 | // test trust for API tests... |
---|
49 | auth_addkey_trust(ACCLEV_ALL, -1, 0, getuid()+1, -1, getgid()+1, -1); |
---|
50 | #endif |
---|
51 | |
---|
52 | return 0; |
---|
53 | } |
---|
54 | |
---|
55 | int auth_free (void) { |
---|
56 | return 0; |
---|
57 | } |
---|
58 | |
---|
59 | union auth_typeunion * auth_regkey_simple(int type, enum roard_client_acclev acclev) { |
---|
60 | struct auth_key * key; |
---|
61 | int i; |
---|
62 | |
---|
63 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
64 | if ( (key = &(g_auth_keyring[i]))->type == _NONE ) { |
---|
65 | memset(key, 0, sizeof(struct auth_key)); |
---|
66 | key->type = type; |
---|
67 | key->acclev = acclev; |
---|
68 | return &(key->at_data); |
---|
69 | } |
---|
70 | } |
---|
71 | |
---|
72 | return NULL; |
---|
73 | } |
---|
74 | |
---|
75 | static int _ck_cookie(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
76 | if ( key->at_data.cookie.len == authmes->len ) { |
---|
77 | if ( memcmp(key->at_data.cookie.cookie, authmes->data, authmes->len) ) { |
---|
78 | return -1; |
---|
79 | } else { |
---|
80 | return 1; |
---|
81 | } |
---|
82 | } |
---|
83 | |
---|
84 | return -1; |
---|
85 | } |
---|
86 | |
---|
87 | static int _ck_password(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
88 | size_t len = strlen(key->at_data.password.password); |
---|
89 | |
---|
90 | // need to check here if we have a padding \0-byte. |
---|
91 | |
---|
92 | if ( len == authmes->len ) { |
---|
93 | if ( memcmp(key->at_data.password.password, authmes->data, len) ) { |
---|
94 | return -1; |
---|
95 | } else { |
---|
96 | return 1; |
---|
97 | } |
---|
98 | } |
---|
99 | |
---|
100 | return -1; |
---|
101 | } |
---|
102 | |
---|
103 | static int _ck_trust(struct auth_key * key, struct roar_auth_message * authmes, struct roar_client_server * cs) { |
---|
104 | struct at_trust * t = &(key->at_data.trust); |
---|
105 | size_t i; |
---|
106 | |
---|
107 | (void)authmes; |
---|
108 | |
---|
109 | // we ship pids at the moment as cs does not contain a verifyed one. |
---|
110 | |
---|
111 | for (i = 0; i < t->uids_len; i++) |
---|
112 | if ( t->uids[i] == ROAR_CLIENT(cs)->uid ) |
---|
113 | return 1; |
---|
114 | |
---|
115 | for (i = 0; i < t->gids_len; i++) |
---|
116 | if ( t->gids[i] == ROAR_CLIENT(cs)->gid ) |
---|
117 | return 1; |
---|
118 | |
---|
119 | return -1; |
---|
120 | } |
---|
121 | |
---|
122 | int auth_client_ckeck(struct roar_client_server * cs, struct roar_auth_message * authmes, int * next) { |
---|
123 | struct auth_key * key; |
---|
124 | int i; |
---|
125 | int ret; |
---|
126 | |
---|
127 | if ( cs == NULL || authmes == NULL || next == NULL ) |
---|
128 | return -1; |
---|
129 | |
---|
130 | *next = -1; |
---|
131 | |
---|
132 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
133 | if ( (key = &(g_auth_keyring[i]))->type == authmes->type ) { |
---|
134 | ROAR_DBG("auth_client_ckeck(cs=%p, authmes=%p, next=%p{%i}): key=%p{.type=%i, ...}", cs, authmes, next, *next, key, key->type); |
---|
135 | ret = -1; |
---|
136 | switch (key->type) { |
---|
137 | case ROAR_AUTH_T_NONE: |
---|
138 | ret = 1; |
---|
139 | break; |
---|
140 | case ROAR_AUTH_T_PASSWORD: |
---|
141 | ret = _ck_password(key, authmes); |
---|
142 | break; |
---|
143 | case ROAR_AUTH_T_COOKIE: |
---|
144 | ret = _ck_cookie(key, authmes); |
---|
145 | break; |
---|
146 | case ROAR_AUTH_T_TRUST: |
---|
147 | ret = _ck_trust(key, authmes, cs); |
---|
148 | break; |
---|
149 | case ROAR_AUTH_T_SYSUSER: |
---|
150 | case ROAR_AUTH_T_RHOST: |
---|
151 | default: |
---|
152 | /* don't know what to do... */ |
---|
153 | return -1; |
---|
154 | break; |
---|
155 | } |
---|
156 | switch (ret) { |
---|
157 | case -1: |
---|
158 | /* ignore this case and continue */ |
---|
159 | break; |
---|
160 | case 0: // fatal auth error (server side auth cancel) |
---|
161 | return 0; |
---|
162 | break; |
---|
163 | case 1: |
---|
164 | cs->acclev = key->acclev; |
---|
165 | return 1; |
---|
166 | break; |
---|
167 | default: /* error! */ |
---|
168 | return -1; |
---|
169 | break; |
---|
170 | } |
---|
171 | } |
---|
172 | } |
---|
173 | |
---|
174 | // make a better guess: |
---|
175 | /* |
---|
176 | if ( authmes->type == ROAR_AUTH_T_PASSWORD ) { |
---|
177 | *next = -1; |
---|
178 | } else { |
---|
179 | *next = ROAR_AUTH_T_PASSWORD; |
---|
180 | } |
---|
181 | */ |
---|
182 | |
---|
183 | return -1; |
---|
184 | } |
---|
185 | |
---|
186 | int auth_addkey_anonymous(enum roard_client_acclev acclev) { |
---|
187 | if ( auth_regkey_simple(ROAR_AUTH_T_NONE, acclev) == NULL ) |
---|
188 | return -1; |
---|
189 | return 0; |
---|
190 | } |
---|
191 | |
---|
192 | int auth_addkey_password(enum roard_client_acclev acclev, const char * password) { |
---|
193 | union auth_typeunion * pw; |
---|
194 | |
---|
195 | if ( (pw = auth_regkey_simple(ROAR_AUTH_T_PASSWORD, acclev)) == NULL ) |
---|
196 | return -1; |
---|
197 | |
---|
198 | pw->password.password = password; |
---|
199 | |
---|
200 | return 0; |
---|
201 | } |
---|
202 | |
---|
203 | int auth_addkey_cookie(enum roard_client_acclev acclev, const void * cookie, const size_t len) { |
---|
204 | union auth_typeunion * key; |
---|
205 | |
---|
206 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_COOKIE, acclev)) == NULL ) |
---|
207 | return -1; |
---|
208 | |
---|
209 | key->cookie.cookie = (void*)cookie; |
---|
210 | key->cookie.len = len; |
---|
211 | |
---|
212 | return 0; |
---|
213 | } |
---|
214 | |
---|
215 | int auth_addkey_trust(enum roard_client_acclev acclev, ...) { |
---|
216 | union auth_typeunion * key; |
---|
217 | size_t i; |
---|
218 | va_list va; |
---|
219 | pid_t pid = -1; |
---|
220 | uid_t uid = -1; |
---|
221 | gid_t gid = -1; |
---|
222 | int err = 0; |
---|
223 | |
---|
224 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_TRUST, acclev)) == NULL ) |
---|
225 | return -1; |
---|
226 | |
---|
227 | // zerosize all counters. |
---|
228 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
229 | |
---|
230 | va_start(va, acclev); |
---|
231 | |
---|
232 | do { // eval block we can leave with continue. |
---|
233 | |
---|
234 | #define _block(var,type,array) i = 0; \ |
---|
235 | do { \ |
---|
236 | if ( i == AT_TRUST_MAX_ENTRYS ) { err = 1; continue; } \ |
---|
237 | var = va_arg(va, type); \ |
---|
238 | key->trust.array[i] = var; \ |
---|
239 | i++; \ |
---|
240 | } while (var != -1); \ |
---|
241 | if ( err ) continue; \ |
---|
242 | key->trust.array ## _len = i; |
---|
243 | |
---|
244 | |
---|
245 | _block(pid, pid_t, pids); |
---|
246 | _block(uid, uid_t, uids); |
---|
247 | _block(gid, gid_t, gids); |
---|
248 | |
---|
249 | #undef _block |
---|
250 | |
---|
251 | } while(0); |
---|
252 | |
---|
253 | va_end(va); |
---|
254 | |
---|
255 | if ( !err ) |
---|
256 | return 0; |
---|
257 | |
---|
258 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
259 | |
---|
260 | return -1; |
---|
261 | } |
---|
262 | |
---|
263 | //ll |
---|