1 | //auth.c: |
---|
2 | |
---|
3 | /* |
---|
4 | * Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2010-2011 |
---|
5 | * |
---|
6 | * This file is part of roard a part of RoarAudio, |
---|
7 | * a cross-platform sound system for both, home and professional use. |
---|
8 | * See README for details. |
---|
9 | * |
---|
10 | * This file is free software; you can redistribute it and/or modify |
---|
11 | * it under the terms of the GNU General Public License version 3 |
---|
12 | * as published by the Free Software Foundation. |
---|
13 | * |
---|
14 | * RoarAudio is distributed in the hope that it will be useful, |
---|
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
17 | * GNU General Public License for more details. |
---|
18 | * |
---|
19 | * You should have received a copy of the GNU General Public License |
---|
20 | * along with this software; see the file COPYING. If not, write to |
---|
21 | * the Free Software Foundation, 51 Franklin Street, Fifth Floor, |
---|
22 | * Boston, MA 02110-1301, USA. |
---|
23 | * |
---|
24 | */ |
---|
25 | |
---|
26 | #include "roard.h" |
---|
27 | |
---|
28 | #define _NONE ROAR_AUTH_T_AUTO |
---|
29 | |
---|
30 | int auth_init (void) { |
---|
31 | int i; |
---|
32 | |
---|
33 | memset(g_auth_keyring, 0, sizeof(g_auth_keyring)); |
---|
34 | |
---|
35 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
36 | g_auth_keyring[i].type = _NONE; |
---|
37 | } |
---|
38 | |
---|
39 | #if 0 |
---|
40 | // test password for API tests... |
---|
41 | auth_addkey_password(ACCLEV_ALL, "test"); |
---|
42 | #endif |
---|
43 | |
---|
44 | #if 0 |
---|
45 | // test trust for API tests... |
---|
46 | auth_addkey_trust(ACCLEV_ALL, -1, 0, getuid()+1, -1, getgid()+1, -1); |
---|
47 | #endif |
---|
48 | |
---|
49 | return 0; |
---|
50 | } |
---|
51 | |
---|
52 | int auth_free (void) { |
---|
53 | return 0; |
---|
54 | } |
---|
55 | |
---|
56 | union auth_typeunion * auth_regkey_simple(int type, enum roard_client_acclev acclev) { |
---|
57 | struct auth_key * key; |
---|
58 | int i; |
---|
59 | |
---|
60 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
61 | if ( (key = &(g_auth_keyring[i]))->type == _NONE ) { |
---|
62 | memset(key, 0, sizeof(struct auth_key)); |
---|
63 | key->type = type; |
---|
64 | key->acclev = acclev; |
---|
65 | return &(key->at_data); |
---|
66 | } |
---|
67 | } |
---|
68 | |
---|
69 | return NULL; |
---|
70 | } |
---|
71 | |
---|
72 | static int _ck_cookie(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
73 | if ( key->at_data.cookie.len == authmes->len ) { |
---|
74 | if ( memcmp(key->at_data.cookie.cookie, authmes->data, authmes->len) ) { |
---|
75 | return -1; |
---|
76 | } else { |
---|
77 | return 1; |
---|
78 | } |
---|
79 | } |
---|
80 | |
---|
81 | return -1; |
---|
82 | } |
---|
83 | |
---|
84 | static int _ck_password(struct auth_key * key, struct roar_auth_message * authmes) { |
---|
85 | size_t len = strlen(key->at_data.password.password); |
---|
86 | |
---|
87 | // need to check here if we have a padding \0-byte. |
---|
88 | |
---|
89 | if ( len == authmes->len ) { |
---|
90 | if ( memcmp(key->at_data.password.password, authmes->data, len) ) { |
---|
91 | return -1; |
---|
92 | } else { |
---|
93 | return 1; |
---|
94 | } |
---|
95 | } |
---|
96 | |
---|
97 | return -1; |
---|
98 | } |
---|
99 | |
---|
100 | static int _ck_trust(struct auth_key * key, struct roar_auth_message * authmes, struct roar_client_server * cs) { |
---|
101 | struct at_trust * t = &(key->at_data.trust); |
---|
102 | size_t i; |
---|
103 | |
---|
104 | // we ship pids at the moment as cs does not contain a verifyed one. |
---|
105 | |
---|
106 | for (i = 0; i < t->uids_len; i++) |
---|
107 | if ( t->uids[i] == ROAR_CLIENT(cs)->uid ) |
---|
108 | return 1; |
---|
109 | |
---|
110 | for (i = 0; i < t->gids_len; i++) |
---|
111 | if ( t->gids[i] == ROAR_CLIENT(cs)->gid ) |
---|
112 | return 1; |
---|
113 | |
---|
114 | return -1; |
---|
115 | } |
---|
116 | |
---|
117 | int auth_client_ckeck(struct roar_client_server * cs, struct roar_auth_message * authmes, int * next) { |
---|
118 | struct auth_key * key; |
---|
119 | int i; |
---|
120 | int ret; |
---|
121 | |
---|
122 | if ( cs == NULL || authmes == NULL || next == NULL ) |
---|
123 | return -1; |
---|
124 | |
---|
125 | *next = -1; |
---|
126 | |
---|
127 | for (i = 0; i < AUTH_KEYRING_LEN; i++) { |
---|
128 | if ( (key = &(g_auth_keyring[i]))->type == authmes->type ) { |
---|
129 | ret = -1; |
---|
130 | switch (key->type) { |
---|
131 | case ROAR_AUTH_T_NONE: |
---|
132 | ret = 1; |
---|
133 | break; |
---|
134 | case ROAR_AUTH_T_PASSWORD: |
---|
135 | ret = _ck_password(key, authmes); |
---|
136 | break; |
---|
137 | case ROAR_AUTH_T_COOKIE: |
---|
138 | ret = _ck_cookie(key, authmes); |
---|
139 | break; |
---|
140 | case ROAR_AUTH_T_TRUST: |
---|
141 | ret = _ck_trust(key, authmes, cs); |
---|
142 | break; |
---|
143 | case ROAR_AUTH_T_SYSUSER: |
---|
144 | case ROAR_AUTH_T_RHOST: |
---|
145 | default: |
---|
146 | /* don't know what to do... */ |
---|
147 | return -1; |
---|
148 | break; |
---|
149 | } |
---|
150 | switch (ret) { |
---|
151 | case -1: |
---|
152 | /* ignore this case and continue */ |
---|
153 | break; |
---|
154 | case 0: // fatal auth error (server side auth cancel) |
---|
155 | return 0; |
---|
156 | break; |
---|
157 | case 1: |
---|
158 | cs->acclev = key->acclev; |
---|
159 | return 1; |
---|
160 | break; |
---|
161 | default: /* error! */ |
---|
162 | return -1; |
---|
163 | break; |
---|
164 | } |
---|
165 | } |
---|
166 | } |
---|
167 | |
---|
168 | // make a better guess: |
---|
169 | /* |
---|
170 | if ( authmes->type == ROAR_AUTH_T_PASSWORD ) { |
---|
171 | *next = -1; |
---|
172 | } else { |
---|
173 | *next = ROAR_AUTH_T_PASSWORD; |
---|
174 | } |
---|
175 | */ |
---|
176 | |
---|
177 | return -1; |
---|
178 | } |
---|
179 | |
---|
180 | int auth_addkey_anonymous(enum roard_client_acclev acclev) { |
---|
181 | if ( auth_regkey_simple(ROAR_AUTH_T_NONE, acclev) == NULL ) |
---|
182 | return -1; |
---|
183 | return 0; |
---|
184 | } |
---|
185 | |
---|
186 | int auth_addkey_password(enum roard_client_acclev acclev, const char * password) { |
---|
187 | union auth_typeunion * pw; |
---|
188 | |
---|
189 | if ( (pw = auth_regkey_simple(ROAR_AUTH_T_PASSWORD, acclev)) == NULL ) |
---|
190 | return -1; |
---|
191 | |
---|
192 | pw->password.password = password; |
---|
193 | |
---|
194 | return 0; |
---|
195 | } |
---|
196 | |
---|
197 | int auth_addkey_cookie(enum roard_client_acclev acclev, const void * cookie, const size_t len) { |
---|
198 | union auth_typeunion * key; |
---|
199 | |
---|
200 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_COOKIE, acclev)) == NULL ) |
---|
201 | return -1; |
---|
202 | |
---|
203 | key->cookie.cookie = (void*)cookie; |
---|
204 | key->cookie.len = len; |
---|
205 | |
---|
206 | return 0; |
---|
207 | } |
---|
208 | |
---|
209 | int auth_addkey_trust(enum roard_client_acclev acclev, ...) { |
---|
210 | union auth_typeunion * key; |
---|
211 | size_t i; |
---|
212 | va_list va; |
---|
213 | pid_t pid = -1; |
---|
214 | uid_t uid = -1; |
---|
215 | gid_t gid = -1; |
---|
216 | int err = 0; |
---|
217 | |
---|
218 | if ( (key = auth_regkey_simple(ROAR_AUTH_T_TRUST, acclev)) == NULL ) |
---|
219 | return -1; |
---|
220 | |
---|
221 | // zerosize all counters. |
---|
222 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
223 | |
---|
224 | va_start(va, acclev); |
---|
225 | |
---|
226 | do { // eval block we can leave with continue. |
---|
227 | |
---|
228 | #define _block(var,type,array) i = 0; \ |
---|
229 | do { \ |
---|
230 | if ( i == AT_TRUST_MAX_ENTRYS ) { err = 1; continue; } \ |
---|
231 | var = va_arg(va, type); \ |
---|
232 | key->trust.array[i] = var; \ |
---|
233 | i++; \ |
---|
234 | } while (var != -1); \ |
---|
235 | if ( err ) continue; \ |
---|
236 | key->trust.array ## _len = i; |
---|
237 | |
---|
238 | |
---|
239 | _block(pid, pid_t, pids); |
---|
240 | _block(uid, uid_t, uids); |
---|
241 | _block(gid, gid_t, gids); |
---|
242 | |
---|
243 | #undef _block |
---|
244 | |
---|
245 | } while(0); |
---|
246 | |
---|
247 | va_end(va); |
---|
248 | |
---|
249 | if ( !err ) |
---|
250 | return 0; |
---|
251 | |
---|
252 | memset(key, 0, sizeof(union auth_typeunion)); |
---|
253 | |
---|
254 | return -1; |
---|
255 | } |
---|
256 | |
---|
257 | //ll |
---|