[33] | 1 | /* |
---|
| 2 | * lib/krb5/os/kuserok.c |
---|
| 3 | * |
---|
| 4 | * Copyright 1990,1993 by the Massachusetts Institute of Technology. |
---|
| 5 | * All Rights Reserved. |
---|
| 6 | * |
---|
| 7 | * Export of this software from the United States of America may |
---|
| 8 | * require a specific license from the United States Government. |
---|
| 9 | * It is the responsibility of any person or organization contemplating |
---|
| 10 | * export to obtain such a license before exporting. |
---|
| 11 | * |
---|
| 12 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and |
---|
| 13 | * distribute this software and its documentation for any purpose and |
---|
| 14 | * without fee is hereby granted, provided that the above copyright |
---|
| 15 | * notice appear in all copies and that both that copyright notice and |
---|
| 16 | * this permission notice appear in supporting documentation, and that |
---|
| 17 | * the name of M.I.T. not be used in advertising or publicity pertaining |
---|
| 18 | * to distribution of the software without specific, written prior |
---|
| 19 | * permission. Furthermore if you modify this software you must label |
---|
| 20 | * your software as modified software and not distribute it in such a |
---|
| 21 | * fashion that it might be confused with the original M.I.T. software. |
---|
| 22 | * M.I.T. makes no representations about the suitability of |
---|
| 23 | * this software for any purpose. It is provided "as is" without express |
---|
| 24 | * or implied warranty. |
---|
| 25 | * |
---|
| 26 | * |
---|
| 27 | * krb5_kuserok() |
---|
| 28 | */ |
---|
| 29 | |
---|
| 30 | #include "k5-int.h" |
---|
| 31 | #if !defined(_WIN32) /* Not yet for Windows */ |
---|
| 32 | #include <stdio.h> |
---|
| 33 | #include <pwd.h> |
---|
| 34 | |
---|
| 35 | #if defined(_AIX) && defined(_IBMR2) |
---|
| 36 | #include <sys/access.h> |
---|
| 37 | /* xlc has a bug with "const" */ |
---|
| 38 | #define getpwnam(user) getpwnam((char *)user) |
---|
| 39 | #endif |
---|
| 40 | |
---|
| 41 | #define MAX_USERNAME 65 |
---|
| 42 | |
---|
| 43 | #if defined(__APPLE__) && defined(__MACH__) |
---|
| 44 | #include <hfs/hfs_mount.h> /* XXX */ |
---|
| 45 | #define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID) |
---|
| 46 | #else |
---|
| 47 | #define FILE_OWNER_OK(UID) ((UID) == 0) |
---|
| 48 | #endif |
---|
| 49 | |
---|
| 50 | /* |
---|
| 51 | * Given a Kerberos principal "principal", and a local username "luser", |
---|
| 52 | * determine whether user is authorized to login according to the |
---|
| 53 | * authorization file ("~luser/.k5login" by default). Returns TRUE |
---|
| 54 | * if authorized, FALSE if not authorized. |
---|
| 55 | * |
---|
| 56 | * If there is no account for "luser" on the local machine, returns |
---|
| 57 | * FALSE. If there is no authorization file, and the given Kerberos |
---|
| 58 | * name "server" translates to the same name as "luser" (using |
---|
| 59 | * krb5_aname_to_lname()), returns TRUE. Otherwise, if the authorization file |
---|
| 60 | * can't be accessed, returns FALSE. Otherwise, the file is read for |
---|
| 61 | * a matching principal name, instance, and realm. If one is found, |
---|
| 62 | * returns TRUE, if none is found, returns FALSE. |
---|
| 63 | * |
---|
| 64 | * The file entries are in the format produced by krb5_unparse_name(), |
---|
| 65 | * one entry per line. |
---|
| 66 | * |
---|
| 67 | */ |
---|
| 68 | |
---|
| 69 | krb5_boolean KRB5_CALLCONV |
---|
| 70 | krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) |
---|
| 71 | { |
---|
| 72 | struct stat sbuf; |
---|
| 73 | struct passwd *pwd; |
---|
| 74 | char pbuf[MAXPATHLEN]; |
---|
| 75 | krb5_boolean isok = FALSE; |
---|
| 76 | FILE *fp; |
---|
| 77 | char kuser[MAX_USERNAME]; |
---|
| 78 | char *princname; |
---|
| 79 | char linebuf[BUFSIZ]; |
---|
| 80 | char *newline; |
---|
| 81 | int gobble; |
---|
| 82 | |
---|
| 83 | /* no account => no access */ |
---|
| 84 | char pwbuf[BUFSIZ]; |
---|
| 85 | struct passwd pwx; |
---|
| 86 | if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) |
---|
| 87 | return(FALSE); |
---|
| 88 | (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); |
---|
| 89 | pbuf[sizeof(pbuf) - 1] = '\0'; |
---|
| 90 | (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); |
---|
| 91 | |
---|
| 92 | if (access(pbuf, F_OK)) { /* not accessible */ |
---|
| 93 | /* |
---|
| 94 | * if he's trying to log in as himself, and there is no .k5login file, |
---|
| 95 | * let him. To find out, call |
---|
| 96 | * krb5_aname_to_localname to convert the principal to a name |
---|
| 97 | * which we can string compare. |
---|
| 98 | */ |
---|
| 99 | if (!(krb5_aname_to_localname(context, principal, |
---|
| 100 | sizeof(kuser), kuser)) |
---|
| 101 | && (strcmp(kuser, luser) == 0)) { |
---|
| 102 | return(TRUE); |
---|
| 103 | } |
---|
| 104 | } |
---|
| 105 | if (krb5_unparse_name(context, principal, &princname)) |
---|
| 106 | return(FALSE); /* no hope of matching */ |
---|
| 107 | |
---|
| 108 | /* open ~/.k5login */ |
---|
| 109 | if ((fp = fopen(pbuf, "r")) == NULL) { |
---|
| 110 | free(princname); |
---|
| 111 | return(FALSE); |
---|
| 112 | } |
---|
| 113 | /* |
---|
| 114 | * For security reasons, the .k5login file must be owned either by |
---|
| 115 | * the user himself, or by root. Otherwise, don't grant access. |
---|
| 116 | */ |
---|
| 117 | if (fstat(fileno(fp), &sbuf)) { |
---|
| 118 | fclose(fp); |
---|
| 119 | free(princname); |
---|
| 120 | return(FALSE); |
---|
| 121 | } |
---|
| 122 | if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { |
---|
| 123 | fclose(fp); |
---|
| 124 | free(princname); |
---|
| 125 | return(FALSE); |
---|
| 126 | } |
---|
| 127 | |
---|
| 128 | /* check each line */ |
---|
| 129 | while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { |
---|
| 130 | /* null-terminate the input string */ |
---|
| 131 | linebuf[BUFSIZ-1] = '\0'; |
---|
| 132 | newline = NULL; |
---|
| 133 | /* nuke the newline if it exists */ |
---|
| 134 | if ((newline = strchr(linebuf, '\n'))) |
---|
| 135 | *newline = '\0'; |
---|
| 136 | if (!strcmp(linebuf, princname)) { |
---|
| 137 | isok = TRUE; |
---|
| 138 | continue; |
---|
| 139 | } |
---|
| 140 | /* clean up the rest of the line if necessary */ |
---|
| 141 | if (!newline) |
---|
| 142 | while (((gobble = getc(fp)) != EOF) && gobble != '\n'); |
---|
| 143 | } |
---|
| 144 | free(princname); |
---|
| 145 | fclose(fp); |
---|
| 146 | return(isok); |
---|
| 147 | } |
---|
| 148 | |
---|
| 149 | #else /* _WIN32 */ |
---|
| 150 | |
---|
| 151 | /* |
---|
| 152 | * If the given Kerberos name "server" translates to the same name as "luser" |
---|
| 153 | * (using * krb5_aname_to_lname()), returns TRUE. |
---|
| 154 | */ |
---|
| 155 | krb5_boolean KRB5_CALLCONV |
---|
| 156 | krb5_kuserok(context, principal, luser) |
---|
| 157 | krb5_context context; |
---|
| 158 | krb5_principal principal; |
---|
| 159 | const char *luser; |
---|
| 160 | { |
---|
| 161 | char kuser[50]; |
---|
| 162 | |
---|
| 163 | if (krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) |
---|
| 164 | return FALSE; |
---|
| 165 | |
---|
| 166 | if (strcmp(kuser, luser) == 0) |
---|
| 167 | return TRUE; |
---|
| 168 | |
---|
| 169 | return FALSE; |
---|
| 170 | } |
---|
| 171 | #endif /* _WIN32 */ |
---|