1 | /* |
---|
2 | * lib/krb5/os/kuserok.c |
---|
3 | * |
---|
4 | * Copyright 1990,1993 by the Massachusetts Institute of Technology. |
---|
5 | * All Rights Reserved. |
---|
6 | * |
---|
7 | * Export of this software from the United States of America may |
---|
8 | * require a specific license from the United States Government. |
---|
9 | * It is the responsibility of any person or organization contemplating |
---|
10 | * export to obtain such a license before exporting. |
---|
11 | * |
---|
12 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and |
---|
13 | * distribute this software and its documentation for any purpose and |
---|
14 | * without fee is hereby granted, provided that the above copyright |
---|
15 | * notice appear in all copies and that both that copyright notice and |
---|
16 | * this permission notice appear in supporting documentation, and that |
---|
17 | * the name of M.I.T. not be used in advertising or publicity pertaining |
---|
18 | * to distribution of the software without specific, written prior |
---|
19 | * permission. Furthermore if you modify this software you must label |
---|
20 | * your software as modified software and not distribute it in such a |
---|
21 | * fashion that it might be confused with the original M.I.T. software. |
---|
22 | * M.I.T. makes no representations about the suitability of |
---|
23 | * this software for any purpose. It is provided "as is" without express |
---|
24 | * or implied warranty. |
---|
25 | * |
---|
26 | * |
---|
27 | * krb5_kuserok() |
---|
28 | */ |
---|
29 | |
---|
30 | #include "k5-int.h" |
---|
31 | #if !defined(_WIN32) /* Not yet for Windows */ |
---|
32 | #include <stdio.h> |
---|
33 | #include <pwd.h> |
---|
34 | |
---|
35 | #if defined(_AIX) && defined(_IBMR2) |
---|
36 | #include <sys/access.h> |
---|
37 | /* xlc has a bug with "const" */ |
---|
38 | #define getpwnam(user) getpwnam((char *)user) |
---|
39 | #endif |
---|
40 | |
---|
41 | #define MAX_USERNAME 65 |
---|
42 | |
---|
43 | #if defined(__APPLE__) && defined(__MACH__) |
---|
44 | #include <hfs/hfs_mount.h> /* XXX */ |
---|
45 | #define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID) |
---|
46 | #else |
---|
47 | #define FILE_OWNER_OK(UID) ((UID) == 0) |
---|
48 | #endif |
---|
49 | |
---|
50 | /* |
---|
51 | * Given a Kerberos principal "principal", and a local username "luser", |
---|
52 | * determine whether user is authorized to login according to the |
---|
53 | * authorization file ("~luser/.k5login" by default). Returns TRUE |
---|
54 | * if authorized, FALSE if not authorized. |
---|
55 | * |
---|
56 | * If there is no account for "luser" on the local machine, returns |
---|
57 | * FALSE. If there is no authorization file, and the given Kerberos |
---|
58 | * name "server" translates to the same name as "luser" (using |
---|
59 | * krb5_aname_to_lname()), returns TRUE. Otherwise, if the authorization file |
---|
60 | * can't be accessed, returns FALSE. Otherwise, the file is read for |
---|
61 | * a matching principal name, instance, and realm. If one is found, |
---|
62 | * returns TRUE, if none is found, returns FALSE. |
---|
63 | * |
---|
64 | * The file entries are in the format produced by krb5_unparse_name(), |
---|
65 | * one entry per line. |
---|
66 | * |
---|
67 | */ |
---|
68 | |
---|
69 | krb5_boolean KRB5_CALLCONV |
---|
70 | krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) |
---|
71 | { |
---|
72 | struct stat sbuf; |
---|
73 | struct passwd *pwd; |
---|
74 | char pbuf[MAXPATHLEN]; |
---|
75 | krb5_boolean isok = FALSE; |
---|
76 | FILE *fp; |
---|
77 | char kuser[MAX_USERNAME]; |
---|
78 | char *princname; |
---|
79 | char linebuf[BUFSIZ]; |
---|
80 | char *newline; |
---|
81 | int gobble; |
---|
82 | |
---|
83 | /* no account => no access */ |
---|
84 | char pwbuf[BUFSIZ]; |
---|
85 | struct passwd pwx; |
---|
86 | if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) |
---|
87 | return(FALSE); |
---|
88 | (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); |
---|
89 | pbuf[sizeof(pbuf) - 1] = '\0'; |
---|
90 | (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); |
---|
91 | |
---|
92 | if (access(pbuf, F_OK)) { /* not accessible */ |
---|
93 | /* |
---|
94 | * if he's trying to log in as himself, and there is no .k5login file, |
---|
95 | * let him. To find out, call |
---|
96 | * krb5_aname_to_localname to convert the principal to a name |
---|
97 | * which we can string compare. |
---|
98 | */ |
---|
99 | if (!(krb5_aname_to_localname(context, principal, |
---|
100 | sizeof(kuser), kuser)) |
---|
101 | && (strcmp(kuser, luser) == 0)) { |
---|
102 | return(TRUE); |
---|
103 | } |
---|
104 | } |
---|
105 | if (krb5_unparse_name(context, principal, &princname)) |
---|
106 | return(FALSE); /* no hope of matching */ |
---|
107 | |
---|
108 | /* open ~/.k5login */ |
---|
109 | if ((fp = fopen(pbuf, "r")) == NULL) { |
---|
110 | free(princname); |
---|
111 | return(FALSE); |
---|
112 | } |
---|
113 | /* |
---|
114 | * For security reasons, the .k5login file must be owned either by |
---|
115 | * the user himself, or by root. Otherwise, don't grant access. |
---|
116 | */ |
---|
117 | if (fstat(fileno(fp), &sbuf)) { |
---|
118 | fclose(fp); |
---|
119 | free(princname); |
---|
120 | return(FALSE); |
---|
121 | } |
---|
122 | if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { |
---|
123 | fclose(fp); |
---|
124 | free(princname); |
---|
125 | return(FALSE); |
---|
126 | } |
---|
127 | |
---|
128 | /* check each line */ |
---|
129 | while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { |
---|
130 | /* null-terminate the input string */ |
---|
131 | linebuf[BUFSIZ-1] = '\0'; |
---|
132 | newline = NULL; |
---|
133 | /* nuke the newline if it exists */ |
---|
134 | if ((newline = strchr(linebuf, '\n'))) |
---|
135 | *newline = '\0'; |
---|
136 | if (!strcmp(linebuf, princname)) { |
---|
137 | isok = TRUE; |
---|
138 | continue; |
---|
139 | } |
---|
140 | /* clean up the rest of the line if necessary */ |
---|
141 | if (!newline) |
---|
142 | while (((gobble = getc(fp)) != EOF) && gobble != '\n'); |
---|
143 | } |
---|
144 | free(princname); |
---|
145 | fclose(fp); |
---|
146 | return(isok); |
---|
147 | } |
---|
148 | |
---|
149 | #else /* _WIN32 */ |
---|
150 | |
---|
151 | /* |
---|
152 | * If the given Kerberos name "server" translates to the same name as "luser" |
---|
153 | * (using * krb5_aname_to_lname()), returns TRUE. |
---|
154 | */ |
---|
155 | krb5_boolean KRB5_CALLCONV |
---|
156 | krb5_kuserok(context, principal, luser) |
---|
157 | krb5_context context; |
---|
158 | krb5_principal principal; |
---|
159 | const char *luser; |
---|
160 | { |
---|
161 | char kuser[50]; |
---|
162 | |
---|
163 | if (krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) |
---|
164 | return FALSE; |
---|
165 | |
---|
166 | if (strcmp(kuser, luser) == 0) |
---|
167 | return TRUE; |
---|
168 | |
---|
169 | return FALSE; |
---|
170 | } |
---|
171 | #endif /* _WIN32 */ |
---|