pegasus/src/Executor/LocalAuth.c - diff

Return to LocalAuth.c CVS log

Up to [Pegasus] / pegasus / src / Executor

Diff for /pegasus/src/Executor/LocalAuth.c between version 1.2 and 1.3

version 1.2, 2007/05/25 18:35:07

version 1.3, 2007/06/06 19:51:52

Line 53

**==============================================================================

** CreateLocalAuthFile()

** BuildLocalAuthFilePath()

** This function creates a local authentication file for the given *user*.

** This function generates an appropriate name for a local authentication

** it populates the *path* argument and return 0 on success. The file has

** file for the given *user*. The file path has the following format:

** the following format.

** PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq>

** For example:

** The algorithm:

** 1. Form the path name as shown above.

** (e.g., /tmp/cimclient_jsmith_1_232).

** 2. Generate a random token

** (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0).

** 3. Create the file (owner=root, permissions=0400).

** 4. Write random token to file.

** 5. Change owner of file to *user*.

**==============================================================================

static int CreateLocalAuthFile(

static void BuildLocalAuthFilePath(

const char* user,

char path[EXECUTOR_BUFFER_SIZE])

{

Line 90

Line 72

unsigned int seq;

struct timeval tv;

char buffer[EXECUTOR_BUFFER_SIZE];

char token[TOKEN_LENGTH+1];

int fd;

int uid;

int gid;

/* Assign next sequence number. */

Line 105

Line 83

gettimeofday(&tv, NULL);

/* Build path: */

/* Build path */

Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE);

Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE);

Strlcat(path, user, EXECUTOR_BUFFER_SIZE);

sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000));

Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE);

}

**==============================================================================

** CreateLocalAuthFile()

** This function creates a local authentication file with the given *path*

** and returns 0 on success.

** The algorithm:

** 1. Generate a random token

** (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0).

** 2. Create the file (owner=root, permissions=0400).

** 3. Write random token to file.

** 4. Change file owner to *uid* and group to *gid*.

**==============================================================================

int CreateLocalAuthFile(

const char* path,

int uid,

int gid)

{

char token[TOKEN_LENGTH+1];

int fd;

/* Generate random token. */

Line 145

Line 154

/* Change owner of file. */

if (GetUserInfo(user, &uid, &gid) != 0)

{

close(fd);

unlink(path);

return -1;

}

if (fchown(fd, uid, gid) != 0)

{

close(fd);

Line 174

Line 176

**==============================================================================

static int CheckLocalAuthToken(

int CheckLocalAuthToken(

const char* path,

const char* token)

{

char buffer[TOKEN_LENGTH+1];

int fd;

/* Open the file: */

/* Open the file. */

if ((fd = open(path, O_RDONLY)) < 0)

return -1;

Line 221

Line 223

int StartLocalAuthentication(

const char* user,

char challenge[EXECUTOR_BUFFER_SIZE])

char challengeFilePath[EXECUTOR_BUFFER_SIZE])

{

/* Get uid: */

Line 231

Line 233

if (GetUserInfo(user, &uid, &gid) != 0)

return -1;

/* Create the local authentication file. */

/* Build an appropriate local authentication file path. */

if (CreateLocalAuthFile(user, challenge) != 0)

BuildLocalAuthFilePath(user, challengeFilePath);

return -1;

return 0;

/* Create the local authentication file. */

return CreateLocalAuthFile(challengeFilePath, uid, gid);

}

Line 244

Line 247

** FinishLocalAuthentication()

** Initiate second and last phase of local authentication. Else return

** Initiates second and final phase of local authentication. Returns 0

** negative one.

** if authentication is successful, -1 otherwise.

**==============================================================================

int FinishLocalAuthentication(

const char* challenge,

const char* challengeFilePath,

const char* response)

{

/* Check token against the one in the file. */

int rc = CheckLocalAuthToken(challenge, response);

int rc = CheckLocalAuthToken(challengeFilePath, response);

if (challenge)

if (challengeFilePath)

unlink((char*)challenge);

unlink((char*)challengeFilePath);

return rc;

}

Legend:

Removed from v.1.2
changed lines
	Added in v.1.3

No CVS admin address has been configured