version 1.2, 2007/05/25 18:35:07
|
version 1.3, 2007/06/06 19:51:52
|
|
|
/* | /* |
**============================================================================== | **============================================================================== |
** | ** |
** CreateLocalAuthFile() |
** BuildLocalAuthFilePath() |
** | ** |
** This function creates a local authentication file for the given *user*. |
** This function generates an appropriate name for a local authentication |
** it populates the *path* argument and return 0 on success. The file has |
** file for the given *user*. The file path has the following format: |
** the following format. |
|
** | ** |
** PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq> | ** PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq> |
** | ** |
** For example: |
|
** |
|
** |
|
** The algorithm: |
|
** |
|
** 1. Form the path name as shown above. |
|
** (e.g., /tmp/cimclient_jsmith_1_232). |
|
** |
|
** 2. Generate a random token |
|
** (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0). |
|
** |
|
** 3. Create the file (owner=root, permissions=0400). |
|
** |
|
** 4. Write random token to file. |
|
** |
|
** 5. Change owner of file to *user*. |
|
** |
|
**============================================================================== | **============================================================================== |
*/ | */ |
| |
static int CreateLocalAuthFile( |
static void BuildLocalAuthFilePath( |
const char* user, | const char* user, |
char path[EXECUTOR_BUFFER_SIZE]) | char path[EXECUTOR_BUFFER_SIZE]) |
{ | { |
|
|
unsigned int seq; | unsigned int seq; |
struct timeval tv; | struct timeval tv; |
char buffer[EXECUTOR_BUFFER_SIZE]; | char buffer[EXECUTOR_BUFFER_SIZE]; |
char token[TOKEN_LENGTH+1]; |
|
int fd; |
|
int uid; |
|
int gid; |
|
| |
/* Assign next sequence number. */ | /* Assign next sequence number. */ |
| |
|
|
| |
gettimeofday(&tv, NULL); | gettimeofday(&tv, NULL); |
| |
/* Build path: */ |
/* Build path */ |
| |
Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE); | Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE); |
Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE); | Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE); |
Strlcat(path, user, EXECUTOR_BUFFER_SIZE); | Strlcat(path, user, EXECUTOR_BUFFER_SIZE); |
sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000)); | sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000)); |
Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE); | Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE); |
|
} |
|
|
|
/* |
|
**============================================================================== |
|
** |
|
** CreateLocalAuthFile() |
|
** |
|
** This function creates a local authentication file with the given *path* |
|
** and returns 0 on success. |
|
** |
|
** The algorithm: |
|
** |
|
** 1. Generate a random token |
|
** (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0). |
|
** |
|
** 2. Create the file (owner=root, permissions=0400). |
|
** |
|
** 3. Write random token to file. |
|
** |
|
** 4. Change file owner to *uid* and group to *gid*. |
|
** |
|
**============================================================================== |
|
*/ |
|
|
|
int CreateLocalAuthFile( |
|
const char* path, |
|
int uid, |
|
int gid) |
|
{ |
|
char token[TOKEN_LENGTH+1]; |
|
int fd; |
| |
/* Generate random token. */ | /* Generate random token. */ |
| |
|
|
| |
/* Change owner of file. */ | /* Change owner of file. */ |
| |
if (GetUserInfo(user, &uid, &gid) != 0) |
|
{ |
|
close(fd); |
|
unlink(path); |
|
return -1; |
|
} |
|
|
|
if (fchown(fd, uid, gid) != 0) | if (fchown(fd, uid, gid) != 0) |
{ | { |
close(fd); | close(fd); |
|
|
**============================================================================== | **============================================================================== |
*/ | */ |
| |
static int CheckLocalAuthToken( |
int CheckLocalAuthToken( |
const char* path, | const char* path, |
const char* token) | const char* token) |
{ | { |
char buffer[TOKEN_LENGTH+1]; | char buffer[TOKEN_LENGTH+1]; |
int fd; | int fd; |
| |
/* Open the file: */ |
/* Open the file. */ |
| |
if ((fd = open(path, O_RDONLY)) < 0) | if ((fd = open(path, O_RDONLY)) < 0) |
return -1; | return -1; |
|
|
| |
int StartLocalAuthentication( | int StartLocalAuthentication( |
const char* user, | const char* user, |
char challenge[EXECUTOR_BUFFER_SIZE]) |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]) |
{ | { |
/* Get uid: */ | /* Get uid: */ |
| |
|
|
if (GetUserInfo(user, &uid, &gid) != 0) | if (GetUserInfo(user, &uid, &gid) != 0) |
return -1; | return -1; |
| |
/* Create the local authentication file. */ |
/* Build an appropriate local authentication file path. */ |
| |
if (CreateLocalAuthFile(user, challenge) != 0) |
BuildLocalAuthFilePath(user, challengeFilePath); |
return -1; |
|
| |
return 0; |
/* Create the local authentication file. */ |
|
|
|
return CreateLocalAuthFile(challengeFilePath, uid, gid); |
} | } |
| |
/* | /* |
|
|
** | ** |
** FinishLocalAuthentication() | ** FinishLocalAuthentication() |
** | ** |
** Initiate second and last phase of local authentication. Else return |
** Initiates second and final phase of local authentication. Returns 0 |
** negative one. |
** if authentication is successful, -1 otherwise. |
** | ** |
**============================================================================== | **============================================================================== |
*/ | */ |
| |
int FinishLocalAuthentication( | int FinishLocalAuthentication( |
const char* challenge, |
const char* challengeFilePath, |
const char* response) | const char* response) |
{ | { |
/* Check token against the one in the file. */ | /* Check token against the one in the file. */ |
| |
int rc = CheckLocalAuthToken(challenge, response); |
int rc = CheckLocalAuthToken(challengeFilePath, response); |
| |
if (challenge) |
if (challengeFilePath) |
unlink((char*)challenge); |
unlink((char*)challengeFilePath); |
| |
return rc; | return rc; |
} | } |