1 mike 1.1.2.1 /*
2 //%2006////////////////////////////////////////////////////////////////////////
3 //
4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
7 // IBM Corp.; EMC Corporation, The Open Group.
8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
11 // EMC Corporation; VERITAS Software Corporation; The Open Group.
12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
13 // EMC Corporation; Symantec Corporation; The Open Group.
14 //
15 // Permission is hereby granted, free of charge, to any person obtaining a copy
16 // of this software and associated documentation files (the "Software"), to
17 // deal in the Software without restriction, including without limitation the
18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
19 // sell copies of the Software, and to permit persons to whom the Software is
20 // furnished to do so, subject to the following conditions:
21 //
22 mike 1.1.2.1 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 //
31 //%/////////////////////////////////////////////////////////////////////////////
32 */
33 #include "LocalAuth.h"
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/types.h>
38 #include <sys/time.h>
39 #include <sys/stat.h>
40 #include <fcntl.h>
41 #include <unistd.h>
42 #include <pthread.h>
43 mike 1.1.2.1 #include "Defines.h"
44 #include "Strlcpy.h"
45 #include "Strlcat.h"
46 #include "User.h"
47 #include "Random.h"
48 #include "SessionKey.h"
49 #include "Log.h"
50 #include "User.h"
51
52 #define TOKEN_LENGTH 40
53
54 /*
55 **==============================================================================
56 **
57 ** CreateLocalAuthFile()
58 **
59 ** This function creates a local authentication file for the given *user*.
60 ** it populates the *path* argument and return 0 on success. The file has
61 ** the following format.
62 **
63 ** PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq>
64 mike 1.1.2.1 **
65 ** For example:
66 **
67 **
68 ** The algorithm:
69 **
70 ** 1. Form the path name as shown above.
71 ** (e.g., /tmp/cimclient_jsmith_1_232).
72 **
73 ** 2. Generate a random token
74 ** (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0).
75 **
76 ** 3. Create the file (owner=root, permissions=0400).
77 **
78 ** 4. Write random token to file.
79 **
80 ** 5. Change owner of file to *user*.
81 **
82 **==============================================================================
83 */
84
85 mike 1.1.2.1 static int CreateLocalAuthFile(
86 const char* user,
87 char path[EXECUTOR_BUFFER_SIZE])
88 {
89 static unsigned int _nextSeq = 1;
90 static pthread_mutex_t _nextSeqMutex = PTHREAD_MUTEX_INITIALIZER;
91 unsigned int seq;
92 struct timeval tv;
93 char buffer[EXECUTOR_BUFFER_SIZE];
94 char token[TOKEN_LENGTH+1];
95 int fd;
96 int uid;
97 int gid;
98
99 /* Assign next sequence number. */
100
101 pthread_mutex_lock(&_nextSeqMutex);
102 seq = _nextSeq++;
103 pthread_mutex_unlock(&_nextSeqMutex);
104
105 /* Get microseconds elapsed since epoch. */
106 mike 1.1.2.1
107 gettimeofday(&tv, NULL);
108
109 /* Build path: */
110
111 Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE);
112 Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE);
113 Strlcat(path, user, EXECUTOR_BUFFER_SIZE);
114 sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000));
115 Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE);
116
117 /* Generate random token. */
118
119 {
120 unsigned char data[TOKEN_LENGTH/2];
121 FillRandomBytes(data, sizeof(data));
122 RandBytesToHexASCII(data, sizeof(data), token);
123 }
124
125 /* Create the file as read-only by user. */
126
127 mike 1.1.2.1 fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR);
128
129 if (fd < 0)
130 return -1;
131
132 /* Write the random token. */
133
134 if (write(fd, token, TOKEN_LENGTH) != TOKEN_LENGTH)
135 {
136 close(fd);
137 unlink(path);
138 return -1;
139 }
140
141 /* Change owner of file. */
142
143 if (GetUserInfo(user, &uid, &gid) != 0)
144 {
145 close(fd);
146 return -1;
147 }
148 mike 1.1.2.1
149 if (fchown(fd, uid, gid) != 0)
150 {
151 close(fd);
152 return -1;
153 }
154
155 close(fd);
156 return 0;
157 }
158
159 /*
160 **==============================================================================
161 **
162 ** CheckLocalAuthToken()
163 **
164 ** Compare the *token* with the token in the given file. Return 0 if they
165 ** are identical.
166 **
167 **==============================================================================
168 */
169 mike 1.1.2.1
170 static int CheckLocalAuthToken(
171 const char* path,
172 const char* token)
173 {
174 char buffer[TOKEN_LENGTH+1];
175 int fd;
176
177 /* Open the file: */
178
179 if ((fd = open(path, O_RDONLY)) < 0)
180 return -1;
181
182 /* Read the token. */
183
184 if (read(fd, buffer, TOKEN_LENGTH) != TOKEN_LENGTH)
185 {
186 close(fd);
187 return -1;
188 }
189
190 mike 1.1.2.1 buffer[TOKEN_LENGTH] = '\0';
191
192 /* Compare the token. */
193
194 if (strcmp(token, buffer) != 0)
195 {
196 close(fd);
197 return -1;
198 }
199
200 /* Okay! */
201 return 0;
202 }
203
204 /*
205 **==============================================================================
206 **
207 ** _destructor()
208 **
209 ** Destructor for session key data.
210 **
211 mike 1.1.2.1 **==============================================================================
212 */
213
|