pegasus/src/Executor/LocalAuth.c - annotate

Return to LocalAuth.c CVS log

Up to [Pegasus] / pegasus / src / Executor

1 mike 1.1.2.1 /* 2 //%2006//////////////////////////////////////////////////////////////////////// 3 // 4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; 7 // IBM Corp.; EMC Corporation, The Open Group. 8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. 10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 11 // EMC Corporation; VERITAS Software Corporation; The Open Group. 12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 13 // EMC Corporation; Symantec Corporation; The Open Group. 14 // 15 // Permission is hereby granted, free of charge, to any person obtaining a copy 16 // of this software and associated documentation files (the "Software"), to 17 // deal in the Software without restriction, including without limitation the 18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 19 // sell copies of the Software, and to permit persons to whom the Software is 20 // furnished to do so, subject to the following conditions: 21 // 22 mike 1.1.2.1 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 // 31 //%///////////////////////////////////////////////////////////////////////////// 32 / 33 #include "LocalAuth.h" 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <sys/types.h> 38 #include <sys/time.h> 39 #include <sys/stat.h> 40 #include <fcntl.h> 41 #include <unistd.h> 42 #include <pthread.h> 43 mike 1.1.2.1 #include "Defines.h" 44 #include "Strlcpy.h" 45 #include "Strlcat.h" 46 #include "User.h" 47 #include "Random.h" 48 #include "SessionKey.h" 49 #include "Log.h" 50 #include "User.h" 51 52 #define TOKEN_LENGTH 40 53 54 / 55 ============================================================================== 56 57 CreateLocalAuthFile() 58 59 ** This function creates a local authentication file for the given user. 60 ** it populates the path argument and return 0 on success. The file has 61 the following format. 62 63 PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq> 64 mike 1.1.2.1 65 For example: 66 67 68 The algorithm: 69 70 1. Form the path name as shown above. 71 (e.g., /tmp/cimclient_jsmith_1_232). 72 73 2. Generate a random token 74 (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0). 75 76 3. Create the file (owner=root, permissions=0400). 77 78 4. Write random token to file. 79 80 5. Change owner of file to user. 81 82 ============================================================================== 83 / 84 85 mike 1.1.2.1 static int CreateLocalAuthFile( 86 const char user, 87 char path[EXECUTOR_BUFFER_SIZE]) 88 { 89 static unsigned int _nextSeq = 1; 90 static pthread_mutex_t _nextSeqMutex = PTHREAD_MUTEX_INITIALIZER; 91 unsigned int seq; 92 struct timeval tv; 93 char buffer[EXECUTOR_BUFFER_SIZE]; 94 char token[TOKEN_LENGTH+1]; 95 int fd; 96 int uid; 97 int gid; 98 99 /* Assign next sequence number. / 100 101 pthread_mutex_lock(&_nextSeqMutex); 102 seq = _nextSeq++; 103 pthread_mutex_unlock(&_nextSeqMutex); 104 105 / Get microseconds elapsed since epoch. / 106 mike 1.1.2.1 107 gettimeofday(&tv, NULL); 108 109 / Build path: / 110 111 Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE); 112 Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE); 113 Strlcat(path, user, EXECUTOR_BUFFER_SIZE); 114 sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000)); 115 Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE); 116 117 / Generate random token. / 118 119 { 120 unsigned char data[TOKEN_LENGTH/2]; 121 FillRandomBytes(data, sizeof(data)); 122 RandBytesToHexASCII(data, sizeof(data), token); 123 } 124 125 / Create the file as read-only by user. / 126 127 mike 1.1.2.1 fd = open(path, O_WRONLY \| O_CREAT \| O_TRUNC, S_IRUSR); 128 129 if (fd < 0) 130 return -1; 131 132 / Write the random token. / 133 134 if (write(fd, token, TOKEN_LENGTH) != TOKEN_LENGTH) 135 { 136 close(fd); 137 unlink(path); 138 return -1; 139 } 140 141 / Change owner of file. / 142 143 if (GetUserInfo(user, &uid, &gid) != 0) 144 { 145 close(fd); 146 return -1; 147 } 148 mike 1.1.2.1 149 if (fchown(fd, uid, gid) != 0) 150 { 151 close(fd); 152 return -1; 153 } 154 155 close(fd); 156 return 0; 157 } 158 159 / 160 ============================================================================== 161 162 CheckLocalAuthToken() 163 164 ** Compare the token with the token in the given file. Return 0 if they 165 are identical. 166 167 *============================================================================== 168 / 169 mike 1.1.2.1 170 static int CheckLocalAuthToken( 171 const char* path, 172 const char* token) 173 { 174 char buffer[TOKEN_LENGTH+1]; 175 int fd; 176 177 /* Open the file: / 178 179 if ((fd = open(path, O_RDONLY)) < 0) 180 return -1; 181 182 / Read the token. / 183 184 if (read(fd, buffer, TOKEN_LENGTH) != TOKEN_LENGTH) 185 { 186 close(fd); 187 return -1; 188 } 189 190 mike 1.1.2.1 buffer[TOKEN_LENGTH] = '\0'; 191 192 / Compare the token. / 193 194 if (strcmp(token, buffer) != 0) 195 { 196 close(fd); 197 return -1; 198 } 199 200 / Okay! / 201 return 0; 202 } 203 204 / 205 ============================================================================== 206 207 _destructor() 208 209 Destructor for session key data. 210 211 mike 1.1.2.1 *============================================================================== 212 / 213
214 mike 1.1.2.4 static void _destructor(long data)
215 mike 1.1.2.1 { 216 if (!data) 217 return; 218 219 unlink((char)data); 220 free((char)data); 221 } 222 223 /* 224 ============================================================================== 225 226 StartLocalAuthentication() 227 228 Initiate first phase of local authentication. 229 230 *============================================================================== 231 / 232 233 int StartLocalAuthentication( 234 const char* user, 235 char path[EXECUTOR_BUFFER_SIZE], 236 mike 1.1.2.1 SessionKey* key) 237 { 238 /* Get uid: / 239 240 int uid; 241 int gid; 242 243 if (GetUserInfo(user, &uid, &gid) != 0) 244 return -1; 245 246 / Create the local authentication file. / 247 248 if (CreateLocalAuthFile(user, path) != 0) 249 { 250 return -1; 251 } 252 253 / Create the session key (associated with path). */ 254
255 mike 1.1.2.4 *key = NewSessionKey(uid, (long)strdup(path), _destructor, 0);
256 mike 1.1.2.1 257 return 0; 258 } 259 260 /* 261 ============================================================================== 262 263 FinishLocalAuthentication() 264 265 Initiate second and last phase of local authentication. 266 267 *============================================================================== 268 / 269 270 int FinishLocalAuthentication( 271 const SessionKey* key,
272 mike 1.1.2.2 const char* token)
273 mike 1.1.2.1 {
274 mike 1.1.2.4 long data = 0;
275 mike 1.1.2.1 276 /* Get session key data (the path). / 277 278 if (GetSessionKeyData(key, &data) != 0) 279 return -1; 280 281 / Check token against the one in the file. / 282 283 if (CheckLocalAuthToken((const char)data, token) != 0) 284 { 285 DeleteSessionKey(key); 286 return -1; 287 } 288
289 mike 1.1.2.2 /* Delete session key data. */
290 mike 1.1.2.1
291 mike 1.1.2.2 if (DeleteSessionKeyData(key) != 0)
292 mike 1.1.2.1 return -1; 293
294 mike 1.1.2.3 /* Set authentication flag. */ 295 296 if (SetSessionKeyAuthenticated(key) != 0) 297 return -1; 298
299 mike 1.1.2.1 return 0; 300 }

No CVS admin address has been configured