(file) Return to LocalAuth.c CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Executor
File: [Pegasus] / pegasus / src / Executor / LocalAuth.c (download)
Revision: 1.2, Fri May 25 17:35:07 2007 UTC (17 years, 1 month ago) by kumpf
Branch: MAIN
CVS Tags: TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch
Changes since 1.1: +265 -0 lines 
BUG#: 6037
TITLE: PEP 286 Privilege Separation
DESCRIPTION: Implement privilege separation for the CIM Server.  This allows the CIM Server to run without privilege, using a separate small process to perform privileged operations as necessary.

/*
//%2006////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation, The Open Group.
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; Symantec Corporation; The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// 
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//%/////////////////////////////////////////////////////////////////////////////
*/
#include "LocalAuth.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <pthread.h>
#include "Defines.h"
#include "Strlcpy.h"
#include "Strlcat.h"
#include "User.h"
#include "Random.h"
#include "Log.h"
#include "User.h"

#define TOKEN_LENGTH 40

/*
**==============================================================================
**
** CreateLocalAuthFile()
**
**     This function creates a local authentication file for the given *user*.
**     it populates the *path* argument and return 0 on success. The file has
**     the following format.
**
**         PEGASUS_LOCAL_AUTH_DIR/cimclient_<user>_<timestamp>_<seq>
**
**     For example:
**
**
**     The algorithm:
**
**         1. Form the path name as shown above.
**            (e.g., /tmp/cimclient_jsmith_1_232).
**
**         2. Generate a random token
**            (e.g., 8F85CB1129B2B93F77F5CCA16850D659CCD16FE0).
**
**         3. Create the file (owner=root, permissions=0400).
**
**         4. Write random token to file.
**
**         5. Change owner of file to *user*.
**
**==============================================================================
*/

static int CreateLocalAuthFile(
    const char* user,
    char path[EXECUTOR_BUFFER_SIZE])
{
    static unsigned int _nextSeq = 1;
    static pthread_mutex_t _nextSeqMutex = PTHREAD_MUTEX_INITIALIZER;
    unsigned int seq;
    struct timeval tv;
    char buffer[EXECUTOR_BUFFER_SIZE];
    char token[TOKEN_LENGTH+1];
    int fd;
    int uid;
    int gid;

    /* Assign next sequence number. */

    pthread_mutex_lock(&_nextSeqMutex);
    seq = _nextSeq++;
    pthread_mutex_unlock(&_nextSeqMutex);

    /* Get microseconds elapsed since epoch. */

    gettimeofday(&tv, NULL);

    /* Build path: */

    Strlcpy(path, PEGASUS_LOCAL_AUTH_DIR, EXECUTOR_BUFFER_SIZE);
    Strlcat(path, "/cimclient_", EXECUTOR_BUFFER_SIZE);
    Strlcat(path, user, EXECUTOR_BUFFER_SIZE);
    sprintf(buffer, "_%u_%u", seq, (int)(tv.tv_usec / 1000));
    Strlcat(path, buffer, EXECUTOR_BUFFER_SIZE);

    /* Generate random token. */

    {
        unsigned char data[TOKEN_LENGTH/2];
        FillRandomBytes(data, sizeof(data));
        RandBytesToHexASCII(data, sizeof(data), token);
    }

    /* If file already exists, remove it. */

    /* Flawfinder: ignore */
    if (access(path, F_OK) == 0 && unlink(path) != 0)
        return -1;

    /* Create the file as read-only by user. */

    fd = open(path, O_WRONLY | O_EXCL | O_CREAT | O_TRUNC, S_IRUSR);

    if (fd < 0)
        return -1;

    /* Write the random token. */

    if (write(fd, token, TOKEN_LENGTH) != TOKEN_LENGTH)
    {
        close(fd);
        unlink(path);
        return -1;
    }

    /* Change owner of file. */

    if (GetUserInfo(user, &uid, &gid) != 0)
    {
        close(fd);
        unlink(path);
        return -1;
    }

    if (fchown(fd, uid, gid) != 0)
    {
        close(fd);
        unlink(path);
        return -1;
    }

    close(fd);
    return 0;
}

/*
**==============================================================================
**
** CheckLocalAuthToken()
**
**     Compare the *token* with the token in the given file. Return 0 if they
**     are identical.
**
**==============================================================================
*/

static int CheckLocalAuthToken(
    const char* path,
    const char* token)
{
    char buffer[TOKEN_LENGTH+1];
    int fd;

    /* Open the file: */

    if ((fd = open(path, O_RDONLY)) < 0)
        return -1;

    /* Read the token. */

    if (read(fd, buffer, TOKEN_LENGTH) != TOKEN_LENGTH)
    {
        close(fd);
        return -1;
    }

    buffer[TOKEN_LENGTH] = '\0';

    /* Compare the token. */

    if (strcmp(token, buffer) != 0)
    {
        close(fd);
        return -1;
    }

    /* Okay! */
    close(fd);
    return 0;
}

/*
**==============================================================================
**
** StartLocalAuthentication()
**
**     Initiate first phase of local authentication.
**
**==============================================================================
*/

int StartLocalAuthentication(
    const char* user,
    char challenge[EXECUTOR_BUFFER_SIZE])
{
    /* Get uid: */

    int uid;
    int gid;

    if (GetUserInfo(user, &uid, &gid) != 0)
        return -1;

    /* Create the local authentication file. */

    if (CreateLocalAuthFile(user, challenge) != 0)
        return -1;

    return 0;
}

/*
**==============================================================================
**
** FinishLocalAuthentication()
**
**     Initiate second and last phase of local authentication. Else return
**     negative one.
**
**==============================================================================
*/

int FinishLocalAuthentication(
    const char* challenge,
    const char* response)
{
    /* Check token against the one in the file. */

    int rc = CheckLocalAuthToken(challenge, response);

    if (challenge)
        unlink((char*)challenge);

    return rc;
}
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2