pegasus/src/Pegasus/Security/Cimservera/cimservera.c - view

Return to cimservera.c CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Cimservera

File: [Pegasus] / pegasus / src / Pegasus / Security / Cimservera / cimservera.c (download)
Revision: 1.2, Fri May 25 17:35:14 2007 UTC (17 years, 1 month ago) by kumpf
Branch: MAIN
CVS Tags: TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch
Changes since 1.1: +150 -0 lines

BUG#: 6037
TITLE: PEP 286 Privilege Separation
DESCRIPTION: Implement privilege separation for the CIM Server.  This allows the CIM Server to run without privilege, using a separate small process to perform privileged operations as necessary.

/*
//%2006////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation, The Open Group.
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; Symantec Corporation; The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// 
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//==============================================================================
//
//%/////////////////////////////////////////////////////////////////////////////
*/

#include <Executor/PAMAuth.h>
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>

static void Exit(int status)
{
    syslog(LOG_DEBUG, "exit(%d)", status);
    exit(status);
}

static ssize_t Recv(int sock, void* buffer, size_t size)
{
    size_t r = size;
    char* p = (char*)buffer;

    if (size == 0)
        return -1;

    while (r)
    {
        ssize_t n;

        EXECUTOR_RESTART(read(sock, p, r), n);

        if (n == -1)
            return -1;
        else if (n == 0)
            return size - r;

        r -= n;
        p += n;
    }

    return size - r;
}

int main(int argc, char* argv[])
{
    int sock;
    CimserveraRequest request;

    /* Open syslog: */

    openlog("cimservera", LOG_PID, LOG_AUTH);
    syslog(LOG_DEBUG, "started");

    /* Check argumnents. */

    if (argc != 2)
    {
        fprintf(stderr, "Usage: %s <socket-number>\n", argv[0]);
        Exit(1);
    }

    /* Open socket stream. */

    {
        char* end;
        long x = strtoul(argv[1], &end, 10);

        if (*end != '\0')
        {
            fprintf(stderr, "%s : bad socket argument: %s\n", argv[0], argv[1]);
            Exit(1);
        }
        
        sock = (int)x;
    }

    /* Wait on request. */

    if (Recv(sock, &request, sizeof(request)) != sizeof(request))
    {
        close(sock);
        Exit(1);
    }

    /* Handle request (authenticate or validateUser) */

    if (strcmp(request.arg0, "authenticate") == 0)
    {
        int status = PAMAuthenticateInProcess(request.arg1, request.arg2);

        if (status != 0)
        {
            syslog(LOG_WARNING, "user \"%s\" failed to authenticate",
                request.arg1);
        }

        Exit(status == 0 ? 0 : 1);
    }
    else if (strcmp(request.arg0, "validateUser") == 0)
    {
        int status = PAMValidateUserInProcess(request.arg1);

        if (status != 0)
            syslog(LOG_WARNING, "failed to validate user \"%s\"", request.arg1);

        Exit(status == 0 ? 0 : 1);
    }
    else
    {
        syslog(LOG_WARNING, "invalid request");
        close(sock);
        Exit(1);
    }

    close(sock);
    Exit(0);
    return 0;
}

No CVS admin address has been configured