Beispiel #1
0
int
unixFileOpendir (rsComm_t *rsComm, char *dirname, void **outDirPtr)
{
    int status;
    DIR *dirPtr;


    dirPtr = opendir (dirname);

#ifdef RUN_SERVER_AS_ROOT
    if (dirPtr == NULL && errno == EACCES && isServiceUserSet()) {
        /* if the directory can't be accessed due to permission */
        /* denied try again using root credentials.             */
        if (changeToRootUser() == 0) {
            dirPtr = opendir (dirname);
            changeToServiceUser();
        }
    }
#endif

    if (dirPtr != NULL) {
        *outDirPtr = (void *) dirPtr;
	status = 0;
        return (0);
    } else {
        status = UNIX_FILE_OPENDIR_ERR - errno;
        rodsLog (LOG_NOTICE,
          "unixFileOpendir: opendir of %s error, status = %d",
          dirname, status);
    }
    return (status);
}
Beispiel #2
0
int
unixFileFstat (rsComm_t *rsComm, int fd, struct stat *statbuf)
{
    int status;

    status = fstat (fd, statbuf);

#ifdef RUN_SERVER_AS_ROOT
    if (status < 0 && errno == EACCES && isServiceUserSet()) {
        /* if the file can't be accessed due to permission denied */
        /* try again using root credentials.                      */
        if (changeToRootUser() == 0) {
            status = fstat (fd, statbuf);
            changeToServiceUser();
        }
    }
#endif

    if (status < 0) {
        status = UNIX_FILE_FSTAT_ERR - errno;
        rodsLog (LOG_DEBUG, "unixFileFstat: stat of fd %d error, status = %d",
         fd, status);
    }
   
    return (status);
}
Beispiel #3
0
int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
                   pamAuthRequestOut_t **pamAuthRequestOut ) {
    int status = 0;
    pamAuthRequestOut_t *result;
    bool run_server_as_root = false;

    *pamAuthRequestOut = ( pamAuthRequestOut_t * )
                         malloc( sizeof( pamAuthRequestOut_t ) );
    memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );

    result = *pamAuthRequestOut;

    irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root );

    if ( run_server_as_root ) {
        /* uid == euid is needed for some plugins e.g. libpam-sss */
        status = changeToRootUser();
        if ( status < 0 ) {
            return status;
        }
    }
    /* Normal mode, fork/exec setuid program to do the Pam check */
    status = runPamAuthCheck( pamAuthRequestInp->pamUser,
                              pamAuthRequestInp->pamPassword );
    if ( run_server_as_root ) {
        changeToServiceUser();
    }
    if ( status == 256 ) {
        status = PAM_AUTH_PASSWORD_FAILED;
    }
    else {
        /* the exec failed or something (PamAuthCheck not built perhaps) */
        if ( status != 0 ) {
            status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
        }
    }

    if ( status ) {
        return status;
    }
    result->irodsPamPassword = ( char* )malloc( 100 );
    if ( result->irodsPamPassword == 0 ) {
        return SYS_MALLOC_ERR;
    }
    status = chlUpdateIrodsPamPassword( rsComm,
                                        pamAuthRequestInp->pamUser,
                                        pamAuthRequestInp->timeToLive,
                                        NULL,
                                        &result->irodsPamPassword );
    return status;
}
int
_rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
		   pamAuthRequestOut_t **pamAuthRequestOut) {
    int status = 0;
    pamAuthRequestOut_t *result;

    *pamAuthRequestOut = (pamAuthRequestOut_t *)
       malloc(sizeof(pamAuthRequestOut_t));
    memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t));

    result = *pamAuthRequestOut;

#if defined(PAM_AUTH)

#ifdef RUN_SERVER_AS_ROOT
    /* uid == euid is needed for some plugins e.g. libpam-sss */
    status = changeToRootUser();
    if (status < 0) {
        return (status);
    }
#endif
    /* Normal mode, fork/exec setuid program to do the Pam check */
    status = runPamAuthCheck(pamAuthRequestInp->pamUser,
                             pamAuthRequestInp->pamPassword);
#ifdef RUN_SERVER_AS_ROOT
    changeToServiceUser();
#endif
    if (status == 256) {
      status = PAM_AUTH_PASSWORD_FAILED;
    }
    else {
      /* the exec failed or something (PamAuthCheck not built perhaps) */
      if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
    }

    if (status) {
      return(status);
    }
    result->irodsPamPassword = (char*)malloc(100);
    if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR);
    status = chlUpdateIrodsPamPassword(rsComm, 
				       pamAuthRequestInp->pamUser, NULL,
				       &result->irodsPamPassword);
    return(status);
#else
    status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
    return (status);
#endif
}