static krb5_error_code KRB5_LIB_CALL kuserok_sys_k5login_plug_f(void *plug_ctx, krb5_context context, const char *rule, unsigned int flags, const char *k5login_dir, const char *luser, krb5_const_principal principal, krb5_boolean *result) { char filename[MAXPATHLEN]; size_t len; const char *profile_dir = NULL; krb5_error_code ret; *result = FALSE; if (strcmp(rule, "SYSTEM-K5LOGIN") != 0 && strncmp(rule, "SYSTEM-K5LOGIN:"******"SYSTEM-K5LOGIN:"******"%s/%s", profile_dir, luser); if (len < sizeof(filename)) { ret = check_one_file(context, filename, NULL, TRUE, principal, result); if (ret == 0 && ((flags & KUSEROK_K5LOGIN_IS_AUTHORITATIVE) || *result == TRUE)) return 0; } *result = FALSE; return KRB5_PLUGIN_NO_HANDLE; }
static krb5_error_code check_directory(krb5_context context, const char *dirname, struct passwd *pwd, krb5_principal principal, krb5_boolean *result) { DIR *d; struct dirent *dent; char filename[MAXPATHLEN]; krb5_error_code ret = 0; struct stat st; *result = FALSE; if(lstat(dirname, &st) < 0) return errno; if (!S_ISDIR(st.st_mode)) return ENOTDIR; if (st.st_uid != pwd->pw_uid && st.st_uid != 0) return EACCES; if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) return EACCES; if((d = opendir(dirname)) == NULL) return errno; { int fd; struct stat st2; fd = dirfd(d); if(fstat(fd, &st2) < 0) { closedir(d); return errno; } if(st.st_dev != st2.st_dev || st.st_ino != st2.st_ino) { closedir(d); return EACCES; } } while((dent = readdir(d)) != NULL) { if(strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0 || dent->d_name[0] == '#' || /* emacs autosave */ dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */ continue; snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name); ret = check_one_file(context, filename, pwd, principal, result); if(ret == 0 && *result == TRUE) break; ret = 0; /* don't propagate errors upstream */ } closedir(d); return ret; }
krb5_boolean KRB5_LIB_FUNCTION krb5_kuserok (krb5_context context, krb5_principal principal, const char *luser) { char *buf; size_t buflen; struct passwd *pwd; krb5_error_code ret; krb5_boolean result = FALSE; krb5_boolean found_file = FALSE; #ifdef POSIX_GETPWNAM_R char pwbuf[2048]; struct passwd pw; if(getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) return FALSE; #else pwd = getpwnam (luser); #endif if (pwd == NULL) return FALSE; #define KLOGIN "/.k5login" buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */ buf = malloc(buflen); if(buf == NULL) return FALSE; /* check user's ~/.k5login */ strlcpy(buf, pwd->pw_dir, buflen); strlcat(buf, KLOGIN, buflen); ret = check_one_file(context, buf, pwd, principal, &result); if(ret == 0 && result == TRUE) { free(buf); return TRUE; } if(ret != ENOENT) found_file = TRUE; strlcat(buf, ".d", buflen); ret = check_directory(context, buf, pwd, principal, &result); free(buf); if(ret == 0 && result == TRUE) return TRUE; if(ret != ENOENT && ret != ENOTDIR) found_file = TRUE; /* finally if no files exist, allow all principals matching <localuser>@<LOCALREALM> */ if(found_file == FALSE) return match_local_principals(context, principal, luser); return FALSE; }
static krb5_error_code KRB5_LIB_CALL kuserok_user_k5login_plug_f(void *plug_ctx, krb5_context context, const char *rule, unsigned int flags, const char *k5login_dir, const char *luser, krb5_const_principal principal, krb5_boolean *result) { #ifdef _WIN32 return KRB5_PLUGIN_NO_HANDLE; #else char *path; char *path_exp; const char *profile_dir = NULL; krb5_error_code ret; krb5_boolean found_file = FALSE; struct passwd pw, *pwd = NULL; char pwbuf[2048]; if (strcmp(rule, "USER-K5LOGIN") != 0) return KRB5_PLUGIN_NO_HANDLE; profile_dir = k5login_dir; if (profile_dir == NULL) { /* Don't deadlock with gssd or anything of the sort */ if (!_krb5_homedir_access(context)) return KRB5_PLUGIN_NO_HANDLE; if (getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) { krb5_set_error_message(context, errno, "User unknown (getpwnam_r())"); return KRB5_PLUGIN_NO_HANDLE; } if (pwd == NULL) { krb5_set_error_message(context, errno, "User unknown (getpwnam())"); return KRB5_PLUGIN_NO_HANDLE; } profile_dir = pwd->pw_dir; } #define KLOGIN "/.k5login" if (asprintf(&path, "%s/.k5login.d", profile_dir) == -1) return krb5_enomem(context); ret = _krb5_expand_path_tokensv(context, path, 1, &path_exp, "luser", luser, NULL); free(path); if (ret) return ret; path = path_exp; /* check user's ~/.k5login */ path[strlen(path) - strlen(".d")] = '\0'; ret = check_one_file(context, path, luser, FALSE, principal, result); /* * A match in ~/.k5login is sufficient. A non-match, falls through to the * .k5login.d code below. */ if (ret == 0 && *result == TRUE) { free(path); return 0; } if (ret != ENOENT) found_file = TRUE; /* * A match in ~/.k5login.d/somefile is sufficient. A non-match, falls * through to the code below that handles negative results. * * XXX: put back the .d; clever|hackish? you decide */ path[strlen(path)] = '.'; ret = check_directory(context, path, luser, FALSE, principal, result); free(path); if (ret == 0 && *result == TRUE) return 0; if (ret != ENOENT && ret != ENOTDIR) found_file = TRUE; /* * When either ~/.k5login or ~/.k5login.d/ exists, but neither matches * and we're authoritative, we're done. Otherwise, give other plugins * a chance. */ *result = FALSE; if (found_file && (flags & KUSEROK_K5LOGIN_IS_AUTHORITATIVE)) return 0; return KRB5_PLUGIN_NO_HANDLE; #endif }
static krb5_error_code check_directory(krb5_context context, const char *dirname, const char *owner, krb5_boolean is_system_location, krb5_const_principal principal, krb5_boolean *result) { DIR *d; struct dirent *dent; char filename[MAXPATHLEN]; size_t len; krb5_error_code ret = 0; struct stat st; *result = FALSE; if (lstat(dirname, &st) < 0) return errno; if (!S_ISDIR(st.st_mode)) { krb5_set_error_message(context, ENOTDIR, "k5login.d not a directory"); return ENOTDIR; } if ((d = opendir(dirname)) == NULL) { krb5_set_error_message(context, ENOTDIR, "Could not open k5login.d"); return errno; } ret = check_owner_dir(context, dirname, is_system_location, d, &st, owner); if (ret) goto out; while ((dent = readdir(d)) != NULL) { /* * XXX: Should we also skip files whose names start with "."? * Vim ".filename.swp" files are also good candidates to skip. * Once we ignore "#*" and "*~", it is not clear what other * heuristics to apply. */ if (strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0 || dent->d_name[0] == '#' || /* emacs autosave */ dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */ continue; len = snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name); /* Skip too-long filenames that got truncated by snprintf() */ if (len < sizeof(filename)) { ret = check_one_file(context, filename, owner, is_system_location, principal, result); if (ret == 0 && *result == TRUE) break; } ret = 0; /* don't propagate errors upstream */ } out: closedir(d); return ret; }