void setup_env(char *user, struct credentials *c) { /* set up the environment for the execution of the subprogram */ if (!env_put2("USER", user)) auth_error(ERRNO); /* only courier-imap needs this but we set it anyway */ if (!env_put2("AUTHENTICATED", user)) auth_error(ERRNO); if (c->home.s != 0 && c->home.len > 0) if (!env_put2("HOME", c->home.s)) auth_error(ERRNO); if (c->maildir.s != 0 && c->maildir.len > 0) { if (!env_put2("MAILDIR", c->maildir.s)) auth_error(ERRNO); } else { if (!env_unset("MAILDIR")) auth_error(ERRNO); } logit(32, "environment successfully set: " "USER %s, HOME %s, MAILDIR %s\n", user, c->home.s != 0 && c->home.len > 0? c->home.s:"unset, forwarding", c->maildir.s != 0 && c->maildir.len > 0? c->maildir.s:"unset, using aliasempty"); }
void change_uid(unsigned int uid, unsigned int gid) { unsigned int id; id = geteuid(); if (id != 0 && (id == uid || uid == (unsigned int)-1)) { /* not running as root so return */ logit(32, "change_uid: already running non root\n"); return; } if (uid == (unsigned int)-1 && gid == (unsigned int)-1) { /* run as non-privileged user qmaild group nofiles */ uid = auto_uidd; gid = auto_gidn; } /* first set the group id */ if (prot_gid(gid) == -1) auth_error(ERRNO); logit(32, "setgid succeeded (%i)\n", gid); /* ... then the user id */ if (prot_uid(uid) == -1) auth_error(ERRNO); logit(32, "setuid succeeded (%i)\n", uid); /* ... now check that we are realy not running as root */ if (!getuid()) auth_error(FAILED); }
/* * send_auth_query - send the ident server a query giving "theirport , ourport" * The write is only attempted *once* so it is deemed to be a fail if the * entire write doesn't write all the data given. This shouldnt be a * problem since the socket should have a write buffer far greater than * this message to store it in should problems arise. -avalon */ void send_auth_query(struct AuthRequest* auth) { struct sockaddr_in us; struct sockaddr_in them; char authbuf[32]; unsigned int count; assert(0 != auth); assert(0 != auth->client); if (!os_get_sockname(cli_fd(auth->client), &us) || !os_get_peername(cli_fd(auth->client), &them)) { auth_error(auth, 1); return; } ircd_snprintf(0, authbuf, sizeof(authbuf), "%u , %u\r\n", (unsigned int) ntohs(them.sin_port), (unsigned int) ntohs(us.sin_port)); if (IO_SUCCESS == os_send_nonb(auth->fd, authbuf, strlen(authbuf), &count)) { ClearAuthConnect(auth); SetAuthPending(auth); } else auth_error(auth, 0); }
void context::authenticate() { _M_code = pam_authenticate(_M_pamh, 0); if(errc(_M_code) != errc::success) throw auth_error(_M_pamh, _M_code); _M_code = pam_acct_mgmt(_M_pamh, 0); if(errc(_M_code) != errc::success) throw account_error(_M_pamh, _M_code); }
void P2PFolder::handle_Handshake(const blob& message_raw) { log_->trace() << log_tag() << BOOST_CURRENT_FUNCTION; auto message_struct = parser_.parse_Handshake(message_raw); log_->debug() << log_tag() << "<== HANDSHAKE"; // Checking authentication using token if(message_struct.auth_token != remote_token()) throw auth_error(); if(conn_.role == WSService::connection::SERVER) perform_handshake(); client_name_ = message_struct.device_name; user_agent_ = message_struct.user_agent; log_->debug() << log_tag() << "LV Handshake successful"; is_handshaken_ = true; folder_group()->handle_handshake(shared_from_this()); }
int check_ldap(stralloc *login, stralloc *authdata, struct credentials *c, int fast) { static stralloc ld = {0}; qldap *q; char *filter; int r, status, pwok, needforward; unsigned long count, size, max; const char *attrs[] = { LDAP_UID, /* the first 10 attrs are default */ LDAP_QMAILUID, LDAP_QMAILGID, LDAP_ISACTIVE, LDAP_MAILHOST, LDAP_MAILSTORE, LDAP_HOMEDIR, LDAP_QUOTA_SIZE, LDAP_QUOTA_COUNT, LDAP_MAXMSIZE, LDAP_PASSWD, 0}; /* passwd is extra */ /* TODO more debug output is needed */ needforward = 0; q = qldap_new(); if (q == 0) return ERRNO; r = qldap_open(q); if (r != OK) goto fail; r = qldap_bind(q, 0, 0); if (r != OK) goto fail; if (fast) { /* just comapre passwords and account status */ attrs[0] = LDAP_ISACTIVE; if (qldap_need_rebind() == 0) { attrs[1] = LDAP_PASSWD; attrs[2] = 0; } else attrs[1] = 0; } else { if (qldap_need_rebind() != 0) attrs[10] = 0; } filter = filter_uid(login->s); if (filter == 0) { r = ERRNO; goto fail; } r = qldap_lookup(q, filter, attrs); if (r != OK) goto fail; r = qldap_get_status(q, &status); if (r != OK) goto fail; if (status == STATUS_BOUNCE || status == STATUS_NOACCESS || status == STATUS_DELETE) { qldap_free(q); return ACC_DISABLED; } if (!fast) { #ifdef QLDAP_CLUSTER r = qldap_get_attr(q, LDAP_MAILHOST, &c->forwarder, SINGLE_VALUE); if (r != OK && r != NOSUCH) goto fail; if (r == OK && cluster(c->forwarder.s) == 1) { /* hostname is different, so I reconnect */ logit(8, "check_ldap: forwarding session to %s\n", c->forwarder.s); needforward = 1; } #endif r = qldap_get_uid(q, &c->uid); if (r != OK) goto fail; r = qldap_get_gid(q, &c->gid); if (r != OK) goto fail; r = qldap_get_mailstore(q, &c->home, &c->maildir); if (r != OK) goto fail; if (!stralloc_0(&c->home) || !stralloc_0(&c->maildir)) return ERRNO; size = count = max = 0; r = qldap_get_quota(q, &size, &count, &max); if (r != OK) goto fail; if (max != 0) { num[fmt_ulong(num, max)] = 0; if (!env_put2("DATASIZE", num)) auth_error(ERRNO); } if (size != 0 || count != 0) { if (!stralloc_copys(&ld, "")) auth_error(ERRNO); if (size != 0) { if (!stralloc_catb(&ld, num, fmt_ulong(num, size))) auth_error(ERRNO); if (!stralloc_append(&ld, "S")) auth_error(ERRNO); } if (count != 0) { if (size != 0) if (!stralloc_append(&ld, ",")) auth_error(ERRNO); if (!stralloc_catb(&ld, num, fmt_ulong(num, count))) auth_error(ERRNO); if (!stralloc_append(&ld, "C")) auth_error(ERRNO); } if (!stralloc_0(&ld)) auth_error(ERRNO); if (!env_put2(ENV_QUOTA, ld.s )) auth_error(ERRNO); } } if (qldap_need_rebind() == 0) { r = qldap_get_attr(q, LDAP_PASSWD, &ld, SINGLE_VALUE); if (r != OK) goto fail; pwok = cmp_passwd(authdata->s, ld.s); } else { r = qldap_get_dn(q, &ld); if (r != OK) goto fail; r = qldap_rebind(q, ld.s, authdata->s); switch (r) { case OK: pwok = OK; break; case LDAP_BIND_AUTH: pwok = BADPASS; break; default: pwok = r; break; } } logit(32, "check_ldap: password compare was %s\n", pwok == OK?"successful":"not successful"); qldap_free(q); if (pwok == OK && needforward == 1) return FORWARD; return pwok; fail: qldap_free(q); return r; }