static int authnewns(int ctlfd, char *buf, int size, int n) { char *p, *q; USED(size); if (n <= 0) return 0; buf[n] = '\0'; if (strcmp(buf, "n/a") == 0) return 0; auth(buf, n, ctlfd); p = strchr(buf, '@'); if (p == nil) return 0; ++p; q = strchr(p, '@'); if (q) { *q = '\0'; uname = strdup(p); } if (!tflag && newns(p, nsfile) < 0) { syslog(0, "ssh", "server: newns(%s,%s) failed: %r", p, nsfile); return -1; } return 0; }
bool WMINamespaceClass::ParseNamespaceRecords(const wchar_t *path) { if (Init(path)) { wchar_t rootNS[] = NAMESPACE_ROOT; DWORD i = 0; NamespaceNames.clear(); NamespaceNames.push_back(rootNS); while (i < NamespaceNames.size()) { IndexBTR index(m_bXP); std::string strSearch; std::wstring wstrNamespace = NamespaceNames[i]; BuildNSInstanceSearchString(wstrNamespace.c_str(), strSearch, m_bXP); if (index.SearchBTRFile(path, Map, strSearch)) { std::vector<std::string> *records = index.GetResults(); if (records) { std::vector<std::string>::iterator it = records->begin(); for (; it != records->end(); ++it) { NamespaceStruct nsStruct; if (AddNamespaceRecord(*it, nsStruct)) { std::wstring ns; if (ParseNSRecord(nsStruct, ns)) { std::wstring newns(NamespaceNames.at(i).c_str()); newns += L"\\"; newns += ns; NamespaceNames.push_back(newns); } } } } } i++; } return true; } return false; }
static int srvnoauth(int fd, char *user) { int ufd; if(readstr(fd, user, MaxStr) < 0) return -1; if(strcmp(user, gethostowner()) == 0){ writestr(fd, "permission denied: hostowner", "hostowner", 0); return -1; } writestr(fd, "", "", 1); ealgs = nil; if(strcmp(user, "none") == 0){ if((ufd = open("#c/user", OWRITE)) < 0) return -1; if(write(ufd, "none", 4) < 0) return -1; close(ufd); } else chuid(user); newns(user, nil); return fd; }
void newexp(char *name) { struct rrnode *prr = findrr(name); if (expbit == 0) { expbit = nbit; newns("_expect:0.0.0.0", 0); } prr->bits |= expbit; }
static int srvnoauth(int fd, char *user) { strecpy(user, user+MaxStr, getuser()); ealgs = nil; newns(user, nil); return fd; }
static int dologin(char *response) { AuthInfo *ai; static int tries; static uint32_t delaysecs = 5; chs->user = user; chs->resp = response; chs->nresp = strlen(response); if((ai = auth_response(chs)) == nil){ if(tries >= 20){ senderr("authentication failed: %r; server exiting"); exits(nil); } if(++tries == 3) syslog(0, "pop3", "likely password guesser from %s", peeraddr); delaysecs *= 2; if (delaysecs > 30*60) delaysecs = 30*60; /* half-hour max. */ sleep(delaysecs * 1000); /* prevent beating on our auth server */ return senderr("authentication failed"); } if(auth_chuid(ai, nil) < 0){ senderr("chuid failed: %r; server exiting"); exits(nil); } auth_freeAI(ai); auth_freechal(chs); chs = nil; loggedin = 1; if(newns(user, 0) < 0){ senderr("newns failed: %r; server exiting"); exits(nil); } syslog(0, "pop3", "user %s logged in", user); enableaddr(); if(readmbox(box) < 0) exits(nil); return sendok("mailbox is %s", box); }
void setupuser(AuthInfo *ai) { Waitmsg *w; int pid; if(ai){ strecpy(username, username+sizeof username, ai->cuid); if(auth_chuid(ai, nil) < 0) bye("user auth failed: %r"); auth_freeAI(ai); }else strecpy(username, username+sizeof username, getuser()); if(newns(username, 0) < 0) bye("user login failed: %r"); /* * hack to allow access to outgoing smtp forwarding */ enableForwarding(); snprint(mboxDir, MboxNameLen, "/mail/box/%s", username); if(myChdir(mboxDir) < 0) bye("can't open user's mailbox"); switch(pid = fork()){ case -1: bye("can't initialize mail system"); break; case 0: execl("/bin/upas/fs", "upas/fs", "-np", nil); _exits("rob1"); _exits(0); break; default: break; } if((w=wait()) == nil || w->pid != pid || w->msg[0] != '\0') bye("can't initialize mail system"); free(w); }
/* * become powerless user */ int become(char **cmd, char *who) { int fd; USED(cmd); if(strcmp(who, "none") == 0) { fd = open("#c/user", OWRITE); if(fd < 0 || write(fd, "none", strlen("none")) < 0) { werrstr("can't become none"); return -1; } close(fd); if(newns("none", 0)) { werrstr("can't set new namespace"); return -1; } } return 0; }
void main(int argc, char **argv) { extern int newnsdebug; char *defargv[] = { "/bin/rc", "-i", nil }; char *nsfile, err[ERRMAX]; int add; rfork(RFNAMEG); add = 0; nsfile = "/lib/namespace"; ARGBEGIN{ case 'a': add = 1; break; case 'd': newnsdebug = 1; break; case 'n': nsfile = ARGF(); break; default: usage(); break; }ARGEND if(argc == 0) argv = defargv; if (add) addns(getuser(), nsfile); else newns(getuser(), nsfile); exec(argv[0], argv); if(!rooted(argv[0])){ rerrstr(err, sizeof err); exec(smprint("/bin/%s", argv[0]), argv); errstr(err, sizeof err); } sysfatal("exec: %s: %r", argv[0]); }
void main(int argc, char *argv[]) { char pass[ANAMELEN]; char buf[2*ANAMELEN]; char home[2*ANAMELEN]; char srvname[2*ANAMELEN]; char *user, *sysname, *tz, *cputype, *service; AuthInfo *ai; ARGBEGIN{ }ARGEND; rfork(RFENVG|RFNAMEG); service = getenv("service"); if(strcmp(service, "cpu") == 0) fprint(2, "login: warning: running on a cpu server!\n"); if(argc != 1){ fprint(2, "usage: login username\n"); exits("usage"); } user = argv[0]; memset(pass, 0, sizeof(pass)); readln("Password: "******"login incorrect"); /* change uid */ chuid(ai); /* start a new factotum and hand it a new key */ startfactotum(user, pass, srvname); /* set up new namespace */ newns(ai->cuid, nil); auth_freeAI(ai); /* remount the factotum */ mountfactotum(srvname); /* set up a new environment */ cputype = getenv("cputype"); sysname = getenv("sysname"); tz = getenv("timezone"); rfork(RFCENVG); setenv("#e/service", "con"); setenv("#e/user", user); snprint(home, sizeof(home), "/usr/%s", user); setenv("#e/home", home); setenv("#e/cputype", cputype); setenv("#e/objtype", cputype); if(sysname != nil) setenv("#e/sysname", sysname); if(tz != nil) setenv("#e/timezone", tz); /* go to new home directory */ snprint(buf, sizeof(buf), "/usr/%s", user); if(chdir(buf) < 0) chdir("/"); /* read profile and start interactive rc */ execl("/bin/rc", "rc", "-li", nil); exits(0); }
/* * send mail */ int mail(Fs *f, char *rcvr, char *user, int32_t et) { int pid, i, fd; int pfd[2]; char *ct, *p; Waitmsg *w; char buf[128]; if(pipe(pfd) < 0){ complain("out of pipes: %r"); return 0; } switch(pid = fork()){ case -1: complain("can't fork: %r"); return 0; case 0: break; default: if(debug) fprint(2, "started %d\n", pid); close(pfd[0]); ct = ctime(et); p = strchr(ct, '\n'); *p = '.'; fprint(pfd[1], "User '%s's %s expires on %s\n", user, f->msg, ct); if(f != fs) fprint(pfd[1], "If you wish to renew contact your local administrator.\n"); p = strrchr(f->keys, '/'); if(p) p++; else p = f->keys; snprint(buf, sizeof buf, "/adm/warn.%s", p); fd = open(buf, OREAD); if(fd >= 0){ while((i = read(fd, buf, sizeof(buf))) > 0) write(pfd[1], buf, i); close(fd); } close(pfd[1]); /* wait for warning to be mailed */ for(;;){ w = wait(); if(w == nil) break; if(w->pid == pid){ if(debug) fprint(2, "%d terminated: %s\n", pid, w->msg); if(w->msg[0] == 0){ free(w); break; }else{ free(w); return 0; } }else free(w); } return 1; } /* get out of the current namespace */ newns("none", 0); dup(pfd[0], 0); close(pfd[0]); close(pfd[1]); putenv("upasname", "netkeys"); if(debug){ print("\nto %s\n", rcvr); execl("/bin/cat", "cat", nil); } execl("/bin/upas/send", "send", "-r", rcvr, nil); /* just in case */ sysfatal("can't exec send: %r"); return 0; /* for compiler */ }
int main(int argc, char **argv) { char *s; int i; int flags; prand = getpid(); while(1) { switch(getopt(argc, argv, "+w:At:n:N:Ce:d")) { case 'w': who = strdup(optarg); break; case 'A': authq = 1; break; case 't': qtype = atoi(optarg); for (i=DNSQTYPEMIN;i<=DNSQTYPEMAX;i++) { s = dnsqtypename(i); if (s && !strcmp(optarg, s)) { qtype = i; break; } } if (!qtype) puke("Bad -t option"); break; case 'n': newns(optarg, 0); break; case 'N': newns(optarg, 1); break; case 'C': syncsev = CRITBIT; break; case 'e': newexp(optarg); break; case 'd': debug = 1; break; case EOF: goto doneopts; default: usage(); } } doneopts: if (!who) usage(); dnsfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if (dnsfd == -1) barf("socket"); /* see UNPv2 p58 */ if ((flags = fcntl(dnsfd, F_GETFL, 0)) == -1) barf("fcntl F_GETFL"); flags |= O_NONBLOCK; if (fcntl(dnsfd, F_SETFL, flags) == -1) barf("fcntl F_SETFL"); sloop(); endgame(); }