static int
authnewns(int ctlfd, char *buf, int size, int n)
{
char *p, *q;
USED(size);
if (n <= 0)
return 0;
buf[n] = '\0';
if (strcmp(buf, "n/a") == 0)
return 0;
auth(buf, n, ctlfd);
p = strchr(buf, '@');
if (p == nil)
return 0;
++p;
q = strchr(p, '@');
if (q) {
*q = '\0';
uname = strdup(p);
}
if (!tflag && newns(p, nsfile) < 0) {
syslog(0, "ssh", "server: newns(%s,%s) failed: %r", p, nsfile);
return -1;
}
return 0;
}
bool WMINamespaceClass::ParseNamespaceRecords(const wchar_t *path) {
if (Init(path)) {
wchar_t rootNS[] = NAMESPACE_ROOT;
DWORD i = 0;
NamespaceNames.clear();
NamespaceNames.push_back(rootNS);
while (i < NamespaceNames.size()) {
IndexBTR index(m_bXP);
std::string strSearch;
std::wstring wstrNamespace = NamespaceNames[i];
BuildNSInstanceSearchString(wstrNamespace.c_str(), strSearch, m_bXP);
if (index.SearchBTRFile(path, Map, strSearch)) {
std::vector<std::string> *records = index.GetResults();
if (records) {
std::vector<std::string>::iterator it = records->begin();
for (; it != records->end(); ++it) {
NamespaceStruct nsStruct;
if (AddNamespaceRecord(*it, nsStruct)) {
std::wstring ns;
if (ParseNSRecord(nsStruct, ns)) {
std::wstring newns(NamespaceNames.at(i).c_str());
newns += L"\\";
newns += ns;
NamespaceNames.push_back(newns);
}
}
}
}
}
i++;
}
return true;
}
return false;
}
static int
srvnoauth(int fd, char *user)
{
int ufd;
if(readstr(fd, user, MaxStr) < 0)
return -1;
if(strcmp(user, gethostowner()) == 0){
writestr(fd, "permission denied: hostowner", "hostowner", 0);
return -1;
}
writestr(fd, "", "", 1);
ealgs = nil;
if(strcmp(user, "none") == 0){
if((ufd = open("#c/user", OWRITE)) < 0)
return -1;
if(write(ufd, "none", 4) < 0)
return -1;
close(ufd);
}
else
chuid(user);
newns(user, nil);
return fd;
}
void newexp(char *name) {
struct rrnode *prr = findrr(name);
if (expbit == 0) {
expbit = nbit;
newns("_expect:0.0.0.0", 0);
}
prr->bits |= expbit;
}
static int
srvnoauth(int fd, char *user)
{
strecpy(user, user+MaxStr, getuser());
ealgs = nil;
newns(user, nil);
return fd;
}
static int
dologin(char *response)
{
AuthInfo *ai;
static int tries;
static uint32_t delaysecs = 5;
chs->user = user;
chs->resp = response;
chs->nresp = strlen(response);
if((ai = auth_response(chs)) == nil){
if(tries >= 20){
senderr("authentication failed: %r; server exiting");
exits(nil);
}
if(++tries == 3)
syslog(0, "pop3", "likely password guesser from %s",
peeraddr);
delaysecs *= 2;
if (delaysecs > 30*60)
delaysecs = 30*60; /* half-hour max. */
sleep(delaysecs * 1000); /* prevent beating on our auth server */
return senderr("authentication failed");
}
if(auth_chuid(ai, nil) < 0){
senderr("chuid failed: %r; server exiting");
exits(nil);
}
auth_freeAI(ai);
auth_freechal(chs);
chs = nil;
loggedin = 1;
if(newns(user, 0) < 0){
senderr("newns failed: %r; server exiting");
exits(nil);
}
syslog(0, "pop3", "user %s logged in", user);
enableaddr();
if(readmbox(box) < 0)
exits(nil);
return sendok("mailbox is %s", box);
}
void
setupuser(AuthInfo *ai)
{
Waitmsg *w;
int pid;
if(ai){
strecpy(username, username+sizeof username, ai->cuid);
if(auth_chuid(ai, nil) < 0)
bye("user auth failed: %r");
auth_freeAI(ai);
}else
strecpy(username, username+sizeof username, getuser());
if(newns(username, 0) < 0)
bye("user login failed: %r");
/*
* hack to allow access to outgoing smtp forwarding
*/
enableForwarding();
snprint(mboxDir, MboxNameLen, "/mail/box/%s", username);
if(myChdir(mboxDir) < 0)
bye("can't open user's mailbox");
switch(pid = fork()){
case -1:
bye("can't initialize mail system");
break;
case 0:
execl("/bin/upas/fs", "upas/fs", "-np", nil);
_exits("rob1");
_exits(0);
break;
default:
break;
}
if((w=wait()) == nil || w->pid != pid || w->msg[0] != '\0')
bye("can't initialize mail system");
free(w);
}
/*
* become powerless user
*/
int
become(char **cmd, char *who)
{
int fd;
USED(cmd);
if(strcmp(who, "none") == 0) {
fd = open("#c/user", OWRITE);
if(fd < 0 || write(fd, "none", strlen("none")) < 0) {
werrstr("can't become none");
return -1;
}
close(fd);
if(newns("none", 0)) {
werrstr("can't set new namespace");
return -1;
}
}
return 0;
}
void
main(int argc, char **argv)
{
extern int newnsdebug;
char *defargv[] = { "/bin/rc", "-i", nil };
char *nsfile, err[ERRMAX];
int add;
rfork(RFNAMEG);
add = 0;
nsfile = "/lib/namespace";
ARGBEGIN{
case 'a':
add = 1;
break;
case 'd':
newnsdebug = 1;
break;
case 'n':
nsfile = ARGF();
break;
default:
usage();
break;
}ARGEND
if(argc == 0)
argv = defargv;
if (add)
addns(getuser(), nsfile);
else
newns(getuser(), nsfile);
exec(argv[0], argv);
if(!rooted(argv[0])){
rerrstr(err, sizeof err);
exec(smprint("/bin/%s", argv[0]), argv);
errstr(err, sizeof err);
}
sysfatal("exec: %s: %r", argv[0]);
}
void
main(int argc, char *argv[])
{
char pass[ANAMELEN];
char buf[2*ANAMELEN];
char home[2*ANAMELEN];
char srvname[2*ANAMELEN];
char *user, *sysname, *tz, *cputype, *service;
AuthInfo *ai;
ARGBEGIN{
}ARGEND;
rfork(RFENVG|RFNAMEG);
service = getenv("service");
if(strcmp(service, "cpu") == 0)
fprint(2, "login: warning: running on a cpu server!\n");
if(argc != 1){
fprint(2, "usage: login username\n");
exits("usage");
}
user = argv[0];
memset(pass, 0, sizeof(pass));
readln("Password: "******"login incorrect");
/* change uid */
chuid(ai);
/* start a new factotum and hand it a new key */
startfactotum(user, pass, srvname);
/* set up new namespace */
newns(ai->cuid, nil);
auth_freeAI(ai);
/* remount the factotum */
mountfactotum(srvname);
/* set up a new environment */
cputype = getenv("cputype");
sysname = getenv("sysname");
tz = getenv("timezone");
rfork(RFCENVG);
setenv("#e/service", "con");
setenv("#e/user", user);
snprint(home, sizeof(home), "/usr/%s", user);
setenv("#e/home", home);
setenv("#e/cputype", cputype);
setenv("#e/objtype", cputype);
if(sysname != nil)
setenv("#e/sysname", sysname);
if(tz != nil)
setenv("#e/timezone", tz);
/* go to new home directory */
snprint(buf, sizeof(buf), "/usr/%s", user);
if(chdir(buf) < 0)
chdir("/");
/* read profile and start interactive rc */
execl("/bin/rc", "rc", "-li", nil);
exits(0);
}
/*
* send mail
*/
int
mail(Fs *f, char *rcvr, char *user, int32_t et)
{
int pid, i, fd;
int pfd[2];
char *ct, *p;
Waitmsg *w;
char buf[128];
if(pipe(pfd) < 0){
complain("out of pipes: %r");
return 0;
}
switch(pid = fork()){
case -1:
complain("can't fork: %r");
return 0;
case 0:
break;
default:
if(debug)
fprint(2, "started %d\n", pid);
close(pfd[0]);
ct = ctime(et);
p = strchr(ct, '\n');
*p = '.';
fprint(pfd[1], "User '%s's %s expires on %s\n", user, f->msg, ct);
if(f != fs)
fprint(pfd[1], "If you wish to renew contact your local administrator.\n");
p = strrchr(f->keys, '/');
if(p)
p++;
else
p = f->keys;
snprint(buf, sizeof buf, "/adm/warn.%s", p);
fd = open(buf, OREAD);
if(fd >= 0){
while((i = read(fd, buf, sizeof(buf))) > 0)
write(pfd[1], buf, i);
close(fd);
}
close(pfd[1]);
/* wait for warning to be mailed */
for(;;){
w = wait();
if(w == nil)
break;
if(w->pid == pid){
if(debug)
fprint(2, "%d terminated: %s\n", pid, w->msg);
if(w->msg[0] == 0){
free(w);
break;
}else{
free(w);
return 0;
}
}else
free(w);
}
return 1;
}
/* get out of the current namespace */
newns("none", 0);
dup(pfd[0], 0);
close(pfd[0]);
close(pfd[1]);
putenv("upasname", "netkeys");
if(debug){
print("\nto %s\n", rcvr);
execl("/bin/cat", "cat", nil);
}
execl("/bin/upas/send", "send", "-r", rcvr, nil);
/* just in case */
sysfatal("can't exec send: %r");
return 0; /* for compiler */
}
int main(int argc, char **argv) {
char *s;
int i;
int flags;
prand = getpid();
while(1) {
switch(getopt(argc, argv, "+w:At:n:N:Ce:d")) {
case 'w':
who = strdup(optarg);
break;
case 'A':
authq = 1;
break;
case 't':
qtype = atoi(optarg);
for (i=DNSQTYPEMIN;i<=DNSQTYPEMAX;i++) {
s = dnsqtypename(i);
if (s && !strcmp(optarg, s)) {
qtype = i;
break;
}
}
if (!qtype) puke("Bad -t option");
break;
case 'n':
newns(optarg, 0);
break;
case 'N':
newns(optarg, 1);
break;
case 'C':
syncsev = CRITBIT;
break;
case 'e':
newexp(optarg);
break;
case 'd':
debug = 1;
break;
case EOF:
goto doneopts;
default:
usage();
}
}
doneopts:
if (!who) usage();
dnsfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (dnsfd == -1) barf("socket");
/* see UNPv2 p58 */
if ((flags = fcntl(dnsfd, F_GETFL, 0)) == -1) barf("fcntl F_GETFL");
flags |= O_NONBLOCK;
if (fcntl(dnsfd, F_SETFL, flags) == -1) barf("fcntl F_SETFL");
sloop();
endgame();
}
