int
unixFileOpendir (rsComm_t *rsComm, char *dirname, void **outDirPtr)
{
int status;
DIR *dirPtr;
dirPtr = opendir (dirname);
#ifdef RUN_SERVER_AS_ROOT
if (dirPtr == NULL && errno == EACCES && isServiceUserSet()) {
/* if the directory can't be accessed due to permission */
/* denied try again using root credentials. */
if (changeToRootUser() == 0) {
dirPtr = opendir (dirname);
changeToServiceUser();
}
}
#endif
if (dirPtr != NULL) {
*outDirPtr = (void *) dirPtr;
status = 0;
return (0);
} else {
status = UNIX_FILE_OPENDIR_ERR - errno;
rodsLog (LOG_NOTICE,
"unixFileOpendir: opendir of %s error, status = %d",
dirname, status);
}
return (status);
}
int
unixFileFstat (rsComm_t *rsComm, int fd, struct stat *statbuf)
{
int status;
status = fstat (fd, statbuf);
#ifdef RUN_SERVER_AS_ROOT
if (status < 0 && errno == EACCES && isServiceUserSet()) {
/* if the file can't be accessed due to permission denied */
/* try again using root credentials. */
if (changeToRootUser() == 0) {
status = fstat (fd, statbuf);
changeToServiceUser();
}
}
#endif
if (status < 0) {
status = UNIX_FILE_FSTAT_ERR - errno;
rodsLog (LOG_DEBUG, "unixFileFstat: stat of fd %d error, status = %d",
fd, status);
}
return (status);
}
int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
pamAuthRequestOut_t **pamAuthRequestOut ) {
int status = 0;
pamAuthRequestOut_t *result;
bool run_server_as_root = false;
*pamAuthRequestOut = ( pamAuthRequestOut_t * )
malloc( sizeof( pamAuthRequestOut_t ) );
memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );
result = *pamAuthRequestOut;
irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root );
if ( run_server_as_root ) {
/* uid == euid is needed for some plugins e.g. libpam-sss */
status = changeToRootUser();
if ( status < 0 ) {
return status;
}
}
/* Normal mode, fork/exec setuid program to do the Pam check */
status = runPamAuthCheck( pamAuthRequestInp->pamUser,
pamAuthRequestInp->pamPassword );
if ( run_server_as_root ) {
changeToServiceUser();
}
if ( status == 256 ) {
status = PAM_AUTH_PASSWORD_FAILED;
}
else {
/* the exec failed or something (PamAuthCheck not built perhaps) */
if ( status != 0 ) {
status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
}
}
if ( status ) {
return status;
}
result->irodsPamPassword = ( char* )malloc( 100 );
if ( result->irodsPamPassword == 0 ) {
return SYS_MALLOC_ERR;
}
status = chlUpdateIrodsPamPassword( rsComm,
pamAuthRequestInp->pamUser,
pamAuthRequestInp->timeToLive,
NULL,
&result->irodsPamPassword );
return status;
}
int
_rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
pamAuthRequestOut_t **pamAuthRequestOut) {
int status = 0;
pamAuthRequestOut_t *result;
*pamAuthRequestOut = (pamAuthRequestOut_t *)
malloc(sizeof(pamAuthRequestOut_t));
memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t));
result = *pamAuthRequestOut;
#if defined(PAM_AUTH)
#ifdef RUN_SERVER_AS_ROOT
/* uid == euid is needed for some plugins e.g. libpam-sss */
status = changeToRootUser();
if (status < 0) {
return (status);
}
#endif
/* Normal mode, fork/exec setuid program to do the Pam check */
status = runPamAuthCheck(pamAuthRequestInp->pamUser,
pamAuthRequestInp->pamPassword);
#ifdef RUN_SERVER_AS_ROOT
changeToServiceUser();
#endif
if (status == 256) {
status = PAM_AUTH_PASSWORD_FAILED;
}
else {
/* the exec failed or something (PamAuthCheck not built perhaps) */
if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
}
if (status) {
return(status);
}
result->irodsPamPassword = (char*)malloc(100);
if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR);
status = chlUpdateIrodsPamPassword(rsComm,
pamAuthRequestInp->pamUser, NULL,
&result->irodsPamPassword);
return(status);
#else
status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
return (status);
#endif
}
