int unixFileOpendir (rsComm_t *rsComm, char *dirname, void **outDirPtr) { int status; DIR *dirPtr; dirPtr = opendir (dirname); #ifdef RUN_SERVER_AS_ROOT if (dirPtr == NULL && errno == EACCES && isServiceUserSet()) { /* if the directory can't be accessed due to permission */ /* denied try again using root credentials. */ if (changeToRootUser() == 0) { dirPtr = opendir (dirname); changeToServiceUser(); } } #endif if (dirPtr != NULL) { *outDirPtr = (void *) dirPtr; status = 0; return (0); } else { status = UNIX_FILE_OPENDIR_ERR - errno; rodsLog (LOG_NOTICE, "unixFileOpendir: opendir of %s error, status = %d", dirname, status); } return (status); }
int unixFileFstat (rsComm_t *rsComm, int fd, struct stat *statbuf) { int status; status = fstat (fd, statbuf); #ifdef RUN_SERVER_AS_ROOT if (status < 0 && errno == EACCES && isServiceUserSet()) { /* if the file can't be accessed due to permission denied */ /* try again using root credentials. */ if (changeToRootUser() == 0) { status = fstat (fd, statbuf); changeToServiceUser(); } } #endif if (status < 0) { status = UNIX_FILE_FSTAT_ERR - errno; rodsLog (LOG_DEBUG, "unixFileFstat: stat of fd %d error, status = %d", fd, status); } return (status); }
int _rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp, pamAuthRequestOut_t **pamAuthRequestOut ) { int status = 0; pamAuthRequestOut_t *result; bool run_server_as_root = false; *pamAuthRequestOut = ( pamAuthRequestOut_t * ) malloc( sizeof( pamAuthRequestOut_t ) ); memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) ); result = *pamAuthRequestOut; irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root ); if ( run_server_as_root ) { /* uid == euid is needed for some plugins e.g. libpam-sss */ status = changeToRootUser(); if ( status < 0 ) { return status; } } /* Normal mode, fork/exec setuid program to do the Pam check */ status = runPamAuthCheck( pamAuthRequestInp->pamUser, pamAuthRequestInp->pamPassword ); if ( run_server_as_root ) { changeToServiceUser(); } if ( status == 256 ) { status = PAM_AUTH_PASSWORD_FAILED; } else { /* the exec failed or something (PamAuthCheck not built perhaps) */ if ( status != 0 ) { status = PAM_AUTH_NOT_BUILT_INTO_SERVER; } } if ( status ) { return status; } result->irodsPamPassword = ( char* )malloc( 100 ); if ( result->irodsPamPassword == 0 ) { return SYS_MALLOC_ERR; } status = chlUpdateIrodsPamPassword( rsComm, pamAuthRequestInp->pamUser, pamAuthRequestInp->timeToLive, NULL, &result->irodsPamPassword ); return status; }
int _rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp, pamAuthRequestOut_t **pamAuthRequestOut) { int status = 0; pamAuthRequestOut_t *result; *pamAuthRequestOut = (pamAuthRequestOut_t *) malloc(sizeof(pamAuthRequestOut_t)); memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t)); result = *pamAuthRequestOut; #if defined(PAM_AUTH) #ifdef RUN_SERVER_AS_ROOT /* uid == euid is needed for some plugins e.g. libpam-sss */ status = changeToRootUser(); if (status < 0) { return (status); } #endif /* Normal mode, fork/exec setuid program to do the Pam check */ status = runPamAuthCheck(pamAuthRequestInp->pamUser, pamAuthRequestInp->pamPassword); #ifdef RUN_SERVER_AS_ROOT changeToServiceUser(); #endif if (status == 256) { status = PAM_AUTH_PASSWORD_FAILED; } else { /* the exec failed or something (PamAuthCheck not built perhaps) */ if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER; } if (status) { return(status); } result->irodsPamPassword = (char*)malloc(100); if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR); status = chlUpdateIrodsPamPassword(rsComm, pamAuthRequestInp->pamUser, NULL, &result->irodsPamPassword); return(status); #else status = PAM_AUTH_NOT_BUILT_INTO_SERVER; return (status); #endif }