diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
commit | 6bb908898b833ec69c66e918de732af5bad68934 (patch) | |
tree | dd715a052f67849d38aedaa25eafa93241e938df /ident/ident.c | |
parent | 9cb7455b12462a3679ed5208540793d802570481 (diff) | |
download | pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2 |
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.
* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.
* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.
* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list. All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list. Take
identity as the 3rd argument.
Diffstat (limited to 'ident/ident.c')
-rw-r--r-- | ident/ident.c | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/ident/ident.c b/ident/ident.c new file mode 100644 index 0000000..38ae1a8 --- /dev/null +++ b/ident/ident.c @@ -0,0 +1,74 @@ +/* This file is part of GNU Pies. + Copyright (C) 2015 Sergey Poznyakoff + + GNU Pies is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3, or (at your option) + any later version. + + GNU Pies is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */ + +#include "ident.h" + +pies_identity_t +pies_identity_create (char const *user) +{ + pies_identity_t id = xmalloc (sizeof (*id)); + id->provider = NULL; + id->username = xstrdup (user); + id->data = NULL; + return id; +} + +int +pies_authenticate (pies_identity_provider_t pr, pies_identity_t id, + char const *passwd) +{ + if (!pr || !id) + return -1; + + if (pr->mech->authenticate (pr, id, passwd) == 0) + { + id->provider = pr; + return 0; + } + return 1; +} + +int +pies_identity_is_user (pies_identity_t id, char * const * users) +{ + if (!id) + return 0; + return is_array_member (users, id->username); +} + +int +pies_identity_is_group_member (pies_identity_t id, char * const * groups) +{ + pies_identity_provider_t provider; + if (!id) + return 0; + provider = id->provider; + if (!provider) + return 0; + return provider->mech->is_group_member (provider, id, groups); +} + +void +pies_identity_destroy (pies_identity_t id) +{ + pies_identity_provider_t provider = id->provider; + if (provider && provider->mech->destroy_identity) + provider->mech->destroy_identity (provider, id); + free (id); +} + + + |