aboutsummaryrefslogtreecommitdiff
path: root/ident
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2015-12-16 14:58:07 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2015-12-16 14:58:07 +0200
commit6bb908898b833ec69c66e918de732af5bad68934 (patch)
treedd715a052f67849d38aedaa25eafa93241e938df /ident
parent9cb7455b12462a3679ed5208540793d802570481 (diff)
downloadpies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz
pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src. * configure.ac: Check for crypt.h and PAM Build ident/Makefile * grecs: Update. * ident/Makefile.am: New file. * ident/ident.c: New file. * ident/ident.h: New file. * ident/identity.h: New file. * ident/pam.c: New file. * ident/provider.c: New file. * ident/system.c: New file. * lib/Makefile.am: Add arraymember.c * lib/arraymember.c: New file. * lib/libpies.h (is_array_member): New proto. * src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@ * src/acl.c (acl_entry): Remove groups. Add new members: names and name_match. (pies_acl_create): Deep copy the locus. Set free_entry function for the list. (pies_acl_free): Free locus. (_parse_from): Set free_entry function for the list. (_parse_group): Parse the "user" construct. (parse_acl_line): Deep copy the locus. Allow for null value. (acl_keywords): Update docstrings. (_acl_check): Rewrite identity checks. * src/acl.h (acl_input)<user,groups>: Remove. <identity>: New member. (pies_acl_free): New proto. * src/ctl.c (identity): New global. (cmdtab): New command: auth (ctlio) <addr,addrlen>: New members. (ctlio_create): Start from authenticated state only if no identity_providers are configured. (cmd_auth): New function. (cmd_help): Print only commands that are available in the current state. (ctl_accept): Initialize io->addr and io->addrlen. * src/inetd-bi.c: Change call to check_acl * src/pies.c: Include identity.h (control_keywords): New statement "identity-acl" (pies_keywords): New statement "identity-provider" (config_init): Register identity mechanisms. (config_parse): New function. (config_help): Print help on identity-provider statements. (main): Use config_parse to parse grecs-style configurations. * src/pies.h: Include identity.h (check_acl): Change argument list. All callers changed. (control): Remove acl. Add conn_acl and id_acl instead. * src/progman.c (check_acl): Change argument list. Take identity as the 3rd argument.
Diffstat (limited to 'ident')
-rw-r--r--ident/Makefile.am35
-rw-r--r--ident/ident.c74
-rw-r--r--ident/ident.h51
-rw-r--r--ident/identity.h39
-rw-r--r--ident/pam.c230
-rw-r--r--ident/provider.c161
-rw-r--r--ident/system.c137
7 files changed, 727 insertions, 0 deletions
diff --git a/ident/Makefile.am b/ident/Makefile.am
new file mode 100644
index 0000000..65ac145
--- /dev/null
+++ b/ident/Makefile.am
@@ -0,0 +1,35 @@
1# This file is part of GNU Pies.
2# Copyright (C) 2015 Sergey Poznyakoff
3#
4# GNU Pies is free software; you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation; either version 3, or (at your option)
7# any later version.
8#
9# GNU Pies is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */
16
17noinst_LIBRARIES = libident.a
18noinst_HEADERS = ident.h identity.h
19
20libident_a_SOURCES = \
21 provider.c\
22 ident.c\
23 system.c
24
25if PAM_COND
26 libident_a_SOURCES += pam.c
27endif
28
29AM_CPPFLAGS=\
30 -I$(top_srcdir)/lib\
31 -I.\
32 -I$(top_srcdir)/gnu\
33 -I$(top_builddir)/gnu\
34 @GRECS_INCLUDES@
35
diff --git a/ident/ident.c b/ident/ident.c
new file mode 100644
index 0000000..38ae1a8
--- /dev/null
+++ b/ident/ident.c
@@ -0,0 +1,74 @@
1/* This file is part of GNU Pies.
2 Copyright (C) 2015 Sergey Poznyakoff
3
4 GNU Pies is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 GNU Pies is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */
16
17#include "ident.h"
18
19pies_identity_t
20pies_identity_create (char const *user)
21{
22 pies_identity_t id = xmalloc (sizeof (*id));
23 id->provider = NULL;
24 id->username = xstrdup (user);
25 id->data = NULL;
26 return id;
27}
28
29int
30pies_authenticate (pies_identity_provider_t pr, pies_identity_t id,
31 char const *passwd)
32{
33 if (!pr || !id)
34 return -1;
35
36 if (pr->mech->authenticate (pr, id, passwd) == 0)
37 {
38 id->provider = pr;
39 return 0;
40 }
41 return 1;
42}
43
44int
45pies_identity_is_user (pies_identity_t id, char * const * users)
46{
47 if (!id)
48 return 0;
49 return is_array_member (users, id->username);
50}
51
52int
53pies_identity_is_group_member (pies_identity_t id, char * const * groups)
54{
55 pies_identity_provider_t provider;
56 if (!id)
57 return 0;
58 provider = id->provider;
59 if (!provider)
60 return 0;
61 return provider->mech->is_group_member (provider, id, groups);
62}
63
64void
65pies_identity_destroy (pies_identity_t id)
66{
67 pies_identity_provider_t provider = id->provider;
68 if (provider && provider->mech->destroy_identity)
69 provider->mech->destroy_identity (provider, id);
70 free (id);
71}
72
73
74
diff --git a/ident/ident.h b/ident/ident.h
new file mode 100644
index 0000000..313926c
--- /dev/null
+++ b/ident/ident.h
@@ -0,0 +1,51 @@
1/* This file is part of GNU Pies.
2 Copyright (C) 2015 Sergey Poznyakoff
3
4 GNU Pies is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 GNU Pies is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */
16
17#include <config.h>
18#include "xalloc.h"
19#include "libpies.h"
20#include "grecs.h"
21#include "identity.h"
22
23struct pies_identity
24{
25 pies_identity_provider_t provider;
26 char *username;
27 void *data;
28};
29
30struct pies_identity_mechanism
31{
32 char const *name;
33 int (*authenticate) (pies_identity_provider_t p,
34 pies_identity_t id, char const *passwd);
35 int (*is_group_member) (pies_identity_provider_t p,
36 pies_identity_t id, char * const * groups);
37 void (*destroy_identity) (pies_identity_provider_t p,
38 pies_identity_t id);
39 int (*configure)(struct grecs_node *, pies_identity_provider_t);
40 void (*confhelp) (void);
41};
42
43struct pies_identity_provider
44{
45 char *name;
46 pies_identity_mechanism_t mech;
47 struct grecs_locus locus;
48 void *data;
49};
50
51
diff --git a/ident/identity.h b/ident/identity.h
new file mode 100644
index 0000000..0ee129d
--- /dev/null
+++ b/ident/identity.h
@@ -0,0 +1,39 @@
1/* This file is part of GNU Pies.
2 Copyright (C) 2015 Sergey Poznyakoff
3
4 GNU Pies is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 GNU Pies is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */
16
17typedef struct pies_identity *pies_identity_t;
18typedef struct pies_identity_provider *pies_identity_provider_t;
19typedef struct pies_identity_mechanism *pies_identity_mechanism_t;
20
21pies_identity_t pies_identity_create (char const *user);
22void pies_identity_destroy (pies_identity_t id);
23
24int pies_authenticate (pies_identity_provider_t pr, pies_identity_t id,
25 char const *passwd);
26int pies_identity_is_user (pies_identity_t id, char * const * users);
27int pies_identity_is_group_member (pies_identity_t id, char * const * groups);
28
29char const *pies_identity_provider_name (pies_identity_provider_t p);
30
31int pies_identity_mechanism_register (pies_identity_mechanism_t mech);
32void pies_config_identity_mechanisms_help (void);
33int pies_config_provider (struct grecs_node *node);
34
35extern struct pies_identity_mechanism system_identity_mechanism;
36#ifdef WITH_PAM
37extern struct pies_identity_mechanism pam_identity_mechanism;
38#endif
39extern struct grecs_list *identity_provider_list;
diff --git a/ident/pam.c b/ident/pam.c
new file mode 100644
index 0000000..ef32c4d
--- /dev/null
+++ b/ident/pam.c
@@ -0,0 +1,230 @@
1/* This file is part of GNU Pies.
2 Copyright (C) 2015 Sergey Poznyakoff
3
4 GNU Pies is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3, or (at your option)
7 any later version.
8
9 GNU Pies is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with GNU Pies. If not, see <http://www.gnu.org/licenses/>. */
16
17#include "ident.h"
18#include <grp.h>
19#include <security/pam_appl.h>
20
21struct pam_identi