diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
commit | 6bb908898b833ec69c66e918de732af5bad68934 (patch) | |
tree | dd715a052f67849d38aedaa25eafa93241e938df /src/pies.c | |
parent | 9cb7455b12462a3679ed5208540793d802570481 (diff) | |
download | pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2 |
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.
* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.
* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.
* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list. All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list. Take
identity as the 3rd argument.
Diffstat (limited to 'src/pies.c')
-rw-r--r-- | src/pies.c | 63 |
1 files changed, 47 insertions, 16 deletions
@@ -18,6 +18,7 @@ #include <locale.h> #include <configmake.h> #include "meta1lex.h" +#include "identity.h" int preprocess_only; /* Preprocess config, do nothing more */ int lint_mode; /* Test configuration syntax and exit */ @@ -1541,9 +1542,15 @@ struct grecs_keyword control_keywords[] = { &control.url, 0, _cb_url}, {"acl", N_("name: string"), - N_("Set ACL."), + N_("Set connection ACL."), + grecs_type_section, GRECS_DFLT, + &control.conn_acl, 0, + acl_section_parser, NULL, acl_keywords}, + {"identity-acl", + N_("name: string"), + N_("Set identity ACL."), grecs_type_section, GRECS_DFLT, - &control.acl, 0, + &control.id_acl, 0, acl_section_parser, NULL, acl_keywords}, {"idle-timeout", "n", @@ -1760,6 +1767,8 @@ struct grecs_keyword pies_keywords[] = { &mailer_command_line, 0, NULL }, + { "identity-provider", "name: string", "Configure identity provider", + grecs_type_section, GRECS_INAC | GRECS_HIDDEN }, {NULL} }; @@ -1775,6 +1784,39 @@ config_init () obstack_grow (&pp_stk, DEFAULT_PREPROCESSOR, sizeof (DEFAULT_PREPROCESSOR) - 1); } + pies_identity_mechanism_register (&system_identity_mechanism); +#ifdef WITH_PAM + pies_identity_mechanism_register (&pam_identity_mechanism); +#endif +} + +static void +config_error () +{ + if (!init_process) + exit (EX_CONFIG); +} + +void +config_parse (char const *name) +{ + struct grecs_node *node; + struct grecs_node *tree = grecs_parse (name); + if (!tree) + config_error (); + + for (node = tree; node; node = node->next) + { + node = grecs_find_node (node, "identity-provider"); + if (!node) + break; + pies_config_provider (node); + } + + if (grecs_tree_process (tree, pies_keywords)) + config_error (); + + grecs_tree_free (tree); } void @@ -1786,6 +1828,7 @@ config_help () "For more information, use `info pies configuration'."); grecs_print_docstring (docstring, 0, stdout); grecs_print_statement_array (pies_keywords, 1, 0, stdout); + pies_config_identity_mechanisms_help (); } static enum config_syntax current_syntax = CONF_PIES; @@ -2241,13 +2284,6 @@ set_state_file_names (const char *base) qotdfile = mkfilename (statedir, base, ".qotd"); } -static void -config_error () -{ - if (!init_process) - exit (EX_CONFIG); -} - int main (int argc, char **argv) { @@ -2367,13 +2403,8 @@ main (int argc, char **argv) switch (file->syntax) { case CONF_PIES: - { - struct grecs_node *tree = grecs_parse (file->name); - if (!tree || grecs_tree_process (tree, pies_keywords)) - config_error (); - grecs_tree_free (tree); - break; - } + config_parse (file->name); + break; case CONF_INETD: if (inetd_parse_conf (file->name)) |