diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2015-12-16 14:58:07 +0200 |
commit | 6bb908898b833ec69c66e918de732af5bad68934 (patch) | |
tree | dd715a052f67849d38aedaa25eafa93241e938df /src | |
parent | 9cb7455b12462a3679ed5208540793d802570481 (diff) | |
download | pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2 |
Implement authentication on control socket.
* Makefile.am (SUBDIRS): Add src.
* configure.ac: Check for crypt.h and PAM
Build ident/Makefile
* grecs: Update.
* ident/Makefile.am: New file.
* ident/ident.c: New file.
* ident/ident.h: New file.
* ident/identity.h: New file.
* ident/pam.c: New file.
* ident/provider.c: New file.
* ident/system.c: New file.
* lib/Makefile.am: Add arraymember.c
* lib/arraymember.c: New file.
* lib/libpies.h (is_array_member): New proto.
* src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@
* src/acl.c (acl_entry): Remove groups. Add new members:
names and name_match.
(pies_acl_create): Deep copy the locus.
Set free_entry function for the list.
(pies_acl_free): Free locus.
(_parse_from): Set free_entry function for the list.
(_parse_group): Parse the "user" construct.
(parse_acl_line): Deep copy the locus.
Allow for null value.
(acl_keywords): Update docstrings.
(_acl_check): Rewrite identity checks.
* src/acl.h (acl_input)<user,groups>: Remove.
<identity>: New member.
(pies_acl_free): New proto.
* src/ctl.c (identity): New global.
(cmdtab): New command: auth
(ctlio) <addr,addrlen>: New members.
(ctlio_create): Start from authenticated state
only if no identity_providers are configured.
(cmd_auth): New function.
(cmd_help): Print only commands that are available
in the current state.
(ctl_accept): Initialize io->addr and io->addrlen.
* src/inetd-bi.c: Change call to check_acl
* src/pies.c: Include identity.h
(control_keywords): New statement "identity-acl"
(pies_keywords): New statement "identity-provider"
(config_init): Register identity mechanisms.
(config_parse): New function.
(config_help): Print help on identity-provider
statements.
(main): Use config_parse to parse grecs-style configurations.
* src/pies.h: Include identity.h
(check_acl): Change argument list. All callers changed.
(control): Remove acl. Add conn_acl and id_acl instead.
* src/progman.c (check_acl): Change argument list. Take
identity as the 3rd argument.
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 5 | ||||
-rw-r--r-- | src/acl.c | 164 | ||||
-rw-r--r-- | src/acl.h | 4 | ||||
-rw-r--r-- | src/ctl.c | 68 | ||||
-rw-r--r-- | src/inetd-bi.c | 2 | ||||
-rw-r--r-- | src/pies.c | 63 | ||||
-rw-r--r-- | src/pies.h | 7 | ||||
-rw-r--r-- | src/progman.c | 10 |
8 files changed, 248 insertions, 75 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 04634c7..ab4546f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
@@ -60,15 +60,18 @@ SUFFIXES=.opt .c .h | |||
60 | cmdline.h: cmdline.opt | 60 | cmdline.h: cmdline.opt |
61 | 61 | ||
62 | LDADD = \ | 62 | LDADD = \ |
63 | ../ident/libident.a\ | ||
63 | ../lib/libpies.a\ | 64 | ../lib/libpies.a\ |
64 | @GRECS_LDADD@\ | 65 | @GRECS_LDADD@\ |
65 | ../gnu/libgnu.a\ | 66 | ../gnu/libgnu.a\ |
66 | $(MF_PROCTITLE_LIBS) | 67 | $(MF_PROCTITLE_LIBS)\ |
68 | @PAM_LIBS@ | ||
67 | 69 | ||
68 | pkgstatedir=$(localstatedir)/pies | 70 | pkgstatedir=$(localstatedir)/pies |
69 | 71 | ||
70 | AM_CPPFLAGS=\ | 72 | AM_CPPFLAGS=\ |
71 | -I$(top_srcdir)/lib\ | 73 | -I$(top_srcdir)/lib\ |
74 | -I$(top_srcdir)/ident\ | ||
72 | -I$(top_srcdir)/gnu\ | 75 | -I$(top_srcdir)/gnu\ |
73 | -I$(top_builddir)/gnu\ | 76 | -I$(top_builddir)/gnu\ |
74 | @GRECS_INCLUDES@\ | 77 | @GRECS_INCLUDES@\ |
@@ -33,13 +33,21 @@ struct pies_sockaddr | |||
33 | struct sockaddr sa; | 33 | struct sockaddr sa; |
34 | }; | 34 | }; |
35 | 35 | ||
36 | enum name_match | ||
37 | { | ||
38 | match_none, | ||
39 | match_user_name, | ||
40 | match_group_name | ||
41 | }; | ||
42 | |||
36 | struct acl_entry | 43 | struct acl_entry |
37 | { | 44 | { |
38 | grecs_locus_t locus; | 45 | grecs_locus_t locus; |
39 | int allow; | 46 | int allow; |
40 | int authenticated; | 47 | int authenticated; |
41 | pies_acl_t acl; | 48 | pies_acl_t acl; |
42 | struct grecs_list *groups; | 49 | enum name_match name_match; |
50 | char **names; | ||
43 | struct grecs_list *sockaddrs; | 51 | struct grecs_list *sockaddrs; |
44 | }; | 52 | }; |
45 | 53 | ||
@@ -53,14 +61,61 @@ struct pies_acl | |||
53 | 61 | ||
54 | 62 | ||
55 | /* ACL creation */ | 63 | /* ACL creation */ |
64 | void | ||
65 | grecs_locus_point_copy (struct grecs_locus_point *dst, | ||
66 | struct grecs_locus_point *src) | ||
67 | { | ||
68 | dst->file = grecs_strdup (src->file); | ||
69 | dst->line = src->line; | ||
70 | dst->col = src->col; | ||
71 | } | ||
72 | |||
73 | void | ||
74 | grecs_locus_copy (struct grecs_locus *dst, struct grecs_locus *src) | ||
75 | { | ||
76 | grecs_locus_point_copy (&dst->beg, &src->beg); | ||
77 | grecs_locus_point_copy (&dst->end, &src->end); | ||
78 | } | ||
79 | |||
80 | void | ||
81 | grecs_locus_point_free (struct grecs_locus_point *p) | ||
82 | { | ||
83 | grecs_free (p->file); | ||
84 | } | ||
85 | |||
86 | void | ||
87 | grecs_locus_free (struct grecs_locus *loc) | ||
88 | { | ||
89 | grecs_locus_point_free (&loc->beg); | ||
90 | grecs_locus_point_free (&loc->end); | ||
91 | } | ||
92 | |||
93 | static void | ||
94 | acl_free_entry (void *p) | ||
95 | { | ||
96 | struct acl_entry *ent = p; | ||
97 | pies_acl_free (ent->acl); | ||
98 | grecs_locus_free (&ent->locus); | ||
99 | grecs_list_free (ent->sockaddrs); | ||
100 | if (ent->names) | ||
101 | { | ||
102 | size_t i; | ||
103 | |||
104 | for (i = 0; ent->names[i]; i++) | ||
105 | free (ent->names[i]); | ||
106 | free (ent->names); | ||
107 | } | ||
108 | free (ent); | ||
109 | } | ||
56 | 110 | ||
57 | pies_acl_t | 111 | pies_acl_t |
58 | pies_acl_create (const char *name, grecs_locus_t *locus) | 112 | pies_acl_create (const char *name, grecs_locus_t *locus) |
59 | { | 113 | { |
60 | pies_acl_t acl = xmalloc (sizeof (acl[0])); | 114 | pies_acl_t acl = xmalloc (sizeof (acl[0])); |
61 | acl->name = name ? xstrdup (name) : NULL; | 115 | acl->name = name ? xstrdup (name) : NULL; |
62 | acl->locus = *locus; | 116 | grecs_locus_copy (&acl->locus, locus); |
63 | acl->list = grecs_list_create (); | 117 | acl->list = grecs_list_create (); |
118 | acl->list->free_entry = acl_free_entry; | ||
64 | return acl; | 119 | return acl; |
65 | } | 120 | } |
66 | 121 | ||
@@ -68,6 +123,7 @@ void | |||
68 | pies_acl_free (pies_acl_t acl) | 123 | pies_acl_free (pies_acl_t acl) |
69 | { | 124 | { |
70 | free (acl->name); | 125 | free (acl->name); |
126 | grecs_locus_free (&acl->locus); | ||
71 | grecs_list_free (acl->list); | 127 | grecs_list_free (acl->list); |
72 | free (acl); | 128 | free (acl); |
73 | } | 129 | } |
@@ -196,6 +252,12 @@ _parse_sockaddr (struct acl_entry *entry, const grecs_value_t *value) | |||
196 | return 0; | 252 | return 0; |
197 | } | 253 | } |
198 | 254 | ||
255 | static void | ||
256 | sockaddr_free (void *p) | ||
257 | { | ||
258 | free (p); | ||
259 | } | ||
260 | |||
199 | static int | 261 | static int |
200 | _parse_from (struct acl_entry *entry, size_t argc, grecs_value_t **argv) | 262 | _parse_from (struct acl_entry *entry, size_t argc, grecs_value_t **argv) |
201 | { | 263 | { |
@@ -223,6 +285,7 @@ _parse_from (struct acl_entry *entry, size_t argc, grecs_value_t **argv) | |||
223 | } | 285 | } |
224 | 286 | ||
225 | entry->sockaddrs = grecs_list_create (); | 287 | entry->sockaddrs = grecs_list_create (); |
288 | entry->sockaddrs->free_entry = sockaddr_free; | ||
226 | if (argv[0]->type == GRECS_TYPE_STRING) | 289 | if (argv[0]->type == GRECS_TYPE_STRING) |
227 | { | 290 | { |
228 | if (_parse_sockaddr (entry, argv[0])) | 291 | if (_parse_sockaddr (entry, argv[0])) |
@@ -288,22 +351,38 @@ static int | |||
288 | _parse_group (struct acl_entry *entry, size_t argc, grecs_value_t **argv) | 351 | _parse_group (struct acl_entry *entry, size_t argc, grecs_value_t **argv) |
289 | { | 352 | { |
290 | if (strcmp (argv[0]->v.string, "group") == 0) | 353 | if (strcmp (argv[0]->v.string, "group") == 0) |
354 | entry->name_match = match_group_name; | ||
355 | else if (strcmp (argv[0]->v.string, "user") == 0) | ||
356 | entry->name_match = match_user_name; | ||
357 | else | ||
358 | entry->name_match = match_none; | ||
359 | |||
360 | if (entry->name_match != match_none) | ||
291 | { | 361 | { |
292 | argc--; | 362 | argc--; |
293 | argv++; | 363 | argv++; |
294 | if (argc == 0) | 364 | if (argc == 0) |
295 | { | 365 | { |
296 | grecs_error (&entry->locus, 0, | 366 | grecs_error (&entry->locus, 0, |
297 | _("expected group list, but found end of statement")); | 367 | _("expected identity list, but found end of statement")); |
298 | return 1; | 368 | return 1; |
299 | } | 369 | } |
300 | if (argv[0]->type == GRECS_TYPE_STRING) | 370 | if (argv[0]->type == GRECS_TYPE_STRING) |
301 | { | 371 | { |
302 | entry->groups = grecs_list_create (); | 372 | entry->names = xcalloc (2, sizeof (entry->names[0])); |
303 | grecs_list_append (entry->groups, xstrdup (argv[0]->v.string)); | 373 | entry->names[0] = xstrdup (argv[0]->v.string); |
374 | entry->names[1] = NULL; | ||
304 | } | 375 | } |
305 | else | 376 | else |
306 | entry->groups = argv[0]->v.list; | 377 | { |
378 | size_t i; | ||
379 | struct grecs_list_entry *ep; | ||
380 | entry->names = xcalloc (argv[0]->v.list->count + 1, | ||
381 | sizeof (entry->names[0])); | ||
382 | for (i = 0, ep = argv[0]->v.list->head; ep; ep = ep->next, ++i) | ||
383 | entry->names[i] = xstrdup (ep->data); | ||
384 | entry->names[i] = NULL; | ||
385 | } | ||
307 | argc--; | 386 | argc--; |
308 | argv++; | 387 | argv++; |
309 | } | 388 | } |
@@ -327,29 +406,30 @@ parse_acl_line (grecs_locus_t *locus, int allow, pies_acl_t acl, | |||
327 | { | 406 | { |
328 | struct acl_entry *entry = xzalloc (sizeof (*entry)); | 407 | struct acl_entry *entry = xzalloc (sizeof (*entry)); |
329 | 408 | ||
330 | entry->locus = *locus; | 409 | grecs_locus_copy (&entry->locus, locus); |
331 | entry->allow = allow; | 410 | entry->allow = allow; |
332 | 411 | ||
333 | switch (value->type) | 412 | if (value) |
334 | { | 413 | switch (value->type) |
335 | case GRECS_TYPE_STRING: | 414 | { |
336 | if (_parse_token (entry, value)) | 415 | case GRECS_TYPE_STRING: |
337 | { | 416 | if (_parse_token (entry, value)) |
338 | grecs_error (&entry->locus, 0, _("unknown word `%s'"), | 417 | { |
339 | value->v.string); | 418 | grecs_error (&entry->locus, 0, _("unknown word `%s'"), |
419 | value->v.string); | ||
420 | return 1; | ||
421 | } | ||