Implement authentication on control socket.

* Makefile.am (SUBDIRS): Add src. * configure.ac: Check for crypt.h and PAM Build ident/Makefile * grecs: Update. * ident/Makefile.am: New file. * ident/ident.c: New file. * ident/ident.h: New file. * ident/identity.h: New file. * ident/pam.c: New file. * ident/provider.c: New file. * ident/system.c: New file. * lib/Makefile.am: Add arraymember.c * lib/arraymember.c: New file. * lib/libpies.h (is_array_member): New proto. * src/Makefile.am (LDADD): Add libident.a and @PAM_LIBS@ * src/acl.c (acl_entry): Remove groups. Add new members: names and name_match. (pies_acl_create): Deep copy the locus. Set free_entry function for the list. (pies_acl_free): Free locus. (_parse_from): Set free_entry function for the list. (_parse_group): Parse the "user" construct. (parse_acl_line): Deep copy the locus. Allow for null value. (acl_keywords): Update docstrings. (_acl_check): Rewrite identity checks. * src/acl.h (acl_input)<user,groups>: Remove. <identity>: New member. (pies_acl_free): New proto. * src/ctl.c (identity): New global. (cmdtab): New command: auth (ctlio) <addr,addrlen>: New members. (ctlio_create): Start from authenticated state only if no identity_providers are configured. (cmd_auth): New function. (cmd_help): Print only commands that are available in the current state. (ctl_accept): Initialize io->addr and io->addrlen. * src/inetd-bi.c: Change call to check_acl * src/pies.c: Include identity.h (control_keywords): New statement "identity-acl" (pies_keywords): New statement "identity-provider" (config_init): Register identity mechanisms. (config_parse): New function. (config_help): Print help on identity-provider statements. (main): Use config_parse to parse grecs-style configurations. * src/pies.h: Include identity.h (check_acl): Change argument list. All callers changed. (control): Remove acl. Add conn_acl and id_acl instead. * src/progman.c (check_acl): Change argument list. Take identity as the 3rd argument.
author: Sergey Poznyakoff <gray@gnu.org.ua> 2015-12-16 14:58:07 +0200
committer: Sergey Poznyakoff <gray@gnu.org.ua> 2015-12-16 14:58:07 +0200
commit: 6bb908898b833ec69c66e918de732af5bad68934 (patch)
tree: dd715a052f67849d38aedaa25eafa93241e938df /src
parent: 9cb7455b12462a3679ed5208540793d802570481 (diff)
download: pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz
pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2
8 files changed, 248 insertions, 75 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 04634c7..ab4546f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -60,15 +60,18 @@ SUFFIXES=.opt .c .h
 cmdline.h: cmdline.opt
 LDADD = \
+ ../ident/libident.a\
 ../lib/libpies.a\
 @GRECS_LDADD@\
 ../gnu/libgnu.a\
- $(MF_PROCTITLE_LIBS)
+ $(MF_PROCTITLE_LIBS)\
+ @PAM_LIBS@
 pkgstatedir=$(localstatedir)/pies
 AM_CPPFLAGS=\
 -I$(top_srcdir)/lib\
+ -I$(top_srcdir)/ident\
 -I$(top_srcdir)/gnu\
 -I$(top_builddir)/gnu\
 @GRECS_INCLUDES@\
diff --git a/src/acl.c b/src/acl.c
index 301f56f..fb6adfb 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -33,13 +33,21 @@ struct pies_sockaddr
  struct sockaddr sa;
 };
+enum name_match
+  {
+    match_none,
+    match_user_name,
+    match_group_name
+  };
 struct acl_entry
 {
  grecs_locus_t locus;
  int allow;
  int authenticated;
  pies_acl_t acl;
-  struct grecs_list *groups;
+  enum name_match name_match;
+  char **names;
  struct grecs_list *sockaddrs;
 };
@@ -53,14 +61,61 @@ struct pies_acl
 /* ACL creation */
+void
+grecs_locus_point_copy (struct grecs_locus_point *dst,
+                        struct grecs_locus_point *src)
+{
+  dst->file = grecs_strdup (src->file);
+  dst->line = src->line;
+  dst->col = src->col;
+}
+void
+grecs_locus_copy (struct grecs_locus *dst, struct grecs_locus *src)
+{
+  grecs_locus_point_copy (&dst->beg, &src->beg);
+  grecs_locus_point_copy (&dst->end, &src->end);
+}
+void
+grecs_locus_point_free (struct grecs_locus_point *p)
+{
+  grecs_free (p->file);
+}
+void
+grecs_locus_free (struct grecs_locus *loc)
+{
+  grecs_locus_point_free (&loc->beg);
+  grecs_locus_point_free (&loc->end);
+}
+static void
+acl_free_entry (void *p)
+{
+  struct acl_entry *ent = p;
+  pies_acl_free (ent->acl);
+  grecs_locus_free (&ent->locus);
+  grecs_list_free (ent->sockaddrs);
+  if (ent->names)
+    {
+      size_t i;
+      for (i = 0; ent->names[i]; i++)
+        free (ent->names[i]);
+      free (ent->names);
+    }
+  free (ent);
+}
 pies_acl_t
 pies_acl_create (const char *name, grecs_locus_t *locus)
 {
  pies_acl_t acl = xmalloc (sizeof (acl[0]));
  acl->name = name ? xstrdup (name) : NULL;
-  acl->locus = *locus;
+  grecs_locus_copy (&acl->locus, locus);
  acl->list = grecs_list_create ();
+  acl->list->free_entry = acl_free_entry;
  return acl;
 }
@@ -68,6 +123,7 @@ void
 pies_acl_free (pies_acl_t acl)
 {
  free (acl->name);
+  grecs_locus_free (&acl->locus);
  grecs_list_free (acl->list);
  free (acl);
 }
@@ -196,6 +252,12 @@ _parse_sockaddr (struct acl_entry *entry, const grecs_value_t *value)
  return 0;
 }
+static void
+sockaddr_free (void *p)
+{
+  free (p);
+}
 static int
 _parse_from (struct acl_entry *entry, size_t argc, grecs_value_t **argv)
 {
@@ -223,6 +285,7 @@ _parse_from (struct acl_entry *entry, size_t argc, grecs_value_t **argv)
    }
  entry->sockaddrs = grecs_list_create ();
+  entry->sockaddrs->free_entry = sockaddr_free;
  if (argv[0]->type == GRECS_TYPE_STRING)
    {
      if (_parse_sockaddr (entry, argv[0]))
@@ -288,22 +351,38 @@ static int
 _parse_group (struct acl_entry *entry, size_t argc, grecs_value_t **argv)
 {
  if (strcmp (argv[0]->v.string, "group") == 0)
+    entry->name_match = match_group_name;
+  else if (strcmp (argv[0]->v.string, "user") == 0)
+    entry->name_match = match_user_name;
+  else
+    entry->name_match = match_none;
+  if (entry->name_match != match_none)
    {
      argc--;
      argv++;
      if (argc == 0)
        {
          grecs_error (&entry->locus, 0,
-                       _("expected group list, but found end of statement"));
+                       _("expected identity list, but found end of statement"));
          return 1;
        }
      if (argv[0]->type == GRECS_TYPE_STRING)
        {
-          entry->groups = grecs_list_create ();
+          entry->names = xcalloc (2, sizeof (entry->names[0]));
-          grecs_list_append (entry->groups, xstrdup (argv[0]->v.string));
+          entry->names[0] = xstrdup (argv[0]->v.string);
+          entry->names[1] = NULL;
        }
      else
-        entry->groups = argv[0]->v.list;
+        {
+          size_t i;
+          struct grecs_list_entry *ep;
+          entry->names = xcalloc (argv[0]->v.list->count + 1,
+                                   sizeof (entry->names[0]));
+          for (i = 0, ep = argv[0]->v.list->head; ep; ep = ep->next, ++i)
+            entry->names[i] = xstrdup (ep->data);
+          entry->names[i] = NULL;
+        }
      argc--;
      argv++;
    }
@@ -327,29 +406,30 @@ parse_acl_line (grecs_locus_t *locus, int allow, pies_acl_t acl,
 {
  struct acl_entry *entry = xzalloc (sizeof (*entry));
-  entry->locus = *locus;
+  grecs_locus_copy (&entry->locus, locus);
  entry->allow = allow;
-  switch (value->type)
+  if (value)
-    {
+    switch (value->type)
-    case GRECS_TYPE_STRING:
+      {
-      if (_parse_token (entry, value))
+      case GRECS_TYPE_STRING:
-        {
+        if (_parse_token (entry, value))
-          grecs_error (&entry->locus, 0, _("unknown word `%s'"),
+          {
-                       value->v.string);
+            grecs_error (&entry->locus, 0, _("unknown word `%s'"),
+                         value->v.string);
+            return 1;
+          }
author	Sergey Poznyakoff <gray@gnu.org.ua>	2015-12-16 14:58:07 +0200
committer	Sergey Poznyakoff <gray@gnu.org.ua>	2015-12-16 14:58:07 +0200
commit	6bb908898b833ec69c66e918de732af5bad68934 (patch)
tree	dd715a052f67849d38aedaa25eafa93241e938df /src
parent	9cb7455b12462a3679ed5208540793d802570481 (diff)
download	pies-6bb908898b833ec69c66e918de732af5bad68934.tar.gz pies-6bb908898b833ec69c66e918de732af5bad68934.tar.bz2