login_cap.c (116344) | login_cap.c (121193) |
---|---|
1/*- 2 * Copyright (c) 1996 by 3 * Sean Eric Fagan <sef@kithrup.com> 4 * David Nugent <davidn@blaze.net.au> 5 * All rights reserved. 6 * 7 * Portions copyright (c) 1995,1997 8 * Berkeley Software Design, Inc. --- 13 unchanged lines hidden (view full) --- 22 * 4. Absolutely no warranty of function or purpose is made by the authors. 23 * 5. Modifications may be freely made to this file providing the above 24 * conditions are met. 25 * 26 * Low-level routines relating to the user capabilities database 27 */ 28 29#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1996 by 3 * Sean Eric Fagan <sef@kithrup.com> 4 * David Nugent <davidn@blaze.net.au> 5 * All rights reserved. 6 * 7 * Portions copyright (c) 1995,1997 8 * Berkeley Software Design, Inc. --- 13 unchanged lines hidden (view full) --- 22 * 4. Absolutely no warranty of function or purpose is made by the authors. 23 * 5. Modifications may be freely made to this file providing the above 24 * conditions are met. 25 * 26 * Low-level routines relating to the user capabilities database 27 */ 28 29#include <sys/cdefs.h> |
30__FBSDID("$FreeBSD: head/lib/libutil/login_cap.c 116344 2003-06-14 18:42:37Z markm $"); | 30__FBSDID("$FreeBSD: head/lib/libutil/login_cap.c 121193 2003-10-18 10:04:16Z markm $"); |
31 32#include <sys/types.h> 33#include <sys/time.h> 34#include <sys/resource.h> 35#include <sys/param.h> 36#include <errno.h> 37#include <fcntl.h> 38#include <libutil.h> --- 15 unchanged lines hidden (view full) --- 54 * when necessary. 55 */ 56 57static int lc_object_count = 0; 58 59static size_t internal_stringsz = 0; 60static char * internal_string = NULL; 61static size_t internal_arraysz = 0; | 31 32#include <sys/types.h> 33#include <sys/time.h> 34#include <sys/resource.h> 35#include <sys/param.h> 36#include <errno.h> 37#include <fcntl.h> 38#include <libutil.h> --- 15 unchanged lines hidden (view full) --- 54 * when necessary. 55 */ 56 57static int lc_object_count = 0; 58 59static size_t internal_stringsz = 0; 60static char * internal_string = NULL; 61static size_t internal_arraysz = 0; |
62static char ** internal_array = NULL; | 62static const char ** internal_array = NULL; |
63 64static char * | 63 64static char * |
65allocstr(char *str) | 65allocstr(const char *str) |
66{ 67 char *p; 68 69 size_t sz = strlen(str) + 1; /* realloc() only if necessary */ 70 if (sz <= internal_stringsz) 71 p = strcpy(internal_string, str); 72 else if ((p = realloc(internal_string, sz)) != NULL) { 73 internal_stringsz = sz; 74 internal_string = strcpy(p, str); 75 } 76 return p; 77} 78 79 | 66{ 67 char *p; 68 69 size_t sz = strlen(str) + 1; /* realloc() only if necessary */ 70 if (sz <= internal_stringsz) 71 p = strcpy(internal_string, str); 72 else if ((p = realloc(internal_string, sz)) != NULL) { 73 internal_stringsz = sz; 74 internal_string = strcpy(p, str); 75 } 76 return p; 77} 78 79 |
80static char ** | 80static const char ** |
81allocarray(size_t sz) 82{ | 81allocarray(size_t sz) 82{ |
83 char **p; | 83 static const char **p; |
84 85 if (sz <= internal_arraysz) 86 p = internal_array; 87 else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) { 88 internal_arraysz = sz; 89 internal_array = p; 90 } 91 return p; 92} 93 94 95/* 96 * arrayize() 97 * Turn a simple string <str> separated by any of 98 * the set of <chars> into an array. The last element 99 * of the array will be NULL, as is proper. 100 * Free using freearraystr() 101 */ 102 | 84 85 if (sz <= internal_arraysz) 86 p = internal_array; 87 else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) { 88 internal_arraysz = sz; 89 internal_array = p; 90 } 91 return p; 92} 93 94 95/* 96 * arrayize() 97 * Turn a simple string <str> separated by any of 98 * the set of <chars> into an array. The last element 99 * of the array will be NULL, as is proper. 100 * Free using freearraystr() 101 */ 102 |
103static char ** 104arrayize(char *str, const char *chars, int *size) | 103static const char ** 104arrayize(const char *str, const char *chars, int *size) |
105{ 106 int i; | 105{ 106 int i; |
107 char *ptr; 108 char **res = NULL; | 107 const char *ptr; 108 const char **res = NULL; |
109 110 /* count the sub-strings */ 111 for (i = 0, ptr = str; *ptr; i++) { 112 int count = strcspn(ptr, chars); 113 ptr += count; 114 if (*ptr) 115 ++ptr; 116 } --- 69 unchanged lines hidden (view full) --- 186 if ((lc = malloc(sizeof(login_cap_t))) != NULL) { 187 int r, me, i = 0; 188 uid_t euid = 0; 189 gid_t egid = 0; 190 const char *msg = NULL; 191 const char *dir; 192 char userpath[MAXPATHLEN]; 193 | 109 110 /* count the sub-strings */ 111 for (i = 0, ptr = str; *ptr; i++) { 112 int count = strcspn(ptr, chars); 113 ptr += count; 114 if (*ptr) 115 ++ptr; 116 } --- 69 unchanged lines hidden (view full) --- 186 if ((lc = malloc(sizeof(login_cap_t))) != NULL) { 187 int r, me, i = 0; 188 uid_t euid = 0; 189 gid_t egid = 0; 190 const char *msg = NULL; 191 const char *dir; 192 char userpath[MAXPATHLEN]; 193 |
194 static char *login_dbarray[] = { NULL, NULL, NULL }; | 194 static const char *login_dbarray[] = { NULL, NULL, NULL }; |
195 196 me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0); 197 dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir; 198 /* 199 * Switch to user mode before checking/reading its ~/.login_conf 200 * - some NFSes have root read access disabled. 201 * 202 * XXX: This fails to configure additional groups. --- 16 unchanged lines hidden (view full) --- 219 login_dbarray[i] = NULL; 220 221 memset(lc, 0, sizeof(login_cap_t)); 222 lc->lc_cap = lc->lc_class = lc->lc_style = NULL; 223 224 if (name == NULL || *name == '\0') 225 name = LOGIN_DEFCLASS; 226 | 195 196 me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0); 197 dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir; 198 /* 199 * Switch to user mode before checking/reading its ~/.login_conf 200 * - some NFSes have root read access disabled. 201 * 202 * XXX: This fails to configure additional groups. --- 16 unchanged lines hidden (view full) --- 219 login_dbarray[i] = NULL; 220 221 memset(lc, 0, sizeof(login_cap_t)); 222 lc->lc_cap = lc->lc_class = lc->lc_style = NULL; 223 224 if (name == NULL || *name == '\0') 225 name = LOGIN_DEFCLASS; 226 |
227 switch (cgetent(&lc->lc_cap, login_dbarray, (char*)name)) { | 227 switch (cgetent(&lc->lc_cap, login_dbarray, name)) { |
228 case -1: /* Failed, entry does not exist */ 229 if (me) 230 break; /* Don't retry default on 'me' */ 231 if (i == 0) 232 r = -1; 233 else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0) 234 close(r); 235 /* 236 * If there's at least one login class database, 237 * and we aren't searching for a default class 238 * then complain about a non-existent class. 239 */ 240 if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0) 241 syslog(LOG_ERR, "login_getclass: unknown class '%s'", name); 242 /* fall-back to default class */ 243 name = LOGIN_DEFCLASS; 244 msg = "%s: no default/fallback class '%s'"; | 228 case -1: /* Failed, entry does not exist */ 229 if (me) 230 break; /* Don't retry default on 'me' */ 231 if (i == 0) 232 r = -1; 233 else if ((r = open(login_dbarray[0], O_RDONLY)) >= 0) 234 close(r); 235 /* 236 * If there's at least one login class database, 237 * and we aren't searching for a default class 238 * then complain about a non-existent class. 239 */ 240 if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0) 241 syslog(LOG_ERR, "login_getclass: unknown class '%s'", name); 242 /* fall-back to default class */ 243 name = LOGIN_DEFCLASS; 244 msg = "%s: no default/fallback class '%s'"; |
245 if (cgetent(&lc->lc_cap, login_dbarray, (char*)name) != 0 && r >= 0) | 245 if (cgetent(&lc->lc_cap, login_dbarray, name) != 0 && r >= 0) |
246 break; 247 /* FALLTHROUGH - just return system defaults */ 248 case 0: /* success! */ 249 if ((lc->lc_class = strdup(name)) != NULL) { 250 if (dir) { 251 (void)seteuid(euid); 252 (void)setegid(egid); 253 } --- 93 unchanged lines hidden (view full) --- 347login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error) 348{ 349 char *res; 350 int ret; 351 352 if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0') 353 return def; 354 | 246 break; 247 /* FALLTHROUGH - just return system defaults */ 248 case 0: /* success! */ 249 if ((lc->lc_class = strdup(name)) != NULL) { 250 if (dir) { 251 (void)seteuid(euid); 252 (void)setegid(egid); 253 } --- 93 unchanged lines hidden (view full) --- 347login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error) 348{ 349 char *res; 350 int ret; 351 352 if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0') 353 return def; 354 |
355 if ((ret = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) | 355 if ((ret = cgetstr(lc->lc_cap, cap, &res)) == -1) |
356 return def; 357 return (ret >= 0) ? res : error; 358} 359 360 361/* 362 * login_getcaplist() 363 * Given a login_cap entry, and a capability name, return the 364 * value defined for that capability split into an array of 365 * strings. 366 */ 367 | 356 return def; 357 return (ret >= 0) ? res : error; 358} 359 360 361/* 362 * login_getcaplist() 363 * Given a login_cap entry, and a capability name, return the 364 * value defined for that capability split into an array of 365 * strings. 366 */ 367 |
368char ** | 368const char ** |
369login_getcaplist(login_cap_t *lc, const char *cap, const char *chars) 370{ | 369login_getcaplist(login_cap_t *lc, const char *cap, const char *chars) 370{ |
371 char *lstring; | 371 const char *lstring; |
372 373 if (chars == NULL) 374 chars = ", \t"; | 372 373 if (chars == NULL) 374 chars = ", \t"; |
375 if ((lstring = (char *)login_getcapstr(lc, cap, NULL, NULL)) != NULL) | 375 if ((lstring = login_getcapstr(lc, cap, NULL, NULL)) != NULL) |
376 return arrayize(lstring, chars, NULL); 377 return NULL; 378} 379 380 381/* 382 * login_getpath() 383 * From the login_cap_t <lc>, get the capability <cap> which is 384 * formatted as either a space or comma delimited list of paths 385 * and append them all into a string and separate by semicolons. 386 * If there is an error of any kind, return <error>. 387 */ 388 389const char * 390login_getpath(login_cap_t *lc, const char *cap, const char *error) 391{ 392 const char *str; | 376 return arrayize(lstring, chars, NULL); 377 return NULL; 378} 379 380 381/* 382 * login_getpath() 383 * From the login_cap_t <lc>, get the capability <cap> which is 384 * formatted as either a space or comma delimited list of paths 385 * and append them all into a string and separate by semicolons. 386 * If there is an error of any kind, return <error>. 387 */ 388 389const char * 390login_getpath(login_cap_t *lc, const char *cap, const char *error) 391{ 392 const char *str; |
393 char *ptr; 394 int count; |
|
393 | 395 |
394 if ((str = login_getcapstr(lc, cap, NULL, NULL)) == NULL) 395 str = error; 396 else { 397 char *ptr = (char *)str; 398 399 while (*ptr) { 400 int count = strcspn(ptr, ", \t"); 401 ptr += count; 402 if (*ptr) 403 *ptr++ = ':'; 404 } | 396 str = login_getcapstr(lc, cap, NULL, NULL); 397 if (str == NULL) 398 return error; 399 ptr = __DECONST(char *, str); /* XXXX Yes, very dodgy */ 400 while (*ptr) { 401 count = strcspn(ptr, ", \t"); 402 ptr += count; 403 if (*ptr) 404 *ptr++ = ':'; |
405 } 406 return str; 407} 408 409 410static int 411isinfinite(const char *s) 412{ --- 117 unchanged lines hidden (view full) --- 530 return def; 531 532 /* 533 * Look for <cap> in lc_cap. 534 * If it's not there (-1), return <def>. 535 * If there's an error, return <error>. 536 */ 537 | 405 } 406 return str; 407} 408 409 410static int 411isinfinite(const char *s) 412{ --- 117 unchanged lines hidden (view full) --- 530 return def; 531 532 /* 533 * Look for <cap> in lc_cap. 534 * If it's not there (-1), return <def>. 535 * If there's an error, return <error>. 536 */ 537 |
538 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) | 538 if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) |
539 return def; 540 else if (r < 0) { 541 errno = ERANGE; 542 return error; 543 } 544 545 /* "inf" and "infinity" are special cases */ 546 if (isinfinite(res)) --- 70 unchanged lines hidden (view full) --- 617 rlim_t val; 618 619 if (lc == NULL || lc->lc_cap == NULL) 620 return def; 621 622 /* 623 * For BSDI compatibility, try for the tag=<val> first 624 */ | 539 return def; 540 else if (r < 0) { 541 errno = ERANGE; 542 return error; 543 } 544 545 /* "inf" and "infinity" are special cases */ 546 if (isinfinite(res)) --- 70 unchanged lines hidden (view full) --- 617 rlim_t val; 618 619 if (lc == NULL || lc->lc_cap == NULL) 620 return def; 621 622 /* 623 * For BSDI compatibility, try for the tag=<val> first 624 */ |
625 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) { | 625 if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) { |
626 long lval; 627 /* string capability not present, so try for tag#<val> as numeric */ | 626 long lval; 627 /* string capability not present, so try for tag#<val> as numeric */ |
628 if ((r = cgetnum(lc->lc_cap, (char *)cap, &lval)) == -1) | 628 if ((r = cgetnum(lc->lc_cap, cap, &lval)) == -1) |
629 return def; /* Not there, so return default */ 630 else if (r >= 0) 631 return (rlim_t)lval; 632 } 633 634 if (r < 0) { 635 errno = ERANGE; 636 return error; --- 29 unchanged lines hidden (view full) --- 666{ 667 char *ep, *res, *oval; 668 int r; 669 rlim_t tot; 670 671 if (lc == NULL || lc->lc_cap == NULL) 672 return def; 673 | 629 return def; /* Not there, so return default */ 630 else if (r >= 0) 631 return (rlim_t)lval; 632 } 633 634 if (r < 0) { 635 errno = ERANGE; 636 return error; --- 29 unchanged lines hidden (view full) --- 666{ 667 char *ep, *res, *oval; 668 int r; 669 rlim_t tot; 670 671 if (lc == NULL || lc->lc_cap == NULL) 672 return def; 673 |
674 if ((r = cgetstr(lc->lc_cap, (char *)cap, &res)) == -1) | 674 if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) |
675 return def; 676 else if (r < 0) { 677 errno = ERANGE; 678 return error; 679 } 680 681 if (isinfinite(res)) 682 return RLIM_INFINITY; --- 51 unchanged lines hidden (view full) --- 734 * the whether or not <cap> exists there. 735 */ 736 737int 738login_getcapbool(login_cap_t *lc, const char *cap, int def) 739{ 740 if (lc == NULL || lc->lc_cap == NULL) 741 return def; | 675 return def; 676 else if (r < 0) { 677 errno = ERANGE; 678 return error; 679 } 680 681 if (isinfinite(res)) 682 return RLIM_INFINITY; --- 51 unchanged lines hidden (view full) --- 734 * the whether or not <cap> exists there. 735 */ 736 737int 738login_getcapbool(login_cap_t *lc, const char *cap, int def) 739{ 740 if (lc == NULL || lc->lc_cap == NULL) 741 return def; |
742 return (cgetcap(lc->lc_cap, (char *)cap, ':') != NULL); | 742 return (cgetcap(lc->lc_cap, cap, ':') != NULL); |
743} 744 745 746/* 747 * login_getstyle() 748 * Given a login_cap entry <lc>, and optionally a type of auth <auth>, 749 * and optionally a style <style>, find the style that best suits these 750 * rules: --- 11 unchanged lines hidden (view full) --- 762 * login_getstyle(lc, "login", NULL); 763 * login_getstyle(lc, "skey", "network"); 764 */ 765 766const char * 767login_getstyle(login_cap_t *lc, const char *style, const char *auth) 768{ 769 int i; | 743} 744 745 746/* 747 * login_getstyle() 748 * Given a login_cap entry <lc>, and optionally a type of auth <auth>, 749 * and optionally a style <style>, find the style that best suits these 750 * rules: --- 11 unchanged lines hidden (view full) --- 762 * login_getstyle(lc, "login", NULL); 763 * login_getstyle(lc, "skey", "network"); 764 */ 765 766const char * 767login_getstyle(login_cap_t *lc, const char *style, const char *auth) 768{ 769 int i; |
770 char **authtypes = NULL; | 770 const char **authtypes = NULL; |
771 char *auths= NULL; 772 char realauth[64]; 773 | 771 char *auths= NULL; 772 char realauth[64]; 773 |
774 static char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL }; | 774 static const char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL }; |
775 776 if (auth != NULL && *auth != '\0') { | 775 776 if (auth != NULL && *auth != '\0') { |
777 if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < sizeof realauth) | 777 if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < (int)sizeof(realauth)) |
778 authtypes = login_getcaplist(lc, realauth, NULL); 779 } 780 781 if (authtypes == NULL) 782 authtypes = login_getcaplist(lc, "auth", NULL); 783 784 if (authtypes == NULL) 785 authtypes = defauthtypes; --- 21 unchanged lines hidden --- | 778 authtypes = login_getcaplist(lc, realauth, NULL); 779 } 780 781 if (authtypes == NULL) 782 authtypes = login_getcaplist(lc, "auth", NULL); 783 784 if (authtypes == NULL) 785 authtypes = defauthtypes; --- 21 unchanged lines hidden --- |