460b9539 |
1 | /* |
2 | * This file is part of DisOrder |
3 | * Copyright (C) 2005 Richard Kettlewell |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, but |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | * General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License |
16 | * along with this program; if not, write to the Free Software |
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
18 | * USA |
19 | */ |
20 | |
21 | #include <config.h> |
22 | #include "types.h" |
23 | |
24 | #include <pwd.h> |
25 | #include <gcrypt.h> |
26 | #include <errno.h> |
27 | #include <unistd.h> |
28 | #include <sys/stat.h> |
29 | #include <fcntl.h> |
30 | #include <stdio.h> |
31 | |
32 | #include "authorize.h" |
33 | #include "log.h" |
34 | #include "configuration.h" |
35 | #include "printf.h" |
36 | #include "hex.h" |
37 | |
38 | int authorize(const char *user) { |
39 | uint8_t pwbin[10]; |
40 | const struct passwd *pw, *jbpw; |
41 | gid_t jbgid; |
42 | char *c, *t, *pwhex; |
43 | int fd; |
44 | FILE *fp; |
45 | |
46 | if(!(jbpw = getpwnam(config->user))) |
47 | fatal(0, "cannot find user %s", config->user); |
48 | jbgid = jbpw->pw_gid; |
49 | if(!(pw = getpwnam(user))) |
50 | fatal(0, "no such user as %s", user); |
51 | if((c = config_userconf(0, pw)) && access(c, F_OK) == 0) { |
52 | error(0, "%s already exists", c); |
53 | return -1; |
54 | } |
55 | if((c = config_usersysconf(pw)) && access(c, F_OK) == 0) { |
56 | error(0, "%s already exists", c); |
57 | return -1; |
58 | } |
59 | byte_xasprintf(&t, "%s.new", c); |
60 | gcry_randomize(pwbin, sizeof pwbin, GCRY_STRONG_RANDOM); |
61 | pwhex = hex(pwbin, sizeof pwbin); |
62 | |
63 | /* create config.USER, to end up with mode 440 user:jukebox */ |
64 | if((fd = open(t, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) |
65 | fatal(errno, "error creating %s", t); |
66 | if(fchown(fd, pw->pw_uid, -1) < 0) |
67 | fatal(errno, "error chowning %s", t); |
68 | if(fchmod(fd, 0400) < 0) |
69 | fatal(errno, "error chmoding %s", t); |
70 | if(!(fp = fdopen(fd, "w"))) |
71 | fatal(errno, "error calling fdopen"); |
72 | if(fprintf(fp, "password %s\n", pwhex) < 0 |
73 | || fclose(fp) < 0) |
74 | fatal(errno, "error writing to %s", t); |
75 | if(rename(t, c) < 0) |
76 | fatal(errno, "error renaming %s to %s", t, c); |
77 | |
78 | /* append to config.private. We might create it along the way (though this |
79 | * is unlikely) in which case it had better be 640 root:jukebox */ |
80 | if(!(c = config_private())) |
81 | fatal(0, "cannot determine private config file"); |
82 | if((fd = open(c, O_WRONLY|O_APPEND|O_CREAT, 0600)) < 0) |
83 | fatal(errno, "error opening %s", c); |
84 | if(fchown(fd, 0, jbgid) < 0) |
85 | fatal(errno, "error chowning %s", c); |
86 | if(fchmod(fd, 0640) < 0) |
87 | fatal(errno, "error chmoding %s", t); |
88 | if(!(fp = fdopen(fd, "a"))) |
89 | fatal(errno, "error calling fdopen"); |
90 | if(fprintf(fp, "allow %s %s\n", user, pwhex) < 0 |
91 | || fclose(fp) < 0) |
92 | fatal(errno, "error appending to %s", c); |
93 | return 0; |
94 | } |
95 | |
96 | /* |
97 | Local Variables: |
98 | c-basic-offset:2 |
99 | comment-column:40 |
100 | fill-column:79 |
101 | indent-tabs-mode:nil |
102 | End: |
103 | */ |