chiark / gitweb /
create users.db (but don't do anythin with it). tighter db permissions
[disorder] / clients / authorize.c
CommitLineData
460b9539 1/*
2 * This file is part of DisOrder
318ad6a8 3 * Copyright (C) 2005, 2007 Richard Kettlewell
460b9539 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
18 * USA
19 */
20
21#include <config.h>
22#include "types.h"
23
24#include <pwd.h>
25#include <gcrypt.h>
26#include <errno.h>
27#include <unistd.h>
28#include <sys/stat.h>
29#include <fcntl.h>
30#include <stdio.h>
31
32#include "authorize.h"
33#include "log.h"
34#include "configuration.h"
35#include "printf.h"
36#include "hex.h"
37
38int authorize(const char *user) {
39 uint8_t pwbin[10];
40 const struct passwd *pw, *jbpw;
41 gid_t jbgid;
42 char *c, *t, *pwhex;
43 int fd;
44 FILE *fp;
45
46 if(!(jbpw = getpwnam(config->user)))
47 fatal(0, "cannot find user %s", config->user);
48 jbgid = jbpw->pw_gid;
49 if(!(pw = getpwnam(user)))
50 fatal(0, "no such user as %s", user);
51 if((c = config_userconf(0, pw)) && access(c, F_OK) == 0) {
52 error(0, "%s already exists", c);
53 return -1;
54 }
55 if((c = config_usersysconf(pw)) && access(c, F_OK) == 0) {
56 error(0, "%s already exists", c);
57 return -1;
58 }
59 byte_xasprintf(&t, "%s.new", c);
60 gcry_randomize(pwbin, sizeof pwbin, GCRY_STRONG_RANDOM);
61 pwhex = hex(pwbin, sizeof pwbin);
62
318ad6a8 63 /* create config.USER, to end up with mode 400 user:<anything> */
460b9539 64 if((fd = open(t, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0)
65 fatal(errno, "error creating %s", t);
66 if(fchown(fd, pw->pw_uid, -1) < 0)
67 fatal(errno, "error chowning %s", t);
68 if(fchmod(fd, 0400) < 0)
69 fatal(errno, "error chmoding %s", t);
70 if(!(fp = fdopen(fd, "w")))
71 fatal(errno, "error calling fdopen");
72 if(fprintf(fp, "password %s\n", pwhex) < 0
73 || fclose(fp) < 0)
74 fatal(errno, "error writing to %s", t);
75 if(rename(t, c) < 0)
76 fatal(errno, "error renaming %s to %s", t, c);
77
78 /* append to config.private. We might create it along the way (though this
79 * is unlikely) in which case it had better be 640 root:jukebox */
80 if(!(c = config_private()))
81 fatal(0, "cannot determine private config file");
82 if((fd = open(c, O_WRONLY|O_APPEND|O_CREAT, 0600)) < 0)
83 fatal(errno, "error opening %s", c);
84 if(fchown(fd, 0, jbgid) < 0)
85 fatal(errno, "error chowning %s", c);
86 if(fchmod(fd, 0640) < 0)
87 fatal(errno, "error chmoding %s", t);
88 if(!(fp = fdopen(fd, "a")))
89 fatal(errno, "error calling fdopen");
90 if(fprintf(fp, "allow %s %s\n", user, pwhex) < 0
91 || fclose(fp) < 0)
92 fatal(errno, "error appending to %s", c);
93 return 0;
94}
95
96/*
97Local Variables:
98c-basic-offset:2
99comment-column:40
100fill-column:79
101indent-tabs-mode:nil
102End:
103*/