2 * This file is part of DisOrder
3 * Copyright (C) 2005, 2007, 2008 Richard Kettlewell
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
33 #include "authorize.h"
35 #include "configuration.h"
39 /** @brief Create a DisOrder login for the calling user, called @p user
40 * @param client DisOrder client
41 * @param user Username to create (UTF-8)
42 * @param rights Initial rights or NULL for default
43 * @return 0 on success, non-0 on error
45 int authorize(disorder_client *client, const char *user, const char *rights) {
46 /* base64 is 3-into-4 so we make the password a multiple of 3 bytes long */
48 const struct passwd *pw;
52 char *configdir, *configpath, *configpathtmp;
54 uid_t old_uid = getuid();
55 gid_t old_gid = getgid();
57 if(!(pw = getpwnam(user)))
58 /* If it's a NIS world then /etc/passwd may be a lie, but it emphasizes
59 * that it's talking about the login user, not the DisOrder user */
60 fatal(0, "no such user as %s in /etc/passwd", user);
62 /* Choose a random password */
63 gcry_randomize(pwbin, sizeof pwbin, GCRY_STRONG_RANDOM);
64 pwhex = mime_to_base64(pwbin, sizeof pwbin);
66 /* Create the user on the server */
67 if(disorder_adduser(client, user, pwhex, rights))
70 /* Become the target user */
71 if(setegid(pw->pw_gid) < 0)
72 fatal(errno, "setegid %lu", (unsigned long)pw->pw_gid);
73 if(seteuid(pw->pw_uid) < 0)
74 fatal(errno, "seteuid %lu", (unsigned long)pw->pw_uid);
76 /* Make sure the configuration directory exists*/
77 byte_xasprintf(&configdir, "%s/.disorder", pw->pw_dir);
78 if(mkdir(configdir, 02700) < 0) {
80 fatal(errno, "creating %s", configdir);
83 /* Make sure the configuration file does not exist */
84 byte_xasprintf(&configpath, "%s/passwd", configdir);
85 if(lstat(configpath, &sb) == 0)
86 fatal(0, "%s already exists", configpath);
88 fatal(errno, " checking %s", configpath);
90 byte_xasprintf(&configpathtmp, "%s.new", configpath);
92 /* Create config file with mode 600 */
93 if((fd = open(configpathtmp, O_WRONLY|O_CREAT, 0600)) < 0)
94 fatal(errno, "error creating %s", configpathtmp);
97 if(!(fp = fdopen(fd, "w")))
98 fatal(errno, "error calling fdopen");
99 if(fprintf(fp, "password %s\n", pwhex) < 0
101 fatal(errno, "error writing to %s", configpathtmp);
103 /* Rename config file into place */
104 if(rename(configpathtmp, configpath) < 0)
105 fatal(errno, "error renaming %s to %s", configpathtmp, configpath);
107 /* Put our identity back */
108 if(seteuid(old_uid) < 0)
109 fatal(errno, "seteuid %lu", (unsigned long)old_uid);
110 if(setegid(old_gid) < 0)
111 fatal(errno, "setegid %lu", (unsigned long)old_gid);