1b528cefcSMark Murray /*
2*ae771770SStanislav Sedov * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
3b528cefcSMark Murray * (Royal Institute of Technology, Stockholm, Sweden).
4b528cefcSMark Murray * All rights reserved.
5b528cefcSMark Murray *
6b528cefcSMark Murray * Redistribution and use in source and binary forms, with or without
7b528cefcSMark Murray * modification, are permitted provided that the following conditions
8b528cefcSMark Murray * are met:
9b528cefcSMark Murray *
10b528cefcSMark Murray * 1. Redistributions of source code must retain the above copyright
11b528cefcSMark Murray * notice, this list of conditions and the following disclaimer.
12b528cefcSMark Murray *
13b528cefcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright
14b528cefcSMark Murray * notice, this list of conditions and the following disclaimer in the
15b528cefcSMark Murray * documentation and/or other materials provided with the distribution.
16b528cefcSMark Murray *
17b528cefcSMark Murray * 3. Neither the name of the Institute nor the names of its contributors
18b528cefcSMark Murray * may be used to endorse or promote products derived from this software
19b528cefcSMark Murray * without specific prior written permission.
20b528cefcSMark Murray *
21b528cefcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22b528cefcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23b528cefcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24b528cefcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25b528cefcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26b528cefcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27b528cefcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28b528cefcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29b528cefcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30b528cefcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31b528cefcSMark Murray * SUCH DAMAGE.
32b528cefcSMark Murray */
33b528cefcSMark Murray
34b528cefcSMark Murray #include "krb5_locl.h"
35c19800e8SDoug Rabson #include <dirent.h>
36b528cefcSMark Murray
37*ae771770SStanislav Sedov #ifndef _WIN32
38b528cefcSMark Murray
39c19800e8SDoug Rabson /* see if principal is mentioned in the filename access file, return
40c19800e8SDoug Rabson TRUE (in result) if so, FALSE otherwise */
41b528cefcSMark Murray
42c19800e8SDoug Rabson static krb5_error_code
check_one_file(krb5_context context,const char * filename,struct passwd * pwd,krb5_principal principal,krb5_boolean * result)43c19800e8SDoug Rabson check_one_file(krb5_context context,
44c19800e8SDoug Rabson const char *filename,
45c19800e8SDoug Rabson struct passwd *pwd,
46c19800e8SDoug Rabson krb5_principal principal,
47c19800e8SDoug Rabson krb5_boolean *result)
48c19800e8SDoug Rabson {
49c19800e8SDoug Rabson FILE *f;
50c19800e8SDoug Rabson char buf[BUFSIZ];
51c19800e8SDoug Rabson krb5_error_code ret;
52c19800e8SDoug Rabson struct stat st;
53c19800e8SDoug Rabson
54c19800e8SDoug Rabson *result = FALSE;
55c19800e8SDoug Rabson
56c19800e8SDoug Rabson f = fopen (filename, "r");
57c19800e8SDoug Rabson if (f == NULL)
58c19800e8SDoug Rabson return errno;
59*ae771770SStanislav Sedov rk_cloexec_file(f);
60c19800e8SDoug Rabson
61c19800e8SDoug Rabson /* check type and mode of file */
62c19800e8SDoug Rabson if (fstat(fileno(f), &st) != 0) {
63c19800e8SDoug Rabson fclose (f);
64c19800e8SDoug Rabson return errno;
65c19800e8SDoug Rabson }
66c19800e8SDoug Rabson if (S_ISDIR(st.st_mode)) {
67c19800e8SDoug Rabson fclose (f);
68c19800e8SDoug Rabson return EISDIR;
69c19800e8SDoug Rabson }
70c19800e8SDoug Rabson if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
71c19800e8SDoug Rabson fclose (f);
72c19800e8SDoug Rabson return EACCES;
73c19800e8SDoug Rabson }
74c19800e8SDoug Rabson if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
75c19800e8SDoug Rabson fclose (f);
76c19800e8SDoug Rabson return EACCES;
77c19800e8SDoug Rabson }
78c19800e8SDoug Rabson
79c19800e8SDoug Rabson while (fgets (buf, sizeof(buf), f) != NULL) {
80c19800e8SDoug Rabson krb5_principal tmp;
81c19800e8SDoug Rabson char *newline = buf + strcspn(buf, "\n");
82c19800e8SDoug Rabson
83c19800e8SDoug Rabson if(*newline != '\n') {
84c19800e8SDoug Rabson int c;
85c19800e8SDoug Rabson c = fgetc(f);
86c19800e8SDoug Rabson if(c != EOF) {
87c19800e8SDoug Rabson while(c != EOF && c != '\n')
88c19800e8SDoug Rabson c = fgetc(f);
89c19800e8SDoug Rabson /* line was too long, so ignore it */
90c19800e8SDoug Rabson continue;
91c19800e8SDoug Rabson }
92c19800e8SDoug Rabson }
93c19800e8SDoug Rabson *newline = '\0';
94c19800e8SDoug Rabson ret = krb5_parse_name (context, buf, &tmp);
95c19800e8SDoug Rabson if (ret)
96c19800e8SDoug Rabson continue;
97c19800e8SDoug Rabson *result = krb5_principal_compare (context, principal, tmp);
98c19800e8SDoug Rabson krb5_free_principal (context, tmp);
99c19800e8SDoug Rabson if (*result) {
100c19800e8SDoug Rabson fclose (f);
101c19800e8SDoug Rabson return 0;
102c19800e8SDoug Rabson }
103c19800e8SDoug Rabson }
104c19800e8SDoug Rabson fclose (f);
105c19800e8SDoug Rabson return 0;
106c19800e8SDoug Rabson }
107c19800e8SDoug Rabson
108c19800e8SDoug Rabson static krb5_error_code
check_directory(krb5_context context,const char * dirname,struct passwd * pwd,krb5_principal principal,krb5_boolean * result)109c19800e8SDoug Rabson check_directory(krb5_context context,
110c19800e8SDoug Rabson const char *dirname,
111c19800e8SDoug Rabson struct passwd *pwd,
112c19800e8SDoug Rabson krb5_principal principal,
113c19800e8SDoug Rabson krb5_boolean *result)
114c19800e8SDoug Rabson {
115c19800e8SDoug Rabson DIR *d;
116c19800e8SDoug Rabson struct dirent *dent;
117c19800e8SDoug Rabson char filename[MAXPATHLEN];
118c19800e8SDoug Rabson krb5_error_code ret = 0;
119c19800e8SDoug Rabson struct stat st;
120c19800e8SDoug Rabson
121c19800e8SDoug Rabson *result = FALSE;
122c19800e8SDoug Rabson
123c19800e8SDoug Rabson if(lstat(dirname, &st) < 0)
124c19800e8SDoug Rabson return errno;
125c19800e8SDoug Rabson
126c19800e8SDoug Rabson if (!S_ISDIR(st.st_mode))
127c19800e8SDoug Rabson return ENOTDIR;
128c19800e8SDoug Rabson
129c19800e8SDoug Rabson if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
130c19800e8SDoug Rabson return EACCES;
131c19800e8SDoug Rabson if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
132c19800e8SDoug Rabson return EACCES;
133c19800e8SDoug Rabson
134c19800e8SDoug Rabson if((d = opendir(dirname)) == NULL)
135c19800e8SDoug Rabson return errno;
136c19800e8SDoug Rabson
137c19800e8SDoug Rabson {
138c19800e8SDoug Rabson int fd;
139c19800e8SDoug Rabson struct stat st2;
140c19800e8SDoug Rabson
141c19800e8SDoug Rabson fd = dirfd(d);
142c19800e8SDoug Rabson if(fstat(fd, &st2) < 0) {
143c19800e8SDoug Rabson closedir(d);
144c19800e8SDoug Rabson return errno;
145c19800e8SDoug Rabson }
146c19800e8SDoug Rabson if(st.st_dev != st2.st_dev || st.st_ino != st2.st_ino) {
147c19800e8SDoug Rabson closedir(d);
148c19800e8SDoug Rabson return EACCES;
149c19800e8SDoug Rabson }
150c19800e8SDoug Rabson }
151c19800e8SDoug Rabson
152c19800e8SDoug Rabson while((dent = readdir(d)) != NULL) {
153c19800e8SDoug Rabson if(strcmp(dent->d_name, ".") == 0 ||
154c19800e8SDoug Rabson strcmp(dent->d_name, "..") == 0 ||
155c19800e8SDoug Rabson dent->d_name[0] == '#' || /* emacs autosave */
156c19800e8SDoug Rabson dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */
157c19800e8SDoug Rabson continue;
158c19800e8SDoug Rabson snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name);
159c19800e8SDoug Rabson ret = check_one_file(context, filename, pwd, principal, result);
160c19800e8SDoug Rabson if(ret == 0 && *result == TRUE)
161c19800e8SDoug Rabson break;
162c19800e8SDoug Rabson ret = 0; /* don't propagate errors upstream */
163c19800e8SDoug Rabson }
164c19800e8SDoug Rabson closedir(d);
165c19800e8SDoug Rabson return ret;
166c19800e8SDoug Rabson }
167c19800e8SDoug Rabson
168*ae771770SStanislav Sedov #endif /* !_WIN32 */
169*ae771770SStanislav Sedov
170c19800e8SDoug Rabson static krb5_boolean
match_local_principals(krb5_context context,krb5_principal principal,const char * luser)171c19800e8SDoug Rabson match_local_principals(krb5_context context,
172b528cefcSMark Murray krb5_principal principal,
173b528cefcSMark Murray const char *luser)
174b528cefcSMark Murray {
175b528cefcSMark Murray krb5_error_code ret;
176c19800e8SDoug Rabson krb5_realm *realms, *r;
177c19800e8SDoug Rabson krb5_boolean result = FALSE;
178b528cefcSMark Murray
179c19800e8SDoug Rabson /* multi-component principals can never match */
180c19800e8SDoug Rabson if(krb5_principal_get_comp_string(context, principal, 1) != NULL)
181bbd80c28SJacques Vidrine return FALSE;
182bbd80c28SJacques Vidrine
183b528cefcSMark Murray ret = krb5_get_default_realms (context, &realms);
184b528cefcSMark Murray if (ret)
185b528cefcSMark Murray return FALSE;
186b528cefcSMark Murray
187b528cefcSMark Murray for (r = realms; *r != NULL; ++r) {
188c19800e8SDoug Rabson if(strcmp(krb5_principal_get_realm(context, principal),
189c19800e8SDoug Rabson *r) != 0)
190c19800e8SDoug Rabson continue;
191c19800e8SDoug Rabson if(strcmp(krb5_principal_get_comp_string(context, principal, 0),
192c19800e8SDoug Rabson luser) == 0) {
193c19800e8SDoug Rabson result = TRUE;
194c19800e8SDoug Rabson break;
195c19800e8SDoug Rabson }
196c19800e8SDoug Rabson }
197b528cefcSMark Murray krb5_free_host_realm (context, realms);
198c19800e8SDoug Rabson return result;
199b528cefcSMark Murray }
200b528cefcSMark Murray
201c19800e8SDoug Rabson /**
202*ae771770SStanislav Sedov * This function takes the name of a local user and checks if
203*ae771770SStanislav Sedov * principal is allowed to log in as that user.
204*ae771770SStanislav Sedov *
205*ae771770SStanislav Sedov * The user may have a ~/.k5login file listing principals that are
206*ae771770SStanislav Sedov * allowed to login as that user. If that file does not exist, all
207*ae771770SStanislav Sedov * principals with a first component identical to the username, and a
208*ae771770SStanislav Sedov * realm considered local, are allowed access.
209*ae771770SStanislav Sedov *
210*ae771770SStanislav Sedov * The .k5login file must contain one principal per line, be owned by
211*ae771770SStanislav Sedov * user and not be writable by group or other (but must be readable by
212*ae771770SStanislav Sedov * anyone).
213*ae771770SStanislav Sedov *
214*ae771770SStanislav Sedov * Note that if the file exists, no implicit access rights are given
215*ae771770SStanislav Sedov * to user@@LOCALREALM.
216*ae771770SStanislav Sedov *
217*ae771770SStanislav Sedov * Optionally, a set of files may be put in ~/.k5login.d (a
218*ae771770SStanislav Sedov * directory), in which case they will all be checked in the same
219*ae771770SStanislav Sedov * manner as .k5login. The files may be called anything, but files
220*ae771770SStanislav Sedov * starting with a hash (#) , or ending with a tilde (~) are
221*ae771770SStanislav Sedov * ignored. Subdirectories are not traversed. Note that this directory
222*ae771770SStanislav Sedov * may not be checked by other Kerberos implementations.
223*ae771770SStanislav Sedov *
224*ae771770SStanislav Sedov * If no configuration file exists, match user against local domains,
225*ae771770SStanislav Sedov * ie luser@@LOCAL-REALMS-IN-CONFIGURATION-FILES.
226*ae771770SStanislav Sedov *
227*ae771770SStanislav Sedov * @param context Kerberos 5 context.
228*ae771770SStanislav Sedov * @param principal principal to check if allowed to login
229*ae771770SStanislav Sedov * @param luser local user id
230*ae771770SStanislav Sedov *
231*ae771770SStanislav Sedov * @return returns TRUE if access should be granted, FALSE otherwise.
232*ae771770SStanislav Sedov *
233*ae771770SStanislav Sedov * @ingroup krb5_support
234c19800e8SDoug Rabson */
235c19800e8SDoug Rabson
236*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_kuserok(krb5_context context,krb5_principal principal,const char * luser)237c19800e8SDoug Rabson krb5_kuserok (krb5_context context,
238c19800e8SDoug Rabson krb5_principal principal,
239c19800e8SDoug Rabson const char *luser)
240c19800e8SDoug Rabson {
241*ae771770SStanislav Sedov #ifndef _WIN32
242c19800e8SDoug Rabson char *buf;
243c19800e8SDoug Rabson size_t buflen;
244*ae771770SStanislav Sedov struct passwd *pwd = NULL;
245*ae771770SStanislav Sedov char *profile_dir = NULL;
246c19800e8SDoug Rabson krb5_error_code ret;
247c19800e8SDoug Rabson krb5_boolean result = FALSE;
248c19800e8SDoug Rabson
249c19800e8SDoug Rabson krb5_boolean found_file = FALSE;
250c19800e8SDoug Rabson
251c19800e8SDoug Rabson #ifdef POSIX_GETPWNAM_R
252c19800e8SDoug Rabson char pwbuf[2048];
253c19800e8SDoug Rabson struct passwd pw;
254c19800e8SDoug Rabson
255c19800e8SDoug Rabson if(getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
256c19800e8SDoug Rabson return FALSE;
257c19800e8SDoug Rabson #else
258c19800e8SDoug Rabson pwd = getpwnam (luser);
259c19800e8SDoug Rabson #endif
260c19800e8SDoug Rabson if (pwd == NULL)
261c19800e8SDoug Rabson return FALSE;
262*ae771770SStanislav Sedov profile_dir = pwd->pw_dir;
263c19800e8SDoug Rabson
264c19800e8SDoug Rabson #define KLOGIN "/.k5login"
265*ae771770SStanislav Sedov buflen = strlen(profile_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
266c19800e8SDoug Rabson buf = malloc(buflen);
267c19800e8SDoug Rabson if(buf == NULL)
268c19800e8SDoug Rabson return FALSE;
269c19800e8SDoug Rabson /* check user's ~/.k5login */
270*ae771770SStanislav Sedov strlcpy(buf, profile_dir, buflen);
271c19800e8SDoug Rabson strlcat(buf, KLOGIN, buflen);
272c19800e8SDoug Rabson ret = check_one_file(context, buf, pwd, principal, &result);
273c19800e8SDoug Rabson
274c19800e8SDoug Rabson if(ret == 0 && result == TRUE) {
275c19800e8SDoug Rabson free(buf);
276b528cefcSMark Murray return TRUE;
277b528cefcSMark Murray }
278b528cefcSMark Murray
279c19800e8SDoug Rabson if(ret != ENOENT)
280c19800e8SDoug Rabson found_file = TRUE;
281b528cefcSMark Murray
282c19800e8SDoug Rabson strlcat(buf, ".d", buflen);
283c19800e8SDoug Rabson ret = check_directory(context, buf, pwd, principal, &result);
284c19800e8SDoug Rabson free(buf);
285c19800e8SDoug Rabson if(ret == 0 && result == TRUE)
286b528cefcSMark Murray return TRUE;
287c19800e8SDoug Rabson
288c19800e8SDoug Rabson if(ret != ENOENT && ret != ENOTDIR)
289c19800e8SDoug Rabson found_file = TRUE;
290c19800e8SDoug Rabson
291c19800e8SDoug Rabson /* finally if no files exist, allow all principals matching
292c19800e8SDoug Rabson <localuser>@<LOCALREALM> */
293c19800e8SDoug Rabson if(found_file == FALSE)
294c19800e8SDoug Rabson return match_local_principals(context, principal, luser);
295c19800e8SDoug Rabson
296b528cefcSMark Murray return FALSE;
297*ae771770SStanislav Sedov #else
298*ae771770SStanislav Sedov /* The .k5login file may be on a remote profile and we don't have
299*ae771770SStanislav Sedov access to the profile until we have a token handle for the
300*ae771770SStanislav Sedov user's credentials. */
301*ae771770SStanislav Sedov return match_local_principals(context, principal, luser);
302*ae771770SStanislav Sedov #endif
303b528cefcSMark Murray }
304