diff --new-file -r -u cvm-0.11/Makefile cvm-0.11-sg1/Makefile --- cvm-0.11/Makefile Wed Sep 12 19:11:48 2001 +++ cvm-0.11-sg1/Makefile Wed Jun 26 05:51:17 2002 @@ -8,6 +8,9 @@ all: programs installer instcheck instshow +clean: TARGETS + rm -f `cat TARGETS` + choose: warn-auto.sh choose.sh cat warn-auto.sh choose.sh >choose chmod 755 choose @@ -15,16 +18,16 @@ client.a: makelib client.o client_domain.o client_setugid.o client_setenv.o facts.o ./makelib client.a client.o client_domain.o client_setugid.o client_setenv.o facts.o -client.o: compile client.c socket/socket.h fork.h client.h facts.h errors.h iopoll.h +client.o: compile client.c socket/socket.h fork.h client.h client2.h facts.h errors.h iopoll.h ./compile client.c -client_domain.o: compile client_domain.c client.h facts.h errors.h +client_domain.o: compile client_domain.c client.h client2.h facts.h errors.h ./compile client_domain.c -client_setenv.o: compile client_setenv.c client.h facts.h errors.h setenv.h +client_setenv.o: compile client_setenv.c client.h client2.h facts.h errors.h setenv.h ./compile client_setenv.c -client_setugid.o: compile client_setugid.c client.h facts.h errors.h +client_setugid.o: compile client_setugid.c client.h client2.h facts.h errors.h ./compile client_setugid.c command.a: makelib module_command.o module_request.o module_output.o facts.o @@ -52,13 +55,13 @@ cvm-benchclient: load cvm-benchclient.o client.a socket/socket.a iopoll.o setenv.o ./load cvm-benchclient client.a socket/socket.a iopoll.o setenv.o -cvm-benchclient.o: compile cvm-benchclient.c client.h facts.h errors.h +cvm-benchclient.o: compile cvm-benchclient.c client.h client2.h facts.h errors.h ./compile cvm-benchclient.c cvm-checkpassword: load cvm-checkpassword.o client.a setenv.o socket/socket.a iopoll.o ./load cvm-checkpassword client.a setenv.o socket/socket.a iopoll.o -cvm-checkpassword.o: compile cvm-checkpassword.c client.h facts.h errors.h +cvm-checkpassword.o: compile cvm-checkpassword.c client.h client2.h facts.h errors.h ./compile cvm-checkpassword.c cvm-pwfile: load cvm-pwfile.o command.a pwcmp/client.a crypt.lib @@ -67,22 +70,22 @@ cvm-pwfile-local: load cvm-pwfile-local.o local.a socket/socket.a pwcmp/client.a crypt.lib ./load cvm-pwfile-local local.a socket/socket.a pwcmp/client.a `cat crypt.lib` -cvm-pwfile-local.o: compile cvm-pwfile-local.c cvm-pwfile.c pwcmp/client.h module.h facts.h errors.h +cvm-pwfile-local.o: compile cvm-pwfile-local.c cvm-pwfile.c pwcmp/client.h client2.h module.h module2.h facts.h errors.h ./compile cvm-pwfile-local.c cvm-pwfile-udp: load cvm-pwfile-udp.o udp.a socket/socket.a pwcmp/client.a crypt.lib ./load cvm-pwfile-udp udp.a socket/socket.a pwcmp/client.a `cat crypt.lib` -cvm-pwfile-udp.o: compile cvm-pwfile-udp.c cvm-pwfile.c pwcmp/client.h module.h facts.h errors.h +cvm-pwfile-udp.o: compile cvm-pwfile-udp.c cvm-pwfile.c pwcmp/client.h client2.h module.h module2.h facts.h errors.h ./compile cvm-pwfile-udp.c -cvm-pwfile.o: compile cvm-pwfile.c pwcmp/client.h module.h facts.h errors.h +cvm-pwfile.o: compile cvm-pwfile.c pwcmp/client.h client2.h module.h module2.h facts.h errors.h ./compile cvm-pwfile.c cvm-testclient: load cvm-testclient.o client.a socket/socket.a iopoll.o setenv.o ./load cvm-testclient client.a socket/socket.a iopoll.o setenv.o -cvm-testclient.o: compile cvm-testclient.c client.h facts.h errors.h +cvm-testclient.o: compile cvm-testclient.c client.h client2.h facts.h errors.h ./compile cvm-testclient.c cvm-unix: load cvm-unix.o getpwnam.o command.a crypt.lib shadow.lib s.lib @@ -91,18 +94,30 @@ cvm-unix-local: load cvm-unix-local.o getpwnam.o local.a socket/socket.a crypt.lib shadow.lib s.lib ./load cvm-unix-local getpwnam.o local.a socket/socket.a `cat crypt.lib` `cat shadow.lib` `cat s.lib` -cvm-unix-local.o: compile cvm-unix-local.c cvm-unix.c hasspnam.h hasuserpw.h module.h facts.h errors.h +cvm-unix-local.o: compile cvm-unix-local.c cvm-unix.c hasspnam.h hasuserpw.h module.h module2.h facts.h errors.h ./compile cvm-unix-local.c cvm-unix-udp: load cvm-unix-udp.o getpwnam.o udp.a socket/socket.a crypt.lib shadow.lib s.lib ./load cvm-unix-udp getpwnam.o udp.a socket/socket.a `cat crypt.lib` `cat shadow.lib` `cat s.lib` -cvm-unix-udp.o: compile cvm-unix-udp.c cvm-unix.c hasspnam.h hasuserpw.h module.h facts.h errors.h +cvm-unix-udp.o: compile cvm-unix-udp.c cvm-unix.c hasspnam.h hasuserpw.h module.h module2.h facts.h errors.h ./compile cvm-unix-udp.c -cvm-unix.o: compile cvm-unix.c hasspnam.h hasuserpw.h module.h facts.h errors.h +cvm-unix.o: compile cvm-unix.c hasspnam.h hasuserpw.h module.h module2.h facts.h errors.h ./compile cvm-unix.c +cvm-anon: load cvm-anon.o command.a crypt.lib shadow.lib s.lib + ./load cvm-anon command.a client.a socket/socket.a `cat s.lib` + +cvm-anon.o: compile cvm-anon.c module2.h client2.h + ./compile cvm-anon.c + +cvm-chain: load cvm-chain.o command.a crypt.lib shadow.lib s.lib + ./load cvm-chain command.a client.a socket/socket.a `cat s.lib` + +cvm-chain.o: compile cvm-chain.c module2.h client2.h + ./compile cvm-chain.c + facts.o: compile facts.c facts.h ./compile facts.c @@ -111,7 +126,7 @@ && cat fork.h2 || cat fork.h1 ) > fork.h rm -f tryvfork.o tryvfork -getpwnam.o: compile getpwnam.c module.h facts.h errors.h hasspnam.h hasuserpw.h +getpwnam.o: compile getpwnam.c module.h module2.h facts.h errors.h hasspnam.h hasuserpw.h ./compile getpwnam.c hasspnam.h: compile load tryspnam.c @@ -170,30 +185,30 @@ ) >makelib chmod 755 makelib -module_command.o: compile module_command.c module.h facts.h errors.h +module_command.o: compile module_command.c module.h module2.h facts.h errors.h ./compile module_command.c -module_local.o: compile module_local.c socket/socket.h module.h facts.h errors.h +module_local.o: compile module_local.c socket/socket.h module.h module2.h facts.h errors.h ./compile module_local.c -module_log.o: compile module_log.c module.h facts.h errors.h +module_log.o: compile module_log.c module.h module2.h facts.h errors.h ./compile module_log.c -module_output.o: compile module_output.c module.h facts.h errors.h +module_output.o: compile module_output.c module.h module2.h facts.h errors.h ./compile module_output.c -module_request.o: compile module_request.c module.h facts.h errors.h +module_request.o: compile module_request.c module.h module2.h facts.h errors.h ./compile module_request.c -module_udp.o: compile module_udp.c socket/socket.h module.h facts.h errors.h +module_udp.o: compile module_udp.c socket/socket.h module.h module2.h facts.h errors.h ./compile module_udp.c -programs: cvm-unix cvm-testclient cvm-pwfile-local cvm-pwfile-udp cvm-pwfile cvm-unix-udp cvm-unix-local cvm-benchclient cvm-checkpassword +programs: cvm-unix cvm-testclient cvm-pwfile-local cvm-pwfile-udp cvm-pwfile cvm-unix-udp cvm-unix-local cvm-benchclient cvm-checkpassword cvm-anon cvm-chain pwcmp/client.a: makelib pwcmp/client.o ./makelib pwcmp/client.a pwcmp/client.o -pwcmp/client.o: compile pwcmp/client.c fork.h client.h facts.h errors.h +pwcmp/client.o: compile pwcmp/client.c fork.h client.h client2.h facts.h errors.h ./compile pwcmp/client.c s.lib: compile load trylib.c diff --new-file -r -u cvm-0.11/TARGETS cvm-0.11-sg1/TARGETS --- cvm-0.11/TARGETS Wed Sep 12 19:11:48 2001 +++ cvm-0.11-sg1/TARGETS Wed Jun 26 05:50:24 2002 @@ -27,6 +27,10 @@ cvm-unix-udp cvm-unix-udp.o cvm-unix.o +cvm-anon +cvm-anon.o +cvm-chain +cvm-chain.o facts.o fork.h getpwnam.o diff --new-file -r -u cvm-0.11/client.h cvm-0.11-sg1/client.h --- cvm-0.11/client.h Wed Sep 12 19:11:48 2001 +++ cvm-0.11-sg1/client.h Wed Jun 26 00:28:57 2002 @@ -1,20 +1,16 @@ #ifndef CVM__CLIENT__H__ #define CVM__CLIENT__H__ -#include "facts.h" -#include "errors.h" +#include "client2.h" #define CVM_PROTOCOL 1 -extern const char* cvm_account_split_chars; -extern const char* cvm_ucspi_domain(void); -extern int cvm_authenticate(const char* module, const char* account, - const char* domain, const char** credentials, - int parse_account); -extern int cvm_fact_str(int number, const char** data); -extern int cvm_fact_uint(int number, unsigned long* data); - -extern int cvm_setugid(void); -extern int cvm_setenv(void); +#define cvm_account_split_chars client_cvm_account_split_chars +#define cvm_ucspi_domain client_cvm_ucspi_domain +#define cvm_authenticate client_cvm_authenticate +#define cvm_fact_str client_cvm_fact_str +#define cvm_fact_uint client_cvm_fact_uint +#define cvm_setugid client_cvm_setugid +#define cvm_setenv client_cvm_setenv #endif diff --new-file -r -u cvm-0.11/client2.h cvm-0.11-sg1/client2.h --- cvm-0.11/client2.h Wed Dec 31 19:00:00 1969 +++ cvm-0.11-sg1/client2.h Wed Jun 26 00:28:52 2002 @@ -0,0 +1,20 @@ +#ifndef CVM__CLIENT2__H__ +#define CVM__CLIENT2__H__ + +#include "facts.h" +#include "errors.h" + +#define CVM_PROTOCOL 1 + +extern const char* client_cvm_account_split_chars; +extern const char* client_cvm_ucspi_domain(void); +extern int client_cvm_authenticate(const char* module, const char* account, + const char* domain, const char** credentials, + int parse_account); +extern int client_cvm_fact_str(int number, const char** data); +extern int client_cvm_fact_uint(int number, unsigned long* data); + +extern int client_cvm_setugid(void); +extern int client_cvm_setenv(void); + +#endif diff --new-file -r -u cvm-0.11/cvm-anon.c cvm-0.11-sg1/cvm-anon.c --- cvm-0.11/cvm-anon.c Wed Dec 31 19:00:00 1969 +++ cvm-0.11-sg1/cvm-anon.c Wed Jun 26 06:06:16 2002 @@ -0,0 +1,153 @@ + +#include +#include +#include + +#include "module2.h" +#include "client2.h" + +const unsigned module_cvm_credential_count = 1; +const char *module_cvm_credentials[1]; + + +struct user_map { + char *user; + char *mapto; +}; + +struct user_map *anon_users; +int num_map, max_map; +#define ALLOC_COUNT 10 + + +char *next_cvm; +char *default_username, *default_home, *default_shell; +uid_t default_uid; +gid_t default_gid; + +int module_cvm_auth_init(void) +{ + char *e; + char *ws, *we, *eq; + char *user, *mapto; + + num_map = max_map = 0; + anon_users = NULL; + + if (!(next_cvm = getenv("CVM_ANON_NEXT"))) { + default_username = getenv("CVM_ANON_USER"); + + if (!(default_home = getenv("CVM_ANON_HOME"))) + return CVME_CONFIG; + if (!(default_shell = getenv("CVM_ANON_SHELL"))) + return CVME_CONFIG; + + if (!(e=getenv("CVM_ANON_UID"))) + return CVME_CONFIG; + if (!(default_uid=atoi(e))) + return CVME_CONFIG; + + if (!(e=getenv("CVM_ANON_GID"))) + return CVME_CONFIG; + if (!(default_gid=atoi(e))) + return CVME_CONFIG; + } + if (!(e=getenv("CVM_ANON_USERS"))) + return CVME_CONFIG; + + we = e; + while (1) { + ws = we; + eq = NULL; + while (*ws && (isspace(*ws) || !isprint(*ws))) { + ws++; + } + if (!*ws) + break; + we = ws; + + while (isprint(*we) && !isspace(*we)) { + if (*we == '=') + eq = we; + we++; + } + if (eq) { + if (!(user = malloc(eq-ws+1))) + return CVME_GENERAL; + memcpy(user,ws,eq-ws); + user[eq-ws]='\0'; + if (!(mapto = malloc(we-eq))) + return CVME_GENERAL; + memcpy(mapto,eq+1,we-eq-1); + mapto[we-eq-1]='\0'; + } + else { + if (!(user = malloc(we-ws+1))) + return CVME_GENERAL; + memcpy(user,ws,we-ws); + user[we-ws]='\0'; + mapto = user; + } + if (num_map >= max_map) { + max_map += ALLOC_COUNT; + if (!(anon_users = realloc(anon_users,max_map * sizeof(struct user_map)))) + return CVME_GENERAL; + } + anon_users[num_map].user = user; + anon_users[num_map].mapto = mapto; + num_map++; + } + return 0; +} + +int module_cvm_authenticate(void) +{ + struct user_map *um; + int i; + int r; + char *cred[] = { "", NULL }; + char *tmpstr; + long tmpl; + + for(i=0;i= num_map) + return CVME_PERMFAIL; + um = anon_users; + if (next_cvm) { + if (putenv("CVM_ALREADYAUTH=cvm_anon") != 0) + return CVME_GENERAL; + + if ( (r=client_cvm_authenticate(next_cvm, anon_users[i].mapto, NULL, (const char **)cred, 0)) != 0) { + return r; + } + if (client_cvm_fact_str(CVM_FACT_USERNAME,(const char **)&tmpstr) == 0) + cvm_fact_username = tmpstr; + if (client_cvm_fact_uint(CVM_FACT_USERID,&tmpl) == 0) + cvm_fact_userid = tmpl; + if (client_cvm_fact_uint(CVM_FACT_GROUPID,&tmpl) == 0) + cvm_fact_groupid = tmpl; + if (client_cvm_fact_str(CVM_FACT_DIRECTORY,(const char **)&tmpstr) == 0) + cvm_fact_directory = tmpstr; + if (client_cvm_fact_str(CVM_FACT_SHELL,(const char **)&tmpstr) == 0) + cvm_fact_shell = tmpstr; + + return 0; + } else { + cvm_fact_username = anon_users[i].mapto; + if (default_username) + cvm_fact_username = default_username; + cvm_fact_userid = default_uid; + cvm_fact_groupid = default_gid; + cvm_fact_directory = default_home; + cvm_fact_shell = default_shell; + return 0; + } + +} + +void module_cvm_auth_stop(void) +{ +} diff --new-file -r -u cvm-0.11/cvm-chain.c cvm-0.11-sg1/cvm-chain.c --- cvm-0.11/cvm-chain.c Wed Dec 31 19:00:00 1969 +++ cvm-0.11-sg1/cvm-chain.c Wed Jun 26 05:49:04 2002 @@ -0,0 +1,89 @@ +#include +#include +#include + +#include "module2.h" +#include "client2.h" + +const unsigned module_cvm_credential_count = 1; +const char *module_cvm_credentials[1]; + +char **chain; +int num_chain, max_chain; +#define ALLOC_COUNT 10 + +int module_cvm_auth_init(void) +{ + char *e; + char *ws, *we; + char *s; + + num_chain = max_chain = 0; + chain = NULL; + + if (!(e=getenv("CVM_CHAIN"))) + return CVME_CONFIG; + + we = e; + while (1) { + ws = we; + while (*ws && (isspace(*ws) || !isprint(*ws))) { + ws++; + } + if (!*ws) + break; + we = ws; + + while (isprint(*we) && !isspace(*we)) { + we++; + } + if (!(s = malloc(we-ws+1))) + return CVME_GENERAL; + memcpy(s,ws,we-ws); + s[we-ws]='\0'; + if (num_chain >= max_chain) { + max_chain += ALLOC_COUNT; + if (!(chain = realloc(chain,max_chain * sizeof(char *)))) + return CVME_GENERAL; + } + chain[num_chain] = s; + num_chain++; + } + return 0; +} + +int module_cvm_authenticate(void) +{ + int i; + int r; + char *tmpstr; + long tmpl; + const char *cred[2]; + + cred[0]=module_cvm_credentials[0]; + cred[1]=NULL; + r=CVME_CONFIG; + for(i=0;ipw_passwd == 0) return CVME_PERMFAIL; - if (strcmp(crypt(cvm_credentials[0], pw->pw_passwd), pw->pw_passwd) != 0) - return CVME_PERMFAIL; + if (!getenv("CVM_ALREADYAUTH")) { + if (pw->pw_passwd == 0) return CVME_PERMFAIL; + if (strcmp(crypt(cvm_credentials[0], pw->pw_passwd), pw->pw_passwd) != 0) + return CVME_PERMFAIL; + } if ((tmp = strchr(pw->pw_gecos, ',')) != 0) *tmp = 0; diff --new-file -r -u cvm-0.11/insthier.c cvm-0.11-sg1/insthier.c --- cvm-0.11/insthier.c Wed Sep 12 19:11:48 2001 +++ cvm-0.11-sg1/insthier.c Wed Jun 26 05:51:37 2002 @@ -12,4 +12,6 @@ c(bin, "cvm-unix", -1, -1, 0755); c(bin, "cvm-unix-local", -1, -1, 0755); c(bin, "cvm-unix-udp", -1, -1, 0755); + c(bin, "cvm-anon", -1, -1, 0755); + c(bin, "cvm-chain", -1, -1, 0755); } diff --new-file -r -u cvm-0.11/module.h cvm-0.11-sg1/module.h --- cvm-0.11/module.h Wed Sep 12 19:11:48 2001 +++ cvm-0.11-sg1/module.h Wed Jun 26 00:26:46 2002 @@ -1,44 +1,36 @@ #ifndef CVM__MODULE__H__ #define CVM__MODULE__H__ -#include "facts.h" -#include "errors.h" +#include "module2.h" -#define BUFSIZE 512 +#define cvm_account_name module_cvm_account_name +#define cvm_account_domain module_cvm_account_domain -#define LOG_OK 'y' -#define LOG_FAIL 'n' -#define LOG_ERROR '?' +#define outbuffer module_outbuffer +#define outbuflen module_outbuflen +#define inbuffer module_inbuffer +#define inbuflen module_inbuflen -#define CVM_PROTOCOL 1 +#define cvm_fact_start module_cvm_fact_start +#define cvm_fact_str module_cvm_fact_str +#define cvm_fact_uint module_cvm_fact_uint +#define cvm_fact_end module_cvm_fact_end -extern const char* cvm_account_name; -extern const char* cvm_account_domain; +#define handle_request module_handle_request -extern char outbuffer[BUFSIZE]; -extern unsigned outbuflen; -extern char inbuffer[BUFSIZE+1]; -extern unsigned inbuflen; +#define log_startup module_log_startup +#define log_request module_log_request +#define log_shutdown module_log_shutdown -extern void cvm_fact_start(void); -extern int cvm_fact_str(int number, const char* data); -extern int cvm_fact_uint(int number, unsigned long data); -extern void cvm_fact_end(int code); - -extern int handle_request(void); - -extern void log_startup(void); -extern void log_request(void); -extern void log_shutdown(void); - -extern int cvm_parse_domain(const char* seperators); +#define cvm_parse_domain module_cvm_parse_domain /* The following need to be provided by the module. * The "credentials" global is filled by the input handling code. */ -extern const unsigned cvm_credential_count; -extern const char* cvm_credentials[]; -extern int cvm_auth_init(void); -extern int cvm_authenticate(void); -extern void cvm_auth_stop(void); + +#define cvm_credential_count module_cvm_credential_count +#define cvm_credentials module_cvm_credentials +#define cvm_auth_init module_cvm_auth_init +#define cvm_authenticate module_cvm_authenticate +#define cvm_auth_stop module_cvm_auth_stop #endif diff --new-file -r -u cvm-0.11/module2.h cvm-0.11-sg1/module2.h --- cvm-0.11/module2.h Wed Dec 31 19:00:00 1969 +++ cvm-0.11-sg1/module2.h Wed Jun 26 00:25:43 2002 @@ -0,0 +1,44 @@ +#ifndef CVM__MODULE2__H__ +#define CVM__MODULE2__H__ + +#include "facts.h" +#include "errors.h" + +#define BUFSIZE 512 + +#define LOG_OK 'y' +#define LOG_FAIL 'n' +#define LOG_ERROR '?' + +#define CVM_PROTOCOL 1 + +extern const char* module_cvm_account_name; +extern const char* module_cvm_account_domain; + +extern char module_outbuffer[BUFSIZE]; +extern unsigned module_outbuflen; +extern char module_inbuffer[BUFSIZE+1]; +extern unsigned module_inbuflen; + +extern void module_cvm_fact_start(void); +extern int module_cvm_fact_str(int number, const char* data); +extern int module_cvm_fact_uint(int number, unsigned long data); +extern void module_cvm_fact_end(int code); + +extern int module_handle_request(void); + +extern void module_log_startup(void); +extern void module_log_request(void); +extern void module_log_shutdown(void); + +extern int module_cvm_parse_domain(const char* seperators); + +/* The following need to be provided by the module. + * The "credentials" global is filled by the input handling code. */ +extern const unsigned module_cvm_credential_count; +extern const char* module_cvm_credentials[]; +extern int module_cvm_auth_init(void); +extern int module_cvm_authenticate(void); +extern void module_cvm_auth_stop(void); + +#endif