0e9073a57e
[2] Add PAM support to gnatsd PR: [1] ports/41342 Submitted by: [1] Igor Kucherenko <kivvy@sunbay.com> [2] ru
130 lines
2.7 KiB
C
130 lines
2.7 KiB
C
--- gnats/gnatsd.c.orig Wed Sep 22 02:18:39 1999
|
|
+++ gnats/gnatsd.c Tue Aug 20 21:11:28 2002
|
|
@@ -24,6 +24,15 @@
|
|
#include "query.h"
|
|
#include "db_conf.h"
|
|
|
|
+#ifdef HAVE_PAM
|
|
+#include <security/pam_appl.h>
|
|
+#ifdef _OPENPAM
|
|
+#include <security/openpam.h>
|
|
+#endif
|
|
+
|
|
+static int issetuidroot;
|
|
+#endif /* HAVE_PAM */
|
|
+
|
|
char myname[MAXHOSTNAMELEN];
|
|
|
|
char *program_name;
|
|
@@ -387,9 +396,9 @@
|
|
return found;
|
|
}
|
|
|
|
-/* Get the access lever for this user. */
|
|
-int
|
|
-get_user_access (database, filename, user, passwd)
|
|
+/* Get the access level for this user using the file backend. */
|
|
+static int
|
|
+get_user_access_file (database, filename, user, passwd)
|
|
char *database;
|
|
char *filename;
|
|
char *user;
|
|
@@ -489,6 +498,86 @@
|
|
return access;
|
|
}
|
|
|
|
+#ifdef HAVE_PAM
|
|
+#ifndef _OPENPAM
|
|
+int
|
|
+pam_conv (n, msg, resp, data)
|
|
+ int n;
|
|
+ const struct pam_message **msg;
|
|
+ struct pam_response **resp;
|
|
+ void *data;
|
|
+{
|
|
+
|
|
+ if (n != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF)
|
|
+ return(PAM_CONV_ERR);
|
|
+ if ((*resp = malloc(sizeof(struct pam_response))) == NULL)
|
|
+ return(PAM_CONV_ERR);
|
|
+ (*resp)[0].resp = strdup((const char *)data);
|
|
+ (*resp)[0].resp_retcode = 0;
|
|
+
|
|
+ return ((*resp)[0].resp != NULL ? PAM_SUCCESS : PAM_CONV_ERR);
|
|
+}
|
|
+#endif /* _OPENPAM */
|
|
+
|
|
+/* Get the access level for this user using the PAM backend. */
|
|
+static int
|
|
+get_user_access_pam (user, passwd)
|
|
+ char *user;
|
|
+ char *passwd;
|
|
+{
|
|
+ int access;
|
|
+ pam_handle_t *pamh;
|
|
+ struct pam_conv pamc = {
|
|
+#ifdef _OPENPAM
|
|
+ &openpam_nullconv, NULL
|
|
+#else
|
|
+ &pam_conv, passwd
|
|
+#endif
|
|
+ };
|
|
+
|
|
+ access = -1;
|
|
+
|
|
+ /* PAM chain may require super-user. */
|
|
+ if (issetuidroot)
|
|
+ seteuid(0);
|
|
+
|
|
+ if (pam_start("gnatsd", user, &pamc, &pamh) == PAM_SUCCESS &&
|
|
+#ifdef _OPENPAM
|
|
+ pam_set_item(pamh, PAM_AUTHTOK, passwd) == PAM_SUCCESS &&
|
|
+#endif
|
|
+ pam_authenticate(pamh, 0) == PAM_SUCCESS)
|
|
+ {
|
|
+ access = ACCESS_EDIT;
|
|
+ }
|
|
+
|
|
+ /* Revert back to real UID. */
|
|
+ if (issetuidroot)
|
|
+ seteuid(getuid());
|
|
+
|
|
+ return access;
|
|
+}
|
|
+#endif /* HAVE_PAM */
|
|
+
|
|
+/* Get the access level for this user. */
|
|
+int
|
|
+get_user_access (database, filename, user, passwd)
|
|
+ char *database;
|
|
+ char *filename;
|
|
+ char *user;
|
|
+ char *passwd;
|
|
+{
|
|
+ int access;
|
|
+
|
|
+ access = -1;
|
|
+
|
|
+#ifdef HAVE_PAM
|
|
+ if ((access = get_user_access_pam(user, passwd)) == -1)
|
|
+#endif /* HAVE_PAM */
|
|
+ access = get_user_access_file(database, filename, user, passwd);
|
|
+
|
|
+ return access;
|
|
+}
|
|
+
|
|
void
|
|
start_connection ()
|
|
{
|
|
@@ -680,6 +769,11 @@
|
|
int optc;
|
|
int not_inetd = 0;
|
|
int access, access_required;
|
|
+
|
|
+#ifdef HAVE_PAM
|
|
+ if ((issetuidroot = geteuid() == 0 && getuid() != 0))
|
|
+ seteuid(getuid());
|
|
+#endif /* HAVE_PAM */
|
|
|
|
outfile = stdout;
|
|
|