diff -r 000000000000 -r 6f7a81934006 authenticate/authvlib.cc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/authenticate/authvlib.cc Wed Jan 16 22:39:43 2008 +0100 @@ -0,0 +1,110 @@ +// Copyright (C) 1999,2000 Bruce Guenter +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +#include +#include +#include "ac/time.h" +#include +#include "authvlib.h" +#include "misc/exec.h" +#include "misc/lookup.h" +#include "vdomain/vdomain.h" + +#ifndef HAVE_GETHOSTNAME +int gethostname(char *name, size_t len); +#endif + +void set_domain(mystring& name, mystring& domain) +{ + int sep = name.find_first_of(config->separators()); + if(sep >= 0) { + domain = name.right(sep+1); + name = name.left(sep); + } + else { + domain = getenv("TCPLOCALHOST"); + if(!domain) { + char tmp[256]; + if(gethostname(tmp, 256)) + fail_temporary("Error determining local host name"); + domain = tmp; + } + } + if(!name) + fail_login("Empty user name"); + if(!domain) + fail_login("Empty domain name"); +} + +static vdomain* domain = 0; + +void set_user(const pwentry* pw) +{ + pw->export_env(); + if(!!exec_presetuid && execute(exec_presetuid)) + fail_temporary("Execution of presetuid failed"); + if(setgid(pw->gid) == -1 || + setuid(pw->uid) == -1 || + chdir(pw->home.c_str()) == -1) + fail_temporary("Bad user data in password file"); + domain = new vdomain(*pw); + config = &domain->config; +} + +static user_data* check(mystring fulluser, mystring password, + bool virtual_only) +{ + mystring virtname; + pwentry* basepw; + if(!lookup_baseuser(fulluser, basepw, virtname)) + fail_login("Invalid or unknown base user or domain"); + presetenv("VUSER=", virtname); + if(!virtname) { + if(virtual_only) + return 0; + if(!basepw->authenticate(password)) + fail_login("Invalid or incorrect password"); + set_user(basepw); + return new user_data(basepw, "", ""); + } + else { + set_user(basepw); + vpwentry* vpw = domain->lookup(virtname, true); + if(!vpw || !vpw->mailbox) + fail_login("Invalid or unknown virtual user"); + if(!vpw->authenticate(password)) + fail_login("Invalid or incorrect password"); + if(vpw->expiry < (unsigned)time(0)) + fail_login("Account has expired"); + vpw->export_env(); + return new user_data(basepw, vpw->mailbox, vpw->name); + } +} + +user_data* authenticate(mystring name, mystring pass, mystring domain, + bool virtual_only) +{ + mystring baseuser; + if(!is_local(domain)) { + mystring baseuser = find_virtual(domain); + if(!!baseuser) + name = baseuser + "-" + name; + } + user_data* result = check(name, pass, virtual_only); + if(result && !!exec_postsetuid && execute(exec_postsetuid)) + fail_temporary("Execution of presetuid failed"); + return result; +}