gen/authentication.c

   1 /*
   2  * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22 #include <sys/param.h>
  23 #include <sys/time.h>
  24 #include <sys/resource.h>
  25 #include <err.h>
  26 #include <errno.h>
  27 #include <grp.h>
  28 #include <paths.h>
  29 #include <stdio.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32 #include <syslog.h>
  33 #include <unistd.h>
  34
  35 #include "authentication.h"
  36
  37 int isAuthenticatedAsAdministrator(void)
  38 {
  39     if (isAuthenticatedAsRoot()) {
  40         return 1;
  41     }
  42     // otherwise ...
  43     return isAuthenticatedAsAdministratorForTask(0);
  44 }
  45
  46 int isAuthenticatedAsAdministratorForTask(int taskNum)
  47 {
  48     int admin = 0;
  49     uid_t ruid;
  50
  51     if (isAuthenticatedAsRoot()) {
  52         return 1;
  53     }
  54
  55     ruid = getuid();
  56
  57     if (ruid) {
  58             gid_t groups[NGROUPS_MAX];
  59             int   numgroups;
  60
  61             /*
  62              * Only allow those in group taskNum group (By default admin) to authenticate.
  63              */
  64             if ((numgroups = getgroups(NGROUPS_MAX, groups)) > 0) {
  65                     int i;
  66                     gid_t admingid = 0;
  67                     struct group *admingroup;
  68
  69                     if ((admingroup = getgrnam(groupNameForTask(taskNum))) != NULL) {
  70                             admingid = admingroup->gr_gid;
  71
  72                             for (i = 0; i < numgroups; i++) {
  73                                     if (groups[i] == admingid) {
  74                                             admin = 1;
  75                                             break;
  76                                     }
  77                             }
  78                     }
  79
  80             }
  81     }
  82     // otherwise
  83     return admin;
  84 }
  85
  86 int isAuthenticatedAsRoot(void)
  87 {
  88     if (getuid() == 0) {
  89         return 1;
  90     }
  91     return 0;
  92 }
  93
  94 char *groupNameForTask(int taskNum)
  95 {
  96     if (taskNum == 0)
  97         return "admin";
  98
  99     return "admin";
 100 }
 101