gen/authentication.c

   1 /*
   2  * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25 #include <sys/param.h>
  26 #include <sys/time.h>
  27 #include <sys/resource.h>
  28 #include <err.h>
  29 #include <errno.h>
  30 #include <grp.h>
  31 #include <paths.h>
  32 #include <stdio.h>
  33 #include <stdlib.h>
  34 #include <string.h>
  35 #include <syslog.h>
  36 #include <unistd.h>
  37
  38 #include "authentication.h"
  39
  40 int isAuthenticatedAsAdministrator(void)
  41 {
  42     if (isAuthenticatedAsRoot()) {
  43         return 1;
  44     }
  45     // otherwise ...
  46     return isAuthenticatedAsAdministratorForTask(0);
  47 }
  48
  49 int isAuthenticatedAsAdministratorForTask(int taskNum)
  50 {
  51     int admin = 0;
  52     uid_t ruid;
  53
  54     if (isAuthenticatedAsRoot()) {
  55         return 1;
  56     }
  57
  58     ruid = getuid();
  59
  60     if (ruid) {
  61             gid_t groups[NGROUPS_MAX];
  62             int   numgroups;
  63
  64             /*
  65              * Only allow those in group taskNum group (By default admin) to authenticate.
  66              */
  67             if ((numgroups = getgroups(NGROUPS_MAX, groups)) > 0) {
  68                     int i;
  69                     gid_t admingid = 0;
  70                     struct group *admingroup;
  71
  72                     if ((admingroup = getgrnam(groupNameForTask(taskNum))) != NULL) {
  73                             admingid = admingroup->gr_gid;
  74
  75                             for (i = 0; i < numgroups; i++) {
  76                                     if (groups[i] == admingid) {
  77                                             admin = 1;
  78                                             break;
  79                                     }
  80                             }
  81                     }
  82
  83             }
  84     }
  85     // otherwise
  86     return admin;
  87 }
  88
  89 int isAuthenticatedAsRoot(void)
  90 {
  91     if (getuid() == 0) {
  92         return 1;
  93     }
  94     return 0;
  95 }
  96
  97 char *groupNameForTask(int taskNum)
  98 {
  99     if (taskNum == 0)
 100         return "admin";
 101
 102     return "admin";
 103 }
 104