src/credential.cpp

   1 /*
   2  * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include "credential.h"
  25 #include <pwd.h>
  26 #include <syslog.h>
  27
  28 #include <Security/checkpw.h>
  29 extern "C" int checkpw_internal( const struct passwd *pw, const char* password );
  30 #include "server.h"
  31
  32 namespace Authorization {
  33
  34 // default credential: invalid for everything, needed as a default session credential
  35 CredentialImpl::CredentialImpl() : mUid(0), mShared(false), mName(""), mRealname(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false), mRight(false)
  36 {
  37 }
  38
  39 // only for testing whether this credential is usable
  40 CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mUid(uid), mShared(shared), mName(username), mRealname(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true), mRight(false)
  41 {
  42 }
  43
  44 CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false), mRight(false)
  45 {
  46     Server::active().longTermActivity();
  47     const char *user = username.c_str();
  48     struct passwd *pw = getpwnam(user);
  49
  50     do {
  51         if (!pw) {
  52                         syslog(LOG_ERR, "getpwnam() failed for user %s, creating invalid credential", user);
  53             break;
  54         }
  55
  56         mUid = pw->pw_uid;
  57         mName = pw->pw_name;
  58         mRealname = pw->pw_gecos;
  59
  60         const char *passwd = password.c_str();
  61         int checkpw_status = checkpw_internal(pw, passwd);
  62
  63         if (checkpw_status != CHECKPW_SUCCESS) {
  64             syslog(LOG_ERR, "checkpw() returned %d; failed to authenticate user %s (uid %lu).", checkpw_status, pw->pw_name, pw->pw_uid);
  65             break;
  66         }
  67
  68                 syslog(LOG_INFO, "checkpw() succeeded, creating%s credential for user %s", mShared ? " shared" : "", user);
  69
  70         mValid = true;
  71
  72         endpwent();
  73     } while (0);
  74 }
  75
  76 CredentialImpl::CredentialImpl(const string &right, bool shared) : mUid(-2), mShared(shared), mName(right), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true), mRight(true)
  77 {
  78 }
  79
  80 CredentialImpl::~CredentialImpl()
  81 {
  82 }
  83
  84 bool
  85 CredentialImpl::operator < (const CredentialImpl &other) const
  86 {
  87         if (!mShared && other.mShared)
  88                 return true;
  89         if (!other.mShared && mShared)
  90                 return false;
  91
  92         return mUid < other.mUid;
  93 }
  94
  95 // Returns true if this CredentialImpl should be shared.
  96 bool
  97 CredentialImpl::isShared() const
  98 {
  99         return mShared;
 100 }
 101
 102 // Merge with other
 103 void
 104 CredentialImpl::merge(const CredentialImpl &other)
 105 {
 106         assert(mUid == other.mUid);
 107
 108         if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
 109         {
 110                 mCreationTime = other.mCreationTime;
 111                 mValid = true;
 112         }
 113 }
 114
 115 // The time at which this credential was obtained.
 116 CFAbsoluteTime
 117 CredentialImpl::creationTime() const
 118 {
 119         return mCreationTime;
 120 }
 121
 122 // Return true iff this credential is valid.
 123 bool
 124 CredentialImpl::isValid() const
 125 {
 126         return mValid;
 127 }
 128
 129 void
 130 CredentialImpl::invalidate()
 131 {
 132         mValid = false;
 133 }
 134
 135 //
 136 // Credential class
 137 //
 138 Credential::Credential() :
 139 RefPointer<CredentialImpl>(new CredentialImpl())
 140 {
 141 }
 142
 143 Credential::Credential(CredentialImpl *impl) :
 144 RefPointer<CredentialImpl>(impl)
 145 {
 146 }
 147
 148 Credential::Credential(const uid_t uid, const string &username, const string &realname, bool shared) :
 149 RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, shared))
 150 {
 151 }
 152
 153 Credential::Credential(const string &username, const string &password, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(username, password, shared))
 154 {
 155 }
 156
 157 Credential::Credential(const string &right, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, shared))
 158 {
 159 }
 160
 161 Credential::~Credential()
 162 {
 163 }
 164
 165 bool
 166 Credential::operator < (const Credential &other) const
 167 {
 168         if (!*this)
 169                 return other;
 170
 171         if (!other)
 172                 return false;
 173
 174         return (**this) < (*other);
 175 }
 176
 177 } // end namespace Authorization
 178
 179