1 /*-
2 * Copyright (c) 1996 by
3 * Sean Eric Fagan <sef@kithrup.com>
4 * David Nugent <davidn@blaze.net.au>
5 * All rights reserved.
6 *
7 * Portions copyright (c) 1995,1997
8 * Berkeley Software Design, Inc.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, is permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice immediately at the beginning of the file, without modification,
16 * this list of conditions, and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. This work was done expressly for inclusion into FreeBSD. Other use
21 * is permitted provided this notation is included.
22 * 4. Absolutely no warranty of function or purpose is made by the authors.
23 * 5. Modifications may be freely made to this file providing the above
24 * conditions are met.
25 *
26 * Low-level routines relating to the user capabilities database
27 */
28
29 #include <sys/cdefs.h>
30 #include <sys/types.h>
31 #include <sys/time.h>
32 #include <sys/resource.h>
33 #include <sys/param.h>
34 #include <errno.h>
35 #include <fcntl.h>
36 #include <libutil.h>
37 #include <login_cap.h>
38 #include <pwd.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <syslog.h>
43 #include <unistd.h>
44
45 /*
46 * allocstr()
47 * Manage a single static pointer for handling a local char* buffer,
48 * resizing as necessary to contain the string.
49 *
50 * allocarray()
51 * Manage a static array for handling a group of strings, resizing
52 * when necessary.
53 */
54
55 static int lc_object_count = 0;
56
57 static size_t internal_stringsz = 0;
58 static char * internal_string = NULL;
59 static size_t internal_arraysz = 0;
60 static const char ** internal_array = NULL;
61
62 static char path_login_conf[] = _PATH_LOGIN_CONF;
63
64 static char *
allocstr(const char * str)65 allocstr(const char *str)
66 {
67 char *p;
68
69 size_t sz = strlen(str) + 1; /* realloc() only if necessary */
70 if (sz <= internal_stringsz)
71 p = strcpy(internal_string, str);
72 else if ((p = realloc(internal_string, sz)) != NULL) {
73 internal_stringsz = sz;
74 internal_string = strcpy(p, str);
75 }
76 return p;
77 }
78
79
80 static const char **
allocarray(size_t sz)81 allocarray(size_t sz)
82 {
83 static const char **p;
84
85 if (sz <= internal_arraysz)
86 p = internal_array;
87 else if ((p = reallocarray(internal_array, sz, sizeof(char*))) != NULL) {
88 internal_arraysz = sz;
89 internal_array = p;
90 }
91 return p;
92 }
93
94
95 /*
96 * This is a variant of strcspn, which checks for quoted
97 * strings. That is,:
98 * strcspn_quote("how 'now, brown' cow", ",", NULL);
99 * will return the index for the nul, rather than the comma, because
100 * the string is quoted. It does not handle escaped characters
101 * at this time.
102 */
103 static size_t
strcspn_quote(const char * str,const char * exclude,int * is_quoted)104 strcspn_quote(const char *str, const char *exclude, int *is_quoted)
105 {
106 size_t indx = 0;
107 char quote = 0;
108
109 if (str == NULL)
110 return 0;
111
112 if (is_quoted)
113 *is_quoted = 0;
114
115 for (indx = 0; str[indx] != 0; indx++) {
116 if (quote && str[indx] == quote) {
117 if (is_quoted)
118 *is_quoted = 1;
119 quote = 0;
120 continue;
121 }
122 if (quote == 0 &&
123 (str[indx] == '\'' || str[indx] == '"')) {
124 quote = str[indx];
125 continue;
126 }
127 if (quote == 0 &&
128 strchr(exclude, str[indx]) != NULL)
129 return indx;
130 }
131 return indx;
132 }
133
134 /*
135 * Remove quotes from the given string.
136 * It's a very simplistic approach: the first
137 * single or double quote it finds, it looks for
138 * the next one, and if it finds it, moves the
139 * entire string backwards in two chunks
140 * (first quote + 1 to first quote, length
141 * rest of string, and then second quote + 1
142 * to second quote, length rest of the string).
143 */
144 static void
remove_quotes(char * str)145 remove_quotes(char *str)
146 {
147 static const char *quote_chars = "'\"";
148 char qc = 0;
149 int found = 0;
150
151 do {
152 char *loc = NULL;
153
154 found = 0;
155 /*
156 * If qc is 0, then we haven't found
157 * a quote yet, so do a strcspn search.
158 */
159 if (qc == 0) {
160 size_t indx;
161 indx = strcspn(str, quote_chars);
162 if (str[indx] == '\0')
163 return; /* We're done */
164 loc = str + indx;
165 qc = str[indx];
166 } else {
167 /*
168 * We've found a quote character,
169 * so use strchr to find the next one.
170 */
171 loc = strchr(str, qc);
172 if (loc == NULL)
173 return;
174 qc = 0;
175 }
176 if (loc) {
177 /*
178 * This gives us the location of the
179 * quoted character. We need to move
180 * the entire string down, from loc+1
181 * to loc.
182 */
183 size_t len = strlen(loc + 1) + 1;
184 memmove(loc, loc + 1, len);
185 found = 1;
186 }
187 } while (found != 0);
188 }
189
190 /*
191 * arrayize()
192 * Turn a simple string <str> separated by any of
193 * the set of <chars> into an array. The last element
194 * of the array will be NULL, as is proper.
195 * Free using freearraystr()
196 */
197
198 static const char **
arrayize(const char * str,const char * chars,int * size)199 arrayize(const char *str, const char *chars, int *size)
200 {
201 int i;
202 char *ptr;
203 const char *cptr;
204 const char **res = NULL;
205
206 /* count the sub-strings */
207 for (i = 0, cptr = str; *cptr; i++) {
208 int count = strcspn_quote(cptr, chars, NULL);
209 cptr += count;
210 if (*cptr)
211 ++cptr;
212 }
213
214 /* alloc the array */
215 if ((ptr = allocstr(str)) != NULL) {
216 if ((res = allocarray(++i)) == NULL)
217 free((void *)(uintptr_t)(const void *)str);
218 else {
219 /* now split the string */
220 i = 0;
221 while (*ptr) {
222 int quoted = 0;
223 int count = strcspn_quote(ptr, chars, "ed);
224 char *base = ptr;
225 res[i++] = ptr;
226 ptr += count;
227 if (*ptr)
228 *ptr++ = '\0';
229 /*
230 * If the string contains a quoted element, we
231 * need to remove the quotes.
232 */
233 if (quoted) {
234 remove_quotes(base);
235 }
236
237 }
238 res[i] = NULL;
239 }
240 }
241
242 if (size)
243 *size = i;
244
245 return res;
246 }
247
248
249 /*
250 * login_close()
251 * Frees up all resources relating to a login class
252 *
253 */
254
255 void
login_close(login_cap_t * lc)256 login_close(login_cap_t * lc)
257 {
258 if (lc) {
259 free(lc->lc_style);
260 free(lc->lc_class);
261 free(lc->lc_cap);
262 free(lc);
263 if (--lc_object_count == 0) {
264 free(internal_string);
265 free(internal_array);
266 internal_array = NULL;
267 internal_arraysz = 0;
268 internal_string = NULL;
269 internal_stringsz = 0;
270 cgetclose();
271 }
272 }
273 }
274
275
276 /*
277 * login_getclassbyname()
278 * Get the login class by its name.
279 * If the name given is NULL or empty, the default class
280 * LOGIN_DEFCLASS (i.e., "default") is fetched.
281 * If the name given is LOGIN_MECLASS and
282 * 'pwd' argument is non-NULL and contains an non-NULL
283 * dir entry, then the file _FILE_LOGIN_CONF is picked
284 * up from that directory and used before the system
285 * login database. In that case the system login database
286 * is looked up using LOGIN_MECLASS, too, which is a bug.
287 * Return a filled-out login_cap_t structure, including
288 * class name, and the capability record buffer.
289 */
290
291 login_cap_t *
login_getclassbyname(char const * name,const struct passwd * pwd)292 login_getclassbyname(char const *name, const struct passwd *pwd)
293 {
294 login_cap_t *lc;
295
296 if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
297 int r, me, i = 0;
298 uid_t euid = 0;
299 gid_t egid = 0;
300 const char *msg = NULL;
301 const char *dir;
302 char userpath[MAXPATHLEN];
303
304 static char *login_dbarray[] = { NULL, NULL, NULL };
305
306 me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
307 dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
308 /*
309 * Switch to user mode before checking/reading its ~/.login_conf
310 * - some NFSes have root read access disabled.
311 *
312 * XXX: This fails to configure additional groups.
313 */
314 if (dir) {
315 euid = geteuid();
316 egid = getegid();
317 (void)setegid(pwd->pw_gid);
318 (void)seteuid(pwd->pw_uid);
319 }
320
321 if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir,
322 _FILE_LOGIN_CONF) < MAXPATHLEN) {
323 if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
324 login_dbarray[i++] = userpath;
325 }
326 /*
327 * XXX: Why to add the system database if the class is `me'?
328 */
329 if (_secure_path(path_login_conf, 0, 0) != -1)
330 login_dbarray[i++] = path_login_conf;
331 login_dbarray[i] = NULL;
332
333 memset(lc, 0, sizeof(login_cap_t));
334 lc->lc_cap = lc->lc_class = lc->lc_style = NULL;
335
336 if (name == NULL || *name == '\0')
337 name = LOGIN_DEFCLASS;
338
339 switch (cgetent(&lc->lc_cap, login_dbarray, name)) {
340 case -1: /* Failed, entry does not exist */
341 if (me)
342 break; /* Don't retry default on 'me' */
343 if (i == 0)
344 r = -1;
345 else if ((r = open(login_dbarray[0], O_RDONLY | O_CLOEXEC)) >= 0)
346 close(r);
347 /*
348 * If there's at least one login class database,
349 * and we aren't searching for a default class
350 * then complain about a non-existent class.
351 */
352 if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0)
353 syslog(LOG_ERR, "login_getclass: unknown class '%s'", name);
354 /* fall-back to default class */
355 name = LOGIN_DEFCLASS;
356 msg = "%s: no default/fallback class '%s'";
357 if (cgetent(&lc->lc_cap, login_dbarray, name) != 0 && r >= 0)
358 break;
359 /* FALLTHROUGH - just return system defaults */
360 case 0: /* success! */
361 if ((lc->lc_class = strdup(name)) != NULL) {
362 if (dir) {
363 (void)seteuid(euid);
364 (void)setegid(egid);
365 }
366 ++lc_object_count;
367 return lc;
368 }
369 msg = "%s: strdup: %m";
370 break;
371 case -2:
372 msg = "%s: retrieving class information: %m";
373 break;
374 case -3:
375 msg = "%s: 'tc=' reference loop '%s'";
376 break;
377 case 1:
378 msg = "couldn't resolve 'tc=' reference in '%s'";
379 break;
380 default:
381 msg = "%s: unexpected cgetent() error '%s': %m";
382 break;
383 }
384 if (dir) {
385 (void)seteuid(euid);
386 (void)setegid(egid);
387 }
388 if (msg != NULL)
389 syslog(LOG_ERR, msg, "login_getclass", name);
390 free(lc);
391 }
392
393 return NULL;
394 }
395
396
397
398 /*
399 * login_getclass()
400 * Get the login class for the system (only) login class database.
401 * Return a filled-out login_cap_t structure, including
402 * class name, and the capability record buffer.
403 */
404
405 login_cap_t *
login_getclass(const char * cls)406 login_getclass(const char *cls)
407 {
408 return login_getclassbyname(cls, NULL);
409 }
410
411
412 /*
413 * login_getpwclass()
414 * Get the login class for a given password entry from
415 * the system (only) login class database.
416 * If the password entry's class field is not set, or
417 * the class specified does not exist, then use the
418 * default of LOGIN_DEFCLASS (i.e., "default") for an unprivileged
419 * user or that of LOGIN_DEFROOTCLASS (i.e., "root") for a super-user.
420 * Return a filled-out login_cap_t structure, including
421 * class name, and the capability record buffer.
422 */
423
424 login_cap_t *
login_getpwclass(const struct passwd * pwd)425 login_getpwclass(const struct passwd *pwd)
426 {
427 const char *cls = NULL;
428
429 if (pwd != NULL) {
430 cls = pwd->pw_class;
431 if (cls == NULL || *cls == '\0')
432 cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS;
433 }
434 /*
435 * XXX: pwd should be unused by login_getclassbyname() unless cls is `me',
436 * so NULL can be passed instead of pwd for more safety.
437 */
438 return login_getclassbyname(cls, pwd);
439 }
440
441
442 /*
443 * login_getuserclass()
444 * Get the `me' login class, allowing user overrides via ~/.login_conf.
445 * Note that user overrides are allowed only in the `me' class.
446 */
447
448 login_cap_t *
login_getuserclass(const struct passwd * pwd)449 login_getuserclass(const struct passwd *pwd)
450 {
451 return login_getclassbyname(LOGIN_MECLASS, pwd);
452 }
453
454
455 /*
456 * login_getcapstr()
457 * Given a login_cap entry, and a capability name, return the
458 * value defined for that capability, a default if not found, or
459 * an error string on error.
460 */
461
462 const char *
login_getcapstr(login_cap_t * lc,const char * cap,const char * def,const char * error)463 login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error)
464 {
465 char *res;
466 int ret;
467
468 if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0')
469 return def;
470
471 if ((ret = cgetstr(lc->lc_cap, cap, &res)) == -1)
472 return def;
473 return (ret >= 0) ? res : error;
474 }
475
476
477 /*
478 * login_getcaplist()
479 * Given a login_cap entry, and a capability name, return the
480 * value defined for that capability split into an array of
481 * strings.
482 */
483
484 const char **
login_getcaplist(login_cap_t * lc,const char * cap,const char * chars)485 login_getcaplist(login_cap_t *lc, const char *cap, const char *chars)
486 {
487 const char *lstring;
488
489 if (chars == NULL)
490 chars = ", \t";
491 if ((lstring = login_getcapstr(lc, cap, NULL, NULL)) != NULL)
492 return arrayize(lstring, chars, NULL);
493 return NULL;
494 }
495
496
497 /*
498 * login_getpath()
499 * From the login_cap_t <lc>, get the capability <cap> which is
500 * formatted as either a space or comma delimited list of paths
501 * and append them all into a string and separate by semicolons.
502 * If there is an error of any kind, return <error>.
503 */
504
505 const char *
login_getpath(login_cap_t * lc,const char * cap,const char * error)506 login_getpath(login_cap_t *lc, const char *cap, const char *error)
507 {
508 const char *str;
509 char *ptr;
510 int count;
511
512 str = login_getcapstr(lc, cap, NULL, NULL);
513 if (str == NULL)
514 return error;
515 ptr = __DECONST(char *, str); /* XXXX Yes, very dodgy */
516 while (*ptr) {
517 count = strcspn(ptr, ", \t");
518 ptr += count;
519 if (*ptr)
520 *ptr++ = ':';
521 }
522 return str;
523 }
524
525
526 static int
isinfinite(const char * s)527 isinfinite(const char *s)
528 {
529 static const char *infs[] = {
530 "infinity",
531 "inf",
532 "unlimited",
533 "unlimit",
534 "-1",
535 NULL
536 };
537 const char **i = &infs[0];
538
539 while (*i != NULL) {
540 if (strcasecmp(s, *i) == 0)
541 return 1;
542 ++i;
543 }
544 return 0;
545 }
546
547
548 static u_quad_t
rmultiply(u_quad_t n1,u_quad_t n2)549 rmultiply(u_quad_t n1, u_quad_t n2)
550 {
551 u_quad_t m, r;
552 int b1, b2;
553
554 static int bpw = 0;
555
556 /* Handle simple cases */
557 if (n1 == 0 || n2 == 0)
558 return 0;
559 if (n1 == 1)
560 return n2;
561 if (n2 == 1)
562 return n1;
563
564 /*
565 * sizeof() returns number of bytes needed for storage.
566 * This may be different from the actual number of useful bits.
567 */
568 if (!bpw) {
569 bpw = sizeof(u_quad_t) * 8;
570 while (((u_quad_t)1 << (bpw-1)) == 0)
571 --bpw;
572 }
573
574 /*
575 * First check the magnitude of each number. If the sum of the
576 * magnatude is way to high, reject the number. (If this test
577 * is not done then the first multiply below may overflow.)
578 */
579 for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1)
580 ;
581 for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2)
582 ;
583 if (b1 + b2 - 2 > bpw) {
584 errno = ERANGE;
585 return (UQUAD_MAX);
586 }
587
588 /*
589 * Decompose the multiplication to be:
590 * h1 = n1 & ~1
591 * h2 = n2 & ~1
592 * l1 = n1 & 1
593 * l2 = n2 & 1
594 * (h1 + l1) * (h2 + l2)
595 * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
596 *
597 * Since h1 && h2 do not have the low bit set, we can then say:
598 *
599 * (h1>>1 * h2>>1 * 4) + ...
600 *
601 * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
602 * overflow.
603 *
604 * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
605 * then adding in residual amout will cause an overflow.
606 */
607
608 m = (n1 >> 1) * (n2 >> 1);
609 if (m >= ((u_quad_t)1 << (bpw-2))) {
610 errno = ERANGE;
611 return (UQUAD_MAX);
612 }
613 m *= 4;
614
615 r = (n1 & n2 & 1)
616 + (n2 & 1) * (n1 & ~(u_quad_t)1)
617 + (n1 & 1) * (n2 & ~(u_quad_t)1);
618
619 if ((u_quad_t)(m + r) < m) {
620 errno = ERANGE;
621 return (UQUAD_MAX);
622 }
623 m += r;
624
625 return (m);
626 }
627
628
629 /*
630 * login_getcaptime()
631 * From the login_cap_t <lc>, get the capability <cap>, which is
632 * formatted as a time (e.g., "<cap>=10h3m2s"). If <cap> is not
633 * present in <lc>, return <def>; if there is an error of some kind,
634 * return <error>.
635 */
636
637 rlim_t
login_getcaptime(login_cap_t * lc,const char * cap,rlim_t def,rlim_t error)638 login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
639 {
640 char *res, *ep, *oval;
641 int r;
642 rlim_t tot;
643
644 errno = 0;
645 if (lc == NULL || lc->lc_cap == NULL)
646 return def;
647
648 /*
649 * Look for <cap> in lc_cap.
650 * If it's not there (-1), return <def>.
651 * If there's an error, return <error>.
652 */
653
654 if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1)
655 return def;
656 else if (r < 0)
657 return error;
658
659 /* "inf" and "infinity" are special cases */
660 if (isinfinite(res))
661 return RLIM_INFINITY;
662
663 /*
664 * Now go through the string, turning something like 1h2m3s into
665 * an integral value. Whee.
666 */
667
668 errno = 0;
669 tot = 0;
670 oval = res;
671 while (*res) {
672 rlim_t tim = strtoq(res, &ep, 0);
673 rlim_t mult = 1;
674
675 if (ep == NULL || ep == res || errno != 0) {
676 invalid:
677 syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s",
678 lc->lc_class, cap, oval);
679 errno = ERANGE;
680 return error;
681 }
682 /* Look for suffixes */
683 switch (*ep++) {
684 case 0:
685 ep--;
686 break; /* end of string */
687 case 's': case 'S': /* seconds */
688 break;
689 case 'm': case 'M': /* minutes */
690 mult = 60;
691 break;
692 case 'h': case 'H': /* hours */
693 mult = 60L * 60L;
694 break;
695 case 'd': case 'D': /* days */
696 mult = 60L * 60L * 24L;
697 break;
698 case 'w': case 'W': /* weeks */
699 mult = 60L * 60L * 24L * 7L;
700 break;
701 case 'y': case 'Y': /* 365-day years */
702 mult = 60L * 60L * 24L * 365L;
703 break;
704 default:
705 goto invalid;
706 }
707 res = ep;
708 tot += rmultiply(tim, mult);
709 if (errno)
710 goto invalid;
711 }
712
713 return tot;
714 }
715
716
717 /*
718 * login_getcapnum()
719 * From the login_cap_t <lc>, extract the numerical value <cap>.
720 * If it is not present, return <def> for a default, and return
721 * <error> if there is an error.
722 * Like login_getcaptime(), only it only converts to a number, not
723 * to a time; "infinity" and "inf" are 'special.'
724 */
725
726 rlim_t
login_getcapnum(login_cap_t * lc,const char * cap,rlim_t def,rlim_t error)727 login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
728 {
729 char *ep, *res;
730 int r;
731 rlim_t val;
732
733 if (lc == NULL || lc->lc_cap == NULL)
734 return def;
735
736 /*
737 * For BSDI compatibility, try for the tag=<val> first
738 */
739 r = cgetstr(lc->lc_cap, cap, &res);
740 if (r == -1) {
741 long lval;
742 /* string capability not present, so try for tag#<val> as numeric */
743 if ((r = cgetnum(lc->lc_cap, cap, &lval)) == -1)
744 return def; /* Not there, so return default */
745 else if (r < 0)
746 return error;
747 else
748 return (rlim_t)lval;
749 } else if (r < 0)
750 return error;
751
752 if (isinfinite(res))
753 return RLIM_INFINITY;
754
755 errno = 0;
756 val = strtoq(res, &ep, 0);
757 if (ep == NULL || ep == res || errno != 0) {
758 syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s",
759 lc->lc_class, cap, res);
760 errno = ERANGE;
761 return error;
762 }
763
764 return val;
765 }
766
767 /*
768 * Extract a string capability expected to hold a specific value from a list.
769 *
770 * 'values' must be a NULL-terminated array of strings listing the possible
771 * values.
772 *
773 * A non-negative return code indicates success, and is the index of the value
774 * in 'values' the capability is set to.
775 *
776 * Negative return codes indicate an error:
777 * -4: 'lc' or 'cap' insufficiently initialized or not valid.
778 * -3: System error (allocation failure).
779 * -2: Capability not found or not a string.
780 * -1: Capability has a string value, but not one listed in 'values'.
781 */
782 int
login_getcapenum(login_cap_t * lc,const char * cap,const char * const * values)783 login_getcapenum(login_cap_t *lc, const char *cap, const char * const *values)
784 {
785 int ret, i;
786 char *cand;
787 const char * const *val;
788
789 if (lc == NULL || lc->lc_cap == NULL || cap == NULL || *cap == '\0')
790 return (-4);
791
792 ret = cgetstr(lc->lc_cap, cap, &cand);
793
794 if (ret == -1)
795 /* Cap not found. */
796 return (-2);
797 else if (ret < 0)
798 /* System error (normally, allocation failure). */
799 return (-3);
800
801 ret = -1;
802
803 for (i = 0, val = values; *val != NULL; val++)
804 if (strcmp(cand, *val) == 0) {
805 ret = i;
806 break;
807 }
808
809 free(cand);
810 return (ret);
811 }
812
813
814
815 /*
816 * login_getcapsize()
817 * From the login_cap_t <lc>, extract the capability <cap>, which is
818 * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
819 * If not present, return <def>, or <error> if there is an error of
820 * some sort.
821 */
822
823 rlim_t
login_getcapsize(login_cap_t * lc,const char * cap,rlim_t def,rlim_t error)824 login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
825 {
826 char *ep, *res, *oval;
827 int r;
828 rlim_t tot;
829
830 if (lc == NULL || lc->lc_cap == NULL)
831 return def;
832
833 if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1)
834 return def;
835 else if (r < 0)
836 return error;
837
838 if (isinfinite(res))
839 return RLIM_INFINITY;
840
841 errno = 0;
842 tot = 0;
843 oval = res;
844 while (*res) {
845 rlim_t siz = strtoq(res, &ep, 0);
846 rlim_t mult = 1;
847
848 if (ep == NULL || ep == res || errno != 0) {
849 invalid:
850 syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s",
851 lc->lc_class, cap, oval);
852 errno = ERANGE;
853 return error;
854 }
855 switch (*ep++) {
856 case 0: /* end of string */
857 ep--;
858 break;
859 case 'b': case 'B': /* 512-byte blocks */
860 mult = 512;
861 break;
862 case 'k': case 'K': /* 1024-byte Kilobytes */
863 mult = 1024;
864 break;
865 case 'm': case 'M': /* 1024-k kbytes */
866 mult = 1024 * 1024;
867 break;
868 case 'g': case 'G': /* 1Gbyte */
869 mult = 1024 * 1024 * 1024;
870 break;
871 case 't': case 'T': /* 1TBte */
872 mult = 1024LL * 1024LL * 1024LL * 1024LL;
873 break;
874 default:
875 goto invalid;
876 }
877 res = ep;
878 tot += rmultiply(siz, mult);
879 if (errno)
880 goto invalid;
881 }
882
883 return tot;
884 }
885
886
887 /*
888 * login_getcapbool()
889 * From the login_cap_t <lc>, check for the existence of the capability
890 * of <cap>. Return <def> if <lc>->lc_cap is NULL, otherwise return
891 * the whether or not <cap> exists there.
892 */
893
894 int
login_getcapbool(login_cap_t * lc,const char * cap,int def)895 login_getcapbool(login_cap_t *lc, const char *cap, int def)
896 {
897 if (lc == NULL || lc->lc_cap == NULL)
898 return def;
899 return (cgetcap(lc->lc_cap, cap, ':') != NULL);
900 }
901
902
903 /*
904 * login_getstyle()
905 * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
906 * and optionally a style <style>, find the style that best suits these
907 * rules:
908 * 1. If <auth> is non-null, look for an "auth-<auth>=" string
909 * in the capability; if not present, default to "auth=".
910 * 2. If there is no auth list found from (1), default to
911 * "passwd" as an authorization list.
912 * 3. If <style> is non-null, look for <style> in the list of
913 * authorization methods found from (2); if <style> is NULL, default
914 * to LOGIN_DEFSTYLE ("passwd").
915 * 4. If the chosen style is found in the chosen list of authorization
916 * methods, return that; otherwise, return NULL.
917 * E.g.:
918 * login_getstyle(lc, NULL, "ftp");
919 * login_getstyle(lc, "login", NULL);
920 * login_getstyle(lc, "skey", "network");
921 */
922
923 const char *
login_getstyle(login_cap_t * lc,const char * style,const char * auth)924 login_getstyle(login_cap_t *lc, const char *style, const char *auth)
925 {
926 int i;
927 const char **authtypes = NULL;
928 char *auths= NULL;
929 char realauth[64];
930
931 static const char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL };
932
933 if (auth != NULL && *auth != '\0') {
934 if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < (int)sizeof(realauth))
935 authtypes = login_getcaplist(lc, realauth, NULL);
936 }
937
938 if (authtypes == NULL)
939 authtypes = login_getcaplist(lc, "auth", NULL);
940
941 if (authtypes == NULL)
942 authtypes = defauthtypes;
943
944 /*
945 * We have at least one authtype now; auths is a comma-separated
946 * (or space-separated) list of authentication types. We have to
947 * convert from this to an array of char*'s; authtypes then gets this.
948 */
949 i = 0;
950 if (style != NULL && *style != '\0') {
951 while (authtypes[i] != NULL && strcmp(style, authtypes[i]) != 0)
952 i++;
953 }
954
955 lc->lc_style = NULL;
956 if (authtypes[i] != NULL && (auths = strdup(authtypes[i])) != NULL)
957 lc->lc_style = auths;
958
959 if (lc->lc_style != NULL)
960 lc->lc_style = strdup(lc->lc_style);
961
962 return lc->lc_style;
963 }
964