Attachment #24846 for bug #62001

View | Details | Raw Unified | Return to bug 62001
Collapse All | Expand All




static int	sane(const char *);
static int	wildmatch(const char *, const char *);

static struct conn *	the_connection;

int
rsm_connect(void)
{
	if (the_connection)
		rsm_disconnect();
	the_connection = rsm_connect_to(_PATH_RESMGR_SOCKET);
	return the_connection? 0 : -1;
}

int
rsm_disconnect(void)
{
	if (the_connection) {
		rsm_close(the_connection);
		the_connection = NULL;
	}
	return 0;
}

static int
rsm_command(int *code, const char *fmt, ...)

	*code = 0;

	va_start(ap, fmt);

	if (!(conn = the_connection)
	 && !(conn = rsm_connect_to(_PATH_RESMGR_SOCKET))) {
		syslog(LOG_NOTICE, "resmgr: unable to connect to resmgrd: %m");
		goto out;
	}

	if (rsm_vprintf(conn, fmt, ap) < 0
	 || (*code = rsm_recv_response(conn)) < 0) {
		syslog(LOG_NOTICE, "resmgr: communication failure: %m");
		goto out;

	else
		fd = 0;

out:	if (conn != the_connection)
		rsm_close(conn);
	va_end(ap);
	return fd;
}

		wildcard = s;
	}

	if ((conn = rsm_connect_to(_PATH_RESMGR_SOCKET))
	 && rsm_printf(conn, "list %s", family) >= 0)
		result = rsm_recv_multiline(conn, rsm_frob_device, wildcard);


	struct conn	*conn;
	char		**result = NULL;

	if ((conn = rsm_connect_to(_PATH_RESMGR_SOCKET))
	 && rsm_printf(conn, "sessions") >= 0)
		result = rsm_recv_multiline(conn, NULL, NULL);


rsm_open_device(const char *pathname, int flags)
{
	return rsm_open_device_as(NULL, pathname, flags);
}

int
rsm_open_socket(const char *pathname)
{
	return rsm_open_device_as("socket", pathname, O_RDWR);
}



Lines 19-25 Link Here

(-)conn.c (-1 / +3 lines)
19	#include <grp.h>	19	#include <grp.h>
20		20
21	struct conn *	21	struct conn *
22	rsm_connect(const char *path)	22	rsm_connect_to(const char *path)
23	{	23	{
24	struct sockaddr_un un;	24	struct sockaddr_un un;
25	struct conn *conn;	25	struct conn *conn;
Lines 38-43 Link Here
38	strcpy(un.sun_path, path);	38	strcpy(un.sun_path, path);
39	if (connect(conn->fd, (struct sockaddr *) &un, SUN_LEN(&un)) < 0)	39	if (connect(conn->fd, (struct sockaddr *) &un, SUN_LEN(&un)) < 0)
40	goto fail;	40	goto fail;
		41
		42	fcntl(conn->fd, F_SETFD, FD_CLOEXEC);
41		43
42	return conn;	44	return conn;
43		45




	name = argv[1];
	id = argv[2];

	if (!(user = res_user_get(name)))
		user = res_user_create(name);
		if (strcmp(user->name, name)) {
			msg_log("User %s attempted to log in as %s\n",
					user->name, name);
			respond(conn, MSG_DENIED,
					"you are not allowed to do this");
			return;
		}
	} else {
		if (!(user = res_user_get(name)))
			user = res_user_create(name);
	}

	user->refcnt++;

	if (user->nsessions > MAX_USER_SESSIONS) {

	unsigned int	min_args, max_args;
	unsigned int	privileged;
} resmgr_commands[] = {
      { "login",	cmd_login,		2,	2,	1	},
      { "logout",	cmd_logout,		1,	1,	0	},
      { "grant",	cmd_grant,		2,	2,	1	},
      { "revoke",	cmd_revoke,		1,	2,	1	},




#include "protocol.h"


/*
 * If the application runs the session function as non-root user (as e.g.
 * sshd does) we need to connect during the auth stage so the connection
 * will appear to be from the root user.
 */
int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	rsm_connect();
	return PAM_SUCCESS;
}

int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{

		}
	}

	rsm_disconnect();
	return PAM_SUCCESS;
}


Lines 40-46 Link Here

(-)protocol.h (-1 / +1 lines)
40	char buffer[256];	40	char buffer[256];
41	};	41	};
42		42
43	extern struct conn * rsm_connect(const char *);	43	extern struct conn * rsm_connect_to(const char *);
44	extern int rsm_recv(struct conn , char , unsigned int);	44	extern int rsm_recv(struct conn , char , unsigned int);
45	extern int rsm_recv_response(struct conn *);	45	extern int rsm_recv_response(struct conn *);
46	extern int rsm_send(struct conn , const char , size_t);	46	extern int rsm_send(struct conn , const char , size_t);

Lines 57-63 Link Here

(-)resmgr.c (-1 / +1 lines)
57	}	57	}
58	}	58	}
59		59
60	conn = rsm_connect(opt_socket);	60	conn = rsm_connect_to(opt_socket);
61	if (conn == 0) {	61	if (conn == 0) {
62	perror("Unable to connect to resource manager");	62	perror("Unable to connect to resource manager");
63	return 1;	63	return 1;

Lines 16-21 Link Here

(-)resmgr.h (+5 lines)
16	*/	16	*/
17	extern char ** rsm_list_devices(const char *family);	17	extern char ** rsm_list_devices(const char *family);
18	extern int rsm_open_device(const char *pathname, int flags);	18	extern int rsm_open_device(const char *pathname, int flags);
		19	extern int rsm_open_socket(const char *pathname);
19	extern int rsm_open_device_as(const char *family,	20	extern int rsm_open_device_as(const char *family,
20	const char *pathname, int flags);	21	const char *pathname, int flags);
21	extern int rsm_login(const char user, const char id);	22	extern int rsm_login(const char user, const char id);
Lines 30-35 Link Here
30		31
31	extern int rsm_glob(const char *pattern,	32	extern int rsm_glob(const char *pattern,
32	const char name, const char name_end);	33	const char name, const char name_end);
		34
		35	/* These are optional */
		36	extern int rsm_connect(void);
		37	extern int rsm_disconnect(void);
33		38
34	#ifdef __cplusplus	39	#ifdef __cplusplus
35	}	40	}




	fp->filename = (char *) (fp + 1);
	strcpy(fp->filename, name);

	fp->type = -1;
	if ((sp = strrchr(fp->filename, ';')) != NULL) {
		*sp++ = '\0';
		if (!strcasecmp(sp, "dgram")) {

	return !strcmp(fp->filename, dev->name);
}

/*
 * Open a socket and connect
 */
static int
do_connect(int type, const char *path)
{
	struct sockaddr_un	sun;
	res_socket_name_t	*fp = (res_socket_name_t *) np;
	int			fd, oerrno;

	if ((fd = socket(PF_LOCAL, type, 0)) < 0)
		return -1;

	memset(&sun, 0, sizeof(sun));
	sun.sun_family = AF_LOCAL;
	strncpy(sun.sun_path, path, sizeof(sun.sun_path)-1);

	if (connect(fd, (struct sockaddr *) &sun, sizeof(sun)) < 0) {
		oerrno = errno;
		close(fd);
		errno = oerrno;
		return -1;
	}

	return fd;
}

int
res_socket_open(res_name_t *np, int flags)
{
	res_socket_name_t	*fp = (res_socket_name_t *) np;
	int			fd;

	if (fp->type >= 0) {
		fd = do_connect(fp->type, fp->filename);
	} else if ((fd = do_connect(SOCK_STREAM, fp->filename)) < 0) {
		fd = do_connect(SOCK_DGRAM, fp->filename);
	}

	return fd;

Lines 34-40 Link Here

(-)tester.c (-1 / +1 lines)
34	return 1;	34	return 1;
35	}	35	}
36		36
37	conn = rsm_connect(argc == 2? argv[1] : _PATH_RESMGR_SOCKET);	37	conn = rsm_connect_to(argc == 2? argv[1] : _PATH_RESMGR_SOCKET);
38	if (conn == 0) {	38	if (conn == 0) {
39	perror("Unable to connect to resource manager");	39	perror("Unable to connect to resource manager");
40	return 1;	40	return 1;

Lines 7-12 Link Here

(-)doc/resmgr.3 (+5 lines)
7	.sp	7	.sp
8	.BI "char *rsm_list_devices(const char " family ");	8	.BI "char *rsm_list_devices(const char " family ");
9	.BI "int rsm_open_device(const char *" pathname ", int " flags ");	9	.BI "int rsm_open_device(const char *" pathname ", int " flags ");
		10	.BI "int rsm_open_socket(const char *" pathname ");
10	.BI "int rsm_open_device_as(const char " family ", const char " pathname ",	11	.BI "int rsm_open_device_as(const char " family ", const char " pathname ",
11	.BI " int " flags ");	12	.BI " int " flags ");
12	.BI "int rsm_login(const char " user ", const char " id ");	13	.BI "int rsm_login(const char " user ", const char " id ");
Lines 64-69 Link Here
64	is not supported; the resource manager will silently use	65	is not supported; the resource manager will silently use
65	.B O_RDWR	66	.B O_RDWR
66	instead.	67	instead.
		68	.TP
		69	.BI "int rsm_open_socket(const char *" pathname")
		70	This function will open a local socket and connect to the
		71	named path.
67	.TP	72	.TP
68	.BI "int rsm_open_device_as(const char *" family ",	73	.BI "int rsm_open_device_as(const char *" family ",
69	.ti +16	74	.ti +16

Return to bug 62001

Lines 249-268 Link Here

(-)main.c (-15 / +3 lines)
249	name = argv[1];	249	name = argv[1];
250	id = argv[2];	250	id = argv[2];
251		251
252	if (conn->cred.uid) {	252	if (!(user = res_user_get(name)))
253	user = conn->ruser;	253	user = res_user_create(name);
254	if (strcmp(user->name, name)) {
255	msg_log("User %s attempted to log in as %s\n",
256	user->name, name);
257	respond(conn, MSG_DENIED,
258	"you are not allowed to do this");
259	return;
260	}
261	} else {
262	if (!(user = res_user_get(name)))
263	user = res_user_create(name);
264	}
265
266	user->refcnt++;	254	user->refcnt++;
267		255
268	if (user->nsessions > MAX_USER_SESSIONS) {	256	if (user->nsessions > MAX_USER_SESSIONS) {
Lines 583-589 Link Here
583	unsigned int min_args, max_args;	571	unsigned int min_args, max_args;
584	unsigned int privileged;	572	unsigned int privileged;
585	} resmgr_commands[] = {	573	} resmgr_commands[] = {
586	{ "login", cmd_login, 2, 2, 0 },	574	{ "login", cmd_login, 2, 2, 1 },
587	{ "logout", cmd_logout, 1, 1, 0 },	575	{ "logout", cmd_logout, 1, 1, 0 },
588	{ "grant", cmd_grant, 2, 2, 1 },	576	{ "grant", cmd_grant, 2, 2, 1 },
589	{ "revoke", cmd_revoke, 1, 2, 1 },	577	{ "revoke", cmd_revoke, 1, 2, 1 },

Lines 51-57 Link Here

(-)socket.c (-6 / +23 lines)
51	fp->filename = (char *) (fp + 1);	51	fp->filename = (char *) (fp + 1);
52	strcpy(fp->filename, name);	52	strcpy(fp->filename, name);
53		53
54	fp->type = SOCK_STREAM;	54	fp->type = -1;
55	if ((sp = strrchr(fp->filename, ';')) != NULL) {	55	if ((sp = strrchr(fp->filename, ';')) != NULL) {
56	*sp++ = '\0';	56	*sp++ = '\0';
57	if (!strcasecmp(sp, "dgram")) {	57	if (!strcasecmp(sp, "dgram")) {
Lines 89-113 Link Here
89	return !strcmp(fp->filename, dev->name);	89	return !strcmp(fp->filename, dev->name);
90	}	90	}
91		91
92	int	92	/*
93	res_socket_open(res_name_t *np, int flags)	93	* Open a socket and connect
		94	*/
		95	static int
		96	do_connect(int type, const char *path)
94	{	97	{
95	struct sockaddr_un sun;	98	struct sockaddr_un sun;
96	res_socket_name_t fp = (res_socket_name_t ) np;
97	int fd, oerrno;	99	int fd, oerrno;
98		100
99	if ((fd = socket(PF_LOCAL, fp->type, 0)) < 0)	101	if ((fd = socket(PF_LOCAL, type, 0)) < 0)
100	return -1;	102	return -1;
101		103
102	memset(&sun, 0, sizeof(sun));	104	memset(&sun, 0, sizeof(sun));
103	sun.sun_family = AF_LOCAL;	105	sun.sun_family = AF_LOCAL;
104	strncpy(sun.sun_path, fp->filename, sizeof(sun.sun_path)-1);	106	strncpy(sun.sun_path, path, sizeof(sun.sun_path)-1);
105		107
106	if (connect(fd, (struct sockaddr *) &sun, sizeof(sun)) < 0) {	108	if (connect(fd, (struct sockaddr *) &sun, sizeof(sun)) < 0) {
107	oerrno = errno;	109	oerrno = errno;
108	close(fd);	110	close(fd);
109	errno = oerrno;	111	errno = oerrno;
110	return -1;	112	return -1;
		113	}
		114
		115	return fd;
		116	}
		117
		118	int
		119	res_socket_open(res_name_t *np, int flags)
		120	{
		121	res_socket_name_t fp = (res_socket_name_t ) np;
		122	int fd;
		123
		124	if (fp->type >= 0) {
		125	fd = do_connect(fp->type, fp->filename);
		126	} else if ((fd = do_connect(SOCK_STREAM, fp->filename)) < 0) {
		127	fd = do_connect(SOCK_DGRAM, fp->filename);
111	}	128	}
112		129
113	return fd;	130	return fd;

Lines 17-22 Link Here

(-)client.c (-5 / +38 lines)
17	static int sane(const char *);	17	static int sane(const char *);
18	static int wildmatch(const char , const char );	18	static int wildmatch(const char , const char );
19		19
		20	static struct conn * the_connection;
		21
		22	int
		23	rsm_connect(void)
		24	{
		25	if (the_connection)
		26	rsm_disconnect();
		27	the_connection = rsm_connect_to(_PATH_RESMGR_SOCKET);
		28	return the_connection? 0 : -1;
		29	}
		30
		31	int
		32	rsm_disconnect(void)
		33	{
		34	if (the_connection) {
		35	rsm_close(the_connection);
		36	the_connection = NULL;
		37	}
		38	return 0;
		39	}
20		40
21	static int	41	static int
22	rsm_command(int code, const char fmt, ...)	42	rsm_command(int code, const char fmt, ...)
Lines 30-37 Link Here
30	*code = 0;	50	*code = 0;
31		51
32	va_start(ap, fmt);	52	va_start(ap, fmt);
33	if (!(conn = rsm_connect(_PATH_RESMGR_SOCKET))	53
34	\|\| rsm_vprintf(conn, fmt, ap) < 0	54	if (!(conn = the_connection)
		55	&& !(conn = rsm_connect_to(_PATH_RESMGR_SOCKET))) {
		56	syslog(LOG_NOTICE, "resmgr: unable to connect to resmgrd: %m");
		57	goto out;
		58	}
		59
		60	if (rsm_vprintf(conn, fmt, ap) < 0
35	\|\| (*code = rsm_recv_response(conn)) < 0) {	61	\|\| (*code = rsm_recv_response(conn)) < 0) {
36	syslog(LOG_NOTICE, "resmgr: communication failure: %m");	62	syslog(LOG_NOTICE, "resmgr: communication failure: %m");
37	goto out;	63	goto out;
Lines 45-51 Link Here
45	else	71	else
46	fd = 0;	72	fd = 0;
47		73
48	out: rsm_close(conn);	74	out: if (conn != the_connection)
		75	rsm_close(conn);
49	va_end(ap);	76	va_end(ap);
50	return fd;	77	return fd;
51	}	78	}
Lines 138-144 Link Here
138	wildcard = s;	165	wildcard = s;
139	}	166	}
140		167
141	if ((conn = rsm_connect(_PATH_RESMGR_SOCKET))	168	if ((conn = rsm_connect_to(_PATH_RESMGR_SOCKET))
142	&& rsm_printf(conn, "list %s", family) >= 0)	169	&& rsm_printf(conn, "list %s", family) >= 0)
143	result = rsm_recv_multiline(conn, rsm_frob_device, wildcard);	170	result = rsm_recv_multiline(conn, rsm_frob_device, wildcard);
144		171
Lines 152-158 Link Here
152	struct conn *conn;	179	struct conn *conn;
153	char **result = NULL;	180	char **result = NULL;
154		181
155	if ((conn = rsm_connect(_PATH_RESMGR_SOCKET))	182	if ((conn = rsm_connect_to(_PATH_RESMGR_SOCKET))
156	&& rsm_printf(conn, "sessions") >= 0)	183	&& rsm_printf(conn, "sessions") >= 0)
157	result = rsm_recv_multiline(conn, NULL, NULL);	184	result = rsm_recv_multiline(conn, NULL, NULL);
158		185
Lines 204-209 Link Here
204	rsm_open_device(const char *pathname, int flags)	231	rsm_open_device(const char *pathname, int flags)
205	{	232	{
206	return rsm_open_device_as(NULL, pathname, flags);	233	return rsm_open_device_as(NULL, pathname, flags);
		234	}
		235
		236	int
		237	rsm_open_socket(const char *pathname)
		238	{
		239	return rsm_open_device_as("socket", pathname, O_RDWR);
207	}	240	}
208		241
209		242

Lines 14-19 Link Here

(-)pam_resmgr.c (+13 lines)
14	#include "protocol.h"	14	#include "protocol.h"
15		15
16		16
		17	/*
		18	* If the application runs the session function as non-root user (as e.g.
		19	* sshd does) we need to connect during the auth stage so the connection
		20	* will appear to be from the root user.
		21	*/
		22	int
		23	pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char *argv)
		24	{
		25	rsm_connect();
		26	return PAM_SUCCESS;
		27	}
		28
17	int	29	int
18	pam_sm_open_session(pam_handle_t pamh, int flags, int argc, const char *argv)	30	pam_sm_open_session(pam_handle_t pamh, int flags, int argc, const char *argv)
19	{	31	{
Lines 60-65 Link Here
60	}	72	}
61	}	73	}
62		74
		75	rsm_disconnect();
63	return PAM_SUCCESS;	76	return PAM_SUCCESS;
64	}	77	}
65		78