source: TI05-delivery/trunk/src/bbftp-server-3.2.0/bbftpd/bbftpd_cert.c @ 773

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/trunk/src/bbftp-server-3.2.0/bbftpd/bbftpd_cert.c@773
Revision 773, 7.1 KB checked in by spascoe, 14 years ago (diff)

Initial import of bbftp source

Line 
1/*
2 * bbftpd/bbftpd_cert.c
3 * Copyright (C) 1999, 2000, 2001, 2002 IN2P3, CNRS
4 * bbftp@in2p3.fr
5 * http://doc.in2p3.fr/bbftp
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
20 */ 
21
22/****************************************************************************
23
24 
25 
26 bbftpd_cert.c   v 2.2.0 2001/10/03  - Routines creation
27
28*****************************************************************************/
29#include <bbftpd.h>
30
31#include <errno.h>
32#include <netinet/in.h>
33#include <pwd.h>
34#include <stdio.h>
35#include <syslog.h>
36#include <sys/socket.h>
37#if TIME_WITH_SYS_TIME
38# include <sys/time.h>
39# include <time.h>
40#else
41# if HAVE_SYS_TIME_H
42#  include <sys/time.h>
43# else
44#  include <time.h>
45# endif
46#endif
47#include <utime.h>
48#if HAVE_STRING_H
49# include <string.h>
50#endif
51
52#include <config.h>
53#include <common.h>
54#include <daemon_proto.h>
55#include <daemon.h>
56#include <structures.h>
57#include <version.h>
58#include <gssapi.h>
59#include <gfw.h>
60
61extern  int             incontrolsock ;
62extern  int             outcontrolsock ;
63extern  int                 recvcontrolto ;
64extern  char            currentusername[MAXLEN] ;
65extern  gss_cred_id_t   server_creds;
66
67/*******************************************************************************
68** bbftpd_cert_receive_connection :                                                *
69**                                                                             *
70**      This routine is called when a connection occurs in certificate         *
71**      authentication mode. It receives the plublic key of the client and     *
72**      calls the GSS Framework (GFW) api to validate the connection           *
73**      routine returns 0 to set up correctly the global parameters            *
74**                                                                             *
75**      OUPUT variable :                                                       *
76**          logmessage :  to write the error message in case of error          *
77**                                                                             *
78**      GLOBAL VARIABLE USED :                                                 *                                                                      *
79**          hisrsa              MODIFIED                                       *
80**                                                                             *
81**                                                                             *
82**      RETURN:                                                                *
83**          -1  Unrecoverable error                                            *
84**           0  OK                                                             *
85**                                                                             *
86*******************************************************************************/
87int bbftpd_cert_receive_connection(int msglen) 
88{
89
90    char    logmessage[1024] ;
91    char    *username ;
92    struct    passwd    *uspass ;
93    gss_buffer_desc client_name;
94    OM_uint32 min_stat, maj_stat;
95
96    sprintf(logmessage,"bbftpd version %s",VERSION) ;
97
98        maj_stat = gfw_accept_sec_context(&min_stat, incontrolsock, outcontrolsock, server_creds, &client_name);
99    if (maj_stat != GSS_S_COMPLETE) {
100        gfw_msgs_list *messages = NULL;
101        gfw_status_to_strings(maj_stat, min_stat, &messages) ;
102        strcat(logmessage, " : ");
103        strcat(logmessage, messages->msg);
104        while (messages != NULL) {
105            syslog(BBFTPD_ERR,"gfw_accept_sec_context failed: %s", messages->msg) ;
106            messages = messages->next;
107        }
108        reply(MSG_BAD_NO_RETRY,logmessage) ;
109        return -1;
110        }
111       
112    syslog(BBFTPD_INFO,"Checked certificate : \"%s\"",(char *)client_name.value) ;
113        /*
114        ** Map cert with local user
115        */
116        if (globus_gss_assist_gridmap((char *)client_name.value, &username) != 0) {
117        syslog(BBFTPD_ERR,"mapping failed for: %s",(char *)client_name.value) ;
118                strcat(logmessage, " : grid mapping failed");
119        reply(MSG_BAD_NO_RETRY,logmessage) ;
120        return -1 ;
121        }
122        syslog(BBFTPD_INFO, "Mapfile user is:%s", username);
123    /*
124    ** Here we check the username and pass and set the default dir
125    */
126    if ( (uspass = getpwnam(username)) == NULL ) {
127        syslog(BBFTPD_ERR,"%s is not a local user",username) ;
128        strcat(logmessage," : You need an account on the server") ;
129        reply(MSG_BAD_NO_RETRY,logmessage) ;
130        return -1 ;
131    }
132    /*
133    ** Set the uid and gid of the process
134    */
135    if ( setgid(uspass->pw_gid) < 0 ) {
136        syslog(BBFTPD_ERR,"Error setgid user %s : %s",username,strerror(errno)) ;
137        strcat(logmessage," : Cannot set gid: ") ;
138        strcat(logmessage,strerror(errno));
139        reply(MSG_BAD,logmessage) ;
140        return -1 ;
141    }
142    if ( setuid(uspass->pw_uid) < 0 ) {
143        syslog(BBFTPD_ERR,"Error setuid user %s : %s",username,strerror(errno)) ;
144        strcat(logmessage," : Cannot set uid: ") ;
145        strcat(logmessage,strerror(errno));
146        reply(MSG_BAD,logmessage) ;
147        return -1 ;
148    }
149    if ( uspass->pw_dir == NULL ) {
150        syslog(BBFTPD_ERR,"No home directory for user %s : %s",username,strerror(errno)) ;
151        strcat(logmessage," : You need a home directory on the server") ;
152        reply(MSG_BAD,logmessage) ;
153        return -1 ;
154    }
155    /*
156    ** Try to cd into home directory. If permission denied (ie no AFS token)
157    ** try to cd into "/tmp"
158    */
159    if ( chdir(uspass->pw_dir) < 0) {
160        if ( errno == EACCES) {
161            syslog(BBFTPD_WARNING,"Permission denied on user %s home directory: using /tmp",username) ;
162            if ( chdir("/tmp") < 0) {
163                syslog(BBFTPD_ERR,"Cannot cd into /tmp: %s",strerror(errno)) ;
164                strcat(logmessage," : Cannot access home directory nor /tmp") ;
165                reply(MSG_BAD,logmessage) ;
166                return -1 ;
167            }
168            strcat(logmessage," : Home directory not accessible, /tmp used instead") ;
169            syslog(BBFTPD_INFO,"User %s connected",username) ;
170            strcpy(currentusername,username) ;
171            reply(MSG_WARN,logmessage) ;
172            return 1 ;
173        } else {
174            syslog(BBFTPD_ERR,"Cannot cd into user %s home directory: %s",username,strerror(errno)) ;
175            strcat(logmessage," : Cannot access home directory: ") ;
176            strcat(logmessage,strerror(errno));
177            reply(MSG_BAD,logmessage) ;
178            return -1 ;
179        }
180    }
181               
182    syslog(BBFTPD_INFO,"User %s connected",username) ;
183    strcpy(currentusername,username) ;
184    return 0 ;
185}
186
Note: See TracBrowser for help on using the repository browser.