nut/server/user.c

492 lines
8.7 KiB
C
Raw Permalink Normal View History

2010-03-25 23:20:59 +00:00
/* user.c - user handling functions for upsd
Copyright (C) 2001 Russell Kroll <rkroll@exploits.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "common.h"
#include "parseconf.h"
#include "user.h"
#include "user-data.h"
ulist_t *users = NULL;
static ulist_t *curr_user;
/* create a new user entry */
static void user_add(const char *un)
{
ulist_t *tmp, *last = NULL;
if (!un) {
return;
}
for (tmp = users; tmp != NULL; tmp = tmp->next) {
last = tmp;
if (!strcmp(tmp->username, un)) {
fprintf(stderr, "Ignoring duplicate user %s\n", un);
return;
}
}
tmp = xcalloc(1, sizeof(*tmp));
tmp->username = xstrdup(un);
if (last) {
last->next = tmp;
} else {
users = tmp;
}
/* remember who we're working on */
curr_user = tmp;
}
/* set password */
static void user_password(const char *pw)
{
if (!curr_user) {
upslogx(LOG_WARNING, "Ignoring password definition outside "
"user section");
return;
}
if (!pw) {
return;
}
if (curr_user->password) {
fprintf(stderr, "Ignoring duplicate password for %s\n",
curr_user->username);
return;
}
curr_user->password = xstrdup(pw);
}
/* attach allowed instcmds to user */
static void user_add_instcmd(const char *cmd)
{
instcmdlist_t *tmp, *last = NULL;
if (!curr_user) {
upslogx(LOG_WARNING, "Ignoring instcmd definition outside "
"user section");
return;
}
if (!cmd) {
return;
}
for (tmp = curr_user->firstcmd; tmp != NULL; tmp = tmp->next) {
last = tmp;
/* ignore duplicates */
if (!strcasecmp(tmp->cmd, cmd)) {
return;
}
}
tmp = xcalloc(1, sizeof(*tmp));
tmp->cmd = xstrdup(cmd);
if (last) {
last->next = tmp;
} else {
curr_user->firstcmd = tmp;
}
}
static actionlist_t *addaction(actionlist_t *base, const char *action)
{
actionlist_t *tmp, *last = NULL;
if (!action) {
return base;
}
for (tmp = base; tmp != NULL; tmp = tmp->next) {
last = tmp;
}
tmp = xcalloc(1, sizeof(*tmp));
tmp->action = xstrdup(action);
if (last) {
last->next = tmp;
return base;
}
return tmp;
}
/* attach allowed actions to user */
static void user_add_action(const char *act)
{
if (!curr_user) {
upslogx(LOG_WARNING, "Ignoring action definition outside "
"user section");
return;
}
curr_user->firstaction = addaction(curr_user->firstaction, act);
}
static void flushcmd(instcmdlist_t *ptr)
{
if (!ptr) {
return;
}
flushcmd(ptr->next);
free(ptr->cmd);
free(ptr);
}
static void flushaction(actionlist_t *ptr)
{
if (!ptr) {
return;
}
flushaction(ptr->next);
free(ptr->action);
free(ptr);
}
static void flushuser(ulist_t *ptr)
{
if (!ptr) {
return;
}
flushuser(ptr->next);
flushcmd(ptr->firstcmd);
flushaction(ptr->firstaction);
free(ptr->username);
free(ptr->password);
free(ptr);
}
/* flush all user attributes - used during reload */
void user_flush(void)
{
flushuser(users);
users = NULL;
}
static int user_matchinstcmd(ulist_t *user, const char * cmd)
{
instcmdlist_t *tmp;
for (tmp = user->firstcmd; tmp != NULL; tmp = tmp->next) {
if (!strcasecmp(tmp->cmd, cmd)) {
return 1; /* good */
}
if (!strcasecmp(tmp->cmd, "all")) {
return 1; /* good */
}
}
return 0; /* fail */
}
int user_checkinstcmd(const char *un, const char *pw, const char *cmd)
{
ulist_t *tmp;
if ((!un) || (!pw) || (!cmd)) {
return 0; /* failed */
}
for (tmp = users; tmp != NULL; tmp = tmp->next) {
/* let's be paranoid before we call strcmp */
if ((!tmp->username) || (!tmp->password)) {
continue;
}
if (strcmp(tmp->username, un)) {
continue;
}
if (strcmp(tmp->password, pw)) {
/* password mismatch */
return 0; /* fail */
}
if (!user_matchinstcmd(tmp, cmd)) {
return 0; /* fail */
}
/* passed all checks */
return 1; /* good */
}
/* username not found */
return 0; /* fail */
}
static int user_matchaction(ulist_t *user, const char *action)
{
actionlist_t *tmp;
for (tmp = user->firstaction; tmp != NULL; tmp = tmp->next) {
if (!strcasecmp(tmp->action, action)) {
return 1; /* good */
}
}
return 0; /* fail */
}
int user_checkaction(const char *un, const char *pw, const char *action)
{
ulist_t *tmp;
if ((!un) || (!pw) || (!action))
return 0; /* failed */
for (tmp = users; tmp != NULL; tmp = tmp->next) {
/* let's be paranoid before we call strcmp */
if ((!tmp->username) || (!tmp->password)) {
continue;
}
if (strcmp(tmp->username, un)) {
continue;
}
if (strcmp(tmp->password, pw)) {
upsdebugx(2, "user_checkaction: password mismatch");
return 0; /* fail */
}
if (!user_matchaction(tmp, action)) {
upsdebugx(2, "user_matchaction: failed");
return 0; /* fail */
}
/* passed all checks */
return 1; /* good */
}
/* username not found */
return 0; /* fail */
}
/* handle "upsmon master" and "upsmon slave" for nicer configurations */
static void set_upsmon_type(char *type)
{
/* master: login, master, fsd */
if (!strcasecmp(type, "master")) {
user_add_action("login");
user_add_action("master");
user_add_action("fsd");
return;
}
/* slave: just login */
if (!strcasecmp(type, "slave")) {
user_add_action("login");
return;
}
upslogx(LOG_WARNING, "Unknown upsmon type %s", type);
}
/* actually do something with the variable + value pairs */
static void parse_var(char *var, char *val)
{
if (!strcasecmp(var, "password")) {
user_password(val);
return;
}
if (!strcasecmp(var, "instcmds")) {
user_add_instcmd(val);
return;
}
if (!strcasecmp(var, "actions")) {
user_add_action(val);
return;
}
if (!strcasecmp(var, "allowfrom")) {
upslogx(LOG_WARNING, "allowfrom in upsd.users is no longer used");
return;
}
/* someone did 'upsmon = type' - allow it anyway */
if (!strcasecmp(var, "upsmon")) {
set_upsmon_type(val);
return;
}
upslogx(LOG_NOTICE, "Unrecognized user setting %s", var);
}
/* parse first var+val pair, then flip through remaining vals */
static void parse_rest(char *var, char *fval, char **arg, int next, int left)
{
int i;
/* no globals supported yet, so there's no sense in continuing */
if (!curr_user) {
return;
}
parse_var(var, fval);
if (left == 0) {
return;
}
for (i = 0; i < left; i++) {
parse_var(var, arg[next + i]);
}
}
static void user_parse_arg(int numargs, char **arg)
{
char *ep;
if ((numargs == 0) || (!arg)) {
return;
}
/* ignore old file format */
if (!strcasecmp(arg[0], "user")) {
return;
}
/* handle 'foo=bar' (compressed form) */
ep = strchr(arg[0], '=');
if (ep) {
*ep = '\0';
/* parse first var/val, plus subsequent values (if any) */
/* 0 1 2 ... */
/* foo=bar <rest1> <rest2> ... */
parse_rest(arg[0], ep+1, arg, 1, numargs - 1);
return;
}
/* look for section headers - [username] */
if ((arg[0][0] == '[') && (arg[0][strlen(arg[0])-1] == ']')) {
arg[0][strlen(arg[0])-1] = '\0';
user_add(&arg[0][1]);
return;
}
if (numargs < 2) {
return;
}
if (!strcasecmp(arg[0], "upsmon")) {
set_upsmon_type(arg[1]);
}
/* everything after here needs arg[1] and arg[2] */
if (numargs < 3) {
return;
}
/* handle 'foo = bar' (split form) */
if (!strcmp(arg[1], "=")) {
/* 0 1 2 3 4 ... */
/* foo = bar <rest1> <rest2> ... */
/* parse first var/val, plus subsequent values (if any) */
parse_rest(arg[0], arg[2], arg, 3, numargs - 3);
return;
}
/* ... unhandled ... */
}
/* called for fatal errors in parseconf like malloc failures */
static void upsd_user_err(const char *errmsg)
{
upslogx(LOG_ERR, "Fatal error in parseconf(upsd.users): %s", errmsg);
}
void user_load(void)
{
char fn[SMALLBUF];
PCONF_CTX_t ctx;
curr_user = NULL;
snprintf(fn, sizeof(fn), "%s/upsd.users", confpath());
check_perms(fn);
pconf_init(&ctx, upsd_user_err);
if (!pconf_file_begin(&ctx, fn)) {
pconf_finish(&ctx);
upslogx(LOG_WARNING, "%s", ctx.errmsg);
return;
}
while (pconf_file_next(&ctx)) {
if (pconf_parse_error(&ctx)) {
upslogx(LOG_ERR, "Parse error: %s:%d: %s",
fn, ctx.linenum, ctx.errmsg);
continue;
}
user_parse_arg(ctx.numargs, ctx.arglist);
}
pconf_finish(&ctx);
}