rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/interfaces/libpq/fe-auth.c

545 lines
14 KiB
C
Raw Blame History

/*-------------------------------------------------------------------------
*
* fe-auth.c--
* The front-end (client) authorization routines
*
* Copyright (c) 1994, Regents of the University of California
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.3 1996/07/27 02:27:55 scrappy Exp $
*
*-------------------------------------------------------------------------
*/
/*
* INTERFACE ROUTINES
* frontend (client) routines:
* fe_sendauth send authentication information
* fe_getauthname get user's name according to the client side
* of the authentication system
* fe_setauthsvc set frontend authentication service
* fe_getauthsvc get current frontend authentication service
*
*
*
*/
#include <stdio.h>
#include <string.h>
#include <sys/param.h> /* for MAX{HOSTNAME,PATH}LEN, NOFILE */
#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
#include "libpq/pqcomm.h"
#include "libpq-fe.h"
#include "fe-auth.h"
/*----------------------------------------------------------------
* common definitions for generic fe/be routines
*----------------------------------------------------------------
*/
struct authsvc {
char name[16]; /* service nickname (for command line) */
MsgType msgtype; /* startup packet header type */
int allowed; /* initially allowed (before command line
* option parsing)?
*/
};
/*
* Command-line parsing routines use this structure to map nicknames
* onto service types (and the startup packets to use with them).
*
* Programs receiving an authentication request use this structure to
* decide which authentication service types are currently permitted.
* By default, all authentication systems compiled into the system are
* allowed. Unauthenticated connections are disallowed unless there
* isn't any authentication system.
*/
static struct authsvc authsvcs[] = {
#ifdef KRB4
{ "krb4", STARTUP_KRB4_MSG, 1 },
{ "kerberos", STARTUP_KRB4_MSG, 1 },
#endif /* KRB4 */
#ifdef KRB5
{ "krb5", STARTUP_KRB5_MSG, 1 },
{ "kerberos", STARTUP_KRB5_MSG, 1 },
#endif /* KRB5 */
{ UNAUTHNAME, STARTUP_MSG,
#if defined(KRB4) || defined(KRB5)
0
#else /* !(KRB4 || KRB5) */
1
#endif /* !(KRB4 || KRB5) */
}
};
static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc);
#ifdef KRB4
/*----------------------------------------------------------------
* MIT Kerberos authentication system - protocol version 4
*----------------------------------------------------------------
*/
#include "krb.h"
/* for some reason, this is not defined in krb.h ... */
extern char *tkt_string(void);
/*
* pg_krb4_init -- initialization performed before any Kerberos calls are made
*
* For v4, all we need to do is make sure the library routines get the right
* ticket file if we want them to see a special one. (They will open the file
* themselves.)
*/
static void pg_krb4_init()
{
char *realm;
static init_done = 0;
if (init_done)
return;
init_done = 1;
/*
* If the user set PGREALM, then we use a ticket file with a special
* name: <usual-ticket-file-name>@<PGREALM-value>
*/
if (realm = getenv("PGREALM")) {
char tktbuf[MAXPATHLEN];
(void) sprintf(tktbuf, "%s@%s", tkt_string(), realm);
krb_set_tkt_string(tktbuf);
}
}
/*
* pg_krb4_authname -- returns a pointer to static space containing whatever
* name the user has authenticated to the system
*
* We obtain this information by digging around in the ticket file.
*/
static char *
pg_krb4_authname(char* PQerrormsg)
{
char instance[INST_SZ];
char realm[REALM_SZ];
int status;
static char name[SNAME_SZ+1] = "";
if (name[0])
return(name);
pg_krb4_init();
name[SNAME_SZ] = '\0';
status = krb_get_tf_fullname(tkt_string(), name, instance, realm);
if (status != KSUCCESS) {
(void) sprintf(PQerrormsg,
"pg_krb4_authname: krb_get_tf_fullname: %s\n",
krb_err_txt[status]);
return((char *) NULL);
}
return(name);
}
/*
* pg_krb4_sendauth -- client routine to send authentication information to
* the server
*
* This routine does not do mutual authentication, nor does it return enough
* information to do encrypted connections. But then, if we want to do
* encrypted connections, we'll have to redesign the whole RPC mechanism
* anyway.
*
* If the user is too lazy to feed us a hostname, we try to come up with
* something other than "localhost" since the hostname is used as an
* instance and instance names in v4 databases are usually actual hostnames
* (canonicalized to omit all domain suffixes).
*/
static int
pg_krb4_sendauth(char* PQerrormsg, int sock,
struct sockaddr_in *laddr,
struct sockaddr_in *raddr,
char *hostname)
{
long krbopts = 0; /* one-way authentication */
KTEXT_ST clttkt;
int status;
char hostbuf[MAXHOSTNAMELEN];
char *realm = getenv("PGREALM"); /* NULL == current realm */
if (!hostname || !(*hostname)) {
if (gethostname(hostbuf, MAXHOSTNAMELEN) < 0)
strcpy(hostbuf, "localhost");
hostname = hostbuf;
}
pg_krb4_init();
status = krb_sendauth(krbopts,
sock,
&clttkt,
PG_KRB_SRVNAM,
hostname,
realm,
(u_long) 0,
(MSG_DAT *) NULL,
(CREDENTIALS *) NULL,
(Key_schedule *) NULL,
laddr,
raddr,
PG_KRB4_VERSION);
if (status != KSUCCESS) {
(void) sprintf(PQerrormsg,
"pg_krb4_sendauth: kerberos error: %s\n",
krb_err_txt[status]);
return(STATUS_ERROR);
}
return(STATUS_OK);
}
#endif /* KRB4 */
#ifdef KRB5
/*----------------------------------------------------------------
* MIT Kerberos authentication system - protocol version 5
*----------------------------------------------------------------
*/
#include "krb5/krb5.h"
/*
* pg_an_to_ln -- return the local name corresponding to an authentication
* name
*
* XXX Assumes that the first aname component is the user name. This is NOT
* necessarily so, since an aname can actually be something out of your
* worst X.400 nightmare, like
* ORGANIZATION=U. C. Berkeley/NAME=Paul M. Aoki@CS.BERKELEY.EDU
* Note that the MIT an_to_ln code does the same thing if you don't
* provide an aname mapping database...it may be a better idea to use
* krb5_an_to_ln, except that it punts if multiple components are found,
* and we can't afford to punt.
*/
static char *
pg_an_to_ln(char *aname)
{
char *p;
if ((p = strchr(aname, '/')) || (p = strchr(aname, '@')))
*p = '\0';
return(aname);
}
/*
* pg_krb5_init -- initialization performed before any Kerberos calls are made
*
* With v5, we can no longer set the ticket (credential cache) file name;
* we now have to provide a file handle for the open (well, "resolved")
* ticket file everywhere.
*
*/
static int
krb5_ccache pg_krb5_init()
{
krb5_error_code code;
char *realm, *defname;
char tktbuf[MAXPATHLEN];
static krb5_ccache ccache = (krb5_ccache) NULL;
if (ccache)
return(ccache);
/*
* If the user set PGREALM, then we use a ticket file with a special
* name: <usual-ticket-file-name>@<PGREALM-value>
*/
if (!(defname = krb5_cc_default_name())) {
(void) sprintf(PQerrormsg,
"pg_krb5_init: krb5_cc_default_name failed\n");
return((krb5_ccache) NULL);
}
(void) strcpy(tktbuf, defname);
if (realm = getenv("PGREALM")) {
(void) strcat(tktbuf, "@");
(void) strcat(tktbuf, realm);
}
if (code = krb5_cc_resolve(tktbuf, &ccache)) {
(void) sprintf(PQerrormsg,
"pg_krb5_init: Kerberos error %d in krb5_cc_resolve\n",
code);
com_err("pg_krb5_init", code, "in krb5_cc_resolve");
return((krb5_ccache) NULL);
}
return(ccache);
}
/*
* pg_krb5_authname -- returns a pointer to static space containing whatever
* name the user has authenticated to the system
*
* We obtain this information by digging around in the ticket file.
*/
static char *
pg_krb5_authname(char* PQerrormsg)
{
krb5_ccache ccache;
krb5_principal principal;
krb5_error_code code;
static char *authname = (char *) NULL;
if (authname)
return(authname);
ccache = pg_krb5_init(); /* don't free this */
if (code = krb5_cc_get_principal(ccache, &principal)) {
(void) sprintf(PQerrormsg,
"pg_krb5_authname: Kerberos error %d in krb5_cc_get_principal\n",
code);
com_err("pg_krb5_authname", code, "in krb5_cc_get_principal");
return((char *) NULL);
}
if (code = krb5_unparse_name(principal, &authname)) {
(void) sprintf(PQerrormsg,
"pg_krb5_authname: Kerberos error %d in krb5_unparse_name\n",
code);
com_err("pg_krb5_authname", code, "in krb5_unparse_name");
krb5_free_principal(principal);
return((char *) NULL);
}
krb5_free_principal(principal);
return(pg_an_to_ln(authname));
}
/*
* pg_krb5_sendauth -- client routine to send authentication information to
* the server
*
* This routine does not do mutual authentication, nor does it return enough
* information to do encrypted connections. But then, if we want to do
* encrypted connections, we'll have to redesign the whole RPC mechanism
* anyway.
*
* Server hostnames are canonicalized v4-style, i.e., all domain suffixes
* are simply chopped off. Hence, we are assuming that you've entered your
* server instances as
* <value-of-PG_KRB_SRVNAM>/<canonicalized-hostname>
* in the PGREALM (or local) database. This is probably a bad assumption.
*/
static int
pg_krb5_sendauth(char* PQerrormsg,int sock,
struct sockaddr_in *laddr,
struct sockaddr_in *raddr,
char *hostname)
{
char servbuf[MAXHOSTNAMELEN + 1 +
sizeof(PG_KRB_SRVNAM)];
char *hostp;
char *realm;
krb5_error_code code;
krb5_principal client, server;
krb5_ccache ccache;
krb5_error *error = (krb5_error *) NULL;
ccache = pg_krb5_init(); /* don't free this */
/*
* set up client -- this is easy, we can get it out of the ticket
* file.
*/
if (code = krb5_cc_get_principal(ccache, &client)) {
(void) sprintf(PQerrormsg,
"pg_krb5_sendauth: Kerberos error %d in krb5_cc_get_principal\n",
code);
com_err("pg_krb5_sendauth", code, "in krb5_cc_get_principal");
return(STATUS_ERROR);
}
/*
* set up server -- canonicalize as described above
*/
(void) strcpy(servbuf, PG_KRB_SRVNAM);
*(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/';
if (hostname || *hostname) {
(void) strncpy(++hostp, hostname, MAXHOSTNAMELEN);
} else {
if (gethostname(++hostp, MAXHOSTNAMELEN) < 0)
(void) strcpy(hostp, "localhost");
}
if (hostp = strchr(hostp, '.'))
*hostp = '\0';
if (realm = getenv("PGREALM")) {
(void) strcat(servbuf, "@");
(void) strcat(servbuf, realm);
}
if (code = krb5_parse_name(servbuf, &server)) {
(void) sprintf(PQerrormsg,
"pg_krb5_sendauth: Kerberos error %d in krb5_parse_name\n",
code);
com_err("pg_krb5_sendauth", code, "in krb5_parse_name");
krb5_free_principal(client);
return(STATUS_ERROR);
}
/*
* The only thing we want back from krb5_sendauth is an error status
* and any error messages.
*/
if (code = krb5_sendauth((krb5_pointer) &sock,
PG_KRB5_VERSION,
client,
server,
(krb5_flags) 0,
(krb5_checksum *) NULL,
(krb5_creds *) NULL,
ccache,
(krb5_int32 *) NULL,
(krb5_keyblock **) NULL,
&error,
(krb5_ap_rep_enc_part **) NULL)) {
if ((code == KRB5_SENDAUTH_REJECTED) && error) {
(void) sprintf(PQerrormsg,
"pg_krb5_sendauth: authentication rejected: \"%*s\"\n",
error->text.length, error->text.data);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
} else {
(void) sprintf(PQerrormsg,
"pg_krb5_sendauth: Kerberos error %d in krb5_sendauth\n",
code);
com_err("pg_krb5_sendauth", code, "in krb5_sendauth");
}
}
krb5_free_principal(client);
krb5_free_principal(server);
return(code ? STATUS_ERROR : STATUS_OK);
}
#endif /* KRB5 */
/*
* fe_sendauth -- client demux routine for outgoing authentication information
*/
int
fe_sendauth(MsgType msgtype, Port *port, char *hostname, char* PQerrormsg)
{
switch (msgtype) {
#ifdef KRB4
case STARTUP_KRB4_MSG:
if (pg_krb4_sendauth(PQerrormsg, port->sock, &port->laddr,
&port->raddr,
hostname) != STATUS_OK) {
(void) sprintf(PQerrormsg,
"fe_sendauth: krb4 authentication failed\n");
/* fputs(PQerrormsg, stderr); */
return(STATUS_ERROR);
}
break;
#endif
#ifdef KRB5
case STARTUP_KRB5_MSG:
if (pg_krb5_sendauth(PQerrormsg,port->sock, &port->laddr,
&port->raddr,
hostname) != STATUS_OK) {
(void) sprintf(PQerrormsg,
"fe_sendauth: krb5 authentication failed\n");
return(STATUS_ERROR);
}
break;
#endif
case STARTUP_MSG:
break;
default:
break;
}
return(STATUS_OK);
}
/*
* fe_setauthsvc
* fe_getauthsvc
*
* Set/return the authentication service currently selected for use by the
* frontend. (You can only use one in the frontend, obviously.)
*/
static pg_authsvc = -1;
void
fe_setauthsvc(char *name, char* PQerrormsg)
{
int i;
for (i = 0; i < n_authsvcs; ++i)
if (!strcmp(name, authsvcs[i].name)) {
pg_authsvc = i;
break;
}
if (i == n_authsvcs) {
(void) sprintf(PQerrormsg,
"fe_setauthsvc: invalid name: %s, ignoring...\n",
name);
}
return;
}
MsgType
fe_getauthsvc(char* PQerrormsg)
{
if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs)
fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC,PQerrormsg);
return(authsvcs[pg_authsvc].msgtype);
}
/*
* fe_getauthname -- returns a pointer to dynamic space containing whatever
* name the user has authenticated to the system
* if there is an error, return the error message in PQerrormsg
*/
char*
fe_getauthname(char* PQerrormsg)
{
char *name = (char *) NULL;
char *authn = (char *) NULL;
MsgType authsvc;
authsvc = fe_getauthsvc(PQerrormsg);
switch ((int) authsvc) {
#ifdef KRB4
case STARTUP_KRB4_MSG:
name = pg_krb4_authname(PQerrormsg);
break;
#endif
#ifdef KRB5
case STARTUP_KRB5_MSG:
name = pg_krb5_authname(PQerrormsg);
break;
#endif
case STARTUP_MSG:
{
struct passwd *pw = getpwuid(geteuid());
if (pw) name = pw->pw_name;
}
break;
default:
(void) sprintf(PQerrormsg,
"fe_getauthname: invalid authentication system: %d\n",
authsvc);
break;
}
if(name && (authn = (char *) malloc(strlen(name) + 1)))
(void) strcpy(authn, name);
return(authn);
}
Reference in New Issue View Git Blame Copy Permalink