1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/*++
/* NAME
/* user_acl 3
/* SUMMARY
/* user name based access control
/* SYNOPSIS
/* #include <user_acl.h>
/*
/* const char *check_user_acl_byuid(pname, acl, uid)
/* const char *pname;
/* const char *acl;
/* uid_t uid;
/* DESCRIPTION
/* check_user_acl_byuid() converts the given uid into a user
/* name, and checks the result against a user name matchlist.
/* If the uid cannot be resolved to a user name, "unknown"
/* is used as the lookup key instead.
/* The result is NULL on success, the username upon failure.
/* The error result lives in static storage and must be saved
/* if it is to be used to across multiple check_user_acl_byuid()
/* calls.
/*
/* Arguments:
/* .IP pname
/* The parameter name of the acl.
/* .IP acl
/* Authorized user name list suitable for input to string_list_init(3).
/* .IP uid
/* The uid to be checked against the access list.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Victor Duchovni
/* Morgan Stanley
/*--*/
/* System library. */
#include <sys_defs.h>
#include <string.h>
/* Utility library. */
#include <vstring.h>
#include <dict_static.h>
/* Global library. */
#include <string_list.h>
#include <mypwd.h>
/* Application-specific. */
#include "user_acl.h"
/* check_user_acl_byuid - check user authorization */
const char *check_user_acl_byuid(const char *pname, const char *acl, uid_t uid)
{
struct mypasswd *mypwd;
STRING_LIST *list;
static VSTRING *who = 0;
int matched;
const char *name;
/*
* Optimize for the most common case. This also makes Postfix a little
* more robust in the face of local infrastructure failures. Note that we
* only need to match the "static:" substring, not the result value.
*/
if (strncmp(acl, DICT_TYPE_STATIC ":", sizeof(DICT_TYPE_STATIC)) == 0)
return (0);
/*
* XXX: Substitute "unknown" for UIDs without username, so that
* static:anyone results in "permit" even when the uid is not found in
* the password file, and so that a pattern of !unknown can be used to
* block non-existent accounts.
*
* The alternative is to use the UID as a surrogate lookup key for
* non-existent accounts. There are several reasons why this is not a
* good idea. 1) An ACL with a numerical UID should work regardless of
* whether or not an account has a password file entry. Therefore we
* would always have search on the numerical UID whenever the username
* fails to produce a match. 2) The string-list infrastructure is not
* really suitable for mixing numerical and non-numerical user
* information, because the numerical match is done in a separate pass
* from the non-numerical match. This breaks when the ! operator is used.
*
* XXX To avoid waiting until the lookup completes (e.g., LDAP or NIS down)
* invoke mypwuid_err(), and either change the user_acl() API to
* propagate the error to the caller, or treat lookup errors as fatal.
*/
if ((mypwd = mypwuid(uid)) == 0) {
name = "unknown";
} else {
name = mypwd->pw_name;
}
list = string_list_init(pname, MATCH_FLAG_NONE, acl);
if ((matched = string_list_match(list, name)) == 0) {
if (!who)
who = vstring_alloc(10);
vstring_strcpy(who, name);
}
string_list_free(list);
if (mypwd)
mypwfree(mypwd);
return (matched ? 0 : vstring_str(who));
}
|