2 * This file is part of DisOrder
3 * Copyright (C) 2005, 2007, 2008 Richard Kettlewell
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 /** @file clients/authorize.c
19 * @brief Create a new login
32 #include "authorize.h"
34 #include "configuration.h"
38 /** @brief Create a DisOrder login for the calling user, called @p user
39 * @param client DisOrder client
40 * @param user Username to create (UTF-8)
41 * @param rights Initial rights or NULL for default
42 * @return 0 on success, non-0 on error
44 int authorize(disorder_client
*client
, const char *user
, const char *rights
) {
45 /* base64 is 3-into-4 so we make the password a multiple of 3 bytes long */
47 const struct passwd
*pw
;
51 char *configdir
, *configpath
, *configpathtmp
;
53 uid_t old_uid
= getuid();
54 gid_t old_gid
= getgid();
56 if(!(pw
= getpwnam(user
)))
57 /* If it's a NIS world then /etc/passwd may be a lie, but it emphasizes
58 * that it's talking about the login user, not the DisOrder user */
59 fatal(0, "no such user as %s in /etc/passwd", user
);
61 /* Choose a random password */
62 gcry_randomize(pwbin
, sizeof pwbin
, GCRY_STRONG_RANDOM
);
63 pwhex
= mime_to_base64(pwbin
, sizeof pwbin
);
65 /* Create the user on the server */
66 if(disorder_adduser(client
, user
, pwhex
, rights
))
69 /* Become the target user */
70 if(setegid(pw
->pw_gid
) < 0)
71 fatal(errno
, "setegid %lu", (unsigned long)pw
->pw_gid
);
72 if(seteuid(pw
->pw_uid
) < 0)
73 fatal(errno
, "seteuid %lu", (unsigned long)pw
->pw_uid
);
75 /* Make sure the configuration directory exists*/
76 byte_xasprintf(&configdir
, "%s/.disorder", pw
->pw_dir
);
77 if(mkdir(configdir
, 02700) < 0) {
79 fatal(errno
, "creating %s", configdir
);
82 /* Make sure the configuration file does not exist */
83 byte_xasprintf(&configpath
, "%s/passwd", configdir
);
84 if(lstat(configpath
, &sb
) == 0)
85 fatal(0, "%s already exists", configpath
);
87 fatal(errno
, " checking %s", configpath
);
89 byte_xasprintf(&configpathtmp
, "%s.new", configpath
);
91 /* Create config file with mode 600 */
92 if((fd
= open(configpathtmp
, O_WRONLY
|O_CREAT
, 0600)) < 0)
93 fatal(errno
, "error creating %s", configpathtmp
);
96 if(!(fp
= fdopen(fd
, "w")))
97 fatal(errno
, "error calling fdopen");
98 if(fprintf(fp
, "password %s\n", pwhex
) < 0
100 fatal(errno
, "error writing to %s", configpathtmp
);
102 /* Rename config file into place */
103 if(rename(configpathtmp
, configpath
) < 0)
104 fatal(errno
, "error renaming %s to %s", configpathtmp
, configpath
);
106 /* Put our identity back */
107 if(seteuid(old_uid
) < 0)
108 fatal(errno
, "seteuid %lu", (unsigned long)old_uid
);
109 if(setegid(old_gid
) < 0)
110 fatal(errno
, "setegid %lu", (unsigned long)old_gid
);