Back to index

im-sdk  12.3.91
Classes | Public Types | Public Member Functions | Protected Member Functions | Private Types | Private Member Functions | Private Attributes
IMUserMgr Class Reference

#include <IMUserMgr.hh>

Inheritance diagram for IMUserMgr:
Inheritance graph
[legend]
Collaboration diagram for IMUserMgr:
Collaboration graph
[legend]

List of all members.

Classes

struct  userentry

Public Types

enum  pattern_type { HOSTNAME, ADDR, ADDR6 }
enum  access_type {
  PERMIT, DENY, CHECKUSER, PASSWORD,
  NO_ENTRY, UNKNOWN
}
enum  auth_type { UNDEFINED, TCP, UNIX }

Public Member Functions

void set_systemuser_permission (IMAuth::access_type at)
int add_user (const char *user, const char *password, access_type at)
IMUsercreate_imuser (int fd, const char *user, const char *password)
 IMUserMgr ()
virtual ~IMUserMgr ()
int set_entry (const char *pattern, access_type at)
int set_default_entry (access_type at)
void set_command_name (const char *cmdname)
int clear_all_entries ()
int fd_ok (int fd)
int auth_fd (int fd, const char *user=NULL, const char *password=NULL)

Protected Member Functions

virtual int check_password (int fd, const char *user, const char *password)
virtual int set_fd_from (int fd)
char * get_command_name ()
char * get_from_hostname ()
int get_auth_type ()

Private Types

typedef map< u16string, IMUser * > IMUserMap

Private Member Functions

int adjust_pue_slot_size (int newsize)
int check_password_with_crypt (const char *pwd, const char *enc_pwd)
IMAuth::access_type get_internal_userentry (const char *user, const char *password)

Private Attributes

int alloced_ue_num
int ue_num
userentrypue
access_type sysuser_at
IMUserMap usermap

Detailed Description

Definition at line 50 of file IMUserMgr.hh.


Class Documentation

struct IMUserMgr::userentry

Definition at line 52 of file IMUserMgr.hh.

Class Members
access_type at
char * password
char * username

Member Typedef Documentation

typedef map<u16string, IMUser*> IMUserMgr::IMUserMap [private]

Definition at line 72 of file IMUserMgr.hh.


Member Enumeration Documentation

enum IMAuth::access_type [inherited]
Enumerator:
PERMIT 
DENY 
CHECKUSER 
PASSWORD 
NO_ENTRY 
UNKNOWN 

Definition at line 112 of file IMAuth.hh.

enum IMAuth::auth_type [inherited]
Enumerator:
UNDEFINED 
TCP 
UNIX 

Definition at line 120 of file IMAuth.hh.

                   {
           UNDEFINED,
           TCP,
           UNIX
    };
enum IMAuth::pattern_type [inherited]
Enumerator:
HOSTNAME 
ADDR 
ADDR6 

Definition at line 107 of file IMAuth.hh.


Constructor & Destructor Documentation

Definition at line 261 of file IMUserMgr.cpp.

IMUserMgr::~IMUserMgr ( ) [virtual]

Definition at line 270 of file IMUserMgr.cpp.

{
  int i;
  for (i = 0;i < ue_num;i++)
    {
      if (pue[i].username) free(pue[i].username);
      if (pue[i].password) free(pue[i].password);
    }
  if (pue) free(pue);

  delete_all(usermap);
}

Here is the call graph for this function:


Member Function Documentation

int IMUserMgr::add_user ( const char *  user,
const char *  password,
access_type  at 
)

Definition at line 200 of file IMUserMgr.cpp.

{
  char *u1, *p1;

  if (alloced_ue_num <= ue_num)
    {
      if (!adjust_pue_slot_size((alloced_ue_num + 1) * 2))
       return 0;
    }

  u1= strdup(user);
  if (!u1) return 0;
  if (password)
    {
      p1 = strdup(password);
      if (!p1)
       {
         free(u1);
         return 0;
       }
    }
  else
    p1 = NULL;
  pue[ue_num].username = u1;
  pue[ue_num].password = p1;
  pue[ue_num].at = at;
  ue_num++;

  return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int IMUserMgr::adjust_pue_slot_size ( int  newsize) [private]

Definition at line 67 of file IMUserMgr.cpp.

{
  alloced_ue_num = num;
  pue = (userentry*) realloc(pue, sizeof(userentry) * alloced_ue_num);
  if (!pue) return 0;
  return 1;
}

Here is the caller graph for this function:

int IMAuth::auth_fd ( int  fd,
const char *  user = NULL,
const char *  password = NULL 
) [inherited]

Definition at line 767 of file IMAuth.cpp.

{
    int flag;

    access_type at = get_access_type(fd);

    switch (at) {
      case PERMIT:
       if (auth_type == IMAuth::UNIX) {
          flag = check_password(fd, user, password);
          /* TODO */
          if (flag == -1) { 
              /* this system doesn't support unix domain credential. */
              flag = 1;
          }
       } else {
           flag = 1;
       }
       break;
      case DENY:
       flag = 0;
       break;
      case CHECKUSER:
       flag = check_password(fd, user, password);
       break;
      case PASSWORD:
       if (!password || !user) {
          flag = 0;
       } else {
          flag = check_password(fd, user, password);
       }
       break;
      default:
       flag = 0;
       break;
    }

    if (flag) {
       if (at != IMAuth::UNKNOWN) {
           LOG_INFO("The access from %s@%s was granted.", user, from_hostname);
       } else {
           LOG_INFO("The access from %s(unknown source) was granted", user);
       }
    } else {
       if (at != IMAuth::UNKNOWN) {
           LOG_WARNING("Denied the access from %s@%s.", user, from_hostname);
       } else {
           LOG_WARNING("Denied the access from %s(unknown source)", user);
       }
    }

    return flag;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int IMUserMgr::check_password ( int  fd,
const char *  user,
const char *  password 
) [protected, virtual]

Reimplemented from IMAuth.

Definition at line 125 of file IMUserMgr.cpp.

{
  IMAuth::access_type at;

  at = get_internal_userentry(user, password);

#ifdef HAVE_UNIX_SOCKET
  // when a user connects with unix domain,
  // try to authenicate with unix credential.
  int auth_type = get_auth_type();
  if (auth_type == IMAuth::UNIX) {
    // in the case of user doesn't specify a configuration file
    // we use at instead of sysuser_at.
    if (at != IMAuth::DENY) {
      int ret = authenticate_with_unix(fd, user, NULL,
                                  get_command_name(),
                                  get_from_hostname());
      if (ret >= 0) {
       return ret;
      }
      // if this system doesn't support it,
      // fall through to the normal operation.
    } else {
        return 0;
    }
  }
#endif
  if (at == IMAuth::PERMIT) return 1;
  else if (at == IMAuth::DENY) return 0;
#ifdef HAVE_PAM
  if (sysuser_at == IMAuth::PERMIT)
    return authenticate_with_pam(user, NULL,
                             get_command_name(),
                             get_from_hostname());
  else if (password && (sysuser_at == IMAuth::PASSWORD))
    return authenticate_with_pam(user, password,
                             get_command_name(),
                             get_from_hostname());
  else
    return 0;
#else
#ifdef HAVE_PWENT
  {
    struct passwd *pwd;
#ifdef HAVE_PWNAM_R
#ifndef NSS_BUFLEN_PASSWD
#define NSS_BUFLEN_PASSWD 1024
#endif
    struct passwd pwd_buf;
    char buf[NSS_BUFLEN_PASSWD];

    if ((getpwnam_r(user, &pwd_buf, buf, sizeof(buf), &pwd)) != 0) return 0;
#else
    if (!(pwd = getpwnam(user))) return 0;
#endif
    if (sysuser_at == IMAuth::PERMIT) return 1;
    if (sysuser_at == IMAuth::PASSWORD)
      {
       if (password
           &&(check_password_with_crypt(password, pwd->pw_passwd)))
         return 1;
       return 0;
      }
  }
#endif
#endif
  return 0;
}

Here is the call graph for this function:

int IMUserMgr::check_password_with_crypt ( const char *  pwd,
const char *  enc_pwd 
) [private]

Definition at line 77 of file IMUserMgr.cpp.

{
  char *p;
#ifdef HAVE_CRYPT
  if (!(p = crypt(pwd, enc_pwd)))
    return 0;
  if (!strcmp(p, enc_pwd))
    return 1;
  return 0;
#else
  return 0;
#endif
}

Here is the caller graph for this function:

int IMAuth::clear_all_entries ( ) [inherited]

Definition at line 385 of file IMAuth.cpp.

{
    int i;
    for (i = 0; i < ae_num; i++) {
       if (pae[i].host_pattern) free(pae[i].host_pattern);
       if (pae[i].addr_pattern) free(pae[i].addr_pattern);
    }
    ae_num = 0;
    if (!adjust_pae_slot_size(init_auth_entry_slot_num))
       return 0;

    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

IMUser * IMUserMgr::create_imuser ( int  fd,
const char *  user,
const char *  password 
)

Definition at line 237 of file IMUserMgr.cpp.

{
    IMUser *puser;
    IMUserMap::iterator it;

    if (!auth_fd(fd, user, password)) return NULL;
    u16string ustr = user;
    
    it = usermap.find(ustr);
    if (it != usermap.end()) return it->second;
    puser = new IMUser(u16string(user));

    pair<IMUserMap::iterator, bool> r =  usermap.insert(IMUserMap::value_type(ustr, puser));
    if (!r.second) return NULL;

    return puser;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int IMAuth::fd_ok ( int  fd) [inherited]

Definition at line 735 of file IMAuth.cpp.

{
    access_type at;

    at = get_access_type(fd);
    if (at != IMAuth::DENY) {
       if (auth_type == IMAuth::UNIX) {
           LOG_INFO("Allow the connection by PF_UNIX.");
           return 1;
       }

       if (permit_access(command_name, fd)) {
           if (at != IMAuth::UNKNOWN) {
              LOG_INFO("Allow the connection from %s.", from_hostname);
           } else {
              LOG_WARNING("Allow the connection from unknown source.");
           }
           return 1;
       }
    }
    if (at != IMAuth::UNKNOWN) {
       LOG_WARNING("Denied the access from %s.", from_hostname);
    } else {
       LOG_WARNING("Denied the access from unknown source.");
    }
    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int IMAuth::get_auth_type ( ) [inline, protected, inherited]

Definition at line 199 of file IMAuth.hh.

    { return auth_type; }

Here is the caller graph for this function:

char* IMAuth::get_command_name ( ) [inline, protected, inherited]

Definition at line 195 of file IMAuth.hh.

    { return command_name; }

Here is the caller graph for this function:

char* IMAuth::get_from_hostname ( ) [inline, protected, inherited]

Definition at line 197 of file IMAuth.hh.

    { return from_hostname; }

Here is the caller graph for this function:

IMAuth::access_type IMUserMgr::get_internal_userentry ( const char *  user,
const char *  password 
) [private]

Definition at line 97 of file IMUserMgr.cpp.

{
  int i;
  userentry *pe;

  pe = pue;
  for (i = 0;i < ue_num;i++, pe++)
    {
      if (strcmp(pe->username, user) != 0) continue;
      if (pe->at == IMAuth::PASSWORD)
       {
         if (password
             && pe->password
             && (check_password_with_crypt(password, pe->password)))
           return IMAuth::PERMIT;
         return IMAuth::DENY;
       }
      else
       return pe->at;
    }
  return IMAuth::UNKNOWN;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void IMAuth::set_command_name ( const char *  cmdname) [inherited]

Definition at line 376 of file IMAuth.cpp.

{
    if (command_name) free(command_name);
    command_name = strdup(cmdname);
}

Here is the caller graph for this function:

int IMAuth::set_default_entry ( access_type  at) [inherited]

Definition at line 368 of file IMAuth.cpp.

{
    def_at = at;
    return 1;
}

Here is the caller graph for this function:

int IMAuth::set_entry ( const char *  pattern,
access_type  at 
) [inherited]

Definition at line 325 of file IMAuth.cpp.

{
    auth_entry *pc;

    if (ae_num >= alloced_ae_num) {
       if (!adjust_pae_slot_size(alloced_ae_num * 2))
           return 0;
    }
    
    pc = &pae[ae_num];
    pc->at = at;
    pc->pt = check_pattern_type(pattern);

    switch(pc->pt) {
      case HOSTNAME:
       pc->addr_pattern = NULL;
       pc->host_pattern = normalize_hostname_pattern(pattern);
       if (!pc->host_pattern) return 0;
       pc->bitlen = 0;
       break;
      case ADDR:
       pc->addr_pattern = (int*) malloc(sizeof(int) * addr_elements_maxnum);
       pc->host_pattern = NULL;
       pc->bitlen = store_addr_pattern(pattern, pc->addr_pattern);
       break;
      case ADDR6:
       pc->addr_pattern = (int*) malloc(sizeof(int) * addr6_elements_maxnum);
       pc->host_pattern = NULL;
       pc->bitlen = store_addr6_pattern(pattern, pc->addr_pattern);
       break;
    }
    if (pc->bitlen < 0) return 0;

    ae_num++;

    return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int IMAuth::set_fd_from ( int  fd) [protected, virtual, inherited]

Definition at line 599 of file IMAuth.cpp.

{
    struct sockaddr_storage ss;
    struct sockaddr *pname = (struct sockaddr*) &ss;
    socklen_t size;

    size = sizeof(ss);

    auth_type = IMAuth::UNDEFINED;

    if (getpeername(fd, pname, &size) < 0) return 0;

    if (pname->sa_family == AF_INET) {
       int i;
       char *addr;
       char *hname;
       struct sockaddr_in *pad;
       struct hostent *phe_rev, *phe;

       auth_type = IMAuth::TCP;
       pad = ((struct sockaddr_in*) pname);
       addr = inet_ntoa(pad->sin_addr);
       if (!addr) return 0;
       if (from_address) free(from_address);
       from_address = (int*) malloc(sizeof(int) * addr_elements_maxnum);
       memset(from_address, 0, sizeof(int) * addr_elements_maxnum);
       from_address_bitlen = store_addr_pattern(addr, from_address);
       if (from_address_bitlen < 0) return 0;

       size = sizeof(struct in_addr);
       phe_rev = gethostbyaddr((char*)(&pad->sin_addr), size, AF_INET);
       if (!phe_rev) return 1;

       hname = (char*) alloca(strlen(phe_rev->h_name) + 1);
       if (!hname) return 0;
       strcpy(hname, phe_rev->h_name);

       phe = gethostbyname(hname);
       if (!phe) return 1;

       if (!compare_hostname(hname, phe->h_name)) return 0;
       for (i = 0;phe->h_addr_list[i];i++)
           if (memcmp(phe->h_addr_list[i], &(pad->sin_addr), size) == 0) {
              if (from_hostname) free(from_hostname);
              from_hostname = strdup(hname);
              if (!from_hostname) return 0;
              return 1;
           }
    }
#ifdef AF_INET6
    else if (pname->sa_family == AF_INET6) {
       int i;
       char nihost[NI_MAXHOST], nihost2[NI_MAXHOST];
       char niserv[NI_MAXSERV];
       int from_address2[addr6_elements_maxnum];
       int from_address2_bitlen;

       auth_type = IMAuth::TCP;

       if (getnameinfo(pname, size,
                     nihost, sizeof(nihost),
                     niserv, sizeof(niserv),
                     NI_NUMERICHOST) != 0)
           return 0;
       if (from_address) free(from_address);
       from_address = (int*) malloc(sizeof(int) * addr6_elements_maxnum);
       memset(from_address, 0, sizeof(int) * addr6_elements_maxnum);
       from_address_bitlen = store_addr6_pattern(nihost, from_address);
       if (from_address_bitlen < 0) return 0;

       if (getnameinfo(pname, size,
                     nihost, sizeof(nihost),
                     NULL, 0, 0) != 0)
           return 0;

       struct addrinfo hints, *pst, *pst2;
       memset(&hints, 0, sizeof(hints));
       hints.ai_family = PF_UNSPEC;
       hints.ai_socktype = SOCK_STREAM;
       if (getaddrinfo(nihost, niserv, &hints, &pst) != 0)
           return 0;
       pst2 = pst;

       for (i = 0; pst; pst = pst->ai_next) {
           if (getnameinfo(pst->ai_addr, pst->ai_addrlen, nihost2,
                         sizeof(nihost2), NULL, 0, NI_NUMERICHOST) != 0)
              continue;
           from_address2_bitlen = store_addr6_pattern(nihost2, from_address2);
           if (from_address2_bitlen < 0) continue;
           if ((from_address2_bitlen == from_address_bitlen)
              && match_addr46_entry(from_address, from_address_bitlen,
                                  from_address2, from_address2_bitlen)) {
              if (from_hostname) free(from_hostname);
              freeaddrinfo(pst2);
              from_hostname = strdup(nihost);
              if (!from_hostname) return 0;
              return 1;
           }
           free(from_address2);
       }
       freeaddrinfo(pst2);
    }
#endif
#if defined(HAVE_UNIX_SOCKET)
    else if (pname->sa_family == AF_UNIX) {
        auth_type = IMAuth::UNIX;
       if (from_hostname) free(from_hostname);
       from_hostname = strdup("localhost");
       return 1;
    }
#endif
    else {
       return 0;
    }

    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 83 of file IMUserMgr.hh.

      { sysuser_at = at; }

Here is the caller graph for this function:


Member Data Documentation

Definition at line 57 of file IMUserMgr.hh.

Definition at line 59 of file IMUserMgr.hh.

Definition at line 60 of file IMUserMgr.hh.

int IMUserMgr::ue_num [private]

Definition at line 58 of file IMUserMgr.hh.

Definition at line 73 of file IMUserMgr.hh.


The documentation for this class was generated from the following files: