X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/45c49b52a488882bbbd5366420389abbbeede7c9..fdd10da6f7995296f6bb5ee3dd7231d6dbc20b5e:/authenticate.c diff --git a/authenticate.c b/authenticate.c index 55ed2693..5370cb78 100644 --- a/authenticate.c +++ b/authenticate.c @@ -1,41 +1,39 @@ -/* -*- c-file-style: "linux"; -*- - - Copyright (C) 1998-2000 by Andrew Tridgell - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ +/* + * Support rsync daemon authentication. + * + * Copyright (C) 1998-2000 Andrew Tridgell + * Copyright (C) 2002, 2004, 2005, 2006 Wayne Davison + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ -/* support rsync authentication */ #include "rsync.h" extern char *password_file; -extern int am_root; /*************************************************************************** encode a buffer using base64 - simple and slow algorithm. null terminates the result. ***************************************************************************/ -void base64_encode(char *buf, int len, char *out) +void base64_encode(char *buf, int len, char *out, int pad) { char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; int bit_offset, byte_offset, idx, i; unsigned char *d = (unsigned char *)buf; int bytes = (len*8 + 5)/6; - memset(out, 0, bytes+1); - for (i = 0; i < bytes; i++) { byte_offset = (i*6)/8; bit_offset = (i*6)%8; @@ -49,6 +47,11 @@ void base64_encode(char *buf, int len, char *out) } out[i] = b64[idx]; } + + while (pad && (i % 4)) + out[i++] = '='; + + out[i] = '\0'; } /* Generate a challenge buffer and return it base64-encoded. */ @@ -70,7 +73,7 @@ static void gen_challenge(char *addr, char *challenge) sum_update(input, sizeof input); sum_end(md4_out); - base64_encode(md4_out, MD4_SUM_LENGTH, challenge); + base64_encode(md4_out, MD4_SUM_LENGTH, challenge, 0); } @@ -96,7 +99,7 @@ static int get_secret(int module, char *user, char *secret, int len) if ((st.st_mode & 06) != 0) { rprintf(FLOG, "secrets file must not be other-accessible (see strict modes option)\n"); ok = 0; - } else if (am_root && (st.st_uid != 0)) { + } else if (MY_UID() == 0 && st.st_uid != 0) { rprintf(FLOG, "secrets file must be owned by root when running as root (see strict modes)\n"); ok = 0; } @@ -172,7 +175,7 @@ static char *getpassf(char *filename) } else if ((st.st_mode & 06) != 0) { rprintf(FERROR,"password file must not be other-accessible\n"); ok = 0; - } else if (am_root && st.st_uid != 0) { + } else if (MY_UID() == 0 && st.st_uid != 0) { rprintf(FERROR,"password file must be owned by root when running as root\n"); ok = 0; } @@ -209,7 +212,7 @@ static void generate_hash(char *in, char *challenge, char *out) sum_update(challenge, strlen(challenge)); sum_end(buf); - base64_encode(buf, MD4_SUM_LENGTH, out); + base64_encode(buf, MD4_SUM_LENGTH, out, 0); } /* Possibly negotiate authentication with the client. Use "leader" to