From d0d56395c8a150f72b6189e027fe9af918e23551 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 16 May 1998 07:45:26 +0000 Subject: [PATCH] for authenticated access record the authenticated username in the logs --- authenticate.c | 30 ++++++++++++++++++++---------- clientserver.c | 29 +++++++++++++++++++---------- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/authenticate.c b/authenticate.c index 6a389dbb..0ff318b9 100644 --- a/authenticate.c +++ b/authenticate.c @@ -125,21 +125,28 @@ void generate_hash(char *in, char *challenge, char *out) } /* possible negotiate authentication with the client. Use "leader" to - start off the auth if necessary */ -int auth_server(int fd, int module, char *addr, char *leader) + start off the auth if necessary + + return NULL if authentication failed + + return "" if anonymous access + + otherwise return username +*/ +char *auth_server(int fd, int module, char *addr, char *leader) { char *users = lp_auth_users(module); char challenge[16]; char b64_challenge[30]; char line[MAXPATHLEN]; - char user[100]; + static char user[100]; char secret[100]; char pass[30]; char pass2[30]; char *tok; /* if no auth list then allow anyone in! */ - if (!users || !*users) return 1; + if (!users || !*users) return ""; gen_challenge(addr, challenge); @@ -148,18 +155,18 @@ int auth_server(int fd, int module, char *addr, char *leader) io_printf(fd,"%s%s\n", leader, b64_challenge); if (!read_line(fd, line, sizeof(line)-1)) { - return 0; + return NULL; } memset(user, 0, sizeof(user)); memset(pass, 0, sizeof(pass)); if (sscanf(line,"%99s %29s", user, pass) != 2) { - return 0; + return NULL; } users = strdup(users); - if (!users) return 0; + if (!users) return NULL; for (tok=strtok(users," ,\t"); tok; tok = strtok(NULL," ,\t")) { if (strcmp(tok, user) == 0) break; @@ -167,19 +174,22 @@ int auth_server(int fd, int module, char *addr, char *leader) free(users); if (!tok) { - return 0; + return NULL; } memset(secret, 0, sizeof(secret)); if (!get_secret(module, user, secret, sizeof(secret)-1)) { memset(secret, 0, sizeof(secret)); - return 0; + return NULL; } generate_hash(secret, b64_challenge, pass2); memset(secret, 0, sizeof(secret)); - return (strcmp(pass, pass2) == 0); + if (strcmp(pass, pass2) == 0) + return user; + + return NULL; } diff --git a/clientserver.c b/clientserver.c index 765cba7e..44395357 100644 --- a/clientserver.c +++ b/clientserver.c @@ -109,6 +109,7 @@ static int rsync_module(int fd, int i) char *addr = client_addr(fd); char *host = client_name(fd); char *name = lp_name(i); + char *user; int start_glob=0; char *request=NULL; extern int am_sender; @@ -121,13 +122,6 @@ static int rsync_module(int fd, int i) return -1; } - if (!auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ")) { - rprintf(FERROR,"auth failed on module %s from %s (%s)\n", - name, client_name(fd), client_addr(fd)); - io_printf(fd,"@ERROR: auth failed on module %s\n",name); - return -1; - } - if (!claim_connection(lp_lock_file(), lp_max_connections())) { rprintf(FERROR,"max connections (%d) reached\n", lp_max_connections()); @@ -136,6 +130,15 @@ static int rsync_module(int fd, int i) } + user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD "); + + if (!user) { + rprintf(FERROR,"auth failed on module %s from %s (%s)\n", + name, client_name(fd), client_addr(fd)); + io_printf(fd,"@ERROR: auth failed on module %s\n",name); + return -1; + } + module_id = i; if (lp_read_only(i)) @@ -233,9 +236,15 @@ static int rsync_module(int fd, int i) parse_arguments(argc, argv); if (request) { - rprintf(FINFO,"rsync %s %s from %s (%s)\n", - am_sender?"on":"to", - request, host, addr); + if (*user) { + rprintf(FINFO,"rsync %s %s from %s@%s (%s)\n", + am_sender?"on":"to", + request, user, host, addr); + } else { + rprintf(FINFO,"rsync %s %s from %s (%s)\n", + am_sender?"on":"to", + request, host, addr); + } free(request); } -- 2.34.1