for authenticated access record the authenticated username in the logs

d0d56395 · Andrew Tridgell · e9d736a7 · d0d56395 · d0d56395
Commit d0d56395 authored May 16, 1998 by Andrew Tridgell
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 20 deletions

authenticate.c authenticate.c +20 -10

clientserver.c clientserver.c +19 -10

No files found.
--- a/authenticate.c
+++ b/authenticate.c
@@ -125,21 +125,28 @@ void generate_hash(char *in, char *challenge, char *out)
 }
 /* possible negotiate authentication with the client. Use "leader" to
-   start off the auth if necessary */
+   start off the auth if necessary 
-int auth_server(int fd, int module, char *addr, char *leader)
+   return NULL if authentication failed
+   return "" if anonymous access
+   otherwise return username
+*/
+char *auth_server(int fd, int module, char *addr, char *leader)
 {
 	char *users = lp_auth_users(module);
 	char challenge[16];
 	char b64_challenge[30];
 	char line[MAXPATHLEN];
-	char user[100];
+	static char user[100];
 	char secret[100];
 	char pass[30];
 	char pass2[30];
 	char *tok;
 	/* if no auth list then allow anyone in! */
-	if (!users || !*users) return 1;
+	if (!users || !*users) return "";
 	gen_challenge(addr, challenge);
@@ -148,18 +155,18 @@ int auth_server(int fd, int module, char *addr, char *leader)
 	io_printf(fd,"%s%s\n", leader, b64_challenge);
 	if (!read_line(fd, line, sizeof(line)-1)) {
-		return 0;
+		return NULL;
 	}
 	memset(user, 0, sizeof(user));
 	memset(pass, 0, sizeof(pass));
 	if (sscanf(line,"%99s %29s", user, pass) != 2) {
-		return 0;
+		return NULL;
 	}
 	users = strdup(users);
-	if (!users) return 0;
+	if (!users) return NULL;
 	for (tok=strtok(users," ,\t"); tok; tok = strtok(NULL," ,\t")) {
 		if (strcmp(tok, user) == 0) break;
@@ -167,19 +174,22 @@ int auth_server(int fd, int module, char *addr, char *leader)
 	free(users);
 	if (!tok) {
-		return 0;
+		return NULL;
 	}
 	memset(secret, 0, sizeof(secret));
 	if (!get_secret(module, user, secret, sizeof(secret)-1)) {
 		memset(secret, 0, sizeof(secret));
-		return 0;
+		return NULL;
 	}
 	generate_hash(secret, b64_challenge, pass2);
 	memset(secret, 0, sizeof(secret));
-	return (strcmp(pass, pass2) == 0);
+	if (strcmp(pass, pass2) == 0)
+		return user;
+	return NULL;
 }

--- a/clientserver.c
+++ b/clientserver.c
@@ -109,6 +109,7 @@ static int rsync_module(int fd, int i)
 	char *addr = client_addr(fd);
 	char *host = client_name(fd);
 	char *name = lp_name(i);
+	char *user;
 	int start_glob=0;
 	char *request=NULL;
 	extern int am_sender;
@@ -121,13 +122,6 @@ static int rsync_module(int fd, int i)
 		return -1;
 	}
-	if (!auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ")) {
-		rprintf(FERROR,"auth failed on module %s from %s (%s)\n",
-			name, client_name(fd), client_addr(fd));
-		io_printf(fd,"@ERROR: auth failed on module %s\n",name);
-		return -1;		
-	}
 	if (!claim_connection(lp_lock_file(), lp_max_connections())) {
 		rprintf(FERROR,"max connections (%d) reached\n",
 			lp_max_connections());
@@ -136,6 +130,15 @@ static int rsync_module(int fd, int i)
 	}
+	user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ");
+	if (!user) {
+		rprintf(FERROR,"auth failed on module %s from %s (%s)\n",
+			name, client_name(fd), client_addr(fd));
+		io_printf(fd,"@ERROR: auth failed on module %s\n",name);
+		return -1;		
+	}
 	module_id = i;
 	if (lp_read_only(i))
@@ -233,9 +236,15 @@ static int rsync_module(int fd, int i)
 	parse_arguments(argc, argv);
 	if (request) {
-		rprintf(FINFO,"rsync %s %s from %s (%s)\n",
+		if (*user) {
-			am_sender?"on":"to",
+			rprintf(FINFO,"rsync %s %s from %s@%s (%s)\n",
-			request, host, addr);
+				am_sender?"on":"to",
+				request, user, host, addr);
+		} else {
+			rprintf(FINFO,"rsync %s %s from %s (%s)\n",
+				am_sender?"on":"to",
+				request, host, addr);
+		}
 		free(request);
 	}