1/*
2 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23#include <sys/param.h>
24#include <sys/time.h>
25#include <sys/resource.h>
26#include <err.h>
27#include <errno.h>
28#include <grp.h>
29#include <paths.h>
30#include <stdio.h>
31#include <stdlib.h>
32#include <string.h>
33#include <syslog.h>
34#include <unistd.h>
35
36#include "authentication.h"
37
38int isAuthenticatedAsAdministrator(void)
39{
40    if (isAuthenticatedAsRoot()) {
41        return 1;
42    }
43    // otherwise ...
44    return isAuthenticatedAsAdministratorForTask(0);
45}
46
47int isAuthenticatedAsAdministratorForTask(int taskNum)
48{
49    int admin = 0;
50    uid_t ruid;
51
52    if (isAuthenticatedAsRoot()) {
53        return 1;
54    }
55
56    ruid = getuid();
57
58    if (ruid) {
59            gid_t groups[NGROUPS_MAX];
60            int   numgroups;
61
62            /*
63             * Only allow those in group taskNum group (By default admin) to authenticate.
64             */
65            if ((numgroups = getgroups(NGROUPS_MAX, groups)) > 0) {
66                    int i;
67                    gid_t admingid = 0;
68                    struct group *admingroup;
69
70                    if ((admingroup = getgrnam(groupNameForTask(taskNum))) != NULL) {
71                            admingid = admingroup->gr_gid;
72
73                            for (i = 0; i < numgroups; i++) {
74                                    if (groups[i] == admingid) {
75                                            admin = 1;
76                                            break;
77                                    }
78                            }
79                    }
80
81            }
82    }
83    // otherwise
84    return admin;
85}
86
87int isAuthenticatedAsRoot(void)
88{
89    if (getuid() == 0) {
90        return 1;
91    }
92    return 0;
93}
94
95char *groupNameForTask(int taskNum)
96{
97    if (taskNum == 0)
98        return "admin";
99
100    return "admin";
101}
102
103