![[BACK]](/icons/back.gif){kind=icon}
Return to cimservera.cpp
CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Pegasus] / pegasus / src / Pegasus / Security / Cimservera| Return to cimservera.cpp
CVS log | Up to [Pegasus] / pegasus / src / Pegasus / Security / Cimservera |
| File: [Pegasus] / pegasus / src / Pegasus / Security / Cimservera / Attic / cimservera.cpp (download) Revision 1.6, Mon Jan 30 16:18:29 2006 UTC (18 years, 3 months ago) by karl CVS Tags: TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP286_PRIVILEGE_SEPARATION-root, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2102_RCMPIWindows-root, TASK-Bug2102_RCMPIWindows-merged_out_to_branch, TASK-Bug2102_RCMPIWindows-merged_out_from_trunk, TASK-Bug2102_RCMPIWindows-merged_in_to_trunk, TASK-Bug2102_RCMPIWindows-merged_in_from_branch, TASK-Bug2102_RCMPIWindows-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5-root, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_1 Branch point for: TASK-PEP286_PRIVILEGE_SEPARATION-branch, RELEASE_2_6-branch, RELEASE_2_5-branch, PEP286_PRIVILEGE_SEPARATION_BRANCH Changes since 1.5: +3 -1 lines BUG#: 4691 TITLE: Update Licenses to 2006 DESCRIPTION: Updates most of the licenses to 2006. The slp_client directories are excluded for the moment pending discussion. This change has passed unit and system tests. Note that this changes just about EVERY file in Pegasus. |
//%2006////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation, The Open Group.
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; Symantec Corporation; The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//==============================================================================
//
// Author: Ben Heilbronn, Hewlett-Packard Company(ben_heilbronn@hp.com)
//
// Parts of this code originated within PAMBasicAuthenticator.
//
// Modified By: Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com)
//
//%/////////////////////////////////////////////////////////////////////////////
#include <Pegasus/Common/System.h>
#include <Pegasus/Common/String.h>
#include <Pegasus/Common/FileSystem.h>
#include <Pegasus/Common/PegasusVersion.h>
#include <Pegasus/Security/Authentication/PAMBasicAuthenticator.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/resource.h>
#include <string.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include "cimservera.h"
PEGASUS_USING_STD;
PEGASUS_NAMESPACE_BEGIN
#include <security/pam_appl.h>
#define BUFFERLEN 1024
#define HEADER_LEN 4
typedef struct
{
CString userPassword;
} APP_DATA;
// Initialize the constants.
const char Cimservera::OPERATION_PAM_AUTHENTICATION = 'A';
const char Cimservera::OPERATION_PAM_ACCT_MGMT = 'M';
const char Cimservera::PAM_OPERATION_SUCCESS = 'T';
const char Cimservera::PAM_OPERATION_FAILURE = 'F';
/* constructor. */
Cimservera::Cimservera()
{
}
/* destructor. */
Cimservera::~Cimservera()
{
}
Boolean Cimservera::authenticateByPAM(
const String& userName,
const String& password)
{
Boolean authenticated = false;
struct pam_conv pconv;
pam_handle_t *phandle;
char *name;
APP_DATA mydata;
const char *service = "wbem";
//
// Store the password for PAM authentication
//
mydata.userPassword = password.getCString();
pconv.conv = Cimservera::PAMCallback;
pconv.appdata_ptr = &mydata;
//
//Call pam_start since you need to before making any other PAM calls
//
if ( ( pam_start(service,
(const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS )
{
return (authenticated);
}
//
//Call pam_authenticate to authenticate the user
//
if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )
{
//
//Call pam_acct_mgmt, to check if the user account is valid. This includes
//checking for password and account expiration, as well as verifying access
//hour restrictions.
//
if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )
{
authenticated = true;
}
}
//
//Call pam_end to end our PAM work
//
pam_end(phandle, 0);
return (authenticated);
}
#if defined PEGASUS_OS_LINUX
Sint32 Cimservera::PAMCallback(Sint32 num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
#else
Sint32 Cimservera::PAMCallback(Sint32 num_msg, struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
#endif
{
//
// Copy the application specific data from the PAM structure.
//
APP_DATA *mydata;
mydata = (APP_DATA *) appdata_ptr;
//
// Allocate the response buffers
//
if ( num_msg > 0 )
{
//
// Since resp->resp needs to be initialized in all possible scenarios,
// use calloc for memory allocation.
//
*resp = (struct pam_response *)calloc(num_msg, sizeof(struct pam_response));
if ( *resp == NULL )
{
return PAM_BUF_ERR;
}
}
else
{
return PAM_CONV_ERR;
}
for ( Sint32 i = 0; i < num_msg; i++ )
{
switch ( msg[i]->msg_style )
{
case PAM_PROMPT_ECHO_OFF:
//
// copy the user password
//
resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
strcpy(resp[i]->resp, mydata->userPassword);
resp[i]->resp_retcode = 0;
break;
default:
return PAM_CONV_ERR;
}
}
return PAM_SUCCESS;
}
Boolean Cimservera::performAcctMgmt (const String& userName)
{
Boolean authenticated = false;
struct pam_conv pconv;
pam_handle_t *phandle;
char *name;
APP_DATA mydata;
const char *service = "wbem";
pconv.conv = PAMBasicAuthenticator::pamValidateUserCallback;
pconv.appdata_ptr = &mydata;
//
// Call pam_start since you need to before making any other PAM calls
//
if ( pam_start(service,
(const char *)userName.getCString(), &pconv, &phandle) != PAM_SUCCESS)
{
return (authenticated);
}
//
// Call pam_acct_mgmt, to check if the user account is valid. This include s
// checking for account expiration, as well as verifying access
// hour restrictions.
//
if ( pam_acct_mgmt(phandle, 0) == PAM_SUCCESS )
{
authenticated = true;
}
//
//Call pam_end to end our PAM work
//
pam_end(phandle, 0);
return (authenticated);
}
PEGASUS_NAMESPACE_END;
PEGASUS_USING_PEGASUS;
int main(int argc, char* argv[])
{
int n, len;
char username[BUFFERLEN], password[BUFFERLEN], operation[BUFFERLEN];
char * _username = &username[0];
char * _password = &password[0];
char username_len[10], password_len[10], operation_len[10];
char return_buf[2];
typedef struct
{
CString userPassword;
} APP_DATA;
Boolean authenticated;
// STDIN and STDOUT are used on the back-end for reading and writing
for (;;) { // Just loop on username/passwords/opcode
authenticated = false;
// Read in the username
len = read(STDIN_FILENO, username_len, HEADER_LEN);
if (len != HEADER_LEN) {
break;
}
username_len[HEADER_LEN] = '\0';
n = atoi(username_len);
read(STDIN_FILENO, username, n);
username[n] = '\0';
// Read in the password
len = read(STDIN_FILENO, password_len, HEADER_LEN);
if (len != HEADER_LEN) {
break;
}
password_len[HEADER_LEN] = '\0';
n = atoi(password_len);
read(STDIN_FILENO, password, n);
password[n] = '\0';
// Read in the operation
len = read(STDIN_FILENO, operation_len, HEADER_LEN);
if (len != HEADER_LEN) {
break;
}
operation_len[HEADER_LEN] = '\0';
n = atoi(operation_len);
read(STDIN_FILENO, operation, n);
operation[n] = '\0';
//
// Check the operation flag.
//
if (operation[0] == Cimservera::OPERATION_PAM_AUTHENTICATION)
{
authenticated = Cimservera::authenticateByPAM(_username, _password);
}
else if (operation[0] == Cimservera::OPERATION_PAM_ACCT_MGMT)
{
authenticated = Cimservera::performAcctMgmt(_username);
}
if (authenticated)
{
return_buf[0] = Cimservera::PAM_OPERATION_SUCCESS;
} else
{
return_buf[0] = Cimservera::PAM_OPERATION_FAILURE;
}
return_buf[1] = '\0';
write(STDOUT_FILENO, return_buf, 1);
}
}