|
version 1.4, 2007/07/24 19:42:02
|
version 1.5, 2007/07/25 19:43:47
|
|
|
|
| ** This header defines two functions that may be called by clients of this | ** This header defines two functions that may be called by clients of this |
| ** process (the parent process). | ** process (the parent process). |
| ** | ** |
| ** CimserveraAuthenticate() |
** PAMAuthenticate() |
| ** CimserveraValidateUser() |
** PAMValidateUser() |
| ** | ** |
| ** Each functions forks and executes a child process that carries out |
** Depending on the PEGASUS_USE_PAM_STANDALONE_PROC build flag, these |
| ** the request and then exits immediately. The parent and child proceses |
** functions either call PAM directly or fork and execute a child process |
| ** communicate over a local domain socket, created by the parent just |
** that performs the requested PAM operation and then exits immediately. |
| ** before executing the client program. |
** The parent and child proceses communicate over a local domain socket, |
| |
** created by the parent just before executing the client program. |
| ** | ** |
| ** Both of the functions above are defined in the header to avoid the need |
** These functions are defined in a header file to avoid the need |
| ** to link a separate client library. | ** to link a separate client library. |
| ** | ** |
| ** CAUTION: This program must not depend on any Pegasus libraries since | ** CAUTION: This program must not depend on any Pegasus libraries since |
|
|
|
| /* | /* |
| **============================================================================== | **============================================================================== |
| ** | ** |
| ** CimserveraAuthenticate() |
** CimserveraProcessOperation() |
| ** | ** |
| **============================================================================== | **============================================================================== |
| */ | */ |
| | |
| static int CimserveraAuthenticate(const char* username, const char* password) |
static int CimserveraProcessOperation( |
| |
const char* operationName, |
| |
const char* username, |
| |
const char* password) |
| { | { |
| int sock; | int sock; |
| int pid; | int pid; |
|
|
|
| { | { |
| CimserveraRequest request; | CimserveraRequest request; |
| CimserveraResponse response; | CimserveraResponse response; |
| int childStatus; |
|
| | |
| /* Send request to CIMSERVERA process. */ | /* Send request to CIMSERVERA process. */ |
| | |
| memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
| Strlcpy(request.arg0, "authenticate", EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.arg0, operationName, EXECUTOR_BUFFER_SIZE); |
| Strlcpy(request.arg1, username, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.arg1, username, EXECUTOR_BUFFER_SIZE); |
| Strlcpy(request.arg2, password, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.arg2, password, EXECUTOR_BUFFER_SIZE); |
| | |
|
|
|
| break; | break; |
| } | } |
| | |
| /* Get exit status from CIMSERVERA program. */ |
#if !defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
| |
/* When called from the main cimserver process, the cimservera |
| waitpid(pid, &childStatus, 0); |
exit status must be harvested explicitly to prevent zombies. |
| } |
|
| while (0); |
|
| |
|
| close(sock); |
|
| |
|
| return status; |
|
| } |
|
| |
|
| /* |
|
| **============================================================================== |
|
| ** |
|
| ** CimserveraValidateUser() |
|
| ** |
|
| **============================================================================== |
|
| */ | */ |
| | |
| static int CimserveraValidateUser(const char* username) |
while ((waitpid(pid, 0, 0) == -1) && (errno == EINTR)) |
| { |
; |
| int sock; |
#endif |
| int pid; |
|
| int status; |
|
| |
|
| /* Create the CIMSERVERA process. */ |
|
| |
|
| pid = CimserveraStart(&sock); |
|
| |
|
| if (pid == -1) |
|
| return -1; |
|
| |
|
| /* Send request, get response. */ |
|
| |
|
| status = 0; |
|
| |
|
| do |
|
| { |
|
| CimserveraRequest request; |
|
| CimserveraResponse response; |
|
| int childStatus; |
|
| |
|
| /* Send request to CIMSERVERA process. */ |
|
| |
|
| memset(&request, 0, sizeof(request)); |
|
| Strlcpy(request.arg0, "validateUser", EXECUTOR_BUFFER_SIZE); |
|
| Strlcpy(request.arg1, username, EXECUTOR_BUFFER_SIZE); |
|
| |
|
| if (SendBlock(sock, &request, sizeof(request)) != sizeof(request)) |
|
| { |
|
| status = -1; |
|
| break; |
|
| } |
|
| |
|
| /* Receive response from CIMSERVERA process. */ |
|
| |
|
| if (RecvBlock(sock, &response, sizeof(response)) != sizeof(response)) |
|
| { |
|
| status = -1; |
|
| break; |
|
| } |
|
| |
|
| /* Check status. */ |
|
| |
|
| if (response.status != 0) |
|
| { |
|
| status = -1; |
|
| break; |
|
| } |
|
| |
|
| /* Get exit status from CIMSERVERA program. */ |
|
| |
|
| waitpid(pid, &childStatus, 0); |
|
| } | } |
| while (0); | while (0); |
| | |
|
|
|
| static int PAMAuthenticate(const char* username, const char* password) | static int PAMAuthenticate(const char* username, const char* password) |
| { | { |
| #ifdef PEGASUS_USE_PAM_STANDALONE_PROC | #ifdef PEGASUS_USE_PAM_STANDALONE_PROC |
| return CimserveraAuthenticate(username, password); |
return CimserveraProcessOperation("authenticate", username, password); |
| #else | #else |
| return PAMAuthenticateInProcess(username, password); | return PAMAuthenticateInProcess(username, password); |
| #endif | #endif |
|
|
|
| static int PAMValidateUser(const char* username) | static int PAMValidateUser(const char* username) |
| { | { |
| #ifdef PEGASUS_USE_PAM_STANDALONE_PROC | #ifdef PEGASUS_USE_PAM_STANDALONE_PROC |
| return CimserveraValidateUser(username); |
return CimserveraProcessOperation("validateUser", username, ""); |
| #else | #else |
| return PAMValidateUserInProcess(username); | return PAMValidateUserInProcess(username); |
| #endif | #endif |
Return to
PAMAuth.h
CVS log
Up to [Pegasus] / pegasus / src / Executor