version 1.1.2.6, 2007/01/04 06:58:32
|
version 1.1.2.10, 2007/01/09 02:41:17
|
|
|
case 'w': | case 'w': |
return fopen(path, "wb"); | return fopen(path, "wb"); |
| |
|
case 'a': |
|
return fopen(path, "a+"); |
|
|
default: | default: |
return NULL; | return NULL; |
} | } |
|
|
#else /* POSIX CASE FOLLOWS */ | #else /* POSIX CASE FOLLOWS */ |
| |
static int InProcess_startProviderAgent( | static int InProcess_startProviderAgent( |
|
const SessionKey& sessionKey, |
const char* module, | const char* module, |
int uid, | int uid, |
int gid, | int gid, |
|
|
return status; | return status; |
} | } |
| |
static int InProcess_pamAuthenticate( |
static int InProcess_authenticatePassword( |
const char* username, | const char* username, |
const char* password) |
const char* password, |
|
SessionKey& sessionKey) |
{ | { |
|
sessionKey.clear(); |
|
|
#if defined(PEGASUS_PAM_AUTHENTICATION) | #if defined(PEGASUS_PAM_AUTHENTICATION) |
return PAMAuthenticate(username, password); | return PAMAuthenticate(username, password); |
#else | #else |
|
|
#endif | #endif |
} | } |
| |
static int InProcess_pamValidateUser( |
static int InProcess_validateUser( |
const char* username) | const char* username) |
{ | { |
#if defined(PEGASUS_PAM_AUTHENTICATION) | #if defined(PEGASUS_PAM_AUTHENTICATION) |
|
|
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
if (mode != 'r' && mode != 'w') |
if (mode != 'r' && mode != 'w' && mode != 'a') |
return NULL; | return NULL; |
| |
// _send request header: | // _send request header: |
|
|
} | } |
| |
static int OutOfProcess_startProviderAgent( | static int OutOfProcess_startProviderAgent( |
|
const SessionKey& sessionKey, |
const char* module, | const char* module, |
int uid, | int uid, |
int gid, | int gid, |
|
|
| |
ExecutorStartProviderAgentRequest request; | ExecutorStartProviderAgentRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
|
Strlcpy(request.key, sessionKey.data(), sizeof(request.key)); |
memcpy(request.module, module, n); | memcpy(request.module, module, n); |
request.uid = uid; | request.uid = uid; |
request.gid = gid; | request.gid = gid; |
|
|
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_pamAuthenticate( |
static int OutOfProcess_authenticatePassword( |
const char* username, | const char* username, |
const char* password) |
const char* password, |
|
SessionKey& sessionKey) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
|
sessionKey.clear(); |
|
|
// _send request header: | // _send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_PAM_AUTHENTICATE_MESSAGE; |
header.code = EXECUTOR_AUTHENTICATE_PASSWORD_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) | if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. | // _send request body. |
| |
ExecutorPAMAuthenticateRequest request; |
ExecutorAuthenticatePasswordRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE); |
|
|
| |
// Receive the response | // Receive the response |
| |
ExecutorPAMAuthenticateResponse response; |
ExecutorAuthenticatePasswordResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) | if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
|
Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
|
|
return response.status; | return response.status; |
} | } |
| |
static int OutOfProcess_pamValidateUser( |
static int OutOfProcess_validateUser( |
const char* username) | const char* username) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
|
|
// _send request header: | // _send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_PAM_VALIDATE_USER_MESSAGE; |
header.code = EXECUTOR_VALIDATE_USER_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) | if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. | // _send request body. |
| |
ExecutorPAMValidateUserRequest request; |
ExecutorValidateUserRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); |
| |
|
|
| |
// Receive the response | // Receive the response |
| |
ExecutorPAMValidateUserResponse response; |
ExecutorValidateUserResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) | if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
|
|
return response.status; | return response.status; |
} | } |
| |
int OutOfProcess_startLocalAuth( |
int OutOfProcess_challengeLocal( |
const char* user, | const char* user, |
char path[EXECUTOR_BUFFER_SIZE], |
char challenge[EXECUTOR_BUFFER_SIZE], |
SessionKey* key) |
SessionKey& sessionKey) |
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: | // _send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_START_LOCAL_AUTH_MESSAGE; |
header.code = EXECUTOR_CHALLENGE_LOCAL_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) | if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. | // _send request body. |
| |
ExecutorStartLocalAuthRequest request; |
ExecutorChallengeLocalRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.user, user, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.user, user, EXECUTOR_BUFFER_SIZE); |
| |
|
|
| |
// Receive the response | // Receive the response |
| |
ExecutorStartLocalAuthResponse response; |
ExecutorChallengeLocalResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) | if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
Strlcpy(key->data, response.key, sizeof(key->data)); |
Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
Strlcpy(path, response.path, EXECUTOR_BUFFER_SIZE); |
Strlcpy(challenge, response.challenge, EXECUTOR_BUFFER_SIZE); |
| |
return response.status; | return response.status; |
} | } |
| |
int OutOfProcess_finishLocalAuth( |
int OutOfProcess_authenticateLocal( |
const SessionKey* key, |
const SessionKey& sessionKey, |
const char* token, |
const char* token) |
SessionKey* newKey) |
|
{ | { |
AutoMutex autoMutex(_mutex); | AutoMutex autoMutex(_mutex); |
| |
// _send request header: | // _send request header: |
| |
ExecutorRequestHeader header; | ExecutorRequestHeader header; |
header.code = EXECUTOR_FINISH_LOCAL_AUTH_MESSAGE; |
header.code = EXECUTOR_AUTHENTICATE_LOCAL_MESSAGE; |
| |
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) | if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
return -1; | return -1; |
| |
// _send request body. | // _send request body. |
| |
ExecutorFinishLocalAuthRequest request; |
ExecutorAuthenticateLocalRequest request; |
memset(&request, 0, sizeof(request)); | memset(&request, 0, sizeof(request)); |
Strlcpy(request.key, key->data, EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.key, (char*)sessionKey.data(), EXECUTOR_BUFFER_SIZE); |
Strlcpy(request.token, token, EXECUTOR_BUFFER_SIZE); | Strlcpy(request.token, token, EXECUTOR_BUFFER_SIZE); |
| |
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) | if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
|
|
| |
// Receive the response | // Receive the response |
| |
ExecutorFinishLocalAuthResponse response; |
ExecutorAuthenticateLocalResponse response; |
| |
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) | if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
return -1; | return -1; |
| |
Strlcpy(newKey->data, response.key, sizeof(newKey->data)); |
return response.status; |
|
} |
|
|
|
int OutOfProcess_newSessionKey( |
|
const char username[EXECUTOR_BUFFER_SIZE], |
|
SessionKey& sessionKey) |
|
{ |
|
AutoMutex autoMutex(_mutex); |
|
|
|
// _send request header: |
|
|
|
ExecutorRequestHeader header; |
|
header.code = EXECUTOR_NEW_SESSION_KEY_MESSAGE; |
|
|
|
if (_send(_getSock(), &header, sizeof(header)) != sizeof(header)) |
|
return -1; |
|
|
|
// _send request body. |
|
|
|
ExecutorNewSessionKeyRequest request; |
|
memset(&request, 0, sizeof(request)); |
|
Strlcpy(request.username, username, sizeof(request.username)); |
|
|
|
if (_send(_getSock(), &request, sizeof(request)) != sizeof(request)) |
|
return -1; |
|
|
|
// Receive the response |
|
|
|
ExecutorNewSessionKeyResponse response; |
|
|
|
if (_recv(_getSock(), &response, sizeof(response)) != sizeof(response)) |
|
return -1; |
|
|
|
Strlcpy((char*)sessionKey.data(), response.key, sessionKey.size()); |
| |
return response.status; | return response.status; |
} | } |
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_openFile(path, mode); | return OutOfProcess_openFile(path, mode); |
#else | #else |
return -1; |
return NULL; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
|
|
} | } |
| |
int Executor::startProviderAgent( | int Executor::startProviderAgent( |
|
const SessionKey& sessionKey, |
const char* module, | const char* module, |
int uid, | int uid, |
int gid, | int gid, |
|
|
{ | { |
if (_getSock() == -1) | if (_getSock() == -1) |
return InProcess_startProviderAgent( | return InProcess_startProviderAgent( |
module, uid, gid, pid, readPipe, writePipe); |
sessionKey, module, uid, gid, pid, readPipe, writePipe); |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_startProviderAgent( | return OutOfProcess_startProviderAgent( |
module, uid, gid, pid, readPipe, writePipe); |
sessionKey, module, uid, gid, pid, readPipe, writePipe); |
#else | #else |
return -1; | return -1; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
int Executor::pamAuthenticate( |
int Executor::authenticatePassword( |
const char* username, | const char* username, |
const char* password) |
const char* password, |
|
SessionKey& sessionKey) |
{ | { |
if (_getSock() == -1) | if (_getSock() == -1) |
return InProcess_pamAuthenticate(username, password); |
return InProcess_authenticatePassword(username, password, sessionKey); |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_pamAuthenticate(username, password); |
return OutOfProcess_authenticatePassword(username, password, sessionKey); |
#else | #else |
return -1; | return -1; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
int Executor::pamValidateUser( |
int Executor::validateUser( |
const char* username) | const char* username) |
{ | { |
if (_getSock() == -1) | if (_getSock() == -1) |
return InProcess_pamValidateUser(username); |
return InProcess_validateUser(username); |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_pamValidateUser(username); |
return OutOfProcess_validateUser(username); |
#else | #else |
return -1; | return -1; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
int Executor::startLocalAuth( |
int Executor::challengeLocal( |
const char* user, | const char* user, |
char path[EXECUTOR_BUFFER_SIZE], | char path[EXECUTOR_BUFFER_SIZE], |
SessionKey* key) |
SessionKey& sessionKey) |
{ | { |
if (_getSock() == -1) | if (_getSock() == -1) |
return -1; | return -1; |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_startLocalAuth(user, path, key); |
return OutOfProcess_challengeLocal(user, path, sessionKey); |
#else | #else |
return -1; | return -1; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
int Executor::finishLocalAuth( |
int Executor::authenticateLocal( |
const SessionKey* key, |
const SessionKey& sessionKey, |
const char* token, |
const char* challengeResponse) |
SessionKey* newKey) |
|
{ | { |
if (_getSock() == -1) | if (_getSock() == -1) |
return -1; | return -1; |
| |
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) | #if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
return OutOfProcess_finishLocalAuth(key, token, newKey); |
return OutOfProcess_authenticateLocal(sessionKey, challengeResponse); |
#else | #else |
return -1; | return -1; |
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ | #endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
} | } |
| |
|
int Executor::newSessionKey( |
|
const char username[EXECUTOR_BUFFER_SIZE], |
|
SessionKey& sessionKey) |
|
{ |
|
if (_getSock() == -1) |
|
return -1; |
|
|
|
#if defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) |
|
return OutOfProcess_newSessionKey(username, sessionKey); |
|
#else |
|
sessionKey.clear(); |
|
return 0; |
|
#endif /* defined(PEGASUS_ENABLE_PRIVILEGE_SEPARATION) */ |
|
} |
|
|
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |