version 1.2, 2002/04/16 01:59:14
|
version 1.20, 2006/08/09 21:13:04
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
// |
|
// Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
|
// The Open Group, Tivoli Systems |
|
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// copy of this software and associated documentation files (the "Software"), |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// to deal in the Software without restriction, including without limitation |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// IBM Corp.; EMC Corporation, The Open Group. |
// and/or sell copies of the Software, and to permit persons to whom the |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Software is furnished to do so, subject to the following conditions: |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// The above copyright notice and this permission notice shall be included in |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
// all copies of substantial portions of this software. |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
// EMC Corporation; Symantec Corporation; The Open Group. |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
// |
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
// of this software and associated documentation files (the "Software"), to |
// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
// deal in the Software without restriction, including without limitation the |
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
// sell copies of the Software, and to permit persons to whom the Software is |
// DEALINGS IN THE SOFTWARE. |
// furnished to do so, subject to the following conditions: |
|
// |
|
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) | // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
// | // |
// Modified By: |
// Modified By: Yi Zhou, Hewlett-Packard Company(yi_zhou@hp.com) |
|
// Sushma Fernandes, Hewlett-Packard Company |
|
// (sushma_fernandes@hp.com) |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#ifndef Pegasus_PAMBasicAuthenticator_h | #ifndef Pegasus_PAMBasicAuthenticator_h |
#define Pegasus_PAMBasicAuthenticator_h | #define Pegasus_PAMBasicAuthenticator_h |
| |
#include <security/pam_appl.h> |
|
|
|
#include <Pegasus/Common/Config.h> | #include <Pegasus/Common/Config.h> |
|
#include <Pegasus/Common/Mutex.h> |
#include "BasicAuthenticator.h" | #include "BasicAuthenticator.h" |
#include "Linkage.h" |
|
|
|
|
#include <Pegasus/Security/Authentication/Linkage.h> |
| |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
/** This class provides PAM basic authentication by communicating with a |
|
standalone process. |
|
*/ |
|
|
|
#if defined(PEGASUS_USE_PAM_STANDALONE_PROC) |
|
|
|
class PEGASUS_SECURITY_LINKAGE PAMBasicAuthenticatorStandAlone |
|
{ |
|
public: |
|
|
|
/** constructor. */ |
|
PAMBasicAuthenticatorStandAlone(); |
|
|
|
/** destructor. */ |
|
~PAMBasicAuthenticatorStandAlone(); |
|
|
|
/** Verify the authentication of the requesting user. |
|
@param userName String containing the user name |
|
@param password String containing the user password |
|
@return true on successful authentication, false otherwise |
|
*/ |
|
Boolean authenticate( |
|
const String& userName, |
|
const String& password); |
|
|
|
/** Verify PAM account management for the requesting user. |
|
@param userName String containing the user name |
|
@return true on successful authentication, false otherwise |
|
*/ |
|
Boolean validateUser(const String& userName); |
|
|
|
private: |
|
String _realm; |
|
|
|
// Indicates that an authentication operation must be performed. |
|
static const String OPERATION_PAM_AUTHENTICATION; |
|
|
|
// Indicates that an account management operation must be performed. |
|
static const String OPERATION_PAM_ACCT_MGMT; |
|
|
|
// Indicates that authentication/account management operation was successful. |
|
static const String PAM_OPERATION_SUCCESS; |
|
|
|
#if defined(PEGASUS_HAS_SIGNALS) |
|
/** |
|
Process ID of the active Provider Agent. |
|
*/ |
|
pid_t _pid; |
|
#endif |
|
|
|
Boolean _authenticateByPAM( |
|
const String& userName, |
|
const String& password); |
|
|
|
void _createPAMStandalone(); |
|
|
|
// |
|
// Indicates the status of a write operation. |
|
// |
|
enum _Status |
|
{ |
|
BROKEN_CONNECTION, // If the conntection is broken |
|
OTHER_ERROR, // Any other error |
|
SUCCESS |
|
}; |
|
|
|
// |
|
// Sends a text string to the Stand Alone PAM Process. |
|
// @param text String to be sent |
|
// @return the status of the write operation |
|
// |
|
// |
|
_Status _writeString(const String& text); |
|
|
|
// |
|
// Read a response string from the Stand Alone Process. |
|
// @return reply from the PAM process |
|
// |
|
String _readString(); |
|
|
|
// |
|
// Restarts PAM Stand Alone Process |
|
// |
|
void _restartProcess(void); |
|
}; |
|
|
|
#endif /* if defined(PEGASUS_USE_PAM_STANDALONE_PROC) */ |
|
|
/** This class provides PAM basic authentication implementation by extending | /** This class provides PAM basic authentication implementation by extending |
the BasicAuthenticator. | the BasicAuthenticator. |
*/ | */ |
|
|
const String& userName, | const String& userName, |
const String& password); | const String& password); |
| |
|
/** Verify whether the user is valid. |
|
@param userName String containing the user name |
|
@return true on successful validation, false otherwise |
|
*/ |
|
Boolean validateUser( const String& userName); |
|
|
/** Construct and return the HTTP Basic authentication challenge header | /** Construct and return the HTTP Basic authentication challenge header |
@return A string containing the authentication challenge header. | @return A string containing the authentication challenge header. |
*/ | */ |
|
|
@param num_msg int containing the message count | @param num_msg int containing the message count |
@param msg pointer to a pam_message structure | @param msg pointer to a pam_message structure |
@param resp pointer to a pam_respone structure | @param resp pointer to a pam_respone structure |
@param appdata_prt application data pointer |
@param appdata_ptr application data pointer |
@return PAM_SUCCESS on successful execution, a PAM error code otherwise | @return PAM_SUCCESS on successful execution, a PAM error code otherwise |
*/ | */ |
static Sint32 PAMCallback( | static Sint32 PAMCallback( |
Sint32 num_msg, | Sint32 num_msg, |
|
#if defined (PEGASUS_OS_LINUX) && defined(PEGASUS_PAM_AUTHENTICATION) |
|
|
|
const struct pam_message **msg, |
|
#else |
|
struct pam_message **msg, |
|
#endif |
|
struct pam_response **resp, |
|
void *appdata_ptr); |
|
|
|
/** PAM AcctMgmt Call back function, the pointer to this function |
|
is passed to the PAM module. |
|
|
|
@param num_msg int containing the message count |
|
@param msg pointer to a pam_message structure |
|
@param resp pointer to a pam_respone structure |
|
@param appdata_ptr application data pointer |
|
|
|
@return PAM_SUCCESS on successful execution, a PAM error code otherwise |
|
*/ |
|
static Sint32 pamValidateUserCallback( |
|
Sint32 num_msg, |
|
#if defined (PEGASUS_OS_LINUX) |
|
|
|
const struct pam_message **msg, |
|
#else |
struct pam_message **msg, | struct pam_message **msg, |
|
#endif |
struct pam_response **resp, | struct pam_response **resp, |
void *appdata_ptr); | void *appdata_ptr); |
| |
private: | private: |
|
/** |
|
A mutex to serialize authentication calls. |
|
*/ |
|
static Mutex _authSerializeMutex; |
| |
String _realm; | String _realm; |
|
|
|
Boolean _authenticateByPAM( |
|
const String& userName, |
|
const String& password); |
|
|
|
#if defined(PEGASUS_USE_PAM_STANDALONE_PROC) |
|
PAMBasicAuthenticatorStandAlone _pamBasicAuthenticatorStandAlone; |
|
#endif |
|
|
}; | }; |
| |
| |