1 karl 1.19 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.14 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.9 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.14 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.15 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.19 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
|
14 kumpf 1.4 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 kumpf 1.1 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
33 //
|
34 kumpf 1.7 // Modified By: Yi Zhou, Hewlett-Packard Company(yi_zhou@hp.com)
|
35 kumpf 1.8 // Sushma Fernandes, Hewlett-Packard Company
36 // (sushma_fernandes@hp.com)
|
37 kumpf 1.1 //
38 //%/////////////////////////////////////////////////////////////////////////////
39
40 #ifndef Pegasus_PAMBasicAuthenticator_h
41 #define Pegasus_PAMBasicAuthenticator_h
42
43 #include <Pegasus/Common/Config.h>
|
44 mike 1.20 #include <Pegasus/Common/Mutex.h>
|
45 kumpf 1.1 #include "BasicAuthenticator.h"
46
|
47 kumpf 1.10
|
48 chuck 1.5 #include <Pegasus/Security/Authentication/Linkage.h>
|
49 kumpf 1.1
|
50 kumpf 1.6
|
51 kumpf 1.1 PEGASUS_NAMESPACE_BEGIN
52
|
53 kumpf 1.10 /** This class provides PAM basic authentication by communicating with a
54 standalone process.
55 */
56
57 #if defined(PEGASUS_USE_PAM_STANDALONE_PROC)
58
59 class PEGASUS_SECURITY_LINKAGE PAMBasicAuthenticatorStandAlone
60 {
61 public:
62
63 /** constructor. */
64 PAMBasicAuthenticatorStandAlone();
65
66 /** destructor. */
67 ~PAMBasicAuthenticatorStandAlone();
68
69 /** Verify the authentication of the requesting user.
70 @param userName String containing the user name
71 @param password String containing the user password
72 @return true on successful authentication, false otherwise
73 */
74 kumpf 1.10 Boolean authenticate(
75 const String& userName,
76 const String& password);
77
|
78 sushma.fernandes 1.18 /** Verify PAM account management for the requesting user.
79 @param userName String containing the user name
80 @return true on successful authentication, false otherwise
81 */
82 Boolean validateUser(const String& userName);
83
|
84 kumpf 1.10 private:
85 String _realm;
86
|
87 sushma.fernandes 1.18 // Indicates that an authentication operation must be performed.
88 static const String OPERATION_PAM_AUTHENTICATION;
89
90 // Indicates that an account management operation must be performed.
91 static const String OPERATION_PAM_ACCT_MGMT;
92
93 // Indicates that authentication/account management operation was successful.
94 static const String PAM_OPERATION_SUCCESS;
95
|
96 kumpf 1.17 #if defined(PEGASUS_HAS_SIGNALS)
97 /**
98 Process ID of the active Provider Agent.
99 */
100 pid_t _pid;
101 #endif
102
|
103 kumpf 1.10 Boolean _authenticateByPAM(
104 const String& userName,
105 const String& password);
106
107 void _createPAMStandalone();
|
108 sushma.fernandes 1.18
109 //
110 // Indicates the status of a write operation.
111 //
112 enum _Status
113 {
114 BROKEN_CONNECTION, // If the conntection is broken
115 OTHER_ERROR, // Any other error
116 SUCCESS
117 };
118
119 //
120 // Sends a text string to the Stand Alone PAM Process.
121 // @param text String to be sent
122 // @return the status of the write operation
123 //
124 //
125 _Status _writeString(const String& text);
126
127 //
128 // Read a response string from the Stand Alone Process.
129 sushma.fernandes 1.18 // @return reply from the PAM process
130 //
131 String _readString();
132
133 //
134 // Restarts PAM Stand Alone Process
135 //
136 void _restartProcess(void);
|
137 kumpf 1.10 };
138
139 #endif /* if defined(PEGASUS_USE_PAM_STANDALONE_PROC) */
140
|
141 kumpf 1.1 /** This class provides PAM basic authentication implementation by extending
142 the BasicAuthenticator.
143 */
144 class PEGASUS_SECURITY_LINKAGE PAMBasicAuthenticator : public BasicAuthenticator
145 {
146 public:
147
148 /** constructor. */
149 PAMBasicAuthenticator();
150
151 /** destructor. */
152 ~PAMBasicAuthenticator();
153
154 /** Verify the authentication of the requesting user.
155 @param userName String containing the user name
156 @param password String containing the user password
157 @return true on successful authentication, false otherwise
158 */
159 Boolean authenticate(
160 const String& userName,
161 const String& password);
162 kumpf 1.1
|
163 sushma.fernandes 1.18 /** Verify whether the user is valid.
164 @param userName String containing the user name
165 @return true on successful validation, false otherwise
166 */
167 Boolean validateUser( const String& userName);
168
|
169 kumpf 1.1 /** Construct and return the HTTP Basic authentication challenge header
170 @return A string containing the authentication challenge header.
171 */
172 String getAuthResponseHeader();
173
174 /** PAM Call back function, the pointer to this function is passed to the PAM module.
175 @param num_msg int containing the message count
176 @param msg pointer to a pam_message structure
177 @param resp pointer to a pam_respone structure
|
178 sushma.fernandes 1.18 @param appdata_ptr application data pointer
|
179 kumpf 1.1 @return PAM_SUCCESS on successful execution, a PAM error code otherwise
180 */
181 static Sint32 PAMCallback(
182 Sint32 num_msg,
|
183 kumpf 1.6 #if defined (PEGASUS_OS_LINUX) && defined(PEGASUS_PAM_AUTHENTICATION)
184
185 const struct pam_message **msg,
186 #else
|
187 kumpf 1.1 struct pam_message **msg,
|
188 kumpf 1.6 #endif
|
189 kumpf 1.1 struct pam_response **resp,
190 void *appdata_ptr);
191
|
192 sushma.fernandes 1.18 /** PAM AcctMgmt Call back function, the pointer to this function
193 is passed to the PAM module.
194
195 @param num_msg int containing the message count
196 @param msg pointer to a pam_message structure
197 @param resp pointer to a pam_respone structure
198 @param appdata_ptr application data pointer
199
200 @return PAM_SUCCESS on successful execution, a PAM error code otherwise
201 */
202 static Sint32 pamValidateUserCallback(
203 Sint32 num_msg,
204 #if defined (PEGASUS_OS_LINUX)
205
206 const struct pam_message **msg,
207 #else
208 struct pam_message **msg,
209 #endif
210 struct pam_response **resp,
211 void *appdata_ptr);
212
|
213 kumpf 1.1 private:
|
214 kumpf 1.8 /**
215 A mutex to serialize authentication calls.
216 */
217 static Mutex _authSerializeMutex;
|
218 kumpf 1.1
219 String _realm;
|
220 kumpf 1.7
221 Boolean _authenticateByPAM(
222 const String& userName,
223 const String& password);
224
|
225 kumpf 1.12 #if defined(PEGASUS_USE_PAM_STANDALONE_PROC)
|
226 kumpf 1.16 PAMBasicAuthenticatorStandAlone _pamBasicAuthenticatorStandAlone;
|
227 kumpf 1.12 #endif
228
|
229 kumpf 1.1 };
230
231
232 PEGASUS_NAMESPACE_END
233
234 #endif /* Pegasus_PAMBasicAuthenticator_h */
|