version 1.12, 2003/03/13 23:09:35
|
version 1.14, 2003/10/22 14:26:13
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%2003//////////////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development |
// The Open Group, Tivoli Systems |
// Company, L. P., IBM Corp., The Open Group, Tivoli Systems. |
|
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; |
|
// IBM Corp.; EMC Corporation, The Open Group. |
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
// of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
*/ | */ |
static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \""; | static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \""; |
| |
|
Mutex PAMBasicAuthenticator::_authSerializeMutex; |
| |
/** Service name for pam_start */ | /** Service name for pam_start */ |
const char *service = "wbem"; | const char *service = "wbem"; |
|
|
#ifndef PEGASUS_OS_HPUX | #ifndef PEGASUS_OS_HPUX |
authenticated = _authenticateByPAM(userName, password); | authenticated = _authenticateByPAM(userName, password); |
#else | #else |
if (_usePAM) |
|
{ |
|
// | // |
// Check if the system has been converted to a trusted system. |
// Mutex to Serialize Authentication calls. |
// ATTN-SF-P3-20030211 - This code to use getpwpwnam on a trusted sytem has |
|
// been added as there is a known problem with trusted mode with PAM based |
|
// Authentication. |
|
// | // |
|
|
if (iscomsec()) |
|
{ |
|
authenticated = false; |
|
String currPassword = String::EMPTY; |
|
String encryptedPassword = String::EMPTY; |
|
String saltStr = String::EMPTY; |
|
char* userNamecstr = strcpy( |
|
new char[strlen(userName.getCString()) + 1], |
|
userName.getCString()); |
|
|
|
// system is a trusted system |
|
// use interface getprpwnam to get pr_passwd structure |
|
|
|
struct pr_passwd * pwd; |
|
|
|
// getprpwnam returns a pointer to a pr_passwd structure upon success |
|
if ( (pwd = getprpwnam(userNamecstr)) != NULL) |
|
{ |
|
Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4, | Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4, |
"getprpwnam call successful."); |
"Authentication Mutex lock."); |
// get user's password from pr_passwd structure |
_authSerializeMutex.lock(pegasus_thread_self()); |
currPassword = pwd->ufld.fd_encrypt; |
try |
} |
|
delete [] userNamecstr; |
|
|
|
// |
|
// Check if the specified password mathches user's password |
|
// |
|
saltStr = currPassword.subString(0,2); |
|
|
|
encryptedPassword = System::encryptPassword(password.getCString(), |
|
saltStr.getCString()); |
|
|
|
if (String::equal(currPassword, encryptedPassword)) |
|
{ | { |
authenticated = true; |
if (_usePAM) |
Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4, |
|
"Password match successful."); |
|
} |
|
} |
|
else |
|
{ | { |
authenticated = _authenticateByPAM(userName, password); | authenticated = _authenticateByPAM(userName, password); |
} | } |
} |
|
else | else |
{ | { |
authenticated = _authenticateByPwnam(userName.getCString(), password); | authenticated = _authenticateByPwnam(userName.getCString(), password); |
} | } |
|
|
|
Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4, |
|
"Authentication Mutex unlock."); |
|
_authSerializeMutex.unlock(); |
|
} |
|
catch (...) |
|
{ |
|
Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4, |
|
"Authentication Mutex unlock."); |
|
_authSerializeMutex.unlock(); |
|
throw; |
|
} |
#endif | #endif |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
// | // |
if ( num_msg > 0 ) | if ( num_msg > 0 ) |
{ | { |
*resp = (struct pam_response *)malloc(sizeof(struct pam_response)*num_msg); |
// |
|
// Since resp->resp needs to be initialized in all possible scenarios, |
|
// use calloc for memory allocation. |
|
// |
|
*resp = (struct pam_response *)calloc(num_msg, sizeof(struct pam_response)); |
| |
if ( *resp == NULL ) | if ( *resp == NULL ) |
{ | { |