pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp - diff

Return to PAMBasicAuthenticatorUnix.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp between version 1.4 and 1.34.2.2

version 1.4, 2002/05/21 19:08:43

version 1.34.2.2, 2007/01/02 06:14:47

Line 1

//%/////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// IBM Corp.; EMC Corporation, The Open Group.

// and/or sell copies of the Software, and to permit persons to whom the

// Software is furnished to do so, subject to the following conditions:

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// The above copyright notice and this permission notice shall be included in

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// all copies of substantial portions of this software.

// EMC Corporation; Symantec Corporation; The Open Group.

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

// Permission is hereby granted, free of charge, to any person obtaining a copy

// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

// of this software and associated documentation files (the "Software"), to

// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

// deal in the Software without restriction, including without limitation the

// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

// sell copies of the Software, and to permit persons to whom the Software is

// DEALINGS IN THE SOFTWARE.

// furnished to do so, subject to the following conditions:

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)

// Modified By:

//%/////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Executor.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Config/ConfigManager.h>

#include <Pegasus/Common/Tracer.h>

#include "PAMBasicAuthenticator.h"

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

#include <security/pam_appl.h>

/**

Constant representing the Basic authentication challenge header.

static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";

/** Service name for pam_start */

const char *service = "wbem";

char* userPassword = 0;

/* constructor. */

PAMBasicAuthenticator::PAMBasicAuthenticator()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::PAMBasicAuthenticator()");

// Build up realm: <hostname>:<port>

// get the local system name

_realm.assign(System::getHostName());

// get the configured port number

ConfigManager* configManager = ConfigManager::getInstance();

String port = configManager->getCurrentValue("httpPort");

// ATTN-MEB: this port is often empty. Is this what was intended by the

// original implementers? The realm becomes "<hostname>:".

// Create realm that will be used for Basic challenges

_realm.append(":");

_realm.append(port);

PEG_METHOD_EXIT();

}

/* destructor. */

PAMBasicAuthenticator::~PAMBasicAuthenticator()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

Line 98

Line 78

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::authenticate()");

Boolean authenticated = false;

if (Executor::pamAuthenticate(

struct pam_conv pconv;

userName.getCString(), password.getCString()) != 0)

pam_handle_t *phandle;

char *name;

pconv.conv = PAMBasicAuthenticator::PAMCallback;

pconv.appdata_ptr = NULL;

ArrayDestroyer<char> p(password.allocateCString());

userPassword = p.getPointer();

ArrayDestroyer<char> user(userName.allocateCString());

//Call pam_start since you need to before making any other PAM calls

if ( ( pam_start(service,

(const char *)user.getPointer(), &pconv, &phandle) ) != PAM_SUCCESS )

{

userPassword = 0;

PEG_METHOD_EXIT();

return (authenticated);

}

//Call pam_authenticate to authenticate the user

if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )

{

//Call pam_acct_mgmt, to check if the user account is valid. This includes

//checking for password and account expiration, as well as verifying access

//hour restrictions.

if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )

{

authenticated = true;

return false;

}

//Call pam_end to end our PAM work

pam_end(phandle, 0);

userPassword = 0;

PEG_METHOD_EXIT();

return true;

return (authenticated);

}

Boolean PAMBasicAuthenticator::validateUser(const String& userName)

// Create authentication response header

String PAMBasicAuthenticator::getAuthResponseHeader()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::getAuthResponseHeader()");

"PAMBasicAuthenticator::validateUser()");

if (Executor::pamValidateUser(userName.getCString()) != 0)

// build response header using realm

return false;

String responseHeader = BASIC_CHALLENGE_HEADER;

responseHeader.append(_realm);

responseHeader.append("\"");

PEG_METHOD_EXIT();

return true;

return (responseHeader);

}

Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, struct pam_message **msg,

struct pam_response **resp, void *appdata_ptr)

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::PAMCallback()");

// Allocate the response buffers

if ( num_msg > 0 )

{

*resp = (struct pam_response *)malloc(sizeof(struct pam_response)*num_msg);

if ( *resp == NULL )

String PAMBasicAuthenticator::getAuthResponseHeader()

{

PEG_METHOD_EXIT();

return PAM_BUF_ERR;

}

else

{

PEG_METHOD_EXIT();

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

return PAM_CONV_ERR;

"PAMBasicAuthenticator::getAuthResponseHeader()");

}

for ( Uint32 i = 0; i < num_msg; i++ )

// Build response header:

{

switch ( msg[i]->msg_style )

{

case PAM_PROMPT_ECHO_OFF:

// copy the user password

// WWW-Authenticate: Basic "<hostname>:<port>"

resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);

strcpy(resp[i]->resp, userPassword);

resp[i]->resp_retcode = 0;

break;

default:

String responseHeader = "WWW-Authenticate: Basic \"";

PEG_METHOD_EXIT();

responseHeader.append(_realm);

return PAM_CONV_ERR;

responseHeader.append("\"");

}

PEG_METHOD_EXIT();

return responseHeader;

return PAM_SUCCESS;

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.4
changed lines
	Added in v.1.34.2.2

No CVS admin address has been configured