pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp - diff

Return to PAMBasicAuthenticatorUnix.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp between version 1.6 and 1.34.2.2

version 1.6, 2002/08/29 00:27:52

version 1.34.2.2, 2007/01/02 06:14:47

Line 1

//%/////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 21

Line 29

//==============================================================================

// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)

// Modified By:

//%/////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Executor.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Config/ConfigManager.h>

#include <Pegasus/Common/Tracer.h>

#include "PAMBasicAuthenticator.h"

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

#include <security/pam_appl.h>

/**

Constant representing the Basic authentication challenge header.

static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";

/** Service name for pam_start */

const char *service = "wbem";

const char* userPassword = 0;

/* constructor. */

PAMBasicAuthenticator::PAMBasicAuthenticator()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::PAMBasicAuthenticator()");

// Build up realm: <hostname>:<port>

// get the local system name

_realm.assign(System::getHostName());

// get the configured port number

ConfigManager* configManager = ConfigManager::getInstance();

String port = configManager->getCurrentValue("httpPort");

// ATTN-MEB: this port is often empty. Is this what was intended by the

// original implementers? The realm becomes "<hostname>:".

// Create realm that will be used for Basic challenges

_realm.append(":");

_realm.append(port);

PEG_METHOD_EXIT();

}

/* destructor. */

PAMBasicAuthenticator::~PAMBasicAuthenticator()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

Line 96

Line 78

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::authenticate()");

Boolean authenticated = false;

if (Executor::pamAuthenticate(

struct pam_conv pconv;

userName.getCString(), password.getCString()) != 0)

pam_handle_t *phandle;

char *name;

pconv.conv = PAMBasicAuthenticator::PAMCallback;

pconv.appdata_ptr = NULL;

userPassword = password.getCString();

//Call pam_start since you need to before making any other PAM calls

if ( ( pam_start(service,

(const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS )

{

userPassword = 0;

PEG_METHOD_EXIT();

return (authenticated);

}

//Call pam_authenticate to authenticate the user

if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )

{

//Call pam_acct_mgmt, to check if the user account is valid. This includes

//checking for password and account expiration, as well as verifying access

//hour restrictions.

if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )

{

authenticated = true;

return false;

}

//Call pam_end to end our PAM work

pam_end(phandle, 0);

userPassword = 0;

PEG_METHOD_EXIT();

return true;

return (authenticated);

}

Boolean PAMBasicAuthenticator::validateUser(const String& userName)

// Create authentication response header

String PAMBasicAuthenticator::getAuthResponseHeader()

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::getAuthResponseHeader()");

"PAMBasicAuthenticator::validateUser()");

if (Executor::pamValidateUser(userName.getCString()) != 0)

// build response header using realm

return false;

String responseHeader = BASIC_CHALLENGE_HEADER;

responseHeader.append(_realm);

responseHeader.append("\"");

PEG_METHOD_EXIT();

return true;

return (responseHeader);

}

Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, struct pam_message **msg,

struct pam_response **resp, void *appdata_ptr)

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"PAMBasicAuthenticator::PAMCallback()");

// Allocate the response buffers

if ( num_msg > 0 )

{

*resp = (struct pam_response *)malloc(sizeof(struct pam_response)*num_msg);

if ( *resp == NULL )

String PAMBasicAuthenticator::getAuthResponseHeader()

{

PEG_METHOD_EXIT();

return PAM_BUF_ERR;

}

else

{

PEG_METHOD_EXIT();

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

return PAM_CONV_ERR;

"PAMBasicAuthenticator::getAuthResponseHeader()");

}

for ( Uint32 i = 0; i < num_msg; i++ )

// Build response header:

{

switch ( msg[i]->msg_style )

{

case PAM_PROMPT_ECHO_OFF:

// copy the user password

// WWW-Authenticate: Basic "<hostname>:<port>"

resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);

strcpy(resp[i]->resp, userPassword);

resp[i]->resp_retcode = 0;

break;

default:

String responseHeader = "WWW-Authenticate: Basic \"";

PEG_METHOD_EXIT();

responseHeader.append(_realm);

return PAM_CONV_ERR;

responseHeader.append("\"");

}

PEG_METHOD_EXIT();

return responseHeader;

return PAM_SUCCESS;

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.6
changed lines
	Added in v.1.34.2.2

No CVS admin address has been configured