1 karl 1.31 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.24 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.14 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.24 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.25 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.31 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
|
14 kumpf 1.5 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 kumpf 1.1 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
33 //
|
34 kumpf 1.10 // Modified By: Yi Zhou, Hewlett-Packard Company(yi_zhou@hp.com)
|
35 kumpf 1.12 // : Sushma Fernandes, Hewlett-Packard Company
36 // (sushma_fernandes@hp.com)
|
37 joyce.j 1.26 // Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101
|
38 kumpf 1.1 //
39 //%/////////////////////////////////////////////////////////////////////////////
40
41 #include <Pegasus/Common/System.h>
42 #include <Pegasus/Common/Tracer.h>
43 #include <Pegasus/Config/ConfigManager.h>
|
44 kumpf 1.15 #include <Pegasus/Common/FileSystem.h>
|
45 sushma.fernandes 1.29 #include <Pegasus/Common/Signal.h>
|
46 kumpf 1.1
|
47 kumpf 1.15 #if defined (PEGASUS_OS_HPUX)
48 #include <prot.h>
49 #endif
50
51 #if defined (PEGASUS_USE_PAM_STANDALONE_PROC)
52 #include <Pegasus/Common/Logger.h>
53 #include <Pegasus/Common/IPC.h>
|
54 kumpf 1.10 #include <pwd.h>
|
55 kumpf 1.15 #include <sys/stat.h>
56 #include <unistd.h>
57 #include <sys/types.h>
58 #include <sys/resource.h>
|
59 kumpf 1.28 #if defined(PEGASUS_HAS_SIGNALS)
60 # include <sys/wait.h>
61 #endif
|
62 kumpf 1.10 #endif
63
|
64 konrad.r 1.20
|
65 kumpf 1.1 #include "PAMBasicAuthenticator.h"
66
67 PEGASUS_USING_STD;
68
69 PEGASUS_NAMESPACE_BEGIN
|
70 kumpf 1.3
71 #include <security/pam_appl.h>
|
72 kumpf 1.1
|
73 konrad.r 1.23 #if defined(PEGASUS_OS_LSB)
74 #ifndef PAM_MAX_MSG_SIZE
75 #define PAM_MAX_MSG_SIZE 512
76 #endif
77 #endif
78
|
79 kumpf 1.10 #define BUFFERLEN 1024
|
80 kumpf 1.1
81 /**
82 Constant representing the Basic authentication challenge header.
83 */
84 static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";
85
|
86 kumpf 1.13 Mutex PAMBasicAuthenticator::_authSerializeMutex;
|
87 kumpf 1.1
88 /** Service name for pam_start */
89 const char *service = "wbem";
90
|
91 kumpf 1.10 typedef struct
|
92 kumpf 1.9 {
93 CString userPassword;
94 } APP_DATA;
95
|
96 kumpf 1.1 /* constructor. */
97 PAMBasicAuthenticator::PAMBasicAuthenticator()
98 {
99 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
100 "PAMBasicAuthenticator::PAMBasicAuthenticator()");
101
102 //
103 // get the local system name
104 //
105 _realm.assign(System::getHostName());
106
107 //
108 // get the configured port number
109 //
110 ConfigManager* configManager = ConfigManager::getInstance();
111
|
112 kumpf 1.4 String port = configManager->getCurrentValue("httpPort");
|
113 kumpf 1.1
114 //
115 // Create realm that will be used for Basic challenges
116 //
117 _realm.append(":");
118 _realm.append(port);
119
120 PEG_METHOD_EXIT();
121 }
122
123 /* destructor. */
124 PAMBasicAuthenticator::~PAMBasicAuthenticator()
125 {
126 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
127 "PAMBasicAuthenticator::~PAMBasicAuthenticator()");
128
129 PEG_METHOD_EXIT();
130 }
131
132 Boolean PAMBasicAuthenticator::authenticate(
133 const String& userName,
134 kumpf 1.1 const String& password)
135 {
136 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
137 "PAMBasicAuthenticator::authenticate()");
138
|
139 kumpf 1.10 Boolean authenticated;
140
|
141 kumpf 1.15 #if !defined(PEGASUS_USE_PAM_STANDALONE_PROC)
|
142 kumpf 1.19 authenticated = _authenticateByPAM(userName, password);
|
143 kumpf 1.10 #else
|
144 kumpf 1.19 //
145 // Mutex to Serialize Authentication calls.
146 //
147 Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4,
148 "Authentication Mutex lock.");
149 AutoMutex lock(_authSerializeMutex);
|
150 kumpf 1.27 authenticated = _pamBasicAuthenticatorStandAlone.authenticate(
151 userName, password);
|
152 kumpf 1.10 #endif
153
154 PEG_METHOD_EXIT();
155 return (authenticated);
156 }
157
158 Boolean PAMBasicAuthenticator::_authenticateByPAM(
159 const String& userName,
160 const String& password)
161 {
162 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
163 "PAMBasicAuthenticator::_authenticateByPAM()");
164
|
165 kumpf 1.2 Boolean authenticated = false;
|
166 kumpf 1.1 struct pam_conv pconv;
167 pam_handle_t *phandle;
168 char *name;
|
169 kumpf 1.9 APP_DATA mydata;
170
171 //
172 // Store the password for PAM authentication
173 //
174 mydata.userPassword = password.getCString();
|
175 kumpf 1.1
176 pconv.conv = PAMBasicAuthenticator::PAMCallback;
|
177 kumpf 1.9 pconv.appdata_ptr = &mydata;
|
178 kumpf 1.8
179 // WARNING: Should only be uncommented for debugging in a secure environment.
180 // Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4,
|
181 kumpf 1.10 // "PAMBasicAuthenticator::_authenticateByPAM() - userName = %s; userPassword = %s",
|
182 kumpf 1.9 // (const char *)userName.getCString(), (const char *)password.getCString());
|
183 kumpf 1.1
184 //
|
185 kumpf 1.2 //Call pam_start since you need to before making any other PAM calls
|
186 kumpf 1.1 //
187 if ( ( pam_start(service,
|
188 kumpf 1.6 (const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS )
|
189 kumpf 1.1 {
190 PEG_METHOD_EXIT();
191 return (authenticated);
192 }
193
194 //
195 //Call pam_authenticate to authenticate the user
196 //
|
197 kumpf 1.2 if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )
|
198 kumpf 1.1 {
|
199 kumpf 1.8 Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4,
|
200 kumpf 1.12 "pam_authenticate successful.");
|
201 kumpf 1.2 //
202 //Call pam_acct_mgmt, to check if the user account is valid. This includes
203 //checking for password and account expiration, as well as verifying access
204 //hour restrictions.
205 //
206 if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )
207 {
|
208 kumpf 1.8 Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4,
|
209 kumpf 1.12 "pam_acct_mgmt successful.");
|
210 kumpf 1.2 authenticated = true;
211 }
|
212 kumpf 1.1 }
213
214 //
215 //Call pam_end to end our PAM work
216 //
|
217 kumpf 1.2 pam_end(phandle, 0);
|
218 kumpf 1.10
219 PEG_METHOD_EXIT();
220
221 return (authenticated);
222 }
223
|
224 sushma.fernandes 1.29 Boolean PAMBasicAuthenticator::validateUser(const String& userName)
225 {
226 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
227 "PAMBasicAuthenticator::validateUser()");
228
229 Boolean authenticated = false;
230
231 #if !defined(PEGASUS_USE_PAM_STANDALONE_PROC)
232 struct pam_conv pconv;
233 pam_handle_t *phandle;
234 char *name;
235 APP_DATA mydata;
236
237 const char *service = "wbem";
238 pconv.conv = PAMBasicAuthenticator::pamValidateUserCallback;
239 pconv.appdata_ptr = &mydata;
240
241 //
242 // Call pam_start since you need to before making any other PAM calls
243 //
244 if ( pam_start(service,
245 sushma.fernandes 1.29 (const char *)userName.getCString(), &pconv, &phandle) != PAM_SUCCESS)
246 {
247 PEG_METHOD_EXIT();
248 return (authenticated);
249 }
250
251 //
252 // Call pam_acct_mgmt, to check if the user account is valid. This includes
253 // checking for account expiration, as well as verifying access
254 // hour restrictions.
255 //
256 if ( pam_acct_mgmt(phandle, 0) == PAM_SUCCESS )
257 {
258 authenticated = true;
259 }
260
261 //
262 //Call pam_end to end our PAM work
263 //
264 pam_end(phandle, 0);
265
266 sushma.fernandes 1.29 #else
267 //
268 // Mutex to Serialize Authentication calls.
269 //
270 Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL4,
271 "Authentication Mutex lock.");
272 AutoMutex lock(_authSerializeMutex);
273 authenticated = _pamBasicAuthenticatorStandAlone.validateUser(
274 userName);
275 #endif
276
277 PEG_METHOD_EXIT();
278 return (authenticated);
279
280 }
281
282 Sint32 PAMBasicAuthenticator::pamValidateUserCallback( Sint32 num_msg,
283 #if defined (PEGASUS_OS_LINUX)
284 const struct pam_message **msg,
285 #else
286 struct pam_message **msg,
287 sushma.fernandes 1.29 #endif
288 struct pam_response **resp,
289 void *appdata_ptr)
290 {
291 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
292 "PAMBasicAuthenticator::pamValidateUserCallback()");
293
294 //
295 // Allocate the response buffers
296 //
297 if ( num_msg > 0 )
298 {
299 //
300 // Since resp->resp needs to be initialized in all possible scenarios,
301 // use calloc for memory allocation.
302 //
303 *resp =
304 (struct pam_response *)calloc(num_msg, sizeof(struct pam_response));
305
306 if ( *resp == NULL )
307 {
308 sushma.fernandes 1.29 PEG_METHOD_EXIT();
309 return PAM_BUF_ERR;
310 }
311 }
312 else
313 {
314 PEG_METHOD_EXIT();
315 return PAM_CONV_ERR;
316 }
317
318 PEG_METHOD_EXIT();
319 return PAM_SUCCESS;
320 }
321
|
322 kumpf 1.1 //
323 // Create authentication response header
324 //
325 String PAMBasicAuthenticator::getAuthResponseHeader()
326 {
327 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
328 "PAMBasicAuthenticator::getAuthResponseHeader()");
329
330 //
331 // build response header using realm
332 //
333 String responseHeader = BASIC_CHALLENGE_HEADER;
334 responseHeader.append(_realm);
335 responseHeader.append("\"");
336
337 PEG_METHOD_EXIT();
338
339 return (responseHeader);
340 }
341
|
342 kumpf 1.8 #if defined PEGASUS_OS_LINUX
343 Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, const struct pam_message **msg,
344 struct pam_response **resp, void *appdata_ptr)
345 #else
|
346 kumpf 1.1 Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, struct pam_message **msg,
347 struct pam_response **resp, void *appdata_ptr)
|
348 kumpf 1.8 #endif
|
349 kumpf 1.1 {
350 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
351 "PAMBasicAuthenticator::PAMCallback()");
|
352 kumpf 1.9
353 //
354 // Copy the application specific data from the PAM structure.
355 //
356 APP_DATA *mydata;
357 mydata = (APP_DATA *) appdata_ptr;
358
|
359 kumpf 1.1 //
360 // Allocate the response buffers
361 //
362 if ( num_msg > 0 )
363 {
|
364 kumpf 1.13 //
365 // Since resp->resp needs to be initialized in all possible scenarios,
366 // use calloc for memory allocation.
367 //
368 *resp = (struct pam_response *)calloc(num_msg, sizeof(struct pam_response));
|
369 kumpf 1.1
370 if ( *resp == NULL )
371 {
372 PEG_METHOD_EXIT();
373 return PAM_BUF_ERR;
374 }
375 }
376 else
377 {
378 PEG_METHOD_EXIT();
379 return PAM_CONV_ERR;
380 }
381
|
382 kumpf 1.8 for ( Sint32 i = 0; i < num_msg; i++ )
|
383 kumpf 1.1 {
384 switch ( msg[i]->msg_style )
385 {
386 case PAM_PROMPT_ECHO_OFF:
387 //
388 // copy the user password
389 //
390 resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
|
391 kumpf 1.9 strcpy(resp[i]->resp, mydata->userPassword);
|
392 kumpf 1.1 resp[i]->resp_retcode = 0;
393 break;
394
395 default:
|
396 kumpf 1.13 PEG_METHOD_EXIT();
397 return PAM_CONV_ERR;
|
398 kumpf 1.1 }
399 }
400
401 PEG_METHOD_EXIT();
402
403 return PAM_SUCCESS;
404 }
405
|
406 kumpf 1.15 /** Routines to access PAM Authentication via a standalone process **/
407
408 #if defined(PEGASUS_USE_PAM_STANDALONE_PROC)
409
410 int fd_1[2], fd_2[2];
411 Boolean continue_PAMauthentication;
412 Boolean printed_err_since_success=false;
413
|
414 sushma.fernandes 1.29 const String PAMBasicAuthenticatorStandAlone::PAM_OPERATION_SUCCESS = "T";
415
416 const String PAMBasicAuthenticatorStandAlone::OPERATION_PAM_AUTHENTICATION = "A";
417
418 const String PAMBasicAuthenticatorStandAlone::OPERATION_PAM_ACCT_MGMT = "M";
419
|
420 kumpf 1.15 /* constructor. */
421 PAMBasicAuthenticatorStandAlone::PAMBasicAuthenticatorStandAlone()
422 {
423 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
424 "PAMBasicAuthenticatorStandAlone::PAMBasicAuthenticatorStandAlone()");
425
|
426 kumpf 1.28 #if defined(PEGASUS_HAS_SIGNALS)
427 _pid = -1;
428 #endif
429
|
430 kumpf 1.15 _createPAMStandalone();
431
|
432 sushma.fernandes 1.29 SignalHandler::ignore(PEGASUS_SIGPIPE);
433
|
434 kumpf 1.15 PEG_METHOD_EXIT();
435 }
436
437 /* destructor. */
438 PAMBasicAuthenticatorStandAlone::~PAMBasicAuthenticatorStandAlone()
439 {
440 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
441 "PAMBasicAuthenticatorStandAlone::~PAMBasicAuthenticatorStandAlone()");
442
|
443 kumpf 1.28 #if defined(PEGASUS_HAS_SIGNALS)
444 // Harvest the status of the previous standalone process, if any
445 if (_pid != -1)
446 {
447 waitpid(_pid, 0, WNOHANG);
448 _pid = -1;
449 }
450 #endif
451
|
452 kumpf 1.15 PEG_METHOD_EXIT();
453 }
454
455 Boolean PAMBasicAuthenticatorStandAlone::authenticate(
456 const String& userName,
457 const String& password)
458 {
459 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
460 "PAMBasicAuthenticatorStandAlone::authenticate()");
461
|
462 sushma.fernandes 1.29 Boolean authenticated = false;
463
464 // Send over the username ...
465 if (continue_PAMauthentication)
466 {
467 //
468 // On a broken connection, try restarting the authentication process
469 // and resend username.
470 //
471 if (_writeString (userName) ==
472 PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION)
473 {
474 _restartProcess();
475 _writeString (userName);
476 }
477 }
478
479 // Send over the password ...
480 if (continue_PAMauthentication)
481 {
482 _writeString (password);
483 sushma.fernandes 1.29 }
484
485 // Send over the operation code.
486 if (continue_PAMauthentication)
487 {
488 _writeString (OPERATION_PAM_AUTHENTICATION);
489 }
490
491 // Now read back the PAM Authentication status value (T/F)
492 if (continue_PAMauthentication)
493 {
494 if (_readString() == PAM_OPERATION_SUCCESS)
495 {
496 authenticated = true;
497 printed_err_since_success = false;
498 }
499 }
500
501 PEG_METHOD_EXIT();
502 return (authenticated);
503 }
504 sushma.fernandes 1.29
505 Boolean PAMBasicAuthenticatorStandAlone::validateUser(
506 const String& userName)
507 {
508 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
509 "PAMBasicAuthenticatorStandAlone::validateUser()");
|
510 kumpf 1.15
|
511 sushma.fernandes 1.29 Boolean authenticated = false;
|
512 kumpf 1.15
|
513 sushma.fernandes 1.29 // Send over the username ...
514 if (continue_PAMauthentication)
515 {
516 //
517 // On a broken connection, try restarting the authentication process
518 // and resend username.
519 //
520 if (_writeString (userName) ==
521 PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION)
522 {
523 _restartProcess();
524 _writeString(userName);
525 }
526 }
|
527 kumpf 1.15
|
528 sushma.fernandes 1.29 // Send over the password ...
529 if (continue_PAMauthentication)
530 {
531 _writeString(String::EMPTY);
532 }
|
533 kumpf 1.15
|
534 sushma.fernandes 1.29 // Send over the operation code.
535 if (continue_PAMauthentication)
536 {
537 _writeString (OPERATION_PAM_ACCT_MGMT);
|
538 kumpf 1.15 }
|
539 sushma.fernandes 1.29
540 // Now read back the PAM Authentication status value (T/F)
541 if (continue_PAMauthentication)
|
542 kumpf 1.15 {
|
543 sushma.fernandes 1.29 if (_readString() == PAM_OPERATION_SUCCESS)
544 {
545 authenticated = true;
546 printed_err_since_success = false;
547 }
|
548 kumpf 1.15 }
549
550 PEG_METHOD_EXIT();
551 return (authenticated);
552 }
553
|
554 sushma.fernandes 1.29 PAMBasicAuthenticatorStandAlone::_Status
555 PAMBasicAuthenticatorStandAlone::_writeString(const String& text)
556 {
557 char line[BUFFERLEN];
558 int n, ret_code;
559 PAMBasicAuthenticatorStandAlone::_Status status =
560 PAMBasicAuthenticatorStandAlone::SUCCESS;
561
562 CString copy_of_text=text.getCString();
563 n = strlen(copy_of_text);
564
565 sprintf(line, "%4u%s", n, (const char*)copy_of_text);
566 n = strlen(line);
567
568 continue_PAMauthentication = true;
569 ret_code = write(fd_1[1], line, n);
570
571 if (ret_code != n)
572 {
573 continue_PAMauthentication = false;
574 status = PAMBasicAuthenticatorStandAlone::OTHER_ERROR;
575 sushma.fernandes 1.29
576 if (errno == EPIPE)
577 {
578 status = PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION;
579 }
580 if (printed_err_since_success == false)
581 {
582 printed_err_since_success = true;
583 Logger::put(Logger::ERROR_LOG, "CIMServer",
584 Logger::SEVERE,
585 "Error processing PAM Authentication request (write).");
586 }
587 }
588
589 return status;
590 }
591
592
593 void PAMBasicAuthenticatorStandAlone::_restartProcess(void)
594 {
595 _createPAMStandalone();
596 sushma.fernandes 1.29 }
597
598 String PAMBasicAuthenticatorStandAlone::_readString()
599 {
600 char authReply[10];
601
602 authReply[0] = '\0';
|
603 kumpf 1.30 int n = read(fd_2[0], authReply, 2); /* read back the reply */
|
604 sushma.fernandes 1.29
605 if (n < 0)
606 {
607 continue_PAMauthentication = false;
608 if (printed_err_since_success == false)
609 {
610 printed_err_since_success = true;
611 //L10N TODO
612 Logger::put(Logger::ERROR_LOG, "CIMServer",
613 Logger::SEVERE,
614 "Error processing PAM Authentication request (read).");
615 }
616 }
617 else
618 {
619 authReply[n] = '\0';
620 }
621
622 return (String(authReply));
623 }
|
624 kumpf 1.15
625 void PAMBasicAuthenticatorStandAlone::_createPAMStandalone()
626 {
627 pid_t pid;
628
|
629 kumpf 1.28 #if defined(PEGASUS_HAS_SIGNALS)
630 // Harvest the status of the previous standalone process, if any
631 if (_pid != -1)
632 {
633 waitpid(_pid, 0, WNOHANG);
634 _pid = -1;
635 }
636 #endif
637
|
638 kumpf 1.15 continue_PAMauthentication = true;
639 if (pipe(fd_1) < 0) // Pipe to write to authentication proc
640 {
641 continue_PAMauthentication = false;
642 if (printed_err_since_success == false)
643 {
644 printed_err_since_success = true;
645 //L10N TODO
646 Logger::put(Logger::ERROR_LOG, "CIMServer",
647 Logger::SEVERE,
|
648 kumpf 1.28 "Error processing PAM Authentication request (pipe).");
|
649 kumpf 1.15 }
650 }
651 if (continue_PAMauthentication)
652 {
653 if (pipe(fd_2) < 0) // Pipe to read from the authentication proc
654 {
655 continue_PAMauthentication = false;
656 if (printed_err_since_success == false)
657 {
658 printed_err_since_success = true;
659 //L10N TODO
660 Logger::put(Logger::ERROR_LOG, "CIMServer",
661 Logger::SEVERE,
662 "Error processing PAM Authentication request (pipe).");
663 }
664 }
665 }
|
666 sushma.fernandes 1.29
|
667 kumpf 1.15 if (continue_PAMauthentication)
668 {
669 if ((pid = fork()) < 0)
670 {
671 continue_PAMauthentication = false;
672 if (printed_err_since_success == false)
673 {
674 printed_err_since_success = true;
675 //L10N TODO
676 Logger::put(Logger::ERROR_LOG, "CIMServer",
677 Logger::SEVERE,
678 "Error processing PAM Authentication request (fork).");
679 }
680 }
681 else if (pid > 0) // This is the PARENT side of the fork
682 {
683 close(fd_1[0]); // close read end on 1st pipe
684 close(fd_2[1]); // close write end on 2nd pipe
|
685 kumpf 1.28 #if defined(PEGASUS_HAS_SIGNALS)
686 _pid = pid;
687 #endif
|
688 kumpf 1.15 }
689 else // This is the CHILD side of the fork
690 {
691 close(fd_1[1]); // close write end on 1st pipe
692 close(fd_2[0]); // close read end on 2nd pipe
693 if (fd_1[0] != STDIN_FILENO)
694 {
695 if (dup2(fd_1[0], STDIN_FILENO) == -1)
696 {
697 continue_PAMauthentication = false;
698 if (printed_err_since_success == false)
699 {
700 printed_err_since_success = true;
701 //L10N TODO
702 Logger::put(Logger::ERROR_LOG, "CIMServer",
703 Logger::SEVERE,
704 "Error processing PAM Authentication request (dup2).");
705 }
706 }
707 close(fd_1[0]); // don't need this after dup2
708 }
709 kumpf 1.15 if (continue_PAMauthentication)
710 {
711 if (fd_2[1] != STDOUT_FILENO)
712 {
713 if (dup2(fd_2[1], STDOUT_FILENO) == -1)
714 {
715 continue_PAMauthentication = false;
716 if (printed_err_since_success == false)
717 {
718 printed_err_since_success = true;
719 //L10N TODO
720 Logger::put(Logger::ERROR_LOG, "CIMServer",
721 Logger::SEVERE,
722 "Error processing PAM Authentication request (dup2).");
723 }
724 }
725 close(fd_2[1]); // don't need this after dup2
726 }
727 if (continue_PAMauthentication)
728 {
729 //
730 kumpf 1.15 // Get environment variables:
731 //
|
732 kumpf 1.17 String certpath = ConfigManager::getHomedPath(
|
733 kumpf 1.19 PEGASUS_PAM_STANDALONE_PROC_NAME);
|
734 kumpf 1.15 if (execl((const char*)certpath.getCString(),
735 (const char*)certpath.getCString(), (char*)0) < 0)
736 {
737 continue_PAMauthentication = false;
738 if (printed_err_since_success == false)
739 {
740 printed_err_since_success = true;
741 //L10N TODO
742 Logger::put(Logger::ERROR_LOG, "CIMServer",
743 Logger::SEVERE,
744 "Error creating PAM Authentication process (execl).");
745 }
746 exit(0);
747 }
748 }
749 }
750 }
751 }
752 }
753
754 #endif /* if defined(PEGASUS_OS_HPUX) || ... */
755 kumpf 1.15
756
757
758
759
|
760 kumpf 1.1 PEGASUS_NAMESPACE_END
|
761 kumpf 1.15
|
Return to
PAMBasicAuthenticatorUnix.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication