(file) Return to PAMBasicAuthenticatorUnix.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication 
  1 kumpf 1.1 //%/////////////////////////////////////////////////////////////////////////////
  2           //

  3 kumpf 1.5 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM,

  4 kumpf 1.1 // The Open Group, Tivoli Systems
  5           //

  6 kumpf 1.5 // Permission is hereby granted, free of charge, to any person obtaining a copy
  7           // of this software and associated documentation files (the "Software"), to
  8           // deal in the Software without restriction, including without limitation the
  9           // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 10           // sell copies of the Software, and to permit persons to whom the Software is
 11           // furnished to do so, subject to the following conditions:
 12           // 
 13           // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
 14           // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
 15           // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 16           // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 17           // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 18           // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 19           // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 20           // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

 21 kumpf 1.1 //
 22           //==============================================================================
 23           //
 24           // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
 25           //
 26           // Modified By:
 27           //
 28           //%/////////////////////////////////////////////////////////////////////////////
 29           
 30           #include <Pegasus/Common/System.h>
 31           #include <Pegasus/Common/Tracer.h>
 32           #include <Pegasus/Common/Destroyer.h>
 33           #include <Pegasus/Config/ConfigManager.h>
 34           
 35           #include "PAMBasicAuthenticator.h"
 36           
 37           
 38           PEGASUS_USING_STD;
 39           
 40           PEGASUS_NAMESPACE_BEGIN

 41 kumpf 1.3 
 42           #include <security/pam_appl.h>

 43 kumpf 1.1 
 44           
 45           /**
 46               Constant representing the Basic authentication challenge header.
 47           */
 48           static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";
 49           
 50           
 51           /** Service name for pam_start */
 52           const char *service = "wbem";
 53           

 54 kumpf 1.7 char* userPassword = 0;

 55 kumpf 1.1 
 56           /* constructor. */
 57           PAMBasicAuthenticator::PAMBasicAuthenticator() 
 58           { 
 59               PEG_METHOD_ENTER(TRC_AUTHENTICATION,
 60                   "PAMBasicAuthenticator::PAMBasicAuthenticator()");
 61           
 62               //
 63               // get the local system name
 64               //
 65               _realm.assign(System::getHostName());
 66           
 67               //
 68               // get the configured port number
 69               //
 70               ConfigManager* configManager = ConfigManager::getInstance();
 71           

 72 kumpf 1.4     String port = configManager->getCurrentValue("httpPort");

 73 kumpf 1.1 
 74               //
 75               // Create realm that will be used for Basic challenges
 76               //
 77               _realm.append(":");
 78               _realm.append(port);
 79           
 80               PEG_METHOD_EXIT();
 81           }
 82           
 83           /* destructor. */
 84           PAMBasicAuthenticator::~PAMBasicAuthenticator() 
 85           { 
 86               PEG_METHOD_ENTER(TRC_AUTHENTICATION,
 87                   "PAMBasicAuthenticator::~PAMBasicAuthenticator()");
 88           
 89               PEG_METHOD_EXIT();
 90           }
 91           
 92           Boolean PAMBasicAuthenticator::authenticate(
 93               const String& userName, 
 94 kumpf 1.1     const String& password) 
 95           {
 96               PEG_METHOD_ENTER(TRC_AUTHENTICATION,
 97                   "PAMBasicAuthenticator::authenticate()");
 98           

 99 kumpf 1.2     Boolean authenticated = false;

100 kumpf 1.1     struct pam_conv pconv;
101               pam_handle_t *phandle;
102               char *name;
103           
104               pconv.conv = PAMBasicAuthenticator::PAMCallback;
105               pconv.appdata_ptr = NULL;
106           

107 kumpf 1.7     userPassword = (char *)malloc(PAM_MAX_MSG_SIZE);
108               strcpy(userPassword, (const char*) password.getCString());

109 kumpf 1.1 
110               //

111 kumpf 1.2     //Call pam_start since you need to before making any other PAM calls

112 kumpf 1.1     //
113               if ( ( pam_start(service, 

114 kumpf 1.6         (const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS ) 

115 kumpf 1.1     {

116 kumpf 1.7         free(userPassword);

117 kumpf 1.1         userPassword = 0;
118                   PEG_METHOD_EXIT();
119                   return (authenticated);
120               }
121           
122               //
123               //Call pam_authenticate to authenticate the user
124               //

125 kumpf 1.2     if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS ) 

126 kumpf 1.1     {

127 kumpf 1.2         //
128                   //Call pam_acct_mgmt, to check if the user account is valid. This includes 
129                   //checking for password and account expiration, as well as verifying access 
130                   //hour restrictions.
131                   //
132                   if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS ) 
133                   {
134                       authenticated = true;
135                   }

136 kumpf 1.1     }
137           
138               //
139               //Call pam_end to end our PAM work
140               //

141 kumpf 1.2     pam_end(phandle, 0);

142 kumpf 1.1 

143 kumpf 1.7     free(userPassword);

144 kumpf 1.1     userPassword = 0;
145               PEG_METHOD_EXIT();
146           
147               return (authenticated);
148           }
149           
150           //
151           // Create authentication response header
152           //
153           String PAMBasicAuthenticator::getAuthResponseHeader()
154           {
155               PEG_METHOD_ENTER(TRC_AUTHENTICATION,
156                   "PAMBasicAuthenticator::getAuthResponseHeader()");
157           
158               // 
159               // build response header using realm
160               //
161               String responseHeader = BASIC_CHALLENGE_HEADER;
162               responseHeader.append(_realm);
163               responseHeader.append("\"");
164           
165 kumpf 1.1     PEG_METHOD_EXIT();
166           
167               return (responseHeader);
168           }
169           
170           Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, struct pam_message **msg,
171                   struct pam_response **resp, void *appdata_ptr)
172           {
173               PEG_METHOD_ENTER(TRC_AUTHENTICATION,
174                   "PAMBasicAuthenticator::PAMCallback()");
175               // 
176               // Allocate the response buffers 
177               // 
178               if ( num_msg > 0 ) 
179               {
180                   *resp = (struct pam_response *)malloc(sizeof(struct pam_response)*num_msg);
181           
182                   if ( *resp == NULL ) 
183                   {
184                       PEG_METHOD_EXIT();
185                       return PAM_BUF_ERR;
186 kumpf 1.1         }
187               } 
188               else 
189               {
190                   PEG_METHOD_EXIT();
191                   return PAM_CONV_ERR;
192               }
193           

194 kumpf 1.2     for ( Uint32 i = 0; i < num_msg; i++ ) 

195 kumpf 1.1     {
196                   switch ( msg[i]->msg_style ) 
197                   {
198                       case PAM_PROMPT_ECHO_OFF:
199                           // 
200                           // copy the user password
201                           // 
202                           resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
203                           strcpy(resp[i]->resp, userPassword);
204                           resp[i]->resp_retcode = 0;
205                           break;
206           
207                       default:
208                           PEG_METHOD_EXIT();
209                           return PAM_CONV_ERR;
210                   }
211               }
212           
213               PEG_METHOD_EXIT();
214           
215               return PAM_SUCCESS;
216 kumpf 1.1 }
217           
218           PEGASUS_NAMESPACE_END
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2