1 kumpf 1.1 //%/////////////////////////////////////////////////////////////////////////////
2 //
|
3 kumpf 1.5 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM,
|
4 kumpf 1.1 // The Open Group, Tivoli Systems
5 //
|
6 kumpf 1.5 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
14 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
16 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
21 kumpf 1.1 //
22 //==============================================================================
23 //
24 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
25 //
26 // Modified By:
27 //
28 //%/////////////////////////////////////////////////////////////////////////////
29
30 #include <Pegasus/Common/System.h>
31 #include <Pegasus/Common/Tracer.h>
32 #include <Pegasus/Common/Destroyer.h>
33 #include <Pegasus/Config/ConfigManager.h>
34
35 #include "PAMBasicAuthenticator.h"
36
37
38 PEGASUS_USING_STD;
39
40 PEGASUS_NAMESPACE_BEGIN
|
41 kumpf 1.3
42 #include <security/pam_appl.h>
|
43 kumpf 1.1
44
45 /**
46 Constant representing the Basic authentication challenge header.
47 */
48 static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";
49
50
51 /** Service name for pam_start */
52 const char *service = "wbem";
53
|
54 kumpf 1.7 char* userPassword = 0;
|
55 kumpf 1.1
56 /* constructor. */
57 PAMBasicAuthenticator::PAMBasicAuthenticator()
58 {
59 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
60 "PAMBasicAuthenticator::PAMBasicAuthenticator()");
61
62 //
63 // get the local system name
64 //
65 _realm.assign(System::getHostName());
66
67 //
68 // get the configured port number
69 //
70 ConfigManager* configManager = ConfigManager::getInstance();
71
|
72 kumpf 1.4 String port = configManager->getCurrentValue("httpPort");
|
73 kumpf 1.1
74 //
75 // Create realm that will be used for Basic challenges
76 //
77 _realm.append(":");
78 _realm.append(port);
79
80 PEG_METHOD_EXIT();
81 }
82
83 /* destructor. */
84 PAMBasicAuthenticator::~PAMBasicAuthenticator()
85 {
86 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
87 "PAMBasicAuthenticator::~PAMBasicAuthenticator()");
88
89 PEG_METHOD_EXIT();
90 }
91
92 Boolean PAMBasicAuthenticator::authenticate(
93 const String& userName,
94 kumpf 1.1 const String& password)
95 {
96 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
97 "PAMBasicAuthenticator::authenticate()");
98
|
99 kumpf 1.2 Boolean authenticated = false;
|
100 kumpf 1.1 struct pam_conv pconv;
101 pam_handle_t *phandle;
102 char *name;
103
104 pconv.conv = PAMBasicAuthenticator::PAMCallback;
105 pconv.appdata_ptr = NULL;
106
|
107 kumpf 1.7 userPassword = (char *)malloc(PAM_MAX_MSG_SIZE);
108 strcpy(userPassword, (const char*) password.getCString());
|
109 kumpf 1.1
110 //
|
111 kumpf 1.2 //Call pam_start since you need to before making any other PAM calls
|
112 kumpf 1.1 //
113 if ( ( pam_start(service,
|
114 kumpf 1.6 (const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS )
|
115 kumpf 1.1 {
|
116 kumpf 1.7 free(userPassword);
|
117 kumpf 1.1 userPassword = 0;
118 PEG_METHOD_EXIT();
119 return (authenticated);
120 }
121
122 //
123 //Call pam_authenticate to authenticate the user
124 //
|
125 kumpf 1.2 if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )
|
126 kumpf 1.1 {
|
127 kumpf 1.2 //
128 //Call pam_acct_mgmt, to check if the user account is valid. This includes
129 //checking for password and account expiration, as well as verifying access
130 //hour restrictions.
131 //
132 if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )
133 {
134 authenticated = true;
135 }
|
136 kumpf 1.1 }
137
138 //
139 //Call pam_end to end our PAM work
140 //
|
141 kumpf 1.2 pam_end(phandle, 0);
|
142 kumpf 1.1
|
143 kumpf 1.7 free(userPassword);
|
144 kumpf 1.1 userPassword = 0;
145 PEG_METHOD_EXIT();
146
147 return (authenticated);
148 }
149
150 //
151 // Create authentication response header
152 //
153 String PAMBasicAuthenticator::getAuthResponseHeader()
154 {
155 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
156 "PAMBasicAuthenticator::getAuthResponseHeader()");
157
158 //
159 // build response header using realm
160 //
161 String responseHeader = BASIC_CHALLENGE_HEADER;
162 responseHeader.append(_realm);
163 responseHeader.append("\"");
164
165 kumpf 1.1 PEG_METHOD_EXIT();
166
167 return (responseHeader);
168 }
169
170 Sint32 PAMBasicAuthenticator::PAMCallback(Sint32 num_msg, struct pam_message **msg,
171 struct pam_response **resp, void *appdata_ptr)
172 {
173 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
174 "PAMBasicAuthenticator::PAMCallback()");
175 //
176 // Allocate the response buffers
177 //
178 if ( num_msg > 0 )
179 {
180 *resp = (struct pam_response *)malloc(sizeof(struct pam_response)*num_msg);
181
182 if ( *resp == NULL )
183 {
184 PEG_METHOD_EXIT();
185 return PAM_BUF_ERR;
186 kumpf 1.1 }
187 }
188 else
189 {
190 PEG_METHOD_EXIT();
191 return PAM_CONV_ERR;
192 }
193
|
194 kumpf 1.2 for ( Uint32 i = 0; i < num_msg; i++ )
|
195 kumpf 1.1 {
196 switch ( msg[i]->msg_style )
197 {
198 case PAM_PROMPT_ECHO_OFF:
199 //
200 // copy the user password
201 //
202 resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
203 strcpy(resp[i]->resp, userPassword);
204 resp[i]->resp_retcode = 0;
205 break;
206
207 default:
208 PEG_METHOD_EXIT();
209 return PAM_CONV_ERR;
210 }
211 }
212
213 PEG_METHOD_EXIT();
214
215 return PAM_SUCCESS;
216 kumpf 1.1 }
217
218 PEGASUS_NAMESPACE_END
|