sbuild
1.6.10
|
Authentication handler. More...
#include <sbuild-auth-pam.h>
Public Member Functions | |
virtual | ~auth_pam () |
The destructor. | |
virtual environment | get_auth_environment () const |
Get the PAM environment. More... | |
auth_pam_conv::ptr & | get_conv () |
Get the conversation handler. More... | |
void | set_conv (auth_pam_conv::ptr &conv) |
Set the conversation handler. More... | |
virtual void | start () |
Start the PAM system. More... | |
virtual void | stop () |
Stop the PAM system. More... | |
virtual void | authenticate (status auth_status) |
Perform PAM authentication. More... | |
virtual void | setupenv () |
Import the user environment into PAM. More... | |
virtual void | account () |
Do PAM account management (authorisation). More... | |
virtual void | cred_establish () |
Use PAM to establish credentials. More... | |
virtual void | cred_delete () |
Use PAM to delete credentials. More... | |
virtual void | open_session () |
Open a PAM session. More... | |
virtual void | close_session () |
Close a PAM session. More... | |
virtual bool | is_initialised () const |
Check if PAM is initialised (i.e. More... | |
![]() | |
virtual | ~auth () |
The destructor. | |
std::string const & | get_service () const |
Get the PAM service name. More... | |
uid_t | get_uid () const |
Get the uid of the user. More... | |
gid_t | get_gid () const |
Get the gid of the user. More... | |
std::string const & | get_user () const |
Get the name of the user. More... | |
void | set_user (uid_t uid) |
Set the name of the user. More... | |
void | set_user (std::string const &user) |
Set the name of the user. More... | |
string_list const & | get_command () const |
Get the command to run in the session. More... | |
void | set_command (string_list const &command) |
Set the command to run in the session. More... | |
std::string const & | get_home () const |
Get the home directory. More... | |
std::string const & | get_wd () const |
Get the working directory. More... | |
void | set_wd (std::string const &wd) |
Set the working directory. More... | |
std::string const & | get_shell () const |
Get the name of the shell. More... | |
environment const & | get_user_environment () const |
Get the user environment to use in the session. More... | |
void | set_user_environment (char **environment) |
Set the user environment to use in the session. More... | |
void | set_user_environment (environment const &environment) |
Set the user environment to use in the session. More... | |
environment | get_minimal_environment () const |
Get the minimal environment. More... | |
environment | get_complete_environment () const |
Get the complete environment. More... | |
uid_t | get_ruid () const |
Get the "remote uid" of the user. More... | |
gid_t | get_rgid () const |
Get the "remote gid" of the user. More... | |
std::string const & | get_ruser () const |
Get the "remote" name of the user. More... | |
void | set_ruser (uid_t ruid) |
Set the "remote" name of the user. More... | |
void | set_ruser (std::string const &ruser) |
Set the "remote" name of the user. More... | |
std::string const & | get_rgroup () const |
Get the "remote" name of the group. More... | |
Static Public Member Functions | |
static auth::ptr | create (std::string const &service_name) |
Create an auth_pam object. More... | |
![]() | |
static status | change_auth (status oldauth, status newauth) |
Set new authentication status. More... | |
Private Member Functions | |
auth_pam (std::string const &service_name) | |
The constructor. More... | |
const char * | pam_strerror (int pam_error) |
Get a description of a PAM error. More... | |
Private Attributes | |
pam_handle_t * | pam |
The PAM handle. | |
auth_pam_conv::ptr | conv |
The PAM conversation handler. | |
Additional Inherited Members | |
![]() | |
enum | status { STATUS_NONE, STATUS_USER, STATUS_FAIL } |
Authentication status. More... | |
enum | error_code { HOSTNAME, USER, GROUP, AUTHENTICATION, AUTHORISATION, PAM_DOUBLE_INIT, PAM, PAM_END } |
Error codes. More... | |
typedef custom_error< error_code > | error |
Exception type. | |
typedef std::shared_ptr< auth > | ptr |
A shared_ptr to a auth object. | |
![]() | |
auth (std::string const &service_name) | |
The constructor. More... | |
void | set_user (passwd const &pwent) |
Set the name of the user. More... | |
void | set_ruser (passwd const &rpwent) |
Set the "remote" name of the user. More... | |
![]() | |
const std::string | service |
The PAM service name. | |
uid_t | uid |
The uid to run as. | |
gid_t | gid |
The gid to run as. | |
std::string | user |
The user name to run as. | |
string_list | command |
The command to run. | |
std::string | home |
The home directory. | |
std::string | wd |
The directory to run in. | |
std::string | shell |
The user shell to run. | |
environment | user_environment |
The user environment to set. | |
uid_t | ruid |
The uid requesting authentication. | |
gid_t | rgid |
The gid requesting authentication. | |
std::string | ruser |
The user name requesting authentication. | |
std::string | rgroup |
The group name requesting authentication. | |
Authentication handler.
auth_pam handles user authentication, authorisation and session management using the Pluggable Authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.
|
private |
The constructor.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
Referenced by create().
|
virtual |
Do PAM account management (authorisation).
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
virtual |
Perform PAM authentication.
If auth_status is set to AUTH_USER, the user will be prompted to authenticate themselves. If auth_status is AUTH_NONE, no authentication is required, and if AUTH_FAIL, authentication will fail.
An error will be thrown on failure.
auth_status | initial authentication status. |
Reimplemented from sbuild::auth.
References sbuild::_(), sbuild::auth::AUTHENTICATION, sbuild::auth::AUTHORISATION, sbuild::DEBUG_CRITICAL, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::HOSTNAME, sbuild::log_debug(), sbuild::auth::PAM, pam, pam_strerror(), sbuild::auth::ruser, sbuild::auth::service, sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, and sbuild::auth::STATUS_USER.
|
virtual |
Close a PAM session.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
static |
Create an auth_pam object.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
References auth_pam().
|
virtual |
Use PAM to delete credentials.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
virtual |
Use PAM to establish credentials.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
virtual |
Get the PAM environment.
This is the environment as set by PAM modules.
Implements sbuild::auth.
References pam.
auth_pam_conv::ptr & auth_pam::get_conv | ( | ) |
|
virtual |
Check if PAM is initialised (i.e.
start has been called).
Implements sbuild::auth.
References pam.
|
virtual |
Open a PAM session.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
private |
Get a description of a PAM error.
pam_error | the PAM error number. |
References pam.
Referenced by account(), authenticate(), close_session(), cred_delete(), cred_establish(), open_session(), setupenv(), and start().
void auth_pam::set_conv | ( | auth_pam_conv::ptr & | conv | ) |
Set the conversation handler.
conv | a shared pointer to the conversation handler. |
References conv.
|
virtual |
Import the user environment into PAM.
If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME.
An error will be thrown on failure.
Note that the environment is not sanitised in any way. This is the responsibility of the user.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::get_minimal_environment(), sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
|
virtual |
Start the PAM system.
No other PAM functions may be called before calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_CRITICAL, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, sbuild::auth::PAM_DOUBLE_INIT, pam_strerror(), and sbuild::auth::service.
|
virtual |
Stop the PAM system.
No other PAM functions may be used after calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), pam, and sbuild::auth::PAM_END.
Referenced by ~auth_pam().