sbuild  1.6.10
sbuild-auth.h
1 /* Copyright © 2005-2007 Roger Leigh <rleigh@debian.org>
2  *
3  * schroot is free software: you can redistribute it and/or modify it
4  * under the terms of the GNU General Public License as published by
5  * the Free Software Foundation, either version 3 of the License, or
6  * (at your option) any later version.
7  *
8  * schroot is distributed in the hope that it will be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11  * General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program. If not, see
15  * <http://www.gnu.org/licenses/>.
16  *
17  *********************************************************************/
18 
19 #ifndef SBUILD_AUTH_H
20 #define SBUILD_AUTH_H
21 
22 #include <sbuild/sbuild-config.h>
23 #include <sbuild/sbuild-custom-error.h>
24 #include <sbuild/sbuild-environment.h>
25 #include <sbuild/sbuild-types.h>
26 #include <sbuild/sbuild-util.h>
27 #include <sbuild/sbuild-tr1types.h>
28 
29 #include <string>
30 
31 #include <sys/types.h>
32 #include <sys/wait.h>
33 #include <grp.h>
34 #include <pwd.h>
35 #include <unistd.h>
36 
37 namespace sbuild
38 {
39 
69  class auth
70  {
71  public:
73  enum status
74  {
78  };
79 
82  {
84  USER,
89  PAM,
91  };
92 
95 
97  typedef std::shared_ptr<auth> ptr;
98 
99  protected:
108  auth (std::string const& service_name);
109 
110  public:
114  virtual ~auth ();
115 
121  std::string const&
122  get_service () const;
123 
131  uid_t
132  get_uid () const;
133 
141  gid_t
142  get_gid () const;
143 
150  std::string const&
151  get_user () const;
152 
163  void
164  set_user (uid_t uid);
165 
176  void
177  set_user (std::string const& user);
178 
179  protected:
190  void
191  set_user (passwd const& pwent);
192 
193  public:
201  string_list const&
202  get_command () const;
203 
210  void
212 
219  std::string const&
220  get_home () const;
221 
228  std::string const&
229  get_wd () const;
230 
237  void
238  set_wd (std::string const& wd);
239 
248  std::string const&
249  get_shell () const;
250 
256  environment const&
257  get_user_environment () const;
258 
265  void
267 
273  void
275 
283  get_minimal_environment () const;
284 
293  get_complete_environment () const;
294 
301  virtual environment
302  get_auth_environment () const = 0;
303 
310  uid_t
311  get_ruid () const;
312 
319  gid_t
320  get_rgid () const;
321 
328  std::string const&
329  get_ruser () const;
330 
341  void
342  set_ruser (uid_t ruid);
343 
354  void
355  set_ruser (std::string const& ruser);
356 
357  protected:
368  void
369  set_ruser (passwd const& rpwent);
370  public:
371 
378  std::string const&
379  get_rgroup () const;
380 
387  virtual void
388  start ();
389 
396  virtual void
397  stop ();
398 
411  virtual void
412  authenticate (status auth_status);
413 
424  virtual void
425  setupenv ();
426 
432  virtual void
433  account ();
434 
440  virtual void
441  cred_establish ();
442 
448  virtual void
449  cred_delete ();
450 
456  virtual void
457  open_session ();
458 
464  virtual void
465  close_session ();
466 
476  static status
477  change_auth (status oldauth,
478  status newauth)
479  {
480  /* Ensure auth level always escalates. */
481  if (newauth > oldauth)
482  return newauth;
483  else
484  return oldauth;
485  }
486 
491  virtual bool
492  is_initialised () const = 0;
493 
494  protected:
496  const std::string service;
498  uid_t uid;
500  gid_t gid;
502  std::string user;
506  std::string home;
508  std::string wd;
510  std::string shell;
514  uid_t ruid;
516  gid_t rgid;
518  std::string ruser;
520  std::string rgroup;
521  };
522 
523 }
524 
525 #endif /* SBUILD_AUTH_H */
526 
527 /*
528  * Local Variables:
529  * mode:C++
530  * End:
531  */
std::string const & get_home() const
Get the home directory.
Definition: sbuild-auth.cc:238
string_list command
The command to run.
Definition: sbuild-auth.h:504
std::string home
The home directory.
Definition: sbuild-auth.h:506
TR1 type substitution.
Debian source builder components.
Definition: sbuild-auth-null.h:24
environment const & get_user_environment() const
Get the user environment to use in the session.
Definition: sbuild-auth.cc:262
auth(std::string const &service_name)
The constructor.
Definition: sbuild-auth.cc:72
std::string rgroup
The group name requesting authentication.
Definition: sbuild-auth.h:520
PAM error.
Definition: sbuild-auth.h:89
void set_wd(std::string const &wd)
Set the working directory.
Definition: sbuild-auth.cc:250
std::string user
The user name to run as.
Definition: sbuild-auth.h:502
virtual void setupenv()
Import the user environment into PAM.
Definition: sbuild-auth.cc:372
virtual void stop()
Stop the PAM system.
Definition: sbuild-auth.cc:362
gid_t get_gid() const
Get the gid of the user.
Definition: sbuild-auth.cc:170
gid_t get_rgid() const
Get the "remote gid" of the user.
Definition: sbuild-auth.cc:339
virtual void start()
Start the PAM system.
Definition: sbuild-auth.cc:357
Authentication handler.
Definition: sbuild-auth.h:69
virtual environment get_auth_environment() const =0
Get the PAM environment.
Container of environment variables.
Definition: sbuild-environment.h:38
const std::string service
The PAM service name.
Definition: sbuild-auth.h:496
void set_user_environment(char **environment)
Set the user environment to use in the session.
Definition: sbuild-auth.cc:268
string_list const & get_command() const
Get the command to run in the session.
Definition: sbuild-auth.cc:226
Authentication is required by the user.
Definition: sbuild-auth.h:76
uid_t uid
The uid to run as.
Definition: sbuild-auth.h:498
std::string ruser
The user name requesting authentication.
Definition: sbuild-auth.h:518
gid_t gid
The gid to run as.
Definition: sbuild-auth.h:500
void set_ruser(uid_t ruid)
Set the "remote" name of the user.
Definition: sbuild-auth.cc:113
void set_user(uid_t uid)
Set the name of the user.
Definition: sbuild-auth.cc:182
Authentication is not required.
Definition: sbuild-auth.h:75
uid_t get_uid() const
Get the uid of the user.
Definition: sbuild-auth.cc:164
std::string shell
The user shell to run.
Definition: sbuild-auth.h:510
PAM failed to shut down cleanly.
Definition: sbuild-auth.h:90
std::string const & get_service() const
Get the PAM service name.
Definition: sbuild-auth.cc:107
uid_t ruid
The uid requesting authentication.
Definition: sbuild-auth.h:514
environment get_complete_environment() const
Get the complete environment.
Definition: sbuild-auth.cc:313
std::string const & get_wd() const
Get the working directory.
Definition: sbuild-auth.cc:244
std::string wd
The directory to run in.
Definition: sbuild-auth.h:508
std::vector< std::string > string_list
A string vector.
Definition: sbuild-types.h:38
Custom error.
Definition: sbuild-custom-error.h:32
static status change_auth(status oldauth, status newauth)
Set new authentication status.
Definition: sbuild-auth.h:477
Authentication has failed.
Definition: sbuild-auth.h:77
virtual void authenticate(status auth_status)
Perform PAM authentication.
Definition: sbuild-auth.cc:367
environment get_minimal_environment() const
Get the minimal environment.
Definition: sbuild-auth.cc:280
uid_t get_ruid() const
Get the "remote uid" of the user.
Definition: sbuild-auth.cc:333
virtual void open_session()
Open a PAM session.
Definition: sbuild-auth.cc:392
virtual void cred_delete()
Use PAM to delete credentials.
Definition: sbuild-auth.cc:387
status
Authentication status.
Definition: sbuild-auth.h:73
std::string const & get_shell() const
Get the name of the shell.
Definition: sbuild-auth.cc:256
Authentication failed.
Definition: sbuild-auth.h:86
virtual void close_session()
Close a PAM session.
Definition: sbuild-auth.cc:397
System passwd database entry.
Definition: sbuild-util.h:718
error_code
Error codes.
Definition: sbuild-auth.h:81
std::shared_ptr< auth > ptr
A shared_ptr to a auth object.
Definition: sbuild-auth.h:97
virtual bool is_initialised() const =0
Check if PAM is initialised (i.e.
environment user_environment
The user environment to set.
Definition: sbuild-auth.h:512
User not found.
Definition: sbuild-auth.h:84
PAM was already initialised.
Definition: sbuild-auth.h:88
Authorisation failed.
Definition: sbuild-auth.h:87
std::string const & get_rgroup() const
Get the "remote" name of the group.
Definition: sbuild-auth.cc:351
gid_t rgid
The gid requesting authentication.
Definition: sbuild-auth.h:516
virtual void account()
Do PAM account management (authorisation).
Definition: sbuild-auth.cc:377
std::string const & get_ruser() const
Get the "remote" name of the user.
Definition: sbuild-auth.cc:345
Group not found.
Definition: sbuild-auth.h:85
std::string const & get_user() const
Get the name of the user.
Definition: sbuild-auth.cc:176
virtual ~auth()
The destructor.
Definition: sbuild-auth.cc:93
custom_error< error_code > error
Exception type.
Definition: sbuild-auth.h:94
void set_command(string_list const &command)
Set the command to run in the session.
Definition: sbuild-auth.cc:232
virtual void cred_establish()
Use PAM to establish credentials.
Definition: sbuild-auth.cc:382
Failed to get hostname.
Definition: sbuild-auth.h:83