|
1122.2.2
by Monty Taylor
Added missing copyright headers. Added drizzled/global.h to a few things that |
1 |
/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
|
2 |
* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
|
|
3 |
*
|
|
4 |
* Copyright (C) 2009 Sun Microsystems
|
|
5 |
*
|
|
6 |
* This program is free software; you can redistribute it and/or modify
|
|
7 |
* it under the terms of the GNU General Public License as published by
|
|
8 |
* the Free Software Foundation; version 2 of the License.
|
|
9 |
*
|
|
10 |
* This program is distributed in the hope that it will be useful,
|
|
11 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
13 |
* GNU General Public License for more details.
|
|
14 |
*
|
|
15 |
* You should have received a copy of the GNU General Public License
|
|
16 |
* along with this program; if not, write to the Free Software
|
|
17 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
18 |
*/
|
|
19 |
||
|
259
by Brian Aker
First pass on PAM auth |
20 |
/*
|
|
1122.2.2
by Monty Taylor
Added missing copyright headers. Added drizzled/global.h to a few things that |
21 |
Sections of this were taken/modified from mod_auth_path for Apache
|
22 |
@TODO: License?
|
|
|
259
by Brian Aker
First pass on PAM auth |
23 |
*/
|
|
243.1.18
by Jay Pipes
Changed to include all the server definitions (use server_includes.h |
24 |
|
|
1241.9.36
by Monty Taylor
ZOMG. I deleted drizzled/server_includes.h. |
25 |
#include "config.h" |
|
1317.1.3
by Monty Taylor
Fixed Authentication plugin interface to use SecurityContext rather than the |
26 |
|
|
259
by Brian Aker
First pass on PAM auth |
27 |
#include <security/pam_appl.h> |
|
1022.2.7
by Monty Taylor
Blind stab in the dark... |
28 |
#if !defined(__sun) && !defined(__FreeBSD__)
|
|
259
by Brian Aker
First pass on PAM auth |
29 |
#include <security/pam_misc.h> |
|
139.1.18
by Trond Norbye
Don't include security/pam_misc.h on Solaris |
30 |
#endif
|
|
259
by Brian Aker
First pass on PAM auth |
31 |
|
|
1317.1.3
by Monty Taylor
Fixed Authentication plugin interface to use SecurityContext rather than the |
32 |
#include "drizzled/security_context.h" |
33 |
#include "drizzled/plugin/authentication.h" |
|
34 |
||
|
1280.1.10
by Monty Taylor
Put everything in drizzled into drizzled namespace. |
35 |
using namespace drizzled; |
36 |
||
|
259
by Brian Aker
First pass on PAM auth |
37 |
typedef struct { |
38 |
const char *name; |
|
39 |
const char *password; |
|
40 |
} auth_pam_userinfo; |
|
41 |
||
|
779.3.23
by Monty Taylor
More fixy-fixes. |
42 |
extern "C" |
|
779.3.24
by Monty Taylor
Fixed solaris fixes on linux again. |
43 |
int auth_pam_talker(int num_msg, |
44 |
#ifdef __sun
|
|
45 |
struct pam_message **msg, |
|
46 |
#else
|
|
47 |
const struct pam_message **msg, |
|
48 |
#endif
|
|
49 |
struct pam_response **resp, |
|
50 |
void *appdata_ptr); |
|
51 |
||
52 |
int auth_pam_talker(int num_msg, |
|
53 |
#ifdef __sun
|
|
54 |
struct pam_message **msg, |
|
55 |
#else
|
|
56 |
const struct pam_message **msg, |
|
57 |
#endif
|
|
58 |
struct pam_response **resp, |
|
59 |
void *appdata_ptr) |
|
|
259
by Brian Aker
First pass on PAM auth |
60 |
{
|
61 |
auth_pam_userinfo *userinfo = (auth_pam_userinfo*)appdata_ptr; |
|
62 |
struct pam_response *response = 0; |
|
63 |
int x; |
|
64 |
||
65 |
/* parameter sanity checking */
|
|
66 |
if(!resp || !msg || !userinfo) |
|
67 |
return PAM_CONV_ERR; |
|
68 |
||
69 |
/* allocate memory to store response */
|
|
70 |
response= (struct pam_response*)malloc(num_msg * sizeof(struct pam_response)); |
|
71 |
if(!response) |
|
72 |
return PAM_CONV_ERR; |
|
73 |
||
74 |
/* copy values */
|
|
|
660.1.3
by Eric Herman
removed trailing whitespace with simple script: |
75 |
for(x= 0; x < num_msg; x++) |
|
259
by Brian Aker
First pass on PAM auth |
76 |
{
|
77 |
/* initialize to safe values */
|
|
78 |
response[x].resp_retcode= 0; |
|
79 |
response[x].resp= 0; |
|
80 |
||
81 |
/* select response based on requested output style */
|
|
|
660.1.3
by Eric Herman
removed trailing whitespace with simple script: |
82 |
switch(msg[x]->msg_style) |
|
259
by Brian Aker
First pass on PAM auth |
83 |
{
|
84 |
case PAM_PROMPT_ECHO_ON: |
|
85 |
/* on memory allocation failure, auth fails */
|
|
86 |
response[x].resp = strdup(userinfo->name); |
|
87 |
break; |
|
88 |
case PAM_PROMPT_ECHO_OFF: |
|
89 |
response[x].resp = strdup(userinfo->password); |
|
90 |
break; |
|
91 |
default: |
|
92 |
if(response) |
|
93 |
free(response); |
|
94 |
return PAM_CONV_ERR; |
|
95 |
}
|
|
96 |
}
|
|
97 |
||
98 |
/* everything okay, set PAM response values */
|
|
99 |
*resp = response; |
|
100 |
||
101 |
return PAM_SUCCESS; |
|
102 |
}
|
|
103 |
||
|
1130.1.1
by Monty Taylor
Merged in plugin-slot-reorg patches. |
104 |
class Auth_pam : public drizzled::plugin::Authentication |
|
259
by Brian Aker
First pass on PAM auth |
105 |
{
|
|
942.1.14
by Monty Taylor
Changed authentication_st to class Authentication. |
106 |
public: |
|
1130.2.6
by Monty Taylor
Merged in latest plugin-slot-reorg. |
107 |
Auth_pam(std::string name_arg) |
108 |
: drizzled::plugin::Authentication(name_arg) {} |
|
|
1317.1.3
by Monty Taylor
Fixed Authentication plugin interface to use SecurityContext rather than the |
109 |
virtual bool authenticate(const SecurityContext &sctx, |
110 |
const std::string &password) |
|
|
942.1.14
by Monty Taylor
Changed authentication_st to class Authentication. |
111 |
{
|
112 |
int retval; |
|
113 |
auth_pam_userinfo userinfo= { NULL, NULL }; |
|
114 |
struct pam_conv conv_info= { &auth_pam_talker, (void*)&userinfo }; |
|
115 |
pam_handle_t *pamh= NULL; |
|
116 |
||
|
1317.1.3
by Monty Taylor
Fixed Authentication plugin interface to use SecurityContext rather than the |
117 |
userinfo.name= sctx.getUser().c_str(); |
118 |
userinfo.password= password.c_str(); |
|
|
942.1.14
by Monty Taylor
Changed authentication_st to class Authentication. |
119 |
|
|
1337.4.9
by Eric Day
Changed auth_pam service name to 'drizzle', see bug #484069. |
120 |
retval= pam_start("drizzle", userinfo.name, &conv_info, &pamh); |
|
942.1.14
by Monty Taylor
Changed authentication_st to class Authentication. |
121 |
|
122 |
if (retval == PAM_SUCCESS) |
|
123 |
retval= pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK); |
|
124 |
||
125 |
if (retval == PAM_SUCCESS) |
|
126 |
retval= pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK); |
|
127 |
||
128 |
pam_end(pamh, retval); |
|
129 |
||
130 |
return (retval == PAM_SUCCESS) ? true: false; |
|
131 |
}
|
|
132 |
};
|
|
133 |
||
|
259
by Brian Aker
First pass on PAM auth |
134 |
|
|
1130.1.1
by Monty Taylor
Merged in plugin-slot-reorg patches. |
135 |
static Auth_pam *auth= NULL; |
|
971.1.51
by Monty Taylor
New-style plugin registration now works. |
136 |
|
|
1530.2.6
by Monty Taylor
Moved plugin::Context to module::Context. |
137 |
static int initialize(drizzled::module::Context &context) |
|
259
by Brian Aker
First pass on PAM auth |
138 |
{
|
|
1130.2.6
by Monty Taylor
Merged in latest plugin-slot-reorg. |
139 |
auth= new Auth_pam("auth_pam"); |
|
1324.2.2
by Monty Taylor
Use the plugin::Context everywhere. |
140 |
context.add(auth); |
|
259
by Brian Aker
First pass on PAM auth |
141 |
return 0; |
142 |
}
|
|
143 |
||
|
1228.1.5
by Monty Taylor
Merged in some naming things. |
144 |
DRIZZLE_DECLARE_PLUGIN
|
|
259
by Brian Aker
First pass on PAM auth |
145 |
{
|
|
1241.10.2
by Monty Taylor
Added support for embedding the drizzle version number in the plugin file. |
146 |
DRIZZLE_VERSION_ID, |
|
259
by Brian Aker
First pass on PAM auth |
147 |
"pam", |
148 |
"0.1", |
|
149 |
"Brian Aker", |
|
150 |
"PAM based authenication.", |
|
151 |
PLUGIN_LICENSE_GPL, |
|
152 |
initialize, /* Plugin Init */ |
|
153 |
NULL, /* system variables */ |
|
154 |
NULL /* config options */ |
|
155 |
}
|
|
|
1228.1.5
by Monty Taylor
Merged in some naming things. |
156 |
DRIZZLE_DECLARE_PLUGIN_END; |