~drizzle-trunk/drizzle/development : contents of plugin/auth_pam/auth

~drizzle-trunk/drizzle/development : (revision 2475)

1122.2.2 by Monty Taylor Added missing copyright headers. Added drizzled/global.h to a few things that	1	/* -- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; --
	2	* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
	3	*
1999.6.1 by kalebral at gmail update Copyright strings to a more common format to help with creating the master debian copyright file	4	* Copyright (C) 2009 Sun Microsystems, Inc.
1122.2.2 by Monty Taylor Added missing copyright headers. Added drizzled/global.h to a few things that	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; version 2 of the License.
	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with this program; if not, write to the Free Software
	17	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	18	*/
	19
259 by Brian Aker First pass on PAM auth	20	/*
1122.2.2 by Monty Taylor Added missing copyright headers. Added drizzled/global.h to a few things that	21	Sections of this were taken/modified from mod_auth_path for Apache
	22	@TODO: License?
259 by Brian Aker First pass on PAM auth	23	*/
243.1.18 by Jay Pipes Changed to include all the server definitions (use server_includes.h	24
2173.2.1 by Monty Taylor Fixes incorrect usage of include	25	#include <config.h>
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	26
2462.1.1 by Brian Aker Fix Fedora 16 build issues	27	#include <drizzled/identifier.h>
	28	#include <drizzled/plugin/authentication.h>
	29
259 by Brian Aker First pass on PAM auth	30	#include <security/pam_appl.h>
1022.2.7 by Monty Taylor Blind stab in the dark...	31	#if !defined(__sun) && !defined(__FreeBSD__)
259 by Brian Aker First pass on PAM auth	32	#include <security/pam_misc.h>
139.1.18 by Trond Norbye Don't include security/pam_misc.h on Solaris	33	#endif
259 by Brian Aker First pass on PAM auth	34
1280.1.10 by Monty Taylor Put everything in drizzled into drizzled namespace.	35	using namespace drizzled;
	36
259 by Brian Aker First pass on PAM auth	37	typedef struct {
	38	const char *name;
	39	const char *password;
	40	} auth_pam_userinfo;
	41
779.3.23 by Monty Taylor More fixy-fixes.	42	extern "C"
779.3.24 by Monty Taylor Fixed solaris fixes on linux again.	43	int auth_pam_talker(int num_msg,
	44	#ifdef __sun
	45	struct pam_message **msg,
	46	#else
	47	const struct pam_message **msg,
	48	#endif
	49	struct pam_response **resp,
	50	void *appdata_ptr);
	51
	52	int auth_pam_talker(int num_msg,
	53	#ifdef __sun
	54	struct pam_message **msg,
	55	#else
	56	const struct pam_message **msg,
	57	#endif
	58	struct pam_response **resp,
	59	void *appdata_ptr)
259 by Brian Aker First pass on PAM auth	60	{
	61	auth_pam_userinfo userinfo = (auth_pam_userinfo)appdata_ptr;
	62	struct pam_response *response = 0;
	63
	64	/* parameter sanity checking */
2203.2.1 by Brian Aker Have us start building pam on all servers, but do not load it by default.	65	if(not resp \|\| not msg \|\| not userinfo)
259 by Brian Aker First pass on PAM auth	66	return PAM_CONV_ERR;
	67
	68	/* allocate memory to store response */
	69	response= (struct pam_response)malloc(num_msg sizeof(struct pam_response));
	70
	71	/* copy values */
2203.2.1 by Brian Aker Have us start building pam on all servers, but do not load it by default.	72	for(int x= 0; x < num_msg; x++)
259 by Brian Aker First pass on PAM auth	73	{
	74	/* initialize to safe values */
	75	response[x].resp_retcode= 0;
	76	response[x].resp= 0;
	77
	78	/* select response based on requested output style */
660.1.3 by Eric Herman removed trailing whitespace with simple script:	79	switch(msg[x]->msg_style)
259 by Brian Aker First pass on PAM auth	80	{
	81	case PAM_PROMPT_ECHO_ON:
	82	/* on memory allocation failure, auth fails */
	83	response[x].resp = strdup(userinfo->name);
	84	break;
	85	case PAM_PROMPT_ECHO_OFF:
	86	response[x].resp = strdup(userinfo->password);
	87	break;
	88	default:
2353.3.1 by Mark Atwood fix cppcheck redundantIfDelete0 warnings. It is safe to deallocate a NULL pointer	89	free(response);
259 by Brian Aker First pass on PAM auth	90	return PAM_CONV_ERR;
	91	}
	92	}
	93
	94	/* everything okay, set PAM response values */
	95	*resp = response;
	96
	97	return PAM_SUCCESS;
	98	}
	99
1130.1.1 by Monty Taylor Merged in plugin-slot-reorg patches.	100	class Auth_pam : public drizzled::plugin::Authentication
259 by Brian Aker First pass on PAM auth	101	{
942.1.14 by Monty Taylor Changed authentication_st to class Authentication.	102	public:
1130.2.6 by Monty Taylor Merged in latest plugin-slot-reorg.	103	Auth_pam(std::string name_arg)
	104	: drizzled::plugin::Authentication(name_arg) {}
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	105	virtual bool authenticate(const identifier::User &sctx,
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	106	const std::string &password)
942.1.14 by Monty Taylor Changed authentication_st to class Authentication.	107	{
	108	int retval;
	109	auth_pam_userinfo userinfo= { NULL, NULL };
	110	struct pam_conv conv_info= { &auth_pam_talker, (void*)&userinfo };
	111	pam_handle_t *pamh= NULL;
	112
2008.1.1 by Brian Aker Adding user identifier that makes use of a shared ptr to handle concurrency	113	userinfo.name= sctx.username().c_str();
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	114	userinfo.password= password.c_str();
942.1.14 by Monty Taylor Changed authentication_st to class Authentication.	115
1337.4.9 by Eric Day Changed auth_pam service name to 'drizzle', see bug #484069.	116	retval= pam_start("drizzle", userinfo.name, &conv_info, &pamh);
942.1.14 by Monty Taylor Changed authentication_st to class Authentication.	117
	118	if (retval == PAM_SUCCESS)
	119	retval= pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
	120
	121	if (retval == PAM_SUCCESS)
	122	retval= pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK);
	123
	124	pam_end(pamh, retval);
	125
	126	return (retval == PAM_SUCCESS) ? true: false;
	127	}
	128	};
	129
259 by Brian Aker First pass on PAM auth	130
1130.1.1 by Monty Taylor Merged in plugin-slot-reorg patches.	131	static Auth_pam *auth= NULL;
971.1.51 by Monty Taylor New-style plugin registration now works.	132
1530.2.6 by Monty Taylor Moved plugin::Context to module::Context.	133	static int initialize(drizzled::module::Context &context)
259 by Brian Aker First pass on PAM auth	134	{
1130.2.6 by Monty Taylor Merged in latest plugin-slot-reorg.	135	auth= new Auth_pam("auth_pam");
1324.2.2 by Monty Taylor Use the plugin::Context everywhere.	136	context.add(auth);
259 by Brian Aker First pass on PAM auth	137	return 0;
	138	}
	139
1228.1.5 by Monty Taylor Merged in some naming things.	140	DRIZZLE_DECLARE_PLUGIN
259 by Brian Aker First pass on PAM auth	141	{
1241.10.2 by Monty Taylor Added support for embedding the drizzle version number in the plugin file.	142	DRIZZLE_VERSION_ID,
259 by Brian Aker First pass on PAM auth	143	"pam",
	144	"0.1",
	145	"Brian Aker",
	146	"PAM based authenication.",
	147	PLUGIN_LICENSE_GPL,
	148	initialize, /* Plugin Init */
2095.3.1 by Monty Taylor Re-purpose the old plugin sysvar slot in the struct to be a depends list.	149	NULL, /* depends */
259 by Brian Aker First pass on PAM auth	150	NULL /* config options */
259 by Brian Aker First pass on PAM auth	151	}
1228.1.5 by Monty Taylor Merged in some naming things.	152	DRIZZLE_DECLARE_PLUGIN_END;