📄 pambasicauthenticatorunix.cpp
字号:
case PAM_PROMPT_ECHO_OFF: // // copy the user password // resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE); strcpy(resp[i]->resp, mydata->userPassword); resp[i]->resp_retcode = 0; break; default: PEG_METHOD_EXIT(); return PAM_CONV_ERR; } } PEG_METHOD_EXIT(); return PAM_SUCCESS;}/** Routines to access PAM Authentication via a standalone process **/#if defined(PEGASUS_USE_PAM_STANDALONE_PROC)int fd_1[2], fd_2[2];Boolean continue_PAMauthentication;Boolean printed_err_since_success=false;const String PAMBasicAuthenticatorStandAlone::PAM_OPERATION_SUCCESS = "T";const String PAMBasicAuthenticatorStandAlone::OPERATION_PAM_AUTHENTICATION = "A";const String PAMBasicAuthenticatorStandAlone::OPERATION_PAM_ACCT_MGMT = "M";/* constructor. */PAMBasicAuthenticatorStandAlone::PAMBasicAuthenticatorStandAlone(){ PEG_METHOD_ENTER(TRC_AUTHENTICATION, "PAMBasicAuthenticatorStandAlone::PAMBasicAuthenticatorStandAlone()");#if defined(PEGASUS_HAS_SIGNALS) _pid = -1;#endif _createPAMStandalone(); SignalHandler::ignore(PEGASUS_SIGPIPE); PEG_METHOD_EXIT();}/* destructor. */PAMBasicAuthenticatorStandAlone::~PAMBasicAuthenticatorStandAlone(){ PEG_METHOD_ENTER(TRC_AUTHENTICATION, "PAMBasicAuthenticatorStandAlone::~PAMBasicAuthenticatorStandAlone()");#if defined(PEGASUS_HAS_SIGNALS) // Harvest the status of the previous standalone process, if any if (_pid != -1) { waitpid(_pid, 0, WNOHANG); _pid = -1; }#endif PEG_METHOD_EXIT();}Boolean PAMBasicAuthenticatorStandAlone::authenticate( const String& userName, const String& password){ PEG_METHOD_ENTER(TRC_AUTHENTICATION, "PAMBasicAuthenticatorStandAlone::authenticate()"); Boolean authenticated = false; // Send over the username ... if (continue_PAMauthentication) { // // On a broken connection, try restarting the authentication process // and resend username. // if (_writeString (userName) == PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION) { _restartProcess(); _writeString (userName); } } // Send over the password ... if (continue_PAMauthentication) { _writeString (password); } // Send over the operation code. if (continue_PAMauthentication) { _writeString (OPERATION_PAM_AUTHENTICATION); } // Now read back the PAM Authentication status value (T/F) if (continue_PAMauthentication) { if (_readString() == PAM_OPERATION_SUCCESS) { authenticated = true; printed_err_since_success = false; } } PEG_METHOD_EXIT(); return (authenticated);}Boolean PAMBasicAuthenticatorStandAlone::validateUser( const String& userName){ PEG_METHOD_ENTER(TRC_AUTHENTICATION, "PAMBasicAuthenticatorStandAlone::validateUser()"); Boolean authenticated = false; // Send over the username ... if (continue_PAMauthentication) { // // On a broken connection, try restarting the authentication process // and resend username. // if (_writeString (userName) == PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION) { _restartProcess(); _writeString(userName); } } // Send over the password ... if (continue_PAMauthentication) { _writeString(String::EMPTY); } // Send over the operation code. if (continue_PAMauthentication) { _writeString (OPERATION_PAM_ACCT_MGMT); } // Now read back the PAM Authentication status value (T/F) if (continue_PAMauthentication) { if (_readString() == PAM_OPERATION_SUCCESS) { authenticated = true; printed_err_since_success = false; } } PEG_METHOD_EXIT(); return (authenticated);}PAMBasicAuthenticatorStandAlone::_Status PAMBasicAuthenticatorStandAlone::_writeString(const String& text){ char line[BUFFERLEN]; int n, ret_code; PAMBasicAuthenticatorStandAlone::_Status status = PAMBasicAuthenticatorStandAlone::SUCCESS; CString copy_of_text=text.getCString(); n = strlen(copy_of_text); sprintf(line, "%4u%s", n, (const char*)copy_of_text); n = strlen(line); continue_PAMauthentication = true; ret_code = write(fd_1[1], line, n); if (ret_code != n) { continue_PAMauthentication = false; status = PAMBasicAuthenticatorStandAlone::OTHER_ERROR; if (errno == EPIPE) { status = PAMBasicAuthenticatorStandAlone::BROKEN_CONNECTION; } if (printed_err_since_success == false) { printed_err_since_success = true; Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (write)."); } } return status;}void PAMBasicAuthenticatorStandAlone::_restartProcess(void){ _createPAMStandalone();}String PAMBasicAuthenticatorStandAlone::_readString(){ char authReply[10]; authReply[0] = '\0'; int n = read(fd_2[0], authReply, 2); /* read back the reply */ if (n < 0) { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (read)."); } } else { authReply[n] = '\0'; } return (String(authReply));}void PAMBasicAuthenticatorStandAlone::_createPAMStandalone(){ pid_t pid;#if defined(PEGASUS_HAS_SIGNALS) // Harvest the status of the previous standalone process, if any if (_pid != -1) { waitpid(_pid, 0, WNOHANG); _pid = -1; }#endif continue_PAMauthentication = true; if (pipe(fd_1) < 0) // Pipe to write to authentication proc { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (pipe)."); } } if (continue_PAMauthentication) { if (pipe(fd_2) < 0) // Pipe to read from the authentication proc { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (pipe)."); } } } if (continue_PAMauthentication) { if ((pid = fork()) < 0) { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (fork)."); } } else if (pid > 0) // This is the PARENT side of the fork { close(fd_1[0]); // close read end on 1st pipe close(fd_2[1]); // close write end on 2nd pipe#if defined(PEGASUS_HAS_SIGNALS) _pid = pid;#endif } else // This is the CHILD side of the fork { // Direct standard error to /dev/null, // since we are running as a daemon. close(2); open("/dev/null", O_RDWR); close(fd_1[1]); // close write end on 1st pipe close(fd_2[0]); // close read end on 2nd pipe if (fd_1[0] != STDIN_FILENO) { if (dup2(fd_1[0], STDIN_FILENO) == -1) { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (dup2)."); } } close(fd_1[0]); // don't need this after dup2 } if (continue_PAMauthentication) { if (fd_2[1] != STDOUT_FILENO) { if (dup2(fd_2[1], STDOUT_FILENO) == -1) { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error processing PAM Authentication request (dup2)."); } } close(fd_2[1]); // don't need this after dup2 } if (continue_PAMauthentication) { // // Get environment variables: // String certpath = ConfigManager::getHomedPath( PEGASUS_PAM_STANDALONE_PROC_NAME); if (execl((const char*)certpath.getCString(), (const char*)certpath.getCString(), (char*)0) < 0) { continue_PAMauthentication = false; if (printed_err_since_success == false) { printed_err_since_success = true; //L10N TODO Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, "Error creating PAM Authentication process (execl)."); } exit(0); } } } } }}#endif /* if defined(PEGASUS_OS_HPUX) || ... */PEGASUS_NAMESPACE_END⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -