1 | /* Copyright © 2005-2007 Roger Leigh <rleigh@debian.org> |
---|
2 | * |
---|
3 | * schroot is free software: you can redistribute it and/or modify it |
---|
4 | * under the terms of the GNU General Public License as published by |
---|
5 | * the Free Software Foundation, either version 3 of the License, or |
---|
6 | * (at your option) any later version. |
---|
7 | * |
---|
8 | * schroot is distributed in the hope that it will be useful, but |
---|
9 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
11 | * General Public License for more details. |
---|
12 | * |
---|
13 | * You should have received a copy of the GNU General Public License |
---|
14 | * along with this program. If not, see |
---|
15 | * <http://www.gnu.org/licenses/>. |
---|
16 | * |
---|
17 | *********************************************************************/ |
---|
18 | |
---|
19 | #include <config.h> |
---|
20 | |
---|
21 | #include "sbuild-auth-null.h" |
---|
22 | |
---|
23 | #include <cassert> |
---|
24 | #include <cerrno> |
---|
25 | #include <cstdlib> |
---|
26 | #include <cstring> |
---|
27 | #include <iostream> |
---|
28 | #include <sstream> |
---|
29 | |
---|
30 | #include <syslog.h> |
---|
31 | |
---|
32 | #include <boost/format.hpp> |
---|
33 | |
---|
34 | using std::cerr; |
---|
35 | using std::endl; |
---|
36 | using boost::format; |
---|
37 | using namespace sbuild; |
---|
38 | |
---|
39 | auth_null::auth_null (std::string const& service_name): |
---|
40 | auth(service_name), |
---|
41 | initialised(false), |
---|
42 | auth_environment() |
---|
43 | { |
---|
44 | } |
---|
45 | |
---|
46 | auth_null::~auth_null () |
---|
47 | { |
---|
48 | // Shutdown PAM. |
---|
49 | try |
---|
50 | { |
---|
51 | stop(); |
---|
52 | } |
---|
53 | catch (error const& e) |
---|
54 | { |
---|
55 | sbuild::log_exception_error(e); |
---|
56 | } |
---|
57 | } |
---|
58 | |
---|
59 | auth::ptr |
---|
60 | auth_null::create (std::string const& service_name) |
---|
61 | { |
---|
62 | return ptr(new auth_null(service_name)); |
---|
63 | } |
---|
64 | |
---|
65 | environment |
---|
66 | auth_null::get_auth_environment () const |
---|
67 | { |
---|
68 | return get_minimal_environment(); |
---|
69 | } |
---|
70 | |
---|
71 | void |
---|
72 | auth_null::start () |
---|
73 | { |
---|
74 | assert(!this->user.empty()); |
---|
75 | |
---|
76 | if (this->initialised) |
---|
77 | { |
---|
78 | log_debug(DEBUG_CRITICAL) |
---|
79 | << "pam_start FAIL (already initialised)" << endl; |
---|
80 | throw error("Init PAM", PAM_DOUBLE_INIT); |
---|
81 | } |
---|
82 | |
---|
83 | this->initialised = true; |
---|
84 | } |
---|
85 | |
---|
86 | void |
---|
87 | auth_null::stop () |
---|
88 | { |
---|
89 | this->initialised = false; |
---|
90 | } |
---|
91 | |
---|
92 | void |
---|
93 | auth_null::authenticate (status auth_status) |
---|
94 | { |
---|
95 | assert(this->initialised); // PAM must be initialised |
---|
96 | |
---|
97 | switch (auth_status) |
---|
98 | { |
---|
99 | case STATUS_NONE: |
---|
100 | break; |
---|
101 | |
---|
102 | case STATUS_USER: |
---|
103 | throw error(AUTHENTICATION, strerror(ENOTSUP)); |
---|
104 | break; |
---|
105 | |
---|
106 | case STATUS_FAIL: |
---|
107 | { |
---|
108 | log_debug(DEBUG_INFO) << "PAM auth premature FAIL" << endl; |
---|
109 | syslog(LOG_AUTH|LOG_WARNING, |
---|
110 | "%s->%s Unauthorised", |
---|
111 | this->ruser.c_str(), this->user.c_str()); |
---|
112 | error e(AUTHORISATION); |
---|
113 | // TRANSLATORS: %1% = program name (PAM service name) |
---|
114 | std::string reason(_("You do not have permission to access the %1% service.")); |
---|
115 | reason += '\n'; |
---|
116 | reason += _("This failure will be reported."); |
---|
117 | format fmt(reason); |
---|
118 | fmt % this->service; |
---|
119 | e.set_reason(fmt.str()); |
---|
120 | throw e; |
---|
121 | } |
---|
122 | default: |
---|
123 | break; |
---|
124 | } |
---|
125 | } |
---|
126 | |
---|
127 | bool |
---|
128 | auth_null::is_initialised () const |
---|
129 | { |
---|
130 | return this->initialised; |
---|
131 | } |
---|