[24167] | 1 | /* Copyright © 2005-2007 Roger Leigh <rleigh@debian.org> |
---|
| 2 | * |
---|
| 3 | * schroot is free software: you can redistribute it and/or modify it |
---|
| 4 | * under the terms of the GNU General Public License as published by |
---|
| 5 | * the Free Software Foundation, either version 3 of the License, or |
---|
| 6 | * (at your option) any later version. |
---|
| 7 | * |
---|
| 8 | * schroot is distributed in the hope that it will be useful, but |
---|
| 9 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
| 11 | * General Public License for more details. |
---|
| 12 | * |
---|
| 13 | * You should have received a copy of the GNU General Public License |
---|
| 14 | * along with this program. If not, see |
---|
| 15 | * <http://www.gnu.org/licenses/>. |
---|
| 16 | * |
---|
| 17 | *********************************************************************/ |
---|
| 18 | |
---|
| 19 | #ifndef SBUILD_AUTH_PAM_CONV_TTY_H |
---|
| 20 | #define SBUILD_AUTH_PAM_CONV_TTY_H |
---|
| 21 | |
---|
| 22 | #include <sbuild/sbuild-auth-pam-conv.h> |
---|
| 23 | #include <sbuild/sbuild-auth.h> |
---|
| 24 | #include <sbuild/sbuild-custom-error.h> |
---|
| 25 | |
---|
| 26 | #include <security/pam_appl.h> |
---|
| 27 | #include <security/pam_misc.h> |
---|
| 28 | |
---|
| 29 | namespace sbuild |
---|
| 30 | { |
---|
| 31 | /** |
---|
| 32 | * @brief Authentication conversation handler for terminal devices. |
---|
| 33 | * |
---|
| 34 | * This class is an implementation of the auth_pam_conv interface, |
---|
| 35 | * and is used to interact with the user on a terminal (TTY) |
---|
| 36 | * interface. |
---|
| 37 | * |
---|
| 38 | * In order to implement timeouts, this class uses alarm(2). This |
---|
| 39 | * has some important implications. Global state is modified by the |
---|
| 40 | * object, so only one may be used at once in a single process. In |
---|
| 41 | * addition, no other part of the process may set or unset the |
---|
| 42 | * SIGALRM handlers and the alarm(2) timer during the time PAM |
---|
| 43 | * authentication is proceeding. |
---|
| 44 | */ |
---|
| 45 | class auth_pam_conv_tty : public auth_pam_conv |
---|
| 46 | { |
---|
| 47 | public: |
---|
| 48 | /// Error codes. |
---|
| 49 | enum error_code |
---|
| 50 | { |
---|
| 51 | CTTY, ///< No controlling terminal. |
---|
| 52 | TIMEOUT, ///< Timed out. |
---|
| 53 | TIMEOUT_PENDING, ///< Time is running out... |
---|
| 54 | TERMIOS, ///< Failed to get terminal settings. |
---|
| 55 | CONV_TYPE ///< Unsupported conversation type. |
---|
| 56 | }; |
---|
| 57 | |
---|
| 58 | /// Exception type. |
---|
| 59 | typedef custom_error<error_code> error; |
---|
| 60 | |
---|
| 61 | private: |
---|
| 62 | /** |
---|
| 63 | * The constructor. |
---|
| 64 | * |
---|
| 65 | * @param auth The authentication object this conversation handler |
---|
| 66 | * will be associated with. |
---|
| 67 | */ |
---|
| 68 | auth_pam_conv_tty (auth_ptr auth); |
---|
| 69 | |
---|
| 70 | public: |
---|
| 71 | /// The destructor. |
---|
| 72 | virtual ~auth_pam_conv_tty (); |
---|
| 73 | |
---|
| 74 | /** |
---|
| 75 | * Create an auth_pam_conv_tty object. |
---|
| 76 | * |
---|
| 77 | * @param auth The authentication object this conversation handler |
---|
| 78 | * will be associated with. |
---|
| 79 | */ |
---|
| 80 | static ptr |
---|
| 81 | create (auth_ptr auth); |
---|
| 82 | |
---|
| 83 | virtual auth_ptr |
---|
| 84 | get_auth (); |
---|
| 85 | |
---|
| 86 | virtual void |
---|
| 87 | set_auth (auth_ptr auth); |
---|
| 88 | |
---|
| 89 | virtual time_t |
---|
| 90 | get_warning_timeout (); |
---|
| 91 | |
---|
| 92 | virtual void |
---|
| 93 | set_warning_timeout (time_t timeout); |
---|
| 94 | |
---|
| 95 | virtual time_t |
---|
| 96 | get_fatal_timeout (); |
---|
| 97 | |
---|
| 98 | virtual void |
---|
| 99 | set_fatal_timeout (time_t timeout); |
---|
| 100 | |
---|
| 101 | virtual void |
---|
| 102 | conversation (auth_pam_conv::message_list& messages); |
---|
| 103 | |
---|
| 104 | private: |
---|
| 105 | /** |
---|
| 106 | * @brief Get the time delay before the next SIGALRM signal. |
---|
| 107 | * |
---|
| 108 | * If either the warning timeout or the fatal timeout have |
---|
| 109 | * expired, a message to notify the user is printed to stderr. If |
---|
| 110 | * the fatal timeout is reached, an exception is thrown. |
---|
| 111 | * |
---|
| 112 | * @returns the delay in seconds, or 0 if no delay is set. |
---|
| 113 | */ |
---|
| 114 | int get_delay (); |
---|
| 115 | |
---|
| 116 | /** |
---|
| 117 | * @brief Read user input from standard input. |
---|
| 118 | * |
---|
| 119 | * The prompt message is printed to prompt the user for input. If |
---|
| 120 | * echo is true, the user input it echoed back to the terminal, |
---|
| 121 | * but if false, echoing is suppressed using termios(3). |
---|
| 122 | * |
---|
| 123 | * If the SIGALRM timer expires while waiting for input, this is |
---|
| 124 | * handled by re-checking the delay time which will warn the user |
---|
| 125 | * or cause the input routine to terminate if the fatal timeout |
---|
| 126 | * has expired. |
---|
| 127 | * |
---|
| 128 | * @param message the message to prompt the user for input. |
---|
| 129 | * @param echo echo user input to screen. |
---|
| 130 | * @returns a string, which is empty on failure. |
---|
| 131 | */ |
---|
| 132 | std::string |
---|
| 133 | read_string (std::string message, |
---|
| 134 | bool echo); |
---|
| 135 | |
---|
| 136 | /// The auth object. |
---|
| 137 | weak_auth_ptr auth; |
---|
| 138 | /// The time to warn at. |
---|
| 139 | time_t warning_timeout; |
---|
| 140 | /// The time to end at. |
---|
| 141 | time_t fatal_timeout; |
---|
| 142 | /// The time the current delay was obtained at. |
---|
| 143 | time_t start_time; |
---|
| 144 | }; |
---|
| 145 | |
---|
| 146 | } |
---|
| 147 | |
---|
| 148 | #endif /* SBUILD_AUTH_PAM_CONV_TTY_H */ |
---|
| 149 | |
---|
| 150 | /* |
---|
| 151 | * Local Variables: |
---|
| 152 | * mode:C++ |
---|
| 153 | * End: |
---|
| 154 | */ |
---|