1 | /* Copyright © 2005-2007 Roger Leigh <rleigh@debian.org> |
---|
2 | * |
---|
3 | * schroot is free software: you can redistribute it and/or modify it |
---|
4 | * under the terms of the GNU General Public License as published by |
---|
5 | * the Free Software Foundation, either version 3 of the License, or |
---|
6 | * (at your option) any later version. |
---|
7 | * |
---|
8 | * schroot is distributed in the hope that it will be useful, but |
---|
9 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
11 | * General Public License for more details. |
---|
12 | * |
---|
13 | * You should have received a copy of the GNU General Public License |
---|
14 | * along with this program. If not, see |
---|
15 | * <http://www.gnu.org/licenses/>. |
---|
16 | * |
---|
17 | *********************************************************************/ |
---|
18 | |
---|
19 | #ifndef SBUILD_AUTH_PAM_CONV_TTY_H |
---|
20 | #define SBUILD_AUTH_PAM_CONV_TTY_H |
---|
21 | |
---|
22 | #include <sbuild/sbuild-auth-pam-conv.h> |
---|
23 | #include <sbuild/sbuild-auth.h> |
---|
24 | #include <sbuild/sbuild-custom-error.h> |
---|
25 | |
---|
26 | #include <security/pam_appl.h> |
---|
27 | #include <security/pam_misc.h> |
---|
28 | |
---|
29 | namespace sbuild |
---|
30 | { |
---|
31 | /** |
---|
32 | * @brief Authentication conversation handler for terminal devices. |
---|
33 | * |
---|
34 | * This class is an implementation of the auth_pam_conv interface, |
---|
35 | * and is used to interact with the user on a terminal (TTY) |
---|
36 | * interface. |
---|
37 | * |
---|
38 | * In order to implement timeouts, this class uses alarm(2). This |
---|
39 | * has some important implications. Global state is modified by the |
---|
40 | * object, so only one may be used at once in a single process. In |
---|
41 | * addition, no other part of the process may set or unset the |
---|
42 | * SIGALRM handlers and the alarm(2) timer during the time PAM |
---|
43 | * authentication is proceeding. |
---|
44 | */ |
---|
45 | class auth_pam_conv_tty : public auth_pam_conv |
---|
46 | { |
---|
47 | public: |
---|
48 | /// Error codes. |
---|
49 | enum error_code |
---|
50 | { |
---|
51 | CTTY, ///< No controlling terminal. |
---|
52 | TIMEOUT, ///< Timed out. |
---|
53 | TIMEOUT_PENDING, ///< Time is running out... |
---|
54 | TERMIOS, ///< Failed to get terminal settings. |
---|
55 | CONV_TYPE ///< Unsupported conversation type. |
---|
56 | }; |
---|
57 | |
---|
58 | /// Exception type. |
---|
59 | typedef custom_error<error_code> error; |
---|
60 | |
---|
61 | private: |
---|
62 | /** |
---|
63 | * The constructor. |
---|
64 | * |
---|
65 | * @param auth The authentication object this conversation handler |
---|
66 | * will be associated with. |
---|
67 | */ |
---|
68 | auth_pam_conv_tty (auth_ptr auth); |
---|
69 | |
---|
70 | public: |
---|
71 | /// The destructor. |
---|
72 | virtual ~auth_pam_conv_tty (); |
---|
73 | |
---|
74 | /** |
---|
75 | * Create an auth_pam_conv_tty object. |
---|
76 | * |
---|
77 | * @param auth The authentication object this conversation handler |
---|
78 | * will be associated with. |
---|
79 | */ |
---|
80 | static ptr |
---|
81 | create (auth_ptr auth); |
---|
82 | |
---|
83 | virtual auth_ptr |
---|
84 | get_auth (); |
---|
85 | |
---|
86 | virtual void |
---|
87 | set_auth (auth_ptr auth); |
---|
88 | |
---|
89 | virtual time_t |
---|
90 | get_warning_timeout (); |
---|
91 | |
---|
92 | virtual void |
---|
93 | set_warning_timeout (time_t timeout); |
---|
94 | |
---|
95 | virtual time_t |
---|
96 | get_fatal_timeout (); |
---|
97 | |
---|
98 | virtual void |
---|
99 | set_fatal_timeout (time_t timeout); |
---|
100 | |
---|
101 | virtual void |
---|
102 | conversation (auth_pam_conv::message_list& messages); |
---|
103 | |
---|
104 | private: |
---|
105 | /** |
---|
106 | * @brief Get the time delay before the next SIGALRM signal. |
---|
107 | * |
---|
108 | * If either the warning timeout or the fatal timeout have |
---|
109 | * expired, a message to notify the user is printed to stderr. If |
---|
110 | * the fatal timeout is reached, an exception is thrown. |
---|
111 | * |
---|
112 | * @returns the delay in seconds, or 0 if no delay is set. |
---|
113 | */ |
---|
114 | int get_delay (); |
---|
115 | |
---|
116 | /** |
---|
117 | * @brief Read user input from standard input. |
---|
118 | * |
---|
119 | * The prompt message is printed to prompt the user for input. If |
---|
120 | * echo is true, the user input it echoed back to the terminal, |
---|
121 | * but if false, echoing is suppressed using termios(3). |
---|
122 | * |
---|
123 | * If the SIGALRM timer expires while waiting for input, this is |
---|
124 | * handled by re-checking the delay time which will warn the user |
---|
125 | * or cause the input routine to terminate if the fatal timeout |
---|
126 | * has expired. |
---|
127 | * |
---|
128 | * @param message the message to prompt the user for input. |
---|
129 | * @param echo echo user input to screen. |
---|
130 | * @returns a string, which is empty on failure. |
---|
131 | */ |
---|
132 | std::string |
---|
133 | read_string (std::string message, |
---|
134 | bool echo); |
---|
135 | |
---|
136 | /// The auth object. |
---|
137 | weak_auth_ptr auth; |
---|
138 | /// The time to warn at. |
---|
139 | time_t warning_timeout; |
---|
140 | /// The time to end at. |
---|
141 | time_t fatal_timeout; |
---|
142 | /// The time the current delay was obtained at. |
---|
143 | time_t start_time; |
---|
144 | }; |
---|
145 | |
---|
146 | } |
---|
147 | |
---|
148 | #endif /* SBUILD_AUTH_PAM_CONV_TTY_H */ |
---|
149 | |
---|
150 | /* |
---|
151 | * Local Variables: |
---|
152 | * mode:C++ |
---|
153 | * End: |
---|
154 | */ |
---|