[24167] | 1 | /* Copyright © 2005-2007 Roger Leigh <rleigh@debian.org> |
---|
| 2 | * |
---|
| 3 | * schroot is free software: you can redistribute it and/or modify it |
---|
| 4 | * under the terms of the GNU General Public License as published by |
---|
| 5 | * the Free Software Foundation, either version 3 of the License, or |
---|
| 6 | * (at your option) any later version. |
---|
| 7 | * |
---|
| 8 | * schroot is distributed in the hope that it will be useful, but |
---|
| 9 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
| 11 | * General Public License for more details. |
---|
| 12 | * |
---|
| 13 | * You should have received a copy of the GNU General Public License |
---|
| 14 | * along with this program. If not, see |
---|
| 15 | * <http://www.gnu.org/licenses/>. |
---|
| 16 | * |
---|
| 17 | *********************************************************************/ |
---|
| 18 | |
---|
| 19 | #ifndef SBUILD_AUTH_PAM_H |
---|
| 20 | #define SBUILD_AUTH_PAM_H |
---|
| 21 | |
---|
| 22 | #include <sbuild/sbuild-auth.h> |
---|
| 23 | #include <sbuild/sbuild-auth-pam-conv.h> |
---|
| 24 | |
---|
| 25 | #include <security/pam_appl.h> |
---|
| 26 | |
---|
| 27 | namespace sbuild |
---|
| 28 | { |
---|
| 29 | |
---|
| 30 | /** |
---|
| 31 | * Authentication handler. |
---|
| 32 | * |
---|
| 33 | * auth_pam handles user authentication, authorisation and session |
---|
| 34 | * management using the Pluggable Authentication Modules (PAM) |
---|
| 35 | * library. It is essentially an object-oriented wrapper around PAM. |
---|
| 36 | */ |
---|
| 37 | class auth_pam : public auth |
---|
| 38 | { |
---|
| 39 | private: |
---|
| 40 | /** |
---|
| 41 | * The constructor. |
---|
| 42 | * |
---|
| 43 | * @param service_name the PAM service name. This should be a |
---|
| 44 | * hard-coded constant string literal for safety and security. |
---|
| 45 | * This is passed to pam_start() when initialising PAM, and is |
---|
| 46 | * used to load the correct configuration file from /etc/pam.d. |
---|
| 47 | */ |
---|
| 48 | auth_pam (std::string const& service_name); |
---|
| 49 | |
---|
| 50 | public: |
---|
| 51 | /** |
---|
| 52 | * The destructor. |
---|
| 53 | */ |
---|
| 54 | virtual ~auth_pam (); |
---|
| 55 | |
---|
| 56 | /** |
---|
| 57 | * Create an auth_pam object. |
---|
| 58 | * |
---|
| 59 | * @param service_name the PAM service name. This should be a |
---|
| 60 | * hard-coded constant string literal for safety and security. |
---|
| 61 | * This is passed to pam_start() when initialising PAM, and is |
---|
| 62 | * used to load the correct configuration file from /etc/pam.d. |
---|
| 63 | */ |
---|
| 64 | static auth::ptr |
---|
| 65 | create (std::string const& service_name); |
---|
| 66 | |
---|
| 67 | virtual environment |
---|
| 68 | get_auth_environment () const; |
---|
| 69 | |
---|
| 70 | auth_pam_conv::ptr& |
---|
| 71 | get_conv (); |
---|
| 72 | |
---|
| 73 | void |
---|
| 74 | set_conv (auth_pam_conv::ptr& conv); |
---|
| 75 | |
---|
| 76 | virtual void |
---|
| 77 | start (); |
---|
| 78 | |
---|
| 79 | virtual void |
---|
| 80 | stop (); |
---|
| 81 | |
---|
| 82 | virtual void |
---|
| 83 | authenticate (status auth_status); |
---|
| 84 | |
---|
| 85 | virtual void |
---|
| 86 | setupenv (); |
---|
| 87 | |
---|
| 88 | virtual void |
---|
| 89 | account (); |
---|
| 90 | |
---|
| 91 | virtual void |
---|
| 92 | cred_establish (); |
---|
| 93 | |
---|
| 94 | virtual void |
---|
| 95 | cred_delete (); |
---|
| 96 | |
---|
| 97 | virtual void |
---|
| 98 | open_session (); |
---|
| 99 | |
---|
| 100 | virtual void |
---|
| 101 | close_session (); |
---|
| 102 | |
---|
| 103 | /** |
---|
| 104 | * Check if PAM is initialised (i.e. start has been called). |
---|
| 105 | * @returns true if initialised, otherwise false. |
---|
| 106 | */ |
---|
| 107 | virtual bool |
---|
| 108 | is_initialised () const; |
---|
| 109 | |
---|
| 110 | private: |
---|
| 111 | /** |
---|
| 112 | * Get a description of a PAM error. |
---|
| 113 | * |
---|
| 114 | * @param pam_error the PAM error number. |
---|
| 115 | * @returns the description. |
---|
| 116 | */ |
---|
| 117 | const char * |
---|
| 118 | pam_strerror (int pam_error); |
---|
| 119 | |
---|
| 120 | /// The PAM handle. |
---|
| 121 | pam_handle_t *pam; |
---|
| 122 | /// The PAM conversation handler. |
---|
| 123 | auth_pam_conv::ptr conv; |
---|
| 124 | }; |
---|
| 125 | |
---|
| 126 | } |
---|
| 127 | |
---|
| 128 | #endif /* SBUILD_AUTH_PAM_H */ |
---|
| 129 | |
---|
| 130 | /* |
---|
| 131 | * Local Variables: |
---|
| 132 | * mode:C++ |
---|
| 133 | * End: |
---|
| 134 | */ |
---|