source: trunk/debathena/third/schroot/sbuild/sbuild-auth.cc @ 24167

Revision 24167, 6.2 KB checked in by broder, 15 years ago (diff)
Import schroot upstream into subversion.
Line 
1/* Copyright © 2005-2007  Roger Leigh <rleigh@debian.org>
2 *
3 * schroot is free software: you can redistribute it and/or modify it
4 * under the terms of the GNU General Public License as published by
5 * the Free Software Foundation, either version 3 of the License, or
6 * (at your option) any later version.
7 *
8 * schroot is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
11 * General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program.  If not, see
15 * <http://www.gnu.org/licenses/>.
16 *
17 *********************************************************************/
18
19#include <config.h>
20
21#include "sbuild-auth.h"
22#include "sbuild-util.h"
23
24#include <cassert>
25#include <cerrno>
26#include <cstdlib>
27#include <cstring>
28#include <iostream>
29#include <sstream>
30
31#include <syslog.h>
32
33#include <boost/format.hpp>
34
35using std::cerr;
36using std::endl;
37using boost::format;
38using namespace sbuild;
39
40namespace
41{
42
43  typedef std::pair<sbuild::auth::error_code,const char *> emap;
44
45  /**
46   * This is a list of the supported error codes.  It's used to
47   * construct the real error codes map.
48   */
49  emap init_errors[] =
50    {
51      emap(auth::HOSTNAME,        N_("Failed to get hostname")),
52      // TRANSLATORS: %1% = user name or user ID
53      emap(auth::USER,            N_("User '%1%' not found")),
54      // TRANSLATORS: %1% = group name or group ID
55      emap(auth::GROUP,           N_("Group '%1%' not found")),
56      emap(auth::AUTHENTICATION,  N_("Authentication failed")),
57      emap(auth::AUTHORISATION,   N_("Access not authorised")),
58      emap(auth::PAM_DOUBLE_INIT, N_("PAM is already initialised")),
59      emap(auth::PAM,             N_("PAM error"))
60    };
61
62}
63
64template<>
65error<auth::error_code>::map_type
66error<auth::error_code>::error_strings
67(init_errors,
68 init_errors + (sizeof(init_errors) / sizeof(init_errors[0])));
69
70auth::auth (std::string const& service_name):
71  service(service_name),
72  uid(0),
73  gid(0),
74  user(),
75  command(),
76  home(),
77  wd(),
78  shell(),
79  user_environment(),
80  ruid(),
81  rgid(),
82  ruser(),
83  rgroup(),
84  message_verbosity(VERBOSITY_NORMAL)
85{
86  this->ruid = getuid();
87  this->rgid = getgid();
88  passwd pwent(this->ruid);
89  if (!pwent)
90    {
91      if (errno)
92        throw error(this->ruid, USER, strerror(errno));
93      else
94        throw error(this->ruid, USER);
95    }
96  this->ruser = pwent.pw_name;
97
98  group grent(this->rgid);
99  if (!grent)
100    {
101      if (errno)
102        throw error(this->ruid, GROUP, strerror(errno));
103      else
104        throw error(this->ruid, GROUP);
105    }
106  this->rgroup = grent.gr_name;
107
108  /* By default, the auth user is the same as the remote user. */
109  set_user(this->ruser);
110}
111
112auth::~auth ()
113{
114  // Shutdown PAM.
115  try
116    {
117      stop();
118    }
119  catch (error const& e)
120    {
121      sbuild::log_exception_error(e);
122    }
123}
124
125std::string const&
126auth::get_service () const
127{
128  return this->service;
129}
130
131uid_t
132auth::get_uid () const
133{
134  return this->uid;
135}
136
137gid_t
138auth::get_gid () const
139{
140  return this->gid;
141}
142
143std::string const&
144auth::get_user () const
145{
146  return this->user;
147}
148
149void
150auth::set_user (std::string const& user)
151{
152  this->uid = getuid();
153  this->gid = getgid();
154  this->home = "/";
155  this->shell = "/bin/false";
156
157  this->user = user;
158
159  passwd pwent(this->user);
160  if (!pwent)
161    {
162      if (errno)
163        throw error(user, USER, strerror(errno));
164      else
165        throw error(user, USER);
166    }
167  this->uid = pwent.pw_uid;
168  this->gid = pwent.pw_gid;
169  this->home = pwent.pw_dir;
170  this->shell = pwent.pw_shell;
171  log_debug(DEBUG_INFO)
172    << format("auth uid = %1%, gid = %2%") % this->uid % this->gid
173    << endl;
174}
175
176string_list const&
177auth::get_command () const
178{
179  return this->command;
180}
181
182void
183auth::set_command (string_list const& command)
184{
185  this->command = command;
186}
187
188std::string const&
189auth::get_home () const
190{
191  return this->home;
192}
193
194std::string const&
195auth::get_wd () const
196{
197  return this->wd;
198}
199
200void
201auth::set_wd (std::string const& wd)
202{
203  this->wd = wd;
204}
205
206std::string const&
207auth::get_shell () const
208{
209  return this->shell;
210}
211
212environment const&
213auth::get_environment () const
214{
215  return this->user_environment;
216}
217
218void
219auth::set_environment (char **environment)
220{
221  set_environment(sbuild::environment(environment));
222}
223
224void
225auth::set_environment (environment const& environment)
226{
227  this->user_environment = environment;
228}
229
230environment
231auth::get_minimal_environment () const
232{
233  environment minimal;
234  if (!this->user_environment.empty())
235    minimal = this->user_environment;
236
237  // For security, PATH is always set to a sane state for root, but
238  // only set in other cases if not preserving the environment.
239  if (this->uid == 0)
240    minimal.add(std::make_pair("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11"));
241  else if (this->user_environment.empty())
242    minimal.add(std::make_pair("PATH", "/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games"));
243
244  if (this->user_environment.empty())
245    {
246      if (!this->home.empty() )
247        minimal.add(std::make_pair("HOME", this->home));
248      else
249        minimal.add(std::make_pair("HOME", "/"));
250      if (!this->user.empty())
251        {
252          minimal.add(std::make_pair("LOGNAME", this->user));
253          minimal.add(std::make_pair("USER", this->user));
254        }
255      {
256        const char *term = getenv("TERM");
257        if (term)
258          minimal.add(std::make_pair("TERM", term));
259      }
260      if (!this->shell.empty())
261        minimal.add(std::make_pair("SHELL", this->shell));
262    }
263
264  return minimal;
265}
266
267uid_t
268auth::get_ruid () const
269{
270  return this->ruid;
271}
272
273gid_t
274auth::get_rgid () const
275{
276  return this->rgid;
277}
278
279std::string const&
280auth::get_ruser () const
281{
282  return this->ruser;
283}
284
285std::string const&
286auth::get_rgroup () const
287{
288  return this->rgroup;
289}
290
291auth::verbosity
292auth::get_verbosity () const
293{
294  return this->message_verbosity;
295}
296
297void
298auth::set_verbosity (auth::verbosity verbosity)
299{
300  this->message_verbosity = verbosity;
301}
302
303void
304auth::start ()
305{
306}
307
308void
309auth::stop ()
310{
311}
312
313void
314auth::authenticate (status auth_status)
315{
316}
317
318void
319auth::setupenv ()
320{
321}
322
323void
324auth::account ()
325{
326}
327
328void
329auth::cred_establish ()
330{
331}
332
333void
334auth::cred_delete ()
335{
336}
337
338void
339auth::open_session ()
340{
341}
342
343void
344auth::close_session ()
345{
346}
Note: See TracBrowser for help on using the repository browser.