Authentication handler. More...
#include <sbuild-auth-pam.h>
Public Member Functions | |
virtual | ~auth_pam () |
The destructor. | |
virtual environment | get_auth_environment () const |
Get the PAM environment. | |
auth_pam_conv::ptr & | get_conv () |
void | set_conv (auth_pam_conv::ptr &conv) |
virtual void | start () |
Start the PAM system. | |
virtual void | stop () |
Stop the PAM system. | |
virtual void | authenticate (status auth_status) |
Perform PAM authentication. | |
virtual void | setupenv () |
Import the user environment into PAM. | |
virtual void | account () |
Do PAM account management (authorisation). | |
virtual void | cred_establish () |
Use PAM to establish credentials. | |
virtual void | cred_delete () |
Use PAM to delete credentials. | |
virtual void | open_session () |
Open a PAM session. | |
virtual void | close_session () |
Close a PAM session. | |
virtual bool | is_initialised () const |
Check if PAM is initialised (i.e. | |
Static Public Member Functions | |
static auth::ptr | create (std::string const &service_name) |
Create an auth_pam object. | |
Private Member Functions | |
auth_pam (std::string const &service_name) | |
The constructor. | |
const char * | pam_strerror (int pam_error) |
Get a description of a PAM error. | |
Private Attributes | |
pam_handle_t * | pam |
The PAM handle. | |
auth_pam_conv::ptr | conv |
The PAM conversation handler. |
Authentication handler.
auth_pam handles user authentication, authorisation and session management using the Pluggable Authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.
auth_pam::auth_pam | ( | std::string const & | service_name | ) | [private] |
The constructor.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
Referenced by create().
auth_pam::~auth_pam | ( | ) | [virtual] |
The destructor.
References sbuild::log_exception_error(), and stop().
void auth_pam::account | ( | ) | [virtual] |
Do PAM account management (authorisation).
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
void auth_pam::authenticate | ( | status | auth_status | ) | [virtual] |
Perform PAM authentication.
If auth_status is set to AUTH_USER, the user will be prompted to authenticate themselves. If auth_status is AUTH_NONE, no authentication is required, and if AUTH_FAIL, authentication will fail.
An error will be thrown on failure.
auth_status | initial authentication status. |
Reimplemented from sbuild::auth.
References sbuild::_(), sbuild::auth::AUTHENTICATION, sbuild::auth::AUTHORISATION, sbuild::DEBUG_CRITICAL, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::HOSTNAME, sbuild::log_debug(), sbuild::auth::PAM, pam, pam_strerror(), sbuild::auth::ruser, sbuild::auth::service, sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, and sbuild::auth::STATUS_USER.
void auth_pam::close_session | ( | ) | [virtual] |
Close a PAM session.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
auth::ptr auth_pam::create | ( | std::string const & | service_name | ) | [static] |
Create an auth_pam object.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
References auth_pam().
void auth_pam::cred_delete | ( | ) | [virtual] |
Use PAM to delete credentials.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
void auth_pam::cred_establish | ( | ) | [virtual] |
Use PAM to establish credentials.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
environment auth_pam::get_auth_environment | ( | ) | const [virtual] |
Get the PAM environment.
This is the environment as set by PAM modules.
Implements sbuild::auth.
References pam.
auth_pam_conv::ptr & auth_pam::get_conv | ( | ) |
bool auth_pam::is_initialised | ( | ) | const [virtual] |
Check if PAM is initialised (i.e.
start has been called).
Implements sbuild::auth.
References pam.
void auth_pam::open_session | ( | ) | [virtual] |
Open a PAM session.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
const char * auth_pam::pam_strerror | ( | int | pam_error | ) | [private] |
Get a description of a PAM error.
pam_error | the PAM error number. |
References pam.
Referenced by account(), authenticate(), close_session(), cred_delete(), cred_establish(), open_session(), setupenv(), and start().
void auth_pam::set_conv | ( | auth_pam_conv::ptr & | conv | ) |
void auth_pam::setupenv | ( | ) | [virtual] |
Import the user environment into PAM.
If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME.
An error will be thrown on failure.
Note that the environment is not sanitised in any way. This is the responsibility of the user.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::get_minimal_environment(), sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().
void auth_pam::start | ( | ) | [virtual] |
Start the PAM system.
No other PAM functions may be called before calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_CRITICAL, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, sbuild::auth::PAM_DOUBLE_INIT, pam_strerror(), and sbuild::auth::service.
void auth_pam::stop | ( | ) | [virtual] |
Stop the PAM system.
No other PAM functions may be used after calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth.
References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), pam, and sbuild::auth::PAM_END.
Referenced by ~auth_pam().
auth_pam_conv::ptr sbuild::auth_pam::conv [private] |
The PAM conversation handler.
pam_handle_t* sbuild::auth_pam::pam [private] |
The PAM handle.
Referenced by account(), authenticate(), close_session(), cred_delete(), cred_establish(), get_auth_environment(), is_initialised(), open_session(), pam_strerror(), setupenv(), start(), and stop().