sbuild 1.4.23
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes
sbuild::auth_pam Class Reference

Authentication handler. More...

#include <sbuild-auth-pam.h>

Inheritance diagram for sbuild::auth_pam:
Collaboration diagram for sbuild::auth_pam:

List of all members.

Public Member Functions

virtual ~auth_pam ()
 The destructor.
virtual environment get_auth_environment () const
 Get the PAM environment.
auth_pam_conv::ptrget_conv ()
 Get the conversation handler.
void set_conv (auth_pam_conv::ptr &conv)
 Set the conversation handler.
virtual void start ()
 Start the PAM system.
virtual void stop ()
 Stop the PAM system.
virtual void authenticate (status auth_status)
 Perform PAM authentication.
virtual void setupenv ()
 Import the user environment into PAM.
virtual void account ()
 Do PAM account management (authorisation).
virtual void cred_establish ()
 Use PAM to establish credentials.
virtual void cred_delete ()
 Use PAM to delete credentials.
virtual void open_session ()
 Open a PAM session.
virtual void close_session ()
 Close a PAM session.
virtual bool is_initialised () const
 Check if PAM is initialised (i.e.

Static Public Member Functions

static auth::ptr create (std::string const &service_name)
 Create an auth_pam object.

Private Member Functions

 auth_pam (std::string const &service_name)
 The constructor.
const char * pam_strerror (int pam_error)
 Get a description of a PAM error.

Private Attributes

pam_handle_t * pam
 The PAM handle.
auth_pam_conv::ptr conv
 The PAM conversation handler.

Detailed Description

Authentication handler.

auth_pam handles user authentication, authorisation and session management using the Pluggable Authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.


Constructor & Destructor Documentation

auth_pam::auth_pam ( std::string const &  service_name) [private]

The constructor.

Parameters:
service_namethe PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d.

Referenced by create().

Here is the caller graph for this function:


Member Function Documentation

void auth_pam::account ( ) [virtual]

Do PAM account management (authorisation).

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

void auth_pam::authenticate ( status  auth_status) [virtual]

Perform PAM authentication.

If auth_status is set to AUTH_USER, the user will be prompted to authenticate themselves. If auth_status is AUTH_NONE, no authentication is required, and if AUTH_FAIL, authentication will fail.

An error will be thrown on failure.

Parameters:
auth_statusinitial authentication status.
Todo:
Use sysconf(_SC_HOST_NAME_MAX) when libc in a stable release supports it.

Reimplemented from sbuild::auth.

References sbuild::_(), sbuild::auth::AUTHENTICATION, sbuild::auth::AUTHORISATION, sbuild::DEBUG_CRITICAL, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::HOSTNAME, sbuild::log_debug(), sbuild::auth::PAM, pam, pam_strerror(), sbuild::auth::ruser, sbuild::auth::service, sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, and sbuild::auth::STATUS_USER.

void auth_pam::close_session ( ) [virtual]

Close a PAM session.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

auth::ptr auth_pam::create ( std::string const &  service_name) [static]

Create an auth_pam object.

Parameters:
service_namethe PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d.
Returns:
a shared pointer to the created object.

References auth_pam().

void auth_pam::cred_delete ( ) [virtual]

Use PAM to delete credentials.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

void auth_pam::cred_establish ( ) [virtual]

Use PAM to establish credentials.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

environment auth_pam::get_auth_environment ( ) const [virtual]

Get the PAM environment.

This is the environment as set by PAM modules.

Returns:
an environment list.

Implements sbuild::auth.

References pam.

auth_pam_conv::ptr & auth_pam::get_conv ( )

Get the conversation handler.

Returns:
a shared pointer to the conversation handler.

References conv.

bool auth_pam::is_initialised ( ) const [virtual]

Check if PAM is initialised (i.e.

start has been called).

Returns:
true if initialised, otherwise false.

Implements sbuild::auth.

References pam.

void auth_pam::open_session ( ) [virtual]

Open a PAM session.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

const char * auth_pam::pam_strerror ( int  pam_error) [private]

Get a description of a PAM error.

Parameters:
pam_errorthe PAM error number.
Returns:
the description.

References pam.

Referenced by account(), authenticate(), close_session(), cred_delete(), cred_establish(), open_session(), setupenv(), and start().

Here is the caller graph for this function:

void auth_pam::set_conv ( auth_pam_conv::ptr conv)

Set the conversation handler.

Parameters:
conva shared pointer to the conversation handler.

References conv.

void auth_pam::setupenv ( ) [virtual]

Import the user environment into PAM.

If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME.

An error will be thrown on failure.

Note that the environment is not sanitised in any way. This is the responsibility of the user.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::get_minimal_environment(), sbuild::log_debug(), sbuild::auth::PAM, pam, and pam_strerror().

void auth_pam::start ( ) [virtual]

Start the PAM system.

No other PAM functions may be called before calling this function.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_CRITICAL, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::PAM, pam, sbuild::auth::PAM_DOUBLE_INIT, pam_strerror(), and sbuild::auth::service.

void auth_pam::stop ( ) [virtual]

Stop the PAM system.

No other PAM functions may be used after calling this function.

An error will be thrown on failure.

Reimplemented from sbuild::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), pam, and sbuild::auth::PAM_END.

Referenced by ~auth_pam().

Here is the caller graph for this function:


The documentation for this class was generated from the following files: