Drizzled Public API Documentation

auth_pam.cc
1 /* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
2  * vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
3  *
4  * Copyright (C) 2009 Sun Microsystems, Inc.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; version 2 of the License.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  */
19 
20 /*
21  Sections of this were taken/modified from mod_auth_path for Apache
22  @TODO: License?
23 */
24 
25 #include <config.h>
26 
27 #include <drizzled/identifier.h>
28 #include <drizzled/plugin/authentication.h>
29 
30 #include <security/pam_appl.h>
31 #if !defined(__sun) && !defined(__FreeBSD__)
32 #include <security/pam_misc.h>
33 #endif
34 
35 using namespace drizzled;
36 
37 typedef struct {
38  const char *name;
39  const char *password;
41 
42 extern "C"
43 int auth_pam_talker(int num_msg,
44 #ifdef __sun
45  struct pam_message **msg,
46 #else
47  const struct pam_message **msg,
48 #endif
49  struct pam_response **resp,
50  void *appdata_ptr);
51 
52 int auth_pam_talker(int num_msg,
53 #ifdef __sun
54  struct pam_message **msg,
55 #else
56  const struct pam_message **msg,
57 #endif
58  struct pam_response **resp,
59  void *appdata_ptr)
60 {
61  auth_pam_userinfo *userinfo = (auth_pam_userinfo*)appdata_ptr;
62  struct pam_response *response = 0;
63 
64  /* parameter sanity checking */
65  if(not resp || not msg || not userinfo)
66  return PAM_CONV_ERR;
67 
68  /* allocate memory to store response */
69  response= (struct pam_response*)malloc(num_msg * sizeof(struct pam_response));
70 
71  /* copy values */
72  for(int x= 0; x < num_msg; x++)
73  {
74  /* initialize to safe values */
75  response[x].resp_retcode= 0;
76  response[x].resp= 0;
77 
78  /* select response based on requested output style */
79  switch(msg[x]->msg_style)
80  {
81  case PAM_PROMPT_ECHO_ON:
82  /* on memory allocation failure, auth fails */
83  response[x].resp = strdup(userinfo->name);
84  break;
85  case PAM_PROMPT_ECHO_OFF:
86  response[x].resp = strdup(userinfo->password);
87  break;
88  default:
89  free(response);
90  return PAM_CONV_ERR;
91  }
92  }
93 
94  /* everything okay, set PAM response values */
95  *resp = response;
96 
97  return PAM_SUCCESS;
98 }
99 
101 {
102 public:
103  Auth_pam(std::string name_arg)
104  : drizzled::plugin::Authentication(name_arg) {}
105  virtual bool authenticate(const identifier::User &sctx,
106  const std::string &password)
107  {
108  int retval;
109  auth_pam_userinfo userinfo= { NULL, NULL };
110  struct pam_conv conv_info= { &auth_pam_talker, (void*)&userinfo };
111  pam_handle_t *pamh= NULL;
112 
113  userinfo.name= sctx.username().c_str();
114  userinfo.password= password.c_str();
115 
116  retval= pam_start("drizzle", userinfo.name, &conv_info, &pamh);
117 
118  if (retval == PAM_SUCCESS)
119  retval= pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK);
120 
121  if (retval == PAM_SUCCESS)
122  retval= pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK);
123 
124  pam_end(pamh, retval);
125 
126  return (retval == PAM_SUCCESS) ? true: false;
127  }
128 };
129 
130 
131 static Auth_pam *auth= NULL;
132 
133 static int initialize(drizzled::module::Context &context)
134 {
135  auth= new Auth_pam("auth_pam");
136  context.add(auth);
137  return 0;
138 }
139 
140 DRIZZLE_DECLARE_PLUGIN
141 {
142  DRIZZLE_VERSION_ID,
143  "pam",
144  "0.1",
145  "Brian Aker",
146  N_("Authenication against system user accounts using PAM"),
147  PLUGIN_LICENSE_GPL,
148  initialize,
149  NULL,
150  NULL
151 }
152 DRIZZLE_DECLARE_PLUGIN_END;
A set of Session members describing the current authenticated user.
Definition: user.h:34
TODO: Rename this file - func.h is stupid.