sbuild
1.7.1
|
Deny Authentication handler. More...
#include <deny.h>
Public Member Functions | |
virtual | ~deny () |
The destructor. | |
virtual environment | get_auth_environment () const |
Get the PAM environment. More... | |
virtual void | start () |
Start the PAM system. More... | |
virtual void | stop () |
Stop the PAM system. More... | |
virtual void | authenticate (status auth_status) |
Perform PAM authentication. More... | |
virtual bool | is_initialised () const |
Check if PAM is initialised (i.e. More... | |
![]() | |
virtual | ~auth () |
The destructor. | |
std::string const & | get_service () const |
Get the PAM service name. More... | |
uid_t | get_uid () const |
Get the uid of the user. More... | |
gid_t | get_gid () const |
Get the gid of the user. More... | |
std::string const & | get_user () const |
Get the name of the user. More... | |
void | set_user (uid_t uid) |
Set the name of the user. More... | |
void | set_user (const std::string &user) |
Set the name of the user. More... | |
string_list const & | get_command () const |
Get the command to run in the session. More... | |
void | set_command (const string_list &command) |
Set the command to run in the session. More... | |
std::string const & | get_home () const |
Get the home directory. More... | |
std::string const & | get_wd () const |
Get the working directory. More... | |
void | set_wd (const std::string &wd) |
Set the working directory. More... | |
std::string const & | get_shell () const |
Get the name of the shell. More... | |
environment const & | get_user_environment () const |
Get the user environment to use in the session. More... | |
void | set_user_environment (char **environment) |
Set the user environment to use in the session. More... | |
void | set_user_environment (const environment &environment) |
Set the user environment to use in the session. More... | |
environment | get_minimal_environment () const |
Get the minimal environment. More... | |
environment | get_complete_environment () const |
Get the complete environment. More... | |
uid_t | get_ruid () const |
Get the "remote uid" of the user. More... | |
gid_t | get_rgid () const |
Get the "remote gid" of the user. More... | |
std::string const & | get_ruser () const |
Get the "remote" name of the user. More... | |
void | set_ruser (uid_t ruid) |
Set the "remote" name of the user. More... | |
void | set_ruser (const std::string &ruser) |
Set the "remote" name of the user. More... | |
std::string const & | get_rgroup () const |
Get the "remote" name of the group. More... | |
virtual void | setupenv () |
Import the user environment into PAM. More... | |
virtual void | account () |
Do PAM account management (authorisation). More... | |
virtual void | cred_establish () |
Use PAM to establish credentials. More... | |
virtual void | cred_delete () |
Use PAM to delete credentials. More... | |
virtual void | open_session () |
Open a PAM session. More... | |
virtual void | close_session () |
Close a PAM session. More... | |
Static Public Member Functions | |
static auth::ptr | create (const std::string &service_name) |
Create an deny object. More... | |
![]() | |
static status | change_auth (status oldauth, status newauth) |
Set new authentication status. More... | |
Protected Attributes | |
bool | initialised |
Is the serive initialised? | |
environment | auth_environment |
Minimal environment. | |
![]() | |
const std::string | service |
The PAM service name. | |
uid_t | uid |
The uid to run as. | |
gid_t | gid |
The gid to run as. | |
std::string | user |
The user name to run as. | |
string_list | command |
The command to run. | |
std::string | home |
The home directory. | |
std::string | wd |
The directory to run in. | |
std::string | shell |
The user shell to run. | |
environment | user_environment |
The user environment to set. | |
uid_t | ruid |
The uid requesting authentication. | |
gid_t | rgid |
The gid requesting authentication. | |
std::string | ruser |
The user name requesting authentication. | |
std::string | rgroup |
The group name requesting authentication. | |
Private Member Functions | |
deny (const std::string &service_name) | |
The constructor. More... | |
Additional Inherited Members | |
![]() | |
enum | status { STATUS_NONE, STATUS_USER, STATUS_FAIL } |
Authentication status. More... | |
enum | error_code { HOSTNAME, USER, GROUP, AUTHENTICATION, AUTHORISATION, PAM_DOUBLE_INIT, PAM, PAM_END } |
Error codes. More... | |
typedef custom_error< error_code > | error |
Exception type. | |
typedef std::shared_ptr< auth > | ptr |
A shared_ptr to a auth object. | |
![]() | |
auth (const std::string &service_name) | |
The constructor. More... | |
void | set_user (const passwd &pwent) |
Set the name of the user. More... | |
void | set_ruser (const passwd &rpwent) |
Set the "remote" name of the user. More... | |
Deny Authentication handler.
deny handles user authentication, authorisation and session management. Unlike auth_pam, it does nothing. All attempts to authenticate will fail (deny).
|
private |
The constructor.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
Referenced by create().
|
virtual |
Perform PAM authentication.
If auth_status is set to AUTH_USER, the user will be prompted to authenticate themselves. If auth_status is AUTH_NONE, no authentication is required, and if AUTH_FAIL, authentication will fail.
An error will be thrown on failure.
auth_status | initial authentication status. |
Reimplemented from sbuild::auth::auth.
References sbuild::_(), sbuild::auth::auth::AUTHENTICATION, sbuild::auth::auth::AUTHORISATION, sbuild::DEBUG_INFO, initialised, sbuild::log_debug(), sbuild::auth::auth::ruid, sbuild::auth::auth::ruser, sbuild::auth::auth::service, sbuild::auth::auth::STATUS_FAIL, sbuild::auth::auth::STATUS_NONE, sbuild::auth::auth::STATUS_USER, and sbuild::auth::auth::user.
|
static |
Create an deny object.
service_name | the PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d. |
References deny().
|
virtual |
Get the PAM environment.
This is the environment as set by PAM modules.
Implements sbuild::auth::auth.
References sbuild::auth::auth::get_minimal_environment().
|
virtual |
Check if PAM is initialised (i.e.
start has been called).
Implements sbuild::auth::auth.
References initialised.
|
virtual |
Start the PAM system.
No other PAM functions may be called before calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth::auth.
References sbuild::DEBUG_CRITICAL, initialised, sbuild::log_debug(), sbuild::auth::auth::PAM_DOUBLE_INIT, and sbuild::auth::auth::user.
|
virtual |
Stop the PAM system.
No other PAM functions may be used after calling this function.
An error will be thrown on failure.
Reimplemented from sbuild::auth::auth.
References initialised.
Referenced by ~deny().