sbuild  1.7.1
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | List of all members
sbuild::auth::pam Class Reference

Authentication handler. More...

#include <pam.h>

+ Inheritance diagram for sbuild::auth::pam:
+ Collaboration diagram for sbuild::auth::pam:

Public Member Functions

virtual ~pam ()
 The destructor.
 
virtual environment get_auth_environment () const
 Get the PAM environment. More...
 
pam_conv::ptrget_conv ()
 Get the conversation handler. More...
 
void set_conv (pam_conv::ptr &conv)
 Set the conversation handler. More...
 
virtual void start ()
 Start the PAM system. More...
 
virtual void stop ()
 Stop the PAM system. More...
 
virtual void authenticate (status auth_status)
 Perform PAM authentication. More...
 
virtual void setupenv ()
 Import the user environment into PAM. More...
 
virtual void account ()
 Do PAM account management (authorisation). More...
 
virtual void cred_establish ()
 Use PAM to establish credentials. More...
 
virtual void cred_delete ()
 Use PAM to delete credentials. More...
 
virtual void open_session ()
 Open a PAM session. More...
 
virtual void close_session ()
 Close a PAM session. More...
 
virtual bool is_initialised () const
 Check if PAM is initialised (i.e. More...
 
- Public Member Functions inherited from sbuild::auth::auth
virtual ~auth ()
 The destructor.
 
std::string const & get_service () const
 Get the PAM service name. More...
 
uid_t get_uid () const
 Get the uid of the user. More...
 
gid_t get_gid () const
 Get the gid of the user. More...
 
std::string const & get_user () const
 Get the name of the user. More...
 
void set_user (uid_t uid)
 Set the name of the user. More...
 
void set_user (const std::string &user)
 Set the name of the user. More...
 
string_list const & get_command () const
 Get the command to run in the session. More...
 
void set_command (const string_list &command)
 Set the command to run in the session. More...
 
std::string const & get_home () const
 Get the home directory. More...
 
std::string const & get_wd () const
 Get the working directory. More...
 
void set_wd (const std::string &wd)
 Set the working directory. More...
 
std::string const & get_shell () const
 Get the name of the shell. More...
 
environment const & get_user_environment () const
 Get the user environment to use in the session. More...
 
void set_user_environment (char **environment)
 Set the user environment to use in the session. More...
 
void set_user_environment (const environment &environment)
 Set the user environment to use in the session. More...
 
environment get_minimal_environment () const
 Get the minimal environment. More...
 
environment get_complete_environment () const
 Get the complete environment. More...
 
uid_t get_ruid () const
 Get the "remote uid" of the user. More...
 
gid_t get_rgid () const
 Get the "remote gid" of the user. More...
 
std::string const & get_ruser () const
 Get the "remote" name of the user. More...
 
void set_ruser (uid_t ruid)
 Set the "remote" name of the user. More...
 
void set_ruser (const std::string &ruser)
 Set the "remote" name of the user. More...
 
std::string const & get_rgroup () const
 Get the "remote" name of the group. More...
 

Static Public Member Functions

static auth::ptr create (const std::string &service_name)
 Create an pam object. More...
 
- Static Public Member Functions inherited from sbuild::auth::auth
static status change_auth (status oldauth, status newauth)
 Set new authentication status. More...
 

Private Member Functions

 pam (const std::string &service_name)
 The constructor. More...
 
const char * pam_strerror (int pam_error)
 Get a description of a PAM error. More...
 

Private Attributes

pam_handle_t * pamh
 The PAM handle.
 
pam_conv::ptr conv
 The PAM conversation handler.
 

Additional Inherited Members

- Public Types inherited from sbuild::auth::auth
enum  status { STATUS_NONE, STATUS_USER, STATUS_FAIL }
 Authentication status. More...
 
enum  error_code {
  HOSTNAME, USER, GROUP, AUTHENTICATION,
  AUTHORISATION, PAM_DOUBLE_INIT, PAM, PAM_END
}
 Error codes. More...
 
typedef custom_error< error_codeerror
 Exception type.
 
typedef std::shared_ptr< authptr
 A shared_ptr to a auth object.
 
- Protected Member Functions inherited from sbuild::auth::auth
 auth (const std::string &service_name)
 The constructor. More...
 
void set_user (const passwd &pwent)
 Set the name of the user. More...
 
void set_ruser (const passwd &rpwent)
 Set the "remote" name of the user. More...
 
- Protected Attributes inherited from sbuild::auth::auth
const std::string service
 The PAM service name.
 
uid_t uid
 The uid to run as.
 
gid_t gid
 The gid to run as.
 
std::string user
 The user name to run as.
 
string_list command
 The command to run.
 
std::string home
 The home directory.
 
std::string wd
 The directory to run in.
 
std::string shell
 The user shell to run.
 
environment user_environment
 The user environment to set.
 
uid_t ruid
 The uid requesting authentication.
 
gid_t rgid
 The gid requesting authentication.
 
std::string ruser
 The user name requesting authentication.
 
std::string rgroup
 The group name requesting authentication.
 

Detailed Description

Authentication handler.

pam handles user authentication, authorisation and session management using the Pluggable Authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.

Constructor & Destructor Documentation

sbuild::auth::pam::pam ( const std::string &  service_name)
private

The constructor.

Parameters
service_namethe PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d.

Referenced by create().

+ Here is the caller graph for this function:

Member Function Documentation

void sbuild::auth::pam::account ( )
virtual

Do PAM account management (authorisation).

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

void sbuild::auth::pam::authenticate ( status  auth_status)
virtual

Perform PAM authentication.

If auth_status is set to AUTH_USER, the user will be prompted to authenticate themselves. If auth_status is AUTH_NONE, no authentication is required, and if AUTH_FAIL, authentication will fail.

An error will be thrown on failure.

Parameters
auth_statusinitial authentication status.
Todo:
Use sysconf(_SC_HOST_NAME_MAX) when libc in a stable release supports it.

Reimplemented from sbuild::auth::auth.

References sbuild::_(), sbuild::auth::auth::AUTHENTICATION, sbuild::auth::auth::AUTHORISATION, sbuild::DEBUG_CRITICAL, sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::auth::HOSTNAME, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), pamh, sbuild::auth::auth::ruser, sbuild::auth::auth::service, sbuild::auth::auth::STATUS_FAIL, sbuild::auth::auth::STATUS_NONE, and sbuild::auth::auth::STATUS_USER.

void sbuild::auth::pam::close_session ( )
virtual

Close a PAM session.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

auth::ptr sbuild::auth::pam::create ( const std::string &  service_name)
static

Create an pam object.

Parameters
service_namethe PAM service name. This should be a hard-coded constant string literal for safety and security. This is passed to pam_start() when initialising PAM, and is used to load the correct configuration file from /etc/pam.d.
Returns
a shared pointer to the created object.

References pam().

void sbuild::auth::pam::cred_delete ( )
virtual

Use PAM to delete credentials.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

void sbuild::auth::pam::cred_establish ( )
virtual

Use PAM to establish credentials.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

environment sbuild::auth::pam::get_auth_environment ( ) const
virtual

Get the PAM environment.

This is the environment as set by PAM modules.

Returns
an environment list.

Implements sbuild::auth::auth.

References pamh.

pam_conv::ptr & sbuild::auth::pam::get_conv ( )

Get the conversation handler.

Returns
a shared pointer to the conversation handler.

References conv.

bool sbuild::auth::pam::is_initialised ( ) const
virtual

Check if PAM is initialised (i.e.

start has been called).

Returns
true if initialised, otherwise false.

Implements sbuild::auth::auth.

References pamh.

void sbuild::auth::pam::open_session ( )
virtual

Open a PAM session.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

const char * sbuild::auth::pam::pam_strerror ( int  pam_error)
private

Get a description of a PAM error.

Parameters
pam_errorthe PAM error number.
Returns
the description.

References pamh.

Referenced by account(), authenticate(), close_session(), cred_delete(), cred_establish(), open_session(), setupenv(), and start().

+ Here is the caller graph for this function:

void sbuild::auth::pam::set_conv ( pam_conv::ptr conv)

Set the conversation handler.

Parameters
conva shared pointer to the conversation handler.

References conv.

void sbuild::auth::pam::setupenv ( )
virtual

Import the user environment into PAM.

If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME.

An error will be thrown on failure.

Note that the environment is not sanitised in any way. This is the responsibility of the user.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_INFO, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::auth::auth::get_minimal_environment(), sbuild::log_debug(), sbuild::auth::auth::PAM, pam_strerror(), and pamh.

void sbuild::auth::pam::start ( )
virtual

Start the PAM system.

No other PAM functions may be called before calling this function.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_CRITICAL, sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM, sbuild::auth::auth::PAM_DOUBLE_INIT, pam_strerror(), pamh, and sbuild::auth::auth::service.

void sbuild::auth::pam::stop ( )
virtual

Stop the PAM system.

No other PAM functions may be used after calling this function.

An error will be thrown on failure.

Reimplemented from sbuild::auth::auth.

References sbuild::DEBUG_NOTICE, sbuild::DEBUG_WARNING, sbuild::log_debug(), sbuild::auth::auth::PAM_END, and pamh.

Referenced by ~pam().

+ Here is the caller graph for this function:


The documentation for this class was generated from the following files: