#include <sbuild-auth.h>
Inheritance diagram for sbuild::auth:
Public Types | |
typedef runtime_error_custom< auth > | error |
Exception type. | |
typedef std::tr1::shared_ptr< auth_conv > | conv_ptr |
A shared_ptr to an auth_conv object. | |
enum | status { STATUS_NONE, STATUS_USER, STATUS_FAIL } |
Authentication status. More... | |
enum | verbosity { VERBOSITY_QUIET, VERBOSITY_NORMAL, VERBOSITY_VERBOSE } |
Message verbosity. More... | |
Public Member Functions | |
auth (std::string const &service_name) | |
The constructor. | |
virtual | ~auth () |
The destructor. | |
std::string const & | get_service () const |
Get the PAM service name. | |
uid_t | get_uid () const |
Get the uid of the user. | |
gid_t | get_gid () const |
Get the gid of the user. | |
std::string const & | get_user () const |
Get the name of the user. | |
void | set_user (std::string const &user) |
Set the name of the user. | |
string_list const & | get_command () const |
Get the command to run in the session. | |
void | set_command (string_list const &command) |
Set the command to run in the session. | |
std::string const & | get_home () const |
Get the home directory. | |
std::string const & | get_shell () const |
Get the name of the shell. | |
environment const & | get_environment () const |
Get the environment to use in the session. | |
void | set_environment (char **environment) |
Set the environment to use in the session. | |
void | set_environment (environment const &environment) |
Set the environment to use in the session. | |
environment | get_pam_environment () const |
Get the PAM environment. | |
uid_t | get_ruid () const |
Get the "remote uid" of the user. | |
std::string const & | get_ruser () const |
Get the "remote" name of the user. | |
verbosity | get_verbosity () const |
Get the message verbosity. | |
void | set_verbosity (verbosity verbosity) |
Set the message verbosity. | |
conv_ptr & | get_conv () |
Get the conversation handler. | |
void | set_conv (conv_ptr &conv) |
Set the conversation handler. | |
void | run () |
Run a session. | |
void | start () |
Start the PAM system. | |
void | stop () |
Stop the PAM system. | |
void | authenticate () |
Perform PAM authentication. | |
void | setupenv () |
Import the user environment into PAM. | |
void | account () |
Do PAM account management (authorisation). | |
void | cred_establish () |
Use PAM to establish credentials. | |
void | cred_delete () |
Use PAM to delete credentials. | |
void | open_session () |
Open a PAM session. | |
void | close_session () |
Close a PAM session. | |
status | change_auth (status oldauth, status newauth) const |
Set new authentication status. | |
Protected Member Functions | |
virtual status | get_auth_status () const |
Check if authentication is required. | |
virtual void | run_impl ()=0 |
Run session. | |
Protected Attributes | |
pam_handle_t * | pam |
The PAM handle. | |
Private Attributes | |
const std::string | service |
The PAM service name. | |
uid_t | uid |
The uid to run as. | |
gid_t | gid |
The gid to run as. | |
std::string | user |
The user name to run as. | |
string_list | command |
The command to run. | |
std::string | home |
The home directory to run in. | |
std::string | shell |
The user shell to run. | |
environment | user_environment |
The user environment to set. | |
uid_t | ruid |
The uid requesting authentication. | |
std::string | ruser |
The user name requesting authentication. | |
conv_ptr | conv |
The PAM conversation handler. | |
verbosity | message_verbosity |
The message verbosity. |
auth handles user authentication, authorisation and session management using the Pluggable authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.
In order to use PAM correctly, it is important to call several of the methods in the correct order. For example, it is not possible to authorise a user before authenticating a user, and a session may not be started before either of these have occured.
The correct order is
After the session has finished, or if an error occured, the corresponding cleanup methods should be called
The run method will handle all this. The run_impl virtual function should be used to provide a session handler to open and close the session for the user. open_session and close_session must still be used.
|
A shared_ptr to an auth_conv object.
|
|
Exception type.
Reimplemented in sbuild::session. |
|
Authentication status.
|
|
Message verbosity.
|
|
The constructor.
|
|
The destructor.
|
|
Do PAM account management (authorisation). An error will be thrown on failure. |
|
Perform PAM authentication. If required, the user will be prompted to authenticate themselves. An error will be thrown on failure. |
|
Set new authentication status. If newauth > oldauth, newauth is returned, otherwise oldauth is returned. This is to ensure the authentication status can never be decreased (relaxed).
|
|
Close a PAM session. An error will be thrown on failure. |
|
Use PAM to delete credentials. An error will be thrown on failure. |
|
Use PAM to establish credentials. An error will be thrown on failure. |
|
Check if authentication is required. This default implementation always requires authentication. Reimplemented in dchroot::session, and sbuild::session. |
|
Get the command to run in the session.
|
|
Get the conversation handler.
|
|
Get the environment to use in the session.
|
|
Get the gid of the user. This is the gid to run as in the session.
|
|
Get the home directory. This is the $HOME to set in the session, if the user environment is not being preserved.
|
|
Get the PAM environment. This is the environment as set by PAM modules.
|
|
Get the "remote uid" of the user. This is the uid which is requesting authentication.
|
|
Get the "remote" name of the user. This is the user which is requesting authentication.
|
|
Get the PAM service name.
|
|
Get the name of the shell. This is the shell to run in the session.
|
|
Get the uid of the user. This is the uid to run as in the * session.
|
|
Get the name of the user. This is the user to run as in the session.
|
|
Get the message verbosity. Returns the verbosity level. |
|
Open a PAM session. An error will be thrown on failure. |
|
Run a session. The user will be asked for authentication if required, and then the run_impl virtual method will be called. An error will be thrown on failure. |
|
Run session. The code to run when authentication and authorisation have been completed. Implemented in dchroot::session, and sbuild::session. |
|
Set the command to run in the session.
|
|
Set the conversation handler.
|
|
Set the environment to use in the session.
|
|
Set the environment to use in the session.
|
|
Set the name of the user. This is the user to run as in the session. As a side effect, the uid, gid, home and shell member variables will also be set, so calling the corresponding get methods will now return meaningful values.
|
|
Set the message verbosity.
|
|
Import the user environment into PAM. If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME. An error will be thrown on failure. |
|
Start the PAM system. No other PAM functions may be called before calling this function. An error will be thrown on failure. |
|
Stop the PAM system. No other PAM functions may be used after calling this function. An error will be thrown on failure. |
|
The command to run.
|
|
The PAM conversation handler.
|
|
The gid to run as.
|
|
The home directory to run in.
|
|
The message verbosity.
|
|
The PAM handle.
|
|
The uid requesting authentication.
|
|
The user name requesting authentication.
|
|
The PAM service name.
|
|
The user shell to run.
|
|
The uid to run as.
|
|
The user name to run as.
|
|
The user environment to set.
|