#include <sbuild-auth.h>
Inheritance diagram for sbuild::Auth:
Public Types | |
typedef runtime_error_custom< Auth > | error |
Exception type. | |
typedef std::tr1::shared_ptr< AuthConv > | conv_ptr |
A shared_ptr to an AuthConv object. | |
enum | Status { STATUS_NONE, STATUS_USER, STATUS_FAIL } |
Authentication status. More... | |
enum | Verbosity { VERBOSITY_QUIET, VERBOSITY_NORMAL, VERBOSITY_VERBOSE } |
Message verbosity. More... | |
Public Member Functions | |
Auth (const std::string &service_name) | |
The constructor. | |
virtual | ~Auth () |
The destructor. | |
const std::string & | get_service () const |
Get the PAM service name. | |
uid_t | get_uid () const |
Get the uid of the user. | |
gid_t | get_gid () const |
Get the gid of the user. | |
const std::string & | get_user () const |
Get the name of the user. | |
void | set_user (const std::string &user) |
Set the name of the user. | |
const string_list & | get_command () const |
Get the command to run in the session. | |
void | set_command (const string_list &command) |
Set the command to run in the session. | |
const std::string & | get_home () const |
Get the home directory. | |
const std::string & | get_shell () const |
Get the name of the shell. | |
const env_list & | get_environment () const |
Get the environment to use in the session. | |
void | set_environment (char **environment) |
Set the environment to use in the session. | |
void | set_environment (const env_list &environment) |
Set the environment to use in the session. | |
env_list | get_pam_environment () const |
Get the PAM environment. | |
uid_t | get_ruid () const |
Get the "remote uid" of the user. | |
const std::string & | get_ruser () const |
Get the "remote" name of the user. | |
Verbosity | get_verbosity () const |
Get the message verbosity. | |
void | set_verbosity (Verbosity verbosity) |
Set the message verbosity. | |
conv_ptr & | get_conv () |
Get the conversation handler. | |
void | set_conv (conv_ptr &conv) |
Set the conversation handler. | |
void | run () |
Run a session. | |
void | start () |
Start the PAM system. | |
void | stop () |
Stop the PAM system. | |
void | authenticate () |
Perform PAM authentication. | |
void | setupenv () |
Import the user environment into PAM. | |
void | account () |
Do PAM account management (authorisation). | |
void | cred_establish () |
Use PAM to establish credentials. | |
void | cred_delete () |
Use PAM to delete credentials. | |
void | open_session () |
Open a PAM session. | |
void | close_session () |
Close a PAM session. | |
Status | change_auth (Status oldauth, Status newauth) const |
Set new authentication status. | |
Protected Member Functions | |
virtual Status | get_auth_status () const |
Check if authentication is required. | |
virtual void | run_impl ()=0 |
Run session. | |
Protected Attributes | |
pam_handle_t * | pam |
The PAM handle. | |
Private Attributes | |
const std::string | service |
The PAM service name. | |
uid_t | uid |
The uid to run as. | |
gid_t | gid |
The gid to run as. | |
std::string | user |
The user name to run as. | |
string_list | command |
The command to run. | |
std::string | home |
The home directory to run in. | |
std::string | shell |
The user shell to run. | |
env_list | environment |
The user environment to set. | |
uid_t | ruid |
The uid requesting authentication. | |
std::string | ruser |
The user name requesting authentication. | |
conv_ptr | conv |
The PAM conversation handler. | |
Verbosity | verbosity |
The message verbosity. |
Auth handles user authentication, authorisation and session management using the Pluggable Authentication Modules (PAM) library. It is essentially an object-oriented wrapper around PAM.
In order to use PAM correctly, it is important to call several of the methods in the correct order. For example, it is not possible to authorise a user before authenticating a user, and a session may not be started before either of these have occured.
The correct order is
After the session has finished, or if an error occured, the corresponding cleanup methods should be called
The run method will handle all this. The run_impl virtual function should be used to provide a session handler to open and close the session for the user. open_session and close_session must still be used.
|
Authentication status.
|
|
Message verbosity.
|
|
The constructor.
|
|
The destructor.
|
|
Do PAM account management (authorisation). An error will be thrown on failure. |
|
Perform PAM authentication. If required, the user will be prompted to authenticate themselves. An error will be thrown on failure. |
|
Set new authentication status. If newauth > oldauth, newauth is returned, otherwise oldauth is returned. This is to ensure the authentication status can never be decreased (relaxed).
|
|
Close a PAM session. An error will be thrown on failure. |
|
Use PAM to delete credentials. An error will be thrown on failure. |
|
Use PAM to establish credentials. An error will be thrown on failure. |
|
Check if authentication is required. This default implementation always requires authentication. Reimplemented in sbuild::Session. |
|
Get the command to run in the session.
|
|
Get the conversation handler.
|
|
Get the environment to use in the session.
|
|
Get the gid of the user. This is the gid to run as in the session.
|
|
Get the home directory. This is the $HOME to set in the session, if the user environment is not being preserved.
|
|
Get the PAM environment. This is the environment as set by PAM modules.
|
|
Get the "remote uid" of the user. This is the uid which is requesting authentication.
|
|
Get the "remote" name of the user. This is the user which is requesting authentication.
|
|
Get the PAM service name.
|
|
Get the name of the shell. This is the shell to run in the session.
|
|
Get the uid of the user. This is the uid to run as in the * session.
|
|
Get the name of the user. This is the user to run as in the session.
|
|
Get the message verbosity. Returns the verbosity level. |
|
Open a PAM session. An error will be thrown on failure. |
|
Run a session. The user will be asked for authentication if required, and then the run_impl virtual method will be called. An error will be thrown on failure. |
|
Run session. The code to run when authentication and authorisation have been completed. Implemented in sbuild::Session. |
|
Set the command to run in the session.
|
|
Set the conversation handler.
|
|
Set the environment to use in the session.
|
|
Set the environment to use in the session.
|
|
Set the name of the user. This is the user to run as in the session. As a side effect, the uid, gid, home and shell member variables will also be set, so calling the corresponding get methods will now return meaningful values.
|
|
Set the message verbosity.
|
|
Import the user environment into PAM. If no environment was specified with set_environment, a minimal environment will be created containing HOME, LOGNAME, PATH, TERM and LOGNAME. An error will be thrown on failure. |
|
Start the PAM system. No other PAM functions may be called before calling this function. An error will be thrown on failure. |
|
Stop the PAM system. No other PAM functions may be used after calling this function. An error will be thrown on failure. |