Beispiel #1
0
int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
                   pamAuthRequestOut_t **pamAuthRequestOut ) {
    int status = 0;
    pamAuthRequestOut_t *result;
    bool run_server_as_root = false;

    *pamAuthRequestOut = ( pamAuthRequestOut_t * )
                         malloc( sizeof( pamAuthRequestOut_t ) );
    memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );

    result = *pamAuthRequestOut;

    irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root );

    if ( run_server_as_root ) {
        /* uid == euid is needed for some plugins e.g. libpam-sss */
        status = changeToRootUser();
        if ( status < 0 ) {
            return status;
        }
    }
    /* Normal mode, fork/exec setuid program to do the Pam check */
    status = runPamAuthCheck( pamAuthRequestInp->pamUser,
                              pamAuthRequestInp->pamPassword );
    if ( run_server_as_root ) {
        changeToServiceUser();
    }
    if ( status == 256 ) {
        status = PAM_AUTH_PASSWORD_FAILED;
    }
    else {
        /* the exec failed or something (PamAuthCheck not built perhaps) */
        if ( status != 0 ) {
            status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
        }
    }

    if ( status ) {
        return status;
    }
    result->irodsPamPassword = ( char* )malloc( 100 );
    if ( result->irodsPamPassword == 0 ) {
        return SYS_MALLOC_ERR;
    }
    status = chlUpdateIrodsPamPassword( rsComm,
                                        pamAuthRequestInp->pamUser,
                                        pamAuthRequestInp->timeToLive,
                                        NULL,
                                        &result->irodsPamPassword );
    return status;
}
int
_rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
		   pamAuthRequestOut_t **pamAuthRequestOut) {
    int status = 0;
    pamAuthRequestOut_t *result;

    *pamAuthRequestOut = (pamAuthRequestOut_t *)
       malloc(sizeof(pamAuthRequestOut_t));
    memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t));

    result = *pamAuthRequestOut;

#if defined(PAM_AUTH)

#ifdef RUN_SERVER_AS_ROOT
    /* uid == euid is needed for some plugins e.g. libpam-sss */
    status = changeToRootUser();
    if (status < 0) {
        return (status);
    }
#endif
    /* Normal mode, fork/exec setuid program to do the Pam check */
    status = runPamAuthCheck(pamAuthRequestInp->pamUser,
                             pamAuthRequestInp->pamPassword);
#ifdef RUN_SERVER_AS_ROOT
    changeToServiceUser();
#endif
    if (status == 256) {
      status = PAM_AUTH_PASSWORD_FAILED;
    }
    else {
      /* the exec failed or something (PamAuthCheck not built perhaps) */
      if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
    }

    if (status) {
      return(status);
    }
    result->irodsPamPassword = (char*)malloc(100);
    if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR);
    status = chlUpdateIrodsPamPassword(rsComm, 
				       pamAuthRequestInp->pamUser, NULL,
				       &result->irodsPamPassword);
    return(status);
#else
    status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
    return (status);
#endif
} 
Beispiel #3
0
int 
testGetPamPw(rsComm_t *rsComm, char *username, char *testTime) {
   char *irodsPamPassword;
   int status;

   irodsPamPassword = (char*)malloc(100);
   memset(irodsPamPassword,0,100);

   status = chlUpdateIrodsPamPassword(rsComm, username, testTime,
				      &irodsPamPassword);
   if (status==0) {
      printf("status=%d pw=%s \n",status,irodsPamPassword);
   }
   else {
      printf("status=%d\n",status);
   }
   return(0);
}
Beispiel #4
0
int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
                   pamAuthRequestOut_t **pamAuthRequestOut ) {
    int status = 0;
    pamAuthRequestOut_t *result;

    *pamAuthRequestOut = ( pamAuthRequestOut_t * )
                         malloc( sizeof( pamAuthRequestOut_t ) );
    memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );

    result = *pamAuthRequestOut;

    /* Normal mode, fork/exec setuid program to do the Pam check */
    status = runPamAuthCheck( pamAuthRequestInp->pamUser,
                              pamAuthRequestInp->pamPassword );
    if ( status == 256 ) {
        status = PAM_AUTH_PASSWORD_FAILED;
    }
    else {
        /* the exec failed or something (PamAuthCheck not built perhaps) */
        if ( status != 0 ) {
            status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
        }
    }

    if ( status ) {
        return status;
    }
    result->irodsPamPassword = ( char* )malloc( 100 );
    if ( result->irodsPamPassword == 0 ) {
        return SYS_MALLOC_ERR;
    }
    status = chlUpdateIrodsPamPassword( rsComm,
                                        pamAuthRequestInp->pamUser,
                                        pamAuthRequestInp->timeToLive,
                                        NULL,
                                        &result->irodsPamPassword );
    return status;
}