int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
pamAuthRequestOut_t **pamAuthRequestOut ) {
int status = 0;
pamAuthRequestOut_t *result;
bool run_server_as_root = false;
*pamAuthRequestOut = ( pamAuthRequestOut_t * )
malloc( sizeof( pamAuthRequestOut_t ) );
memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );
result = *pamAuthRequestOut;
irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root );
if ( run_server_as_root ) {
/* uid == euid is needed for some plugins e.g. libpam-sss */
status = changeToRootUser();
if ( status < 0 ) {
return status;
}
}
/* Normal mode, fork/exec setuid program to do the Pam check */
status = runPamAuthCheck( pamAuthRequestInp->pamUser,
pamAuthRequestInp->pamPassword );
if ( run_server_as_root ) {
changeToServiceUser();
}
if ( status == 256 ) {
status = PAM_AUTH_PASSWORD_FAILED;
}
else {
/* the exec failed or something (PamAuthCheck not built perhaps) */
if ( status != 0 ) {
status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
}
}
if ( status ) {
return status;
}
result->irodsPamPassword = ( char* )malloc( 100 );
if ( result->irodsPamPassword == 0 ) {
return SYS_MALLOC_ERR;
}
status = chlUpdateIrodsPamPassword( rsComm,
pamAuthRequestInp->pamUser,
pamAuthRequestInp->timeToLive,
NULL,
&result->irodsPamPassword );
return status;
}
int
_rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
pamAuthRequestOut_t **pamAuthRequestOut) {
int status = 0;
pamAuthRequestOut_t *result;
*pamAuthRequestOut = (pamAuthRequestOut_t *)
malloc(sizeof(pamAuthRequestOut_t));
memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t));
result = *pamAuthRequestOut;
#if defined(PAM_AUTH)
#ifdef RUN_SERVER_AS_ROOT
/* uid == euid is needed for some plugins e.g. libpam-sss */
status = changeToRootUser();
if (status < 0) {
return (status);
}
#endif
/* Normal mode, fork/exec setuid program to do the Pam check */
status = runPamAuthCheck(pamAuthRequestInp->pamUser,
pamAuthRequestInp->pamPassword);
#ifdef RUN_SERVER_AS_ROOT
changeToServiceUser();
#endif
if (status == 256) {
status = PAM_AUTH_PASSWORD_FAILED;
}
else {
/* the exec failed or something (PamAuthCheck not built perhaps) */
if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
}
if (status) {
return(status);
}
result->irodsPamPassword = (char*)malloc(100);
if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR);
status = chlUpdateIrodsPamPassword(rsComm,
pamAuthRequestInp->pamUser, NULL,
&result->irodsPamPassword);
return(status);
#else
status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
return (status);
#endif
}
int
_rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
pamAuthRequestOut_t **pamAuthRequestOut ) {
int status = 0;
pamAuthRequestOut_t *result;
*pamAuthRequestOut = ( pamAuthRequestOut_t * )
malloc( sizeof( pamAuthRequestOut_t ) );
memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) );
result = *pamAuthRequestOut;
/* Normal mode, fork/exec setuid program to do the Pam check */
status = runPamAuthCheck( pamAuthRequestInp->pamUser,
pamAuthRequestInp->pamPassword );
if ( status == 256 ) {
status = PAM_AUTH_PASSWORD_FAILED;
}
else {
/* the exec failed or something (PamAuthCheck not built perhaps) */
if ( status != 0 ) {
status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
}
}
if ( status ) {
return status;
}
result->irodsPamPassword = ( char* )malloc( 100 );
if ( result->irodsPamPassword == 0 ) {
return SYS_MALLOC_ERR;
}
status = chlUpdateIrodsPamPassword( rsComm,
pamAuthRequestInp->pamUser,
pamAuthRequestInp->timeToLive,
NULL,
&result->irodsPamPassword );
return status;
}
