int _rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp, pamAuthRequestOut_t **pamAuthRequestOut ) { int status = 0; pamAuthRequestOut_t *result; bool run_server_as_root = false; *pamAuthRequestOut = ( pamAuthRequestOut_t * ) malloc( sizeof( pamAuthRequestOut_t ) ); memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) ); result = *pamAuthRequestOut; irods::server_properties::getInstance().get_property<bool>( RUN_SERVER_AS_ROOT_KW, run_server_as_root ); if ( run_server_as_root ) { /* uid == euid is needed for some plugins e.g. libpam-sss */ status = changeToRootUser(); if ( status < 0 ) { return status; } } /* Normal mode, fork/exec setuid program to do the Pam check */ status = runPamAuthCheck( pamAuthRequestInp->pamUser, pamAuthRequestInp->pamPassword ); if ( run_server_as_root ) { changeToServiceUser(); } if ( status == 256 ) { status = PAM_AUTH_PASSWORD_FAILED; } else { /* the exec failed or something (PamAuthCheck not built perhaps) */ if ( status != 0 ) { status = PAM_AUTH_NOT_BUILT_INTO_SERVER; } } if ( status ) { return status; } result->irodsPamPassword = ( char* )malloc( 100 ); if ( result->irodsPamPassword == 0 ) { return SYS_MALLOC_ERR; } status = chlUpdateIrodsPamPassword( rsComm, pamAuthRequestInp->pamUser, pamAuthRequestInp->timeToLive, NULL, &result->irodsPamPassword ); return status; }
int _rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp, pamAuthRequestOut_t **pamAuthRequestOut) { int status = 0; pamAuthRequestOut_t *result; *pamAuthRequestOut = (pamAuthRequestOut_t *) malloc(sizeof(pamAuthRequestOut_t)); memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t)); result = *pamAuthRequestOut; #if defined(PAM_AUTH) #ifdef RUN_SERVER_AS_ROOT /* uid == euid is needed for some plugins e.g. libpam-sss */ status = changeToRootUser(); if (status < 0) { return (status); } #endif /* Normal mode, fork/exec setuid program to do the Pam check */ status = runPamAuthCheck(pamAuthRequestInp->pamUser, pamAuthRequestInp->pamPassword); #ifdef RUN_SERVER_AS_ROOT changeToServiceUser(); #endif if (status == 256) { status = PAM_AUTH_PASSWORD_FAILED; } else { /* the exec failed or something (PamAuthCheck not built perhaps) */ if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER; } if (status) { return(status); } result->irodsPamPassword = (char*)malloc(100); if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR); status = chlUpdateIrodsPamPassword(rsComm, pamAuthRequestInp->pamUser, NULL, &result->irodsPamPassword); return(status); #else status = PAM_AUTH_NOT_BUILT_INTO_SERVER; return (status); #endif }
int _rsPamAuthRequest( rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp, pamAuthRequestOut_t **pamAuthRequestOut ) { int status = 0; pamAuthRequestOut_t *result; *pamAuthRequestOut = ( pamAuthRequestOut_t * ) malloc( sizeof( pamAuthRequestOut_t ) ); memset( ( char * )*pamAuthRequestOut, 0, sizeof( pamAuthRequestOut_t ) ); result = *pamAuthRequestOut; /* Normal mode, fork/exec setuid program to do the Pam check */ status = runPamAuthCheck( pamAuthRequestInp->pamUser, pamAuthRequestInp->pamPassword ); if ( status == 256 ) { status = PAM_AUTH_PASSWORD_FAILED; } else { /* the exec failed or something (PamAuthCheck not built perhaps) */ if ( status != 0 ) { status = PAM_AUTH_NOT_BUILT_INTO_SERVER; } } if ( status ) { return status; } result->irodsPamPassword = ( char* )malloc( 100 ); if ( result->irodsPamPassword == 0 ) { return SYS_MALLOC_ERR; } status = chlUpdateIrodsPamPassword( rsComm, pamAuthRequestInp->pamUser, pamAuthRequestInp->timeToLive, NULL, &result->irodsPamPassword ); return status; }