Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
162 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
// | ||
// Created by torsten on 17.04.18. | ||
// | ||
#include "pam_handler.h" | ||
|
||
#include "bareos.h" | ||
#include <cstring> | ||
#include <security/pam_appl.h> | ||
|
||
static const int debuglevel = 200; | ||
|
||
static const std::string service_name("bareos"); | ||
|
||
|
||
class PamData { | ||
std::string username_; | ||
std::string password_; | ||
|
||
public: | ||
PamData(std::string username, std::string password) { | ||
username_ = username; | ||
password_ = password; | ||
} | ||
|
||
private: | ||
inline int callback(int num_msg, const struct pam_message **msg, struct pam_response **resp) const; | ||
bool send(struct pam_response **response, const char *data) const; | ||
}; | ||
|
||
/// this is the PAM Handler Callback | ||
int PamData::callback( | ||
int num_msg, | ||
const struct pam_message **msg, | ||
struct pam_response **resp | ||
) const { | ||
if (!msg || !*msg || !resp) { | ||
return PAM_BUF_ERR; | ||
} | ||
|
||
const pam_message *m = *msg; | ||
|
||
if ((*resp = static_cast<pam_response *>(calloc(num_msg, sizeof(struct pam_response)))) == nullptr) { | ||
return PAM_BUF_ERR; | ||
} | ||
|
||
switch ((*msg)->msg_style) { | ||
case PAM_PROMPT_ECHO_OFF: { | ||
return send(resp, password_.c_str()) ? PAM_SUCCESS : PAM_CONV_ERR; | ||
} | ||
case PAM_PROMPT_ECHO_ON: { | ||
return send(resp, username_.c_str()) ? PAM_SUCCESS : PAM_CONV_ERR; | ||
} | ||
case PAM_ERROR_MSG: | ||
case PAM_TEXT_INFO: | ||
default: { | ||
(void) fprintf(stderr, "message[%d]: unknown type %d/val=\"%s\"\n", | ||
1, m->msg_style, m->msg); | ||
/* error, service module won't clean up */ | ||
} | ||
} | ||
free(resp); | ||
*resp = NULL; | ||
return PAM_CONV_ERR; | ||
} | ||
|
||
bool PamData::send( | ||
struct pam_response **response, | ||
const char *data) const { | ||
struct pam_response *resp = | ||
(struct pam_response *) calloc(1, sizeof(struct pam_response)); | ||
|
||
if (!resp) { | ||
return false; | ||
} | ||
resp->resp = bstrdup(data); | ||
resp->resp_retcode = resp->resp ? PAM_SUCCESS : PAM_BUF_ERR; | ||
*response = resp; | ||
return true; | ||
} | ||
|
||
/// PAM-Callback calls Bareos PAM-Handler | ||
static int conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { | ||
const pam_message *m = *msg; | ||
struct pam_response *r; | ||
|
||
PamData *pam_data = reinterpret_cast<PamData *>(appdata_ptr); | ||
|
||
} | ||
|
||
bool pam_authenticate_useragent(std::string username, std::string password) { | ||
|
||
PamData pam_data(username, password); | ||
|
||
const struct pam_conv pam_conversation = {conv, (void *) &pam_data}; | ||
|
||
pam_handle_t *pamh = nullptr; | ||
|
||
/* START */ | ||
int err = pam_start(service_name.c_str(), | ||
username.c_str(), | ||
&pam_conversation, | ||
&pamh); | ||
if (err != PAM_SUCCESS) { | ||
Dmsg1(debuglevel, "PAM start failed: %s", pam_strerror(pamh, err)); | ||
} | ||
|
||
/* AUTHENTICATE */ | ||
err = pam_authenticate(pamh, 0); | ||
if (err != PAM_SUCCESS) { | ||
Dmsg1(debuglevel, "PAM authentication failed: %s", pam_strerror(pamh, err)); | ||
} | ||
|
||
/* END */ | ||
err = pam_end(pamh, err); | ||
if (err != PAM_SUCCESS) { | ||
Dmsg1(debuglevel, "PAM end failed: %s", pam_strerror(pamh, err)); | ||
} | ||
|
||
return err == 0; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#ifndef BAREOS_PAM_H | ||
#define BAREOS_PAM_H | ||
|
||
#include <string> | ||
|
||
bool pam_authenticate_useragent(std::string username, std::string password); | ||
|
||
#endif //BAREOS_PAM_H |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters