pam: using network stream token for pam credentials

- not interactive mode uses pre-set credentials: @@username:<uname> @@password:<pw> without the <>
bareos · Nov 5, 2018 · 3873e33 · 3873e33
1 parent c63b803
commit 3873e33
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 16 deletions.
diff --git a/core/src/console/auth_pam.cc b/core/src/console/auth_pam.cc
@@ -52,8 +52,6 @@ bool ConsolePamAuthenticate(FILE *std_in, BareosSocket *UA_sock)
    btimer_t *tid = nullptr;
    char *userinput = nullptr;
 
-//   UA_sock->fsend("@@username:franku");
-
    while (!error && !quit) {
       switch(state) {
          case PamAuthState::INIT:

diff --git a/core/src/console/console.cc b/core/src/console/console.cc
@@ -1095,6 +1095,8 @@ int main(int argc, char *argv[])
 
 #if defined(HAVE_PAM)
    if (console_resource && console_resource->use_pam_authentication_) {
+//     UA_sock->fsend("@@username:franku");
+     Bmicrosleep(1,0);
      if (!ConsolePamAuthenticate(stdin, UA_sock)) {
        TerminateConsole(0);
        return 1;

diff --git a/core/src/dird/auth_pam.cc b/core/src/dird/auth_pam.cc
@@ -34,7 +34,7 @@ static const std::string service_name("bareos");
 struct PamData {
    BareosSocket *UA_sock_;
 
-   PamData(BareosSocket *UA_sock, std::string username) {
+   PamData(BareosSocket *UA_sock) {
       UA_sock_ = UA_sock;
    }
 };
@@ -142,7 +142,7 @@ bool PamAuthenticateUser(BareosSocket *UA_sock,
                               const std::string &password_in,
                               std::string& authenticated_username)
 {
-   std::unique_ptr<PamData> pam_callback_data(new PamData(UA_sock, username_in));
+   std::unique_ptr<PamData> pam_callback_data(new PamData(UA_sock));
    std::unique_ptr<struct pam_conv> pam_conversation_container(new struct pam_conv);
    struct pam_handle *pamh; /* pam session handle */
 

diff --git a/core/src/dird/authenticate.cc b/core/src/dird/authenticate.cc
@@ -285,30 +285,30 @@ static void AuthenticateNamedConsole(std::string console_name, UaContext *ua, bo
 }
 
 #if defined(HAVE_PAM)
-static void LookupOptionalPamUser(BareosSocket *ua_sock, std::string pam_username)
+static void LookupTokenFromSocketStream(BareosSocket *ua_sock, const std::string& token, std::string& output)
 {
   char buffer[128];
-  const std::string token {"@@username:"};
   memset(buffer, 0, sizeof(buffer));
+  int flags = ua_sock->SetNonblocking();
   int ret = ::recv(ua_sock->fd_, buffer, token.size(), MSG_PEEK);
   if (ret == (int)token.size()) {
     if (ua_sock->recv() <= 0) { return; }
     std::string temp(ua_sock->msg);
-    pam_username = temp.substr(temp.find(':')+1);
+    output = temp.substr(temp.find(':')+1);
   }
+  ua_sock->RestoreBlocking(flags);
 }
 
-static void LookupOptionalPamPassword(BareosSocket *ua_sock, std::string pam_password)
+static void LookupOptionalPamUser(BareosSocket *ua_sock, std::string& pam_username)
+{
+  const std::string token {"@@username:"};
+  LookupTokenFromSocketStream(ua_sock, token, pam_username);
+}
+
+static void LookupOptionalPamPassword(BareosSocket *ua_sock, std::string& pam_password)
 {
-  char buffer[128];
   const std::string token {"@@password:"};
-  memset(buffer, 0, sizeof(buffer));
-  int ret = ::recv(ua_sock->fd_, buffer, token.size(), MSG_PEEK);
-  if (ret == (int)token.size()) {
-    if (ua_sock->recv() <= 0) { return; }
-    std::string temp(ua_sock->msg);
-    pam_password = temp.substr(temp.find(':')+1);
-  }
+  LookupTokenFromSocketStream(ua_sock, token, pam_password);
 }
 #endif /* HAVE PAM */
 
@@ -329,6 +329,7 @@ static bool OptionalAuthenticatePamUser(std::string console_name, UaContext *ua,
   std::string pam_username;
   std::string pam_password;
 
+  Bmicrosleep(1,0);
   LookupOptionalPamUser(ua->UA_sock, pam_username);
   LookupOptionalPamPassword(ua->UA_sock, pam_password);