labs-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject svn commit: r744822 - in /labs/orthrus/trunk: SConstruct include/orthrus.h src/ui/pam/pam_orthrus.c src/userdb.c
Date Mon, 16 Feb 2009 06:54:58 GMT
Author: pquerna
Date: Mon Feb 16 06:54:58 2009
New Revision: 744822

URL: http://svn.apache.org/viewvc?rev=744822&view=rev
Log:
Stub out userdb support, and update the pam module to use what I think the userdb
API will look like.

Added:
    labs/orthrus/trunk/src/userdb.c   (with props)
Modified:
    labs/orthrus/trunk/SConstruct
    labs/orthrus/trunk/include/orthrus.h
    labs/orthrus/trunk/src/ui/pam/pam_orthrus.c

Modified: labs/orthrus/trunk/SConstruct
URL: http://svn.apache.org/viewvc/labs/orthrus/trunk/SConstruct?rev=744822&r1=744821&r2=744822&view=diff
==============================================================================
--- labs/orthrus/trunk/SConstruct (original)
+++ labs/orthrus/trunk/SConstruct Mon Feb 16 06:54:58 2009
@@ -49,7 +49,8 @@
 lib = env.SharedLibrary(target='orthrus-%d' % (orthrus_major),
                         source = ['src/core.c', 'src/error.c', 
                                   'src/hex.c', 'src/words.c',
-                                  'src/md4.c', 'src/md5.c', 'src/sha1.c'])
+                                  'src/md4.c', 'src/md5.c', 'src/sha1.c',
+                                  'src/userdb.c'])
 
 headers = env.Glob('include/*.h')
 

Modified: labs/orthrus/trunk/include/orthrus.h
URL: http://svn.apache.org/viewvc/labs/orthrus/trunk/include/orthrus.h?rev=744822&r1=744821&r2=744822&view=diff
==============================================================================
--- labs/orthrus/trunk/include/orthrus.h (original)
+++ labs/orthrus/trunk/include/orthrus.h Mon Feb 16 06:54:58 2009
@@ -51,6 +51,21 @@
 void orthrus_response_format_words(orthrus_response_t *reply,
                                    const char **output);
 
+  
+/* User DB Interfaces. */
+orthrus_error_t* orthrus_userdb_set(orthrus_t *ort, const char *path);
+
+orthrus_error_t* orthrus_userdb_get_challenge(orthrus_t *ort,
+                                              const char *username,
+                                              const char **challenge,
+                                              apr_pool_t *pool);
+
+orthrus_error_t* orthrus_userdb_verify(orthrus_t *ort,
+                                       const char *username,
+                                       const char *challenge,
+                                       const char *reply,
+                                       apr_pool_t *pool);
+  
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */

Modified: labs/orthrus/trunk/src/ui/pam/pam_orthrus.c
URL: http://svn.apache.org/viewvc/labs/orthrus/trunk/src/ui/pam/pam_orthrus.c?rev=744822&r1=744821&r2=744822&view=diff
==============================================================================
--- labs/orthrus/trunk/src/ui/pam/pam_orthrus.c (original)
+++ labs/orthrus/trunk/src/ui/pam/pam_orthrus.c Mon Feb 16 06:54:58 2009
@@ -77,25 +77,34 @@
 
 #include <pwd.h>
 #include <stdlib.h>
+#include <stdio.h>
 #include <unistd.h>
 
+#include <syslog.h>
+
+#include <apr_strings.h>
+
 #ifndef PAM_EXTERN
 #define PAM_EXTERN
 #endif
 
-#ifndef OPENPAM
-static char password_prompt[] = "Response:";
-#endif
+#define ORT_LOG_ERR(fmt, args...) syslog(LOG_ERR, fmt , ## args)
 
 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
                     int argc, const char *argv[])
 {
+  orthrus_t *ort;
+  apr_pool_t *pool;
+  orthrus_error_t *err;
+  const char *challenge;
+  const char *ortuserdb = "/etc/orthruskeys";
 #ifndef OPENPAM
 	struct pam_conv *conv;
 	struct pam_message msg;
 	const struct pam_message *msgp;
 	struct pam_response *resp;
+  char *password_prompt;
 #endif
 	struct passwd *pwd;
 	const char *user;
@@ -114,11 +123,37 @@
 		return (PAM_USER_UNKNOWN);
   }
   
+  apr_initialize();
+  apr_pool_create(&pool, NULL);
+
+  err = orthrus_create(pool, &ort);
+  if (err) {
+    ORT_LOG_ERR("pam_orthrus: create failed with: %s (%d)", err->msg, err->err);
+		return (PAM_SYSTEM_ERR);
+  }
+
+  /* TODO: Get params from PAM  and make a compile time default */
+  err = orthrus_userdb_set(ort, ortuserdb);
+  if (err) {
+    ORT_LOG_ERR("pam_orthrus: Failed to open userdb at '%s': %s (%d)", ortuserdb, err->msg,
err->err);
+		return (PAM_SYSTEM_ERR);
+  }
+
+  err = orthrus_userdb_get_challenge(ort, pwd->pw_name, &challenge, pool);
+  if (err) {
+		return (PAM_SYSTEM_ERR);
+  }
+
+  /* TODO: Figure out prompting in the 'new' OpenPAM */
 	/* get password */
 #ifndef OPENPAM
+  password_prompt = apr_psprintf(pool, "%s\nPassword:", challenge);
 	pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
-	if (pam_err != PAM_SUCCESS)
+	if (pam_err != PAM_SUCCESS) {
+    apr_pool_destroy(pool);
+    apr_terminate();
 		return (PAM_SYSTEM_ERR);
+  }
 	msg.msg_style = PAM_PROMPT_ECHO_OFF;
 	msg.msg = password_prompt;
 	msgp = &msg;
@@ -131,30 +166,46 @@
 		resp = NULL;
 		pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
 		if (resp != NULL) {
-			if (pam_err == PAM_SUCCESS)
+			if (pam_err == PAM_SUCCESS) {
 				password = resp->resp;
-			else
+      }
+			else {
 				free(resp->resp);
+      }
 			free(resp);
 		}
 #endif
-		if (pam_err == PAM_SUCCESS)
+		if (pam_err == PAM_SUCCESS) {
 			break;
+    }
 	}
-	if (pam_err == PAM_CONV_ERR)
+
+  free(password_prompt);
+	
+  if (pam_err == PAM_CONV_ERR) {
+    apr_pool_destroy(pool);
+    apr_terminate();
 		return (pam_err);
-	if (pam_err != PAM_SUCCESS)
+  }
+
+	if (pam_err != PAM_SUCCESS) {
+    apr_pool_destroy(pool);
+    apr_terminate();
 		return (PAM_AUTH_ERR);
+  }
   
 	/* compare passwords */
-	if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) ||
-	    (crypt_password = crypt(password, pwd->pw_passwd)) == NULL ||
-	    strcmp(crypt_password, pwd->pw_passwd) != 0) {
+  err = orthrus_userdb_verify(ort, pwd->pw_name,
+                              challenge, password, pool);
+  if (err) {
 		pam_err = PAM_AUTH_ERR;
   }
 	else {
 		pam_err = PAM_SUCCESS;
   }
+
+  apr_pool_destroy(pool);
+  apr_terminate();
 #ifndef OPENPAM
 	free(password);
 #endif

Added: labs/orthrus/trunk/src/userdb.c
URL: http://svn.apache.org/viewvc/labs/orthrus/trunk/src/userdb.c?rev=744822&view=auto
==============================================================================
--- labs/orthrus/trunk/src/userdb.c (added)
+++ labs/orthrus/trunk/src/userdb.c Mon Feb 16 06:54:58 2009
@@ -0,0 +1,40 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "orthrus.h"
+#include "private/context.h"
+
+orthrus_error_t* orthrus_userdb_set(orthrus_t *ort, const char *path)
+{
+  return orthrus_error_create(APR_ENOTIMPL, "userdb functionality is not complete");
+}
+
+orthrus_error_t* orthrus_userdb_get_challenge(orthrus_t *ort,
+                                              const char *username,
+                                              const char **challenge,
+                                              apr_pool_t *pool)
+{
+  return orthrus_error_create(APR_ENOTIMPL, "userdb functionality is not complete");
+}
+
+orthrus_error_t* orthrus_userdb_verify(orthrus_t *ort,
+                                       const char *username,
+                                       const char *challenge,
+                                       const char *reply,
+                                       apr_pool_t *pool)
+{
+  return orthrus_error_create(APR_ENOTIMPL, "userdb functionality is not complete");
+}

Propchange: labs/orthrus/trunk/src/userdb.c
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: labs/orthrus/trunk/src/userdb.c
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id

Propchange: labs/orthrus/trunk/src/userdb.c
------------------------------------------------------------------------------
    svn:mime-type = text/plain



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@labs.apache.org
For additional commands, e-mail: commits-help@labs.apache.org


Mime
View raw message