sbuild  1.7.2
auth.h
1 /* Copyright © 2005-2013 Roger Leigh <rleigh@debian.org>
2  *
3  * schroot is free software: you can redistribute it and/or modify it
4  * under the terms of the GNU General Public License as published by
5  * the Free Software Foundation, either version 3 of the License, or
6  * (at your option) any later version.
7  *
8  * schroot is distributed in the hope that it will be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11  * General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program. If not, see
15  * <http://www.gnu.org/licenses/>.
16  *
17  *********************************************************************/
18 
19 #ifndef SBUILD_AUTH_H
20 #define SBUILD_AUTH_H
21 
22 #include <sbuild/config.h>
23 #include <sbuild/custom-error.h>
24 #include <sbuild/environment.h>
25 #include <sbuild/types.h>
26 #include <sbuild/util.h>
27 
28 #include <string>
29 #include <memory>
30 
31 #include <sys/types.h>
32 #include <sys/wait.h>
33 #include <grp.h>
34 #include <pwd.h>
35 #include <unistd.h>
36 
37 namespace sbuild
38 {
42  namespace auth
43  {
44 
74  class auth
75  {
76  public:
78  enum status
79  {
83  };
84 
87  {
89  USER,
94  PAM,
96  };
97 
100 
102  typedef std::shared_ptr<auth> ptr;
103 
104  protected:
113  auth (const std::string& service_name);
114 
115  public:
119  virtual ~auth ();
120 
126  std::string const&
127  get_service () const;
128 
136  uid_t
137  get_uid () const;
138 
146  gid_t
147  get_gid () const;
148 
155  std::string const&
156  get_user () const;
157 
168  void
169  set_user (uid_t uid);
170 
181  void
182  set_user (const std::string& user);
183 
184  protected:
195  void
196  set_user (const passwd& pwent);
197 
198  public:
206  string_list const&
207  get_command () const;
208 
215  void
217 
224  std::string const&
225  get_home () const;
226 
233  std::string const&
234  get_wd () const;
235 
242  void
243  set_wd (const std::string& wd);
244 
253  std::string const&
254  get_shell () const;
255 
261  environment const&
262  get_user_environment () const;
263 
270  void
272 
278  void
280 
288  get_minimal_environment () const;
289 
298  get_complete_environment () const;
299 
306  virtual environment
307  get_auth_environment () const = 0;
308 
315  uid_t
316  get_ruid () const;
317 
324  gid_t
325  get_rgid () const;
326 
333  std::string const&
334  get_ruser () const;
335 
346  void
347  set_ruser (uid_t ruid);
348 
359  void
360  set_ruser (const std::string& ruser);
361 
362  protected:
373  void
374  set_ruser (const passwd& rpwent);
375  public:
376 
383  std::string const&
384  get_rgroup () const;
385 
392  virtual void
393  start ();
394 
401  virtual void
402  stop ();
403 
416  virtual void
417  authenticate (status auth_status);
418 
429  virtual void
430  setupenv ();
431 
437  virtual void
438  account ();
439 
445  virtual void
446  cred_establish ();
447 
453  virtual void
454  cred_delete ();
455 
461  virtual void
462  open_session ();
463 
469  virtual void
470  close_session ();
471 
481  static status
482  change_auth (status oldauth,
483  status newauth)
484  {
485  /* Ensure auth level always escalates. */
486  if (newauth > oldauth)
487  return newauth;
488  else
489  return oldauth;
490  }
491 
496  virtual bool
497  is_initialised () const = 0;
498 
499  protected:
501  const std::string service;
503  uid_t uid;
505  gid_t gid;
507  std::string user;
511  std::string home;
513  std::string wd;
515  std::string shell;
519  uid_t ruid;
521  gid_t rgid;
523  std::string ruser;
525  std::string rgroup;
526  };
527 
528  }
529 }
530 
531 #endif /* SBUILD_AUTH_H */
532 
533 /*
534  * Local Variables:
535  * mode:C++
536  * End:
537  */
std::string const & get_ruser() const
Get the "remote" name of the user.
Definition: auth.cc:334
Authentication failed.
Definition: auth.h:91
virtual void open_session()
Open a PAM session.
Definition: auth.cc:381
virtual bool is_initialised() const =0
Check if PAM is initialised (i.e.
std::string rgroup
The group name requesting authentication.
Definition: auth.h:525
environment user_environment
The user environment to set.
Definition: auth.h:517
Debian source builder components.
Definition: ctty.cc:31
User not found.
Definition: auth.h:89
gid_t gid
The gid to run as.
Definition: auth.h:505
uid_t get_uid() const
Get the uid of the user.
Definition: auth.cc:153
gid_t get_gid() const
Get the gid of the user.
Definition: auth.cc:159
static status change_auth(status oldauth, status newauth)
Set new authentication status.
Definition: auth.h:482
string_list const & get_command() const
Get the command to run in the session.
Definition: auth.cc:215
std::string const & get_home() const
Get the home directory.
Definition: auth.cc:227
void set_user_environment(char **environment)
Set the user environment to use in the session.
Definition: auth.cc:257
Authentication has failed.
Definition: auth.h:82
virtual void stop()
Stop the PAM system.
Definition: auth.cc:351
PAM was already initialised.
Definition: auth.h:93
std::string home
The home directory.
Definition: auth.h:511
environment get_complete_environment() const
Get the complete environment.
Definition: auth.cc:302
gid_t rgid
The gid requesting authentication.
Definition: auth.h:521
virtual void account()
Do PAM account management (authorisation).
Definition: auth.cc:366
Container of environment variables.
Definition: environment.h:38
error_code
Error codes.
Definition: auth.h:86
std::string ruser
The user name requesting authentication.
Definition: auth.h:523
Authentication is not required.
Definition: auth.h:80
virtual void cred_delete()
Use PAM to delete credentials.
Definition: auth.cc:376
std::string const & get_service() const
Get the PAM service name.
Definition: auth.cc:96
std::string const & get_user() const
Get the name of the user.
Definition: auth.cc:165
uid_t ruid
The uid requesting authentication.
Definition: auth.h:519
auth(const std::string &service_name)
The constructor.
Definition: auth.cc:61
void set_wd(const std::string &wd)
Set the working directory.
Definition: auth.cc:239
Authorisation failed.
Definition: auth.h:92
void set_ruser(uid_t ruid)
Set the "remote" name of the user.
Definition: auth.cc:102
environment get_minimal_environment() const
Get the minimal environment.
Definition: auth.cc:269
virtual void authenticate(status auth_status)
Perform PAM authentication.
Definition: auth.cc:356
std::string const & get_shell() const
Get the name of the shell.
Definition: auth.cc:245
std::vector< std::string > string_list
A string vector.
Definition: types.h:38
Custom error.
Definition: custom-error.h:31
virtual void close_session()
Close a PAM session.
Definition: auth.cc:386
PAM failed to shut down cleanly.
Definition: auth.h:95
virtual environment get_auth_environment() const =0
Get the PAM environment.
virtual void cred_establish()
Use PAM to establish credentials.
Definition: auth.cc:371
std::string const & get_rgroup() const
Get the "remote" name of the group.
Definition: auth.cc:340
PAM error.
Definition: auth.h:94
gid_t get_rgid() const
Get the "remote gid" of the user.
Definition: auth.cc:328
std::string wd
The directory to run in.
Definition: auth.h:513
custom_error< error_code > error
Exception type.
Definition: auth.h:99
std::shared_ptr< auth > ptr
A shared_ptr to a auth object.
Definition: auth.h:102
const std::string service
The PAM service name.
Definition: auth.h:501
System passwd database entry.
Definition: util.h:747
status
Authentication status.
Definition: auth.h:78
environment const & get_user_environment() const
Get the user environment to use in the session.
Definition: auth.cc:251
uid_t get_ruid() const
Get the "remote uid" of the user.
Definition: auth.cc:322
Group not found.
Definition: auth.h:90
Authentication is required by the user.
Definition: auth.h:81
std::string const & get_wd() const
Get the working directory.
Definition: auth.cc:233
virtual void start()
Start the PAM system.
Definition: auth.cc:346
string_list command
The command to run.
Definition: auth.h:509
virtual void setupenv()
Import the user environment into PAM.
Definition: auth.cc:361
std::string user
The user name to run as.
Definition: auth.h:507
void set_command(const string_list &command)
Set the command to run in the session.
Definition: auth.cc:221
uid_t uid
The uid to run as.
Definition: auth.h:503
virtual ~auth()
The destructor.
Definition: auth.cc:82
Failed to get hostname.
Definition: auth.h:88
Authentication handler.
Definition: auth.h:74
std::string shell
The user shell to run.
Definition: auth.h:515
void set_user(uid_t uid)
Set the name of the user.
Definition: auth.cc:171