Logo Search packages:      
Sourcecode: schroot version File versions  Download package

void auth::authenticate (  )  [inherited]

Perform PAM authentication. If required, the user will be prompted to authenticate themselves.

An error will be thrown on failure.

Definition at line 386 of file sbuild-auth.cc.

References sbuild::auth::get_auth_status(), sbuild::auth::pam, sbuild::auth::ruser, sbuild::auth::service, sbuild::auth::STATUS_FAIL, sbuild::auth::STATUS_NONE, sbuild::auth::STATUS_USER, and sbuild::auth::user.

Referenced by sbuild::auth::run().

{
  assert(!this->user.empty());
  assert(this->pam != 0); // PAM must be initialised

  int pam_status;

  if ((pam_status =
       pam_set_item(this->pam, PAM_RUSER, this->ruser.c_str())) != PAM_SUCCESS)
    {
      log_debug(DEBUG_WARNING) << "pam_set_item (PAM_RUSER) FAIL" << endl;
      format fmt(_("PAM set RUSER error: %1%"));
      fmt % pam_strerror(this->pam, pam_status);
      throw error(fmt);
    }

  long hl = 256; /* sysconf(_SC_HOST_NAME_MAX); BROKEN with Debian libc6 2.3.2.ds1-22 */

  char *hostname = new char[hl];
  if (gethostname(hostname, hl) != 0)
    {
      log_debug(DEBUG_CRITICAL) << "gethostname FAIL" << endl;
      format fmt(_("Failed to get hostname: %1%"));
      fmt % pam_strerror(this->pam, pam_status);
      throw error(fmt);
    }

  if ((pam_status =
       pam_set_item(this->pam, PAM_RHOST, hostname)) != PAM_SUCCESS)
    {
      log_debug(DEBUG_WARNING) << "pam_set_item (PAM_RHOST) FAIL" << endl;
      format fmt(_("PAM set RHOST error: %1%"));
      fmt % pam_strerror(this->pam, pam_status);
      throw error(fmt);
    }

  delete[] hostname;
  hostname = 0;

  const char *tty = ttyname(STDIN_FILENO);
  if (tty)
    {
      if ((pam_status =
         pam_set_item(this->pam, PAM_TTY, tty)) != PAM_SUCCESS)
      {
        log_debug(DEBUG_WARNING) << "pam_set_item (PAM_TTY) FAIL" << endl;
        format fmt(_("PAM set TTY error: %1%"));
        fmt % pam_strerror(this->pam, pam_status);
        throw error(fmt);
      }
    }

  /* Authenticate as required. */
  switch (get_auth_status())
    {
    case STATUS_NONE:
      if ((pam_status = pam_set_item(this->pam, PAM_USER, this->user.c_str()))
        != PAM_SUCCESS)
      {
        log_debug(DEBUG_WARNING) << "pam_set_item (PAM_USER) FAIL" << endl;
        format fmt(_("PAM set USER error: %1%"));
        fmt % pam_strerror(this->pam, pam_status);
        throw error(fmt);
      }
      break;

    case STATUS_USER:
      if ((pam_status = pam_authenticate(this->pam, 0)) != PAM_SUCCESS)
      {
        log_debug(DEBUG_INFO) << "pam_authenticate FAIL" << endl;
        syslog(LOG_AUTH|LOG_WARNING, "%s->%s Authentication failure",
             this->ruser.c_str(), this->user.c_str());
        format fmt(_("PAM authentication failed: %1%"));
        fmt % pam_strerror(this->pam, pam_status);
        throw error(fmt);
      }
      log_debug(DEBUG_NOTICE) << "pam_authenticate OK" << endl;
      break;

    case STATUS_FAIL:
      {
        log_debug(DEBUG_INFO) << "PAM auth premature FAIL" << endl;
        cerr << format(_("You do not have permission to access the %1% service."))
          % this->service
             << '\n'
             << _("This failure will be reported.")
             << endl;
        syslog(LOG_AUTH|LOG_WARNING,
             "%s->%s Unauthorised",
             this->ruser.c_str(), this->user.c_str());
        throw error(_("access not authorised"));
      }
    default:
      break;
    }
}


Generated by  Doxygen 1.6.0   Back to index