irods  4.2.8
About: iRODS (the integrated Rule Oriented Data System) is a distributed data-management system for creating data grids, digital libraries, persistent archives, and real-time data systems.
  Fossies Dox: irods-4.2.8.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  
libpam.cpp
Go to the documentation of this file.
1 // =-=-=-=-=-=-=-
2 // irods includes
3 #define USE_SSL 1
4 #include "sslSockComm.h"
5 
6 #include "rodsDef.h"
7 #include "msParam.h"
8 #include "rcConnect.h"
9 #include "authRequest.h"
10 #include "authResponse.h"
11 #include "authCheck.h"
12 #include "miscServerFunct.hpp"
13 #include "authPluginRequest.h"
14 #include "icatHighLevelRoutines.hpp"
15 
16 // =-=-=-=-=-=-=-
17 #include "irods_auth_plugin.hpp"
18 #include "irods_auth_constants.hpp"
19 #include "irods_pam_auth_object.hpp"
20 #include "irods_stacktrace.hpp"
21 #include "irods_kvp_string_parser.hpp"
22 #include "irods_client_server_negotiation.hpp"
23 
24 // =-=-=-=-=-=-=-
25 // boost includes
26 #include "boost/lexical_cast.hpp"
27 
28 // =-=-=-=-=-=-=-
29 // stl includes
30 #include <sstream>
31 #include <string>
32 #include <iostream>
33 #include <termios.h>
34 #include <unistd.h>
35 
36 // =-=-=-=-=-=-=-
37 // system includes
38 #include <sys/types.h>
39 #include <sys/wait.h>
40 
41 
42 int get64RandomBytes( char *buf );
43 
44 // =-=-=-=-=-=-=-
45 // establish context - take the auth request results and massage them
46 // for the auth response call
47 irods::error pam_auth_client_start(
48  irods::plugin_context& _ctx,
49  rcComm_t* _comm,
50  const char* _context ) {
51  irods::error result = SUCCESS();
52  irods::error ret;
53 
54  // =-=-=-=-=-=-=-
55  // validate incoming parameters
56  ret = _ctx.valid< irods::pam_auth_object >();
57  if ( ( result = ASSERT_PASS( ret, "Invalid plugin context." ) ).ok() ) {
58  if ( ( result = ASSERT_ERROR( _comm, SYS_INVALID_INPUT_PARAM, "Null comm pointer." ) ).ok() ) {
59  if ( ( result = ASSERT_ERROR( _context, SYS_INVALID_INPUT_PARAM, "Null context pointer." ) ).ok() ) {
60  // =-=-=-=-=-=-=-
61  // parse the kvp out of the _resp->username string
62  irods::kvp_map_t kvp;
63  irods::error ret = irods::parse_escaped_kvp_string( _context, kvp );
64  if ( ( result = ASSERT_PASS( ret, "Failed to parse the key-value pairs." ) ).ok() ) {
65  // =-=-=-=-=-=-=-
66  // simply cache the context string for a rainy day...
67  // or to pass to the auth client call later.
68  irods::pam_auth_object_ptr ptr = boost::dynamic_pointer_cast<
69  irods::pam_auth_object>(
70  _ctx.fco() );
71  ptr->context(_context);
72 
73  std::string password = kvp[ irods::AUTH_PASSWORD_KEY ];
74  std::string ttl_str = kvp[ irods::AUTH_TTL_KEY ];
75 
76  // =-=-=-=-=-=-=-
77  // prompt for a password if necessary
78  char new_password[ MAX_PASSWORD_LEN + 2 ];
79  if ( password.empty() ) {
80 #ifdef WIN32
81  HANDLE hStdin = GetStdHandle( STD_INPUT_HANDLE );
82  DWORD mode;
83  GetConsoleMode( hStdin, &mode );
84  DWORD lastMode = mode;
85  mode &= ~ENABLE_ECHO_INPUT;
86  BOOL error = !SetConsoleMode( hStdin, mode );
87  int errsv = -1;
88 #else
89  struct termios tty;
90  tcgetattr( STDIN_FILENO, &tty );
91  tcflag_t oldflag = tty.c_lflag;
92  tty.c_lflag &= ~ECHO;
93  int error = tcsetattr( STDIN_FILENO, TCSANOW, &tty );
94  int errsv = errno;
95 #endif
96  if ( error ) {
97  printf( "WARNING: Error %d disabling echo mode. Password will be displayed in plaintext.", errsv );
98  }
99  printf( "Enter your current PAM password:" );
100  std::string password = "";
101  getline( std::cin, password );
102  strncpy( new_password, password.c_str(), MAX_PASSWORD_LEN );
103  printf( "\n" );
104 #ifdef WIN32
105  if ( !SetConsoleMode( hStdin, lastMode ) ) {
106  printf( "Error reinstating echo mode." );
107  }
108 #else
109  tty.c_lflag = oldflag;
110  if ( tcsetattr( STDIN_FILENO, TCSANOW, &tty ) ) {
111  printf( "Error reinstating echo mode." );
112  }
113 #endif
114 
115  // =-=-=-=-=-=-=-
116  // rebuilt and reset context string
117  irods::kvp_map_t ctx_map;
118  ctx_map[irods::AUTH_TTL_KEY] = ttl_str;
119  ctx_map[irods::AUTH_PASSWORD_KEY] = new_password;
120  std::string ctx_str = irods::escaped_kvp_string(
121  ctx_map);
122  ptr->context( ctx_str );
123 
124  }
125 
126 
127  // =-=-=-=-=-=-=-
128  // set the user name from the conn
129  ptr->user_name( _comm->proxyUser.userName );
130 
131  // =-=-=-=-=-=-=-
132  // set the zone name from the conn
133  ptr->zone_name( _comm->proxyUser.rodsZone );
134  }
135  }
136  }
137  }
138 
139  return result;
140 
141 } // pam_auth_client_start
142 
143 // =-=-=-=-=-=-=-
144 // handle an agent-side auth request call
145 irods::error pam_auth_client_request(
146  irods::plugin_context& _ctx,
147  rcComm_t* _comm ) {
148  // =-=-=-=-=-=-=-
149  // validate incoming parameters
150  if ( !_ctx.valid< irods::pam_auth_object >().ok() ) {
151  return ERROR(
152  SYS_INVALID_INPUT_PARAM,
153  "invalid plugin context" );
154 
155  }
156  else if ( !_comm ) {
157  return ERROR(
158  SYS_INVALID_INPUT_PARAM,
159  "null comm ptr" );
160 
161  }
162 
163  // =-=-=-=-=-=-=-
164  // get the auth object
165  irods::pam_auth_object_ptr ptr = boost::dynamic_pointer_cast <
166  irods::pam_auth_object > ( _ctx.fco() );
167  // =-=-=-=-=-=-=-
168  // get the context string
169  std::string context = ptr->context( );
170  if ( context.empty() ) {
171  return ERROR(
172  SYS_INVALID_INPUT_PARAM,
173  "empty plugin context string" );
174  }
175 
176  // =-=-=-=-=-=-=-
177  // expand the context string then append the auth scheme
178  // and user name, then reencode into a string
179  irods::kvp_map_t ctx_map;
180  irods::error ret = irods::parse_escaped_kvp_string(
181  context,
182  ctx_map);
183  if( !ret.ok() ) {
184  return PASS(ret);
185  }
186 
187  ctx_map[irods::AUTH_USER_KEY]=ptr->user_name();
188  std::string ctx_str = irods::escaped_kvp_string(
189  ctx_map);
190 
191  // =-=-=-=-=-=-=-
192  // error check string size against MAX_NAME_LEN
193  if ( context.size() > MAX_NAME_LEN ) {
194  return ERROR(
195  -1,
196  "context string > max name len" );
197  }
198 
199  // =-=-=-=-=-=-=-
200  // copy the context to the req in struct
201  authPluginReqInp_t req_in;
202  strncpy(
203  req_in.context_,
204  ctx_str.c_str(),
205  ctx_str.size() + 1 );
206 
207  // =-=-=-=-=-=-=-
208  // copy the auth scheme to the req in struct
209  strncpy(
210  req_in.auth_scheme_,
211  irods::AUTH_PAM_SCHEME.c_str(),
212  irods::AUTH_PAM_SCHEME.size() + 1 );
213 
214  // =-=-=-=-=-=-=-
215  // check to see if SSL is currently in place
216  bool using_ssl = ( irods::CS_NEG_USE_SSL == _comm->negotiation_results );
217 
218  // =-=-=-=-=-=-=-
219  // warm up SSL if it is not already in use
220  if ( !using_ssl ) {
221  int err = sslStart( _comm );
222  if ( err ) {
223  return ERROR( err, "failed to enable ssl" );
224  }
225  }
226 
227  // =-=-=-=-=-=-=-
228  // make the call to our auth request
229  authPluginReqOut_t* req_out = 0;
230  int status = rcAuthPluginRequest( _comm, &req_in, &req_out );
231 
232  // =-=-=-=-=-=-=-
233  // shut down SSL if it was not already in use
234  if ( !using_ssl ) {
235  sslEnd( _comm );
236  }
237 
238  // =-=-=-=-=-=-=-
239  // handle errors and exit
240  if ( status < 0 ) {
241  return ERROR( status, "call to rcAuthRequest failed." );
242  }
243  else {
244  // =-=-=-=-=-=-=-
245  // copy over the resulting irods pam pasword
246  // and cache the result in our auth object
247  ptr->request_result( req_out->result_ );
248  status = obfSavePw( 0, 0, 0, req_out->result_ );
249  free( req_out );
250  return SUCCESS();
251 
252  }
253 
254 } // pam_auth_client_request
255 
259 #ifndef PAM_AUTH_CHECK_PROG
260 #define PAM_AUTH_CHECK_PROG "./irodsPamAuthCheck"
261 #endif
262 int run_pam_auth_check(
263  const std::string& _username,
264  const std::string& _password ) {
265 
266  int p2cp[2]; /* parent to child pipe */
267  int pid, i;
268  int status;
269 
270  if ( pipe( p2cp ) < 0 ) {
271  return SYS_PIPE_ERROR;
272  }
273  pid = fork();
274  if ( pid == -1 ) {
275  return SYS_FORK_ERROR;
276  }
277 
278  if ( pid ) {
279  /*
280  This is still the parent. Write the message to the child and
281  then wait for the exit and status.
282  */
283  if ( write( p2cp[1], _password.c_str(), _password.size() ) == -1 ) {
284  int errsv = errno;
285  irods::log( ERROR( errsv, "Error writing from parent to child." ) );
286  }
287  close( p2cp[1] );
288  waitpid( pid, &status, 0 );
289  return status;
290  }
291  else {
292  /* This is the child */
293  if ( dup2( p2cp[0], STDIN_FILENO ) == -1 ) { /* Make stdin come from read end of the pipe */
294  int errsv = errno;
295  irods::log( ERROR( errsv, "Error duplicating the file descriptor." ) );
296  }
297  close( p2cp[1] );
298  i = execl( PAM_AUTH_CHECK_PROG, PAM_AUTH_CHECK_PROG, _username.c_str(),
299  ( char * )NULL );
300  perror( "execl" );
301  printf( "execl failed %d\n", i );
302  }
303  return ( SYS_FORK_ERROR ); /* avoid compiler warning */
304 
305 } // run_pam_auth_check
306 
307 #ifdef RODS_SERVER
308 // =-=-=-=-=-=-=-
309 // handle an agent-side auth request call
310 irods::error pam_auth_agent_request(
311  irods::plugin_context& _ctx ) {
312  // =-=-=-=-=-=-=-
313  // validate incoming parameters
314  if ( !_ctx.valid< irods::pam_auth_object >().ok() ) {
315  return ERROR( SYS_INVALID_INPUT_PARAM, "invalid plugin context" );
316  }
317 
318  // =-=-=-=-=-=-=-
319  // get the server host handle
320  rodsServerHost_t* server_host = 0;
321  int status = getAndConnRcatHost(
322  _ctx.comm(),
323  MASTER_RCAT,
324  ( const char* )_ctx.comm()->clientUser.rodsZone,
325  &server_host );
326  if ( status < 0 ) {
327  return ERROR( status, "getAndConnRcatHost failed." );
328  }
329 
330  // =-=-=-=-=-=-=-
331  // simply cache the context string for a rainy day...
332  // or to pass to the auth client call later.
333  irods::pam_auth_object_ptr ptr = boost::dynamic_pointer_cast <
334  irods::pam_auth_object > ( _ctx.fco() );
335  std::string context = ptr->context( );
336 
337  // =-=-=-=-=-=-=-
338  // if we are not the catalog server, redirect the call
339  // to there
340  if ( server_host->localFlag != LOCAL_HOST ) {
341  // =-=-=-=-=-=-=-
342  // protect the PAM plain text password by
343  // using an SSL connection to the remote ICAT
344  status = sslStart( server_host->conn );
345  if ( status ) {
346  return ERROR( status, "could not establish SSL connection" );
347  }
348 
349  // =-=-=-=-=-=-=-
350  // manufacture structures for the redirected call
351  authPluginReqOut_t* req_out = 0;
352  authPluginReqInp_t req_inp;
353  strncpy( req_inp.auth_scheme_, irods::AUTH_PAM_SCHEME.c_str(), irods::AUTH_PAM_SCHEME.size() + 1 );
354  strncpy( req_inp.context_, context.c_str(), context.size() + 1 );
355 
356  // =-=-=-=-=-=-=-
357  // make the redirected call
358  status = rcAuthPluginRequest( server_host->conn, &req_inp, &req_out );
359 
360  // =-=-=-=-=-=-=-
361  // shut down ssl on the connection
362  sslEnd( server_host->conn );
363 
364  // =-=-=-=-=-=-=-
365  // disconnect
366  rcDisconnect( server_host->conn );
367  server_host->conn = NULL;
368  if ( !req_out || status < 0 ) {
369  return ERROR( status, "redirected rcAuthPluginRequest failed." );
370  }
371  else {
372  // =-=-=-=-=-=-=-
373  // set the result for communication back to the client
374  ptr->request_result( req_out->result_ );
375  if ( _ctx.comm()->auth_scheme != NULL ) {
376  free( _ctx.comm()->auth_scheme );
377  }
378  _ctx.comm()->auth_scheme = strdup( irods::AUTH_PAM_SCHEME.c_str() );
379  return SUCCESS();
380 
381  }
382 
383  } // if !localhost
384 
385  // =-=-=-=-=-=-=-
386  // parse the kvp out of the _resp->username string
387  irods::kvp_map_t kvp;
388  irods::error ret = irods::parse_escaped_kvp_string(
389  context,
390  kvp);
391  if ( !ret.ok() ) {
392  return PASS( ret );
393  }
394 
395  if ( kvp.find( irods::AUTH_USER_KEY ) == kvp.end() ||
396  kvp.find( irods::AUTH_TTL_KEY ) == kvp.end() ||
397  kvp.find( irods::AUTH_PASSWORD_KEY ) == kvp.end() ) {
398  return ERROR( SYS_INVALID_INPUT_PARAM, "user or ttl or password key missing" );
399  }
400 
401  std::string user_name = kvp[ irods::AUTH_USER_KEY ];
402  std::string password = kvp[ irods::AUTH_PASSWORD_KEY ];
403  std::string ttl_str = kvp[ irods::AUTH_TTL_KEY ];
404  int ttl = 0;
405  if ( !ttl_str.empty() ) {
406  ttl = boost::lexical_cast<int>( ttl_str );
407  }
408 
409  // =-=-=-=-=-=-=-
410  // Normal mode, fork/exec setuid program to do the Pam check
411  status = run_pam_auth_check( user_name, password );
412  if ( status == 256 ) {
413  return ERROR( PAM_AUTH_PASSWORD_FAILED, "pam auth check failed" );
414  }
415  else if ( status ) {
416  return ERROR( status, "pam auth check failed" );
417  }
418 
419  // =-=-=-=-=-=-=-
420  // request the resulting irods password after the handshake
421  char password_out[ MAX_NAME_LEN ];
422  char* pw_ptr = &password_out[0];
423  status = chlUpdateIrodsPamPassword( _ctx.comm(), const_cast< char* >( user_name.c_str() ), ttl, NULL, &pw_ptr );
424 
425  // =-=-=-=-=-=-=-
426  // set the result for communication back to the client
427  ptr->request_result( password_out );
428 
429  // =-=-=-=-=-=-=-
430  // win!
431  if ( _ctx.comm()->auth_scheme != NULL ) {
432  free( _ctx.comm()->auth_scheme );
433  }
434  _ctx.comm()->auth_scheme = strdup( "pam" );
435  return SUCCESS();
436 
437 } // pam_auth_agent_request
438 #endif
439 
440 // =-=-=-=-=-=-=-
441 // establish context - take the auth request results and massage them
442 // for the auth response call
443 irods::error pam_auth_establish_context(
444  irods::plugin_context& _ctx ) {
445  // =-=-=-=-=-=-=-
446  // validate incoming parameters
447  if ( !_ctx.valid< irods::pam_auth_object >().ok() ) {
448  return ERROR(
449  SYS_INVALID_INPUT_PARAM,
450  "invalid plugin context" );
451 
452  }
453 
454  return SUCCESS();
455 
456 } // pam_auth_establish_context
457 
458 #ifdef RODS_SERVER
459 // =-=-=-=-=-=-=-
460 // stub for ops that the native plug does
461 // not need to support
462 irods::error pam_auth_agent_start(
463  irods::plugin_context&,
464  const char*) {
465  return SUCCESS();
466 
467 } // native_auth_success_stub
468 
469 irods::error pam_auth_agent_response(
470  irods::plugin_context& _ctx,
471  authResponseInp_t* _resp ) {
472  return SUCCESS();
473 }
474 
475 irods::error pam_auth_agent_verify(
476  irods::plugin_context& ,
477  const char* ,
478  const char* ,
479  const char* ) {
480  return SUCCESS();
481 
482 }
483 #endif
484 
485 irods::error pam_auth_client_response(
486  irods::plugin_context& _ctx,
487  rcComm_t* _comm ) {
488  return SUCCESS();
489 }
490 
491 // =-=-=-=-=-=-=-
492 // derive a new pam_auth auth plugin from
493 // the auth plugin base class for handling
494 // native authentication
495 class pam_auth_plugin : public irods::auth {
496  public:
497  pam_auth_plugin(
498  const std::string& _nm,
499  const std::string& _ctx ) :
500  irods::auth(
501  _nm,
502  _ctx ) {
503  } // ctor
504 
505  ~pam_auth_plugin() {
506  }
507 
508 }; // class pam_auth_plugin
509 
510 // =-=-=-=-=-=-=-
511 // factory function to provide instance of the plugin
512 extern "C"
513 irods::auth* plugin_factory(
514  const std::string& _inst_name,
515  const std::string& _context ) {
516  // =-=-=-=-=-=-=-
517  // create an auth object
518  pam_auth_plugin* pam = new pam_auth_plugin(
519  _inst_name,
520  _context );
521 
522  // =-=-=-=-=-=-=-
523  // fill in the operation table mapping call
524  // names to function names
525  using namespace irods;
526  using namespace std;
527  pam->add_operation(
528  AUTH_ESTABLISH_CONTEXT,
529  function<error(plugin_context&)>(
530  pam_auth_establish_context ) );
531  pam->add_operation<rcComm_t*,const char*>(
532  AUTH_CLIENT_START,
533  function<error(plugin_context&,rcComm_t*,const char*)>(
534  pam_auth_client_start ) );
535  pam->add_operation<rcComm_t*>(
536  AUTH_CLIENT_AUTH_REQUEST,
537  function<error(plugin_context&,rcComm_t*)>(
538  pam_auth_client_request ) );
539  pam->add_operation<rcComm_t*>(
540  AUTH_CLIENT_AUTH_RESPONSE,
541  function<error(plugin_context&,rcComm_t*)>(
542  pam_auth_client_response ) );
543 #ifdef RODS_SERVER
544  pam->add_operation<const char*>(
545  AUTH_AGENT_START,
546  function<error(plugin_context&,const char*)>(
547  pam_auth_agent_start ) );
548  pam->add_operation(
549  AUTH_AGENT_AUTH_REQUEST,
550  function<error(plugin_context&)>(
551  pam_auth_agent_request ) );
552  pam->add_operation<authResponseInp_t*>(
553  AUTH_AGENT_AUTH_RESPONSE,
554  function<error(plugin_context&,authResponseInp_t*)>(
555  pam_auth_agent_response ) );
556  pam->add_operation<const char*,const char*,const char*>(
557  AUTH_AGENT_AUTH_VERIFY,
558  function<error(plugin_context&,const char*,const char*,const char*)>(
559  pam_auth_agent_verify ) );
560 #endif
561  irods::auth* auth = dynamic_cast< irods::auth* >( pam );
562 
563  return auth;
564 
565 } // plugin_factory
irods::AUTH_TTL_KEY
const std::string AUTH_TTL_KEY("a_ttl")
rcComm_t
Definition: rcConnect.h:95
NULL
#define NULL
Definition: rodsDef.h:70
rodsServerHost::localFlag
int localFlag
Definition: rodsConnect.h:68
irods::AUTH_ESTABLISH_CONTEXT
const std::string AUTH_ESTABLISH_CONTEXT("auth_establish_context")
irods::AUTH_CLIENT_START
const std::string AUTH_CLIENT_START("auth_client_start")
authPluginRequest.h
msParam.h
irods::plugin_context::valid
virtual error valid()
Definition: irods_plugin_context.hpp:77
rodsServerHost::conn
rcComm_t * conn
Definition: rodsConnect.h:64
PAM_AUTH_PASSWORD_FAILED
@ PAM_AUTH_PASSWORD_FAILED
Definition: rodsErrorTable.h:566
userInfo_t::userName
char userName[64]
Definition: rodsUser.h:66
rcComm_t::proxyUser
userInfo_t proxyUser
Definition: rcConnect.h:103
irods_stacktrace.hpp
rsComm_t::auth_scheme
char * auth_scheme
Definition: rcConnect.h:177
PASS
#define PASS(prev_error_)
Definition: irods_error.hpp:118
sslSockComm.h
irods::auth::auth
auth(const std::string &_inst, const std::string &_ctx)
Definition: irods_auth_plugin.hpp:19
irods::auth_object::context
virtual std::string context() const
Definition: irods_auth_object.hpp:36
pam_auth_client_request
irods::error pam_auth_client_request(irods::plugin_context &_ctx, rcComm_t *_comm)
Definition: libpam.cpp:145
irods::pam_auth_object_ptr
boost::shared_ptr< pam_auth_object > pam_auth_object_ptr
Definition: irods_pam_auth_object.hpp:52
rcConnect.h
run_pam_auth_check
int run_pam_auth_check(const std::string &_username, const std::string &_password)
Definition: libpam.cpp:262
irods::AUTH_AGENT_AUTH_RESPONSE
const std::string AUTH_AGENT_AUTH_RESPONSE("auth_agent_auth_response")
LOCAL_HOST
#define LOCAL_HOST
Definition: rodsConnect.h:44
AuthPluginReqOut
Definition: authPluginRequest.h:12
irods::escaped_kvp_string
std::string escaped_kvp_string(const kvp_map_t &_kvp)
Definition: irods_kvp_string_parser.cpp:214
irods::plugin_context
Definition: irods_plugin_context.hpp:18
irods::AUTH_CLIENT_AUTH_REQUEST
const std::string AUTH_CLIENT_AUTH_REQUEST("auth_agent_client_request")
SYS_INVALID_INPUT_PARAM
@ SYS_INVALID_INPUT_PARAM
Definition: rodsErrorTable.h:195
PAM_AUTH_CHECK_PROG
#define PAM_AUTH_CHECK_PROG
Definition: libpam.cpp:260
authRequest.h
MAX_PASSWORD_LEN
#define MAX_PASSWORD_LEN
Definition: authenticate.h:9
irods::AUTH_AGENT_AUTH_REQUEST
const std::string AUTH_AGENT_AUTH_REQUEST("auth_agent_auth_request")
irods_auth_constants.hpp
irods::auth
Definition: irods_auth_plugin.hpp:17
ASSERT_ERROR
#define ASSERT_ERROR(expr_, code_, format_,...)
Definition: irods_error.hpp:123
irods::AUTH_PASSWORD_KEY
const std::string AUTH_PASSWORD_KEY("a_pw")
SUCCESS
#define SUCCESS()
Definition: irods_error.hpp:121
irods::plugin_context::comm
virtual rsComm_t * comm()
Definition: irods_plugin_context.hpp:95
irods::parse_escaped_kvp_string
error parse_escaped_kvp_string(const std::string &_str, kvp_map_t &_kvp, const std::string &_association=KVP_DEF_ASSOCIATION, const std::string &_delimeter=KVP_DEF_DELIMITER, const std::string &_escape=KVP_DEF_ESCAPE)
Definition: irods_kvp_string_parser.cpp:106
irods::pam_auth_object
Definition: irods_pam_auth_object.hpp:21
AuthPluginReqOut::result_
char result_[(1024+64)]
Definition: authPluginRequest.h:13
irods
Definition: apiHandler.hpp:35
pid_age.pid
pid
Definition: pid_age.py:12
getline
int getline(char *s, int n, FILE *f)
Definition: ruleAdmin.cpp:317
authResponseInp_t
Definition: authResponse.h:6
rodsDef.h
pam_auth_establish_context
irods::error pam_auth_establish_context(irods::plugin_context &_ctx)
Definition: libpam.cpp:443
irods::CS_NEG_USE_SSL
const std::string CS_NEG_USE_SSL("CS_NEG_USE_SSL")
irods_pam_auth_object.hpp
get64RandomBytes
int get64RandomBytes(char *buf)
Definition: rcMisc.cpp:1371
authCheck.h
obfSavePw
int obfSavePw(int promptOpt, int fileOpt, int printOpt, const char *pwArg)
Definition: obf.cpp:281
MAX_NAME_LEN
#define MAX_NAME_LEN
Definition: rodsDef.h:61
sslEnd
int sslEnd(rcComm_t *rcComm)
Definition: sslSockComm.cpp:95
irods::AUTH_PAM_SCHEME
const std::string AUTH_PAM_SCHEME("pam")
SYS_FORK_ERROR
@ SYS_FORK_ERROR
Definition: rodsErrorTable.h:116
irods::AUTH_USER_KEY
const std::string AUTH_USER_KEY("a_user")
ASSERT_PASS
#define ASSERT_PASS(prev_error_, format_,...)
Definition: irods_error.hpp:124
irods.pypyodbc.status
status
Definition: pypyodbc.py:467
userInfo_t::rodsZone
char rodsZone[64]
Definition: rodsUser.h:67
irods::log
void log(const error &)
Definition: irods_log.cpp:13
irods::AUTH_AGENT_START
const std::string AUTH_AGENT_START("auth_agent_start")
rsComm_t::clientUser
userInfo_t clientUser
Definition: rcConnect.h:153
ERROR
#define ERROR(code_, message_)
Definition: irods_error.hpp:117
irods::error
Definition: irods_error.hpp:23
AuthPluginReqInp::context_
char context_[(1024+64)]
Definition: authPluginRequest.h:8
AuthPluginReqInp
Definition: authPluginRequest.h:6
miscServerFunct.hpp
SYS_PIPE_ERROR
@ SYS_PIPE_ERROR
Definition: rodsErrorTable.h:117
getAndConnRcatHost
int getAndConnRcatHost(rsComm_t *rsComm, int rcatType, const char *rcatZoneHint, rodsServerHost_t **rodsServerHost)
Definition: rodsConnect.cpp:26
pam_auth_client_response
irods::error pam_auth_client_response(irods::plugin_context &_ctx, rcComm_t *_comm)
Definition: libpam.cpp:485
pam_auth_plugin::~pam_auth_plugin
~pam_auth_plugin()
Definition: libpam.cpp:505
sslStart
int sslStart(rcComm_t *rcComm)
Definition: sslSockComm.cpp:35
irods_auth_plugin.hpp
MASTER_RCAT
#define MASTER_RCAT
Definition: rodsDef.h:85
authResponse.h
pam_auth_client_start
irods::error pam_auth_client_start(irods::plugin_context &_ctx, rcComm_t *_comm, const char *_context)
Definition: libpam.cpp:47
rodsServerHost
Definition: rodsConnect.h:62
rcDisconnect
int rcDisconnect(rcComm_t *conn)
Definition: rcConnect.cpp:246
error
int error
Definition: filesystem.cpp:101
pam_auth_plugin
Definition: libpam.cpp:495
irods::plugin_base::add_operation
error add_operation(const std::string &_op, std::function< error(plugin_context &)> _f)
Definition: irods_plugin_base.hpp:122
irods::plugin_context::fco
virtual first_class_object_ptr fco()
Definition: irods_plugin_context.hpp:102
irods_kvp_string_parser.hpp
icatHighLevelRoutines.hpp
irods::AUTH_AGENT_AUTH_VERIFY
const std::string AUTH_AGENT_AUTH_VERIFY("auth_agent_auth_verify")
AuthPluginReqInp::auth_scheme_
char auth_scheme_[(1024+64)]
Definition: authPluginRequest.h:7
mode
int mode
Definition: filesystem.cpp:104
rcAuthPluginRequest
int rcAuthPluginRequest(rcComm_t *server_comm_ptr, authPluginReqInp_t *incoming_struct_with_scheme, authPluginReqOut_t **response_from_agent)
Definition: rcAuthPluginRequest.cpp:6
irods::kvp_map_t
std::map< std::string, std::string > kvp_map_t
Definition: irods_kvp_string_parser.hpp:30
chlUpdateIrodsPamPassword
int chlUpdateIrodsPamPassword(rsComm_t *rsComm, const char *userName, int timeToLive, const char *testTime, char **irodsPassword)
Definition: icatHighLevelRoutines.cpp:2046
irods::AUTH_CLIENT_AUTH_RESPONSE
const std::string AUTH_CLIENT_AUTH_RESPONSE("auth_agent_client_response")
irods::error::ok
bool ok()
Definition: irods_error.cpp:258
buf
static char buf[64+50+1]
Definition: rsAuthRequest.cpp:21
irods_client_server_negotiation.hpp
rcComm_t::negotiation_results
char negotiation_results[(1024+64)]
Definition: rcConnect.h:125
plugin_factory
irods::auth * plugin_factory(const std::string &_inst_name, const std::string &_context)
Definition: libpam.cpp:513
pam_auth_plugin::pam_auth_plugin
pam_auth_plugin(const std::string &_nm, const std::string &_ctx)
Definition: libpam.cpp:497