OW_AIXAuthentication.cpp

Go to the documentation of this file.
00001 /*******************************************************************************
00002 * Copyright (C) 2001-2004 Vintela, Inc. All rights reserved.
00003 *
00004 * Redistribution and use in source and binary forms, with or without
00005 * modification, are permitted provided that the following conditions are met:
00006 *
00007 *  - Redistributions of source code must retain the above copyright notice,
00008 *    this list of conditions and the following disclaimer.
00009 *
00010 *  - Redistributions in binary form must reproduce the above copyright notice,
00011 *    this list of conditions and the following disclaimer in the documentation
00012 *    and/or other materials provided with the distribution.
00013 *
00014 *  - Neither the name of Vintela, Inc. nor the names of its
00015 *    contributors may be used to endorse or promote products derived from this
00016 *    software without specific prior written permission.
00017 *
00018 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
00019 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00020 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00021 * ARE DISCLAIMED. IN NO EVENT SHALL Vintela, Inc. OR THE CONTRIBUTORS
00022 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
00023 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
00024 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00025 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
00026 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00027 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
00028 * POSSIBILITY OF SUCH DAMAGE.
00029 *******************************************************************************/
00030 
00037 #include "OW_config.h"
00038 #include "OW_Array.hpp"
00039 #include "OW_String.hpp"
00040 #include "OW_ConfigOpts.hpp"
00041 #include "OW_AuthenticatorIFC.hpp"
00042 #include "OW_Assertion.hpp"
00043 
00044 #include <string.h>
00045 
00046 #if defined(OW_AIX)
00047 extern "C"
00048 {
00049 #include <usersec.h>
00050 }
00051 #endif /* OW_AIX */
00052 
00053 #include "OW_Format.hpp"
00054 
00055 namespace OW_NAMESPACE
00056 {
00057 
00064 class AIXAuthentication : public AuthenticatorIFC
00065 {
00079 private:
00080    virtual bool doAuthenticate(String &userName, const String &info,
00081       String &details, OperationContext& context);
00082    virtual void doInit(ServiceEnvironmentIFCRef env);  
00083    String m_allowedUsers;
00084 };
00085 // See misc_conv.c in libpam for an example.
00087 bool AIXAuthentication::doAuthenticate(String &userName, const String &info,
00088    String &details, OperationContext& context)
00089 {
00090    bool successful = false;
00091 #if defined(OW_AIX)
00092    if (info.empty())
00093    {
00094       details = "You must authenticate to access this resource";
00095       return false;
00096    }
00097    Array<String> allowedUsers = m_allowedUsers.tokenize();
00098    bool nameFound = false;
00099    for (size_t i = 0; i < allowedUsers.size(); i++)
00100    {
00101       if (allowedUsers[i].equals(userName) 
00102                     || allowedUsers[i].equals("*"))
00103       {
00104          nameFound = true;
00105          break;
00106       }
00107    }
00108    if (!nameFound)
00109    {
00110       details = "You must authenticate to access this resource";
00111       return false;
00112    }
00113 
00114    // Variables used by authenticate.
00115    // Result is the return value (zero=success), reenter specifies if the password needs to be reentered (non-zero).
00116    int result, reenter;
00117    // FIXME! Allow variable attemps, or possibly find a way to re-request the password.
00118    int attempts_left = 3;
00119    char* message = NULL;
00120 
00121    char* pPasswd = strdup(info.c_str());
00122    char* pUserName = strdup(userName.c_str());
00123    // Just a test to make sure things won't go horribly wrong in the below loop.
00124    OW_ASSERT(pPasswd != NULL);
00125    OW_ASSERT(pUserName != NULL);
00126 
00127    do
00128    {
00129       result = ::authenticate(pUserName, pPasswd, &reenter, &message);
00130       --attempts_left;
00131    }
00132    while ( (attempts_left > 0) && reenter );
00133 
00134    free(pUserName);
00135    free(pPasswd);
00136    
00137    // Both should be 0 if the above loop was successful.
00138    if ( reenter || result )
00139    {
00140       if ( message )
00141       {
00142          details = message;
00143       }
00144       else if ( attempts_left <= 0 )
00145       {
00146          details = "Maximum authorization attempts made.";
00147       }
00148       else
00149       {
00150          details = "Unknown authentication failure.";
00151       }
00152    }
00153    if ( message )
00154    {
00155       free(message);
00156    }
00157 
00158    // FIXME! Potentially check to see if the password has expired, or that kind of stuff.
00159    
00160    successful = !reenter && !result;
00161 #else
00162    details = "Authentication type (AIX) not supported on this platform.";
00163 #endif /* OW_AIX */
00164    return successful;
00165 }
00166 
00167 void AIXAuthentication::doInit(ServiceEnvironmentIFCRef env)
00168 {
00169    m_allowedUsers = env->getConfigItem(ConfigOpts::PAM_ALLOWED_USERS_opt);
00170 }
00171 
00172 } // end namespace OW_NAMESPACE
00173 
00174 OW_AUTHENTICATOR_FACTORY(OpenWBEM::AIXAuthentication,aix);
00175 
00176
Generated on Thu Feb 9 08:47:49 2006 for openwbem by  doxygen 1.4.6