00001
00002
00003
00004
00005
00006 #include <sys/wait.h>
00007
00008 #include "pamAuthRequest.h"
00009 #include "genQuery.h"
00010 #include "reGlobalsExtern.h"
00011 #include "icatHighLevelRoutines.h"
00012 #include "miscServerFunct.h"
00013
00014
00015 int
00016 rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
00017 pamAuthRequestOut_t **pamAuthRequestOut)
00018 {
00019 rodsServerHost_t *rodsServerHost;
00020 int status;
00021
00022 status = getAndConnRcatHost(rsComm, MASTER_RCAT,
00023 rsComm->clientUser.rodsZone, &rodsServerHost);
00024 if (status < 0) {
00025 return(status);
00026 }
00027 if (rodsServerHost->localFlag == LOCAL_HOST) {
00028 #ifdef RODS_CAT
00029 status = _rsPamAuthRequest(rsComm, pamAuthRequestInp,
00030 pamAuthRequestOut);
00031
00032 #else
00033 status = SYS_NO_RCAT_SERVER_ERR;
00034 #endif
00035 }
00036 else {
00037 #ifdef USE_SSL
00038
00039
00040 status = sslStart(rodsServerHost->conn);
00041 if (status) {
00042 rodsLog(LOG_NOTICE, "rsPamAuthRequest: could not establish SSL connection, status %d",
00043 status);
00044 return(status);
00045 }
00046 #else
00047 rodsLog(LOG_ERROR, "iRODS doesn't include SSL support, required for PAM authentication.");
00048 return SSL_NOT_BUILT_INTO_SERVER;
00049 #endif
00050
00051 status = rcPamAuthRequest(rodsServerHost->conn, pamAuthRequestInp,
00052 pamAuthRequestOut);
00053 #ifdef USE_SSL
00054 sslEnd(rodsServerHost->conn);
00055 #endif
00056 rcDisconnect(rodsServerHost->conn);
00057 rodsServerHost->conn = NULL;
00058 if (status < 0) {
00059 rodsLog(LOG_NOTICE, "rsPamAuthRequest: rcPamAuthRequest to remote server failed, status %d",
00060 status);
00061 }
00062 }
00063 return (status);
00064 }
00065
00066
00067 #ifdef RODS_CAT
00068
00069
00070
00071
00072
00073 #ifndef PAM_AUTH_CHECK_PROG
00074 #define PAM_AUTH_CHECK_PROG "./PamAuthCheck"
00075 #endif
00076 int
00077 runPamAuthCheck(char *username, char *password)
00078 {
00079 int p2cp[2];
00080 int pid, i;
00081 int status;
00082
00083 if (pipe(p2cp) < 0) {
00084 return(SYS_PIPE_ERROR);
00085 }
00086 pid = fork();
00087 if (pid == -1) {
00088 return(SYS_FORK_ERROR);
00089 }
00090
00091 if (pid) {
00092
00093
00094
00095
00096 write(p2cp[1], password, strlen(password));
00097 close(p2cp[1]);
00098 waitpid(pid,&status,0);
00099 return(status);
00100 }
00101 else {
00102
00103 close(0);
00104 dup (p2cp[0]);
00105 close (p2cp[1]);
00106 i = execl(PAM_AUTH_CHECK_PROG, PAM_AUTH_CHECK_PROG, username,
00107 (char *)NULL);
00108 perror("execl");
00109 printf("execl failed %d\n",i);
00110 }
00111 return(SYS_FORK_ERROR);
00112 }
00113
00114 int
00115 _rsPamAuthRequest (rsComm_t *rsComm, pamAuthRequestInp_t *pamAuthRequestInp,
00116 pamAuthRequestOut_t **pamAuthRequestOut) {
00117 int status = 0;
00118 pamAuthRequestOut_t *result;
00119
00120 *pamAuthRequestOut = (pamAuthRequestOut_t *)
00121 malloc(sizeof(pamAuthRequestOut_t));
00122 memset((char *)*pamAuthRequestOut, 0, sizeof(pamAuthRequestOut_t));
00123
00124 result = *pamAuthRequestOut;
00125
00126 #if defined(PAM_AUTH)
00127
00128 #ifdef RUN_SERVER_AS_ROOT
00129
00130 status = changeToRootUser();
00131 if (status < 0) {
00132 return (status);
00133 }
00134 #endif
00135
00136 status = runPamAuthCheck(pamAuthRequestInp->pamUser,
00137 pamAuthRequestInp->pamPassword);
00138 #ifdef RUN_SERVER_AS_ROOT
00139 changeToServiceUser();
00140 #endif
00141 if (status == 256) {
00142 status = PAM_AUTH_PASSWORD_FAILED;
00143 }
00144 else {
00145
00146 if (status != 0) status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
00147 }
00148
00149 if (status) {
00150 return(status);
00151 }
00152 result->irodsPamPassword = (char*)malloc(100);
00153 if (result->irodsPamPassword == 0) return (SYS_MALLOC_ERR);
00154 status = chlUpdateIrodsPamPassword(rsComm,
00155 pamAuthRequestInp->pamUser,
00156 pamAuthRequestInp->timeToLive,
00157 NULL,
00158 &result->irodsPamPassword);
00159 return(status);
00160 #else
00161 status = PAM_AUTH_NOT_BUILT_INTO_SERVER;
00162 return (status);
00163 #endif
00164 }
00165 #endif