Browse code
checkpoint
Greg Wiley authored on 13/04/2017 17:54:49
Showing 4 changed files
Showing 4 changed files
... | ... |
@@ -3,6 +3,18 @@ |
3 | 3 |
|
4 | 4 |
#include <security/pam_modules.h> |
5 | 5 |
|
6 |
+class token_conversation { |
|
7 |
+ public: |
|
8 |
+ virtual ~token_conversation() {} |
|
9 |
+ virtual std::string token() = 0; |
|
10 |
+ virtual std::string user_name() = 0; |
|
11 |
+} |
|
12 |
+ |
|
13 |
+class pam_token_conversation : token_conversation { |
|
14 |
+ public: |
|
15 |
+ pam_token_conversation(pam_handle_t *pamh); |
|
16 |
+} |
|
17 |
+ |
|
6 | 18 |
char const *ask_for_token(pam_handle_t *pamh); |
7 | 19 |
|
8 | 20 |
#endif |
... | ... |
@@ -4,25 +4,15 @@ |
4 | 4 |
#include <cstdlib> |
5 | 5 |
|
6 | 6 |
#include "logging.h" |
7 |
-#include "token.h" |
|
8 | 7 |
#include "conversation.h" |
8 |
+#include "validator.h" |
|
9 | 9 |
|
10 |
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { |
|
11 |
- const char *returned_token = ask_for_token(pamh); |
|
10 |
+extern validator system_validator; |
|
12 | 11 |
|
13 |
- int returned_token_length = strlen(returned_token); |
|
14 |
- char working_token[returned_token_length + 1]; |
|
15 |
- strcpy(working_token, returned_token); |
|
16 |
- char *colon = strchr(working_token, ':'); |
|
17 |
- if(!colon) { |
|
18 |
- return PAM_AUTH_ERR; |
|
19 |
- } |
|
20 |
- |
|
21 |
- *colon = 0; |
|
22 |
- char *user = working_token; |
|
23 |
- char *token = colon + 1; |
|
12 |
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { |
|
24 | 13 |
|
25 |
- int returned_validation = validate_token(user, token); |
|
14 |
+ pam_token_conversation conversation(pamh); |
|
15 |
+ int returned_validation = system_validator.validate(conversation.user_name(), conversation.token()); |
|
26 | 16 |
|
27 | 17 |
if (returned_validation) { |
28 | 18 |
log_success(); |
... | ... |
@@ -10,65 +10,10 @@ |
10 | 10 |
#include <memory> |
11 | 11 |
#include <fstream> |
12 | 12 |
|
13 |
-#include "token.h" |
|
14 |
-#include "test_support.h" |
|
15 |
- |
|
16 |
- |
|
17 |
-typedef struct passwd passwd_t; |
|
18 |
-class user { |
|
19 |
- private: |
|
20 |
- std::vector<char> passwd_buffer; |
|
21 |
- std::shared_ptr<passwd_t> sys_user_info; |
|
22 |
- |
|
23 |
- public: |
|
24 |
- user(const std::string &user_name); |
|
25 |
- bool valid(); |
|
26 |
- const std::string token(); |
|
27 |
- |
|
28 |
-}; |
|
29 |
- |
|
30 |
-const std::string user::token() { |
|
31 |
- // compute the token file path |
|
32 |
- std::string filepath = (std::string)sys_user_info->pw_dir + "/.dual_control"; |
|
33 |
- // does the file exist? |
|
34 |
- std::ifstream token_file(filepath); |
|
35 |
- if (!token_file.good()) { |
|
36 |
- return ""; |
|
37 |
- } |
|
38 |
- |
|
39 |
- // read file |
|
40 |
- int token_length = 6; |
|
41 |
- std::vector<char> token_buffer(token_length + 1); |
|
42 |
- token_file.read(token_buffer.data(), token_length); |
|
43 | 13 |
|
44 |
- // return contents |
|
45 |
- return token_buffer.data(); |
|
46 |
-} |
|
47 |
- |
|
48 |
-bool user::valid() { |
|
49 |
- return sys_user_info; |
|
50 |
-} |
|
51 |
- |
|
52 |
-user::user(const std::string &user_name) : |
|
53 |
- passwd_buffer(sysconf(_SC_GETPW_R_SIZE_MAX)) { |
|
54 |
- std::shared_ptr<passwd> temp_passwd(new passwd); |
|
55 |
- struct passwd *found_passwd(0); |
|
56 |
- getpwnam_r(user_name.c_str(), sys_user_info.get(), passwd_buffer.data(), passwd_buffer.size(), &found_passwd); |
|
57 |
- |
|
58 |
- if (found_passwd) { |
|
59 |
- sys_user_info = temp_passwd; |
|
60 |
- } |
|
61 |
-} |
|
62 |
- |
|
63 |
-int validate_token(const char *c_user_name, const char *c_token) { |
|
64 |
- |
|
65 |
- user_p user(create_user(c_user_name)); |
|
66 |
- |
|
67 |
- validator_p validator(create_validator(user)); |
|
14 |
+#include "test_support.h" |
|
68 | 15 |
|
69 |
- return validator->valid(c_token); |
|
70 | 16 |
|
71 | 17 |
|
72 |
-} |
|
73 | 18 |
|
74 | 19 |
|