From: kupcevic@sourceware.org <kupcevic@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga ./conga.spec.in.in make/version.in ricci ...
Date: 24 Oct 2006 21:59:56 -0000 [thread overview]
Message-ID: <20061024215956.11018.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: kupcevic at sourceware.org 2006-10-24 21:59:55
Modified files:
. : conga.spec.in.in
make : version.in
ricci/init.d : ricci
ricci/ricci : Auth.cpp Auth.h Makefile
Log message:
ricci: switch pam to sasl authentication (bz211191)
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/conga.spec.in.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.45&r2=1.45.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/make/version.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.21&r2=1.21.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/init.d/ricci.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.8&r2=1.8.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.cpp.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.4&r2=1.4.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.h.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.2&r2=1.2.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Makefile.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.16&r2=1.16.2.1
--- conga/conga.spec.in.in 2006/10/16 21:01:40 1.45
+++ conga/conga.spec.in.in 2006/10/24 21:59:55 1.45.2.1
@@ -40,7 +40,10 @@
BuildRequires: python-devel >= 2.4.1
%endif
BuildRequires: glibc-devel gcc-c++ libxml2-devel sed
-BuildRequires: openssl-devel dbus-devel pam-devel pkgconfig file
+#BuildRequires: pam-devel
+BuildRequires: cyrus-sasl-devel >= 2.1
+BuildRequires: openssl-devel dbus-devel pkgconfig file
+
%description
Conga is a project developing management system for remote stations.
@@ -182,7 +185,7 @@
Summary: Remote Management System - Managed Station
Requires: initscripts
-Requires: oddjob dbus openssl pam
+Requires: oddjob dbus openssl pam cyrus-sasl >= 2.1
Requires: sed util-linux
Requires: modcluster >= 0.8
@@ -279,6 +282,7 @@
%changelog
+
* Wed Oct 16 2006 Stanko Kupcevic <kupcevic@redhat.com> 0.8-20
- Minor GUI nits
--- conga/make/version.in 2006/10/16 21:01:40 1.21
+++ conga/make/version.in 2006/10/24 21:59:55 1.21.2.1
@@ -1,2 +1,2 @@
VERSION=0.8
-RELEASE=20
+RELEASE=20.4
--- conga/ricci/init.d/ricci 2006/08/16 02:57:52 1.8
+++ conga/ricci/init.d/ricci 2006/10/24 21:59:55 1.8.2.1
@@ -90,6 +90,8 @@
fi
fi
+ service saslauthd start > /dev/null 2>&1
+
ssl_certs_ok
if [ "1$?" != "10" ] ; then
generate_ssl_certs
--- conga/ricci/ricci/Auth.cpp 2006/08/12 00:38:36 1.4
+++ conga/ricci/ricci/Auth.cpp 2006/10/24 21:59:55 1.4.2.1
@@ -22,33 +22,35 @@
#include "Auth.h"
-#include "ricci_defines.h"
+#include "Mutex.h"
+#include <sasl/sasl.h>
-#include <errno.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <iostream>
-using namespace std;
+static int
+sasl_getopts_callback(void* context,
+ const char* plugin_name,
+ const char* option,
+ const char** result,
+ unsigned int* len);
-static void
-close_fd(int fd)
-{
- int e;
- do {
- e = close(fd);
- } while (e && (errno == EINTR));
-}
+static Mutex mutex; // global sasl_lib protection mutex
+static bool inited = false; // sasl_lib initialized?
+const static
+sasl_callback_t callbacks[] = {
+ {SASL_CB_GETOPT, (int (*)()) sasl_getopts_callback, NULL},
+ {SASL_CB_LIST_END, NULL, NULL},
+};
-Auth::Auth() :
- _path(AUTH_HELPER_PATH)
-{}
+Auth::Auth()
+{
+ if (!initialize_auth_system())
+ throw String("Failed to initialize authentication engine");
+}
Auth::~Auth()
{}
@@ -57,77 +59,87 @@
bool
Auth::authenticate(const String& passwd) const
{
- if (access(_path.c_str(), X_OK))
- throw String("missing auth helper");
+ MutexLocker l(mutex);
- int _stdin_pipe[2];
-
- if (pipe(_stdin_pipe) == -1)
- throw String("failure creating pipe");
-
- int pid = fork();
- if (pid == -1) {
- close_fd(_stdin_pipe[0]);
- close_fd(_stdin_pipe[1]);
- throw String("fork failed");
+ sasl_conn_t *conn = 0;
+ try {
+ bool success = false;
+
+ int ret = sasl_server_new("ricci", // servicename
+ NULL, // hostname
+ NULL, // realm
+ NULL, // local ip:port
+ NULL, // remote ip:port
+ callbacks,
+ 0, // connection flags
+ &conn);
+ if (ret != SASL_OK)
+ throw String("authentication engine error");
+
+ ret = sasl_checkpass(conn,
+ "root", 4,
+ passwd.c_str(), passwd.size());
+ if (ret == SASL_OK)
+ success = true;
+ else
+ if (ret != SASL_BADAUTH)
+ throw String("authentication engine error");
+
+ sasl_dispose(&conn); conn = 0;
+ return success;
+ } catch ( ... ) {
+ if (conn) {
+ sasl_dispose(&conn);
+ conn = 0;
+ }
+ throw;
}
+}
+
+
+
+bool
+Auth::initialize_auth_system()
+{
+ MutexLocker l(mutex);
- if (pid == 0) {
- /* child */
- close_fd(0);
- close_fd(1);
- close_fd(2);
-
- close_fd(_stdin_pipe[1]);
- dup2(_stdin_pipe[0], 0);
- close_fd(_stdin_pipe[0]);
-
- // restore signals
- for (int x = 1; x < _NSIG; x++)
- signal(x, SIG_DFL);
- sigset_t set;
- sigfillset(&set);
- sigprocmask(SIG_UNBLOCK, &set, NULL);
-
- /* exec */
- execl(_path.c_str(), _path.c_str(), NULL);
- _exit(1);
+ if (!inited) {
+ int ret = sasl_server_init(callbacks, "ricci");
+ inited = (ret == SASL_OK);
}
-
-
- /* parent */
-
- close_fd(_stdin_pipe[0]);
-
+ return inited;
+}
+
+int
+sasl_getopts_callback(void* context,
+ const char* plugin_name,
+ const char* option,
+ const char** result,
+ unsigned * len)
+{
try {
- String pass = passwd + "\n";
- do {
- int size = write(_stdin_pipe[1], pass.c_str(), pass.size());
- if (size == -1) {
- if (errno == EINTR)
- continue;
- else {
- cout << errno << endl;
- throw String("write() error");
- }
+ static const char authd_option[] = "pwcheck_method";
+ static const char authd_result[] = "saslauthd";
+
+ static const char authd_version_option[] = "saslauthd_version";
+ static const char authd_version_result[] = "2";
+
+
+ if (result) {
+ *result = 0;
+ if (strcmp(option, authd_option) == 0)
+ *result = authd_result;
+ else if (strcmp(option, authd_version_option) == 0)
+ *result = authd_version_result;
+ else {
+ // modify more options we'd like to use
}
- pass = pass.substr(size, pass.npos);
- } while (!pass.empty());
+ }
+ if (len)
+ *len = 0;
+
+ return SASL_OK;
} catch ( ... ) {
- close_fd(_stdin_pipe[1]);
- throw;
- }
- close_fd(_stdin_pipe[1]);
-
- bool success = false;
- int ret, status;
- do {
- ret = waitpid(pid, &status, 0);
- } while ((ret < 0) && (errno == EINTR));
-
- if (WIFEXITED(status)) {
- status = WEXITSTATUS(status);
- success = (status == 0);
+ return SASL_FAIL;
}
- return success;
}
--- conga/ricci/ricci/Auth.h 2006/08/10 22:53:09 1.2
+++ conga/ricci/ricci/Auth.h 2006/10/24 21:59:55 1.2.2.1
@@ -27,6 +27,9 @@
#include "String.h"
+// thread safe
+
+
class Auth
{
public:
@@ -34,9 +37,10 @@
virtual ~Auth();
bool authenticate(const String& passwd) const;
- private:
- String _path;
+
+ static bool initialize_auth_system(); // to be called@start-up (not required)
+
};
--- conga/ricci/ricci/Makefile 2006/08/22 23:01:17 1.16
+++ conga/ricci/ricci/Makefile 2006/10/24 21:59:55 1.16.2.1
@@ -44,7 +44,8 @@
LDFLAGS += `pkg-config --libs dbus-1`
-all: ${TARGET} ${TARGET_AUTH} ${TARGET_WORKER}
+#all: ${TARGET} ${TARGET_AUTH} ${TARGET_WORKER}
+all: ${TARGET} ${TARGET_WORKER}
*.o: *.h ../include/*.h
@@ -52,7 +53,7 @@
$(INSTALL_DIR) ${sbindir}
$(INSTALL_BIN) ${TARGET} ${sbindir}
$(INSTALL_DIR) ${libexecdir}/ricci
- install -m 4755 ${TARGET_AUTH} ${libexecdir}/ricci
+ #install -m 4755 ${TARGET_AUTH} ${libexecdir}/ricci
$(INSTALL_BIN) ${TARGET_WORKER} ${libexecdir}/ricci
$(INSTALL_DIR) ${localstatedir}/lib/ricci/queue
$(INSTALL_DIR) ${localstatedir}/lib/ricci/certs
@@ -77,10 +78,14 @@
$(TARGET): $(OBJECTS)
- $(CXX) -o $(TARGET) $(OBJECTS) $(LDFLAGS)
+ $(CXX) -o $(TARGET) $(OBJECTS) $(LDFLAGS) -lsasl2
${TARGET_AUTH}: $(TARGET_AUTH_OBJECTS)
$(CXX) -o ${TARGET_AUTH} $(TARGET_AUTH_OBJECTS) ${LDFLAGS} -lpam
${TARGET_WORKER}: ${TARGET_WORKER_OBJECTS}
$(CXX) -o ${TARGET_WORKER} ${TARGET_WORKER_OBJECTS} ${LDFLAGS}
+
+
+Auth_test: Auth_test.o Auth.o
+ $(CXX) -o Auth_test Auth_test.o Auth.o ${LDFLAGS} -lsasl2
next reply other threads:[~2006-10-24 21:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-24 21:59 kupcevic [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-09-23 17:42 [Cluster-devel] conga ./conga.spec.in.in make/version.in ricci rmccabe
2008-08-27 14:59 rmccabe
2006-10-24 21:54 kupcevic
2006-08-22 17:32 kupcevic
2006-06-19 21:21 kupcevic
2006-06-15 3:08 kupcevic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061024215956.11018.qmail@sourceware.org \
--to=kupcevic@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.