A thin abstract interface to the system PAM library. More...
#include <gpam.h>
Classes | |
| class | Error |
| An exception class used by G::Pam. More... | |
| struct | Item |
| A structure used by G::Pam to hold conversation items. More... | |
Public Types | |
| typedef std::vector< Item > | ItemArray |
Public Member Functions | |
| Pam (const std::string &app, const std::string &user, bool silent) | |
| Constructor. More... | |
| virtual | ~Pam () |
| Destructor. More... | |
| bool | authenticate (bool require_token) |
| Authenticates the user. More... | |
| std::string | name () const |
| Returns the authenticated user name. More... | |
| void | checkAccount (bool require_token) |
| Does "account management", checking that the authenticated user is currently allowed to use the system. More... | |
| void | establishCredentials () |
| Embues the authenticated user with their credentials, such as "tickets" in the form of environment variables etc. More... | |
| void | openSession () |
| Starts a session. More... | |
| void | closeSession () |
| Closes a session. More... | |
| void | deleteCredentials () |
| Deletes credentials. More... | |
| void | reinitialiseCredentials () |
| Reinitialises credentials. More... | |
| void | refreshCredentials () |
| Refreshes credentials. More... | |
| virtual void | converse (ItemArray &)=0 |
| Called to pass a message to the user, or request a password etc. More... | |
| virtual void | delay (unsigned int usec)=0 |
| Called when the pam library wants the application to introduce a delay to prevent brute-force attacks. More... | |
Detailed Description
A thin abstract interface to the system PAM library.
Derived classes should implement converse() to supply passwords etc. and delay() to implement anti-brute-force delays.
As per the PAM model the user code should authenticate(), then checkAccount(), then establishCredentials() and finally openSession().
Usage:
Member Typedef Documentation
| typedef std::vector<Item> G::Pam::ItemArray |
Constructor & Destructor Documentation
| G::Pam::Pam | ( | const std::string & | app, |
| const std::string & | user, | ||
| bool | silent | ||
| ) |
Constructor.
Definition at line 351 of file gpam_linux.cpp.
|
virtual |
Destructor.
Definition at line 356 of file gpam_linux.cpp.
Member Function Documentation
| bool G::Pam::authenticate | ( | bool | require_token | ) |
Authenticates the user.
Typically issues a challenge, such as password request, using the converse() callback.
Returns false if it needs to be called again because converse() did not fill in all the prompted values. Returns true if authenticated. Throws on error.
Definition at line 361 of file gpam_linux.cpp.
References G_DEBUG.
| void G::Pam::checkAccount | ( | bool | require_token | ) |
Does "account management", checking that the authenticated user is currently allowed to use the system.
Definition at line 367 of file gpam_linux.cpp.
References G_DEBUG.
| void G::Pam::closeSession | ( | ) |
|
pure virtual |
Called to pass a message to the user, or request a password etc.
Typically the array is a single password prompt. The password should then be put into the 'out' string and the boolean flag set.
For each item in the array which is a prompt the implementation is required to supply a response value.
In an event-driven environment the response values can be left unassigned, in which case the outer authenticate() call will return false. The authenticate() can then be called a second time once the requested information is available.
Implemented in GAuth::PamImp.
|
pure virtual |
Called when the pam library wants the application to introduce a delay to prevent brute-force attacks.
The parameter may be zero.
Typically called from within authenticate(), ie. before authenticate returns.
A default implementation is provided (sic) that does a sleep.
In an event-driven application the implementation of this method should start a timer and avoid initiating any new authentication while the timer is running.
Implemented in GAuth::PamImp.
Definition at line 406 of file gpam_linux.cpp.
| void G::Pam::deleteCredentials | ( | ) |
Deletes credentials.
Definition at line 391 of file gpam_linux.cpp.
| void G::Pam::establishCredentials | ( | ) |
Embues the authenticated user with their credentials, such as "tickets" in the form of environment variables etc.
Definition at line 373 of file gpam_linux.cpp.
References G_DEBUG.
| std::string G::Pam::name | ( | ) | const |
Returns the authenticated user name.
In principle this can be different from the requesting user name passed in the constructor.
Definition at line 418 of file gpam_linux.cpp.
| void G::Pam::openSession | ( | ) |
| void G::Pam::refreshCredentials | ( | ) |
Refreshes credentials.
Definition at line 401 of file gpam_linux.cpp.
| void G::Pam::reinitialiseCredentials | ( | ) |
Reinitialises credentials.
Definition at line 396 of file gpam_linux.cpp.
The documentation for this class was generated from the following files:
