[Cluster-devel] conga ./conga.spec.in.in make/version.in ricci ...
kupcevic at sourceware.org
kupcevic at sourceware.org
Tue Oct 24 21:59:56 UTC 2006
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: kupcevic at sourceware.org 2006-10-24 21:59:55
Modified files:
. : conga.spec.in.in
make : version.in
ricci/init.d : ricci
ricci/ricci : Auth.cpp Auth.h Makefile
Log message:
ricci: switch pam to sasl authentication (bz211191)
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/conga.spec.in.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.45&r2=1.45.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/make/version.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.21&r2=1.21.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/init.d/ricci.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.8&r2=1.8.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.cpp.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.4&r2=1.4.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.h.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.2&r2=1.2.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Makefile.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.16&r2=1.16.2.1
--- conga/conga.spec.in.in 2006/10/16 21:01:40 1.45
+++ conga/conga.spec.in.in 2006/10/24 21:59:55 1.45.2.1
@@ -40,7 +40,10 @@
BuildRequires: python-devel >= 2.4.1
%endif
BuildRequires: glibc-devel gcc-c++ libxml2-devel sed
-BuildRequires: openssl-devel dbus-devel pam-devel pkgconfig file
+#BuildRequires: pam-devel
+BuildRequires: cyrus-sasl-devel >= 2.1
+BuildRequires: openssl-devel dbus-devel pkgconfig file
+
%description
Conga is a project developing management system for remote stations.
@@ -182,7 +185,7 @@
Summary: Remote Management System - Managed Station
Requires: initscripts
-Requires: oddjob dbus openssl pam
+Requires: oddjob dbus openssl pam cyrus-sasl >= 2.1
Requires: sed util-linux
Requires: modcluster >= 0.8
@@ -279,6 +282,7 @@
%changelog
+
* Wed Oct 16 2006 Stanko Kupcevic <kupcevic at redhat.com> 0.8-20
- Minor GUI nits
--- conga/make/version.in 2006/10/16 21:01:40 1.21
+++ conga/make/version.in 2006/10/24 21:59:55 1.21.2.1
@@ -1,2 +1,2 @@
VERSION=0.8
-RELEASE=20
+RELEASE=20.4
--- conga/ricci/init.d/ricci 2006/08/16 02:57:52 1.8
+++ conga/ricci/init.d/ricci 2006/10/24 21:59:55 1.8.2.1
@@ -90,6 +90,8 @@
fi
fi
+ service saslauthd start > /dev/null 2>&1
+
ssl_certs_ok
if [ "1$?" != "10" ] ; then
generate_ssl_certs
--- conga/ricci/ricci/Auth.cpp 2006/08/12 00:38:36 1.4
+++ conga/ricci/ricci/Auth.cpp 2006/10/24 21:59:55 1.4.2.1
@@ -22,33 +22,35 @@
#include "Auth.h"
-#include "ricci_defines.h"
+#include "Mutex.h"
+#include <sasl/sasl.h>
-#include <errno.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <iostream>
-using namespace std;
+static int
+sasl_getopts_callback(void* context,
+ const char* plugin_name,
+ const char* option,
+ const char** result,
+ unsigned int* len);
-static void
-close_fd(int fd)
-{
- int e;
- do {
- e = close(fd);
- } while (e && (errno == EINTR));
-}
+static Mutex mutex; // global sasl_lib protection mutex
+static bool inited = false; // sasl_lib initialized?
+const static
+sasl_callback_t callbacks[] = {
+ {SASL_CB_GETOPT, (int (*)()) sasl_getopts_callback, NULL},
+ {SASL_CB_LIST_END, NULL, NULL},
+};
-Auth::Auth() :
- _path(AUTH_HELPER_PATH)
-{}
+Auth::Auth()
+{
+ if (!initialize_auth_system())
+ throw String("Failed to initialize authentication engine");
+}
Auth::~Auth()
{}
@@ -57,77 +59,87 @@
bool
Auth::authenticate(const String& passwd) const
{
- if (access(_path.c_str(), X_OK))
- throw String("missing auth helper");
+ MutexLocker l(mutex);
- int _stdin_pipe[2];
-
- if (pipe(_stdin_pipe) == -1)
- throw String("failure creating pipe");
-
- int pid = fork();
- if (pid == -1) {
- close_fd(_stdin_pipe[0]);
- close_fd(_stdin_pipe[1]);
- throw String("fork failed");
+ sasl_conn_t *conn = 0;
+ try {
+ bool success = false;
+
+ int ret = sasl_server_new("ricci", // servicename
+ NULL, // hostname
+ NULL, // realm
+ NULL, // local ip:port
+ NULL, // remote ip:port
+ callbacks,
+ 0, // connection flags
+ &conn);
+ if (ret != SASL_OK)
+ throw String("authentication engine error");
+
+ ret = sasl_checkpass(conn,
+ "root", 4,
+ passwd.c_str(), passwd.size());
+ if (ret == SASL_OK)
+ success = true;
+ else
+ if (ret != SASL_BADAUTH)
+ throw String("authentication engine error");
+
+ sasl_dispose(&conn); conn = 0;
+ return success;
+ } catch ( ... ) {
+ if (conn) {
+ sasl_dispose(&conn);
+ conn = 0;
+ }
+ throw;
}
+}
+
+
+
+bool
+Auth::initialize_auth_system()
+{
+ MutexLocker l(mutex);
- if (pid == 0) {
- /* child */
- close_fd(0);
- close_fd(1);
- close_fd(2);
-
- close_fd(_stdin_pipe[1]);
- dup2(_stdin_pipe[0], 0);
- close_fd(_stdin_pipe[0]);
-
- // restore signals
- for (int x = 1; x < _NSIG; x++)
- signal(x, SIG_DFL);
- sigset_t set;
- sigfillset(&set);
- sigprocmask(SIG_UNBLOCK, &set, NULL);
-
- /* exec */
- execl(_path.c_str(), _path.c_str(), NULL);
- _exit(1);
+ if (!inited) {
+ int ret = sasl_server_init(callbacks, "ricci");
+ inited = (ret == SASL_OK);
}
-
-
- /* parent */
-
- close_fd(_stdin_pipe[0]);
-
+ return inited;
+}
+
+int
+sasl_getopts_callback(void* context,
+ const char* plugin_name,
+ const char* option,
+ const char** result,
+ unsigned * len)
+{
try {
- String pass = passwd + "\n";
- do {
- int size = write(_stdin_pipe[1], pass.c_str(), pass.size());
- if (size == -1) {
- if (errno == EINTR)
- continue;
- else {
- cout << errno << endl;
- throw String("write() error");
- }
+ static const char authd_option[] = "pwcheck_method";
+ static const char authd_result[] = "saslauthd";
+
+ static const char authd_version_option[] = "saslauthd_version";
+ static const char authd_version_result[] = "2";
+
+
+ if (result) {
+ *result = 0;
+ if (strcmp(option, authd_option) == 0)
+ *result = authd_result;
+ else if (strcmp(option, authd_version_option) == 0)
+ *result = authd_version_result;
+ else {
+ // modify more options we'd like to use
}
- pass = pass.substr(size, pass.npos);
- } while (!pass.empty());
+ }
+ if (len)
+ *len = 0;
+
+ return SASL_OK;
} catch ( ... ) {
- close_fd(_stdin_pipe[1]);
- throw;
- }
- close_fd(_stdin_pipe[1]);
-
- bool success = false;
- int ret, status;
- do {
- ret = waitpid(pid, &status, 0);
- } while ((ret < 0) && (errno == EINTR));
-
- if (WIFEXITED(status)) {
- status = WEXITSTATUS(status);
- success = (status == 0);
+ return SASL_FAIL;
}
- return success;
}
--- conga/ricci/ricci/Auth.h 2006/08/10 22:53:09 1.2
+++ conga/ricci/ricci/Auth.h 2006/10/24 21:59:55 1.2.2.1
@@ -27,6 +27,9 @@
#include "String.h"
+// thread safe
+
+
class Auth
{
public:
@@ -34,9 +37,10 @@
virtual ~Auth();
bool authenticate(const String& passwd) const;
- private:
- String _path;
+
+ static bool initialize_auth_system(); // to be called at start-up (not required)
+
};
--- conga/ricci/ricci/Makefile 2006/08/22 23:01:17 1.16
+++ conga/ricci/ricci/Makefile 2006/10/24 21:59:55 1.16.2.1
@@ -44,7 +44,8 @@
LDFLAGS += `pkg-config --libs dbus-1`
-all: ${TARGET} ${TARGET_AUTH} ${TARGET_WORKER}
+#all: ${TARGET} ${TARGET_AUTH} ${TARGET_WORKER}
+all: ${TARGET} ${TARGET_WORKER}
*.o: *.h ../include/*.h
@@ -52,7 +53,7 @@
$(INSTALL_DIR) ${sbindir}
$(INSTALL_BIN) ${TARGET} ${sbindir}
$(INSTALL_DIR) ${libexecdir}/ricci
- install -m 4755 ${TARGET_AUTH} ${libexecdir}/ricci
+ #install -m 4755 ${TARGET_AUTH} ${libexecdir}/ricci
$(INSTALL_BIN) ${TARGET_WORKER} ${libexecdir}/ricci
$(INSTALL_DIR) ${localstatedir}/lib/ricci/queue
$(INSTALL_DIR) ${localstatedir}/lib/ricci/certs
@@ -77,10 +78,14 @@
$(TARGET): $(OBJECTS)
- $(CXX) -o $(TARGET) $(OBJECTS) $(LDFLAGS)
+ $(CXX) -o $(TARGET) $(OBJECTS) $(LDFLAGS) -lsasl2
${TARGET_AUTH}: $(TARGET_AUTH_OBJECTS)
$(CXX) -o ${TARGET_AUTH} $(TARGET_AUTH_OBJECTS) ${LDFLAGS} -lpam
${TARGET_WORKER}: ${TARGET_WORKER_OBJECTS}
$(CXX) -o ${TARGET_WORKER} ${TARGET_WORKER_OBJECTS} ${LDFLAGS}
+
+
+Auth_test: Auth_test.o Auth.o
+ $(CXX) -o Auth_test Auth_test.o Auth.o ${LDFLAGS} -lsasl2
More information about the Cluster-devel
mailing list