PAM+NSS authentication module
[Authentication and acls checking modules]

Collaboration diagram for PAM+NSS authentication module:


Files

file  getugroups.c
 Contains getugroups() which is used to retrieve user's group.
file  system.c
 Core file for system module.

Data Structures

struct  auth_pam_userinfo

Functions

GSList * getugroups (char *username, gid_t gid)
 Get list of group a user belong to.
G_MODULE_EXPORT uint32_t get_api_version ()
G_MODULE_EXPORT gchar * g_module_check_init (GModule *module)
static int auth_pam_talker (int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
static char * normalize_username (const char *username)
G_MODULE_EXPORT int user_check (const char *username, const char *pass, user_session_t *session, unsigned passlen, gpointer params)
 user_check realise user authentication
G_MODULE_EXPORT uint32_t get_user_id (const char *username, gpointer params)
G_MODULE_EXPORT GSList * get_user_groups (const char *username, gpointer params)
G_MODULE_EXPORT gboolean unload_module_with_params (gpointer params_p)
G_MODULE_EXPORT gboolean init_module_from_conf (module_t *module)

Variables

GStaticMutex pam_mutex = G_STATIC_MUTEX_INIT
gint system_pam_module_not_threadsafe
gint system_glibc_cant_guess_maxgroups
gint system_suppress_prefixed_domain

Function Documentation

static int auth_pam_talker ( int  num_msg,
const struct pam_message **  msg,
struct pam_response **  resp,
void *  appdata_ptr 
) [static]

auth_pam_talker: supply authentication information to PAM when asked

Assumptions: A password is asked for by requesting input without echoing A username is asked for by requesting input _with_ echoing

Definition at line 85 of file system.c.

References auth_pam_userinfo::name, and auth_pam_userinfo::pw.

Referenced by user_check().

G_MODULE_EXPORT gchar* g_module_check_init ( GModule *  module  ) 

Definition at line 63 of file system.c.

References nubase_config_table_get_or_default_int(), system_glibc_cant_guess_maxgroups, system_pam_module_not_threadsafe, and system_suppress_prefixed_domain.

Here is the call graph for this function:

G_MODULE_EXPORT uint32_t get_api_version (  ) 

Definition at line 57 of file system.c.

References NUAUTH_API_VERSION.

G_MODULE_EXPORT GSList* get_user_groups ( const char *  username,
gpointer  params 
)

Definition at line 261 of file system.c.

References getugroups(), normalize_username(), pam_mutex, and system_pam_module_not_threadsafe.

Here is the call graph for this function:

G_MODULE_EXPORT uint32_t get_user_id ( const char *  username,
gpointer  params 
)

Definition at line 234 of file system.c.

References normalize_username(), pam_mutex, and system_pam_module_not_threadsafe.

Here is the call graph for this function:

GSList* getugroups ( char *  username,
gid_t  gid 
)

Get list of group a user belong to.

Like `getgroups', but for user USERNAME instead of for the current process. If GID is not -1, store it first (if possible). GID should be the group ID (pw_gid) obtained from getpwuid, in case USERNAME is not listed in /etc/groups. Always return the number of groups of which USERNAME is a member.

Parameters:
username String containing the username
gid This is the primary group of the user
Returns:
A list of group under the form of a GSList

Definition at line 68 of file getugroups.c.

References DEBUG_AREA_PERF, nuauth_params::debug_areas, group_mutex, log_message, nuauthconf, and system_glibc_cant_guess_maxgroups.

Referenced by get_user_groups().

G_MODULE_EXPORT gboolean init_module_from_conf ( module_t module  ) 

Definition at line 303 of file system.c.

References DEBUG_AREA_MAIN, log_message, and TRUE.

static char* normalize_username ( const char *  username  )  [static]

Definition at line 128 of file system.c.

References get_rid_of_domain().

Referenced by get_user_groups(), get_user_id(), and user_check().

Here is the call graph for this function:

G_MODULE_EXPORT gboolean unload_module_with_params ( gpointer  params_p  ) 

Definition at line 298 of file system.c.

References TRUE.

G_MODULE_EXPORT int user_check ( const char *  username,
const char *  pass,
user_session_t session,
unsigned  passlen,
gpointer  params 
)

user_check realise user authentication

It has to be exported by all user authentication modules

Parameters:
username User name string
pass User provided password
passlen Password length
session pointer to the user_session_t:: that we working on
params Pointer to the parameter of the module instance
Returns:
SASL_OK if password is correct, other return are authentication failure

Definition at line 151 of file system.c.

References auth_pam_talker(), DEBUG_AREA_AUTH, DEBUG_AREA_PERF, nuauth_params::debug_areas, get_rid_of_prefix_domain(), log_message, auth_pam_userinfo::name, normalize_username(), nuauthconf, pam_mutex, system_pam_module_not_threadsafe, and system_suppress_prefixed_domain.

Here is the call graph for this function:

Variable Documentation

GStaticMutex pam_mutex = G_STATIC_MUTEX_INIT

Definition at line 41 of file system.c.

Referenced by get_user_groups(), get_user_id(), and user_check().

gint system_glibc_cant_guess_maxgroups

Definition at line 52 of file getugroups.c.

Referenced by g_module_check_init(), and getugroups().

gint system_pam_module_not_threadsafe

Definition at line 50 of file system.c.

Referenced by g_module_check_init(), get_user_groups(), get_user_id(), and user_check().

gint system_suppress_prefixed_domain

Definition at line 52 of file system.c.

Referenced by g_module_check_init(), and user_check().

Generated on Sat Nov 22 04:01:02 2008 for NuFW by  doxygen 1.4.7