31 class SaslServerPamImp ;
40 SaslServerPamImp(
bool valid ,
const std::string & config ,
bool allow_apop ) ;
43 bool init(
const std::string & mechanism ) ;
44 std::string apply(
const std::string & pwd ,
bool & done ) ;
45 std::string id()
const ;
46 bool authenticated()
const ;
57 std::unique_ptr<PamImp> m_pam ;
68 using ItemArray = GAuth::PamImp::ItemArray ;
69 G_EXCEPTION_CLASS( NoPrompt ,
"no password prompt received from pam module" ) ;
71 PamImp(
const std::string & app ,
const std::string &
id ) ;
74 void apply(
const std::string & ) ;
75 std::string id()
const ;
78 void converse( ItemArray & )
override ;
79 void delay(
unsigned int usec )
override ;
84 void operator=(
const PamImp & ) = delete ;
85 void operator=(
PamImp && ) = delete ;
93GAuth::PamImp::PamImp(
const std::string & app ,
const std::string &
id ) :
98 G_DEBUG(
"GAuth::PamImp::ctor: [" << app <<
"] [" <<
id <<
"]" ) ;
101GAuth::PamImp::~PamImp()
104std::string GAuth::PamImp::id()
const
112 for(
auto & item : items )
114 if( item.in_type ==
"password" )
117 item.out_defined = true ;
127void GAuth::PamImp::apply(
const std::string & pwd )
130 authenticate(
true ) ;
143GAuth::SaslServerPamImp::SaslServerPamImp(
bool active ,
const std::string & ,
bool allow_apop ) :
145 m_allow_apop(allow_apop)
149GAuth::SaslServerPamImp::~SaslServerPamImp()
152bool GAuth::SaslServerPamImp::active()
const
157bool GAuth::SaslServerPamImp::init(
const std::string & mechanism )
164std::string GAuth::SaslServerPamImp::id()
const
166 return m_pam ? m_pam->id() : std::string() ;
169std::string GAuth::SaslServerPamImp::apply(
const std::string & response ,
bool & done )
172 std::string sep( 1U ,
'\0' ) ;
173 std::string s =
G::Str::tail( response , response.find(sep) , std::string() ) ;
174 std::string
id =
G::Str::head( s , s.find(sep) , std::string() ) ;
175 std::string pwd =
G::Str::tail( s , s.find(sep) , std::string() ) ;
177 m_pam = std::make_unique<PamImp>(
"emailrelay" ,
id ) ;
181 m_pam->apply( pwd ) ;
185 G_WARNING(
"GAuth::SaslServer::apply: " << e.what() ) ;
188 catch( PamImp::NoPrompt & e )
190 G_WARNING(
"GAuth::SaslServer::apply: pam error: " << e.what() ) ;
195 return std::string() ;
201 m_imp(std::make_unique<
SaslServerPamImp>(secrets.valid(),config,allow_apop))
205GAuth::SaslServerPam::~SaslServerPam()
208std::string GAuth::SaslServerPam::mechanisms(
char )
const
213std::string GAuth::SaslServerPam::mechanism()
const
218bool GAuth::SaslServerPam::trusted(
const GNet::Address & )
const
223bool GAuth::SaslServerPam::active()
const
225 return m_imp->active() ;
228bool GAuth::SaslServerPam::mustChallenge()
const
233bool GAuth::SaslServerPam::init(
const std::string & mechanism )
235 return m_imp->init( mechanism ) ;
238std::string GAuth::SaslServerPam::initialChallenge()
const
240 return std::string() ;
243std::string GAuth::SaslServerPam::apply(
const std::string & response ,
bool & done )
245 return m_imp->apply( response , done ) ;
248bool GAuth::SaslServerPam::authenticated()
const
250 return !m_imp->id().empty() ;
253std::string GAuth::SaslServerPam::id()
const
258bool GAuth::SaslServerPam::requiresEncryption()
const
A private implementation of the G::Pam interface used by GAuth::SaslServerPamImp, which is itself a p...
void converse(ItemArray &) override
Called to pass a message to the user, or request a password etc.
void delay(unsigned int usec) override
Called when the pam library wants the application to introduce a delay to prevent brute-force attacks...
A private implementation class used by GAuth::SaslServerPam.
SaslServerPam(const SaslServerSecrets &, const std::string &config, bool allow_apop)
Constructor.
An interface used by GAuth::SaslServer to obtain authentication secrets.
The GNet::Address class encapsulates a TCP/UDP transport address.
An exception class for G::Pam.
A thin interface to the system PAM library, with two pure virtual methods that derived classes should...
static std::string tail(const std::string &in, std::size_t pos, const std::string &default_=std::string())
Returns the last part of the string after the given position.
static std::string upper(const std::string &s)
Returns a copy of 's' in which all Latin-1 lower-case characters have been replaced by upper-case cha...
static std::string head(const std::string &in, std::size_t pos, const std::string &default_=std::string())
Returns the first part of the string up to just before the given position.
SASL authentication classes.