Add first version of PAM authenticator plugin

This includes the client and backend authenticators. Currently, only a simple password-based scheme with the SQL-client "dialog" plugin is supported. In this mode, the server sends the first PAM message with the AuthSwitchRequest packet and the client responds with the password. No further authentication messages are supported. If the connection is not encrypted, the password is sent in plaintext. The client password is used as is for logging in to backends.
2017-06-19 10:19:10 +03:00
parent a9b0eb791b
commit f916b74c2e
8 changed files with 1078 additions and 0 deletions
--- a/server/modules/authenticator/PAM/CMakeLists.txt
+++ b/server/modules/authenticator/PAM/CMakeLists.txt
@ -0,0 +1,25 @@
+# This CMake file locates the Jansson libraries and headers
+#
+# The following variables are set:
+# PAM_FOUND - If the PAM library was found
+# PAM_LIBRARIES - Path to the library
+# PAM_INCLUDE_DIR - Path to headers
+
+find_path(PAM_INCLUDE_DIR pam_appl.h PATH_SUFFIXES security)
+find_library(PAM_LIBRARIES NAMES pam)
+message(STATUS "Found PAM include dirs: ${PAM_INCLUDE_DIR}")
+if (PAM_INCLUDE_DIR AND PAM_LIBRARIES)
+  message(STATUS "Found PAM: ${PAM_LIBRARIES}")
+  set(PAM_FOUND TRUE)
+else()
+  message(STATUS "Could not find PAM")
+endif()
+
+if (PAM_FOUND AND SQLITE_FOUND)
+    #include_directories(${PAM_INCLUDE_DIR})
+    include_directories(${SQLITE_INCLUDE_DIR})
+    add_subdirectory(PAMAuth)
+    add_subdirectory(PAMBackendAuth)
+else()
+    message(STATUS "No PAM libraries or SQLite found, not building PAM authenticator. Current SQLite version is #${SQLITE_VERSION}")
+endif()