Ejemplo n.º 1
0
static int
do_item(pam_handle_t *pamh, struct tac_handle *tach, int item,
    set_func func, const char *funcname)
{
	int retval;
	const void *value;

	retval = pam_get_item(pamh, item, &value);
	if (retval != PAM_SUCCESS)
	    return retval;
	if (value != NULL && (*func)(tach, (const char *)value) == -1) {
		syslog(LOG_CRIT, "%s: %s", funcname, tac_strerror(tach));
		tac_close(tach);
		return PAM_SERVICE_ERR;
	}
	return PAM_SUCCESS;
}
Ejemplo n.º 2
0
const void* Authenticator::get_item(const Authenticator::ItemType item) {
    const void* data;
    switch ((last_result=pam_get_item(pam_handle, item, &data))) {
    default:
    case PAM_SYSTEM_ERR:
#ifdef __LIBPAM_VERSION
    case PAM_BAD_ITEM:
#endif
        _end();
        throw Exception(pam_handle, "pam_get_item()", last_result);

    case PAM_PERM_DENIED: // The value of item was NULL
    case PAM_SUCCESS:
        break;
    }
    return data;
}
Ejemplo n.º 3
0
static int pam_get_rhost(pam_handle_t *pamh, const char **rhost
			 , const char *prompt)
{
    int retval;
    const char   *current;

    retval = pam_get_item (pamh, PAM_RHOST, (const void **)&current);
    if (retval != PAM_SUCCESS)
        return retval;

    if (current == NULL) {
	return PAM_AUTH_ERR;
    }
    *rhost = current;

    return retval;        /* pass on any error from conversation */
}
Ejemplo n.º 4
0
static int record_user(const abl_args *args, abl_info *info, time_t tm) {
    const void *user;
    int err;
    if (err = pam_get_item(args->pamh, PAM_USER, &user), PAM_SUCCESS != err) {
        log_pam_error(args, err, "getting PAM_USER");
        return err;
    }
    if (NULL != user) {
        info->subject = USER;
        info->user = user;
        return record(args, info, tm, args->user_purge);
    } else {
        log_debug(args, "PAM_USER is NULL");
        return 0;
    }
    return 1;
}
Ejemplo n.º 5
0
/* expected hook, this is where custom stuff happens */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char **argv) {
	int ret = 0;

	const char* pUsername = NULL;
	const char* pUrl = NULL;
	const char* pCaFile = NULL;

	struct pam_message msg;
	struct pam_conv* pItem;
	struct pam_response* pResp;
	const struct pam_message* pMsg = &msg;

	msg.msg_style = PAM_PROMPT_ECHO_OFF;
	msg.msg = "Cool buddy: ";
	
	printf("I got called\n");

	if (pam_get_user(pamh, &pUsername, NULL) != PAM_SUCCESS) {
		return PAM_AUTH_ERR;
	}

	pUrl = getArg("url", argc, argv);
	if (!pUrl) {
		return PAM_AUTH_ERR;
	}

	pCaFile = getArg("cafile", argc, argv);
	if (pam_get_item(pamh, PAM_CONV, (const void**)&pItem) != PAM_SUCCESS || !pItem) {
		fprintf(stderr, "Couldn't get pam_conv\n");
		return PAM_AUTH_ERR;
	}

	pItem->conv(1, &pMsg, &pResp, pItem->appdata_ptr);

	ret = PAM_SUCCESS;

	if (getUrl(pUrl, pUsername, pResp[0].resp, pCaFile) != 0) {
		ret = PAM_AUTH_ERR;
	}
	
	memset(pResp[0].resp, 0, strlen(pResp[0].resp));
	free(pResp);
	
	return ret;
}
Ejemplo n.º 6
0
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
{
	int ret;
	int faked = 0;
	const char *dir = NULL;
	const char *fake_suite = NULL;
	char *questions;
	const char *user;
	char *response = NULL;
	char fmt[512];

	(void)flags;
	(void)argc;
	(void)argv;

	pam_get_item(pamh, PAM_USER, (const void **)&user);

	openlog("pam_ocra", 0, LOG_AUTHPRIV);

	fake_suite = openpam_get_option(pamh, "fake_prompt");
	dir = openpam_get_option(pamh, "dir");
	if (PAM_SUCCESS != (ret = challenge(dir, user, &questions))) {
		if (PAM_NO_MODULE_DATA == ret && NULL != fake_suite) {
			if (PAM_SUCCESS !=
			    (ret = fake_challenge(fake_suite, &questions)))
				goto end;
			faked = 1;
		} else
			goto end;
	}
	snprintf(fmt, 512, "OCRA Challenge: %s\nOCRA  Response: ", questions);
	if (PAM_SUCCESS != (ret = get_response(pamh, fmt, &response)))
		goto end;
	if (1 == faked)
		ret = PAM_AUTH_ERR;
	else
		ret = verify(dir, user, questions, response);

	free(response);
end:
	closelog();
	return ret;
}
Ejemplo n.º 7
0
static int _get_authtok (pam_handle_t * pamh)
{
  int rc;
  char *p;
  struct pam_message msg[1], *pmsg[1];
  struct pam_response *resp;
  struct pam_conv *conv;

  pmsg[0] = &msg[0];
  msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
  msg[0].msg = "Password: ";
  resp = NULL;

  rc = pam_get_item (pamh, PAM_CONV, (const void **) &conv);
  if (rc == PAM_SUCCESS)
  {
      rc = conv->conv (1,
		       (const struct pam_message **) pmsg,
		       &resp, conv->appdata_ptr);
  }
  else
  {
      return rc;
  }
  if (resp != NULL)
  {
      if (resp[0].resp == NULL)
      {
	  free (resp);
	  return PAM_AUTH_ERR;
      }

      p = resp[0].resp;
      /* leak if resp[0].resp is malloced. */
      resp[0].resp = NULL;
  }
  else
  {
      return PAM_CONV_ERR;
  }
  free (resp);
  pam_set_item (pamh, PAM_AUTHTOK, p);

  return PAM_SUCCESS;
}
Ejemplo n.º 8
0
static void log_message(int priority, pam_handle_t *pamh, const char *format, ...) {
        char *service = NULL;
        if (pamh)
                pam_get_item(pamh, PAM_SERVICE, (void *)&service);
        if (!service)
                service = "";

        char logname[80];
        snprintf(logname, sizeof(logname), "%s(" MODULE_NAME ")", service);

        va_list args;
        va_start(args, format);
        openlog(logname, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
        vsyslog(priority, format, args);
        va_end(args);

        closelog();
}
Ejemplo n.º 9
0
static int set_the_terminal(pam_handle_t *pamh)
{
    const char *tty;

    if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
	|| tty == NULL) {
	tty = ttyname(STDIN_FILENO);
	if (tty == NULL) {
	    _pam_log(LOG_ERR, "couldn't get the tty name");
	    return PAM_ABORT;
	}
	if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
	    _pam_log(LOG_ERR, "couldn't set tty name");
	    return PAM_ABORT;
	}
    }
    return PAM_SUCCESS;
}
Ejemplo n.º 10
0
int pam_prompt(pam_handle_t *pamh, int style, char **response,
               const char *format, ...)
{
  int rc;
  struct pam_conv *aconv;
  char buffer[200];
  va_list ap;
  struct pam_message msg, *pmsg;
  struct pam_response *resp;
  /* the the conversion function */
  rc = pam_get_item(pamh, PAM_CONV, (PAM_ITEM_CONST void **)&aconv);
  if (rc != PAM_SUCCESS)
    return rc;
  /* make the message string */
  va_start(ap, format);
  vsnprintf(buffer, sizeof(buffer), format, ap);
  buffer[sizeof(buffer) - 1] = '\0';
  va_end(ap);
  /* build the message */
  msg.msg_style = style;
  msg.msg = buffer;
  pmsg = &msg;
  resp = NULL;
  rc = aconv->conv(1, (const struct pam_message **)&pmsg, &resp, aconv->appdata_ptr);
  if (rc != PAM_SUCCESS)
    return rc;
  /* assign response if it is set */
  if (response != NULL)
  {
    if (resp == NULL)
      return PAM_CONV_ERR;
    if (resp[0].resp == NULL)
    {
      free(resp);
      return PAM_CONV_ERR;
    }
    *response = resp[0].resp;
  }
  else
    free(resp[0].resp);
  free(resp);
  return PAM_SUCCESS;
}
Ejemplo n.º 11
0
static const char *
get_tty(pam_handle_t *pamh)
{
    const void *void_terminal_line = NULL;
    const char *terminal_line;

    if (pam_get_item(pamh, PAM_TTY, &void_terminal_line) != PAM_SUCCESS
	|| void_terminal_line == NULL) {
	terminal_line = DEFAULT_TERM;
    } else {
	terminal_line = void_terminal_line;
    }
    if (!strncmp("/dev/", terminal_line, 5)) {
	/* strip leading "/dev/" from tty. */
	terminal_line += 5;
    }
    D(("terminal = %s", terminal_line));
    return terminal_line;
}
Ejemplo n.º 12
0
static int
_PAMCreateAttributesFromHandle(pam_handle_t *pamh, CFDictionaryRef *pAttributes)
{
    CFMutableDictionaryRef attributes = NULL;
    const char *user;
    int rc;

    rc = pam_get_item(pamh, PAM_USER, (const void **)&user);
    if (rc != PAM_SUCCESS)
        return rc;

    CFStringRef name = CFStringCreateWithCString(kCFAllocatorDefault, user, kCFStringEncodingUTF8);
    if (name == NULL) {
        CFRelease(attributes);
        return PAM_BUF_ERR;
    }

    /* In case module returned PAM_TRY_AGAIN */
    rc = pam_get_data(pamh, CREDUI_ATTR_DATA, (const void **)&attributes);
    if (rc == PAM_SUCCESS && attributes) {
        CFStringRef assertedName = (CFStringRef)CFDictionaryGetValue(attributes, kCUIAttrName);
        
        if (assertedName && CFEqual(assertedName, name)) {
            *pAttributes = (CFDictionaryRef)CFRetain(attributes);
            CFRelease(name);
            return PAM_SUCCESS;
        }
    }
    
    attributes = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
    if (attributes == NULL)
        return PAM_BUF_ERR;
    
    CFDictionarySetValue(attributes, kCUIAttrNameType, kCUIAttrNameTypePosixName);
    CFDictionarySetValue(attributes, kCUIAttrName, name);
    
    /* we don't get AUTHTOK because it might prompt */
    
    CFRelease(name);
    
    *pAttributes = attributes;
    return PAM_SUCCESS;
}
Ejemplo n.º 13
0
static int converse( pam_handle_t * pamh,
                     struct pam_message ** message,
                     struct pam_response ** response )
{
   int retval;
   void const * void_conv;
   struct pam_conv const * conv;

   retval = pam_get_item( pamh, PAM_CONV, & void_conv );
   conv = (struct pam_conv const *) void_conv;

   if( retval == PAM_SUCCESS )
   {
      retval = conv->conv( 1, (struct pam_message const **) message,
                           response, conv->appdata_ptr );
   }

   return retval;
}
Ejemplo n.º 14
0
/*
 * This is a conversation function to obtain the user's password
 */
static int get_password(pam_handle_t * pamh, const char *message, const char **passwd)
{
    struct pam_message msg[2], *pmsg[2];
    struct pam_response *resp;
    const struct pam_conv *conv;

    pmsg[0] = &msg[0];
    msg[0].msg = message;
    msg[0].msg_style = PAM_PROMPT_ECHO_OFF;

    if (pam_get_item(pamh, PAM_CONV, (const void **) &conv) == PAM_SUCCESS &&
        conv->conv(1, (const struct pam_message **) &pmsg, &resp, conv->appdata_ptr) == PAM_SUCCESS && 
        resp != NULL) {
        *passwd = resp[0].resp;
        free(resp);
        return PAM_SUCCESS;
    }
    return PAM_SYSTEM_ERR;
}
Ejemplo n.º 15
0
char *get_response(pam_handle_t *pamh, const char *prompt, int verbose) {
    struct pam_conv *conv;
    int retval;
    struct pam_message msg;
    const struct pam_message *msgp;
    struct pam_response *resp;
    char *response;
    char buffer[MAXBUFSIZE];

    retval = pam_get_item(pamh, PAM_CONV, (const void**) &conv);
    if (retval != PAM_SUCCESS) {
        return NULL;
    }

    /* check if we want verbose input */
    if ( verbose != 0 )
        msg.msg_style = PAM_PROMPT_ECHO_ON;
    else
        msg.msg_style = PAM_PROMPT_ECHO_OFF;

    if (prompt) {
        snprintf(buffer, MAXBUFSIZE, "%s: ", prompt);
    } else {
        strcpy(buffer, "Password: ");
    }

    /* set up the conversation */
    msg.msg = buffer;
    msgp = &msg;
    resp = NULL;
    response = NULL;
    retval = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
    if (resp != NULL) {
        if (retval == PAM_SUCCESS) {
            response = resp->resp;
        } else {
            free(resp->resp);
        }
        free(resp);
    }

    return response;
}
Ejemplo n.º 16
0
int converse(pam_handle_t * pamh, int nargs, const struct pam_message *message,
    struct pam_response **response) {

    int retval;
    struct pam_conv *conv;

    if ((retval = pam_get_item (pamh, PAM_CONV, (const void **)&conv)) == PAM_SUCCESS) {
        retval = conv->conv(nargs, &message, response, conv->appdata_ptr);

        if (retval != PAM_SUCCESS) {
            _pam_log(LOG_ERR, "(pam_tacplus) converse returned %d", retval);
            _pam_log(LOG_ERR, "that is: %s", pam_strerror (pamh, retval));
        }
    } else {
        _pam_log (LOG_ERR, "(pam_tacplus) converse failed to get pam_conv");
    }

    return retval;
}
Ejemplo n.º 17
0
static int converse(pam_handle_t *pamh, int style, lo_const char *text,
    struct pam_response **resp)
{
	struct pam_conv *conv;
	struct pam_message msg, *pmsg;
	int status;

	status = pam_get_item(pamh, PAM_CONV, (pam_item_t *)&conv);
	if (status != PAM_SUCCESS)
		return status;

	pmsg = &msg;
	msg.msg_style = style;
	msg.msg = text;

	*resp = NULL;
	return conv->conv(1, (lo_const struct pam_message **)&pmsg, resp,
	    conv->appdata_ptr);
}
Ejemplo n.º 18
0
/**
 * EscalateModuleStartAddItem:
 * @self: Module containing the PAM handle.
 * @items: Array to append PAM item type and value tuples to.
 * @item: Item type of the value to fetch using pam_get_item().
 * @error: (out)(allow-none): Error return location or #NULL.
 *
 * Returns: #TRUE if there was no fatal error.
 */
static gboolean EscalateModuleStartAddItem(EscalateModule *self,
                                           GVariantBuilder *items, gint item,
                                           GError **error) {
  const gchar *value = NULL;
  gint status = pam_get_item(self->pamh, item, (const void **) &value);
  switch (status) {
    case PAM_SUCCESS:
      g_variant_builder_add(items, "{ims}", item, value);
      return TRUE;
    case PAM_BAD_ITEM:
      return TRUE;
    default:
      g_set_error(error, ESCALATE_MODULE_ERROR,
                  ESCALATE_MODULE_ERROR_GET_ITEM_FAILED,
                  "Failed to get PAM item %d: %s", item,
                  pam_strerror(self->pamh, status));
      return FALSE;
  }
}
Ejemplo n.º 19
0
static int
pamGssGetAuthTok(pam_handle_t *pamh,
                 int confFlags,
                 gss_buffer_t passwordBuf)
{
    int status;
    struct pam_conv *conv;
    struct pam_message msg;
    const struct pam_message *msgp;
    struct pam_response *resp;

    status = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
    BAIL_ON_PAM_ERROR(status);

    if (conv == NULL) {
        status = PAM_CONV_ERR;
        goto cleanup;
    }

    msg.msg_style = PAM_PROMPT_ECHO_OFF;
    msg.msg = PASSWORD_PROMPT;
    msgp = &msg;
    resp = NULL;

    status = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);

    if (resp != NULL) {
        if (status == PAM_SUCCESS)
            passwordBuf->value = resp->resp;
        else
            free(resp->resp);
        free(resp);
    }

    passwordBuf->length = passwordBuf->value ? strlen((char *)passwordBuf->value) : 0;
    if (passwordBuf->length == 0 && (confFlags & FLAG_NULLOK) == 0) {
        status = PAM_AUTH_ERR;
        goto cleanup;
    }

cleanup:
    return status;
}
Ejemplo n.º 20
0
/*
 * get_pam_user - Get the username according to PAM
 *
 * ptr_pam_user shall point to a malloc'ed string (or NULL).
 */
static void get_pam_user (char **ptr_pam_user)
{
	int retcode;
	void *ptr_user;

	assert (NULL != ptr_pam_user);

	retcode = pam_get_item (pamh, PAM_USER, (const void **)&ptr_user);
	PAM_FAIL_CHECK;

	if (NULL != *ptr_pam_user) {
		free (*ptr_pam_user);
	}
	if (NULL != ptr_user) {
		*ptr_pam_user = xstrdup ((const char *)ptr_user);
	} else {
		*ptr_pam_user = NULL;
	}
}
Ejemplo n.º 21
0
/*
 * Entry point from pam_open_session call.
 */
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
                                   int argc, const char **argv)
{
    /* Parse arguments. */
    if (argc < 1) {
       	pam_syslog(pamh, LOG_ERR, "usage: pam_unshare.so [group name]");
	return PAM_SESSION_ERR;
    }

    pam_syslog(pamh, LOG_INFO, "Getting PAM_USER");
    /* See http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html */
    const void *item_v;
    int rc = pam_get_item(pamh, PAM_USER, &item_v);
    const char *username = "******";
    if(rc == PAM_SUCCESS) {
        username = item_v;
    }
    pam_syslog(pamh, LOG_INFO, "pam_unshare, return code %d, found user %s", rc, username);

    struct passwd* user = getpwnam(username);
    if (user == NULL) {
        pam_syslog(pamh, LOG_ERR, "getpwnam(%s) == NULL", username);
	return PAM_SESSION_ERR;
    }
    struct group* group = getgrgid(user->pw_gid);
    if (group == NULL) {
        pam_syslog(pamh, LOG_ERR, "getgrgid(%d) == NULL", user->pw_gid);
	return PAM_SESSION_ERR;
    }
    
    const char* target_group = argv[0];

    if (strcmp(target_group, group->gr_name) == 0) {
	pam_syslog(pamh, LOG_INFO, "found user in target group! calling unshare()");

	if(unshare(CLONE_NEWNS) < 0) {
            pam_syslog(pamh, LOG_ERR, "Unable to unshare from parent namespace, %m");
            return PAM_SESSION_ERR;
	}
    }

    return PAM_SUCCESS;
}
Ejemplo n.º 22
0
static int
_PAMSetTargetNameWithService(pam_handle_t *pamh, CUIControllerRef controller)
{
    const char *service = NULL;
    CFStringRef cfService;
    int rc;

    rc = pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
    if (rc != PAM_SUCCESS)
        return rc;

    cfService = CFStringCreateWithCString(kCFAllocatorDefault, service, kCFStringEncodingUTF8);
    if (cfService == NULL)
        return PAM_BUF_ERR;

    CUIControllerSetTargetName(controller, cfService);
    CFRelease(cfService);

    return PAM_SUCCESS;
}
Ejemplo n.º 23
0
static int prompt_password(pam_handle_t *pamh, const char **password)
{
    int ret;
    const struct pam_conv *conv;
    ret = pam_get_item (pamh, PAM_CONV, (const void **) &conv);
    if (ret != PAM_SUCCESS) return ret;

    const struct pam_message *pmsg[1];
    struct pam_message msg[1];
    msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
    msg[0].msg = "Multipass: ";
    pmsg[0] = &msg[0];

    struct pam_response *resp = NULL;
    ret = conv->conv(1, pmsg, &resp, conv->appdata_ptr);
    if (ret != PAM_SUCCESS) return ret;
    *password = resp->resp;
    free(resp);
    return PAM_SUCCESS;
}
Ejemplo n.º 24
0
static int init(pam_handle_t *pamh,struct pld_cfg *cfg,struct pld_ctx **ctx,
                const char **username,const char **service)
{
  int rc;
  struct passwd *pwent;
  /* get user name */
  rc=pam_get_user(pamh,username,NULL);
  if (rc!=PAM_SUCCESS)
  {
    pam_syslog(pamh,LOG_ERR,"failed to get user name: %s",pam_strerror(pamh,rc));
    return rc;
  }
  if ((*username==NULL)||((*username)[0]=='\0'))
  {
    pam_syslog(pamh,LOG_ERR,"got empty user name");
    return PAM_USER_UNKNOWN;
  }
  /* check uid */
  if (cfg->minimum_uid>0)
  {
    pwent=pam_modutil_getpwnam(args->pamh,*username);
    if ((pwent!=NULL)&&(pwent->pw_uid<cfg->minimum_uid))
    {
      if (cfg->debug)
        pam_syslog(pamh,LOG_DEBUG,"uid below minimum_uid; user=%s uid=%ld",*username,(long)pwent->pw_uid);
      return cfg->ignore_unknown_user?PAM_IGNORE:PAM_USER_UNKNOWN;
    }
  }
  /* get our context */
  rc=ctx_get(pamh,*username,ctx);
  if (rc!=PAM_SUCCESS)
    return rc;
  /* get service name */
  rc=pam_get_item(pamh,PAM_SERVICE,(const void **)service);
  if (rc!=PAM_SUCCESS)
  {
    pam_syslog(pamh,LOG_ERR,"failed to get service name: %s",pam_strerror(pamh,rc));
    return rc;
  }
  return PAM_SUCCESS;
}
Ejemplo n.º 25
0
/**
 * This function lets us do IO via PAM
 * @param pam_handle The PAM handle
 * @param pam_argc The number of args
 * @param pam_message The message to prompt
 * @param pam_response The user response
 * @return A PAM return code
 * @see pam_unix/support.c
 */
int
pam_converse(pam_handle_t *pam_handle, int pam_argc, 
struct pam_message **pam_message, struct pam_response **pam_response)
{
    /* PAM data */
    struct pam_conv *pam_conversation;
    int pam_status;

    /* Check feasibility of PAM conversations */
    pam_status = pam_get_item(pam_handle, PAM_CONV, 
        (const void **) &pam_conversation);

    /* Converse with PAM */
    if(pam_status == PAM_SUCCESS)
        pam_status = pam_conversation->conv(pam_argc, 
            (const struct pam_message **) pam_message, pam_response, 
            pam_conversation->appdata_ptr);

    /* Return PAM status */
    return pam_status;
}
Ejemplo n.º 26
0
static int record_host(const abl_args *args, abl_info *info, time_t tm) {
    if (NULL != args->host_db) {
        const void *rhost;
        int err;

        if (err = pam_get_item(args->pamh, PAM_RHOST, &rhost), PAM_SUCCESS != err) {
            log_pam_error(args, err, "getting PAM_RHOST");
            return err;
        }
        if (NULL != rhost) {
            info->subject = HOST;
            info->host = rhost;
            return record(args, info, tm, args->host_purge);
        } else {
            log_debug(args, "PAM_RHOST is NULL");
            return 0;
        }
    } else {
        return 0;
    }
}
Ejemplo n.º 27
0
static int pam_http_get_password(pam_handle_t* pamh, char** password)
{
    int retval, retry;

    struct pam_conv* conv;
    struct pam_message msg;
    const struct pam_message* msgp;
    struct pam_response* resp;

    retval = pam_get_item(pamh, PAM_CONV, (const void**)&conv);
    if (retval != PAM_SUCCESS)
        return PAM_SYSTEM_ERR;

    msg.msg_style = PAM_PROMPT_ECHO_OFF;
    msg.msg = password_prompt;
    msgp = &msg;

    for (retry = 0; retry < 3; ++retry) {
        resp = NULL;
        retval = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
        if (resp != NULL) {
            if (retval == PAM_SUCCESS)
                *password = resp->resp;
            else
                free(resp->resp);
            free(resp);
        }

        if (retval == PAM_SUCCESS)
            break;
    }

    if (retval == PAM_CONV_ERR)
        return retval;
    if (retval != PAM_SUCCESS)
        return PAM_AUTH_ERR;

    return PAM_SUCCESS;
}
Ejemplo n.º 28
0
int 
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
  parse_ctrl(argc, argv);
  ENTRY("pam_sm_setcred");

  switch (flags & ~PAM_SILENT) {
  case 0:
  case PAM_ESTABLISH_CRED:
    if (k_hasafs())
      k_setpag();
    /* Fall through, fill PAG with credentials below. */
  case PAM_REINITIALIZE_CRED:
  case PAM_REFRESH_CRED:
    if (k_hasafs())
      {
	void *user = 0;

	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
	  {
	    struct passwd *pw = getpwnam((char *)user);
	    if (pw != 0)
	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
				  pw->pw_uid, pw->pw_dir);
	  }
      }
    break;
  case PAM_DELETE_CRED:
    dest_tkt();
    if (k_hasafs())
      k_unlog();
    break;
  default:
    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
    break;
  }
  
  return PAM_SUCCESS;
}
Ejemplo n.º 29
0
Archivo: pam.c Proyecto: fqtools/ocserv
static int pam_auth_user(void* ctx, char *username, int username_size)
{
const char* user = NULL;
struct pam_ctx_st * pctx = ctx;
int pret;

	username[0] = 0;

	pret = pam_get_item(pctx->ph, PAM_USER, (const void **)&user);
	if (pret != PAM_SUCCESS) {
		/*syslog(LOG_AUTH, "PAM-auth: pam_get_item(PAM_USER): %s", pam_strerror(pctx->ph, pret));*/
		return -1;
	}
	
	if (user != NULL) {
		strlcpy(username, user, username_size);

		return 0;
	}
	
	return -1;
}
Ejemplo n.º 30
0
/* this is a front-end for module-application conversations */
static int converse(pam_handle_t *pamh, int ctrl, int nargs,
                    struct pam_message **message,
                    struct pam_response **response)
{
    int retval;
    struct pam_conv *conv;

    retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); 

    if ( retval == PAM_SUCCESS ) {
        retval = conv->conv(nargs, (const struct pam_message **)message,
			                response, conv->appdata_ptr);
        if (retval != PAM_SUCCESS && (ctrl && PAM_DEBUG_ARG)) {
            _pam_log(LOG_DEBUG, "conversation failure [%s]",
                                 pam_strerror(pamh, retval));
        }
    } else {
        _pam_log(LOG_ERR, "couldn't obtain coversation function [%s]",
                pam_strerror(pamh, retval));
    }

    return retval;                  /* propagate error status */
}