diff options
author | markm <markm@FreeBSD.org> | 2001-08-10 19:05:57 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-08-10 19:05:57 +0000 |
commit | d6d9a9d42246e0810123d964e9fd159436e6e72e (patch) | |
tree | 2d7f80529173146f05a1c4de7c3ea58fb37d740e /lib/libpam | |
parent | cda9e6f6877e83d76bcc215952a9c9815f39c55b (diff) | |
download | FreeBSD-src-d6d9a9d42246e0810123d964e9fd159436e6e72e.zip FreeBSD-src-d6d9a9d42246e0810123d964e9fd159436e6e72e.tar.gz |
Use the FreeBSD pam_prompt() interface to the conversation function
instead of home-rolling it. Clean up debugging code and tidy the
module.
Diffstat (limited to 'lib/libpam')
-rw-r--r-- | lib/libpam/modules/pam_ftp/pam_ftp.c | 141 |
1 files changed, 62 insertions, 79 deletions
diff --git a/lib/libpam/modules/pam_ftp/pam_ftp.c b/lib/libpam/modules/pam_ftp/pam_ftp.c index df63c6a..bf2e09b 100644 --- a/lib/libpam/modules/pam_ftp/pam_ftp.c +++ b/lib/libpam/modules/pam_ftp/pam_ftp.c @@ -26,8 +26,8 @@ * $FreeBSD$ */ -#define PROMPT "OINK Password required for %s." -#define GUEST_PROMPT "TWEET Guest login ok, send your e-mail address as password." +#define PROMPT "Password required for %s." +#define GUEST_PROMPT "Guest login ok, send your e-mail address as password." #include <security/_pam_aconf.h> @@ -44,57 +44,46 @@ #include <security/_pam_macros.h> -enum { PAM_OPT_NO_ANON=PAM_OPT_STD_MAX, PAM_OPT_IGNORE }; +enum { PAM_OPT_NO_ANON=PAM_OPT_STD_MAX, PAM_OPT_IGNORE, PAM_OPT_USERS }; static struct opttab other_options[] = { { "no_anon", PAM_OPT_NO_ANON }, { "ignore", PAM_OPT_IGNORE }, + { "users", PAM_OPT_USERS }, { NULL, 0 } }; -static int -converse(pam_handle_t *pamh, int nargs, struct pam_message **message, - struct pam_response **response) -{ - struct pam_conv *conv; - int retval; - - retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv); - if (retval == PAM_SUCCESS) - retval = conv->conv(nargs, (const struct pam_message **)message, - response, conv->appdata_ptr); - return retval; -} - static const char *anonusers[] = {"ftp", "anonymous", NULL}; -/* Check if name is in list or default list. - * Place user's name in *user +/* Check if *user is in supplied *list or *anonusers[] list. + * Place username in *userret * Return 1 if listed 0 otherwise */ static int -lookup(const char *name, char *list, const char **user) +lookup(const char *user, char *list, const char **userret) { int anon, i; char *item, *context, *locallist; anon = 0; - *user = name; /* this is the default */ + *userret = user; /* this is the default */ if (list) { + *userret = NULL; locallist = list; while ((item = strtok_r(locallist, ",", &context))) { - locallist = NULL; - if (strcmp(name, item) == 0) { - *user = item; + if (*userret == NULL) + *userret = item; + if (strcmp(user, item) == 0) { anon = 1; break; } + locallist = NULL; } } else { for (i = 0; anonusers[i] != NULL; i++) { - if (strcmp(anonusers[i], name) == 0) { - *user = anonusers[0]; + if (strcmp(anonusers[i], user) == 0) { + *userret = anonusers[0]; anon = 1; break; } @@ -111,13 +100,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) { struct options options; - struct pam_message msg[1], *mesg[1]; - struct pam_response *resp; int retval, anon; - char *users, *context, *prompt; - const char *user, *token; - - users = prompt = NULL; + char *users, *context, *prompt, *token, *p; + const char *user; pam_std_option(&options, other_options, argc, argv); @@ -127,77 +112,69 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS || user == NULL) PAM_RETURN(PAM_USER_UNKNOWN); + PAM_LOG("Got user: %s", user); + + users = NULL; + if (pam_test_option(&options, PAM_OPT_USERS, &users)) + PAM_LOG("Got extra anonymous users: %s", users); + anon = 0; if (!pam_test_option(&options, PAM_OPT_NO_ANON, NULL)) anon = lookup(user, users, &user); + PAM_LOG("Done user: %s", user); + if (anon) { retval = pam_set_item(pamh, PAM_USER, (const void *)user); - if (retval != PAM_SUCCESS || user == NULL) - PAM_RETURN(PAM_USER_UNKNOWN); - } - - PAM_LOG("Got user: %s", user); - - /* Require an email address for user's password. */ - if (!anon) { - prompt = malloc(strlen(PROMPT) + strlen(user)); - if (prompt == NULL) - PAM_RETURN(PAM_BUF_ERR); - else { - sprintf(prompt, PROMPT, user); - msg[0].msg = prompt; - } + if (retval != PAM_SUCCESS) + PAM_RETURN(retval); + prompt = GUEST_PROMPT; + PAM_LOG("Doing anonymous"); } - else - msg[0].msg = GUEST_PROMPT; - msg[0].msg_style = PAM_PROMPT_ECHO_OFF; - mesg[0] = &msg[0]; - - PAM_LOG("Sent prompt"); - - resp = NULL; - retval = converse(pamh, 1, mesg, &resp); - if (prompt) { - _pam_overwrite(prompt); - _pam_drop(prompt); + else { + prompt = PROMPT; + PAM_LOG("Doing non-anonymous"); } - PAM_LOG("Done conversation 1"); - - if (retval != PAM_SUCCESS) { - if (resp != NULL) - _pam_drop_reply(resp, 1); + retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, prompt, &token); + if (retval != PAM_SUCCESS) PAM_RETURN(retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE : PAM_AUTHINFO_UNAVAIL); - } - PAM_LOG("Done conversation 2"); + PAM_LOG("Got password"); if (anon) { if (!pam_test_option(&options, PAM_OPT_IGNORE, NULL)) { - token = strtok_r(resp->resp, "@", &context); - pam_set_item(pamh, PAM_RUSER, token); - - if ((token) && (retval == PAM_SUCCESS)) { - token = strtok_r(NULL, "@", &context); - pam_set_item(pamh, PAM_RHOST, token); + p = strtok_r(token, "@", &context); + if (p != NULL) { + pam_set_item(pamh, PAM_RUSER, p); + PAM_LOG("Got ruser: %s", p); + if (retval == PAM_SUCCESS) { + p = strtok_r(NULL, "@", &context); + if (p != NULL) { + pam_set_item(pamh, PAM_RHOST, p); + PAM_LOG("Got rhost: %s", p); + } + } } } - retval = PAM_SUCCESS; + else + PAM_LOG("Ignoring supplied password structure"); PAM_LOG("Done anonymous"); + retval = PAM_SUCCESS; + } else { - pam_set_item(pamh, PAM_AUTHTOK, resp->resp); - retval = PAM_AUTH_ERR; + pam_set_item(pamh, PAM_AUTHTOK, token); + + PAM_VERBOSE_ERROR("Anonymous module reject"); PAM_LOG("Done non-anonymous"); - } - if (resp) - _pam_drop_reply(resp, 1); + retval = PAM_AUTH_ERR; + } PAM_RETURN(retval); } @@ -205,7 +182,13 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) { - return PAM_IGNORE; + struct options options; + + pam_std_option(&options, other_options, argc, argv); + + PAM_LOG("Options processed"); + + PAM_RETURN(PAM_SUCCESS); } PAM_MODULE_ENTRY("pam_ftp"); |