diff options
Diffstat (limited to 'lib/libpam/modules/pam_tacplus/pam_tacplus.c')
-rw-r--r-- | lib/libpam/modules/pam_tacplus/pam_tacplus.c | 110 |
1 files changed, 29 insertions, 81 deletions
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.c b/lib/libpam/modules/pam_tacplus/pam_tacplus.c index 9dfe937..19e3185 100644 --- a/lib/libpam/modules/pam_tacplus/pam_tacplus.c +++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.c @@ -47,15 +47,15 @@ __FBSDID("$FreeBSD$"); #include <unistd.h> #define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD #include <security/pam_appl.h> #include <security/pam_modules.h> #include <security/pam_mod_misc.h> -enum { PAM_OPT_CONF=PAM_OPT_STD_MAX, PAM_OPT_TEMPLATE_USER }; +enum { + PAM_OPT_CONF = PAM_OPT_STD_MAX, + PAM_OPT_TEMPLATE_USER +}; static struct opttab other_options[] = { { "conf", PAM_OPT_CONF }, @@ -114,8 +114,8 @@ set_msg(struct tac_handle *tach, const char *msg) } PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, - const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, + int argc, const char *argv[]) { struct options options; int retval; @@ -135,40 +135,40 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, tach = tac_open(); if (tach == NULL) { syslog(LOG_CRIT, "tac_open failed"); - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); } if (tac_config(tach, conf_file) == -1) { syslog(LOG_ALERT, "tac_config: %s", tac_strerror(tach)); tac_close(tach); - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); } if (tac_create_authen(tach, TAC_AUTHEN_LOGIN, TAC_AUTHEN_TYPE_ASCII, TAC_AUTHEN_SVC_LOGIN) == -1) { syslog(LOG_CRIT, "tac_create_authen: %s", tac_strerror(tach)); tac_close(tach); - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); } PAM_LOG("Done tac_open() ... tac_close()"); retval = do_item(pamh, tach, PAM_USER, tac_set_user, "tac_set_user"); if (retval != PAM_SUCCESS) - PAM_RETURN(retval); + return (retval); PAM_LOG("Done user"); retval = do_item(pamh, tach, PAM_TTY, tac_set_port, "tac_set_port"); if (retval != PAM_SUCCESS) - PAM_RETURN(retval); + return (retval); PAM_LOG("Done tty"); retval = do_item(pamh, tach, PAM_RHOST, tac_set_rem_addr, "tac_set_rem_addr"); if (retval != PAM_SUCCESS) - PAM_RETURN(retval); + return (retval); - for ( ; ; ) { + for (;;) { char *srvr_msg; size_t msg_len; const char *user_msg; @@ -181,7 +181,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, syslog(LOG_CRIT, "tac_send_authen: %s", tac_strerror(tach)); tac_close(tach); - PAM_RETURN(PAM_AUTHINFO_UNAVAIL); + return (PAM_AUTHINFO_UNAVAIL); } status = TAC_AUTHEN_STATUS(sflags); if (!TAC_AUTHEN_NOECHO(sflags)) @@ -205,7 +205,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, */ retval = pam_get_item(pamh, PAM_USER, &item); if (retval != PAM_SUCCESS) - PAM_RETURN(retval); + return (retval); user = (const char *)item; if (getpwnam(user) == NULL) { pam_set_item(pamh, PAM_USER, @@ -213,17 +213,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, PAM_LOG("Using template user"); } } - PAM_RETURN(PAM_SUCCESS); + return (PAM_SUCCESS); case TAC_AUTHEN_STATUS_FAIL: tac_close(tach); PAM_VERBOSE_ERROR("TACACS+ authentication failed"); - PAM_RETURN(PAM_AUTH_ERR); + return (PAM_AUTH_ERR); case TAC_AUTHEN_STATUS_GETUSER: case TAC_AUTHEN_STATUS_GETPASS: if ((srvr_msg = get_msg(tach)) == NULL) - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); if (status == TAC_AUTHEN_STATUS_GETUSER) retval = pam_get_user(pamh, &user_msg, *srvr_msg ? srvr_msg : NULL); @@ -235,30 +235,30 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, if (retval != PAM_SUCCESS) { /* XXX - send a TACACS+ abort packet */ tac_close(tach); - PAM_RETURN(retval); + return (retval); } if (set_msg(tach, user_msg) == -1) - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); break; case TAC_AUTHEN_STATUS_GETDATA: if ((srvr_msg = get_msg(tach)) == NULL) - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); retval = pam_prompt(pamh, pam_test_option(&options, PAM_OPT_ECHO_PASS, NULL) - ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF, + ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF, &data_msg, "%s", *srvr_msg ? srvr_msg : "Data:"); free(srvr_msg); if (retval != PAM_SUCCESS) { /* XXX - send a TACACS+ abort packet */ tac_close(tach); - PAM_RETURN(retval); + return (retval); } retval = set_msg(tach, data_msg); memset(data_msg, 0, strlen(data_msg)); free(data_msg); if (retval == -1) - PAM_RETURN(PAM_SERVICE_ERR); + return (PAM_SERVICE_ERR); break; case TAC_AUTHEN_STATUS_ERROR: @@ -272,7 +272,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, syslog(LOG_CRIT, "tac_send_authen: server detected error"); tac_close(tach); - PAM_RETURN(PAM_AUTHINFO_UNAVAIL); + return (PAM_AUTHINFO_UNAVAIL); break; case TAC_AUTHEN_STATUS_RESTART: @@ -281,69 +281,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, syslog(LOG_CRIT, "tac_send_authen: unexpected status %#x", status); tac_close(tach); - PAM_RETURN(PAM_AUTHINFO_UNAVAIL); + return (PAM_AUTHINFO_UNAVAIL); } } } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) { - struct options options; - - pam_std_option(&options, NULL, argc, argv); - - PAM_LOG("Options processed"); - - PAM_RETURN(PAM_IGNORE); -} - -PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, int argc ,const char **argv) -{ - struct options options; - - pam_std_option(&options, NULL, argc, argv); - - PAM_LOG("Options processed"); - - PAM_RETURN(PAM_IGNORE); -} - -PAM_EXTERN int -pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) -{ - struct options options; - - pam_std_option(&options, NULL, argc, argv); - - PAM_LOG("Options processed"); - - PAM_RETURN(PAM_IGNORE); -} - -PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) -{ - struct options options; - - pam_std_option(&options, NULL, argc, argv); - - PAM_LOG("Options processed"); - - PAM_RETURN(PAM_IGNORE); -} - -PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) -{ - struct options options; - - pam_std_option(&options, NULL, argc, argv); - - PAM_LOG("Options processed"); - PAM_RETURN(PAM_IGNORE); + return (PAM_IGNORE); } PAM_MODULE_ENTRY("pam_tacplus"); |