diff options
Diffstat (limited to 'lib/libpam')
| -rw-r--r-- | lib/libpam/modules/modules.inc | 2 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_echo/Makefile | 7 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_echo/pam_echo.8 | 64 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_echo/pam_echo.c | 126 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_exec/Makefile | 7 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.8 | 65 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.c | 147 |
7 files changed, 418 insertions, 0 deletions
diff --git a/lib/libpam/modules/modules.inc b/lib/libpam/modules/modules.inc index 7011cc6..13cc28d 100644 --- a/lib/libpam/modules/modules.inc +++ b/lib/libpam/modules/modules.inc @@ -2,6 +2,8 @@ MODULES = MODULES += pam_deny +MODULES += pam_echo +MODULES += pam_exec MODULES += pam_ftp MODULES += pam_ftpusers .if defined(MAKE_KERBEROS4) && !defined(NOCRYPT) && !defined(NO_OPENSSL) diff --git a/lib/libpam/modules/pam_echo/Makefile b/lib/libpam/modules/pam_echo/Makefile new file mode 100644 index 0000000..915ddd8 --- /dev/null +++ b/lib/libpam/modules/pam_echo/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD$ + +LIB= pam_echo +SRCS= pam_echo.c +MAN= pam_echo.8 + +.include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_echo/pam_echo.8 b/lib/libpam/modules/pam_echo/pam_echo.8 new file mode 100644 index 0000000..062f513 --- /dev/null +++ b/lib/libpam/modules/pam_echo/pam_echo.8 @@ -0,0 +1,64 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd May 24, 2002 +.Dt PAM_ECHO 8 +.Os +.Sh NAME +.Nm pam_echo +.Nd Echo PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_echo +.Op Ar arguments +.Sh DESCRIPTION +The echo service module for PAM displays its arguments to the user, +separated by spaces, using the current conversation function. +.Sh SEE ALSO +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/libpam/modules/pam_echo/pam_echo.c b/lib/libpam/modules/pam_echo/pam_echo.c new file mode 100644 index 0000000..4ec0fd2 --- /dev/null +++ b/lib/libpam/modules/pam_echo/pam_echo.c @@ -0,0 +1,126 @@ +/*- + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> +#include <security/pam_modules.h> +#include <security/openpam.h> + +static int +_pam_echo(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + struct pam_message msg; + const struct pam_message *msgp; + const struct pam_conv *pamc; + struct pam_response *resp; + size_t len; + int i, pam_err; + + if (flags & PAM_SILENT) + return (PAM_SUCCESS); + pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&pamc); + if (pam_err != PAM_SUCCESS) + return (pam_err); + for (i = 0, len = 0; i < argc; ++i) + len += strlen(argv[i]) + 1; + if ((msg.msg = malloc(len)) == NULL) + return (PAM_BUF_ERR); + for (i = 0, len = 0; i < argc; ++i) + len += sprintf(msg.msg + len, "%s%s", i ? " " : "", argv[i]); + msg.msg[len] = '\0'; + msg.msg_style = PAM_TEXT_INFO; + msgp = &msg; + resp = NULL; + pam_err = (pamc->conv)(1, &msgp, &resp, pamc->appdata_ptr); + free(resp); + free(msg.msg); + return (pam_err); +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_echo(pamh, flags, argc, argv)); +} + +PAM_MODULE_ENTRY("pam_echo"); diff --git a/lib/libpam/modules/pam_exec/Makefile b/lib/libpam/modules/pam_exec/Makefile new file mode 100644 index 0000000..c1f5810 --- /dev/null +++ b/lib/libpam/modules/pam_exec/Makefile @@ -0,0 +1,7 @@ +# $FreeBSD$ + +LIB= pam_exec +SRCS= pam_exec.c +MAN= pam_exec.8 + +.include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8 new file mode 100644 index 0000000..86c3260 --- /dev/null +++ b/lib/libpam/modules/pam_exec/pam_exec.8 @@ -0,0 +1,65 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" Portions of this software were developed for the FreeBSD Project by +.\" ThinkSec AS and NAI Labs, the Security Research Division of Network +.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd May 24, 2002 +.Dt PAM_EXEC 8 +.Os +.Sh NAME +.Nm pam_exec +.Nd Exec PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_exec +.Op Ar arguments +.Sh DESCRIPTION +The exec service module for PAM executes the program designated by its +first argument, with its remaining arguments as command-line +arguments. +.Sh SEE ALSO +.Xr pam.conf 5 , +.Xr pam 8 +.Sh AUTHORS +The +.Nm +module and this manual page were developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c new file mode 100644 index 0000000..993f25b --- /dev/null +++ b/lib/libpam/modules/pam_exec/pam_exec.c @@ -0,0 +1,147 @@ +/*- + * Copyright (c) 2001 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/types.h> +#include <sys/wait.h> + +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <security/pam_appl.h> +#include <security/pam_modules.h> +#include <security/openpam.h> + +static int +_pam_exec(pam_handle_t *pamh __unused, int flags __unused, + int argc, const char *argv[]) +{ + int childerr, status; + pid_t pid; + + if (argc < 1) + return (PAM_SERVICE_ERR); + + /* + * XXX For additional credit, divert child's stdin/stdout/stderr + * to the conversation function. + */ + childerr = 0; + if ((pid = vfork()) == 0) { + execv(argv[0], argv); + childerr = errno; + _exit(1); + } else if (pid == -1) { + openpam_log(PAM_LOG_ERROR, "vfork(): %m"); + return (PAM_SYSTEM_ERR); + } + if (waitpid(pid, &status, 0) == -1) { + openpam_log(PAM_LOG_ERROR, "waitpid(): %m"); + return (PAM_SYSTEM_ERR); + } + if (childerr != 0) { + openpam_log(PAM_LOG_ERROR, "execv(): %m"); + return (PAM_SYSTEM_ERR); + } + if (WIFSIGNALED(status)) { + openpam_log(PAM_LOG_ERROR, "%s caught signal %d%s", + argv[0], WTERMSIG(status), + WCOREDUMP(status) ? " (core dumped)" : ""); + return (PAM_SYSTEM_ERR); + } + if (!WIFEXITED(status)) { + openpam_log(PAM_LOG_ERROR, "unknown status 0x%x", status); + return (PAM_SYSTEM_ERR); + } + if (WEXITSTATUS(status) != 0) { + openpam_log(PAM_LOG_ERROR, "%s returned code %d", + argv[0], WEXITSTATUS(status)); + return (PAM_SYSTEM_ERR); + } + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (_pam_exec(pamh, flags, argc, argv)); +} + +PAM_MODULE_ENTRY("pam_exec"); |
