diff options
Diffstat (limited to 'modules/pam_unix/pam_unix.c')
| -rw-r--r-- | modules/pam_unix/pam_unix.c | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c new file mode 100644 index 0000000..c2ad03e --- /dev/null +++ b/modules/pam_unix/pam_unix.c @@ -0,0 +1,196 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_unix.c 408 2007-12-21 11:36:24Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#include <sys/param.h> + +#include <pwd.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +#ifdef HAVE_CRYPT_H +# include <crypt.h> +#endif + +#include <security/pam_modules.h> +#include <security/pam_appl.h> + +#ifndef OPENPAM +static char password_prompt[] = "Password:"; +#endif + +#ifndef PAM_EXTERN +#define PAM_EXTERN +#endif + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ +#ifndef OPENPAM + struct pam_conv *conv; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *resp; +#endif + struct passwd *pwd; + const char *user; + char *crypt_password, *password; + int pam_err, retry; + + (void)argc; + (void)argv; + + /* identify user */ + if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return (pam_err); + if ((pwd = getpwnam(user)) == NULL) + return (PAM_USER_UNKNOWN); + + /* get password */ +#ifndef OPENPAM + pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv); + if (pam_err != PAM_SUCCESS) + return (PAM_SYSTEM_ERR); + msg.msg_style = PAM_PROMPT_ECHO_OFF; + msg.msg = password_prompt; + msgp = &msg; +#endif + for (retry = 0; retry < 3; ++retry) { +#ifdef OPENPAM + pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, + (const char **)&password, NULL); +#else + resp = NULL; + pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); + if (resp != NULL) { + if (pam_err == PAM_SUCCESS) + password = resp->resp; + else + free(resp->resp); + free(resp); + } +#endif + if (pam_err == PAM_SUCCESS) + break; + } + if (pam_err == PAM_CONV_ERR) + return (pam_err); + if (pam_err != PAM_SUCCESS) + return (PAM_AUTH_ERR); + + /* compare passwords */ + if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) || + (crypt_password = crypt(password, pwd->pw_passwd)) == NULL || + strcmp(crypt_password, pwd->pw_passwd) != 0) + pam_err = PAM_AUTH_ERR; + else + pam_err = PAM_SUCCESS; +#ifndef OPENPAM + free(password); +#endif + return (pam_err); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + (void)pamh; + (void)flags; + (void)argc; + (void)argv; + return (PAM_SERVICE_ERR); +} + +#ifdef PAM_MODULE_ENTRY +PAM_MODULE_ENTRY("pam_unix"); +#endif |
