Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-doc
 Path: blob/main/documentation/static/source/articles/pam/pam_unix.c
18096 views
1
/*-

2
 * Copyright (c) 2002 Networks Associates Technology, Inc.

3
 * All rights reserved.

4
 *

5
 * This software was developed for the FreeBSD Project by ThinkSec AS and

6
 * Network Associates Laboratories, the Security Research Division of

7
 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035

8
 * ("CBOSS"), as part of the DARPA CHATS research program.

9
 *

10
 * Redistribution and use in source and binary forms, with or without

11
 * modification, are permitted provided that the following conditions

12
 * are met:

13
 * 1. Redistributions of source code must retain the above copyright

14
 *    notice, this list of conditions and the following disclaimer.

15
 * 2. Redistributions in binary form must reproduce the above copyright

16
 *    notice, this list of conditions and the following disclaimer in the

17
 *    documentation and/or other materials provided with the distribution.

18
 * 3. The name of the author may not be used to endorse or promote

19
 *    products derived from this software without specific prior written

20
 *    permission.

21
 *

22
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

23
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

24
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

25
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

26
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

27
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

28
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

29
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

30
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

31
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

32
 * SUCH DAMAGE.

33
 *

34
 * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $

35
 * $FreeBSD: head/en_US.ISO8859-1/articles/pam/pam_unix.c 38826 2012-05-17 19:12:14Z hrs $

36
 */

37


38
#include <sys/param.h>

39


40
#include <pwd.h>

41
#include <stdlib.h>

42
#include <stdio.h>

43
#include <string.h>

44
#include <unistd.h>

45


46
#include <security/pam_modules.h>

47
#include <security/pam_appl.h>

48


49
#ifndef _OPENPAM

50
static char password_prompt[] = "Password:";

51
#endif

52


53
#ifndef PAM_EXTERN

54
#define PAM_EXTERN

55
#endif

56


57
PAM_EXTERN int

58
pam_sm_authenticate(pam_handle_t *pamh, int flags,

59
	int argc, const char *argv[])

60
{

61
#ifndef _OPENPAM

62
	struct pam_conv *conv;

63
	struct pam_message msg;

64
	const struct pam_message *msgp;

65
	struct pam_response *resp;

66
#endif

67
	struct passwd *pwd;

68
	const char *user;

69
	char *crypt_password, *password;

70
	int pam_err, retry;

71


72
	/* identify user */

73
	if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)

74
		return (pam_err);

75
	if ((pwd = getpwnam(user)) == NULL)

76
		return (PAM_USER_UNKNOWN);

77


78
	/* get password */

79
#ifndef _OPENPAM

80
	pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);

81
	if (pam_err != PAM_SUCCESS)

82
		return (PAM_SYSTEM_ERR);

83
	msg.msg_style = PAM_PROMPT_ECHO_OFF;

84
	msg.msg = password_prompt;

85
	msgp = &msg;

86
#endif

87
	for (retry = 0; retry < 3; ++retry) {

88
#ifdef _OPENPAM

89
		pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,

90
		    (const char **)&password, NULL);

91
#else

92
		resp = NULL;

93
		pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);

94
		if (resp != NULL) {

95
			if (pam_err == PAM_SUCCESS)

96
				password = resp->resp;

97
			else

98
				free(resp->resp);

99
			free(resp);

100
		}

101
#endif

102
		if (pam_err == PAM_SUCCESS)

103
			break;

104
	}

105
	if (pam_err == PAM_CONV_ERR)

106
		return (pam_err);

107
	if (pam_err != PAM_SUCCESS)

108
		return (PAM_AUTH_ERR);

109


110
	/* compare passwords */

111
	if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) ||

112
	    (crypt_password = crypt(password, pwd->pw_passwd)) == NULL ||

113
	    strcmp(crypt_password, pwd->pw_passwd) != 0)

114
		pam_err = PAM_AUTH_ERR;

115
	else

116
		pam_err = PAM_SUCCESS;

117
#ifndef _OPENPAM

118
	free(password);

119
#endif

120
	return (pam_err);

121
}

122


123
PAM_EXTERN int

124
pam_sm_setcred(pam_handle_t *pamh, int flags,

125
	int argc, const char *argv[])

126
{

127


128
	return (PAM_SUCCESS);

129
}

130


131
PAM_EXTERN int

132
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,

133
	int argc, const char *argv[])

134
{

135


136
	return (PAM_SUCCESS);

137
}

138


139
PAM_EXTERN int

140
pam_sm_open_session(pam_handle_t *pamh, int flags,

141
	int argc, const char *argv[])

142
{

143


144
	return (PAM_SUCCESS);

145
}

146


147
PAM_EXTERN int

148
pam_sm_close_session(pam_handle_t *pamh, int flags,

149
	int argc, const char *argv[])

150
{

151


152
	return (PAM_SUCCESS);

153
}

154


155
PAM_EXTERN int

156
pam_sm_chauthtok(pam_handle_t *pamh, int flags,

157
	int argc, const char *argv[])

158
{

159


160
	return (PAM_SERVICE_ERR);

161
}

162


163
#ifdef PAM_MODULE_ENTRY

164
PAM_MODULE_ENTRY("pam_unix");

165
#endif

166


167