1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/*
PAM support for a fgetty-style checkpasswd
This file is a (slightly modified) concatenation of the files
pam-support.[ch] that come with Alexey Mahotkin's fine
"checkpassword-pam". Only the essential stuff has been kept, ie.
only what is needed to build a "checkpassword" compatible with the
one that is distributed with "fgetty".
Thanks, Alexey!
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2, or (at
your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
Copyright (c) Alexey Mahotkin <alexm@hsys.msk.ru> 2002
PAM support for checkpassword-pam
*/
#include <string.h>
#include <security/pam_appl.h>
static const char* global_password;
static int
conversation (int num_msg, const struct pam_message **msgs,
struct pam_response **resp, void *appdata_ptr)
{
int i;
struct pam_response* responses;
(void) appdata_ptr;
/* safety check */
if (num_msg <= 0) {
return PAM_CONV_ERR;
}
/* allocate array of responses */
responses = calloc(num_msg, sizeof(struct pam_response));
if (!responses) {
return PAM_CONV_ERR;
}
for (i = 0; i < num_msg; i++) {
const struct pam_message *msg = msgs[i];
struct pam_response* response = &(responses[i]);
char* style = NULL;
switch (msg->msg_style) {
case PAM_PROMPT_ECHO_OFF: style = "PAM_PROMPT_ECHO_OFF"; break;
case PAM_PROMPT_ECHO_ON: style = "PAM_PROMPT_ECHO_ON"; break;
case PAM_ERROR_MSG: style = "PAM_ERROR_MSG"; break;
case PAM_TEXT_INFO: style = "PAM_TEXT_INFO"; break;
}
switch (msg->msg_style) {
case PAM_PROMPT_ECHO_OFF:
/* reply with password */
response->resp = strdup(global_password);
if (!response->resp)
return PAM_CONV_ERR;
break;
default:
return PAM_CONV_ERR;
}
response->resp_retcode = 0;
}
*resp = responses;
return PAM_SUCCESS;
}
int
authenticate_using_pam (const char* service_name,
const char* username,
const char* password)
{
struct pam_conv pam_conversation = { conversation, NULL };
pam_handle_t* pamh;
int retval;
/* to be used later from conversation() */
global_password = password;
/* initialize the PAM library */
retval = pam_start(service_name, username, &pam_conversation, &pamh);
if (retval != PAM_SUCCESS) {
return 111;
}
/* PAM_TTY is needed by the securetty module */
retval = pam_set_item(pamh, PAM_TTY, (void *)getenv("TTY"));
if (retval != PAM_SUCCESS) {
return 1;
}
/* Authenticate the user */
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS) {
return 1;
}
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS) {
return 1;
}
retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (retval != PAM_SUCCESS) {
return 1;
}
/* terminate the PAM library */
retval = pam_end(pamh, retval);
if (retval != PAM_SUCCESS) {
return 1;
}
return 0;
}
|
