summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_debug/Makefile15
-rw-r--r--modules/pam_debug/README15
-rw-r--r--modules/pam_debug/pam_debug.c175
3 files changed, 205 insertions, 0 deletions
diff --git a/modules/pam_debug/Makefile b/modules/pam_debug/Makefile
new file mode 100644
index 00000000..ae22cade
--- /dev/null
+++ b/modules/pam_debug/Makefile
@@ -0,0 +1,15 @@
+#
+# $Id$
+#
+# This Makefile controls a build process of $(TITLE) module for
+# Linux-PAM. You should not modify this Makefile (unless you know
+# what you are doing!).
+#
+# Created by Andrew Morgan <morgan@linux.kernel.org> 2000/08/27
+#
+
+include ../../Make.Rules
+
+TITLE=pam_debug
+
+include ../Simple.Rules
diff --git a/modules/pam_debug/README b/modules/pam_debug/README
new file mode 100644
index 00000000..b537e3a7
--- /dev/null
+++ b/modules/pam_debug/README
@@ -0,0 +1,15 @@
+# $Id$
+#
+
+This module returns what its module arguments tell it to return. It
+can be used for debugging libpam and/or an application.
+
+Here are some example ways to use it:
+
+auth requisite pam_permit.so
+auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success
+auth [default=reset] pam_debug.so auth=success cred=perm_denied
+auth [success=done default=die] pam_debug.so
+auth optional pam_debug.so auth=perm_denied cred=perm_denied
+auth sufficient pam_debug.so auth=success cred=success
+
diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
new file mode 100644
index 00000000..152b977c
--- /dev/null
+++ b/modules/pam_debug/pam_debug.c
@@ -0,0 +1,175 @@
+/* pam_permit module */
+
+/*
+ * $Id$
+ *
+ * Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
+ *
+ */
+
+#define DEFAULT_USER "nobody"
+
+#include <stdio.h>
+
+/*
+ * This module is intended as a debugging aide for determining how
+ * the PAM stack is operating.
+ *
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+
+#define _PAM_ACTION_UNDEF (-10)
+#include "../../libpam/pam_tokens.h"
+
+/* --- authentication management functions --- */
+
+static int state(pam_handle_t *pamh, const char *text)
+{
+ int retval;
+ struct pam_conv *conv;
+ struct pam_message msg[1], *mesg[1];
+ struct pam_response *response;
+
+ retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
+ if ((retval != PAM_SUCCESS) || (conv == NULL)) {
+ D(("failed to obtain conversation function"));
+ return PAM_ABORT;
+ }
+
+ msg[0].msg_style = PAM_TEXT_INFO;
+ msg[0].msg = text;
+ mesg[0] = &msg[0];
+
+ retval = conv->conv(1, (const struct pam_message **) mesg,
+ &response, conv->appdata_ptr);
+ if (retval != PAM_SUCCESS) {
+ D(("conversation failed"));
+ }
+
+ return retval;
+}
+
+static int parse_args(int retval, const char *event,
+ pam_handle_t *pamh, int argc, const char **argv)
+{
+ int i;
+
+ for (i=0; i<argc; ++i) {
+ int length = strlen(event);
+ if (!strncmp(event, argv[i], length) && (argv[i][length] == '=')) {
+ int j;
+ const char *return_string = argv[i] + (length+1);
+
+ for (j=0; j<_PAM_RETURN_VALUES; ++j) {
+ if (!strcmp(return_string, _pam_token_returns[j])) {
+ retval = j;
+ state(pamh, argv[i]);
+ break;
+ }
+ }
+ break;
+ }
+ }
+
+ return retval;
+}
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ int retval;
+ const char *user=NULL;
+
+ /*
+ * authentication requires we know who the user wants to be
+ */
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval != PAM_SUCCESS) {
+ D(("get user returned error: %s", pam_strerror(pamh,retval)));
+ return retval;
+ }
+ if (user == NULL || *user == '\0') {
+ D(("username not known"));
+ pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
+ }
+ user = NULL; /* clean up */
+
+ retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
+
+ return retval;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv);
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "acct", pamh, argc, argv);
+}
+
+/* --- password management --- */
+
+PAM_EXTERN
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ if (flags & PAM_PRELIM_CHECK) {
+ return parse_args(PAM_SUCCESS, "prechauthtok", pamh, argc, argv);
+ } else {
+ return parse_args(PAM_SUCCESS, "chauthtok", pamh, argc, argv);
+ }
+}
+
+/* --- session management --- */
+
+PAM_EXTERN
+int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc,
+ const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv);
+}
+
+PAM_EXTERN
+int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
+ ,const char **argv)
+{
+ return parse_args(PAM_SUCCESS, "close_session", pamh, argc, argv);
+}
+
+/* end of module definition */
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_permit_modstruct = {
+ "pam_debug",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+
+#endif