File: pam_get_authtok.c

package info (click to toggle)
nss-pam-ldapd 0.9.10-2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 4,768 kB
  • sloc: ansic: 16,287; sh: 6,589; python: 3,368; xml: 1,925; makefile: 294; exp: 146
file content (94 lines) | stat: -rw-r--r-- 3,177 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
   pam_get_authtok.c - replacement function for pam_get_authtok()

   Copyright (C) 2009, 2010, 2012 Arthur de Jong
   Copyright (C) 2010 Symas Corporation

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with this library; if not, write to the Free Software
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
   02110-1301 USA
*/

#include "config.h"

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <unistd.h>
#include <sys/types.h>

#include "compat/attrs.h"
#include "compat/pam_compat.h"

/* warning: this version assumes that try_first_pass is specified */

int pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok,
                    const char *prompt)
{
  int rc;
  char *passwd = NULL, *retype_passwd = NULL;
  const void *oldauthtok;
  char retype_prompt[80];
  /* first try to see if the value is already on the stack */
  *authtok = NULL;
  rc = pam_get_item(pamh, item, (PAM_ITEM_CONST void **)authtok);
  if ((rc == PAM_SUCCESS) && (*authtok != NULL))
    return PAM_SUCCESS;
  /* check what to prompt for and provide default prompt */
  *retype_prompt = '\0';
  if (item == PAM_OLDAUTHTOK)
    prompt = (prompt != NULL) ? prompt : "Old Password: ";
  else
  {
    rc = pam_get_item(pamh, PAM_OLDAUTHTOK, (PAM_ITEM_CONST void **)&oldauthtok);
    if ((rc == PAM_SUCCESS) && (oldauthtok != NULL))
    {
      prompt = (prompt != NULL) ? prompt : "New Password: ";
      snprintf(retype_prompt, sizeof(retype_prompt), "Retype %s", prompt);
      retype_prompt[sizeof(retype_prompt) - 1] = '\0';
    }
    else
      prompt = (prompt != NULL) ? prompt : "Password: ";
  }
  /* prepare prompt and get password */
  rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &passwd, "%s", prompt);
  if (rc != PAM_SUCCESS)
    return rc;
  /* if a second prompt should be presented, do it */
  if (*retype_prompt)
  {
    rc = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &retype_passwd, "%s",
                    retype_prompt);
    /* check passwords */
    if ((rc == PAM_SUCCESS) && (strcmp(retype_passwd, passwd) != 0))
      rc = PAM_AUTHTOK_RECOVERY_ERR;
  }
  /* store the password if everything went ok */
  if (rc == PAM_SUCCESS)
    rc = pam_set_item(pamh, item, passwd);
  /* clear and free any password information */
  memset(passwd, 0, strlen(passwd));
  free(passwd);
  if (retype_passwd != NULL)
  {
    memset(retype_passwd, 0, strlen(retype_passwd));
    free(retype_passwd);
  }
  if (rc != PAM_SUCCESS)
    return rc;
  /* return token from the stack */
  return pam_get_item(pamh, item, (PAM_ITEM_CONST void **)authtok);
}