1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
/* pam_permit module */
/*
* $Id: pam_debug.c 274 2005-07-13 09:52:25Z vorlon $
*
* Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
*
*/
#define DEFAULT_USER "nobody"
#include <stdio.h>
/*
* This module is intended as a debugging aide for determining how
* the PAM stack is operating.
*
* here, we make definitions for the externally accessible functions
* in this file (these definitions are required for static modules
* but strongly encouraged generally) they are used to instruct the
* modules include file to define their prototypes.
*/
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
#define PAM_SM_SESSION
#define PAM_SM_PASSWORD
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#define _PAM_ACTION_UNDEF (-10)
#include "../../libpam/pam_tokens.h"
/* --- authentication management functions --- */
static int state(pam_handle_t *pamh, const char *text)
{
int retval;
struct pam_conv *conv;
struct pam_message msg[1], *mesg[1];
struct pam_response *response;
retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
if ((retval != PAM_SUCCESS) || (conv == NULL)) {
D(("failed to obtain conversation function"));
return PAM_ABORT;
}
msg[0].msg_style = PAM_TEXT_INFO;
msg[0].msg = text;
mesg[0] = &msg[0];
retval = conv->conv(1, (const struct pam_message **) mesg,
&response, conv->appdata_ptr);
if (retval != PAM_SUCCESS) {
D(("conversation failed"));
}
return retval;
}
static int parse_args(int retval, const char *event,
pam_handle_t *pamh, int argc, const char **argv)
{
int i;
for (i=0; i<argc; ++i) {
int length = strlen(event);
if (!strncmp(event, argv[i], length) && (argv[i][length] == '=')) {
int j;
const char *return_string = argv[i] + (length+1);
for (j=0; j<_PAM_RETURN_VALUES; ++j) {
if (!strcmp(return_string, _pam_token_returns[j])) {
retval = j;
state(pamh, argv[i]);
break;
}
}
break;
}
}
return retval;
}
PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
int retval;
const char *user=NULL;
/*
* authentication requires we know who the user wants to be
*/
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS) {
D(("get user returned error: %s", pam_strerror(pamh,retval)));
return retval;
}
if (user == NULL || *user == '\0') {
D(("username not known"));
retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
if (retval != PAM_SUCCESS)
return retval;
}
user = NULL; /* clean up */
retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
return retval;
}
PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv);
}
/* --- account management functions --- */
PAM_EXTERN
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return parse_args(PAM_SUCCESS, "acct", pamh, argc, argv);
}
/* --- password management --- */
PAM_EXTERN
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
if (flags & PAM_PRELIM_CHECK) {
return parse_args(PAM_SUCCESS, "prechauthtok", pamh, argc, argv);
} else {
return parse_args(PAM_SUCCESS, "chauthtok", pamh, argc, argv);
}
}
/* --- session management --- */
PAM_EXTERN
int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc,
const char **argv)
{
return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv);
}
PAM_EXTERN
int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
return parse_args(PAM_SUCCESS, "close_session", pamh, argc, argv);
}
/* end of module definition */
#ifdef PAM_STATIC
/* static module data */
struct pam_module _pam_permit_modstruct = {
"pam_debug",
pam_sm_authenticate,
pam_sm_setcred,
pam_sm_acct_mgmt,
pam_sm_open_session,
pam_sm_close_session,
pam_sm_chauthtok
};
#endif
|
