191094Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3228690Sdes * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav 491094Sdes * All rights reserved. 591094Sdes * 691094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 799158Sdes * Network Associates Laboratories, the Security Research Division of 899158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1091094Sdes * 1191094Sdes * Redistribution and use in source and binary forms, with or without 1291094Sdes * modification, are permitted provided that the following conditions 1391094Sdes * are met: 1491094Sdes * 1. Redistributions of source code must retain the above copyright 1591094Sdes * notice, this list of conditions and the following disclaimer. 1691094Sdes * 2. Redistributions in binary form must reproduce the above copyright 1791094Sdes * notice, this list of conditions and the following disclaimer in the 1891094Sdes * documentation and/or other materials provided with the distribution. 1991094Sdes * 3. The name of the author may not be used to endorse or promote 2091094Sdes * products derived from this software without specific prior written 2191094Sdes * permission. 2291094Sdes * 2391094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2491094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2591094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2691094Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2791094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2891094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2991094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3091094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3191094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3291094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3391094Sdes * SUCH DAMAGE. 3491094Sdes * 35255376Sdes * $Id: pam_authenticate.c 648 2013-03-05 17:54:27Z des $ 3691094Sdes */ 3791094Sdes 38228690Sdes#ifdef HAVE_CONFIG_H 39228690Sdes# include "config.h" 40228690Sdes#endif 41228690Sdes 4291094Sdes#include <sys/param.h> 4391094Sdes 4491094Sdes#include <security/pam_appl.h> 4591094Sdes 4691094Sdes#include "openpam_impl.h" 4791094Sdes 4891094Sdes/* 4991094Sdes * XSSO 4.2.1 5091094Sdes * XSSO 6 page 34 5191094Sdes * 5291094Sdes * Perform authentication within the PAM framework 5391094Sdes */ 5491094Sdes 5591094Sdesint 5691094Sdespam_authenticate(pam_handle_t *pamh, 5791094Sdes int flags) 5891094Sdes{ 59110556Sdes int r; 6091094Sdes 61107937Sdes ENTER(); 6293982Sdes if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) 63107937Sdes RETURNC(PAM_SYMBOL_ERR); 64110556Sdes r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); 6591684Sdes pam_set_item(pamh, PAM_AUTHTOK, NULL); 66110556Sdes RETURNC(r); 6791094Sdes} 6891100Sdes 6991100Sdes/* 7091100Sdes * Error codes: 7191100Sdes * 7291100Sdes * =openpam_dispatch 7391100Sdes * =pam_sm_authenticate 7491100Sdes * !PAM_IGNORE 7594670Sdes * PAM_SYMBOL_ERR 7691100Sdes */ 7793982Sdes 7893982Sdes/** 7993982Sdes * The =pam_authenticate function attempts to authenticate the user 8093982Sdes * associated with the pam context specified by the =pamh argument. 8193982Sdes * 8293982Sdes * The application is free to call =pam_authenticate as many times as it 8393982Sdes * wishes, but some modules may maintain an internal retry counter and 8493982Sdes * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. 8593982Sdes * 8693982Sdes * The =flags argument is the binary or of zero or more of the following 8793982Sdes * values: 8893982Sdes * 8994670Sdes * =PAM_SILENT: 9093982Sdes * Do not emit any messages. 9194670Sdes * =PAM_DISALLOW_NULL_AUTHTOK: 9293982Sdes * Fail if the user's authentication token is null. 9394670Sdes * 9494670Sdes * If any other bits are set, =pam_authenticate will return 9594670Sdes * =PAM_SYMBOL_ERR. 9693982Sdes */ 97