pam_get_authtok.c revision 91100
112029Sache/*- 287108Sache * Copyright (c) 2002 Networks Associates Technologies, Inc. 387108Sache * All rights reserved. 487108Sache * 512029Sache * This software was developed for the FreeBSD Project by ThinkSec AS and 6175588Sache * NAI Labs, the Security Research Division of Network Associates, Inc. 787108Sache * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 812029Sache * DARPA CHATS research program. 912029Sache * 1012029Sache * Redistribution and use in source and binary forms, with or without 1112029Sache * modification, are permitted provided that the following conditions 1212029Sache * are met: 1312029Sache * 1. Redistributions of source code must retain the above copyright 1412029Sache * notice, this list of conditions and the following disclaimer. 1512029Sache * 2. Redistributions in binary form must reproduce the above copyright 1612029Sache * notice, this list of conditions and the following disclaimer in the 1712029Sache * documentation and/or other materials provided with the distribution. 1812029Sache * 3. The name of the author may not be used to endorse or promote 1912029Sache * products derived from this software without specific prior written 2012029Sache * permission. 2112029Sache * 2212029Sache * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2387108Sache * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2412029Sache * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2512029Sache * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2687108Sache * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2712029Sache * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2812029Sache * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2912029Sache * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $Id$ 35 */ 36 37#include <sys/param.h> 38 39#include <security/pam_appl.h> 40#include <security/openpam.h> 41 42#include "openpam_impl.h" 43 44/* 45 * OpenPAM extension 46 * 47 * Retrieve authentication token 48 */ 49 50int 51pam_get_authtok(pam_handle_t *pamh, 52 const char **authtok, 53 const char *prompt) 54{ 55 char *p, *resp; 56 int r, style; 57 58 if (pamh == NULL || authtok == NULL) 59 return (PAM_SYSTEM_ERR); 60 61 if (openpam_get_option(pamh, "try_first_pass") || 62 openpam_get_option(pamh, "use_first_pass")) { 63 r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok); 64 if (r == PAM_SUCCESS && *authtok != NULL) 65 return (PAM_SUCCESS); 66 else if (openpam_get_option(pamh, "use_first_pass")) 67 return (r == PAM_SUCCESS ? PAM_AUTH_ERR : r); 68 } 69 if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT, 70 (const void **)&p) != PAM_SUCCESS || p == NULL) 71 if (prompt == NULL) 72 prompt = "Password:"; 73 style = openpam_get_option(pamh, "echo_pass") ? 74 PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; 75 r = pam_prompt(pamh, style, &resp, "%s", p ? p : prompt); 76 if (r != PAM_SUCCESS) 77 return (r); 78 *authtok = resp; 79 return (pam_set_item(pamh, PAM_AUTHTOK, *authtok)); 80} 81 82/* 83 * Error codes: 84 * 85 * =pam_get_item 86 * =pam_prompt 87 * =pam_set_item 88 * !PAM_SYMBOL_ERR 89 */ 90