openpam_subst.c revision 255369 
1/*-
2 * Copyright (c) 2011 Dag-Erling Sm��rgrav
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer
10 *    in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote
15 *    products derived from this software without specific prior written
16 *    permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 *
30 * $Id: openpam_subst.c 543 2012-03-31 22:11:34Z des $
31 */
32
33#ifdef HAVE_CONFIG_H
34# include "config.h"
35#endif
36
37#include <security/pam_appl.h>
38
39#include "openpam_impl.h"
40
41#define subst_char(ch) do {			\
42	int ch_ = (ch);				\
43	if (buf && len < *bufsize)		\
44		*buf++ = ch_;			\
45	++len;					\
46} while (0)
47
48#define subst_string(s) do {			\
49	const char *s_ = (s);			\
50	while (*s_)				\
51		subst_char(*s_++);		\
52} while (0)
53
54#define subst_item(i) do {			\
55	int i_ = (i);				\
56	const void *p_;				\
57	ret = pam_get_item(pamh, i_, &p_);	\
58	if (ret == PAM_SUCCESS && p_ != NULL)	\
59		subst_string(p_);		\
60} while (0)
61
62/*
63 * OpenPAM internal
64 *
65 * Substitute PAM item values in a string
66 */
67
68int
69openpam_subst(const pam_handle_t *pamh,
70    char *buf, size_t *bufsize, const char *template)
71{
72	size_t len;
73	int ret;
74
75	ENTERS(template);
76	if (template == NULL)
77		template = "(null)";
78
79	len = 1; /* initialize to 1 for terminating NUL */
80	ret = PAM_SUCCESS;
81	while (*template && ret == PAM_SUCCESS) {
82		if (template[0] == '%') {
83			++template;
84			switch (*template) {
85			case 's':
86				subst_item(PAM_SERVICE);
87				break;
88			case 't':
89				subst_item(PAM_TTY);
90				break;
91			case 'h':
92				subst_item(PAM_HOST);
93				break;
94			case 'u':
95				subst_item(PAM_USER);
96				break;
97			case 'H':
98				subst_item(PAM_RHOST);
99				break;
100			case 'U':
101				subst_item(PAM_RUSER);
102				break;
103			case '\0':
104				subst_char('%');
105				break;
106			default:
107				subst_char('%');
108				subst_char(*template);
109			}
110			++template;
111		} else {
112			subst_char(*template++);
113		}
114	}
115	if (buf)
116		*buf = '\0';
117	if (ret == PAM_SUCCESS) {
118		if (len > *bufsize)
119			ret = PAM_TRY_AGAIN;
120		*bufsize = len;
121	}
122	RETURNC(ret);
123}
124
125/*
126 * Error codes:
127 *
128 *	=pam_get_item
129 *	!PAM_SYMBOL_ERR
130 *	PAM_TRY_AGAIN
131 */
132
133/**
134 * The =openpam_subst function expands a string, substituting PAM item
135 * values for all occurrences of specific substitution codes.
136 * The =template argument points to the initial string.
137 * The result is stored in the buffer pointed to by the =buf argument; the
138 * =bufsize argument specifies the size of that buffer.
139 * The actual size of the resulting string, including the terminating NUL
140 * character, is stored in the location pointed to by the =bufsize
141 * argument.
142 *
143 * If =buf is NULL, or if the buffer is too small to hold the expanded
144 * string, =bufsize is updated to reflect the amount of space required to
145 * hold the entire string, and =openpam_subst returns =PAM_TRY_AGAIN.
146 *
147 * If =openpam_subst fails for any other reason, the =bufsize argument is
148 * untouched, but part of the buffer may still have been overwritten.
149 *
150 * Substitution codes are introduced by a percent character and correspond
151 * to PAM items:
152 *
153 *	%H:
154 *		Replaced by the current value of the =PAM_RHOST item.
155 *	%h:
156 *		Replaced by the current value of the =PAM_HOST item.
157 *	%s:
158 *		Replaced by the current value of the =PAM_SERVICE item.
159 *	%t:
160 *		Replaced by the current value of the =PAM_TTY item.
161 *	%U:
162 *		Replaced by the current value of the =PAM_RUSER item.
163 *	%u:
164 *		Replaced by the current value of the =PAM_USER item.
165 *
166 * >pam_get_authtok
167 * >pam_get_item
168 * >pam_get_user
169 *
170 * AUTHOR DES
171 */
172