modules/pam_unix/pam_unix.c

29415Sjmg/*-
119853Scg * Copyright (c) 2002 Networks Associates Technology, Inc.
39899Sluigi * All rights reserved.
29415Sjmg *
29415Sjmg * This software was developed for the FreeBSD Project by ThinkSec AS and
29415Sjmg * Network Associates Laboratories, the Security Research Division of
29415Sjmg * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
50723Scg * ("CBOSS"), as part of the DARPA CHATS research program.
50723Scg *
29415Sjmg * Redistribution and use in source and binary forms, with or without
29415Sjmg * modification, are permitted provided that the following conditions
30869Sjmg * are met:
30869Sjmg * 1. Redistributions of source code must retain the above copyright
30869Sjmg *    notice, this list of conditions and the following disclaimer.
30869Sjmg * 2. Redistributions in binary form must reproduce the above copyright
50723Scg *    notice, this list of conditions and the following disclaimer in the
50723Scg *    documentation and/or other materials provided with the distribution.
30869Sjmg * 3. The name of the author may not be used to endorse or promote
50723Scg *    products derived from this software without specific prior written
50723Scg *    permission.
50723Scg *
50723Scg * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
50723Scg * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50723Scg * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50723Scg * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50723Scg * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50723Scg * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50723Scg * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50723Scg * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29415Sjmg * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29415Sjmg * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53465Scg * SUCH DAMAGE.
29415Sjmg *
53465Scg * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $
53553Stanimura */
29415Sjmg
110499Snyan#include <sys/param.h>
110499Snyan
70134Scg#include <pwd.h>
70134Scg#include <stdlib.h>
82180Scg#include <stdio.h>
82180Scg#include <string.h>
67803Scg#include <unistd.h>
55706Scg
55254Scg#include <security/pam_modules.h>
67803Scg#include <security/pam_appl.h>
50723Scg
50723Scg#ifndef _OPENPAM
64881Scgstatic char password_prompt[] = "Password:";
50723Scg#endif
74763Scg
29415Sjmg#ifndef PAM_EXTERN
67803Scg#define PAM_EXTERN
64881Scg#endif
50723Scg
64881ScgPAM_EXTERN int
50723Scgpam_sm_authenticate(pam_handle_t *pamh, int flags,
74763Scg	int argc, const char *argv[])
29415Sjmg{
64881Scg#ifndef _OPENPAM
64881Scg	struct pam_conv *conv;
64881Scg	struct pam_message msg;
64881Scg	const struct pam_message *msgp;
64881Scg	struct pam_response *resp;
64881Scg#endif
54462Scg	struct passwd *pwd;
74763Scg	const char *user;
54462Scg	char *crypt_password, *password;
50723Scg	int pam_err, retry;
29415Sjmg
50723Scg	/* identify user */
50723Scg	if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
74763Scg		return (pam_err);
74763Scg	if ((pwd = getpwnam(user)) == NULL)
67803Scg		return (PAM_USER_UNKNOWN);
67803Scg
50723Scg	/* get password */
29415Sjmg#ifndef _OPENPAM
50723Scg	pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
50723Scg	if (pam_err != PAM_SUCCESS)
50723Scg		return (PAM_SYSTEM_ERR);
54462Scg	msg.msg_style = PAM_PROMPT_ECHO_OFF;
54462Scg	msg.msg = password_prompt;
65644Scg	msgp = &msg;
55706Scg#endif
29415Sjmg	for (retry = 0; retry < 3; ++retry) {
84111Scg#ifdef _OPENPAM
50723Scg		pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
50723Scg		    (const char **)&password, NULL);
70291Scg#else
50723Scg		resp = NULL;
74763Scg		pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
50723Scg		if (resp != NULL) {
50723Scg			if (pam_err == PAM_SUCCESS)
84111Scg				password = resp->resp;
74763Scg			else
74763Scg				free(resp->resp);
50723Scg			free(resp);
50723Scg		}
50723Scg#endif
67803Scg		if (pam_err == PAM_SUCCESS)
50723Scg			break;
50723Scg	}
50723Scg	if (pam_err == PAM_CONV_ERR)
50723Scg		return (pam_err);
54462Scg	if (pam_err != PAM_SUCCESS)
29415Sjmg		return (PAM_AUTH_ERR);
50723Scg
84111Scg	/* compare passwords */
50723Scg	if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) ||
29415Sjmg	    (crypt_password = crypt(password, pwd->pw_passwd)) == NULL ||
50723Scg	    strcmp(crypt_password, pwd->pw_passwd) != 0)
29415Sjmg		pam_err = PAM_AUTH_ERR;
50723Scg	else
50723Scg		pam_err = PAM_SUCCESS;
50723Scg#ifndef _OPENPAM
50723Scg	free(password);
29415Sjmg#endif
29415Sjmg	return (pam_err);
84111Scg}
84111Scg
84111ScgPAM_EXTERN int
84111Scgpam_sm_setcred(pam_handle_t *pamh, int flags,
84111Scg	int argc, const char *argv[])
84111Scg{
84111Scg
129180Struckman	return (PAM_SUCCESS);
129180Struckman}
129180Struckman
129180StruckmanPAM_EXTERN int
129180Struckmanpam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
129180Struckman	int argc, const char *argv[])
84111Scg{
84111Scg
84111Scg	return (PAM_SUCCESS);
84111Scg}
84111Scg
29415SjmgPAM_EXTERN int
50723Scgpam_sm_open_session(pam_handle_t *pamh, int flags,
29415Sjmg	int argc, const char *argv[])
67803Scg{
50723Scg
29415Sjmg	return (PAM_SUCCESS);
50723Scg}
50723Scg
50723ScgPAM_EXTERN int
108064Ssemenupam_sm_close_session(pam_handle_t *pamh, int flags,
29415Sjmg	int argc, const char *argv[])
29415Sjmg{
29415Sjmg
50723Scg	return (PAM_SUCCESS);
29415Sjmg}
50723Scg
50723ScgPAM_EXTERN int
29415Sjmgpam_sm_chauthtok(pam_handle_t *pamh, int flags,
50723Scg	int argc, const char *argv[])
50723Scg{
50723Scg
50723Scg	return (PAM_SERVICE_ERR);
29415Sjmg}
29415Sjmg
50723Scg#ifdef PAM_MODULE_ENTRY
50723ScgPAM_MODULE_ENTRY("pam_unix");
29415Sjmg#endif
50723Scg