1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001,2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed for the FreeBSD Project by ThinkSec AS and
8 * NAI Labs, the Security Research Division of Network Associates, Inc.
9 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
10 * DARPA CHATS research program.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 *    notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 *    notice, this list of conditions and the following disclaimer in the
19 *    documentation and/or other materials provided with the distribution.
20 * 3. The name of the author may not be used to endorse or promote
21 *    products derived from this software without specific prior written
22 *    permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#include <sys/cdefs.h>
38__FBSDID("$FreeBSD$");
39
40#include <stdio.h>
41#include <stdlib.h>
42#include <string.h>
43
44#include <security/pam_appl.h>
45#include <security/pam_modules.h>
46#include <security/openpam.h>
47
48static int
49_pam_echo(pam_handle_t *pamh, int flags,
50    int argc, const char *argv[])
51{
52	char msg[PAM_MAX_MSG_SIZE];
53	const void *str;
54	const char *p, *q;
55	int err, i, item;
56	size_t len;
57
58	if (flags & PAM_SILENT)
59		return (PAM_SUCCESS);
60	for (i = 0, len = 0; i < argc && len < sizeof(msg) - 1; ++i) {
61		if (i > 0)
62			msg[len++] = ' ';
63		for (p = argv[i]; *p != '\0' && len < sizeof(msg) - 1; ++p) {
64			if (*p != '%' || p[1] == '\0') {
65				msg[len++] = *p;
66				continue;
67			}
68			switch (*++p) {
69			case 'H':
70				item = PAM_RHOST;
71				break;
72			case 'h':
73				/* not implemented */
74				item = -1;
75				break;
76			case 's':
77				item = PAM_SERVICE;
78				break;
79			case 't':
80				item = PAM_TTY;
81				break;
82			case 'U':
83				item = PAM_RUSER;
84				break;
85			case 'u':
86				item = PAM_USER;
87				break;
88			default:
89				item = -1;
90				msg[len++] = *p;
91				break;
92			}
93			if (item == -1)
94				continue;
95			err = pam_get_item(pamh, item, &str);
96			if (err != PAM_SUCCESS)
97				return (err);
98			if (str == NULL)
99				str = "(null)";
100			for (q = str; *q != '\0' && len < sizeof(msg) - 1; ++q)
101				msg[len++] = *q;
102		}
103	}
104	msg[len] = '\0';
105	return (pam_info(pamh, "%s", msg));
106}
107
108PAM_EXTERN int
109pam_sm_authenticate(pam_handle_t *pamh, int flags,
110    int argc, const char *argv[])
111{
112
113	return (_pam_echo(pamh, flags, argc, argv));
114}
115
116PAM_EXTERN int
117pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
118    int argc __unused, const char *argv[] __unused)
119{
120
121	return (PAM_SUCCESS);
122}
123
124PAM_EXTERN int
125pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
126    int argc, const char *argv[])
127{
128
129	return (_pam_echo(pamh, flags, argc, argv));
130}
131
132PAM_EXTERN int
133pam_sm_open_session(pam_handle_t *pamh, int flags,
134    int argc, const char *argv[])
135{
136
137	return (_pam_echo(pamh, flags, argc, argv));
138}
139
140PAM_EXTERN int
141pam_sm_close_session(pam_handle_t *pamh, int flags,
142    int argc, const char *argv[])
143{
144
145	return (_pam_echo(pamh, flags, argc, argv));
146}
147
148PAM_EXTERN int
149pam_sm_chauthtok(pam_handle_t *pamh, int flags,
150    int argc, const char *argv[])
151{
152
153	if (flags & PAM_PRELIM_CHECK)
154		return (PAM_SUCCESS);
155	return (_pam_echo(pamh, flags, argc, argv));
156}
157
158PAM_MODULE_ENTRY("pam_echo");
159