1/* $NetBSD: pam_exec.c,v 1.8 2021/10/30 11:34:59 nia Exp $ */ 2 3/*- 4 * Copyright (c) 2001,2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project by ThinkSec AS and 8 * NAI Labs, the Security Research Division of Network Associates, Inc. 9 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 10 * DARPA CHATS research program. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. The name of the author may not be used to endorse or promote 21 * products derived from this software without specific prior written 22 * permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/cdefs.h> 38#ifdef __FreeBSD__ 39__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.c,v 1.4 2005/02/01 10:37:07 des Exp $"); 40#else 41__RCSID("$NetBSD: pam_exec.c,v 1.8 2021/10/30 11:34:59 nia Exp $"); 42#endif 43 44#include <sys/types.h> 45#include <sys/wait.h> 46 47#include <errno.h> 48#include <stdlib.h> 49#include <stdio.h> 50#include <string.h> 51#include <unistd.h> 52 53#include <security/pam_appl.h> 54#include <security/pam_modules.h> 55#include <security/openpam.h> 56 57#define ENV_ITEM(n) { (n), #n } 58static struct { 59 int item; 60 const char *name; 61} env_items[] = { 62 ENV_ITEM(PAM_SERVICE), 63 ENV_ITEM(PAM_USER), 64 ENV_ITEM(PAM_TTY), 65 ENV_ITEM(PAM_RHOST), 66 ENV_ITEM(PAM_RUSER), 67}; 68 69static int 70_pam_exec(pam_handle_t *pamh __unused, int flags __unused, 71 int argc, const char *argv[]) 72{ 73 size_t envlen, i, nitems; 74 int pam_err, status; 75 char **envlist; 76 volatile int childerr; 77 pid_t pid; 78 79 if (argc < 1) 80 return (PAM_SERVICE_ERR); 81 82 /* 83 * XXX For additional credit, divert child's stdin/stdout/stderr 84 * to the conversation function. 85 */ 86 87 /* 88 * Set up the child's environment list. It consists of the PAM 89 * environment, plus a few hand-picked PAM items. 90 */ 91 envlist = pam_getenvlist(pamh); 92 for (envlen = 0; envlist[envlen] != NULL; ++envlen) 93 /* nothing */ ; 94 nitems = sizeof(env_items) / sizeof(*env_items); 95 if (reallocarr(&envlist, envlen + nitems + 1, sizeof(*envlist)) != 0) { 96 openpam_free_envlist(envlist); 97 return (PAM_BUF_ERR); 98 } 99 for (i = 0; i < nitems; ++i) { 100 const void *item; 101 char *envstr; 102 103 pam_err = pam_get_item(pamh, env_items[i].item, &item); 104 if (pam_err != PAM_SUCCESS || item == NULL) 105 continue; 106 asprintf(&envstr, "%s=%s", env_items[i].name, 107 (const char *)item); 108 if (envstr == NULL) { 109 openpam_free_envlist(envlist); 110 return (PAM_BUF_ERR); 111 } 112 envlist[envlen++] = envstr; 113 envlist[envlen] = NULL; 114 } 115 116 /* 117 * Fork and run the command. By using vfork() instead of fork(), 118 * we can distinguish between an execve() failure and a non-zero 119 * exit code from the command. 120 */ 121 childerr = 0; 122 if ((pid = vfork()) == 0) { 123 /*LINTED const cast*/ 124 execve(argv[0], (char **)__UNCONST(argv), envlist); 125 childerr = errno; 126 _exit(1); 127 } 128 openpam_free_envlist(envlist); 129 if (pid == -1) { 130 openpam_log(PAM_LOG_ERROR, "vfork(): %s", strerror(errno)); 131 return (PAM_SYSTEM_ERR); 132 } 133 if (waitpid(pid, &status, 0) == -1) { 134 openpam_log(PAM_LOG_ERROR, "waitpid(): %s", strerror(errno)); 135 return (PAM_SYSTEM_ERR); 136 } 137 if (childerr != 0) { 138 openpam_log(PAM_LOG_ERROR, "execve(): %s", strerror(errno)); 139 return (PAM_SYSTEM_ERR); 140 } 141 if (WIFSIGNALED(status)) { 142 openpam_log(PAM_LOG_ERROR, "%s caught signal %d%s", 143 argv[0], WTERMSIG(status), 144 WCOREDUMP(status) ? " (core dumped)" : ""); 145 return (PAM_SYSTEM_ERR); 146 } 147 if (!WIFEXITED(status)) { 148 openpam_log(PAM_LOG_ERROR, "unknown status 0x%x", status); 149 return (PAM_SYSTEM_ERR); 150 } 151 if (WEXITSTATUS(status) != 0) { 152 openpam_log(PAM_LOG_ERROR, "%s returned code %d", 153 argv[0], WEXITSTATUS(status)); 154 return (PAM_SYSTEM_ERR); 155 } 156 return (PAM_SUCCESS); 157} 158 159PAM_EXTERN int 160pam_sm_authenticate(pam_handle_t *pamh, int flags, 161 int argc, const char *argv[]) 162{ 163 164 return (_pam_exec(pamh, flags, argc, argv)); 165} 166 167PAM_EXTERN int 168pam_sm_setcred(pam_handle_t *pamh, int flags, 169 int argc, const char *argv[]) 170{ 171 172 return (_pam_exec(pamh, flags, argc, argv)); 173} 174 175PAM_EXTERN int 176pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, 177 int argc, const char *argv[]) 178{ 179 180 return (_pam_exec(pamh, flags, argc, argv)); 181} 182 183PAM_EXTERN int 184pam_sm_open_session(pam_handle_t *pamh, int flags, 185 int argc, const char *argv[]) 186{ 187 188 return (_pam_exec(pamh, flags, argc, argv)); 189} 190 191PAM_EXTERN int 192pam_sm_close_session(pam_handle_t *pamh, int flags, 193 int argc, const char *argv[]) 194{ 195 196 return (_pam_exec(pamh, flags, argc, argv)); 197} 198 199PAM_EXTERN int 200pam_sm_chauthtok(pam_handle_t *pamh, int flags, 201 int argc, const char *argv[]) 202{ 203 204 return (_pam_exec(pamh, flags, argc, argv)); 205} 206 207PAM_MODULE_ENTRY("pam_exec"); 208