diff options
Diffstat (limited to 'contrib/openpam/lib')
37 files changed, 3172 insertions, 0 deletions
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile new file mode 100644 index 000000000000..1fd90410f290 --- /dev/null +++ b/contrib/openpam/lib/Makefile @@ -0,0 +1,85 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +LIB = pam +SHLIB_MAJOR = 2 +SHLIB_MINOR = 0 + +WARNS ?= 4 +NO_WERROR = yes +CFLAGS += -I${.CURDIR}/../include + +SRCS = +SRCS += openpam_dispatch.c +SRCS += openpam_findenv.c +SRCS += openpam_load.c +SRCS += openpam_log.c +SRCS += openpam_ttyconv.c +SRCS += pam_acct_mgmt.c +SRCS += pam_authenticate.c +SRCS += pam_chauthtok.c +SRCS += pam_close_session.c +SRCS += pam_end.c +SRCS += pam_error.c +SRCS += pam_get_authtok.c +SRCS += pam_get_data.c +SRCS += pam_get_item.c +SRCS += pam_get_user.c +SRCS += pam_getenv.c +SRCS += pam_getenvlist.c +SRCS += pam_info.c +SRCS += pam_open_session.c +SRCS += pam_prompt.c +SRCS += pam_putenv.c +SRCS += pam_set_data.c +SRCS += pam_set_item.c +SRCS += pam_setcred.c +SRCS += pam_setenv.c +SRCS += pam_start.c +SRCS += pam_strerror.c +SRCS += pam_verror.c +SRCS += pam_vinfo.c +SRCS += pam_vprompt.c + +.if 0 +SRCS += pam_authenticate_secondary.c +SRCS += pam_get_mapped_authtok.c +SRCS += pam_get_mapped_username.c +SRCS += pam_set_mapped_authtok.c +SRCS += pam_set_mapped_username.c +.endif + +.include <bsd.lib.mk> diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c new file mode 100644 index 000000000000..9c7c2879cbb2 --- /dev/null +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -0,0 +1,203 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#if !defined(OPENPAM_RELAX_CHECKS) +static void _openpam_check_error_code(int, int); +#else +#define _openpam_check_error_code(a, b) +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * Execute a module chain + */ + +int +openpam_dispatch(pam_handle_t *pamh, + int primitive, + int flags) +{ + pam_chain_t *chain; + int err, fail, r; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* prevent recursion */ + if (pamh->current != NULL) { + openpam_log(PAM_LOG_ERROR, "indirect recursion"); + return (PAM_ABORT); + } + + /* pick a chain */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + case PAM_SM_SETCRED: + chain = pamh->chains[PAM_AUTH]; + break; + case PAM_SM_ACCT_MGMT: + chain = pamh->chains[PAM_ACCOUNT]; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + chain = pamh->chains[PAM_SESSION]; + break; + case PAM_SM_CHAUTHTOK: + chain = pamh->chains[PAM_PASSWORD]; + break; + default: + return (PAM_SYSTEM_ERR); + } + + /* execute */ + for (err = fail = 0; chain != NULL; chain = chain->next) { + if (chain->module->func[primitive] == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: no %s()", + chain->module->path, _pam_sm_func_name[primitive]); + continue; + } else { + pamh->current = chain; + r = (chain->module->func[primitive])(pamh, flags, + chain->optc, (const char **)chain->optv); + pamh->current = NULL; + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + chain->module->path, _pam_sm_func_name[primitive], + pam_strerror(pamh, r)); + } + + if (r == PAM_IGNORE) + continue; + if (r == PAM_SUCCESS) { + /* + * For pam_setcred(), treat "sufficient" as + * "optional". + * + * Note that Solaris libpam does not terminate + * the chain here if a required module has + * previously failed. I'm not sure why. + */ + if (chain->flag == PAM_SUFFICIENT && + primitive != PAM_SM_SETCRED) + break; + } + + _openpam_check_error_code(primitive, r); + + /* + * Record the return code from the first module to + * fail. If a required module fails, record the + * return code from the first required module to fail. + */ + if (err == 0) + err = r; + if (chain->flag == PAM_REQUIRED && !fail) { + fail = 1; + err = r; + } + + /* + * If a requisite module fails, terminate the chain + * immediately. + */ + if (chain->flag == PAM_REQUISITE) { + fail = 1; + break; + } + } + + return (fail ? err : PAM_SUCCESS); +} + +#if !defined(OPENPAM_RELAX_CHECKS) +static void +_openpam_check_error_code(int primitive, int r) +{ + /* common error codes */ + if (r == PAM_SERVICE_ERR || + r == PAM_BUF_ERR || + r == PAM_BUF_ERR || + r == PAM_CONV_ERR || + r == PAM_PERM_DENIED) + return; + + /* specific error codes */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + if (r == PAM_AUTH_ERR || + r == PAM_CRED_INSUFFICIENT || + r == PAM_AUTHINFO_UNAVAIL || + r == PAM_USER_UNKNOWN || + r == PAM_MAXTRIES) + return; + break; + case PAM_SM_SETCRED: + if (r == PAM_CRED_UNAVAIL || + r == PAM_CRED_EXPIRED || + r == PAM_USER_UNKNOWN || + r == PAM_CRED_ERR) + return; + break; + case PAM_SM_ACCT_MGMT: + if (r == PAM_USER_UNKNOWN || + r == PAM_AUTH_ERR || + r == PAM_NEW_AUTHTOK_REQD || + r == PAM_ACCT_EXPIRED) + return; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + if (r == PAM_SESSION_ERR) + return; + break; + case PAM_SM_CHAUTHTOK: + if (r == PAM_PERM_DENIED || + r == PAM_AUTHTOK_ERR || + r == PAM_AUTHTOK_RECOVERY_ERR || + r == PAM_AUTHTOK_LOCK_BUSY || + r == PAM_AUTHTOK_DISABLE_AGING) + return; + break; + } + + openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", + _pam_sm_func_name[primitive], r); +} +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c new file mode 100644 index 000000000000..c32dd272f32b --- /dev/null +++ b/contrib/openpam/lib/openpam_findenv.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * Locate an environment variable + */ + +int +openpam_findenv(pam_handle_t *pamh, + const char *name, + size_t len) +{ + int i; + + if (pamh == NULL) + return (-1); + + for (i = 0; i < pamh->env_count; ++i) + if (strncmp(pamh->env[i], name, len) == 0 && + pamh->env[i][len] == '=') + return (i); + return (-1); +} diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h new file mode 100644 index 000000000000..59886288e549 --- /dev/null +++ b/contrib/openpam/lib/openpam_impl.h @@ -0,0 +1,106 @@ +/*- + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _OPENPAM_IMPL_H_INCLUDED +#define _OPENPAM_IMPL_H_INCLUDED + +#include <security/openpam.h> + +extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; + +/* + * Control flags + */ +#define PAM_REQUIRED 1 +#define PAM_REQUISITE 2 +#define PAM_SUFFICIENT 3 +#define PAM_OPTIONAL 4 +#define PAM_NUM_CONTROLFLAGS 5 + +/* + * Chains + */ +#define PAM_AUTH 0 +#define PAM_ACCOUNT 1 +#define PAM_SESSION 2 +#define PAM_PASSWORD 3 +#define PAM_NUM_CHAINS 4 + +typedef struct pam_chain pam_chain_t; +struct pam_chain { + pam_module_t *module; + int flag; + int optc; + char **optv; + pam_chain_t *next; +}; + +#define PAM_NUM_ITEMS 10 + +typedef struct pam_data pam_data_t; +struct pam_data { + char *name; + void *data; + void (*cleanup)(pam_handle_t *, void *, int); + pam_data_t *next; +}; + +struct pam_handle { + char *service; + + /* chains */ + pam_chain_t *chains[PAM_NUM_CHAINS]; + pam_chain_t *current; + + /* items and data */ + void *item[PAM_NUM_ITEMS]; + pam_data_t *module_data; + + /* environment list */ + char **env; + int env_count; + int env_size; +}; + +#define PAM_OTHER "other" + +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +int openpam_add_module(pam_handle_t *, int, int, + const char *, int, const char **); +void openpam_clear_chains(pam_handle_t *); + +#endif diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c new file mode 100644 index 000000000000..d93895989469 --- /dev/null +++ b/contrib/openpam/lib/openpam_load.c @@ -0,0 +1,227 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <dlfcn.h> +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#ifdef OPENPAM_STATIC_MODULES +SET_DECLARE(_openpam_modules, pam_module_t); +#endif + +const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_acct_mgmt", + "pam_sm_authenticate", + "pam_sm_chauthtok", + "pam_sm_close_session", + "pam_sm_open_session", + "pam_sm_setcred" +}; + +static pam_module_t *modules; + +/* + * Load a dynamic module, or locate a static one. Keep a list of + * previously found modules to speed up the process. + */ + +static pam_module_t * +openpam_load_module(const char *path) +{ + pam_module_t *module; + void *dlh; + int i; + + /* check cache first */ + for (module = modules; module != NULL; module = module->next) + if (strcmp(module->path, path) == 0) + goto found; + + /* nope; try to load */ + if ((dlh = dlopen(path, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror()); + } else { + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; + if ((module->path = strdup(path)) == NULL) + goto buf_err; + module->dlh = dlh; + for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) + module->func[i] = dlsym(dlh, _pam_sm_func_name[i]); + } + openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", + (module == NULL) ? "no" : "using", path); + +#ifdef OPENPAM_STATIC_MODULES + /* look for a static module */ + if (module == NULL && strchr(path, '/') == NULL) { + pam_module_t **modp; + + SET_FOREACH(modp, _openpam_modules) { + if (strcmp((*modp)->path, path) == 0) { + module = *modp; + break; + } + } + openpam_log(PAM_LOG_DEBUG, "%s static %s", + (module == NULL) ? "no" : "using", path); + } +#endif + if (module == NULL) + return (NULL); + module->next = modules; + module->prev = NULL; + modules = module; + found: + ++module->refcount; + return (module); + buf_err: + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + dlclose(dlh); + free(module); + return (NULL); +} + + +/* + * Release a module. + * XXX highly thread-unsafe + */ + +static void +openpam_release_module(pam_module_t *module) +{ + if (module == NULL) + return; + --module->refcount; + if (module->refcount > 0) + /* still in use */ + return; + if (module->refcount < 0) { + openpam_log(PAM_LOG_ERROR, "module %s has negative refcount", + module->path); + module->refcount = 0; + } + if (module->dlh == NULL) + /* static module */ + return; + dlclose(module->dlh); + if (module->prev != NULL) + module->prev->next = module->next; + if (module->next != NULL) + module->next->prev = module->prev; + free(module); +} + + +/* + * Destroy a chain, freeing all its links and releasing the modules + * they point to. + */ + +static void +openpam_destroy_chain(pam_chain_t *chain) +{ + if (chain == NULL) + return; + openpam_destroy_chain(chain->next); + chain->next = NULL; + while (chain->optc--) + free(chain->optv[chain->optc]); + free(chain->optv); + openpam_release_module(chain->module); + free(chain); +} + +/* + * Add a module to a chain. + */ + +int +openpam_add_module(pam_handle_t *pamh, + int chain, + int flag, + const char *modpath, + int optc, + const char *optv[]) +{ + pam_chain_t *new, *iterator; + + if ((new = calloc(1, sizeof *new)) == NULL) + goto buf_err; + if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL) + goto buf_err; + while (optc--) + if ((new->optv[new->optc++] = strdup(*optv++)) == NULL) + goto buf_err; + new->optv[new->optc] = NULL; + new->flag = flag; + if ((new->module = openpam_load_module(modpath)) == NULL) { + openpam_destroy_chain(new); + return (PAM_OPEN_ERR); + } + if ((iterator = pamh->chains[chain]) != NULL) { + while (iterator->next != NULL) + iterator = iterator->next; + iterator->next = new; + } else { + pamh->chains[chain] = new; + } + return (PAM_SUCCESS); + + buf_err: + openpam_log(PAM_LOG_ERROR, "%m"); + openpam_destroy_chain(new); + return (PAM_BUF_ERR); +} + + +/* + * Clear the chains and release the modules + */ + +void +openpam_clear_chains(pam_handle_t *pamh) +{ + int i; + + for (i = 0; i < PAM_NUM_CHAINS; ++i) + openpam_destroy_chain(pamh->chains[i]); +} diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c new file mode 100644 index 000000000000..d733b690da7b --- /dev/null +++ b/contrib/openpam/lib/openpam_log.c @@ -0,0 +1,117 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <syslog.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#if defined(openpam_log) + +/* + * Log a message through syslog(3) + */ + +void +_openpam_log(int level, const char *func, const char *fmt, ...) +{ + va_list ap; + char *format; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + if ((format = malloc(strlen(func) + strlen(fmt) + 8)) != NULL) { + sprintf(format, "in %s(): %s", func, fmt); + vsyslog(priority, format, ap); + free(format); + } else { + vsyslog(priority, fmt, ap); + } + va_end(ap); +} + +#else + +/* + * If openpam_log isn't defined as a macro, we're on a platform that + * doesn't support varadic macros (or it does but we aren't aware of + * it). Do the next best thing. + */ + +void +openpam_log(int level, const char *fmt, ...) +{ + va_list ap; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + vsyslog(priority, fmt, ap); + va_end(ap); +} + +#endif diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c new file mode 100644 index 000000000000..ac7eecd66fd0 --- /dev/null +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -0,0 +1,131 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/types.h> + +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <termios.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * Simple tty-based conversation function. + */ + +int +openpam_ttyconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + char buf[PAM_MAX_RESP_SIZE]; + struct termios tattr; + tcflag_t lflag; + int fd, err, i; + size_t len; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + fd = fileno(stdin); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + case PAM_PROMPT_ECHO_ON: + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { + if (tcgetattr(fd, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, + "tcgetattr(): %m"); + err = PAM_CONV_ERR; + goto fail; + } + lflag = tattr.c_lflag; + tattr.c_lflag &= ~ECHO; + if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, + "tcsetattr(): %m"); + err = PAM_CONV_ERR; + goto fail; + } + } + fputs(msg[i]->msg, stderr); + buf[0] = '\0'; + fgets(buf, sizeof buf, stdin); + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { + tattr.c_lflag = lflag; + (void)tcsetattr(fd, TCSANOW, &tattr); + fputs("\n", stderr); + } + if (ferror(stdin)) { + err = PAM_CONV_ERR; + goto fail; + } + for (len = strlen(buf); len > 0; --len) + if (!isspace(buf[len - 1])) + break; + buf[len] = '\0'; + if ((resp[i]->resp = strdup(buf)) == NULL) { + err = PAM_BUF_ERR; + goto fail; + } + break; + case PAM_ERROR_MSG: + fputs(msg[i]->msg, stderr); + break; + case PAM_TEXT_INFO: + fputs(msg[i]->msg, stdout); + break; + default: + err = PAM_BUF_ERR; + goto fail; + } + } + return (PAM_SUCCESS); + fail: + while (i) + free(resp[--i]); + free(*resp); + *resp = NULL; + return (err); +} diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c new file mode 100644 index 000000000000..d88a24e70962 --- /dev/null +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 32 + * + * Perform PAM account validation procedures + */ + +int +pam_acct_mgmt(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags)); +} diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c new file mode 100644 index 000000000000..d98d1dfa01fe --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 34 + * + * Perform authentication within the PAM framework + */ + +int +pam_authenticate(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags)); +} diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c new file mode 100644 index 000000000000..37a57fe9c0ca --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + char *target_module_authtok, + int flags) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c new file mode 100644 index 000000000000..c35ed4994c5e --- /dev/null +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 38 + * + * Perform password related functions within the PAM framework + */ + +int +pam_chauthtok(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags)); +} diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c new file mode 100644 index 000000000000..9b2a1aef3a08 --- /dev/null +++ b/contrib/openpam/lib/pam_close_session.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 40 + * + * Close an existing user session + */ + +int +pam_close_session(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags)); +} diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c new file mode 100644 index 000000000000..0fbfdf872a3f --- /dev/null +++ b/contrib/openpam/lib/pam_end.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 42 + * + * Terminate the PAM transaction + */ + +int +pam_end(pam_handle_t *pamh, + int status) +{ + pam_data_t *dp; + int i; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* clear module data */ + while ((dp = pamh->module_data) != NULL) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, status); + pamh->module_data = dp->next; + free(dp->name); + free(dp); + } + + /* clear environment */ + while (pamh->env_count) + free(pamh->env[--pamh->env_count]); + free(pamh->env); + + /* clear chains */ + openpam_clear_chains(pamh); + + /* clear items */ + for (i = 0; i < PAM_NUM_ITEMS; ++i) + pam_set_item(pamh, i, NULL); + + free(pamh); + + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c new file mode 100644 index 000000000000..aded8f188759 --- /dev/null +++ b/contrib/openpam/lib/pam_error.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_error(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + va_end(ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c new file mode 100644 index 000000000000..741b02d784ba --- /dev/null +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -0,0 +1,75 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Retrieve authentication token + */ + +int +pam_get_authtok(pam_handle_t *pamh, + const char **authtok, + const char *prompt) +{ + char *p, *resp; + int r; + + if (pamh == NULL || authtok == NULL) + return (PAM_SYSTEM_ERR); + + r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok); + if (r == PAM_SUCCESS) + return (PAM_SUCCESS); + if (prompt == NULL) { + if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT, + (const void **)&p) != PAM_SUCCESS || p == NULL) + prompt = "Password:"; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, + "%s", prompt ? prompt : p); + if (r != PAM_SUCCESS) + return (r); + *authtok = resp; + return (pam_set_item(pamh, PAM_AUTHTOK, *authtok)); +} diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c new file mode 100644 index 000000000000..8b2b09058b92 --- /dev/null +++ b/contrib/openpam/lib/pam_get_data.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 43 + * + * Get module information + */ + +int +pam_get_data(pam_handle_t *pamh, + const char *module_data_name, + void **data) +{ + pam_data_t *dp; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + for (dp = pamh->module_data; dp != NULL; dp = dp->next) + if (strcmp(dp->name, module_data_name) == 0) { + *data = dp->data; + return (PAM_SUCCESS); + } + + return (PAM_NO_MODULE_DATA); +} diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c new file mode 100644 index 000000000000..7369c48ef8e4 --- /dev/null +++ b/contrib/openpam/lib/pam_get_item.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 46 + * + * Get PAM information + */ + +int +pam_get_item(pam_handle_t *pamh, + int item_type, + const void **item) +{ + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_CONV: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + *item = pamh->item[item_type]; + return (PAM_SUCCESS); + default: + return (PAM_SYSTEM_ERR); + } +} diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c new file mode 100644 index 000000000000..0050c0e32acd --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_get_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + const char *target_module_type, + const char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c new file mode 100644 index 000000000000..faa78bbeefb1 --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_get_mapped_username(pam_handle_t *pamh, + const char *src_username, + const char *src_module_type, + const char *src_authn_domain, + const char *target_module_type, + const char *target_authn_domain, + char **target_module_username) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c new file mode 100644 index 000000000000..17572c46b080 --- /dev/null +++ b/contrib/openpam/lib/pam_get_user.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 52 + * + * Retrieve user name + */ + +int +pam_get_user(pam_handle_t *pamh, + const char **user, + const char *prompt) +{ + char *p, *resp; + int r; + + if (pamh == NULL || user == NULL) + return (PAM_SYSTEM_ERR); + + r = pam_get_item(pamh, PAM_USER, (const void **)user); + if (r == PAM_SUCCESS) + return (PAM_SUCCESS); + if (prompt == NULL) { + if (pam_get_item(pamh, PAM_USER_PROMPT, + (const void **)&p) != PAM_SUCCESS || p == NULL) + prompt = "Login: "; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, + "%s", prompt ? prompt : p); + if (r != PAM_SUCCESS) + return (r); + *user = resp; + return (pam_set_item(pamh, PAM_USER, *user)); +} diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c new file mode 100644 index 000000000000..d6bf2194a9e0 --- /dev/null +++ b/contrib/openpam/lib/pam_getenv.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 44 + * + * Retrieve the value of a PAM environment variable + */ + +char * +pam_getenv(pam_handle_t *pamh, + const char *name) +{ + int i; + + if (pamh == NULL) + return (NULL); + + /* sanity checks */ + if (name == NULL || strchr(name, '=') != NULL) + return (NULL); + + if ((i = openpam_findenv(pamh, name, strlen(name))) == -1) + return (NULL); + return (strdup(pamh->env[i])); +} diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c new file mode 100644 index 000000000000..4409a891ac82 --- /dev/null +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -0,0 +1,70 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" +/* + * XSSO 4.2.1 + * XSSO 6 page 45 + * + * Returns a list of all the PAM environment variables + */ + +char ** +pam_getenvlist(pam_handle_t *pamh) +{ + char **envlist; + int i; + + if (pamh == NULL) + return (NULL); + + if ((envlist = malloc(sizeof(char *) * (pamh->env_count + 1))) == NULL) + return (NULL); + for (i = 0; i < pamh->env_count; ++i) { + if ((envlist[i] = strdup(pamh->env[i])) == NULL) { + while (i) + free(envlist[--i]); + free(envlist); + return (NULL); + } + } + return (envlist); +} diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c new file mode 100644 index 000000000000..ce1d2b8fb55d --- /dev/null +++ b/contrib/openpam/lib/pam_info.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_info(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + va_end(ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c new file mode 100644 index 000000000000..dcbf2b8fa580 --- /dev/null +++ b/contrib/openpam/lib/pam_open_session.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 54 + * + * Open a user session + */ + +int +pam_open_session(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags)); +} diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c new file mode 100644 index 000000000000..afc416961096 --- /dev/null +++ b/contrib/openpam/lib/pam_prompt.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_prompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, style, resp, fmt, ap); + va_end(ap); + return (r); +} diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c new file mode 100644 index 000000000000..c8701f3e8ef9 --- /dev/null +++ b/contrib/openpam/lib/pam_putenv.c @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 56 + * + * Set the value of an environment variable + */ + +int +pam_putenv(pam_handle_t *pamh, + const char *namevalue) +{ + char **env, *p; + int i; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* sanity checks */ + if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) + return (PAM_SYSTEM_ERR); + + /* see if the variable is already in the environment */ + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) { + if ((p = strdup(namevalue)) == NULL) + return (PAM_BUF_ERR); + free(pamh->env[i]); + pamh->env[i] = p; + return (PAM_SUCCESS); + } + + /* grow the environment list if necessary */ + if (pamh->env_count == pamh->env_size) { + env = realloc(pamh->env, pamh->env_size * 2 + 1); + if (env == NULL) + return (PAM_BUF_ERR); + pamh->env = env; + pamh->env_size = pamh->env_size * 2 + 1; + } + + /* add the variable at the end */ + if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) + return (PAM_BUF_ERR); + ++pamh->env_count; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c new file mode 100644 index 000000000000..59d57510be70 --- /dev/null +++ b/contrib/openpam/lib/pam_set_data.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 59 + * + * Set module information + */ + +int +pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int pam_end_status)) +{ + pam_data_t *dp; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); + dp->data = data; + dp->cleanup = cleanup; + return (PAM_SUCCESS); + } + } + + if ((dp = malloc(sizeof *dp)) == NULL) + return (PAM_BUF_ERR); + if ((dp->name = strdup(module_data_name)) == NULL) { + free(data); + return (PAM_BUF_ERR); + } + dp->next = pamh->module_data; + pamh->module_data = data; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c new file mode 100644 index 000000000000..1cebfd55aadd --- /dev/null +++ b/contrib/openpam/lib/pam_set_item.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 60 + * + * Set authentication information + */ + +int +pam_set_item(pam_handle_t *pamh, + int item_type, + const void *item) +{ + void **slot, *tmp; + size_t size; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + slot = &pamh->item[item_type]; + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + size = strlen(*slot) + 1; + if (item != NULL) + tmp = strdup(item); + break; + case PAM_CONV: + size = sizeof(struct pam_conv); + if (item != NULL) + tmp = malloc(size); + break; + default: + return (PAM_SYSTEM_ERR); + } + if (item != NULL && tmp == NULL) + return (PAM_BUF_ERR); + if (*slot != NULL) { + memset(*slot, 0xd0, size); + free(*slot); + } + *slot = tmp; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c new file mode 100644 index 000000000000..ad066df65a11 --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_set_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + const char *target_module_type, + const char *target_authn_domain) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c new file mode 100644 index 000000000000..fc1298948e3e --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_set_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_username, + char *target_module_type, + char *target_authn_domain) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c new file mode 100644 index 000000000000..0ea10ff799d4 --- /dev/null +++ b/contrib/openpam/lib/pam_setcred.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 57 + * + * Modify / delete user credentials for an authentication service + */ + +int +pam_setcred(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags)); +} diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c new file mode 100644 index 000000000000..6165b7cb00df --- /dev/null +++ b/contrib/openpam/lib/pam_setenv.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Set the value of an environment variable + * Mirrors setenv(3) + */ + +int +pam_setenv(pam_handle_t *pamh, + const char *name, + const char *value, + int overwrite) +{ + char *env; + int r; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* sanity checks */ + if (name == NULL || value == NULL || strchr(name, '=') != NULL) + return (PAM_SYSTEM_ERR); + + /* is it already there? */ + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1) + return (PAM_SUCCESS); + + /* set it... */ + if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL) + return (PAM_BUF_ERR); + sprintf(env, "%s=%s", name, value); + r = pam_putenv(pamh, env); + free(env); + return (r); +} diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c new file mode 100644 index 000000000000..ff9cc32ec5a5 --- /dev/null +++ b/contrib/openpam/lib/pam_start.c @@ -0,0 +1,292 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <ctype.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +static int _pam_configure_service(pam_handle_t *pamh, const char *service); + +/* + * XSSO 4.2.1 + * XSSO 6 page 89 + * + * Initiate a PAM transaction + */ + +int +pam_start(const char *service, + const char *user, + const struct pam_conv *pam_conv, + pam_handle_t **pamh) +{ + struct pam_handle *ph; + int r; + + if ((ph = calloc(1, sizeof *ph)) == NULL) + return (PAM_BUF_ERR); + if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) + goto fail; + + if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS && + r != PAM_BUF_ERR) + r = _pam_configure_service(ph, PAM_OTHER); + if (r != PAM_SUCCESS) + goto fail; + + *pamh = ph; + openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); + return (PAM_SUCCESS); + + fail: + pam_end(ph, r); + return (r); +} + +#define PAM_CONF_STYLE 0 +#define PAM_D_STYLE 1 +#define MAX_LINE_LEN 1024 +#define MAX_OPTIONS 256 + +static int +_pam_read_policy_file(pam_handle_t *pamh, + const char *service, + const char *filename, + int style) +{ + char buf[MAX_LINE_LEN], *p, *q; + const char *optv[MAX_OPTIONS + 1]; + int ch, chain, flag, line, optc, n, r; + size_t len; + FILE *f; + + n = 0; + + if ((f = fopen(filename, "r")) == NULL) { + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, + "%s: %m", filename); + return (0); + } + openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", + service, filename); + + for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { + if ((len = strlen(buf)) == 0) + continue; + + /* check for overflow */ + if (buf[--len] != '\n' && !feof(f)) { + openpam_log(PAM_LOG_ERROR, "%s: line %d too long", + filename, line); + openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", + filename, line); + while ((ch = fgetc(f)) != EOF) + if (ch == '\n') + break; + continue; + } + + /* strip comments and trailing whitespace */ + if ((p = strchr(buf, '#')) != NULL) + len = p - buf ? p - buf - 1 : p - buf; + while (len > 0 && isspace(buf[len])) + --len; + if (len == 0) + continue; + buf[len] = '\0'; + p = q = buf; + + /* check service name */ + if (style == PAM_CONF_STYLE) { + for (q = p = buf; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (*q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, service) != 0) + continue; + openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'", + filename, line, service); + } + + + /* get module type */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p || *q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, "auth") == 0) { + chain = PAM_AUTH; + } else if (strcmp(p, "account") == 0) { + chain = PAM_ACCOUNT; + } else if (strcmp(p, "session") == 0) { + chain = PAM_SESSION; + } else if (strcmp(p, "password") == 0) { + chain = PAM_PASSWORD; + } else { + openpam_log(PAM_LOG_ERROR, + "%s: invalid module type on line %d: '%s'", + filename, line, p); + continue; + } + + /* get control flag */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p || *q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, "required") == 0) { + flag = PAM_REQUIRED; + } else if (strcmp(p, "requisite") == 0) { + flag = PAM_REQUISITE; + } else if (strcmp(p, "sufficient") == 0) { + flag = PAM_SUFFICIENT; + } else if (strcmp(p, "optional") == 0) { + flag = PAM_OPTIONAL; + } else { + openpam_log(PAM_LOG_ERROR, + "%s: invalid control flag on line %d: '%s'", + filename, line, p); + continue; + } + + /* get module name */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p) + goto syntax_error; + + /* get options */ + for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) { + *q++ = '\0'; + while (isspace(*q)) + ++q; + optv[optc] = q; + while (*q != '\0' && !isspace(*q)) + ++q; + } + optv[optc] = NULL; + if (*q != '\0') { + *q = '\0'; + openpam_log(PAM_LOG_ERROR, + "%s: too many options on line %d", + filename, line); + } + + /* + * Finally, add the module at the end of the + * appropriate chain and bump the counter. + */ + r = openpam_add_module(pamh, chain, flag, p, optc, optv); + if (r != PAM_SUCCESS) + return (-r); + ++n; + continue; + syntax_error: + openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d", + filename, line); + openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]", + filename, line, q); + openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", + filename, line); + } + + if (ferror(f)) + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + + fclose(f); + return (n); +} + +static const char *_pam_policy_path[] = { + "/etc/pam.d/", + "/etc/pam.conf", + "/usr/local/etc/pam.d/", + NULL +}; + +static int +_pam_configure_service(pam_handle_t *pamh, + const char *service) +{ + const char **path; + char *filename; + size_t len; + int r; + + for (path = _pam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { + filename = malloc(len + strlen(service) + 1); + if (filename == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + return (PAM_BUF_ERR); + } + strcpy(filename, *path); + strcat(filename, service); + r = _pam_read_policy_file(pamh, + service, filename, PAM_D_STYLE); + free(filename); + } else { + r = _pam_read_policy_file(pamh, + service, *path, PAM_CONF_STYLE); + } + if (r < 0) + return (-r); + if (r > 0) + return (PAM_SUCCESS); + } + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c new file mode 100644 index 000000000000..516374c7346b --- /dev/null +++ b/contrib/openpam/lib/pam_strerror.c @@ -0,0 +1,123 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdio.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 92 + * + * Get PAM standard error message string + */ + +const char * +pam_strerror(pam_handle_t *pamh, + int error_number) +{ + static char unknown[16]; + + pamh = pamh; + + switch (error_number) { + case PAM_SUCCESS: + return ("success"); + case PAM_OPEN_ERR: + return ("failed to load module"); + case PAM_SYMBOL_ERR: + return ("symbol not found in module"); + case PAM_SERVICE_ERR: + return ("error in service module"); + case PAM_SYSTEM_ERR: + return ("system error"); + case PAM_BUF_ERR: + return ("memory buffer error"); + case PAM_CONV_ERR: + return ("conversation failure"); + case PAM_PERM_DENIED: + return ("permission denied"); + case PAM_MAXTRIES: + return ("maximum number of tries exceeded"); + case PAM_AUTH_ERR: + return ("authentication error"); + case PAM_NEW_AUTHTOK_REQD: + return ("new authentication token required"); + case PAM_CRED_INSUFFICIENT: + return ("insufficient credentials"); + case PAM_AUTHINFO_UNAVAIL: + return ("authentication information is unavailable"); + case PAM_USER_UNKNOWN: + return ("unknown user"); + case PAM_CRED_UNAVAIL: + return ("failed to retrieve user credentials"); + case PAM_CRED_EXPIRED: + return ("user credentials have expired"); + case PAM_CRED_ERR: + return ("failed to set user credentials"); + case PAM_ACCT_EXPIRED: + return ("user accound has expired"); + case PAM_AUTHTOK_EXPIRED: + return ("password has expired"); + case PAM_SESSION_ERR: + return ("session failure"); + case PAM_AUTHTOK_ERR: + return ("authentication token failure"); + case PAM_AUTHTOK_RECOVERY_ERR: + return ("failed to recover old authentication token"); + case PAM_AUTHTOK_LOCK_BUSY: + return ("authentication token lock busy"); + case PAM_AUTHTOK_DISABLE_AGING: + return ("authentication token ageing disabled"); + case PAM_NO_MODULE_DATA: + return ("module data not found"); + case PAM_IGNORE: + return ("ignore this module"); + case PAM_ABORT: + return ("general failure"); + case PAM_TRY_AGAIN: + return ("try again"); + case PAM_MODULE_UNKNOWN: + return ("unknown module type"); + case PAM_DOMAIN_UNKNOWN: + return ("unknown authentication domain"); + default: + snprintf(unknown, sizeof unknown, "#%d", error_number); + return (unknown); + } +} diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c new file mode 100644 index 000000000000..feeaa6ebfcf3 --- /dev/null +++ b/contrib/openpam/lib/pam_verror.c @@ -0,0 +1,60 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_verror(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c new file mode 100644 index 000000000000..24849985ff13 --- /dev/null +++ b/contrib/openpam/lib/pam_vinfo.c @@ -0,0 +1,60 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_vinfo(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c new file mode 100644 index 000000000000..f090b23653fa --- /dev/null +++ b/contrib/openpam/lib/pam_vprompt.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_vprompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + va_list ap) +{ + char msgbuf[PAM_MAX_MSG_SIZE]; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *rsp; + struct pam_conv conv; + int r; + + if ((r = pam_get_item(pamh, PAM_CONV, (void *)&conv)) != PAM_SUCCESS) + return (r); + vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); + msg.msg_style = style; + msg.msg = msgbuf; + msgp = &msg; + r = (conv.conv)(1, &msgp, &rsp, conv.appdata_ptr); + *resp = rsp == NULL ? NULL : rsp->resp; + free(rsp); + return (r); +} |