pam
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

139 lines
3.7 KiB

  1. // Copyright 2007-2010 Mir Calculate Ltd. http://www.calculate-linux.org
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. #include <security/pam_modules.h>
  15. #include <stdio.h>
  16. #include <stdlib.h>
  17. #include <stdint.h>
  18. #include <stdarg.h>
  19. #include <string.h>
  20. #include <unistd.h>
  21. #include <sys/types.h>
  22. #include <ctype.h>
  23. #include <asm/unistd.h>
  24. #include "keyutils.h"
  25. #define PAM_SM_AUTH
  26. #define MAX_V 30
  27. // if (strcmp(arg, "@t" ) == 0) return KEY_SPEC_THREAD_KEYRING;
  28. // if (strcmp(arg, "@p" ) == 0) return KEY_SPEC_PROCESS_KEYRING;
  29. // if (strcmp(arg, "@s" ) == 0) return KEY_SPEC_SESSION_KEYRING;
  30. // if (strcmp(arg, "@u" ) == 0) return KEY_SPEC_USER_KEYRING;
  31. // if (strcmp(arg, "@us") == 0) return KEY_SPEC_USER_SESSION_KEYRING;
  32. // if (strcmp(arg, "@g" ) == 0) return KEY_SPEC_GROUP_KEYRING;
  33. // if (strcmp(arg, "@a" ) == 0) return KEY_SPEC_REQKEY_AUTH_KEY;
  34. // Authentication function
  35. PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
  36. ,int argc, const char **argv)
  37. {
  38. unsigned int ctrl;
  39. int retval;
  40. const char *name, *p;
  41. char *token;
  42. // Get username
  43. retval = pam_get_user(pamh, &name, "login: ");
  44. if (retval!=PAM_SUCCESS) {return PAM_AUTH_ERR;};
  45. // Structure for pam-functions
  46. struct pam_conv *conv;
  47. // Structure for pam-messages
  48. struct pam_message *pmsg[3],msg[3];
  49. // Structure for pam-pesponse
  50. struct pam_response *response;
  51. // Get the function to obtain a password
  52. retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv );
  53. if (retval!=PAM_SUCCESS) {return PAM_AUTH_ERR;}
  54. int flag = 0;
  55. for (ctrl=0; argc-- > 0; ++argv)
  56. {
  57. if (!strcmp(*argv,"use_first_pass"))
  58. {
  59. retval = pam_get_item(pamh,PAM_AUTHTOK,(const void **)&p);
  60. if (retval!=PAM_SUCCESS) {return PAM_AUTH_ERR;};
  61. flag = 1;
  62. };
  63. };
  64. if (flag == 0){
  65. // Initialize the structure for pam-messages
  66. pmsg[0] = &msg[0];
  67. msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
  68. msg[0].msg="Password:";
  69. // Get a pointer to the answer pam
  70. retval = conv->conv(1, ( const struct pam_message ** ) pmsg, &response, conv->appdata_ptr);
  71. if (retval!=PAM_SUCCESS) {return PAM_AUTH_ERR;};
  72. // Get Password
  73. p = response->resp;
  74. };
  75. // Ignore the root user
  76. if (strcmp(name,"root")){
  77. key_serial_t dest;
  78. int ret;
  79. // User id and gid
  80. uid_t uid, gid;
  81. // Get user id and gid
  82. uid = getuid();
  83. gid = getgid();
  84. if (uid==0 && gid==0){
  85. // Get id (user key)
  86. dest = KEY_SPEC_USER_SESSION_KEYRING;
  87. // Write the key in the keystore kernel (space of root)
  88. ret = add_key("user", name, p, strlen(p), dest);
  89. };
  90. }
  91. if (p) {
  92. // Copy password for send to next module
  93. token = strdup(p);
  94. p=NULL;
  95. // Send password to next module
  96. retval = pam_set_item (pamh, PAM_AUTHTOK, (const void *) token);
  97. if (retval == PAM_SUCCESS) {return PAM_SUCCESS;}
  98. }
  99. return PAM_AUTH_ERR;
  100. }
  101. // Empty function, necessary for pam-module
  102. PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
  103. ,int argc, const char **argv)
  104. {
  105. return PAM_SUCCESS;
  106. }
  107. #ifdef PAM_STATIC
  108. struct pam_module _pam_unix_auth_modstruct = {
  109. "pam_permit",
  110. pam_sm_authenticate,
  111. pam_sm_setcred,
  112. NULL,
  113. NULL,
  114. NULL,
  115. NULL,
  116. };
  117. #endif