Home | History | Annotate | Line # | Download | only in pam_skey 
      1  1.3    martin /*	$NetBSD: pam_skey.c,v 1.3 2008/04/28 20:23:01 martin Exp $	*/
      2  1.1   thorpej 
      3  1.1   thorpej /*-
      4  1.1   thorpej  * Copyright (c) 2005 The NetBSD Foundation, Inc.
      5  1.1   thorpej  * All rights reserved.
      6  1.1   thorpej  *
      7  1.1   thorpej  * This code is derived from software contributed to The NetBSD Foundation
      8  1.1   thorpej  * by Jason R. Thorpe.
      9  1.1   thorpej  *
     10  1.1   thorpej  * Redistribution and use in source and binary forms, with or without
     11  1.1   thorpej  * modification, are permitted provided that the following conditions
     12  1.1   thorpej  * are met:
     13  1.1   thorpej  * 1. Redistributions of source code must retain the above copyright
     14  1.1   thorpej  *    notice, this list of conditions and the following disclaimer.
     15  1.1   thorpej  * 2. Redistributions in binary form must reproduce the above copyright
     16  1.1   thorpej  *    notice, this list of conditions and the following disclaimer in the
     17  1.1   thorpej  *    documentation and/or other materials provided with the distribution.
     18  1.1   thorpej  *
     19  1.1   thorpej  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
     20  1.1   thorpej  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
     21  1.1   thorpej  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     22  1.1   thorpej  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
     23  1.1   thorpej  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     24  1.1   thorpej  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     25  1.1   thorpej  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     26  1.1   thorpej  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
     27  1.1   thorpej  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     28  1.1   thorpej  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     29  1.1   thorpej  * POSSIBILITY OF SUCH DAMAGE.
     30  1.1   thorpej  */
     31  1.1   thorpej 
     32  1.1   thorpej #include <sys/cdefs.h>
     33  1.3    martin __RCSID("$NetBSD: pam_skey.c,v 1.3 2008/04/28 20:23:01 martin Exp $");
     34  1.1   thorpej 
     35  1.1   thorpej #include <sys/types.h>
     36  1.1   thorpej #include <string.h>
     37  1.1   thorpej #include <stdio.h>
     38  1.1   thorpej #include <stdlib.h>
     39  1.1   thorpej #include <unistd.h>
     40  1.1   thorpej 
     41  1.1   thorpej #include <skey.h>
     42  1.1   thorpej 
     43  1.1   thorpej #define	PAM_SM_AUTH
     44  1.1   thorpej 
     45  1.1   thorpej #include <security/pam_appl.h>
     46  1.1   thorpej #include <security/pam_modules.h>
     47  1.1   thorpej #include <security/pam_mod_misc.h>
     48  1.1   thorpej 
     49  1.1   thorpej /*
     50  1.1   thorpej  * authentication management
     51  1.1   thorpej  */
     52  1.1   thorpej PAM_EXTERN int
     53  1.1   thorpej /*ARGSUSED*/
     54  1.1   thorpej pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     55  1.1   thorpej     int argc __unused, const char *argv[] __unused)
     56  1.1   thorpej {
     57  1.1   thorpej 	const char *user, *skinfo, *pass;
     58  1.1   thorpej 	char *response;
     59  1.1   thorpej 	int retval;
     60  1.1   thorpej 	char skprompt[80];
     61  1.1   thorpej 
     62  1.1   thorpej 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
     63  1.1   thorpej 		user = getlogin();
     64  1.1   thorpej 	} else {
     65  1.1   thorpej 		retval = pam_get_user(pamh, &user, NULL);
     66  1.1   thorpej 		if (retval != PAM_SUCCESS)
     67  1.1   thorpej 			return (retval);
     68  1.1   thorpej 		PAM_LOG("Got user: %s", user);
     69  1.1   thorpej 	}
     70  1.1   thorpej 
     71  1.1   thorpej 	if (skey_haskey(user) != 0)
     72  1.1   thorpej 		return (PAM_SERVICE_ERR);	/* XXX PAM_AUTHINFO_UNAVAIL? */
     73  1.1   thorpej 
     74  1.1   thorpej 	skinfo = skey_keyinfo(user);
     75  1.1   thorpej 	if (skinfo == NULL) {
     76  1.1   thorpej 		PAM_VERBOSE_ERROR("Error getting S/Key challenge");
     77  1.1   thorpej 		return (PAM_SERVICE_ERR);
     78  1.1   thorpej 	}
     79  1.1   thorpej 
     80  1.1   thorpej 	(void) snprintf(skprompt, sizeof(skprompt),
     81  1.2  christos 	    "Password [ %s ]:", skinfo);
     82  1.1   thorpej 
     83  1.1   thorpej 	retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, skprompt);
     84  1.1   thorpej 	if (retval != PAM_SUCCESS)
     85  1.1   thorpej 		return (retval);
     86  1.1   thorpej 
     87  1.1   thorpej 	response = strdup(pass);
     88  1.1   thorpej 	if (response == NULL) {
     89  1.1   thorpej 		pam_error(pamh, "Unable to copy S/Key response");
     90  1.1   thorpej 		return (PAM_SERVICE_ERR);
     91  1.1   thorpej 	}
     92  1.1   thorpej 
     93  1.1   thorpej 	retval = skey_passcheck(user, response) == -1 ?
     94  1.1   thorpej 	    PAM_AUTH_ERR : PAM_SUCCESS;
     95  1.1   thorpej 
     96  1.1   thorpej 	free(response);
     97  1.1   thorpej 
     98  1.1   thorpej 	return (retval);
     99  1.1   thorpej }
    100  1.1   thorpej 
    101  1.1   thorpej PAM_EXTERN int
    102  1.1   thorpej /*ARGSUSED*/
    103  1.1   thorpej pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
    104  1.1   thorpej     int argc __unused, const char *argv[] __unused)
    105  1.1   thorpej {
    106  1.1   thorpej 
    107  1.1   thorpej 	return (PAM_SUCCESS);
    108  1.1   thorpej }
    109  1.1   thorpej 
    110  1.1   thorpej PAM_MODULE_ENTRY("pam_skey");
    111