Home | History | Annotate | Line # | Download | only in passwd
pam_passwd.c revision 1.2 
      1 /*	$NetBSD: pam_passwd.c,v 1.2 2005/02/24 05:11:34 thorpej Exp $	*/
      2 
      3 /*-
      4  * Copyright (c) 2002 Networks Associates Technologies, Inc.
      5  * All rights reserved.
      6  *
      7  * This software was developed for the FreeBSD Project by ThinkSec AS and
      8  * NAI Labs, the Security Research Division of Network Associates, Inc.
      9  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
     10  * DARPA CHATS research program.
     11  *
     12  * Redistribution and use in source and binary forms, with or without
     13  * modification, are permitted provided that the following conditions
     14  * are met:
     15  * 1. Redistributions of source code must retain the above copyright
     16  *    notice, this list of conditions and the following disclaimer.
     17  * 2. Redistributions in binary form must reproduce the above copyright
     18  *    notice, this list of conditions and the following disclaimer in the
     19  *    documentation and/or other materials provided with the distribution.
     20  * 3. The name of the author may not be used to endorse or promote
     21  *    products derived from this software without specific prior written
     22  *    permission.
     23  *
     24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
     25  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     29  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     30  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     32  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     34  * SUCH DAMAGE.
     35  */
     36 
     37 #include <sys/cdefs.h>
     38 #ifdef __FreeBSD__
     39 __FBSDID("$FreeBSD: src/usr.bin/passwd/passwd.c,v 1.23 2003/04/18 21:27:09 nectar Exp $");
     40 #else
     41 __RCSID("$NetBSD: pam_passwd.c,v 1.2 2005/02/24 05:11:34 thorpej Exp $");
     42 #endif
     43 
     44 #include <sys/param.h>
     45 
     46 #include <err.h>
     47 #include <pwd.h>
     48 #include <stdio.h>
     49 #include <stdlib.h>
     50 #include <syslog.h>
     51 #include <unistd.h>
     52 
     53 #include "extern.h"
     54 
     55 #include <security/pam_appl.h>
     56 #include <security/openpam.h>
     57 
     58 static pam_handle_t *pamh;
     59 static struct pam_conv pamc = {
     60 	openpam_ttyconv,
     61 	NULL
     62 };
     63 
     64 static const char	*progname;
     65 static const char	*yp_domain;
     66 static const char	*yp_server;
     67 static int	 usage = PW_DONT_USE;
     68 
     69 #define pam_check(func) do { \
     70 	if (pam_err != PAM_SUCCESS) { \
     71 		if (pam_err == PAM_AUTH_ERR || pam_err == PAM_PERM_DENIED || \
     72 		    pam_err == PAM_AUTHTOK_RECOVERY_ERR) \
     73 			warnx("sorry"); \
     74 		else \
     75 			warnx("%s(): %s", func, pam_strerror(pamh, pam_err)); \
     76 		goto end; \
     77 	} \
     78 } while (0)
     79 
     80 
     81 int
     82 pwpam_init(const char *pname)
     83 {
     84 	progname = pname;
     85 	return 0;
     86 }
     87 
     88 int
     89 pwpam_arg(char arg, const char *optarg)
     90 {
     91 	switch (arg) {
     92 	case 'p':
     93 		usage = PW_USE_FORCE;
     94 		break;
     95 	case 'd':
     96 		yp_domain = optarg;
     97 		break;
     98 	case 's':
     99 		yp_server = optarg;
    100 		break;
    101 	default:
    102 		return 0;
    103 	}
    104 	return 1;
    105 }
    106 
    107 int
    108 pwpam_arg_end(void)
    109 {
    110 	return usage;
    111 }
    112 
    113 void
    114 pwpam_end(void)
    115 {
    116 	/* NOOP */
    117 }
    118 
    119 int
    120 pwpam_chpw(const char *uname)
    121 {
    122 	int pam_err;
    123 	char hostname[MAXHOSTNAMELEN + 1];
    124 
    125 	/* initialize PAM */
    126 	pam_err = pam_start(progname, uname, &pamc, &pamh);
    127 	pam_check("pam_start");
    128 
    129 	pam_err = pam_set_item(pamh, PAM_TTY, ttyname(STDERR_FILENO));
    130 	pam_check("pam_set_item");
    131 	(void)gethostname(hostname, sizeof hostname);
    132 	pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
    133 	pam_check("pam_set_item");
    134 	pam_err = pam_set_item(pamh, PAM_RUSER, getlogin());
    135 	pam_check("pam_set_item");
    136 
    137 	/* set YP domain and host */
    138 	pam_err = pam_set_data(pamh, "yp_domain", __UNCONST(yp_domain), NULL);
    139 	pam_check("pam_set_data");
    140 	pam_err = pam_set_data(pamh, "yp_server", __UNCONST(yp_server), NULL);
    141 	pam_check("pam_set_data");
    142 
    143 	/* set new password */
    144 	pam_err = pam_chauthtok(pamh, 0);
    145 	pam_check("pam_chauthtok");
    146 
    147  end:
    148 	pam_end(pamh, pam_err);
    149 	return pam_err == PAM_SUCCESS ? 0 : 1;
    150 }
    151