1*10b5fe87SSascha Wildner /*-
2*10b5fe87SSascha Wildner * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3*10b5fe87SSascha Wildner * Copyright (c) 2004-2017 Dag-Erling Smørgrav
4*10b5fe87SSascha Wildner * All rights reserved.
5*10b5fe87SSascha Wildner *
6*10b5fe87SSascha Wildner * This software was developed for the FreeBSD Project by ThinkSec AS and
7*10b5fe87SSascha Wildner * Network Associates Laboratories, the Security Research Division of
8*10b5fe87SSascha Wildner * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9*10b5fe87SSascha Wildner * ("CBOSS"), as part of the DARPA CHATS research program.
10*10b5fe87SSascha Wildner *
11*10b5fe87SSascha Wildner * Redistribution and use in source and binary forms, with or without
12*10b5fe87SSascha Wildner * modification, are permitted provided that the following conditions
13*10b5fe87SSascha Wildner * are met:
14*10b5fe87SSascha Wildner * 1. Redistributions of source code must retain the above copyright
15*10b5fe87SSascha Wildner * notice, this list of conditions and the following disclaimer.
16*10b5fe87SSascha Wildner * 2. Redistributions in binary form must reproduce the above copyright
17*10b5fe87SSascha Wildner * notice, this list of conditions and the following disclaimer in the
18*10b5fe87SSascha Wildner * documentation and/or other materials provided with the distribution.
19*10b5fe87SSascha Wildner * 3. The name of the author may not be used to endorse or promote
20*10b5fe87SSascha Wildner * products derived from this software without specific prior written
21*10b5fe87SSascha Wildner * permission.
22*10b5fe87SSascha Wildner *
23*10b5fe87SSascha Wildner * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24*10b5fe87SSascha Wildner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25*10b5fe87SSascha Wildner * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26*10b5fe87SSascha Wildner * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27*10b5fe87SSascha Wildner * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28*10b5fe87SSascha Wildner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29*10b5fe87SSascha Wildner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30*10b5fe87SSascha Wildner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31*10b5fe87SSascha Wildner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32*10b5fe87SSascha Wildner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33*10b5fe87SSascha Wildner * SUCH DAMAGE.
34*10b5fe87SSascha Wildner *
35*10b5fe87SSascha Wildner * $OpenPAM: pam_get_authtok.c 938 2017-04-30 21:34:42Z des $
36*10b5fe87SSascha Wildner */
37*10b5fe87SSascha Wildner
38*10b5fe87SSascha Wildner #ifdef HAVE_CONFIG_H
39*10b5fe87SSascha Wildner # include "config.h"
40*10b5fe87SSascha Wildner #endif
41*10b5fe87SSascha Wildner
42*10b5fe87SSascha Wildner #include <sys/param.h>
43*10b5fe87SSascha Wildner
44*10b5fe87SSascha Wildner #include <stdlib.h>
45*10b5fe87SSascha Wildner #include <string.h>
46*10b5fe87SSascha Wildner
47*10b5fe87SSascha Wildner #include <security/pam_appl.h>
48*10b5fe87SSascha Wildner #include <security/openpam.h>
49*10b5fe87SSascha Wildner
50*10b5fe87SSascha Wildner #include "openpam_impl.h"
51*10b5fe87SSascha Wildner #include "openpam_strlset.h"
52*10b5fe87SSascha Wildner
53*10b5fe87SSascha Wildner static const char authtok_prompt[] = "Password:";
54*10b5fe87SSascha Wildner static const char authtok_prompt_remote[] = "Password for %u@%h:";
55*10b5fe87SSascha Wildner static const char oldauthtok_prompt[] = "Old Password:";
56*10b5fe87SSascha Wildner static const char newauthtok_prompt[] = "New Password:";
57*10b5fe87SSascha Wildner
58*10b5fe87SSascha Wildner /*
59*10b5fe87SSascha Wildner * OpenPAM extension
60*10b5fe87SSascha Wildner *
61*10b5fe87SSascha Wildner * Retrieve authentication token
62*10b5fe87SSascha Wildner */
63*10b5fe87SSascha Wildner
64*10b5fe87SSascha Wildner int
pam_get_authtok(pam_handle_t * pamh,int item,const char ** authtok,const char * prompt)65*10b5fe87SSascha Wildner pam_get_authtok(pam_handle_t *pamh,
66*10b5fe87SSascha Wildner int item,
67*10b5fe87SSascha Wildner const char **authtok,
68*10b5fe87SSascha Wildner const char *prompt)
69*10b5fe87SSascha Wildner {
70*10b5fe87SSascha Wildner char prompt_buf[1024];
71*10b5fe87SSascha Wildner size_t prompt_size;
72*10b5fe87SSascha Wildner const void *oldauthtok, *prevauthtok, *promptp;
73*10b5fe87SSascha Wildner const char *prompt_option, *default_prompt;
74*10b5fe87SSascha Wildner const void *lhost, *rhost;
75*10b5fe87SSascha Wildner char *resp, *resp2;
76*10b5fe87SSascha Wildner int pitem, r, style, twice;
77*10b5fe87SSascha Wildner
78*10b5fe87SSascha Wildner ENTER();
79*10b5fe87SSascha Wildner *authtok = NULL;
80*10b5fe87SSascha Wildner twice = 0;
81*10b5fe87SSascha Wildner switch (item) {
82*10b5fe87SSascha Wildner case PAM_AUTHTOK:
83*10b5fe87SSascha Wildner pitem = PAM_AUTHTOK_PROMPT;
84*10b5fe87SSascha Wildner prompt_option = "authtok_prompt";
85*10b5fe87SSascha Wildner default_prompt = authtok_prompt;
86*10b5fe87SSascha Wildner r = pam_get_item(pamh, PAM_RHOST, &rhost);
87*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && rhost != NULL) {
88*10b5fe87SSascha Wildner r = pam_get_item(pamh, PAM_HOST, &lhost);
89*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && lhost != NULL) {
90*10b5fe87SSascha Wildner if (strcmp(rhost, lhost) != 0)
91*10b5fe87SSascha Wildner default_prompt = authtok_prompt_remote;
92*10b5fe87SSascha Wildner }
93*10b5fe87SSascha Wildner }
94*10b5fe87SSascha Wildner r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
95*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && oldauthtok != NULL) {
96*10b5fe87SSascha Wildner default_prompt = newauthtok_prompt;
97*10b5fe87SSascha Wildner twice = 1;
98*10b5fe87SSascha Wildner }
99*10b5fe87SSascha Wildner break;
100*10b5fe87SSascha Wildner case PAM_OLDAUTHTOK:
101*10b5fe87SSascha Wildner pitem = PAM_OLDAUTHTOK_PROMPT;
102*10b5fe87SSascha Wildner prompt_option = "oldauthtok_prompt";
103*10b5fe87SSascha Wildner default_prompt = oldauthtok_prompt;
104*10b5fe87SSascha Wildner twice = 0;
105*10b5fe87SSascha Wildner break;
106*10b5fe87SSascha Wildner default:
107*10b5fe87SSascha Wildner RETURNC(PAM_BAD_CONSTANT);
108*10b5fe87SSascha Wildner }
109*10b5fe87SSascha Wildner if (openpam_get_option(pamh, "try_first_pass") ||
110*10b5fe87SSascha Wildner openpam_get_option(pamh, "use_first_pass")) {
111*10b5fe87SSascha Wildner r = pam_get_item(pamh, item, &prevauthtok);
112*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && prevauthtok != NULL) {
113*10b5fe87SSascha Wildner *authtok = prevauthtok;
114*10b5fe87SSascha Wildner RETURNC(PAM_SUCCESS);
115*10b5fe87SSascha Wildner } else if (openpam_get_option(pamh, "use_first_pass")) {
116*10b5fe87SSascha Wildner RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
117*10b5fe87SSascha Wildner }
118*10b5fe87SSascha Wildner }
119*10b5fe87SSascha Wildner /* pam policy overrides the module's choice */
120*10b5fe87SSascha Wildner if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
121*10b5fe87SSascha Wildner prompt = promptp;
122*10b5fe87SSascha Wildner /* no prompt provided, see if there is one tucked away somewhere */
123*10b5fe87SSascha Wildner if (prompt == NULL) {
124*10b5fe87SSascha Wildner r = pam_get_item(pamh, pitem, &promptp);
125*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && promptp != NULL)
126*10b5fe87SSascha Wildner prompt = promptp;
127*10b5fe87SSascha Wildner }
128*10b5fe87SSascha Wildner /* fall back to hardcoded default */
129*10b5fe87SSascha Wildner if (prompt == NULL)
130*10b5fe87SSascha Wildner prompt = default_prompt;
131*10b5fe87SSascha Wildner /* expand */
132*10b5fe87SSascha Wildner prompt_size = sizeof prompt_buf;
133*10b5fe87SSascha Wildner r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt);
134*10b5fe87SSascha Wildner if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf)
135*10b5fe87SSascha Wildner prompt = prompt_buf;
136*10b5fe87SSascha Wildner style = openpam_get_option(pamh, "echo_pass") ?
137*10b5fe87SSascha Wildner PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
138*10b5fe87SSascha Wildner r = pam_prompt(pamh, style, &resp, "%s", prompt);
139*10b5fe87SSascha Wildner if (r != PAM_SUCCESS)
140*10b5fe87SSascha Wildner RETURNC(r);
141*10b5fe87SSascha Wildner if (twice) {
142*10b5fe87SSascha Wildner r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
143*10b5fe87SSascha Wildner if (r != PAM_SUCCESS) {
144*10b5fe87SSascha Wildner strlset(resp, 0, PAM_MAX_RESP_SIZE);
145*10b5fe87SSascha Wildner FREE(resp);
146*10b5fe87SSascha Wildner RETURNC(r);
147*10b5fe87SSascha Wildner }
148*10b5fe87SSascha Wildner if (strcmp(resp, resp2) != 0) {
149*10b5fe87SSascha Wildner strlset(resp, 0, PAM_MAX_RESP_SIZE);
150*10b5fe87SSascha Wildner FREE(resp);
151*10b5fe87SSascha Wildner }
152*10b5fe87SSascha Wildner strlset(resp2, 0, PAM_MAX_RESP_SIZE);
153*10b5fe87SSascha Wildner FREE(resp2);
154*10b5fe87SSascha Wildner }
155*10b5fe87SSascha Wildner if (resp == NULL)
156*10b5fe87SSascha Wildner RETURNC(PAM_TRY_AGAIN);
157*10b5fe87SSascha Wildner r = pam_set_item(pamh, item, resp);
158*10b5fe87SSascha Wildner strlset(resp, 0, PAM_MAX_RESP_SIZE);
159*10b5fe87SSascha Wildner FREE(resp);
160*10b5fe87SSascha Wildner if (r != PAM_SUCCESS)
161*10b5fe87SSascha Wildner RETURNC(r);
162*10b5fe87SSascha Wildner r = pam_get_item(pamh, item, (const void **)authtok);
163*10b5fe87SSascha Wildner RETURNC(r);
164*10b5fe87SSascha Wildner }
165*10b5fe87SSascha Wildner
166*10b5fe87SSascha Wildner /*
167*10b5fe87SSascha Wildner * Error codes:
168*10b5fe87SSascha Wildner *
169*10b5fe87SSascha Wildner * =pam_get_item
170*10b5fe87SSascha Wildner * =pam_prompt
171*10b5fe87SSascha Wildner * =pam_set_item
172*10b5fe87SSascha Wildner * !PAM_SYMBOL_ERR
173*10b5fe87SSascha Wildner * PAM_BAD_CONSTANT
174*10b5fe87SSascha Wildner * PAM_TRY_AGAIN
175*10b5fe87SSascha Wildner */
176*10b5fe87SSascha Wildner
177*10b5fe87SSascha Wildner /**
178*10b5fe87SSascha Wildner * The =pam_get_authtok function either prompts the user for an
179*10b5fe87SSascha Wildner * authentication token or retrieves a cached authentication token,
180*10b5fe87SSascha Wildner * depending on circumstances.
181*10b5fe87SSascha Wildner * Either way, a pointer to the authentication token is stored in the
182*10b5fe87SSascha Wildner * location pointed to by the =authtok argument, and the corresponding PAM
183*10b5fe87SSascha Wildner * item is updated.
184*10b5fe87SSascha Wildner *
185*10b5fe87SSascha Wildner * The =item argument must have one of the following values:
186*10b5fe87SSascha Wildner *
187*10b5fe87SSascha Wildner * =PAM_AUTHTOK:
188*10b5fe87SSascha Wildner * Returns the current authentication token, or the new token
189*10b5fe87SSascha Wildner * when changing authentication tokens.
190*10b5fe87SSascha Wildner * =PAM_OLDAUTHTOK:
191*10b5fe87SSascha Wildner * Returns the previous authentication token when changing
192*10b5fe87SSascha Wildner * authentication tokens.
193*10b5fe87SSascha Wildner *
194*10b5fe87SSascha Wildner * The =prompt argument specifies a prompt to use if no token is cached.
195*10b5fe87SSascha Wildner * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item,
196*10b5fe87SSascha Wildner * as appropriate, will be used.
197*10b5fe87SSascha Wildner * If that item is also =NULL, a hardcoded default prompt will be used.
198*10b5fe87SSascha Wildner * Additionally, when =pam_get_authtok is called from a service module,
199*10b5fe87SSascha Wildner * the prompt may be affected by module options as described below.
200*10b5fe87SSascha Wildner * The prompt is then expanded using =openpam_subst before it is passed to
201*10b5fe87SSascha Wildner * the conversation function.
202*10b5fe87SSascha Wildner *
203*10b5fe87SSascha Wildner * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
204*10b5fe87SSascha Wildner * item, =pam_get_authtok will ask the user to confirm the new token by
205*10b5fe87SSascha Wildner * retyping it.
206*10b5fe87SSascha Wildner * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN.
207*10b5fe87SSascha Wildner *
208*10b5fe87SSascha Wildner * MODULE OPTIONS
209*10b5fe87SSascha Wildner *
210*10b5fe87SSascha Wildner * When called by a service module, =pam_get_authtok will recognize the
211*10b5fe87SSascha Wildner * following module options:
212*10b5fe87SSascha Wildner *
213*10b5fe87SSascha Wildner * ;authtok_prompt:
214*10b5fe87SSascha Wildner * Prompt to use when =item is set to =PAM_AUTHTOK.
215*10b5fe87SSascha Wildner * This option overrides both the =prompt argument and the
216*10b5fe87SSascha Wildner * =PAM_AUTHTOK_PROMPT item.
217*10b5fe87SSascha Wildner * ;echo_pass:
218*10b5fe87SSascha Wildner * If the application's conversation function allows it, this
219*10b5fe87SSascha Wildner * lets the user see what they are typing.
220*10b5fe87SSascha Wildner * This should only be used for non-reusable authentication
221*10b5fe87SSascha Wildner * tokens.
222*10b5fe87SSascha Wildner * ;oldauthtok_prompt:
223*10b5fe87SSascha Wildner * Prompt to use when =item is set to =PAM_OLDAUTHTOK.
224*10b5fe87SSascha Wildner * This option overrides both the =prompt argument and the
225*10b5fe87SSascha Wildner * =PAM_OLDAUTHTOK_PROMPT item.
226*10b5fe87SSascha Wildner * ;try_first_pass:
227*10b5fe87SSascha Wildner * If the requested item is non-null, return it without
228*10b5fe87SSascha Wildner * prompting the user.
229*10b5fe87SSascha Wildner * Typically, the service module will verify the token, and
230*10b5fe87SSascha Wildner * if it does not match, clear the item before calling
231*10b5fe87SSascha Wildner * =pam_get_authtok a second time.
232*10b5fe87SSascha Wildner * ;use_first_pass:
233*10b5fe87SSascha Wildner * Do not prompt the user at all; just return the cached
234*10b5fe87SSascha Wildner * value, or =PAM_AUTH_ERR if there is none.
235*10b5fe87SSascha Wildner *
236*10b5fe87SSascha Wildner * >pam_conv
237*10b5fe87SSascha Wildner * >pam_get_item
238*10b5fe87SSascha Wildner * >pam_get_user
239*10b5fe87SSascha Wildner * >openpam_get_option
240*10b5fe87SSascha Wildner * >openpam_subst
241*10b5fe87SSascha Wildner */
242