1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <syslog.h>
27 #include <dlfcn.h>
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <stdlib.h>
31 #include <strings.h>
32 #include <malloc.h>
33 #include <unistd.h>
34 #include <fcntl.h>
35 #include <errno.h>
36
37 #include <security/pam_appl.h>
38 #include <security/pam_modules.h>
39 #include <sys/mman.h>
40
41 #include <libintl.h>
42
43 #include "pam_impl.h"
44
45 static char *pam_snames [PAM_NUM_MODULE_TYPES] = {
46 PAM_ACCOUNT_NAME,
47 PAM_AUTH_NAME,
48 PAM_PASSWORD_NAME,
49 PAM_SESSION_NAME
50 };
51
52 static char *pam_inames [PAM_MAX_ITEMS] = {
53 /* NONE */ NULL,
54 /* PAM_SERVICE */ "service",
55 /* PAM_USER */ "user",
56 /* PAM_TTY */ "tty",
57 /* PAM_RHOST */ "rhost",
58 /* PAM_CONV */ "conv",
59 /* PAM_AUTHTOK */ "authtok",
60 /* PAM_OLDAUTHTOK */ "oldauthtok",
61 /* PAM_RUSER */ "ruser",
62 /* PAM_USER_PROMPT */ "user_prompt",
63 /* PAM_REPOSITORY */ "repository",
64 /* PAM_RESOURCE */ "resource",
65 /* PAM_AUSER */ "auser",
66 /* Undefined Items */
67 };
68
69 /*
70 * This extra definition is needed in order to build this library
71 * on pre-64-bit-aware systems.
72 */
73 #if !defined(_LFS64_LARGEFILE)
74 #define stat64 stat
75 #endif /* !defined(_LFS64_LARGEFILE) */
76
77 /* functions to dynamically load modules */
78 static int load_modules(pam_handle_t *, int, char *, pamtab_t *);
79 static void *open_module(pam_handle_t *, char *);
80 static int load_function(void *, char *, int (**func)());
81
82 /* functions to read and store the pam.conf configuration file */
83 static int open_pam_conf(struct pam_fh **, pam_handle_t *, char *);
84 static void close_pam_conf(struct pam_fh *);
85 static int read_pam_conf(pam_handle_t *, char *);
86 static int get_pam_conf_entry(struct pam_fh *, pam_handle_t *,
87 pamtab_t **);
88 static char *read_next_token(char **);
89 static char *nextline(struct pam_fh *, pam_handle_t *, int *);
90 static int verify_pam_conf(pamtab_t *, char *);
91
92 /* functions to clean up and free memory */
93 static void clean_up(pam_handle_t *);
94 static void free_pamconf(pamtab_t *);
95 static void free_pam_conf_info(pam_handle_t *);
96 static void free_env(env_list *);
97
98 /* convenience functions for I18N/L10N communication */
99
100 static void free_resp(int, struct pam_response *);
101 static int do_conv(pam_handle_t *, int, int,
102 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE], void *,
103 struct pam_response **);
104
105 static int log_priority; /* pam_trace syslog priority & facility */
106 static int pam_debug = 0;
107
108 static char *
pam_trace_iname(int item_type,char * iname_buf)109 pam_trace_iname(int item_type, char *iname_buf)
110 {
111 char *name;
112
113 if (item_type <= 0 ||
114 item_type >= PAM_MAX_ITEMS ||
115 (name = pam_inames[item_type]) == NULL) {
116 (void) sprintf(iname_buf, "%d", item_type);
117 return (iname_buf);
118 }
119 return (name);
120 }
121
122 static char *
pam_trace_fname(int flag)123 pam_trace_fname(int flag)
124 {
125 if (flag & PAM_BINDING)
126 return (PAM_BINDING_NAME);
127 if (flag & PAM_INCLUDE)
128 return (PAM_INCLUDE_NAME);
129 if (flag & PAM_OPTIONAL)
130 return (PAM_OPTIONAL_NAME);
131 if (flag & PAM_REQUIRED)
132 return (PAM_REQUIRED_NAME);
133 if (flag & PAM_REQUISITE)
134 return (PAM_REQUISITE_NAME);
135 if (flag & PAM_SUFFICIENT)
136 return (PAM_SUFFICIENT_NAME);
137 return ("bad flag name");
138 }
139
140 static char *
pam_trace_cname(pam_handle_t * pamh)141 pam_trace_cname(pam_handle_t *pamh)
142 {
143 if (pamh->pam_conf_name[pamh->include_depth] == NULL)
144 return ("NULL");
145 return (pamh->pam_conf_name[pamh->include_depth]);
146 }
147
148 #include <deflt.h>
149 #include <stdarg.h>
150 /*
151 * pam_settrace - setup configuration for pam tracing
152 *
153 * turn on PAM debug if "magic" file exists
154 * if exists (original), pam_debug = PAM_DEBUG_DEFAULT,
155 * log_priority = LOG_DEBUG(7) and log_facility = LOG_AUTH(4).
156 *
157 * if has contents, keywork=value pairs:
158 *
159 * "log_priority=" 0-7, the pam_trace syslog priority to use
160 * (see sys/syslog.h)
161 * "log_facility=" 0-23, the pam_trace syslog facility to use
162 * (see sys/syslog.h)
163 * "debug_flags=" PAM_DEBUG_DEFAULT (0x0001), log traditional
164 * (original) debugging.
165 * Plus the logical or of:
166 * PAM_DEBUG_ITEM (0x0002), log item values and
167 * pam_get_item.
168 * PAM_DEBUG_MODULE (0x0004), log module return status.
169 * PAM_DEBUG_CONF (0x0008), log pam.conf parsing.
170 * PAM_DEBUG_DATA (0x0010), get/set_data.
171 * PAM_DEBUG_CONV (0x0020), conversation/response.
172 *
173 * If compiled with DEBUG:
174 * PAM_DEBUG_AUTHTOK (0x8000), display AUTHTOK value if
175 * PAM_DEBUG_ITEM is set and results from
176 * PAM_PROMPT_ECHO_OFF responses.
177 * USE CAREFULLY, THIS EXPOSES THE USER'S PASSWORDS.
178 *
179 * or set to 0 and off even if PAM_DEBUG file exists.
180 *
181 * Output has the general form:
182 * <whatever was set syslog> PAM[<pid>]: <interface>(<handle> and other info)
183 * <whatever was set syslog> PAM[<pid>]: details requested for <interface> call
184 * Where: <pid> is the process ID of the calling process.
185 * <handle> is the Hex value of the pam_handle associated with the
186 * call.
187 */
188
189 static void
pam_settrace()190 pam_settrace()
191 {
192 void *defp;
193
194 if ((defp = defopen_r(PAM_DEBUG)) != NULL) {
195 char *arg;
196 int code;
197 int facility = LOG_AUTH;
198
199 pam_debug = PAM_DEBUG_DEFAULT;
200 log_priority = LOG_DEBUG;
201
202 (void) defcntl_r(DC_SETFLAGS, DC_CASE, defp);
203 if ((arg = defread_r(LOG_PRIORITY, defp)) != NULL) {
204 code = (int)strtol(arg, NULL, 10);
205 if ((code & ~LOG_PRIMASK) == 0) {
206 log_priority = code;
207 }
208 }
209 if ((arg = defread_r(LOG_FACILITY, defp)) != NULL) {
210 code = (int)strtol(arg, NULL, 10);
211 if (code < LOG_NFACILITIES) {
212 facility = code << 3;
213 }
214 }
215 if ((arg = defread_r(DEBUG_FLAGS, defp)) != NULL) {
216 pam_debug = (int)strtol(arg, NULL, 0);
217 }
218 defclose_r(defp);
219
220 log_priority |= facility;
221 }
222 }
223
224 /*
225 * pam_trace - logs tracing messages
226 *
227 * flag = debug_flags from /etc/pam_debug
228 * format and args = message to print (PAM[<pid>]: is prepended).
229 *
230 * global log_priority = pam_trace syslog (log_priority | log_facility)
231 * from /etc/pam_debug
232 */
233 /*PRINTFLIKE2*/
234 static void
pam_trace(int flag,char * format,...)235 pam_trace(int flag, char *format, ...)
236 {
237 va_list args;
238 char message[1024];
239 int savemask;
240
241 if ((pam_debug & flag) == 0)
242 return;
243
244 savemask = setlogmask(LOG_MASK(log_priority & LOG_PRIMASK));
245 (void) snprintf(message, sizeof (message), "PAM[%ld]: %s",
246 (long)getpid(), format);
247 va_start(args, format);
248 (void) vsyslog(log_priority, message, args);
249 va_end(args);
250 (void) setlogmask(savemask);
251 }
252
253 /*
254 * __pam_log - logs PAM syslog messages
255 *
256 * priority = message priority
257 * format and args = message to log
258 */
259 /*PRINTFLIKE2*/
260 void
__pam_log(int priority,const char * format,...)261 __pam_log(int priority, const char *format, ...)
262 {
263 va_list args;
264 int savemask = setlogmask(LOG_MASK(priority & LOG_PRIMASK));
265
266 va_start(args, format);
267 (void) vsyslog(priority, format, args);
268 va_end(args);
269 (void) setlogmask(savemask);
270 }
271
272
273 /*
274 * pam_XXXXX routines
275 *
276 * These are the entry points to the authentication switch
277 */
278
279 /*
280 * pam_start - initiate an authentication transaction and
281 * set parameter values to be used during the
282 * transaction
283 */
284
285 int
pam_start(const char * service,const char * user,const struct pam_conv * pam_conv,pam_handle_t ** pamh)286 pam_start(const char *service, const char *user,
287 const struct pam_conv *pam_conv, pam_handle_t **pamh)
288 {
289 int err;
290
291 *pamh = calloc(1, sizeof (struct pam_handle));
292
293 pam_settrace();
294 pam_trace(PAM_DEBUG_DEFAULT,
295 "pam_start(%s,%s,%p:%p) - debug = %x",
296 service ? service : "NULL", user ? user : "NULL", (void *)pam_conv,
297 (void *)*pamh, pam_debug);
298
299 if (*pamh == NULL)
300 return (PAM_BUF_ERR);
301
302 (*pamh)->pam_inmodule = RO_OK; /* OK to set RO items */
303 if ((err = pam_set_item(*pamh, PAM_SERVICE, (void *)service))
304 != PAM_SUCCESS) {
305 clean_up(*pamh);
306 *pamh = NULL;
307 return (err);
308 }
309
310 if ((err = pam_set_item(*pamh, PAM_USER, (void *)user))
311 != PAM_SUCCESS) {
312 clean_up(*pamh);
313 *pamh = NULL;
314 return (err);
315 }
316
317 if ((err = pam_set_item(*pamh, PAM_CONV, (void *)pam_conv))
318 != PAM_SUCCESS) {
319 clean_up(*pamh);
320 *pamh = NULL;
321 return (err);
322 }
323
324 (*pamh)->pam_inmodule = RW_OK;
325 return (PAM_SUCCESS);
326 }
327
328 /*
329 * pam_end - terminate an authentication transaction
330 */
331
332 int
pam_end(pam_handle_t * pamh,int pam_status)333 pam_end(pam_handle_t *pamh, int pam_status)
334 {
335 struct pam_module_data *psd, *p;
336 fd_list *expired;
337 fd_list *traverse;
338 env_list *env_expired;
339 env_list *env_traverse;
340
341 pam_trace(PAM_DEBUG_DEFAULT,
342 "pam_end(%p): status = %s", (void *)pamh,
343 pam_strerror(pamh, pam_status));
344
345 if (pamh == NULL)
346 return (PAM_SYSTEM_ERR);
347
348 /* call the cleanup routines for module specific data */
349
350 psd = pamh->ssd;
351 while (psd) {
352 if (psd->cleanup) {
353 psd->cleanup(pamh, psd->data, pam_status);
354 }
355 p = psd;
356 psd = p->next;
357 free(p->module_data_name);
358 free(p);
359 }
360 pamh->ssd = NULL;
361
362 /* dlclose all module fds */
363 traverse = pamh->fd;
364 while (traverse) {
365 expired = traverse;
366 traverse = traverse->next;
367 (void) dlclose(expired->mh);
368 free(expired);
369 }
370 pamh->fd = 0;
371
372 /* remove all environment variables */
373 env_traverse = pamh->pam_env;
374 while (env_traverse) {
375 env_expired = env_traverse;
376 env_traverse = env_traverse->next;
377 free_env(env_expired);
378 }
379
380 clean_up(pamh);
381 return (PAM_SUCCESS);
382 }
383
384 /*
385 * pam_set_item - set the value of a parameter that can be
386 * retrieved via a call to pam_get_item()
387 */
388
389 int
pam_set_item(pam_handle_t * pamh,int item_type,const void * item)390 pam_set_item(pam_handle_t *pamh, int item_type, const void *item)
391 {
392 struct pam_item *pip;
393 int size;
394 char iname_buf[PAM_MAX_MSG_SIZE];
395
396 if (((pam_debug & PAM_DEBUG_ITEM) == 0) || (pamh == NULL)) {
397 pam_trace(PAM_DEBUG_DEFAULT,
398 "pam_set_item(%p:%s)", (void *)pamh,
399 pam_trace_iname(item_type, iname_buf));
400 }
401
402 if (pamh == NULL)
403 return (PAM_SYSTEM_ERR);
404
405 /* check read only items */
406 if ((item_type == PAM_SERVICE) && (pamh->pam_inmodule != RO_OK))
407 return (PAM_PERM_DENIED);
408
409 /*
410 * Check that item_type is within valid range
411 */
412
413 if (item_type <= 0 || item_type >= PAM_MAX_ITEMS)
414 return (PAM_SYMBOL_ERR);
415
416 pip = &(pamh->ps_item[item_type]);
417
418 switch (item_type) {
419 case PAM_AUTHTOK:
420 case PAM_OLDAUTHTOK:
421 if (pip->pi_addr != NULL)
422 (void) memset(pip->pi_addr, 0, pip->pi_size);
423 /*FALLTHROUGH*/
424 case PAM_SERVICE:
425 case PAM_USER:
426 case PAM_TTY:
427 case PAM_RHOST:
428 case PAM_RUSER:
429 case PAM_USER_PROMPT:
430 case PAM_RESOURCE:
431 case PAM_AUSER:
432 if (pip->pi_addr != NULL) {
433 free(pip->pi_addr);
434 }
435
436 if (item == NULL) {
437 pip->pi_addr = NULL;
438 pip->pi_size = 0;
439 } else {
440 pip->pi_addr = strdup((char *)item);
441 if (pip->pi_addr == NULL) {
442 pip->pi_size = 0;
443 return (PAM_BUF_ERR);
444 }
445 pip->pi_size = strlen(pip->pi_addr);
446 }
447 break;
448 case PAM_CONV:
449 if (pip->pi_addr != NULL)
450 free(pip->pi_addr);
451 size = sizeof (struct pam_conv);
452 if ((pip->pi_addr = calloc(1, size)) == NULL)
453 return (PAM_BUF_ERR);
454 if (item != NULL)
455 (void) memcpy(pip->pi_addr, item, (unsigned int) size);
456 else
457 (void) memset(pip->pi_addr, 0, size);
458 pip->pi_size = size;
459 break;
460 case PAM_REPOSITORY:
461 if (pip->pi_addr != NULL) {
462 pam_repository_t *auth_rep;
463
464 auth_rep = (pam_repository_t *)pip->pi_addr;
465 if (auth_rep->type != NULL)
466 free(auth_rep->type);
467 if (auth_rep->scope != NULL)
468 free(auth_rep->scope);
469 free(auth_rep);
470 }
471 if (item != NULL) {
472 pam_repository_t *s, *d;
473
474 size = sizeof (struct pam_repository);
475 pip->pi_addr = calloc(1, size);
476 if (pip->pi_addr == NULL)
477 return (PAM_BUF_ERR);
478
479 s = (struct pam_repository *)item;
480 d = (struct pam_repository *)pip->pi_addr;
481
482 d->type = strdup(s->type);
483 if (d->type == NULL)
484 return (PAM_BUF_ERR);
485 d->scope = malloc(s->scope_len);
486 if (d->scope == NULL)
487 return (PAM_BUF_ERR);
488 (void) memcpy(d->scope, s->scope, s->scope_len);
489 d->scope_len = s->scope_len;
490 }
491 pip->pi_size = size;
492 break;
493 default:
494 return (PAM_SYMBOL_ERR);
495 }
496 switch (item_type) {
497 case PAM_CONV:
498 pam_trace(PAM_DEBUG_ITEM, "pam_set_item(%p:%s)=%p",
499 (void *)pamh,
500 pam_trace_iname(item_type, iname_buf),
501 item ? (void *)((struct pam_conv *)item)->conv :
502 (void *)0);
503 break;
504 case PAM_REPOSITORY:
505 pam_trace(PAM_DEBUG_ITEM, "pam_set_item(%p:%s)=%s",
506 (void *)pamh,
507 pam_trace_iname(item_type, iname_buf),
508 item ? (((struct pam_repository *)item)->type ?
509 ((struct pam_repository *)item)->type : "NULL") :
510 "NULL");
511 break;
512 case PAM_AUTHTOK:
513 case PAM_OLDAUTHTOK:
514 #ifdef DEBUG
515 if (pam_debug & PAM_DEBUG_AUTHTOK)
516 pam_trace(PAM_DEBUG_ITEM,
517 "pam_set_item(%p:%s)=%s", (void *)pamh,
518 pam_trace_iname(item_type, iname_buf),
519 item ? (char *)item : "NULL");
520 else
521 #endif /* DEBUG */
522 pam_trace(PAM_DEBUG_ITEM,
523 "pam_set_item(%p:%s)=%s", (void *)pamh,
524 pam_trace_iname(item_type, iname_buf),
525 item ? "********" : "NULL");
526 break;
527 default:
528 pam_trace(PAM_DEBUG_ITEM, "pam_set_item(%p:%s)=%s",
529 (void *)pamh,
530 pam_trace_iname(item_type, iname_buf),
531 item ? (char *)item : "NULL");
532 }
533
534 return (PAM_SUCCESS);
535 }
536
537 /*
538 * pam_get_item - read the value of a parameter specified in
539 * the call to pam_set_item()
540 */
541
542 int
pam_get_item(const pam_handle_t * pamh,int item_type,void ** item)543 pam_get_item(const pam_handle_t *pamh, int item_type, void **item)
544 {
545 struct pam_item *pip;
546 char iname_buf[PAM_MAX_MSG_SIZE];
547
548 if (((pam_debug & PAM_DEBUG_ITEM) == 0) || (pamh == NULL)) {
549 pam_trace(PAM_DEBUG_ITEM, "pam_get_item(%p:%s)",
550 (void *)pamh, pam_trace_iname(item_type, iname_buf));
551 }
552
553 if (pamh == NULL)
554 return (PAM_SYSTEM_ERR);
555
556 if (item_type <= 0 || item_type >= PAM_MAX_ITEMS)
557 return (PAM_SYMBOL_ERR);
558
559 if ((pamh->pam_inmodule != WO_OK) &&
560 ((item_type == PAM_AUTHTOK || item_type == PAM_OLDAUTHTOK))) {
561 __pam_log(LOG_AUTH | LOG_NOTICE, "pam_get_item(%s) called from "
562 "a non module context",
563 pam_trace_iname(item_type, iname_buf));
564 return (PAM_PERM_DENIED);
565 }
566
567 pip = (struct pam_item *)&(pamh->ps_item[item_type]);
568
569 *item = pip->pi_addr;
570 switch (item_type) {
571 case PAM_CONV:
572 pam_trace(PAM_DEBUG_ITEM, "pam_get_item(%p:%s)=%p",
573 (void *)pamh,
574 pam_trace_iname(item_type, iname_buf),
575 (void *)((struct pam_conv *)*item)->conv);
576 break;
577 case PAM_REPOSITORY:
578 pam_trace(PAM_DEBUG_ITEM, "pam_get_item(%p:%s)=%s",
579 (void *)pamh,
580 pam_trace_iname(item_type, iname_buf),
581 *item ? (((struct pam_repository *)*item)->type ?
582 ((struct pam_repository *)*item)->type : "NULL") :
583 "NULL");
584 break;
585 case PAM_AUTHTOK:
586 case PAM_OLDAUTHTOK:
587 #ifdef DEBUG
588 if (pam_debug & PAM_DEBUG_AUTHTOK)
589 pam_trace(PAM_DEBUG_ITEM,
590 "pam_get_item(%p:%s)=%s", (void *)pamh,
591 pam_trace_iname(item_type, iname_buf),
592 *item ? *(char **)item : "NULL");
593 else
594 #endif /* DEBUG */
595 pam_trace(PAM_DEBUG_ITEM,
596 "pam_get_item(%p:%s)=%s", (void *)pamh,
597 pam_trace_iname(item_type, iname_buf),
598 *item ? "********" : "NULL");
599 break;
600 default:
601 pam_trace(PAM_DEBUG_ITEM, "pam_get_item(%p:%s)=%s",
602 (void *)pamh,
603 pam_trace_iname(item_type, iname_buf),
604 *item ? *(char **)item : "NULL");
605 }
606
607 return (PAM_SUCCESS);
608 }
609
610 /*
611 * parse_user_name - process the user response: ignore
612 * '\t' or ' ' before or after a user name.
613 * user_input is a null terminated string.
614 * *ret_username will be the user name.
615 */
616
617 static int
parse_user_name(char * user_input,char ** ret_username)618 parse_user_name(char *user_input, char **ret_username)
619 {
620 register char *ptr;
621 register int index = 0;
622 char username[PAM_MAX_RESP_SIZE];
623
624 /* Set the default value for *ret_username */
625 *ret_username = NULL;
626
627 /*
628 * Set the initial value for username - this is a buffer holds
629 * the user name.
630 */
631 bzero((void *)username, PAM_MAX_RESP_SIZE);
632
633 /*
634 * The user_input is guaranteed to be terminated by a null character.
635 */
636 ptr = user_input;
637
638 /* Skip all the leading whitespaces if there are any. */
639 while ((*ptr == ' ') || (*ptr == '\t'))
640 ptr++;
641
642 if (*ptr == '\0') {
643 /*
644 * We should never get here since the user_input we got
645 * in pam_get_user() is not all whitespaces nor just "\0".
646 */
647 return (PAM_BUF_ERR);
648 }
649
650 /*
651 * username will be the first string we get from user_input
652 * - we skip leading whitespaces and ignore trailing whitespaces
653 */
654 while (*ptr != '\0') {
655 if ((*ptr == ' ') || (*ptr == '\t'))
656 break;
657 else {
658 username[index] = *ptr;
659 index++;
660 ptr++;
661 }
662 }
663
664 /* ret_username will be freed in pam_get_user(). */
665 if ((*ret_username = malloc(index + 1)) == NULL)
666 return (PAM_BUF_ERR);
667 (void) strcpy(*ret_username, username);
668 return (PAM_SUCCESS);
669 }
670
671 /*
672 * Get the value of PAM_USER. If not set, then use the convenience function
673 * to prompt for the user. Use prompt if specified, else use PAM_USER_PROMPT
674 * if it is set, else use default.
675 */
676 #define WHITESPACE 0
677 #define USERNAME 1
678
679 int
pam_get_user(pam_handle_t * pamh,char ** user,const char * prompt_override)680 pam_get_user(pam_handle_t *pamh, char **user, const char *prompt_override)
681 {
682 int status;
683 char *prompt = NULL;
684 char *real_username;
685 struct pam_response *ret_resp = NULL;
686 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
687
688 pam_trace(PAM_DEBUG_DEFAULT,
689 "pam_get_user(%p, %p, %s)", (void *)pamh, (void *)*user,
690 prompt_override ? prompt_override : "NULL");
691 if (pamh == NULL)
692 return (PAM_SYSTEM_ERR);
693
694 if ((status = pam_get_item(pamh, PAM_USER, (void **)user))
695 != PAM_SUCCESS) {
696 return (status);
697 }
698
699 /* if the user is set, return it */
700
701 if (*user != NULL && *user[0] != '\0') {
702 return (PAM_SUCCESS);
703 }
704
705 /*
706 * if the module is requesting a special prompt, use it.
707 * else use PAM_USER_PROMPT.
708 */
709
710 if (prompt_override != NULL) {
711 prompt = (char *)prompt_override;
712 } else {
713 status = pam_get_item(pamh, PAM_USER_PROMPT, (void**)&prompt);
714 if (status != PAM_SUCCESS) {
715 return (status);
716 }
717 }
718
719 /* if the prompt is not set, use default */
720
721 if (prompt == NULL || prompt[0] == '\0') {
722 prompt = dgettext(TEXT_DOMAIN, "Please enter user name: ");
723 }
724
725 /* prompt for the user */
726
727 (void) strncpy(messages[0], prompt, sizeof (messages[0]));
728
729 for (;;) {
730 int state = WHITESPACE;
731
732 status = do_conv(pamh, PAM_PROMPT_ECHO_ON, 1, messages,
733 NULL, &ret_resp);
734
735 if (status != PAM_SUCCESS) {
736 return (status);
737 }
738
739 if (ret_resp->resp && ret_resp->resp[0] != '\0') {
740 int len = strlen(ret_resp->resp);
741 int i;
742
743 for (i = 0; i < len; i++) {
744 if ((ret_resp->resp[i] != ' ') &&
745 (ret_resp->resp[i] != '\t')) {
746 state = USERNAME;
747 break;
748 }
749 }
750
751 if (state == USERNAME)
752 break;
753 }
754 /* essentially empty response, try again */
755 free_resp(1, ret_resp);
756 ret_resp = NULL;
757 }
758
759 /* set PAM_USER */
760 /* Parse the user input to get the user name. */
761 status = parse_user_name(ret_resp->resp, &real_username);
762
763 if (status != PAM_SUCCESS) {
764 if (real_username != NULL)
765 free(real_username);
766 free_resp(1, ret_resp);
767 return (status);
768 }
769
770 status = pam_set_item(pamh, PAM_USER, real_username);
771
772 free(real_username);
773
774 free_resp(1, ret_resp);
775 if (status != PAM_SUCCESS) {
776 return (status);
777 }
778
779 /*
780 * finally, get PAM_USER. We have to call pam_get_item to get
781 * the value of user because pam_set_item mallocs the memory.
782 */
783
784 status = pam_get_item(pamh, PAM_USER, (void**)user);
785 return (status);
786 }
787
788 /*
789 * Set module specific data
790 */
791
792 int
pam_set_data(pam_handle_t * pamh,const char * module_data_name,void * data,void (* cleanup)(pam_handle_t * pamh,void * data,int pam_end_status))793 pam_set_data(pam_handle_t *pamh, const char *module_data_name, void *data,
794 void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status))
795 {
796 struct pam_module_data *psd;
797
798 pam_trace(PAM_DEBUG_DATA,
799 "pam_set_data(%p:%s:%d)=%p", (void *)pamh,
800 module_data_name ? module_data_name : "NULL", pamh->pam_inmodule,
801 data);
802 if (pamh == NULL || (pamh->pam_inmodule != WO_OK) ||
803 module_data_name == NULL) {
804 return (PAM_SYSTEM_ERR);
805 }
806
807 /* check if module data already exists */
808
809 for (psd = pamh->ssd; psd; psd = psd->next) {
810 if (strcmp(psd->module_data_name, module_data_name) == 0) {
811 /* clean up original data before setting the new data */
812 if (psd->cleanup) {
813 psd->cleanup(pamh, psd->data, PAM_SUCCESS);
814 }
815 psd->data = (void *)data;
816 psd->cleanup = cleanup;
817 return (PAM_SUCCESS);
818 }
819 }
820
821 psd = malloc(sizeof (struct pam_module_data));
822 if (psd == NULL)
823 return (PAM_BUF_ERR);
824
825 psd->module_data_name = strdup(module_data_name);
826 if (psd->module_data_name == NULL) {
827 free(psd);
828 return (PAM_BUF_ERR);
829 }
830
831 psd->data = (void *)data;
832 psd->cleanup = cleanup;
833 psd->next = pamh->ssd;
834 pamh->ssd = psd;
835 return (PAM_SUCCESS);
836 }
837
838 /*
839 * get module specific data
840 */
841
842 int
pam_get_data(const pam_handle_t * pamh,const char * module_data_name,const void ** data)843 pam_get_data(const pam_handle_t *pamh, const char *module_data_name,
844 const void **data)
845 {
846 struct pam_module_data *psd;
847
848 if (pamh == NULL || (pamh->pam_inmodule != WO_OK) ||
849 module_data_name == NULL) {
850 pam_trace(PAM_DEBUG_DATA,
851 "pam_get_data(%p:%s:%d)=%p", (void *)pamh,
852 module_data_name ? module_data_name : "NULL",
853 pamh->pam_inmodule, *data);
854 return (PAM_SYSTEM_ERR);
855 }
856
857 for (psd = pamh->ssd; psd; psd = psd->next) {
858 if (strcmp(psd->module_data_name, module_data_name) == 0) {
859 *data = psd->data;
860 pam_trace(PAM_DEBUG_DATA,
861 "pam_get_data(%p:%s)=%p", (void *)pamh,
862 module_data_name, *data);
863 return (PAM_SUCCESS);
864 }
865 }
866 pam_trace(PAM_DEBUG_DATA,
867 "pam_get_data(%p:%s)=%s", (void *)pamh, module_data_name,
868 "PAM_NO_MODULE_DATA");
869
870 return (PAM_NO_MODULE_DATA);
871 }
872
873 /*
874 * PAM equivalent to strerror()
875 */
876 /* ARGSUSED */
877 const char *
pam_strerror(pam_handle_t * pamh,int errnum)878 pam_strerror(pam_handle_t *pamh, int errnum)
879 {
880 switch (errnum) {
881 case PAM_SUCCESS:
882 return (dgettext(TEXT_DOMAIN, "Success"));
883 case PAM_OPEN_ERR:
884 return (dgettext(TEXT_DOMAIN, "Dlopen failure"));
885 case PAM_SYMBOL_ERR:
886 return (dgettext(TEXT_DOMAIN, "Symbol not found"));
887 case PAM_SERVICE_ERR:
888 return (dgettext(TEXT_DOMAIN,
889 "Error in underlying service module"));
890 case PAM_SYSTEM_ERR:
891 return (dgettext(TEXT_DOMAIN, "System error"));
892 case PAM_BUF_ERR:
893 return (dgettext(TEXT_DOMAIN, "Memory buffer error"));
894 case PAM_CONV_ERR:
895 return (dgettext(TEXT_DOMAIN, "Conversation failure"));
896 case PAM_PERM_DENIED:
897 return (dgettext(TEXT_DOMAIN, "Permission denied"));
898 case PAM_MAXTRIES:
899 return (dgettext(TEXT_DOMAIN,
900 "Maximum number of attempts exceeded"));
901 case PAM_AUTH_ERR:
902 return (dgettext(TEXT_DOMAIN, "Authentication failed"));
903 case PAM_NEW_AUTHTOK_REQD:
904 return (dgettext(TEXT_DOMAIN, "Get new authentication token"));
905 case PAM_CRED_INSUFFICIENT:
906 return (dgettext(TEXT_DOMAIN, "Insufficient credentials"));
907 case PAM_AUTHINFO_UNAVAIL:
908 return (dgettext(TEXT_DOMAIN,
909 "Can not retrieve authentication info"));
910 case PAM_USER_UNKNOWN:
911 return (dgettext(TEXT_DOMAIN, "No account present for user"));
912 case PAM_CRED_UNAVAIL:
913 return (dgettext(TEXT_DOMAIN,
914 "Can not retrieve user credentials"));
915 case PAM_CRED_EXPIRED:
916 return (dgettext(TEXT_DOMAIN,
917 "User credentials have expired"));
918 case PAM_CRED_ERR:
919 return (dgettext(TEXT_DOMAIN,
920 "Failure setting user credentials"));
921 case PAM_ACCT_EXPIRED:
922 return (dgettext(TEXT_DOMAIN, "User account has expired"));
923 case PAM_AUTHTOK_EXPIRED:
924 return (dgettext(TEXT_DOMAIN, "User password has expired"));
925 case PAM_SESSION_ERR:
926 return (dgettext(TEXT_DOMAIN,
927 "Can not make/remove entry for session"));
928 case PAM_AUTHTOK_ERR:
929 return (dgettext(TEXT_DOMAIN,
930 "Authentication token manipulation error"));
931 case PAM_AUTHTOK_RECOVERY_ERR:
932 return (dgettext(TEXT_DOMAIN,
933 "Authentication token can not be recovered"));
934 case PAM_AUTHTOK_LOCK_BUSY:
935 return (dgettext(TEXT_DOMAIN,
936 "Authentication token lock busy"));
937 case PAM_AUTHTOK_DISABLE_AGING:
938 return (dgettext(TEXT_DOMAIN,
939 "Authentication token aging disabled"));
940 case PAM_NO_MODULE_DATA:
941 return (dgettext(TEXT_DOMAIN,
942 "Module specific data not found"));
943 case PAM_IGNORE:
944 return (dgettext(TEXT_DOMAIN, "Ignore module"));
945 case PAM_ABORT:
946 return (dgettext(TEXT_DOMAIN, "General PAM failure "));
947 case PAM_TRY_AGAIN:
948 return (dgettext(TEXT_DOMAIN,
949 "Unable to complete operation. Try again"));
950 default:
951 return (dgettext(TEXT_DOMAIN, "Unknown error"));
952 }
953 }
954
955 static void *
sm_name(int ind)956 sm_name(int ind)
957 {
958 switch (ind) {
959 case PAM_AUTHENTICATE:
960 return (PAM_SM_AUTHENTICATE);
961 case PAM_SETCRED:
962 return (PAM_SM_SETCRED);
963 case PAM_ACCT_MGMT:
964 return (PAM_SM_ACCT_MGMT);
965 case PAM_OPEN_SESSION:
966 return (PAM_SM_OPEN_SESSION);
967 case PAM_CLOSE_SESSION:
968 return (PAM_SM_CLOSE_SESSION);
969 case PAM_CHAUTHTOK:
970 return (PAM_SM_CHAUTHTOK);
971 }
972 return (NULL);
973 }
974
975 static int
func(pamtab_t * modulep,int ind)976 (*func(pamtab_t *modulep, int ind))()
977 {
978 void *funcp;
979
980 if ((funcp = modulep->function_ptr) == NULL)
981 return (NULL);
982
983 switch (ind) {
984 case PAM_AUTHENTICATE:
985 return (((struct auth_module *)funcp)->pam_sm_authenticate);
986 case PAM_SETCRED:
987 return (((struct auth_module *)funcp)->pam_sm_setcred);
988 case PAM_ACCT_MGMT:
989 return (((struct account_module *)funcp)->pam_sm_acct_mgmt);
990 case PAM_OPEN_SESSION:
991 return (((struct session_module *)funcp)->pam_sm_open_session);
992 case PAM_CLOSE_SESSION:
993 return (((struct session_module *)funcp)->pam_sm_close_session);
994 case PAM_CHAUTHTOK:
995 return (((struct password_module *)funcp)->pam_sm_chauthtok);
996 }
997 return (NULL);
998 }
999
1000 /*
1001 * Run through the PAM service module stack for the given module type.
1002 */
1003 static int
run_stack(pam_handle_t * pamh,int flags,int type,int def_err,int ind,char * function_name)1004 run_stack(pam_handle_t *pamh, int flags, int type, int def_err, int ind,
1005 char *function_name)
1006 {
1007 int err = PAM_SYSTEM_ERR; /* preset */
1008 int optional_error = 0;
1009 int required_error = 0;
1010 int success = 0;
1011 pamtab_t *modulep;
1012 int (*sm_func)();
1013
1014 if (pamh == NULL)
1015 return (PAM_SYSTEM_ERR);
1016
1017 /* read initial entries from pam.conf */
1018 if ((err = read_pam_conf(pamh, PAM_CONFIG)) != PAM_SUCCESS) {
1019 return (err);
1020 }
1021
1022 if ((modulep =
1023 pamh->pam_conf_info[pamh->include_depth][type]) == NULL) {
1024 __pam_log(LOG_AUTH | LOG_ERR, "%s no initial module present",
1025 pam_trace_cname(pamh));
1026 goto exit_return;
1027 }
1028
1029 pamh->pam_inmodule = WO_OK; /* OK to get AUTHTOK */
1030 include:
1031 pam_trace(PAM_DEBUG_MODULE,
1032 "[%d:%s]:run_stack:%s(%p, %x): %s", pamh->include_depth,
1033 pam_trace_cname(pamh), function_name, (void *)pamh, flags,
1034 modulep ? modulep->module_path : "NULL");
1035
1036 while (modulep != NULL) {
1037 if (modulep->pam_flag & PAM_INCLUDE) {
1038 /* save the return location */
1039 pamh->pam_conf_modulep[pamh->include_depth] =
1040 modulep->next;
1041 pam_trace(PAM_DEBUG_MODULE,
1042 "setting for include[%d:%p]",
1043 pamh->include_depth, (void *)modulep->next);
1044 if (pamh->include_depth++ >= PAM_MAX_INCLUDE) {
1045 __pam_log(LOG_AUTH | LOG_ERR,
1046 "run_stack: includes too deep %d "
1047 "found trying to include %s from %s, %d "
1048 "allowed", pamh->include_depth,
1049 modulep->module_path, pamh->pam_conf_name
1050 [PAM_MAX_INCLUDE] == NULL ? "NULL" :
1051 pamh->pam_conf_name[PAM_MAX_INCLUDE],
1052 PAM_MAX_INCLUDE);
1053 goto exit_return;
1054 }
1055 if ((err = read_pam_conf(pamh,
1056 modulep->module_path)) != PAM_SUCCESS) {
1057 __pam_log(LOG_AUTH | LOG_ERR,
1058 "run_stack[%d:%s]: can't read included "
1059 "conf %s", pamh->include_depth,
1060 pam_trace_cname(pamh),
1061 modulep->module_path);
1062 goto exit_return;
1063 }
1064 if ((modulep = pamh->pam_conf_info
1065 [pamh->include_depth][type]) == NULL) {
1066 __pam_log(LOG_AUTH | LOG_ERR,
1067 "run_stack[%d:%s]: no include module "
1068 "present %s", pamh->include_depth,
1069 pam_trace_cname(pamh), function_name);
1070 goto exit_return;
1071 }
1072 if (modulep->pam_flag & PAM_INCLUDE) {
1073 /* first line another include */
1074 goto include;
1075 }
1076 pam_trace(PAM_DEBUG_DEFAULT, "include[%d:%s]"
1077 "(%p, %s)=%s", pamh->include_depth,
1078 pam_trace_cname(pamh), (void *)pamh,
1079 function_name, modulep->module_path);
1080 if ((err = load_modules(pamh, type, sm_name(ind),
1081 pamh->pam_conf_info
1082 [pamh->include_depth][type])) != PAM_SUCCESS) {
1083 pam_trace(PAM_DEBUG_DEFAULT,
1084 "[%d:%s]:%s(%p, %x): load_modules failed",
1085 pamh->include_depth, pam_trace_cname(pamh),
1086 function_name, (void *)pamh, flags);
1087 goto exit_return;
1088 }
1089 if ((modulep = pamh->pam_conf_info
1090 [pamh->include_depth][type]) == NULL) {
1091 __pam_log(LOG_AUTH | LOG_ERR,
1092 "%s no initial module present",
1093 pam_trace_cname(pamh));
1094 goto exit_return;
1095 }
1096 } else if ((err = load_modules(pamh, type, sm_name(ind),
1097 modulep)) != PAM_SUCCESS) {
1098 pam_trace(PAM_DEBUG_DEFAULT,
1099 "[%d:%s]:%s(%p, %x): load_modules failed",
1100 pamh->include_depth, pam_trace_cname(pamh),
1101 function_name, (void *)pamh, flags);
1102 goto exit_return;
1103 } /* PAM_INCLUDE */
1104 sm_func = func(modulep, ind);
1105 if (sm_func) {
1106 err = sm_func(pamh, flags, modulep->module_argc,
1107 (const char **)modulep->module_argv);
1108
1109 pam_trace(PAM_DEBUG_MODULE,
1110 "[%d:%s]:%s(%p, %x): %s returned %s",
1111 pamh->include_depth, pam_trace_cname(pamh),
1112 function_name, (void *)pamh, flags,
1113 modulep->module_path, pam_strerror(pamh, err));
1114
1115 switch (err) {
1116 case PAM_IGNORE:
1117 /* do nothing */
1118 break;
1119 case PAM_SUCCESS:
1120 if ((modulep->pam_flag & PAM_SUFFI_BIND) &&
1121 !required_error) {
1122 pamh->pam_inmodule = RW_OK;
1123 pam_trace(PAM_DEBUG_MODULE,
1124 "[%d:%s]:%s(%p, %x): %s: success",
1125 pamh->include_depth,
1126 pam_trace_cname(pamh),
1127 function_name, (void *)pamh, flags,
1128 (modulep->pam_flag & PAM_BINDING) ?
1129 PAM_BINDING_NAME :
1130 PAM_SUFFICIENT_NAME);
1131 goto exit_return;
1132 }
1133 success = 1;
1134 break;
1135 case PAM_TRY_AGAIN:
1136 /*
1137 * We need to return immediately, and
1138 * we shouldn't reset the AUTHTOK item
1139 * since it is not an error per-se.
1140 */
1141 pamh->pam_inmodule = RW_OK;
1142 pam_trace(PAM_DEBUG_MODULE,
1143 "[%d:%s]:%s(%p, %x): TRY_AGAIN: %s",
1144 pamh->include_depth, pam_trace_cname(pamh),
1145 function_name, (void *)pamh, flags,
1146 pam_strerror(pamh, required_error ?
1147 required_error : err));
1148 err = required_error ? required_error : err;
1149 goto exit_return;
1150 default:
1151 if (modulep->pam_flag & PAM_REQUISITE) {
1152 pamh->pam_inmodule = RW_OK;
1153 pam_trace(PAM_DEBUG_MODULE,
1154 "[%d:%s]:%s(%p, %x): requisite: %s",
1155 pamh->include_depth,
1156 pam_trace_cname(pamh),
1157 function_name, (void *)pamh, flags,
1158 pam_strerror(pamh,
1159 required_error ? required_error :
1160 err));
1161 err = required_error ?
1162 required_error : err;
1163 goto exit_return;
1164 } else if (modulep->pam_flag & PAM_REQRD_BIND) {
1165 if (!required_error)
1166 required_error = err;
1167 } else {
1168 if (!optional_error)
1169 optional_error = err;
1170 }
1171 pam_trace(PAM_DEBUG_DEFAULT,
1172 "[%d:%s]:%s(%p, %x): error %s",
1173 pamh->include_depth, pam_trace_cname(pamh),
1174 function_name, (void *)pamh, flags,
1175 pam_strerror(pamh, err));
1176 break;
1177 }
1178 }
1179 modulep = modulep->next;
1180 }
1181
1182 pam_trace(PAM_DEBUG_MODULE, "[%d:%s]:stack_end:%s(%p, %x): %s %s: %s",
1183 pamh->include_depth, pam_trace_cname(pamh), function_name,
1184 (void *)pamh, flags, pamh->include_depth ? "included" : "final",
1185 required_error ? "required" : success ? "success" :
1186 optional_error ? "optional" : "default",
1187 pam_strerror(pamh, required_error ? required_error :
1188 success ? PAM_SUCCESS : optional_error ? optional_error : def_err));
1189 if (pamh->include_depth > 0) {
1190 free_pam_conf_info(pamh);
1191 pamh->include_depth--;
1192 /* continue at next entry */
1193 modulep = pamh->pam_conf_modulep[pamh->include_depth];
1194 pam_trace(PAM_DEBUG_MODULE, "looping for include[%d:%p]",
1195 pamh->include_depth, (void *)modulep);
1196 goto include;
1197 }
1198 free_pam_conf_info(pamh);
1199 pamh->pam_inmodule = RW_OK;
1200 if (required_error != 0)
1201 return (required_error);
1202 else if (success != 0)
1203 return (PAM_SUCCESS);
1204 else if (optional_error != 0)
1205 return (optional_error);
1206 else
1207 return (def_err);
1208
1209 exit_return:
1210 /*
1211 * All done at whatever depth we're at.
1212 * Go back to not having read /etc/pam.conf
1213 */
1214 while (pamh->include_depth > 0) {
1215 free_pam_conf_info(pamh);
1216 pamh->include_depth--;
1217 }
1218 free_pam_conf_info(pamh);
1219 pamh->pam_inmodule = RW_OK;
1220 return (err);
1221 }
1222
1223 /*
1224 * pam_authenticate - authenticate a user
1225 */
1226
1227 int
pam_authenticate(pam_handle_t * pamh,int flags)1228 pam_authenticate(pam_handle_t *pamh, int flags)
1229 {
1230 int retval;
1231
1232 retval = run_stack(pamh, flags, PAM_AUTH_MODULE, PAM_AUTH_ERR,
1233 PAM_AUTHENTICATE, "pam_authenticate");
1234
1235 if (retval != PAM_SUCCESS)
1236 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1237 return (retval);
1238 }
1239
1240 /*
1241 * pam_setcred - modify or retrieve user credentials
1242 */
1243
1244 int
pam_setcred(pam_handle_t * pamh,int flags)1245 pam_setcred(pam_handle_t *pamh, int flags)
1246 {
1247 int retval;
1248
1249 retval = run_stack(pamh, flags, PAM_AUTH_MODULE, PAM_CRED_ERR,
1250 PAM_SETCRED, "pam_setcred");
1251
1252 if (retval != PAM_SUCCESS)
1253 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1254 return (retval);
1255 }
1256
1257 /*
1258 * pam_acct_mgmt - check password aging, account expiration
1259 */
1260
1261 int
pam_acct_mgmt(pam_handle_t * pamh,int flags)1262 pam_acct_mgmt(pam_handle_t *pamh, int flags)
1263 {
1264 int retval;
1265
1266 retval = run_stack(pamh, flags, PAM_ACCOUNT_MODULE, PAM_ACCT_EXPIRED,
1267 PAM_ACCT_MGMT, "pam_acct_mgmt");
1268
1269 if (retval != PAM_SUCCESS &&
1270 retval != PAM_NEW_AUTHTOK_REQD) {
1271 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1272 }
1273 return (retval);
1274 }
1275
1276 /*
1277 * pam_open_session - begin session management
1278 */
1279
1280 int
pam_open_session(pam_handle_t * pamh,int flags)1281 pam_open_session(pam_handle_t *pamh, int flags)
1282 {
1283 int retval;
1284
1285 retval = run_stack(pamh, flags, PAM_SESSION_MODULE, PAM_SESSION_ERR,
1286 PAM_OPEN_SESSION, "pam_open_session");
1287
1288 if (retval != PAM_SUCCESS)
1289 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1290 return (retval);
1291 }
1292
1293 /*
1294 * pam_close_session - terminate session management
1295 */
1296
1297 int
pam_close_session(pam_handle_t * pamh,int flags)1298 pam_close_session(pam_handle_t *pamh, int flags)
1299 {
1300 int retval;
1301
1302 retval = run_stack(pamh, flags, PAM_SESSION_MODULE, PAM_SESSION_ERR,
1303 PAM_CLOSE_SESSION, "pam_close_session");
1304
1305 if (retval != PAM_SUCCESS)
1306 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1307 return (retval);
1308 }
1309
1310 /*
1311 * pam_chauthtok - change user authentication token
1312 */
1313
1314 int
pam_chauthtok(pam_handle_t * pamh,int flags)1315 pam_chauthtok(pam_handle_t *pamh, int flags)
1316 {
1317 int retval;
1318
1319 /* do not let apps use PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK */
1320 if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) {
1321 pam_trace(PAM_DEBUG_DEFAULT,
1322 "pam_chauthtok(%p, %x): %s", (void *)pamh, flags,
1323 pam_strerror(pamh, PAM_SYMBOL_ERR));
1324 return (PAM_SYMBOL_ERR);
1325 }
1326
1327 /* 1st pass: PRELIM CHECK */
1328 retval = run_stack(pamh, flags | PAM_PRELIM_CHECK, PAM_PASSWORD_MODULE,
1329 PAM_AUTHTOK_ERR, PAM_CHAUTHTOK, "pam_chauthtok-prelim");
1330
1331 if (retval == PAM_TRY_AGAIN)
1332 return (retval);
1333
1334 if (retval != PAM_SUCCESS) {
1335 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1336 return (retval);
1337 }
1338
1339 /* 2nd pass: UPDATE AUTHTOK */
1340 retval = run_stack(pamh, flags | PAM_UPDATE_AUTHTOK,
1341 PAM_PASSWORD_MODULE, PAM_AUTHTOK_ERR, PAM_CHAUTHTOK,
1342 "pam_chauthtok-update");
1343
1344 if (retval != PAM_SUCCESS)
1345 (void) pam_set_item(pamh, PAM_AUTHTOK, NULL);
1346
1347 return (retval);
1348 }
1349
1350 /*
1351 * pam_putenv - add an environment variable to the PAM handle
1352 * if name_value == 'NAME=VALUE' then set variable to the value
1353 * if name_value == 'NAME=' then set variable to an empty value
1354 * if name_value == 'NAME' then delete the variable
1355 */
1356
1357 int
pam_putenv(pam_handle_t * pamh,const char * name_value)1358 pam_putenv(pam_handle_t *pamh, const char *name_value)
1359 {
1360 int error = PAM_SYSTEM_ERR;
1361 char *equal_sign = 0;
1362 char *name = NULL, *value = NULL, *tmp_value = NULL;
1363 env_list *traverse, *trail;
1364
1365 pam_trace(PAM_DEBUG_DEFAULT,
1366 "pam_putenv(%p, %s)", (void *)pamh,
1367 name_value ? name_value : "NULL");
1368
1369 if (pamh == NULL || name_value == NULL)
1370 goto out;
1371
1372 /* see if we were passed 'NAME=VALUE', 'NAME=', or 'NAME' */
1373 if ((equal_sign = strchr(name_value, '=')) != 0) {
1374 if ((name = calloc(equal_sign - name_value + 1,
1375 sizeof (char))) == 0) {
1376 error = PAM_BUF_ERR;
1377 goto out;
1378 }
1379 (void) strncpy(name, name_value, equal_sign - name_value);
1380 if ((value = strdup(++equal_sign)) == 0) {
1381 error = PAM_BUF_ERR;
1382 goto out;
1383 }
1384 } else {
1385 if ((name = strdup(name_value)) == 0) {
1386 error = PAM_BUF_ERR;
1387 goto out;
1388 }
1389 }
1390
1391 /* check to see if we already have this variable in the PAM handle */
1392 traverse = pamh->pam_env;
1393 trail = traverse;
1394 while (traverse && strncmp(traverse->name, name, strlen(name))) {
1395 trail = traverse;
1396 traverse = traverse->next;
1397 }
1398
1399 if (traverse) {
1400 /* found a match */
1401 if (value == 0) {
1402 /* remove the env variable */
1403 if (pamh->pam_env == traverse)
1404 pamh->pam_env = traverse->next;
1405 else
1406 trail->next = traverse->next;
1407 free_env(traverse);
1408 } else if (strlen(value) == 0) {
1409 /* set env variable to empty value */
1410 if ((tmp_value = strdup("")) == 0) {
1411 error = PAM_SYSTEM_ERR;
1412 goto out;
1413 }
1414 free(traverse->value);
1415 traverse->value = tmp_value;
1416 } else {
1417 /* set the new value */
1418 if ((tmp_value = strdup(value)) == 0) {
1419 error = PAM_SYSTEM_ERR;
1420 goto out;
1421 }
1422 free(traverse->value);
1423 traverse->value = tmp_value;
1424 }
1425
1426 } else if (traverse == 0 && value) {
1427 /*
1428 * could not find a match in the PAM handle.
1429 * add the new value if there is one
1430 */
1431 if ((traverse = calloc(1, sizeof (env_list))) == 0) {
1432 error = PAM_BUF_ERR;
1433 goto out;
1434 }
1435 if ((traverse->name = strdup(name)) == 0) {
1436 free_env(traverse);
1437 error = PAM_BUF_ERR;
1438 goto out;
1439 }
1440 if ((traverse->value = strdup(value)) == 0) {
1441 free_env(traverse);
1442 error = PAM_BUF_ERR;
1443 goto out;
1444 }
1445 if (trail == 0) {
1446 /* new head of list */
1447 pamh->pam_env = traverse;
1448 } else {
1449 /* adding to end of list */
1450 trail->next = traverse;
1451 }
1452 }
1453
1454 error = PAM_SUCCESS;
1455 out:
1456 if (error != PAM_SUCCESS) {
1457 if (traverse) {
1458 if (traverse->name)
1459 free(traverse->name);
1460 if (traverse->value)
1461 free(traverse->value);
1462 free(traverse);
1463 }
1464 }
1465 if (name)
1466 free(name);
1467 if (value)
1468 free(value);
1469 return (error);
1470 }
1471
1472 /*
1473 * pam_getenv - retrieve an environment variable from the PAM handle
1474 */
1475 char *
pam_getenv(pam_handle_t * pamh,const char * name)1476 pam_getenv(pam_handle_t *pamh, const char *name)
1477 {
1478 int error = PAM_SYSTEM_ERR;
1479 env_list *traverse;
1480
1481 pam_trace(PAM_DEBUG_DEFAULT,
1482 "pam_getenv(%p, %p)", (void *)pamh, (void *)name);
1483
1484 if (pamh == NULL || name == NULL)
1485 goto out;
1486
1487 /* check to see if we already have this variable in the PAM handle */
1488 traverse = pamh->pam_env;
1489 while (traverse && strncmp(traverse->name, name, strlen(name))) {
1490 traverse = traverse->next;
1491 }
1492 error = (traverse ? PAM_SUCCESS : PAM_SYSTEM_ERR);
1493 pam_trace(PAM_DEBUG_DEFAULT,
1494 "pam_getenv(%p, %s)=%s", (void *)pamh, name,
1495 traverse ? traverse->value : "NULL");
1496 out:
1497 return (error ? NULL : strdup(traverse->value));
1498 }
1499
1500 /*
1501 * pam_getenvlist - retrieve all environment variables from the PAM handle
1502 * in a NULL terminated array. On error, return NULL.
1503 */
1504 char **
pam_getenvlist(pam_handle_t * pamh)1505 pam_getenvlist(pam_handle_t *pamh)
1506 {
1507 int error = PAM_SYSTEM_ERR;
1508 char **list = 0;
1509 int length = 0;
1510 env_list *traverse;
1511 char *tenv;
1512 size_t tenv_size;
1513
1514 pam_trace(PAM_DEBUG_DEFAULT,
1515 "pam_getenvlist(%p)", (void *)pamh);
1516
1517 if (pamh == NULL)
1518 goto out;
1519
1520 /* find out how many environment variables we have */
1521 traverse = pamh->pam_env;
1522 while (traverse) {
1523 length++;
1524 traverse = traverse->next;
1525 }
1526
1527 /* allocate the array we will return to the caller */
1528 if ((list = calloc(length + 1, sizeof (char *))) == NULL) {
1529 error = PAM_BUF_ERR;
1530 goto out;
1531 }
1532
1533 /* add the variables one by one */
1534 length = 0;
1535 traverse = pamh->pam_env;
1536 while (traverse != NULL) {
1537 tenv_size = strlen(traverse->name) +
1538 strlen(traverse->value) + 2; /* name=val\0 */
1539 if ((tenv = malloc(tenv_size)) == NULL) {
1540 error = PAM_BUF_ERR;
1541 goto out;
1542 }
1543 /*LINTED*/
1544 (void) sprintf(tenv, "%s=%s", traverse->name, traverse->value);
1545 list[length++] = tenv;
1546 traverse = traverse->next;
1547 }
1548 list[length] = NULL;
1549
1550 error = PAM_SUCCESS;
1551 out:
1552 if (error != PAM_SUCCESS) {
1553 /* free the partially constructed list */
1554 if (list) {
1555 length = 0;
1556 while (list[length] != NULL) {
1557 free(list[length]);
1558 length++;
1559 }
1560 free(list);
1561 }
1562 }
1563 return (error ? NULL : list);
1564 }
1565
1566 /*
1567 * Routines to load a requested module on demand
1568 */
1569
1570 /*
1571 * load_modules - load the requested module.
1572 * if the dlopen or dlsym fail, then
1573 * the module is ignored.
1574 */
1575
1576 static int
load_modules(pam_handle_t * pamh,int type,char * function_name,pamtab_t * pam_entry)1577 load_modules(pam_handle_t *pamh, int type, char *function_name,
1578 pamtab_t *pam_entry)
1579 {
1580 void *mh;
1581 struct auth_module *authp;
1582 struct account_module *accountp;
1583 struct session_module *sessionp;
1584 struct password_module *passwdp;
1585 int loading_functions = 0; /* are we currently loading functions? */
1586
1587 pam_trace(PAM_DEBUG_MODULE, "load_modules[%d:%s](%p, %s)=%s:%s",
1588 pamh->include_depth, pam_trace_cname(pamh), (void *)pamh,
1589 function_name, pam_trace_fname(pam_entry->pam_flag),
1590 pam_entry->module_path);
1591
1592 while (pam_entry != NULL) {
1593 pam_trace(PAM_DEBUG_DEFAULT,
1594 "while load_modules[%d:%s](%p, %s)=%s",
1595 pamh->include_depth, pam_trace_cname(pamh), (void *)pamh,
1596 function_name, pam_entry->module_path);
1597
1598 if (pam_entry->pam_flag & PAM_INCLUDE) {
1599 pam_trace(PAM_DEBUG_DEFAULT,
1600 "done load_modules[%d:%s](%p, %s)=%s",
1601 pamh->include_depth, pam_trace_cname(pamh),
1602 (void *)pamh, function_name,
1603 pam_entry->module_path);
1604 return (PAM_SUCCESS);
1605 }
1606 switch (type) {
1607 case PAM_AUTH_MODULE:
1608
1609 /* if the function has already been loaded, return */
1610 authp = pam_entry->function_ptr;
1611 if (!loading_functions &&
1612 (((strcmp(function_name, PAM_SM_AUTHENTICATE)
1613 == 0) && authp && authp->pam_sm_authenticate) ||
1614 ((strcmp(function_name, PAM_SM_SETCRED) == 0) &&
1615 authp && authp->pam_sm_setcred))) {
1616 return (PAM_SUCCESS);
1617 }
1618
1619 /* function has not been loaded yet */
1620 loading_functions = 1;
1621 if (authp == NULL) {
1622 authp = calloc(1, sizeof (struct auth_module));
1623 if (authp == NULL)
1624 return (PAM_BUF_ERR);
1625 }
1626
1627 /* if open_module fails, return error */
1628 if ((mh = open_module(pamh,
1629 pam_entry->module_path)) == NULL) {
1630 __pam_log(LOG_AUTH | LOG_ERR,
1631 "load_modules[%d:%s]: can not open module "
1632 "%s", pamh->include_depth,
1633 pam_trace_cname(pamh),
1634 pam_entry->module_path);
1635 free(authp);
1636 return (PAM_OPEN_ERR);
1637 }
1638
1639 /* load the authentication function */
1640 if (strcmp(function_name, PAM_SM_AUTHENTICATE) == 0) {
1641 if (load_function(mh, PAM_SM_AUTHENTICATE,
1642 &authp->pam_sm_authenticate)
1643 != PAM_SUCCESS) {
1644 /* return error if dlsym fails */
1645 free(authp);
1646 return (PAM_SYMBOL_ERR);
1647 }
1648
1649 /* load the setcred function */
1650 } else if (strcmp(function_name, PAM_SM_SETCRED) == 0) {
1651 if (load_function(mh, PAM_SM_SETCRED,
1652 &authp->pam_sm_setcred) != PAM_SUCCESS) {
1653 /* return error if dlsym fails */
1654 free(authp);
1655 return (PAM_SYMBOL_ERR);
1656 }
1657 }
1658 pam_entry->function_ptr = authp;
1659 break;
1660 case PAM_ACCOUNT_MODULE:
1661 accountp = pam_entry->function_ptr;
1662 if (!loading_functions &&
1663 (strcmp(function_name, PAM_SM_ACCT_MGMT) == 0) &&
1664 accountp && accountp->pam_sm_acct_mgmt) {
1665 return (PAM_SUCCESS);
1666 }
1667
1668 /*
1669 * If functions are added to the account module,
1670 * verify that one of the other functions hasn't
1671 * already loaded it. See PAM_AUTH_MODULE code.
1672 */
1673 loading_functions = 1;
1674 accountp = calloc(1, sizeof (struct account_module));
1675 if (accountp == NULL)
1676 return (PAM_BUF_ERR);
1677
1678 /* if open_module fails, return error */
1679 if ((mh = open_module(pamh,
1680 pam_entry->module_path)) == NULL) {
1681 __pam_log(LOG_AUTH | LOG_ERR,
1682 "load_modules[%d:%s]: can not open module "
1683 "%s", pamh->include_depth,
1684 pam_trace_cname(pamh),
1685 pam_entry->module_path);
1686 free(accountp);
1687 return (PAM_OPEN_ERR);
1688 }
1689
1690 if (load_function(mh, PAM_SM_ACCT_MGMT,
1691 &accountp->pam_sm_acct_mgmt) != PAM_SUCCESS) {
1692 __pam_log(LOG_AUTH | LOG_ERR,
1693 "load_modules[%d:%s]: pam_sm_acct_mgmt() "
1694 "missing", pamh->include_depth,
1695 pam_trace_cname(pamh));
1696 free(accountp);
1697 return (PAM_SYMBOL_ERR);
1698 }
1699 pam_entry->function_ptr = accountp;
1700 break;
1701 case PAM_SESSION_MODULE:
1702 sessionp = pam_entry->function_ptr;
1703 if (!loading_functions &&
1704 (((strcmp(function_name,
1705 PAM_SM_OPEN_SESSION) == 0) &&
1706 sessionp && sessionp->pam_sm_open_session) ||
1707 ((strcmp(function_name,
1708 PAM_SM_CLOSE_SESSION) == 0) &&
1709 sessionp && sessionp->pam_sm_close_session))) {
1710 return (PAM_SUCCESS);
1711 }
1712
1713 loading_functions = 1;
1714 if (sessionp == NULL) {
1715 sessionp = calloc(1,
1716 sizeof (struct session_module));
1717 if (sessionp == NULL)
1718 return (PAM_BUF_ERR);
1719 }
1720
1721 /* if open_module fails, return error */
1722 if ((mh = open_module(pamh,
1723 pam_entry->module_path)) == NULL) {
1724 __pam_log(LOG_AUTH | LOG_ERR,
1725 "load_modules[%d:%s]: can not open module "
1726 "%s", pamh->include_depth,
1727 pam_trace_cname(pamh),
1728 pam_entry->module_path);
1729 free(sessionp);
1730 return (PAM_OPEN_ERR);
1731 }
1732
1733 if ((strcmp(function_name, PAM_SM_OPEN_SESSION) == 0) &&
1734 load_function(mh, PAM_SM_OPEN_SESSION,
1735 &sessionp->pam_sm_open_session) != PAM_SUCCESS) {
1736 free(sessionp);
1737 return (PAM_SYMBOL_ERR);
1738 } else if ((strcmp(function_name,
1739 PAM_SM_CLOSE_SESSION) == 0) &&
1740 load_function(mh, PAM_SM_CLOSE_SESSION,
1741 &sessionp->pam_sm_close_session) != PAM_SUCCESS) {
1742 free(sessionp);
1743 return (PAM_SYMBOL_ERR);
1744 }
1745 pam_entry->function_ptr = sessionp;
1746 break;
1747 case PAM_PASSWORD_MODULE:
1748 passwdp = pam_entry->function_ptr;
1749 if (!loading_functions &&
1750 (strcmp(function_name, PAM_SM_CHAUTHTOK) == 0) &&
1751 passwdp && passwdp->pam_sm_chauthtok) {
1752 return (PAM_SUCCESS);
1753 }
1754
1755 /*
1756 * If functions are added to the password module,
1757 * verify that one of the other functions hasn't
1758 * already loaded it. See PAM_AUTH_MODULE code.
1759 */
1760 loading_functions = 1;
1761 passwdp = calloc(1, sizeof (struct password_module));
1762 if (passwdp == NULL)
1763 return (PAM_BUF_ERR);
1764
1765 /* if open_module fails, continue */
1766 if ((mh = open_module(pamh,
1767 pam_entry->module_path)) == NULL) {
1768 __pam_log(LOG_AUTH | LOG_ERR,
1769 "load_modules[%d:%s]: can not open module "
1770 "%s", pamh->include_depth,
1771 pam_trace_cname(pamh),
1772 pam_entry->module_path);
1773 free(passwdp);
1774 return (PAM_OPEN_ERR);
1775 }
1776
1777 if (load_function(mh, PAM_SM_CHAUTHTOK,
1778 &passwdp->pam_sm_chauthtok) != PAM_SUCCESS) {
1779 free(passwdp);
1780 return (PAM_SYMBOL_ERR);
1781 }
1782 pam_entry->function_ptr = passwdp;
1783 break;
1784 default:
1785 pam_trace(PAM_DEBUG_DEFAULT,
1786 "load_modules[%d:%s](%p, %s): unsupported type %d",
1787 pamh->include_depth, pam_trace_cname(pamh),
1788 (void *)pamh, function_name, type);
1789 break;
1790 }
1791
1792 pam_entry = pam_entry->next;
1793 } /* while */
1794
1795 pam_trace(PAM_DEBUG_MODULE, "load_modules[%d:%s](%p, %s)=done",
1796 pamh->include_depth, pam_trace_cname(pamh), (void *)pamh,
1797 function_name);
1798
1799 return (PAM_SUCCESS);
1800 }
1801
1802 /*
1803 * open_module - Open the module first checking for
1804 * propers modes and ownerships on the file.
1805 */
1806
1807 static void *
open_module(pam_handle_t * pamh,char * module_so)1808 open_module(pam_handle_t *pamh, char *module_so)
1809 {
1810 struct stat64 stb;
1811 char *errmsg;
1812 void *lfd;
1813 fd_list *module_fds = 0;
1814 fd_list *trail = 0;
1815 fd_list *traverse = 0;
1816
1817 /* Check the ownership and file modes */
1818 if (stat64(module_so, &stb) < 0) {
1819 __pam_log(LOG_AUTH | LOG_ERR,
1820 "open_module[%d:%s]: stat(%s) failed: %s",
1821 pamh->include_depth, pam_trace_cname(pamh), module_so,
1822 strerror(errno));
1823 return (NULL);
1824 }
1825 if (stb.st_uid != (uid_t)0) {
1826 __pam_log(LOG_AUTH | LOG_ALERT,
1827 "open_module[%d:%s]: Owner of the module %s is not root",
1828 pamh->include_depth, pam_trace_cname(pamh), module_so);
1829 return (NULL);
1830 }
1831 if (stb.st_mode & S_IWGRP) {
1832 __pam_log(LOG_AUTH | LOG_ALERT,
1833 "open_module[%d:%s]: module %s writable by group",
1834 pamh->include_depth, pam_trace_cname(pamh), module_so);
1835 return (NULL);
1836 }
1837 if (stb.st_mode & S_IWOTH) {
1838 __pam_log(LOG_AUTH | LOG_ALERT,
1839 "open_module[%d:%s]: module %s writable by world",
1840 pamh->include_depth, pam_trace_cname(pamh), module_so);
1841 return (NULL);
1842 }
1843
1844 /*
1845 * Perform the dlopen()
1846 */
1847 lfd = (void *)dlopen(module_so, RTLD_LAZY);
1848
1849 if (lfd == NULL) {
1850 errmsg = dlerror();
1851 __pam_log(LOG_AUTH | LOG_ERR, "open_module[%d:%s]: %s "
1852 "failed: %s", pamh->include_depth, pam_trace_cname(pamh),
1853 module_so, errmsg != NULL ? errmsg : "Unknown error");
1854 return (NULL);
1855 } else {
1856 /* add this fd to the pam handle */
1857 if ((module_fds = calloc(1, sizeof (fd_list))) == 0) {
1858 (void) dlclose(lfd);
1859 lfd = 0;
1860 return (NULL);
1861 }
1862 module_fds->mh = lfd;
1863
1864 if (pamh->fd == 0) {
1865 /* adding new head of list */
1866 pamh->fd = module_fds;
1867 } else {
1868 /* appending to end of list */
1869 traverse = pamh->fd;
1870 while (traverse) {
1871 trail = traverse;
1872 traverse = traverse->next;
1873 }
1874 trail->next = module_fds;
1875 }
1876 }
1877
1878 return (lfd);
1879 }
1880
1881 /*
1882 * load_function - call dlsym() to resolve the function address
1883 */
1884 static int
load_function(void * lfd,char * name,int (** func)())1885 load_function(void *lfd, char *name, int (**func)())
1886 {
1887 char *errmsg = NULL;
1888
1889 if (lfd == NULL)
1890 return (PAM_SYMBOL_ERR);
1891
1892 *func = (int (*)())dlsym(lfd, name);
1893 if (*func == NULL) {
1894 errmsg = dlerror();
1895 __pam_log(LOG_AUTH | LOG_ERR, "dlsym failed %s: error %s",
1896 name, errmsg != NULL ? errmsg : "Unknown error");
1897 return (PAM_SYMBOL_ERR);
1898 }
1899
1900 pam_trace(PAM_DEBUG_DEFAULT,
1901 "load_function: successful load of %s", name);
1902 return (PAM_SUCCESS);
1903 }
1904
1905 /*
1906 * Routines to read the pam.conf configuration file
1907 */
1908
1909 /*
1910 * open_pam_conf - open the pam.conf config file
1911 */
1912
1913 static int
open_pam_conf(struct pam_fh ** pam_fh,pam_handle_t * pamh,char * config)1914 open_pam_conf(struct pam_fh **pam_fh, pam_handle_t *pamh, char *config)
1915 {
1916 struct stat64 stb;
1917 int fd;
1918
1919 if ((fd = open(config, O_RDONLY)) == -1) {
1920 __pam_log(LOG_AUTH | LOG_ALERT,
1921 "open_pam_conf[%d:%s]: open(%s) failed: %s",
1922 pamh->include_depth, pam_trace_cname(pamh), config,
1923 strerror(errno));
1924 return (0);
1925 }
1926 /* Check the ownership and file modes */
1927 if (fstat64(fd, &stb) < 0) {
1928 __pam_log(LOG_AUTH | LOG_ALERT,
1929 "open_pam_conf[%d:%s]: stat(%s) failed: %s",
1930 pamh->include_depth, pam_trace_cname(pamh), config,
1931 strerror(errno));
1932 (void) close(fd);
1933 return (0);
1934 }
1935 if (stb.st_uid != (uid_t)0) {
1936 __pam_log(LOG_AUTH | LOG_ALERT,
1937 "open_pam_conf[%d:%s]: Owner of %s is not root",
1938 pamh->include_depth, pam_trace_cname(pamh), config);
1939 (void) close(fd);
1940 return (0);
1941 }
1942 if (stb.st_mode & S_IWGRP) {
1943 __pam_log(LOG_AUTH | LOG_ALERT,
1944 "open_pam_conf[%d:%s]: %s writable by group",
1945 pamh->include_depth, pam_trace_cname(pamh), config);
1946 (void) close(fd);
1947 return (0);
1948 }
1949 if (stb.st_mode & S_IWOTH) {
1950 __pam_log(LOG_AUTH | LOG_ALERT,
1951 "open_pam_conf[%d:%s]: %s writable by world",
1952 pamh->include_depth, pam_trace_cname(pamh), config);
1953 (void) close(fd);
1954 return (0);
1955 }
1956 if ((*pam_fh = calloc(1, sizeof (struct pam_fh))) == NULL) {
1957 (void) close(fd);
1958 return (0);
1959 }
1960 (*pam_fh)->fconfig = fd;
1961 (*pam_fh)->bufsize = (size_t)stb.st_size;
1962 if (((*pam_fh)->data = mmap(0, (*pam_fh)->bufsize, PROT_READ,
1963 MAP_PRIVATE, (*pam_fh)->fconfig, 0)) == MAP_FAILED) {
1964 (void) close(fd);
1965 free (*pam_fh);
1966 return (0);
1967 }
1968 (*pam_fh)->bufferp = (*pam_fh)->data;
1969
1970 return (1);
1971 }
1972
1973 /*
1974 * close_pam_conf - close pam.conf
1975 */
1976
1977 static void
close_pam_conf(struct pam_fh * pam_fh)1978 close_pam_conf(struct pam_fh *pam_fh)
1979 {
1980 (void) munmap(pam_fh->data, pam_fh->bufsize);
1981 (void) close(pam_fh->fconfig);
1982 free(pam_fh);
1983 }
1984
1985 /*
1986 * read_pam_conf - read in each entry in pam.conf and store info
1987 * under the pam handle.
1988 */
1989
1990 static int
read_pam_conf(pam_handle_t * pamh,char * config)1991 read_pam_conf(pam_handle_t *pamh, char *config)
1992 {
1993 struct pam_fh *pam_fh;
1994 pamtab_t *pamentp;
1995 pamtab_t *tpament;
1996 char *service;
1997 int error;
1998 int i = pamh->include_depth; /* include depth */
1999 /*
2000 * service types:
2001 * error (-1), "auth" (0), "account" (1), "session" (2), "password" (3)
2002 */
2003 int service_found[PAM_NUM_MODULE_TYPES+1] = {0, 0, 0, 0, 0};
2004
2005 (void) pam_get_item(pamh, PAM_SERVICE, (void **)&service);
2006 if (service == NULL || *service == '\0') {
2007 __pam_log(LOG_AUTH | LOG_ERR, "No service name");
2008 return (PAM_SYSTEM_ERR);
2009 }
2010
2011 pamh->pam_conf_name[i] = strdup(config);
2012 pam_trace(PAM_DEBUG_CONF, "read_pam_conf[%d:%s](%p) open(%s)",
2013 i, pam_trace_cname(pamh), (void *)pamh, config);
2014 if (open_pam_conf(&pam_fh, pamh, config) == 0) {
2015 return (PAM_SYSTEM_ERR);
2016 }
2017
2018 while ((error =
2019 get_pam_conf_entry(pam_fh, pamh, &pamentp)) == PAM_SUCCESS &&
2020 pamentp) {
2021
2022 /* See if entry is this service and valid */
2023 if (verify_pam_conf(pamentp, service)) {
2024 pam_trace(PAM_DEBUG_CONF,
2025 "read_pam_conf[%d:%s](%p): bad entry error %s",
2026 i, pam_trace_cname(pamh), (void *)pamh, service);
2027
2028 error = PAM_SYSTEM_ERR;
2029 free_pamconf(pamentp);
2030 goto out;
2031 }
2032 if (strcasecmp(pamentp->pam_service, service) == 0) {
2033 pam_trace(PAM_DEBUG_CONF,
2034 "read_pam_conf[%d:%s](%p): processing %s",
2035 i, pam_trace_cname(pamh), (void *)pamh, service);
2036 /* process first service entry */
2037 if (service_found[pamentp->pam_type + 1] == 0) {
2038 /* purge "other" entries */
2039 while ((tpament = pamh->pam_conf_info[i]
2040 [pamentp->pam_type]) != NULL) {
2041 pam_trace(PAM_DEBUG_CONF,
2042 "read_pam_conf(%p): purging "
2043 "\"other\"[%d:%s][%s]",
2044 (void *)pamh, i,
2045 pam_trace_cname(pamh),
2046 pam_snames[pamentp->pam_type]);
2047 pamh->pam_conf_info[i]
2048 [pamentp->pam_type] = tpament->next;
2049 free_pamconf(tpament);
2050 }
2051 /* add first service entry */
2052 pam_trace(PAM_DEBUG_CONF,
2053 "read_pam_conf(%p): adding 1st "
2054 "%s[%d:%s][%s]",
2055 (void *)pamh, service, i,
2056 pam_trace_cname(pamh),
2057 pam_snames[pamentp->pam_type]);
2058 pamh->pam_conf_info[i][pamentp->pam_type] =
2059 pamentp;
2060 service_found[pamentp->pam_type + 1] = 1;
2061 } else {
2062 /* append more service entries */
2063 pam_trace(PAM_DEBUG_CONF,
2064 "read_pam_conf(%p): adding more "
2065 "%s[%d:%s][%s]",
2066 (void *)pamh, service, i,
2067 pam_trace_cname(pamh),
2068 pam_snames[pamentp->pam_type]);
2069 tpament =
2070 pamh->pam_conf_info[i][pamentp->pam_type];
2071 while (tpament->next != NULL) {
2072 tpament = tpament->next;
2073 }
2074 tpament->next = pamentp;
2075 }
2076 } else if (service_found[pamentp->pam_type + 1] == 0) {
2077 /* See if "other" entry available and valid */
2078 if (verify_pam_conf(pamentp, "other")) {
2079 pam_trace(PAM_DEBUG_CONF,
2080 "read_pam_conf(%p): bad entry error %s "
2081 "\"other\"[%d:%s]",
2082 (void *)pamh, service, i,
2083 pam_trace_cname(pamh));
2084 error = PAM_SYSTEM_ERR;
2085 free_pamconf(pamentp);
2086 goto out;
2087 }
2088 if (strcasecmp(pamentp->pam_service, "other") == 0) {
2089 pam_trace(PAM_DEBUG_CONF,
2090 "read_pam_conf(%p): processing "
2091 "\"other\"[%d:%s]", (void *)pamh, i,
2092 pam_trace_cname(pamh));
2093 if ((tpament = pamh->pam_conf_info[i]
2094 [pamentp->pam_type]) == NULL) {
2095 /* add first "other" entry */
2096 pam_trace(PAM_DEBUG_CONF,
2097 "read_pam_conf(%p): adding 1st "
2098 "other[%d:%s][%s]", (void *)pamh, i,
2099 pam_trace_cname(pamh),
2100 pam_snames[pamentp->pam_type]);
2101 pamh->pam_conf_info[i]
2102 [pamentp->pam_type] = pamentp;
2103 } else {
2104 /* append more "other" entries */
2105 pam_trace(PAM_DEBUG_CONF,
2106 "read_pam_conf(%p): adding more "
2107 "other[%d:%s][%s]", (void *)pamh, i,
2108 pam_trace_cname(pamh),
2109 pam_snames[pamentp->pam_type]);
2110 while (tpament->next != NULL) {
2111 tpament = tpament->next;
2112 }
2113 tpament->next = pamentp;
2114 }
2115 } else {
2116 /* irrelevant entry */
2117 free_pamconf(pamentp);
2118 }
2119 } else {
2120 /* irrelevant entry */
2121 free_pamconf(pamentp);
2122 }
2123 }
2124 out:
2125 (void) close_pam_conf(pam_fh);
2126 if (error != PAM_SUCCESS)
2127 free_pam_conf_info(pamh);
2128 return (error);
2129 }
2130
2131 /*
2132 * get_pam_conf_entry - get a pam.conf entry
2133 */
2134
2135 static int
get_pam_conf_entry(struct pam_fh * pam_fh,pam_handle_t * pamh,pamtab_t ** pam)2136 get_pam_conf_entry(struct pam_fh *pam_fh, pam_handle_t *pamh, pamtab_t **pam)
2137 {
2138 char *cp, *arg;
2139 int argc;
2140 char *tmp, *tmp_free;
2141 int i;
2142 char *current_line = NULL;
2143 int error = PAM_SYSTEM_ERR; /* preset to error */
2144 int err;
2145
2146 /* get the next line from pam.conf */
2147 if ((cp = nextline(pam_fh, pamh, &err)) == NULL) {
2148 /* no more lines in pam.conf ==> return */
2149 error = PAM_SUCCESS;
2150 *pam = NULL;
2151 goto out;
2152 }
2153
2154 if ((*pam = calloc(1, sizeof (pamtab_t))) == NULL) {
2155 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2156 goto out;
2157 }
2158
2159 /* copy full line for error reporting */
2160 if ((current_line = strdup(cp)) == NULL) {
2161 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2162 goto out;
2163 }
2164
2165 pam_trace(PAM_DEBUG_CONF,
2166 "pam.conf[%s] entry:\t%s", pam_trace_cname(pamh), current_line);
2167
2168 /* get service name (e.g. login, su, passwd) */
2169 if ((arg = read_next_token(&cp)) == 0) {
2170 __pam_log(LOG_AUTH | LOG_CRIT,
2171 "illegal pam.conf[%s] entry: %s: missing SERVICE NAME",
2172 pam_trace_cname(pamh), current_line);
2173 goto out;
2174 }
2175 if (((*pam)->pam_service = strdup(arg)) == 0) {
2176 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2177 goto out;
2178 }
2179
2180 /* get module type (e.g. authentication, acct mgmt) */
2181 if ((arg = read_next_token(&cp)) == 0) {
2182 __pam_log(LOG_AUTH | LOG_CRIT,
2183 "illegal pam.conf[%s] entry: %s: missing MODULE TYPE",
2184 pam_trace_cname(pamh), current_line);
2185 (*pam)->pam_type = -1; /* 0 is a valid value */
2186 goto getflag;
2187 }
2188 if (strcasecmp(arg, PAM_AUTH_NAME) == 0) {
2189 (*pam)->pam_type = PAM_AUTH_MODULE;
2190 } else if (strcasecmp(arg, PAM_ACCOUNT_NAME) == 0) {
2191 (*pam)->pam_type = PAM_ACCOUNT_MODULE;
2192 } else if (strcasecmp(arg, PAM_SESSION_NAME) == 0) {
2193 (*pam)->pam_type = PAM_SESSION_MODULE;
2194 } else if (strcasecmp(arg, PAM_PASSWORD_NAME) == 0) {
2195 (*pam)->pam_type = PAM_PASSWORD_MODULE;
2196 } else {
2197 /* error */
2198 __pam_log(LOG_AUTH | LOG_CRIT,
2199 "illegal pam.conf[%s] entry: %s: invalid module "
2200 "type: %s", pam_trace_cname(pamh), current_line, arg);
2201 (*pam)->pam_type = -1; /* 0 is a valid value */
2202 }
2203
2204 getflag:
2205 /* get pam flag (e.g., requisite, required, sufficient, optional) */
2206 if ((arg = read_next_token(&cp)) == 0) {
2207 __pam_log(LOG_AUTH | LOG_CRIT,
2208 "illegal pam.conf[%s] entry: %s: missing CONTROL FLAG",
2209 pam_trace_cname(pamh), current_line);
2210 goto getpath;
2211 }
2212 if (strcasecmp(arg, PAM_BINDING_NAME) == 0) {
2213 (*pam)->pam_flag = PAM_BINDING;
2214 } else if (strcasecmp(arg, PAM_INCLUDE_NAME) == 0) {
2215 (*pam)->pam_flag = PAM_INCLUDE;
2216 } else if (strcasecmp(arg, PAM_OPTIONAL_NAME) == 0) {
2217 (*pam)->pam_flag = PAM_OPTIONAL;
2218 } else if (strcasecmp(arg, PAM_REQUIRED_NAME) == 0) {
2219 (*pam)->pam_flag = PAM_REQUIRED;
2220 } else if (strcasecmp(arg, PAM_REQUISITE_NAME) == 0) {
2221 (*pam)->pam_flag = PAM_REQUISITE;
2222 } else if (strcasecmp(arg, PAM_SUFFICIENT_NAME) == 0) {
2223 (*pam)->pam_flag = PAM_SUFFICIENT;
2224 } else {
2225 /* error */
2226 __pam_log(LOG_AUTH | LOG_CRIT,
2227 "illegal pam.conf[%s] entry: %s",
2228 pam_trace_cname(pamh), current_line);
2229 __pam_log(LOG_AUTH | LOG_CRIT,
2230 "\tinvalid control flag: %s", arg);
2231 }
2232
2233 getpath:
2234 /* get module path (e.g. /usr/lib/security/pam_unix_auth.so.1) */
2235 if ((arg = read_next_token(&cp)) == 0) {
2236 __pam_log(LOG_AUTH | LOG_CRIT,
2237 "illegal pam.conf[%s] entry: %s: missing MODULE PATH",
2238 pam_trace_cname(pamh), current_line);
2239 error = PAM_SUCCESS; /* success */
2240 goto out;
2241 }
2242 if (arg[0] != '/') {
2243 size_t len;
2244 /*
2245 * If module path does not start with "/", then
2246 * prepend PAM_LIB_DIR (/usr/lib/security/).
2247 */
2248 /* sizeof (PAM_LIB_DIR) has room for '\0' */
2249 len = sizeof (PAM_LIB_DIR) + sizeof (PAM_ISA_DIR) + strlen(arg);
2250 if (((*pam)->module_path = malloc(len)) == NULL) {
2251 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2252 goto out;
2253 }
2254 if ((*pam)->pam_flag & PAM_INCLUDE) {
2255 (void) snprintf((*pam)->module_path, len, "%s%s",
2256 PAM_LIB_DIR, arg);
2257 } else {
2258 (void) snprintf((*pam)->module_path, len, "%s%s%s",
2259 PAM_LIB_DIR, PAM_ISA_DIR, arg);
2260 }
2261 } else {
2262 /* Full path provided for module */
2263 char *isa;
2264
2265 /* Check for Instruction Set Architecture indicator */
2266 if ((isa = strstr(arg, PAM_ISA)) != NULL) {
2267 size_t len;
2268 len = strlen(arg) - (sizeof (PAM_ISA)-1) +
2269 sizeof (PAM_ISA_DIR);
2270
2271 /* substitute the architecture dependent path */
2272 if (((*pam)->module_path = malloc(len)) == NULL) {
2273 __pam_log(LOG_AUTH | LOG_ERR,
2274 "strdup: out of memory");
2275 goto out;
2276 }
2277 *isa = '\000';
2278 isa += strlen(PAM_ISA);
2279 (void) snprintf((*pam)->module_path, len, "%s%s%s",
2280 arg, PAM_ISA_DIR, isa);
2281 } else if (((*pam)->module_path = strdup(arg)) == 0) {
2282 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2283 goto out;
2284 }
2285 }
2286
2287 /* count the number of module-specific options first */
2288 argc = 0;
2289 if ((tmp = strdup(cp)) == NULL) {
2290 __pam_log(LOG_AUTH | LOG_ERR, "strdup: out of memory");
2291 goto out;
2292 }
2293 tmp_free = tmp;
2294 for (arg = read_next_token(&tmp); arg; arg = read_next_token(&tmp))
2295 argc++;
2296 free(tmp_free);
2297
2298 /* allocate array for the module-specific options */
2299 if (argc > 0) {
2300 if (((*pam)->module_argv =
2301 calloc(argc+1, sizeof (char *))) == 0) {
2302 __pam_log(LOG_AUTH | LOG_ERR, "calloc: out of memory");
2303 goto out;
2304 }
2305 i = 0;
2306 for (arg = read_next_token(&cp); arg;
2307 arg = read_next_token(&cp)) {
2308 (*pam)->module_argv[i] = strdup(arg);
2309 if ((*pam)->module_argv[i] == NULL) {
2310 __pam_log(LOG_AUTH | LOG_ERR, "strdup failed");
2311 goto out;
2312 }
2313 i++;
2314 }
2315 (*pam)->module_argv[argc] = NULL;
2316 }
2317 (*pam)->module_argc = argc;
2318
2319 error = PAM_SUCCESS; /* success */
2320 (*pam)->pam_err = err; /* was the line truncated */
2321
2322 out:
2323 if (current_line)
2324 free(current_line);
2325 if (error != PAM_SUCCESS) {
2326 /* on error free this */
2327 if (*pam)
2328 free_pamconf(*pam);
2329 }
2330 return (error);
2331 }
2332
2333
2334 /*
2335 * read_next_token - skip tab and space characters and return the next token
2336 */
2337
2338 static char *
read_next_token(char ** cpp)2339 read_next_token(char **cpp)
2340 {
2341 register char *cp = *cpp;
2342 char *start;
2343
2344 if (cp == (char *)0) {
2345 *cpp = (char *)0;
2346 return ((char *)0);
2347 }
2348 while (*cp == ' ' || *cp == '\t')
2349 cp++;
2350 if (*cp == '\0') {
2351 *cpp = (char *)0;
2352 return ((char *)0);
2353 }
2354 start = cp;
2355 while (*cp && *cp != ' ' && *cp != '\t')
2356 cp++;
2357 if (*cp != '\0')
2358 *cp++ = '\0';
2359 *cpp = cp;
2360 return (start);
2361 }
2362
2363 static char *
pam_conf_strnchr(char * sp,int c,intptr_t count)2364 pam_conf_strnchr(char *sp, int c, intptr_t count)
2365 {
2366 while (count) {
2367 if (*sp == (char)c)
2368 return ((char *)sp);
2369 else {
2370 sp++;
2371 count--;
2372 }
2373 };
2374 return (NULL);
2375 }
2376
2377 /*
2378 * nextline - skip all blank lines and comments
2379 */
2380
2381 static char *
nextline(struct pam_fh * pam_fh,pam_handle_t * pamh,int * err)2382 nextline(struct pam_fh *pam_fh, pam_handle_t *pamh, int *err)
2383 {
2384 char *ll;
2385 int find_a_line = 0;
2386 char *data = pam_fh->data;
2387 char *bufferp = pam_fh->bufferp;
2388 char *bufferendp = &data[pam_fh->bufsize];
2389 size_t input_len;
2390
2391 /*
2392 * Skip the blank line, comment line
2393 */
2394 while (!find_a_line) {
2395 /* if we are at the end of the buffer, there is no next line */
2396 if (bufferp == bufferendp)
2397 return (NULL);
2398
2399 /* skip blank line */
2400 while (*bufferp == '\n') {
2401 /*
2402 * If we are at the end of the buffer, there is
2403 * no next line.
2404 */
2405 if (++bufferp == bufferendp) {
2406 return (NULL);
2407 }
2408 /* else we check *bufferp again */
2409 }
2410
2411 /* skip comment line */
2412 while (*bufferp == '#') {
2413 if ((ll = pam_conf_strnchr(bufferp, '\n',
2414 bufferendp - bufferp)) != NULL) {
2415 bufferp = ll;
2416 } else {
2417 /*
2418 * this comment line the last line.
2419 * no next line
2420 */
2421 return (NULL);
2422 }
2423
2424 /*
2425 * If we are at the end of the buffer, there is
2426 * no next line.
2427 */
2428 if (bufferp == bufferendp) {
2429 return (NULL);
2430 }
2431 }
2432
2433 if ((*bufferp != '\n') && (*bufferp != '#')) {
2434 find_a_line = 1;
2435 }
2436 }
2437
2438 *err = PAM_SUCCESS;
2439 /* now we find one line */
2440 if ((ll = pam_conf_strnchr(bufferp, '\n', bufferendp - bufferp))
2441 != NULL) {
2442 if ((input_len = ll - bufferp) >= sizeof (pam_fh->line)) {
2443 __pam_log(LOG_AUTH | LOG_ERR,
2444 "nextline[%d:%s]: pam.conf line too long %.256s",
2445 pamh->include_depth, pam_trace_cname(pamh),
2446 bufferp);
2447 input_len = sizeof (pam_fh->line) - 1;
2448 *err = PAM_SERVICE_ERR;
2449 }
2450 (void) strncpy(pam_fh->line, bufferp, input_len);
2451 pam_fh->line[input_len] = '\0';
2452 pam_fh->bufferp = ll++;
2453 } else {
2454 ll = bufferendp;
2455 if ((input_len = ll - bufferp) >= sizeof (pam_fh->line)) {
2456 __pam_log(LOG_AUTH | LOG_ERR,
2457 "nextline[%d:%s]: pam.conf line too long %.256s",
2458 pamh->include_depth, pam_trace_cname(pamh),
2459 bufferp);
2460 input_len = sizeof (pam_fh->line) - 1;
2461 *err = PAM_SERVICE_ERR;
2462 }
2463 (void) strncpy(pam_fh->line, bufferp, input_len);
2464 pam_fh->line[input_len] = '\0';
2465 pam_fh->bufferp = ll;
2466 }
2467
2468 return (pam_fh->line);
2469 }
2470
2471 /*
2472 * verify_pam_conf - verify that the pam_conf entry is filled in.
2473 *
2474 * True = Error if there is no service.
2475 * True = Error if there is a service and it matches the requested service
2476 * but, the type, flag, line overflow, or path is in error.
2477 */
2478
2479 static int
verify_pam_conf(pamtab_t * pam,char * service)2480 verify_pam_conf(pamtab_t *pam, char *service)
2481 {
2482 return ((pam->pam_service == (char *)NULL) ||
2483 ((strcasecmp(pam->pam_service, service) == 0) &&
2484 ((pam->pam_type == -1) ||
2485 (pam->pam_flag == 0) ||
2486 (pam->pam_err != PAM_SUCCESS) ||
2487 (pam->module_path == (char *)NULL))));
2488 }
2489
2490 /*
2491 * Routines to free allocated storage
2492 */
2493
2494 /*
2495 * clean_up - free allocated storage in the pam handle
2496 */
2497
2498 static void
clean_up(pam_handle_t * pamh)2499 clean_up(pam_handle_t *pamh)
2500 {
2501 int i;
2502 pam_repository_t *auth_rep;
2503
2504 if (pamh) {
2505 while (pamh->include_depth >= 0) {
2506 free_pam_conf_info(pamh);
2507 pamh->include_depth--;
2508 }
2509
2510 /* Cleanup PAM_REPOSITORY structure */
2511 auth_rep = pamh->ps_item[PAM_REPOSITORY].pi_addr;
2512 if (auth_rep != NULL) {
2513 if (auth_rep->type != NULL)
2514 free(auth_rep->type);
2515 if (auth_rep->scope != NULL)
2516 free(auth_rep->scope);
2517 }
2518
2519 for (i = 0; i < PAM_MAX_ITEMS; i++) {
2520 if (pamh->ps_item[i].pi_addr != NULL) {
2521 if (i == PAM_AUTHTOK || i == PAM_OLDAUTHTOK) {
2522 (void) memset(pamh->ps_item[i].pi_addr,
2523 0, pamh->ps_item[i].pi_size);
2524 }
2525 free(pamh->ps_item[i].pi_addr);
2526 }
2527 }
2528 free(pamh);
2529 }
2530 }
2531
2532 /*
2533 * free_pamconf - free memory used to store pam.conf entry
2534 */
2535
2536 static void
free_pamconf(pamtab_t * cp)2537 free_pamconf(pamtab_t *cp)
2538 {
2539 int i;
2540
2541 if (cp) {
2542 if (cp->pam_service)
2543 free(cp->pam_service);
2544 if (cp->module_path)
2545 free(cp->module_path);
2546 for (i = 0; i < cp->module_argc; i++) {
2547 if (cp->module_argv[i])
2548 free(cp->module_argv[i]);
2549 }
2550 if (cp->module_argc > 0)
2551 free(cp->module_argv);
2552 if (cp->function_ptr)
2553 free(cp->function_ptr);
2554
2555 free(cp);
2556 }
2557 }
2558
2559 /*
2560 * free_pam_conf_info - free memory used to store all pam.conf info
2561 * under the pam handle
2562 */
2563
2564 static void
free_pam_conf_info(pam_handle_t * pamh)2565 free_pam_conf_info(pam_handle_t *pamh)
2566 {
2567 pamtab_t *pamentp;
2568 pamtab_t *pament_trail;
2569 int i = pamh->include_depth;
2570 int j;
2571
2572 for (j = 0; j < PAM_NUM_MODULE_TYPES; j++) {
2573 pamentp = pamh->pam_conf_info[i][j];
2574 pamh->pam_conf_info[i][j] = NULL;
2575 pament_trail = pamentp;
2576 while (pamentp) {
2577 pamentp = pamentp->next;
2578 free_pamconf(pament_trail);
2579 pament_trail = pamentp;
2580 }
2581 }
2582 if (pamh->pam_conf_name[i] != NULL) {
2583 free(pamh->pam_conf_name[i]);
2584 pamh->pam_conf_name[i] = NULL;
2585 }
2586 }
2587
2588 static void
free_env(env_list * pam_env)2589 free_env(env_list *pam_env)
2590 {
2591 if (pam_env) {
2592 if (pam_env->name)
2593 free(pam_env->name);
2594 if (pam_env->value)
2595 free(pam_env->value);
2596 free(pam_env);
2597 }
2598 }
2599
2600 /*
2601 * Internal convenience functions for Solaris PAM service modules.
2602 */
2603
2604 #include <libintl.h>
2605 #include <nl_types.h>
2606 #include <synch.h>
2607 #include <locale.h>
2608 #include <thread.h>
2609
2610 typedef struct pam_msg_data {
2611 nl_catd fd;
2612 } pam_msg_data_t;
2613
2614 /*
2615 * free_resp():
2616 * free storage for responses used in the call back "pam_conv" functions
2617 */
2618
2619 void
free_resp(int num_msg,struct pam_response * resp)2620 free_resp(int num_msg, struct pam_response *resp)
2621 {
2622 int i;
2623 struct pam_response *r;
2624
2625 if (resp) {
2626 r = resp;
2627 for (i = 0; i < num_msg; i++, r++) {
2628 if (r->resp) {
2629 /* clear before freeing -- may be a password */
2630 bzero(r->resp, strlen(r->resp));
2631 free(r->resp);
2632 r->resp = NULL;
2633 }
2634 }
2635 free(resp);
2636 }
2637 }
2638
2639 static int
do_conv(pam_handle_t * pamh,int msg_style,int num_msg,char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE],void * conv_apdp,struct pam_response * ret_respp[])2640 do_conv(pam_handle_t *pamh, int msg_style, int num_msg,
2641 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE], void *conv_apdp,
2642 struct pam_response *ret_respp[])
2643 {
2644 struct pam_message *msg;
2645 struct pam_message *m;
2646 int i;
2647 int k;
2648 int retcode;
2649 struct pam_conv *pam_convp;
2650
2651 if ((retcode = pam_get_item(pamh, PAM_CONV,
2652 (void **)&pam_convp)) != PAM_SUCCESS) {
2653 return (retcode);
2654 }
2655
2656 /*
2657 * When pam_set_item() is called to set PAM_CONV and the
2658 * item is NULL, memset(pip->pi_addr, 0, size) is called.
2659 * So at this point, we should check whether pam_convp->conv
2660 * is NULL or not.
2661 */
2662 if ((pam_convp == NULL) || (pam_convp->conv == NULL))
2663 return (PAM_SYSTEM_ERR);
2664
2665 i = 0;
2666 k = num_msg;
2667
2668 msg = calloc(num_msg, sizeof (struct pam_message));
2669 if (msg == NULL) {
2670 return (PAM_BUF_ERR);
2671 }
2672 m = msg;
2673
2674 while (k--) {
2675 /*
2676 * fill out the message structure to display prompt message
2677 */
2678 m->msg_style = msg_style;
2679 m->msg = messages[i];
2680 pam_trace(PAM_DEBUG_CONV,
2681 "pam_conv_msg(%p:%d[%d]=%s)",
2682 (void *)pamh, msg_style, i, messages[i]);
2683 m++;
2684 i++;
2685 }
2686
2687 /*
2688 * The UNIX pam modules always calls __pam_get_authtok() and
2689 * __pam_display_msg() with a NULL pointer as the conv_apdp.
2690 * In case the conv_apdp is NULL and the pam_convp->appdata_ptr
2691 * is not NULL, we should pass the pam_convp->appdata_ptr
2692 * to the conversation function.
2693 */
2694 if (conv_apdp == NULL && pam_convp->appdata_ptr != NULL)
2695 conv_apdp = pam_convp->appdata_ptr;
2696
2697 /*
2698 * Call conv function to display the prompt.
2699 */
2700 retcode = (pam_convp->conv)(num_msg, &msg, ret_respp, conv_apdp);
2701 pam_trace(PAM_DEBUG_CONV,
2702 "pam_conv_resp(%p pam_conv = %s) ret_respp = %p",
2703 (void *)pamh, pam_strerror(pamh, retcode), (void *)ret_respp);
2704 if (*ret_respp == NULL) {
2705 pam_trace(PAM_DEBUG_CONV,
2706 "pam_conv_resp(%p No response requested)", (void *)pamh);
2707 } else if ((pam_debug & (PAM_DEBUG_CONV | PAM_DEBUG_AUTHTOK)) != 0) {
2708 struct pam_response *r = *ret_respp;
2709
2710 for (i = 0; i < num_msg; i++, r++) {
2711 if (r->resp == NULL) {
2712 pam_trace(PAM_DEBUG_CONV,
2713 "pam_conv_resp(%p:"
2714 "[%d] NULL response string)",
2715 (void *)pamh, i);
2716 } else {
2717 if (msg_style == PAM_PROMPT_ECHO_OFF) {
2718 #ifdef DEBUG
2719 pam_trace(PAM_DEBUG_AUTHTOK,
2720 "pam_conv_resp(%p:[%d]=%s, "
2721 "code=%d)",
2722 (void *)pamh, i, r->resp,
2723 r->resp_retcode);
2724 #endif /* DEBUG */
2725 pam_trace(PAM_DEBUG_CONV,
2726 "pam_conv_resp(%p:[%d] len=%lu, "
2727 "code=%d)",
2728 (void *)pamh, i,
2729 (ulong_t)strlen(r->resp),
2730 r->resp_retcode);
2731 } else {
2732 pam_trace(PAM_DEBUG_CONV,
2733 "pam_conv_resp(%p:[%d]=%s, "
2734 "code=%d)",
2735 (void *)pamh, i, r->resp,
2736 r->resp_retcode);
2737 }
2738 }
2739 }
2740 }
2741
2742 if (msg)
2743 free(msg);
2744 return (retcode);
2745 }
2746
2747 /*
2748 * __pam_display_msg():
2749 * display message by calling the call back functions
2750 * provided by the application through "pam_conv" structure
2751 */
2752
2753 int
__pam_display_msg(pam_handle_t * pamh,int msg_style,int num_msg,char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE],void * conv_apdp)2754 __pam_display_msg(pam_handle_t *pamh, int msg_style, int num_msg,
2755 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE], void *conv_apdp)
2756 {
2757 struct pam_response *ret_respp = NULL;
2758 int ret;
2759
2760 ret = do_conv(pamh, msg_style, num_msg, messages,
2761 conv_apdp, &ret_respp);
2762
2763 if (ret_respp != NULL)
2764 free_resp(num_msg, ret_respp);
2765
2766 return (ret);
2767 }
2768
2769 /*
2770 * __pam_get_authtok()
2771 * retrieves a password of at most PASS_MAX length from the pam
2772 * handle (pam_get_item) or from the input stream (do_conv).
2773 *
2774 * This function allocates memory for the new authtok.
2775 * Applications calling this function are responsible for
2776 * freeing this memory.
2777 *
2778 * If "source" is
2779 * PAM_HANDLE
2780 * and "type" is:
2781 * PAM_AUTHTOK - password is taken from pam handle (PAM_AUTHTOK)
2782 * PAM_OLDAUTHTOK - password is taken from pam handle (PAM_OLDAUTHTOK)
2783 *
2784 * If "source" is
2785 * PAM_PROMPT
2786 * and "type" is:
2787 * 0: Prompt for new passwd, do not even attempt
2788 * to store it in the pam handle.
2789 * PAM_AUTHTOK: Prompt for new passwd, store in pam handle as
2790 * PAM_AUTHTOK item if this value is not already set.
2791 * PAM_OLDAUTHTOK: Prompt for new passwd, store in pam handle as
2792 * PAM_OLDAUTHTOK item if this value is not
2793 * already set.
2794 */
2795 int
__pam_get_authtok(pam_handle_t * pamh,int source,int type,char * prompt,char ** authtok)2796 __pam_get_authtok(pam_handle_t *pamh, int source, int type, char *prompt,
2797 char **authtok)
2798 {
2799 int error = PAM_SYSTEM_ERR;
2800 char *new_password = NULL;
2801 struct pam_response *ret_resp = NULL;
2802 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
2803
2804 if ((*authtok = calloc(PASS_MAX+1, sizeof (char))) == NULL)
2805 return (PAM_BUF_ERR);
2806
2807 if (prompt == NULL)
2808 prompt = dgettext(TEXT_DOMAIN, "password: ");
2809
2810 switch (source) {
2811 case PAM_HANDLE:
2812
2813 /* get password from pam handle item list */
2814
2815 switch (type) {
2816 case PAM_AUTHTOK:
2817 case PAM_OLDAUTHTOK:
2818
2819 if ((error = pam_get_item(pamh, type,
2820 (void **)&new_password)) != PAM_SUCCESS)
2821 goto err_ret;
2822
2823 if (new_password == NULL || new_password[0] == '\0') {
2824 free(*authtok);
2825 *authtok = NULL;
2826 } else {
2827 (void) strlcpy(*authtok, new_password,
2828 PASS_MAX+1);
2829 }
2830 break;
2831 default:
2832 __pam_log(LOG_AUTH | LOG_ERR,
2833 "__pam_get_authtok() invalid type: %d", type);
2834 error = PAM_SYMBOL_ERR;
2835 goto err_ret;
2836 }
2837 break;
2838 case PAM_PROMPT:
2839
2840 /*
2841 * Prompt for new password and save in pam handle item list
2842 * if the that item is not already set.
2843 */
2844
2845 (void) strncpy(messages[0], prompt, sizeof (messages[0]));
2846 if ((error = do_conv(pamh, PAM_PROMPT_ECHO_OFF, 1, messages,
2847 NULL, &ret_resp)) != PAM_SUCCESS)
2848 goto err_ret;
2849
2850 if (ret_resp->resp == NULL) {
2851 /* getpass didn't return anything */
2852 error = PAM_SYSTEM_ERR;
2853 goto err_ret;
2854 }
2855
2856 /* save the new password if this item was NULL */
2857 if (type) {
2858 if ((error = pam_get_item(pamh, type,
2859 (void **)&new_password)) != PAM_SUCCESS) {
2860 free_resp(1, ret_resp);
2861 goto err_ret;
2862 }
2863 if (new_password == NULL)
2864 (void) pam_set_item(pamh, type, ret_resp->resp);
2865 }
2866
2867 (void) strlcpy(*authtok, ret_resp->resp, PASS_MAX+1);
2868 free_resp(1, ret_resp);
2869 break;
2870 default:
2871 __pam_log(LOG_AUTH | LOG_ERR,
2872 "__pam_get_authtok() invalid source: %d", source);
2873 error = PAM_SYMBOL_ERR;
2874 goto err_ret;
2875 }
2876
2877 return (PAM_SUCCESS);
2878
2879 err_ret:
2880 bzero(*authtok, PASS_MAX+1);
2881 free(*authtok);
2882 *authtok = NULL;
2883 return (error);
2884 }
2885