freebsd-dev/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c

/*-
 * Copyright 1998 Juniper Networks, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *	$FreeBSD$
 */

#include <sys/param.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#define PAM_SM_AUTH
#include <security/pam_modules.h>

#include "pam_mod_misc.h"

#define PASSWORD_PROMPT	"Password:"

extern int klogin(struct passwd *, char *, char *, char *);

/* Globals used by klogin.c */
int	notickets = 1;
int	noticketsdontcomplain = 1;
char	*krbtkfile_env;

PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
    const char **argv)
{
	int retval;
	const char *user;
	char *principal;
	char *instance;
	const char *password;
	char localhost[MAXHOSTNAMELEN + 1];
	struct passwd *pwd;
	int options;
	int i;

	options = 0;
	for (i = 0;  i < argc;  i++)
		pam_std_option(&options, argv[i]);
	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
		return retval;
	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
	    options)) != PAM_SUCCESS)
		return retval;
	if (gethostname(localhost, sizeof localhost - 1) == -1)
		return PAM_SYSTEM_ERR;
	if ((principal = strdup(user)) == NULL)
		return PAM_BUF_ERR;
	if ((instance = strchr(principal, '.')) != NULL)
		*instance++ = '\0';
	else
		instance = "";
	if ((pwd = getpwnam(user)) != NULL &&
	    klogin(pwd, instance, localhost, (char *)password) == 0) {
		if (!(flags & PAM_SILENT) && notickets &&
		    !noticketsdontcomplain)
			pam_prompt(pamh, PAM_ERROR_MSG,
			    "Warning: no Kerberos tickets issued", NULL);
		/*
		 * XXX - I think the ticket file really isn't supposed to
		 * be even created until pam_sm_setcred() is called.
		 */
		if (krbtkfile_env != NULL)
			setenv("KRBTKFILE", krbtkfile_env, 1);
		retval = PAM_SUCCESS;
	} else
		retval = PAM_AUTH_ERR;
	/*
	 * The PAM infrastructure will obliterate the cleartext
	 * password before returning to the application.
	 */
	free(principal);
	return retval;
}

PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return PAM_SUCCESS;
}

PAM_MODULE_ENTRY("pam_kerberosIV");
Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. 1998-11-18 01:44:37 +00:00			`/*-`
			`* Copyright 1998 Juniper Networks, Inc.`
			`* All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE`
			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`* SUCH DAMAGE.`
			`*`
			`* $FreeBSD$`
			`*/`

			`#include <sys/param.h>`
			`#include <pwd.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <unistd.h>`

			`#define PAM_SM_AUTH`
			`#include <security/pam_modules.h>`

			`#include "pam_mod_misc.h"`

			`#define PASSWORD_PROMPT "Password:"`

Revert my last change, "Rename some globals to reduce namespace pollution." Unfortunately, some of these globals are used by ftpd, and I broke make world. Pointy hat, please. 1999-01-21 22:02:31 +00:00			`extern int klogin(struct passwd , char , char , char );`
Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. 1998-11-18 01:44:37 +00:00
Revert my last change, "Rename some globals to reduce namespace pollution." Unfortunately, some of these globals are used by ftpd, and I broke make world. Pointy hat, please. 1999-01-21 22:02:31 +00:00			`/* Globals used by klogin.c */`
			`int notickets = 1;`
			`int noticketsdontcomplain = 1;`
			`char *krbtkfile_env;`
Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. 1998-11-18 01:44:37 +00:00
			`PAM_EXTERN int`
			`pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,`
			`const char **argv)`
			`{`
			`int retval;`
			`const char *user;`
			`char *principal;`
			`char *instance;`
			`const char *password;`
			`char localhost[MAXHOSTNAMELEN + 1];`
			`struct passwd *pwd;`
			`int options;`
			`int i;`

			`options = 0;`
			`for (i = 0; i < argc; i++)`
			`pam_std_option(&options, argv[i]);`
			`if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)`
			`return retval;`
			`if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,`
			`options)) != PAM_SUCCESS)`
			`return retval;`
			`if (gethostname(localhost, sizeof localhost - 1) == -1)`
			`return PAM_SYSTEM_ERR;`
			`if ((principal = strdup(user)) == NULL)`
			`return PAM_BUF_ERR;`
			`if ((instance = strchr(principal, '.')) != NULL)`
			`*instance++ = '\0';`
			`else`
			`instance = "";`
			`if ((pwd = getpwnam(user)) != NULL &&`
Revert my last change, "Rename some globals to reduce namespace pollution." Unfortunately, some of these globals are used by ftpd, and I broke make world. Pointy hat, please. 1999-01-21 22:02:31 +00:00			`klogin(pwd, instance, localhost, (char *)password) == 0) {`
			`if (!(flags & PAM_SILENT) && notickets &&`
			`!noticketsdontcomplain)`
Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. 1998-11-18 01:44:37 +00:00			`pam_prompt(pamh, PAM_ERROR_MSG,`
			`"Warning: no Kerberos tickets issued", NULL);`
			`/*`
			`* XXX - I think the ticket file really isn't supposed to`
			`* be even created until pam_sm_setcred() is called.`
			`*/`
Revert my last change, "Rename some globals to reduce namespace pollution." Unfortunately, some of these globals are used by ftpd, and I broke make world. Pointy hat, please. 1999-01-21 22:02:31 +00:00			`if (krbtkfile_env != NULL)`
			`setenv("KRBTKFILE", krbtkfile_env, 1);`
Build structure for contribified Linux-PAM, plus some home-grown modules for FreeBSD's standard authentication methods. Although the Linux-PAM modules are present in the contrib tree, we don't use any of them. The main library "libpam" is composed of sources taken from three places. First are the standard Linux-PAM libpam sources from the contrib tree. Second are the Linux-PAM "libpam_misc" sources, also from the contrib tree. In Linux these form a separate library. But as Mike Smith pointed out to me, that seems pointless, so I have combined them into the libpam library. Third are some additional sources from the "src/lib/libpam" tree with some common functions that make it easier to write modules. Those I wrote myself. This work has been donated to FreeBSD by Juniper Networks, Inc. 1998-11-18 01:44:37 +00:00			`retval = PAM_SUCCESS;`
			`} else`
			`retval = PAM_AUTH_ERR;`
			`/*`
			`* The PAM infrastructure will obliterate the cleartext`
			`* password before returning to the application.`
			`*/`
			`free(principal);`
			`return retval;`
			`}`

			`PAM_EXTERN int`
			`pam_sm_setcred(pam_handle_t pamh, int flags, int argc, const char *argv)`
			`{`
			`return PAM_SUCCESS;`
			`}`
Make it possible to use PAM in statically-linked applications. 1999-01-20 21:55:30 +00:00
			`PAM_MODULE_ENTRY("pam_kerberosIV");`