1 /*
2 * Copyright (c) 2000. Leon Breedt, Copyright (c) 2002 David D.W. Downey
3 * Adapted FreeBSD version
4 */
5 /*-
6 * Copyright 1998 Juniper Networks, Inc.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 *
30 * $FreeBSD: src/lib/libpam/libpam/pam_get_pass.c,v 1.1.1.1 1998/11/18 01:44:37 jdp Exp $
31 */
32
33 /* $Id: pam_get_pass.c,v 1.2 2000/06/25 09:39:28 ljb Exp $ */
34 #include <stdlib.h>
35 #include <string.h>
36 #include <security/pam_modules.h>
37 #include <security/pam_appl.h>
38 #include "pam_pgsql_options.h"
39
40 #ifdef __FreeBSD__
41 #include <sys/param.h>
42 #endif
43
44 static int
pam_conv_pass(pam_handle_t * pamh,int pam_item,const char * prompt,int options)45 pam_conv_pass(pam_handle_t *pamh, int pam_item, const char *prompt, int options)
46 {
47 int retval;
48 const void *item;
49 const struct pam_conv *conv;
50 struct pam_message msg;
51 const struct pam_message *msgs[1];
52 struct pam_response *resp;
53
54 if ((retval = pam_get_item(pamh, PAM_CONV, &item)) !=
55 PAM_SUCCESS)
56 return retval;
57 conv = (const struct pam_conv *)item;
58 msg.msg_style = options & PAM_OPT_ECHO_PASS ?
59 PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
60 msg.msg = prompt;
61 msgs[0] = &msg;
62 if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) !=
63 PAM_SUCCESS)
64 return retval;
65 if ((retval = pam_set_item(pamh, pam_item, resp[0].resp)) !=
66 PAM_SUCCESS)
67 return retval;
68 memset(resp[0].resp, 0, strlen(resp[0].resp));
69 free(resp[0].resp);
70 free(resp);
71 return PAM_SUCCESS;
72 }
73
74 int
pam_get_pass(pam_handle_t * pamh,int pam_item,const char ** passp,const char * prompt,int options)75 pam_get_pass(pam_handle_t *pamh, int pam_item, const char **passp, const char *prompt,
76 int options)
77 {
78 int retval;
79 const void *item = NULL;
80
81 /*
82 * Grab the already-entered password if we might want to use it.
83 */
84 if ((pam_item == PAM_AUTHTOK) && (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS))) {
85 if ((retval = pam_get_item(pamh, pam_item, &item)) !=
86 PAM_SUCCESS)
87 return retval;
88 }
89
90 if (item == NULL) {
91 /* The user hasn't entered a password yet. */
92 if ((pam_item == PAM_AUTHTOK) && (options & PAM_OPT_USE_FIRST_PASS))
93 return PAM_AUTH_ERR;
94 /* Use the conversation function to get a password. */
95 if ((retval = pam_conv_pass(pamh, pam_item, prompt, options)) !=
96 PAM_SUCCESS ||
97 (retval = pam_get_item(pamh, pam_item, &item)) !=
98 PAM_SUCCESS)
99 return retval;
100 }
101 *passp = (const char *)item;
102 return PAM_SUCCESS;
103 }
104
105 int
pam_get_confirm_pass(pam_handle_t * pamh,const char ** passp,const char * prompt1,const char * prompt2,int options)106 pam_get_confirm_pass(pam_handle_t *pamh, const char **passp, const char *prompt1, const char *prompt2, int options)
107 {
108 int retval = PAM_AUTH_ERR;
109 int i;
110 const void *item = NULL;
111 const struct pam_conv *conv;
112 struct pam_message msgs[2];
113 const struct pam_message *pmsgs[2];
114 struct pam_response *resp;
115
116 /* Grab the already-entered password if we might want to use it.*/
117 if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) {
118
119 if ((retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item)) != PAM_SUCCESS)
120 return retval;
121 }
122
123 if (item == NULL) {
124
125 if (options & PAM_OPT_USE_FIRST_PASS)
126 return PAM_AUTH_ERR;
127
128 if ((retval = pam_get_item(pamh, PAM_CONV, (const void **)&item)) != PAM_SUCCESS)
129 return retval;
130
131 conv = (const struct pam_conv *)item;
132 for(i = 0; i < 2; i++)
133 msgs[i].msg_style = (options & PAM_OPT_ECHO_PASS) ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
134
135 msgs[0].msg = prompt1;
136 msgs[1].msg = prompt2;
137 pmsgs[0] = &msgs[0];
138 pmsgs[1] = &msgs[1];
139
140 if((retval = conv->conv(2, pmsgs, &resp, conv->appdata_ptr)) != PAM_SUCCESS)
141 return retval;
142
143 if(!resp)
144 return PAM_AUTHTOK_RECOVERY_ERR;
145
146 if(strcmp(resp[0].resp, resp[1].resp) != 0)
147 return PAM_AUTHTOK_RECOVERY_ERR;
148
149 retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
150 memset(resp[0].resp, 0, strlen(resp[0].resp));
151 memset(resp[1].resp, 0, strlen(resp[1].resp));
152 free(resp[0].resp);
153 free(resp[1].resp);
154 free(resp);
155
156 if(retval == PAM_SUCCESS) {
157 item = NULL;
158 retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item);
159 }
160 }
161 *passp = item;
162
163 return retval;
164 }
165