1 /*-
2 * Copyright (c) 2008 Joe Marcus Clarke <marcus@FreeBSD.org>.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $MCom: pam_helper/pam_helper.c,v 1.3 2016/09/18 18:10:46 jclarke Exp $
27 *
28 */
29 #include <sys/types.h>
30 #include <sys/uio.h>
31 #include <err.h>
32 #include <errno.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <security/pam_appl.h>
37 #include <unistd.h>
38
39 #define PW_LEN BUFSIZ
40
41 static void *pamc_ptr = NULL;
42
43 static void
usage(void)44 usage (void)
45 {
46 fprintf(stderr, "usage: pam_helper service username\n");
47 exit(1);
48 }
49
50 struct pam_closure {
51 const char *user;
52 const char *passwd;
53 };
54
55 static int pam_conversation (int nmsgs, const struct pam_message **msg, struct pam_response **resp, void *closure);
56
57 int
main(int argc,char ** argv)58 main (int argc, char **argv)
59 {
60 pam_handle_t *pamh = NULL;
61 int status = -1;
62 ssize_t num_read;
63 struct pam_conv pc;
64 struct pam_closure c;
65 char *passwd = NULL;
66 char *user = NULL;
67 char *service = NULL;
68
69 if (argc != 3)
70 usage();
71
72 service = strdup(argv[1]);
73 user = strdup(argv[2]);
74
75 passwd = (char *) calloc(PW_LEN + 1, sizeof (char));
76 if (!passwd) {
77 free(service);
78 free(user);
79 errx(1, "Failed to allocate password buffer.");
80 }
81
82 again:
83 num_read = read(STDIN_FILENO, passwd, PW_LEN);
84 if (num_read == -1 && errno == EAGAIN)
85 goto again;
86 else if (num_read == -1) {
87 free(service);
88 free(user);
89 free(passwd);
90 errx(1, "Failed to read passwd.");
91 }
92
93 c.user = user;
94 c.passwd = passwd;
95
96 pc.conv = &pam_conversation;
97 pc.appdata_ptr = (void *) &c;
98
99 pamc_ptr = (void *) &c;
100
101 status = pam_start(service, c.user, &pc, &pamh);
102 if (status != PAM_SUCCESS) {
103 free(service);
104 free(user);
105 free(passwd);
106 errx(2, "Error starting PAM conversation.");
107 }
108
109 status = pam_authenticate(pamh, 0);
110 if (status == PAM_SUCCESS) {
111 int acct_status;
112
113 acct_status = pam_acct_mgmt(pamh, 0);
114 acct_status = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
115
116 } else {
117 fprintf(stderr, "Error authenticating user.\n");
118 }
119
120 free(service);
121 free(user);
122 free(passwd);
123
124 pam_end(pamh, status);
125
126 return(status);
127 }
128
129 static int
pam_conversation(int nmsgs,const struct pam_message ** msg,struct pam_response ** resp,void * closure)130 pam_conversation (int nmsgs, const struct pam_message **msg,
131 struct pam_response **resp, void *closure)
132 {
133 int replies = 0;
134 struct pam_response *reply = NULL;
135 struct pam_closure *c = (struct pam_closure *) closure;
136
137 c = (struct pam_closure *) pamc_ptr;
138
139 reply = (struct pam_response *) calloc (nmsgs, sizeof (*reply));
140 if (!reply)
141 return(PAM_CONV_ERR);
142
143 for (replies = 0; replies < nmsgs; replies++) {
144 switch (msg[replies]->msg_style) {
145 case PAM_PROMPT_ECHO_ON:
146 reply[replies].resp_retcode = PAM_SUCCESS;
147 reply[replies].resp = strdup(c->user);
148 break;
149 case PAM_PROMPT_ECHO_OFF:
150 reply[replies].resp_retcode = PAM_SUCCESS;
151 reply[replies].resp = strdup (c->passwd);
152 break;
153 case PAM_TEXT_INFO:
154 reply[replies].resp_retcode = PAM_SUCCESS;
155 reply[replies].resp = 0;
156 break;
157 case PAM_ERROR_MSG:
158 reply[replies].resp_retcode = PAM_SUCCESS;
159 reply[replies].resp = 0;
160 break;
161 default:
162 free(reply);
163 return(PAM_CONV_ERR);
164 }
165 }
166
167 *resp = reply;
168 return(PAM_SUCCESS);
169 }
170