1 /*-
2  * Copyright (c) 2008 Joe Marcus Clarke <marcus@FreeBSD.org>.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  * $MCom: pam_helper/pam_helper.c,v 1.3 2016/09/18 18:10:46 jclarke Exp $
27  *
28  */
29 #include <sys/types.h>
30 #include <sys/uio.h>
31 #include <err.h>
32 #include <errno.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <security/pam_appl.h>
37 #include <unistd.h>
38 
39 #define PW_LEN BUFSIZ
40 
41 static void *pamc_ptr = NULL;
42 
43 static void
usage(void)44 usage (void)
45 {
46 	fprintf(stderr, "usage: pam_helper service username\n");
47 	exit(1);
48 }
49 
50 struct pam_closure {
51 	const char *user;
52 	const char *passwd;
53 };
54 
55 static int pam_conversation (int nmsgs, const struct pam_message **msg, struct pam_response **resp, void *closure);
56 
57 int
main(int argc,char ** argv)58 main (int argc, char **argv)
59 {
60 	pam_handle_t *pamh = NULL;
61 	int status = -1;
62 	ssize_t num_read;
63 	struct pam_conv pc;
64 	struct pam_closure c;
65 	char *passwd = NULL;
66 	char *user = NULL;
67 	char *service = NULL;
68 
69 	if (argc != 3)
70 		usage();
71 
72 	service = strdup(argv[1]);
73 	user = strdup(argv[2]);
74 
75 	passwd = (char *) calloc(PW_LEN + 1, sizeof (char));
76 	if (!passwd) {
77 		free(service);
78 		free(user);
79 		errx(1, "Failed to allocate password buffer.");
80 	}
81 
82 again:
83 	num_read = read(STDIN_FILENO, passwd, PW_LEN);
84 	if (num_read == -1 && errno == EAGAIN)
85 		goto again;
86 	else if (num_read == -1) {
87 		free(service);
88 		free(user);
89 		free(passwd);
90 		errx(1, "Failed to read passwd.");
91 	}
92 
93 	c.user = user;
94 	c.passwd = passwd;
95 
96 	pc.conv = &pam_conversation;
97 	pc.appdata_ptr = (void *) &c;
98 
99 	pamc_ptr = (void *) &c;
100 
101 	status = pam_start(service, c.user, &pc, &pamh);
102 	if (status != PAM_SUCCESS) {
103 		free(service);
104 		free(user);
105 		free(passwd);
106 		errx(2, "Error starting PAM conversation.");
107 	}
108 
109 	status = pam_authenticate(pamh, 0);
110 	if (status == PAM_SUCCESS) {
111 		int acct_status;
112 
113 		acct_status = pam_acct_mgmt(pamh, 0);
114 		acct_status = pam_setcred(pamh, PAM_REINITIALIZE_CRED);
115 
116 	} else {
117 		fprintf(stderr, "Error authenticating user.\n");
118 	}
119 
120 	free(service);
121 	free(user);
122 	free(passwd);
123 
124 	pam_end(pamh, status);
125 
126 	return(status);
127 }
128 
129 static int
pam_conversation(int nmsgs,const struct pam_message ** msg,struct pam_response ** resp,void * closure)130 pam_conversation (int nmsgs, const struct pam_message **msg,
131 		  struct pam_response **resp, void *closure)
132 {
133 	int replies = 0;
134 	struct pam_response *reply = NULL;
135 	struct pam_closure *c = (struct pam_closure *) closure;
136 
137 	c = (struct pam_closure *) pamc_ptr;
138 
139 	reply = (struct pam_response *) calloc (nmsgs, sizeof (*reply));
140 	if (!reply)
141 		return(PAM_CONV_ERR);
142 
143 	for (replies = 0; replies < nmsgs; replies++) {
144 		switch (msg[replies]->msg_style) {
145 			case PAM_PROMPT_ECHO_ON:
146 				reply[replies].resp_retcode = PAM_SUCCESS;
147 				reply[replies].resp = strdup(c->user);
148 				break;
149 			case PAM_PROMPT_ECHO_OFF:
150 				reply[replies].resp_retcode = PAM_SUCCESS;
151 				reply[replies].resp = strdup (c->passwd);
152 				break;
153 			case PAM_TEXT_INFO:
154 				reply[replies].resp_retcode = PAM_SUCCESS;
155 				reply[replies].resp = 0;
156 				break;
157 			case PAM_ERROR_MSG:
158 				reply[replies].resp_retcode = PAM_SUCCESS;
159 				reply[replies].resp = 0;
160 				break;
161 			default:
162 				free(reply);
163 				return(PAM_CONV_ERR);
164 		}
165 	}
166 
167 	*resp = reply;
168 	return(PAM_SUCCESS);
169 }
170