1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
2  *
3  * Copyright  (C) 2016 Red Hat, Inc.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  *  (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18  *
19  */
20 #include <config.h>
21 
22 #include <unistd.h>
23 
24 #include <security/_pam_macros.h>
25 #include <security/pam_ext.h>
26 #include <security/pam_misc.h>
27 #include <security/pam_modules.h>
28 #include <security/pam_modutil.h>
29 
30 #ifdef HAVE_KEYUTILS
31 #include <keyutils.h>
32 #endif
33 
34 int
pam_sm_authenticate(pam_handle_t * pamh,int flags,int argc,const char ** argv)35 pam_sm_authenticate (pam_handle_t  *pamh,
36                      int            flags,
37                      int            argc,
38                      const char   **argv)
39 {
40 #ifdef HAVE_KEYUTILS
41         int r;
42         void *cached_password = NULL;
43         key_serial_t serial;
44 
45         serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
46         if (serial == 0)
47                 return PAM_AUTHINFO_UNAVAIL;
48 
49         r = keyctl_read_alloc (serial, &cached_password);
50         if (r < 0 || r != strlen (cached_password))
51                 return PAM_AUTHINFO_UNAVAIL;
52 
53         r = pam_set_item (pamh, PAM_AUTHTOK, cached_password);
54 
55         free (cached_password);
56 
57         if (r < 0)
58                 return PAM_AUTH_ERR;
59         else
60                 return PAM_SUCCESS;
61 #endif
62 
63         return PAM_AUTHINFO_UNAVAIL;
64 }
65 
66 int
pam_sm_setcred(pam_handle_t * pamh,int flags,int argc,const char ** argv)67 pam_sm_setcred (pam_handle_t *pamh,
68                 int           flags,
69                 int           argc,
70                 const char  **argv)
71 {
72         return PAM_SUCCESS;
73 }
74 
75 int
pam_sm_acct_mgmt(pam_handle_t * pamh,int flags,int argc,const char ** argv)76 pam_sm_acct_mgmt (pam_handle_t  *pamh,
77                   int            flags,
78                   int            argc,
79                   const char   **argv)
80 {
81         return PAM_SUCCESS;
82 }
83 
84 int
pam_sm_chauthtok(pam_handle_t * pamh,int flags,int argc,const char ** argv)85 pam_sm_chauthtok (pam_handle_t  *pamh,
86                   int            flags,
87                   int            argc,
88                   const char   **argv)
89 {
90         return PAM_SUCCESS;
91 }
92 
93 int
pam_sm_open_session(pam_handle_t * pamh,int flags,int argc,const char ** argv)94 pam_sm_open_session (pam_handle_t  *pamh,
95                      int            flags,
96                      int            argc,
97                      const char   **argv)
98 {
99         return PAM_SUCCESS;
100 }
101 
102 int
pam_sm_close_session(pam_handle_t * pamh,int flags,int argc,const char ** argv)103 pam_sm_close_session (pam_handle_t  *pamh,
104                       int            flags,
105                       int            argc,
106                       const char   **argv)
107 {
108         return PAM_SUCCESS;
109 }
110