Annotation of ircnowd/src/ngircd/pam.c, Revision 1.1
1.1 ! tomglok 1: /*
! 2: * ngIRCd -- The Next Generation IRC Daemon
! 3: * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors.
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify
! 6: * it under the terms of the GNU General Public License as published by
! 7: * the Free Software Foundation; either version 2 of the License, or
! 8: * (at your option) any later version.
! 9: * Please read the file COPYING, README and AUTHORS for more information.
! 10: */
! 11:
! 12: #include "portab.h"
! 13:
! 14: #ifdef PAM
! 15:
! 16: /**
! 17: * @file
! 18: * PAM User Authentication
! 19: */
! 20:
! 21: #include <assert.h>
! 22: #include <stdlib.h>
! 23: #include <string.h>
! 24: #ifdef HAVE_SECURITY_PAM_APPL_H
! 25: # include <security/pam_appl.h>
! 26: #endif
! 27: #ifdef HAVE_PAM_PAM_APPL_H
! 28: # include <pam/pam_appl.h>
! 29: #endif
! 30:
! 31: #include "defines.h"
! 32: #include "log.h"
! 33: #include "conn.h"
! 34: #include "client.h"
! 35: #include "conf.h"
! 36:
! 37: #include "pam.h"
! 38:
! 39: static char *password;
! 40:
! 41: /**
! 42: * PAM "conversation function".
! 43: * This is a callback function used by the PAM library to get the password.
! 44: * Please see the PAM documentation for details :-)
! 45: */
! 46: static int
! 47: password_conversation(int num_msg, const struct pam_message **msg,
! 48: struct pam_response **resp, void *appdata_ptr) {
! 49: LogDebug("PAM: conv(%d, %d, '%s', '%s')",
! 50: num_msg, msg[0]->msg_style, msg[0]->msg, appdata_ptr);
! 51:
! 52: /* Can we deal with this request? */
! 53: if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) {
! 54: Log(LOG_ERR, "PAM: Unexpected PAM conversation '%d:%s'!",
! 55: msg[0]->msg_style, msg[0]->msg);
! 56: return PAM_CONV_ERR;
! 57: }
! 58:
! 59: if (!appdata_ptr) {
! 60: /* Sometimes appdata_ptr gets lost!? */
! 61: appdata_ptr = password;
! 62: }
! 63:
! 64: /* Duplicate password ("application data") for the PAM library */
! 65: *resp = calloc(num_msg, sizeof(struct pam_response));
! 66: if (!*resp) {
! 67: Log(LOG_ERR, "PAM: Out of memory!");
! 68: return PAM_CONV_ERR;
! 69: }
! 70:
! 71: (*resp)[0].resp = strdup((char *)appdata_ptr);
! 72: (*resp)[0].resp_retcode = 0;
! 73:
! 74: return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR);
! 75: }
! 76:
! 77: /**
! 78: * PAM "conversation" structure.
! 79: */
! 80: static struct pam_conv conv = {
! 81: &password_conversation,
! 82: NULL
! 83: };
! 84:
! 85: /**
! 86: * Authenticate a connecting client using PAM.
! 87: * @param Client The client to authenticate.
! 88: * @return true when authentication succeeded, false otherwise.
! 89: */
! 90: GLOBAL bool
! 91: PAM_Authenticate(CLIENT *Client) {
! 92: pam_handle_t *pam;
! 93: int retval = PAM_SUCCESS;
! 94:
! 95: LogDebug("PAM: Authenticate \"%s\" (%s) ...",
! 96: Client_OrigUser(Client), Client_Mask(Client));
! 97:
! 98: /* Set supplied client password */
! 99: if (password)
! 100: free(password);
! 101: password = strdup(Conn_Password(Client_Conn(Client)));
! 102: conv.appdata_ptr = Conn_Password(Client_Conn(Client));
! 103:
! 104: /* Initialize PAM */
! 105: retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam);
! 106: if (retval != PAM_SUCCESS) {
! 107: Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
! 108: return false;
! 109: }
! 110:
! 111: pam_set_item(pam, PAM_RUSER, Client_User(Client));
! 112: pam_set_item(pam, PAM_RHOST, Client_Hostname(Client));
! 113: #if defined(HAVE_PAM_FAIL_DELAY) && !defined(NO_PAM_FAIL_DELAY)
! 114: pam_fail_delay(pam, 0);
! 115: #endif
! 116:
! 117: /* PAM authentication ... */
! 118: retval = pam_authenticate(pam, 0);
! 119:
! 120: /* Success? */
! 121: if (retval == PAM_SUCCESS)
! 122: Log(LOG_INFO, "PAM: Authenticated \"%s\" (%s).",
! 123: Client_OrigUser(Client), Client_Mask(Client));
! 124: else
! 125: Log(LOG_ERR, "PAM: Error on \"%s\" (%s): %s",
! 126: Client_OrigUser(Client), Client_Mask(Client),
! 127: pam_strerror(pam, retval));
! 128:
! 129: /* Free PAM structures */
! 130: if (pam_end(pam, retval) != PAM_SUCCESS)
! 131: Log(LOG_ERR, "PAM: Failed to release authenticator!");
! 132:
! 133: return (retval == PAM_SUCCESS);
! 134: }
! 135:
! 136: #endif /* PAM */
! 137:
! 138: /* -eof- */
CVSweb
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pam.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [local] / ircnowd / src / ngircd