/*********************************************************************** * File: pam_pwcapture.c * Author: Juan Carlos Luciani (jluciani@novell.com) * * Abstract: Implements a PAM module that caches the username and * password into the SecretStore wallet. * * Copyright (C) 2004 Novell, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Library General Public License for more details. * * You should have received a copy of the GNU General Public * License along with this library; if not, write to the Free * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ***********************************************************************/ #define _GNU_SOURCE #include #include #ifndef LINUX #include #endif #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_PASSWORD #define PAM_SM_SESSION #include #include /* ************************************************************************ * UpdateWallet() * * Updates the SecretStore wallet with the specified "Local" credentials. * * ************************************************************************/ static void LogError(char *pFormatStr, ... ) { va_list args; openlog("pam_pwcapture", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER); va_start(args, pFormatStr); vsyslog(LOG_USER | LOG_INFO, pFormatStr, args); va_end(args); closelog(); } /* ************************************************************************ * UpdateWallet() * * Updates the SecretStore wallet with the specified "Local" credentials. * * ************************************************************************/ void UpdateWallet(char *pUsername, char *pPassword) { // Do nothing at this time // tbd } /* ************************************************************************ * pam_sm_authenticate() * * Service provider implementation for pam_authenticate(). * * This is a PAM authentication management function. * * We are only interested in obtaining the username and password at this * point and assume that the user has already been authenticated. * * ************************************************************************/ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *pUsername = NULL; char *pPassword = NULL; // Obtain the username, note that we are not calling // pam_get_user() because we assume that the user has // already been prompted for his name based on where // we are configured in the PAM chain. if (pam_get_item(pamh, PAM_USER, (void*) &pUsername) == PAM_SUCCESS && pUsername != NULL) { // We got the username, now get the password. if (pam_get_item(pamh, PAM_AUTHTOK, (void*) &pPassword) == PAM_SUCCESS && pPassword != NULL) { // We got the password, now set the information in the wallet. UpdateWallet(pUsername, pPassword); } else { LogError("Unable to obtain password"); } } else { LogError("Unable to obtain username"); } // Always succeed, we do not want to risk messing up the user's login return PAM_SUCCESS; } /* ************************************************************************ * pam_sm_setcred() * * Service provider implementation for pam_setcred(). * * This is a PAM authentication management function. * * This function is here just for completedness and to protect against * PAM misconfiguration. * * ************************************************************************/ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { return PAM_SUCCESS; } /* ************************************************************************ * pam_sm_acct_mgmt() * * Service provider implementation for pam_acct_mgmt(). * * This is a PAM account management function. * * This function is here just for completedness and to protect against * PAM misconfiguration. * * ************************************************************************/ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return PAM_SUCCESS; } /* ************************************************************************ * pam_sm_chauthtok() * * Service provider implementation for pam_chauthtok(). * * This is a PAM password management function. * * This function is here just for completedness and to protect against * PAM misconfiguration. * * ************************************************************************/ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { return PAM_SUCCESS; } /* ************************************************************************ * pam_sm_open_session() * * Service provider implementation for pam_open_session(). * * This is a PAM session management function. * * This function is here just for completedness and to protect against * PAM misconfiguration. * * ************************************************************************/ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return PAM_SUCCESS; } /* ************************************************************************ * pam_sm_close_session() * * Service provider implementation for pam_close_session(). * * This is a PAM session management function. * * This function is here just for completedness and to protect against * PAM misconfiguration. * * ************************************************************************/ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return PAM_SUCCESS; } /* static module data */ #ifdef PAM_STATIC struct pam_module _pam_pwcapture_modstruct = { "pam_pwcapture", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_chauthtok, pam_sm_open_session, pam_sm_close_session }; #endif