240 lines
7.0 KiB
C
240 lines
7.0 KiB
C
/***********************************************************************
|
|
* File: pam_pwcapture.c
|
|
* Author: Juan Carlos Luciani (jluciani@novell.com)
|
|
*
|
|
* Abstract: Implements a PAM module that caches the username and
|
|
* password into the SecretStore wallet.
|
|
*
|
|
* Copyright (C) 2004 Novell, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public
|
|
* License along with this library; if not, write to the Free
|
|
* Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
***********************************************************************/
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <syslog.h>
|
|
#include <stdarg.h>
|
|
#ifndef LINUX
|
|
#include <security/pam_appl.h>
|
|
#endif
|
|
|
|
#define PAM_SM_AUTH
|
|
#define PAM_SM_ACCOUNT
|
|
#define PAM_SM_PASSWORD
|
|
#define PAM_SM_SESSION
|
|
|
|
#include <security/pam_modules.h>
|
|
#include <security/_pam_macros.h>
|
|
|
|
|
|
/* ************************************************************************
|
|
* UpdateWallet()
|
|
*
|
|
* Updates the SecretStore wallet with the specified "Local" credentials.
|
|
*
|
|
* ************************************************************************/
|
|
static void
|
|
LogError(char *pFormatStr, ... )
|
|
{
|
|
va_list args;
|
|
|
|
openlog("pam_pwcapture", LOG_CONS | LOG_NOWAIT | LOG_ODELAY, LOG_USER);
|
|
va_start(args, pFormatStr);
|
|
vsyslog(LOG_USER | LOG_INFO, pFormatStr, args);
|
|
va_end(args);
|
|
closelog();
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* UpdateWallet()
|
|
*
|
|
* Updates the SecretStore wallet with the specified "Local" credentials.
|
|
*
|
|
* ************************************************************************/
|
|
void UpdateWallet(char *pUsername,
|
|
char *pPassword)
|
|
{
|
|
// Do nothing at this time
|
|
// tbd
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_authenticate()
|
|
*
|
|
* Service provider implementation for pam_authenticate().
|
|
*
|
|
* This is a PAM authentication management function.
|
|
*
|
|
* We are only interested in obtaining the username and password at this
|
|
* point and assume that the user has already been authenticated.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int
|
|
pam_sm_authenticate(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
char *pUsername = NULL;
|
|
char *pPassword = NULL;
|
|
|
|
// Obtain the username, note that we are not calling
|
|
// pam_get_user() because we assume that the user has
|
|
// already been prompted for his name based on where
|
|
// we are configured in the PAM chain.
|
|
if (pam_get_item(pamh, PAM_USER, (void*) &pUsername) == PAM_SUCCESS
|
|
&& pUsername != NULL)
|
|
{
|
|
// We got the username, now get the password.
|
|
if (pam_get_item(pamh, PAM_AUTHTOK, (void*) &pPassword) == PAM_SUCCESS
|
|
&& pPassword != NULL)
|
|
{
|
|
// We got the password, now set the information in the wallet.
|
|
UpdateWallet(pUsername, pPassword);
|
|
}
|
|
else
|
|
{
|
|
LogError("Unable to obtain password");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
LogError("Unable to obtain username");
|
|
}
|
|
|
|
// Always succeed, we do not want to risk messing up the user's login
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_setcred()
|
|
*
|
|
* Service provider implementation for pam_setcred().
|
|
*
|
|
* This is a PAM authentication management function.
|
|
*
|
|
* This function is here just for completedness and to protect against
|
|
* PAM misconfiguration.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int
|
|
pam_sm_setcred(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_acct_mgmt()
|
|
*
|
|
* Service provider implementation for pam_acct_mgmt().
|
|
*
|
|
* This is a PAM account management function.
|
|
*
|
|
* This function is here just for completedness and to protect against
|
|
* PAM misconfiguration.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int
|
|
pam_sm_acct_mgmt(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_chauthtok()
|
|
*
|
|
* Service provider implementation for pam_chauthtok().
|
|
*
|
|
* This is a PAM password management function.
|
|
*
|
|
* This function is here just for completedness and to protect against
|
|
* PAM misconfiguration.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int
|
|
pam_sm_chauthtok(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_open_session()
|
|
*
|
|
* Service provider implementation for pam_open_session().
|
|
*
|
|
* This is a PAM session management function.
|
|
*
|
|
* This function is here just for completedness and to protect against
|
|
* PAM misconfiguration.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* ************************************************************************
|
|
* pam_sm_close_session()
|
|
*
|
|
* Service provider implementation for pam_close_session().
|
|
*
|
|
* This is a PAM session management function.
|
|
*
|
|
* This function is here just for completedness and to protect against
|
|
* PAM misconfiguration.
|
|
*
|
|
* ************************************************************************/
|
|
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return PAM_SUCCESS;
|
|
}
|
|
|
|
|
|
/* static module data */
|
|
#ifdef PAM_STATIC
|
|
struct pam_module _pam_pwcapture_modstruct = {
|
|
"pam_pwcapture",
|
|
pam_sm_authenticate,
|
|
pam_sm_setcred,
|
|
pam_sm_acct_mgmt,
|
|
pam_sm_chauthtok,
|
|
pam_sm_open_session,
|
|
pam_sm_close_session
|
|
};
|
|
#endif
|
|
|