1 /*
2 * Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, and the entire permission notice in its entirety,
9 * including the disclaimer of warranties.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote
14 * products derived from this software without specific prior
15 * written permission.
16 *
17 * ALTERNATIVELY, this product may be distributed under the terms of
18 * the GNU Public License, in which case the provisions of the GPL are
19 * required INSTEAD OF the above restrictions. (This clause is
20 * necessary due to a potential bad interaction between the GPL and
21 * the restrictions contained in a BSD-style copyright.)
22 *
23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
27 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 * OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 #if defined(HAVE_CONFIG_H)
37 #include "config.h"
38 #endif
39
40 #include <errno.h>
41 #include <stdio.h>
42 #include <fcntl.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <unistd.h>
46 #include <limits.h>
47 #include <syslog.h>
48 #include <sys/types.h>
49 #include <sys/stat.h>
50
51 #ifndef HOST_NAME_MAX
52 #define HOST_NAME_MAX 255
53 #endif
54
55 #include <security/pam_modules.h>
56 #include <security/pam_modutil.h>
57 #include <security/_pam_macros.h>
58 #include <security/pam_ext.h>
59 #include "pam_inline.h"
60
61 static int
62 replace_and_print (pam_handle_t *pamh, const char *mesg)
63 {
64 char *output;
65 size_t length = strlen (mesg) + PAM_MAX_MSG_SIZE;
66 char myhostname[HOST_NAME_MAX+1];
67 const void *str = NULL;
68 const char *p, *q;
69 int item;
70 size_t len;
71
72 output = malloc (length);
73 if (output == NULL)
74 {
75 pam_syslog (pamh, LOG_CRIT, "running out of memory");
76 return PAM_BUF_ERR;
77 }
78
79 for (p = mesg, len = 0; *p != '\0' && len < length - 1; ++p)
80 {
81 if (*p != '%' || p[1] == '\0')
82 {
83 output[len++] = *p;
84 continue;
85 }
86 switch (*++p)
87 {
88 case 'H':
89 item = PAM_RHOST;
90 break;
91 case 'h':
92 item = -2; /* aka PAM_LOCALHOST */
93 break;
94 case 's':
95 item = PAM_SERVICE;
96 break;
97 case 't':
98 item = PAM_TTY;
99 break;
100 case 'U':
101 item = PAM_RUSER;
102 break;
103 case 'u':
104 item = PAM_USER;
105 break;
106 default:
107 output[len++] = *p;
108 continue;
109 }
110 if (item == -2)
111 {
112 if (gethostname (myhostname, sizeof (myhostname)) == -1)
113 str = NULL;
114 else
115 str = &myhostname;
116 }
117 else
118 {
119 if (pam_get_item (pamh, item, &str) != PAM_SUCCESS)
120 str = NULL;
121 }
122 if (str == NULL)
123 str = "(null)";
124 for (q = str; *q != '\0' && len < length - 1; ++q)
125 output[len++] = *q;
126 }
127 output[len] = '\0';
128
129 pam_info (pamh, "%s", output);
130 free (output);
131
132 return PAM_SUCCESS;
133 }
134
135 static int
136 pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv)
137 {
138 int fd;
139 int orig_argc = argc;
140 const char **orig_argv = argv;
141 const char *file = NULL;
142 int retval;
143
144 if (flags & PAM_SILENT)
145 return PAM_IGNORE;
146
147 for (; argc-- > 0; ++argv)
148 {
149 const char *str = pam_str_skip_prefix(*argv, "file=");
150 if (str != NULL)
151 file = str;
152 }
153
154 /* No file= option, use argument for output. */
155 if (file == NULL || file[0] == '\0')
156 {
157 char msg[PAM_MAX_MSG_SIZE];
158 const char *p;
159 int i;
160 size_t len;
161
162 for (i = 0, len = 0; i < orig_argc && len < sizeof (msg) - 1; ++i)
163 {
164 if (i > 0)
165 msg[len++] = ' ';
166 for (p = orig_argv[i]; *p != '\0' && len < sizeof(msg) - 1; ++p)
167 msg[len++] = *p;
168 }
169 msg[len] = '\0';
170
171 retval = replace_and_print (pamh, msg);
172 }
173 else if ((fd = open (file, O_RDONLY, 0)) >= 0)
174 {
175 char *mtmp = NULL;
176 struct stat st;
177
178 /* load file into message buffer. */
179 if ((fstat (fd, &st) < 0) || !st.st_size)
180 {
181 close (fd);
182 return PAM_IGNORE;
183 }
184
185 mtmp = malloc (st.st_size + 1);
186 if (!mtmp)
187 {
188 close (fd);
189 return PAM_BUF_ERR;
190 }
191
192 if (pam_modutil_read (fd, mtmp, st.st_size) == -1)
193 {
194 pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file);
195 free (mtmp);
196 close (fd);
197 return PAM_IGNORE;
198 }
199
200 if (mtmp[st.st_size - 1] == '\n')
201 mtmp[st.st_size - 1] = '\0';
202 else
203 mtmp[st.st_size] = '\0';
204
205 close (fd);
206 retval = replace_and_print (pamh, mtmp);
207 free (mtmp);
208 }
209 else
210 {
211 pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", file);
212 retval = PAM_IGNORE;
213 }
214 return retval;
215 }
216
217 int
218 pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
219 const char **argv)
220 {
221 return pam_echo (pamh, flags, argc, argv);
222 }
223
224 int
225 pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
226 int argc UNUSED, const char **argv UNUSED)
227 {
228 return PAM_IGNORE;
229 }
230
231 int
232 pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc,
233 const char **argv)
234 {
235 return pam_echo (pamh, flags, argc, argv);
236 }
237
238 int
239 pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
240 const char **argv)
241 {
242 return pam_echo (pamh, flags, argc, argv);
243 }
244
245 int
246 pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED,
247 int argc UNUSED, const char **argv UNUSED)
248 {
249 return PAM_IGNORE;
250 }
251
252 int
253 pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc,
254 const char **argv)
255 {
256 if (flags & PAM_PRELIM_CHECK)
257 return pam_echo (pamh, flags, argc, argv);
258 else
259 return PAM_IGNORE;
260 }