1 /*
2 * Copyright (c) 2013 Red Hat, Inc.
3 * Author: Tomas Mraz <tmraz@redhat.com>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, and the entire permission notice in its entirety,
10 * including the disclaimer of warranties.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote
15 * products derived from this software without specific prior
16 * written permission.
17 *
18 * ALTERNATIVELY, this product may be distributed under the terms of
19 * the GNU Public License, in which case the provisions of the GPL are
20 * required INSTEAD OF the above restrictions. (This clause is
21 * necessary due to a potential bad interaction between the GPL and
22 * the restrictions contained in a BSD-style copyright.)
23 *
24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
28 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
30 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
32 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
34 * OF THE POSSIBILITY OF SUCH DAMAGE.
35 */
36
37 #include "config.h"
38
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <syslog.h>
43 #include <errno.h>
44 #include <unistd.h>
45 #include <signal.h>
46 #include <security/_pam_types.h>
47 #include <security/_pam_macros.h>
48 #include <security/pam_modutil.h>
49 #include "opasswd.h"
50 #include "pam_inline.h"
51
52
53 static int
54 check_history(const char *user, const char *filename, const char *debug)
55 {
56 char pass[PAM_MAX_RESP_SIZE + 1];
57 char *passwords[] = { pass };
58 int npass;
59 int dbg = atoi(debug); /* no need to be too fancy here */
60 int retval;
61
62 /* read the password from stdin (a pipe from the pam_pwhistory module) */
63 npass = pam_read_passwords(STDIN_FILENO, 1, passwords);
64
65 if (npass != 1)
66 { /* is it a valid password? */
67 helper_log_err(LOG_DEBUG, "no password supplied");
68 return PAM_AUTHTOK_ERR;
69 }
70
71 retval = check_old_pass(user, pass, filename, dbg);
72
73 pam_overwrite_array(pass); /* clear memory of the password */
74
75 return retval;
76 }
77
78 static int
79 save_history(const char *user, const char *filename, const char *howmany, const char *debug)
80 {
81 int num = atoi(howmany);
82 int dbg = atoi(debug); /* no need to be too fancy here */
83 int retval;
84
85 retval = save_old_pass(user, num, filename, dbg);
86
87 return retval;
88 }
89
90 int
91 main(int argc, char *argv[])
92 {
93 const char *option;
94 const char *user;
95 const char *filename;
96
97 /*
98 * we establish that this program is running with non-tty stdin.
99 * this is to discourage casual use.
100 */
101
102 if (isatty(STDIN_FILENO) || argc < 5)
103 {
104 fprintf(stderr,
105 "This binary is not designed for running in this way.\n");
106 return PAM_SYSTEM_ERR;
107 }
108
109 option = argv[1];
110 user = argv[2];
111 filename = argv[3];
112
113 if (strcmp(option, "check") == 0 && argc == 5)
114 return check_history(user, filename, argv[4]);
115 else if (strcmp(option, "save") == 0 && argc == 6)
116 return save_history(user, filename, argv[4], argv[5]);
117
118 fprintf(stderr, "This binary is not designed for running in this way.\n");
119
120 return PAM_SYSTEM_ERR;
121 }