diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/pam_wrapper/modules | |
parent | Initial commit. (diff) | |
download | samba-upstream.tar.xz samba-upstream.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/pam_wrapper/modules')
-rw-r--r-- | third_party/pam_wrapper/modules/pam_set_items.c | 262 |
1 files changed, 262 insertions, 0 deletions
diff --git a/third_party/pam_wrapper/modules/pam_set_items.c b/third_party/pam_wrapper/modules/pam_set_items.c new file mode 100644 index 0000000..dd09020 --- /dev/null +++ b/third_party/pam_wrapper/modules/pam_set_items.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 2015 Andreas Schneider <asn@samba.org> + * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek@posteo.se> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#include "config.h" + +#include <stdlib.h> +#include <stdio.h> +#include <stdarg.h> +#include <string.h> +#include <unistd.h> + +#ifdef HAVE_SECURITY_PAM_APPL_H +#include <security/pam_appl.h> +#endif +#ifdef HAVE_SECURITY_PAM_MODULES_H +#include <security/pam_modules.h> +#endif + +#include "config.h" + +/* GCC have printf type attribute check. */ +#ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT +#define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b))) +#else +#define PRINTF_ATTRIBUTE(a,b) +#endif /* HAVE_FUNCTION_ATTRIBUTE_FORMAT */ + +/***************** + * LOGGING + *****************/ + +enum pwrap_dbglvl_e { + PWRAP_LOG_ERROR = 0, + PWRAP_LOG_WARN, + PWRAP_LOG_DEBUG, + PWRAP_LOG_TRACE +}; + +static void pwrap_log(enum pwrap_dbglvl_e dbglvl, + const char *function, + const char *format, ...) PRINTF_ATTRIBUTE(3, 4); +# define PWRAP_LOG(dbglvl, ...) pwrap_log((dbglvl), __func__, __VA_ARGS__) + +static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl, + const char *function, + const char *format, + va_list args) PRINTF_ATTRIBUTE(3, 0); + +static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl, + const char *function, + const char *format, + va_list args) +{ + char buffer[1024]; + const char *d; + unsigned int lvl = 0; + const char *prefix = "PWRAP"; + + d = getenv("PAM_WRAPPER_DEBUGLEVEL"); + if (d != NULL) { + lvl = atoi(d); + } + + if (lvl < dbglvl) { + return; + } + + vsnprintf(buffer, sizeof(buffer), format, args); + + switch (dbglvl) { + case PWRAP_LOG_ERROR: + prefix = "PWRAP_ERROR"; + break; + case PWRAP_LOG_WARN: + prefix = "PWRAP_WARN"; + break; + case PWRAP_LOG_DEBUG: + prefix = "PWRAP_DEBUG"; + break; + case PWRAP_LOG_TRACE: + prefix = "PWRAP_TRACE"; + break; + } + + fprintf(stderr, + "%s(%d) - PAM_SET_ITEM %s: %s\n", + prefix, + (int)getpid(), + function, + buffer); +} + +static void pwrap_log(enum pwrap_dbglvl_e dbglvl, + const char *function, + const char *format, ...) +{ + va_list va; + + va_start(va, format); + pwrap_vlog(dbglvl, function, format, va); + va_end(va); +} + +#define ITEM_FILE_KEY "item_file=" + +static const char *envs[] = { +#ifndef HAVE_OPENPAM + "PAM_SERVICE", +#endif + "PAM_USER", + "PAM_USER_PROMPT", + "PAM_TTY", + "PAM_RUSER", + "PAM_RHOST", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", +#ifdef PAM_XDISPLAY + "PAM_XDISPLAY", +#endif +#ifdef PAM_AUTHTOK_TYPE + "PAM_AUTHTOK_TYPE", +#endif + NULL +}; + +static const int items[] = { +#ifndef HAVE_OPENPAM + PAM_SERVICE, +#endif + PAM_USER, + PAM_USER_PROMPT, + PAM_TTY, + PAM_RUSER, + PAM_RHOST, + PAM_AUTHTOK, + PAM_OLDAUTHTOK, +#ifdef PAM_XDISPLAY + PAM_XDISPLAY, +#endif +#ifdef PAM_AUTHTOK_TYPE + PAM_AUTHTOK_TYPE, +#endif +}; + +static void pam_setitem_env(pam_handle_t *pamh) +{ + int i; + int rv; + const char *v; + + for (i = 0; envs[i] != NULL; i++) { + v = getenv(envs[i]); + if (v == NULL) { + continue; + } + + PWRAP_LOG(PWRAP_LOG_TRACE, "%s=%s", envs[i], v); + + rv = pam_set_item(pamh, items[i], v); + if (rv != PAM_SUCCESS) { + continue; + } + } +} + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "AUTHENTICATE"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "SETCRED"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "ACCT_MGMT"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "OPEN_SESSION"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "CLOSE_SESSION"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + (void) flags; /* unused */ + (void) argc; /* unused */ + (void) argv; /* unused */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "CHAUTHTOK"); + + pam_setitem_env(pamh); + return PAM_SUCCESS; +} |