1 /*
2 * Constructor and destructor for PAM data.
3 *
4 * The PAM utility functions often need an initial argument that encapsulates
5 * the PAM handle, some configuration information, and possibly a Kerberos
6 * context. This implements a constructor and destructor for that data
7 * structure.
8 *
9 * The individual PAM modules should provide a definition of the pam_config
10 * struct appropriate to that module. None of the PAM utility functions need
11 * to know what that configuration struct looks like, and it must be freed
12 * before calling putil_args_free().
13 *
14 * The canonical version of this file is maintained in the rra-c-util package,
15 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
16 *
17 * Written by Russ Allbery <eagle@eyrie.org>
18 * Copyright 2010, 2012-2014
19 * The Board of Trustees of the Leland Stanford Junior University
20 *
21 * Permission is hereby granted, free of charge, to any person obtaining a
22 * copy of this software and associated documentation files (the "Software"),
23 * to deal in the Software without restriction, including without limitation
24 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
25 * and/or sell copies of the Software, and to permit persons to whom the
26 * Software is furnished to do so, subject to the following conditions:
27 *
28 * The above copyright notice and this permission notice shall be included in
29 * all copies or substantial portions of the Software.
30 *
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
34 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
36 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
37 * DEALINGS IN THE SOFTWARE.
38 *
39 * SPDX-License-Identifier: MIT
40 */
41
42 #include <config.h>
43 #ifdef HAVE_KRB5
44 # include <portable/krb5.h>
45 #endif
46 #include <portable/pam.h>
47 #include <portable/system.h>
48
49 #include <errno.h>
50
51 #include <pam-util/args.h>
52 #include <pam-util/logging.h>
53
54
55 /*
56 * Allocate a new pam_args struct and return it, or NULL on memory allocation
57 * or Kerberos initialization failure. If HAVE_KRB5 is defined, we also
58 * allocate a Kerberos context.
59 */
60 struct pam_args *
putil_args_new(pam_handle_t * pamh,int flags)61 putil_args_new(pam_handle_t *pamh, int flags)
62 {
63 struct pam_args *args;
64 #ifdef HAVE_KRB5
65 krb5_error_code status;
66 #endif
67
68 args = calloc(1, sizeof(struct pam_args));
69 if (args == NULL) {
70 putil_crit(NULL, "cannot allocate memory: %s", strerror(errno));
71 return NULL;
72 }
73 args->pamh = pamh;
74 args->silent = ((flags & PAM_SILENT) == PAM_SILENT);
75
76 #ifdef HAVE_KRB5
77 if (issetugid())
78 status = krb5_init_secure_context(&args->ctx);
79 else
80 status = krb5_init_context(&args->ctx);
81 if (status != 0) {
82 putil_err_krb5(args, status, "cannot create Kerberos context");
83 free(args);
84 return NULL;
85 }
86 #endif /* HAVE_KRB5 */
87 return args;
88 }
89
90
91 /*
92 * Free a pam_args struct. The config member must be freed separately.
93 */
94 void
putil_args_free(struct pam_args * args)95 putil_args_free(struct pam_args *args)
96 {
97 if (args == NULL)
98 return;
99 #ifdef HAVE_KRB5
100 free(args->realm);
101 if (args->ctx != NULL)
102 krb5_free_context(args->ctx);
103 #endif
104 free(args);
105 }
106