1 /*- 2 * Copyright (c) 2011 Dag-Erling Smørgrav 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote 14 * products derived from this software without specific prior written 15 * permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $Id: openpam_subst.c 648 2013-03-05 17:54:27Z des $ 30 */ 31 32 #ifdef HAVE_CONFIG_H 33 # include "config.h" 34 #endif 35 36 #include <security/pam_appl.h> 37 38 #include "openpam_impl.h" 39 40 #define subst_char(ch) do { \ 41 int ch_ = (ch); \ 42 if (buf && len < *bufsize) \ 43 *buf++ = ch_; \ 44 ++len; \ 45 } while (0) 46 47 #define subst_string(s) do { \ 48 const char *s_ = (s); \ 49 while (*s_) \ 50 subst_char(*s_++); \ 51 } while (0) 52 53 #define subst_item(i) do { \ 54 int i_ = (i); \ 55 const void *p_; \ 56 ret = pam_get_item(pamh, i_, &p_); \ 57 if (ret == PAM_SUCCESS && p_ != NULL) \ 58 subst_string(p_); \ 59 } while (0) 60 61 /* 62 * OpenPAM internal 63 * 64 * Substitute PAM item values in a string 65 */ 66 67 int 68 openpam_subst(const pam_handle_t *pamh, 69 char *buf, size_t *bufsize, const char *template) 70 { 71 size_t len; 72 int ret; 73 74 ENTERS(template); 75 if (template == NULL) 76 template = "(null)"; 77 78 len = 1; /* initialize to 1 for terminating NUL */ 79 ret = PAM_SUCCESS; 80 while (*template && ret == PAM_SUCCESS) { 81 if (template[0] == '%') { 82 ++template; 83 switch (*template) { 84 case 's': 85 subst_item(PAM_SERVICE); 86 break; 87 case 't': 88 subst_item(PAM_TTY); 89 break; 90 case 'h': 91 subst_item(PAM_HOST); 92 break; 93 case 'u': 94 subst_item(PAM_USER); 95 break; 96 case 'H': 97 subst_item(PAM_RHOST); 98 break; 99 case 'U': 100 subst_item(PAM_RUSER); 101 break; 102 case '\0': 103 subst_char('%'); 104 break; 105 default: 106 subst_char('%'); 107 subst_char(*template); 108 } 109 ++template; 110 } else { 111 subst_char(*template++); 112 } 113 } 114 if (buf) 115 *buf = '\0'; 116 if (ret == PAM_SUCCESS) { 117 if (len > *bufsize) 118 ret = PAM_TRY_AGAIN; 119 *bufsize = len; 120 } 121 RETURNC(ret); 122 } 123 124 /* 125 * Error codes: 126 * 127 * =pam_get_item 128 * !PAM_SYMBOL_ERR 129 * PAM_TRY_AGAIN 130 */ 131 132 /** 133 * The =openpam_subst function expands a string, substituting PAM item 134 * values for all occurrences of specific substitution codes. 135 * The =template argument points to the initial string. 136 * The result is stored in the buffer pointed to by the =buf argument; the 137 * =bufsize argument specifies the size of that buffer. 138 * The actual size of the resulting string, including the terminating NUL 139 * character, is stored in the location pointed to by the =bufsize 140 * argument. 141 * 142 * If =buf is NULL, or if the buffer is too small to hold the expanded 143 * string, =bufsize is updated to reflect the amount of space required to 144 * hold the entire string, and =openpam_subst returns =PAM_TRY_AGAIN. 145 * 146 * If =openpam_subst fails for any other reason, the =bufsize argument is 147 * untouched, but part of the buffer may still have been overwritten. 148 * 149 * Substitution codes are introduced by a percent character and correspond 150 * to PAM items: 151 * 152 * %H: 153 * Replaced by the current value of the =PAM_RHOST item. 154 * %h: 155 * Replaced by the current value of the =PAM_HOST item. 156 * %s: 157 * Replaced by the current value of the =PAM_SERVICE item. 158 * %t: 159 * Replaced by the current value of the =PAM_TTY item. 160 * %U: 161 * Replaced by the current value of the =PAM_RUSER item. 162 * %u: 163 * Replaced by the current value of the =PAM_USER item. 164 * 165 * >pam_get_authtok 166 * >pam_get_item 167 * >pam_get_user 168 * 169 * AUTHOR DES 170 */ 171