1 /*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifdef HAVE_CONFIG_H 37 # include "config.h" 38 #endif 39 40 #include <stdlib.h> 41 #include <string.h> 42 #include <unistd.h> 43 44 #include <security/pam_appl.h> 45 46 #include "openpam_impl.h" 47 #include "openpam_strlcpy.h" 48 49 #ifdef _SC_HOST_NAME_MAX 50 #define HOST_NAME_MAX sysconf(_SC_HOST_NAME_MAX) 51 #else 52 #define HOST_NAME_MAX 1024 53 #endif 54 55 /* 56 * XSSO 4.2.1 57 * XSSO 6 page 89 58 * 59 * Initiate a PAM transaction 60 */ 61 62 int 63 pam_start(const char *service, 64 const char *user, 65 const struct pam_conv *pam_conv, 66 pam_handle_t **pamh) 67 { 68 char hostname[HOST_NAME_MAX + 1]; 69 struct pam_handle *ph; 70 int r; 71 72 ENTER(); 73 if ((ph = calloc(1, sizeof *ph)) == NULL) 74 RETURNC(PAM_BUF_ERR); 75 if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) 76 goto fail; 77 if (gethostname(hostname, sizeof hostname) != 0) 78 strlcpy(hostname, "localhost", sizeof hostname); 79 if ((r = pam_set_item(ph, PAM_HOST, hostname)) != PAM_SUCCESS) 80 goto fail; 81 if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) 82 goto fail; 83 if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) 84 goto fail; 85 if ((r = openpam_configure(ph, service)) != PAM_SUCCESS) 86 goto fail; 87 *pamh = ph; 88 openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); 89 RETURNC(PAM_SUCCESS); 90 fail: 91 pam_end(ph, r); 92 RETURNC(r); 93 } 94 95 /* 96 * Error codes: 97 * 98 * =openpam_configure 99 * =pam_set_item 100 * !PAM_SYMBOL_ERR 101 * PAM_BUF_ERR 102 */ 103 104 /** 105 * The =pam_start function creates and initializes a PAM context. 106 * 107 * The =service argument specifies the name of the policy to apply, and is 108 * stored in the =PAM_SERVICE item in the created context. 109 * 110 * The =user argument specifies the name of the target user - the user the 111 * created context will serve to authenticate. 112 * It is stored in the =PAM_USER item in the created context. 113 * 114 * The =pam_conv argument points to a =struct pam_conv describing the 115 * conversation function to use; see =pam_conv for details. 116 * 117 * >pam_get_item 118 * >pam_set_item 119 * >pam_end 120 */ 121