1 /* 2 * Constructor and destructor for PAM data. 3 * 4 * The PAM utility functions often need an initial argument that encapsulates 5 * the PAM handle, some configuration information, and possibly a Kerberos 6 * context. This implements a constructor and destructor for that data 7 * structure. 8 * 9 * The individual PAM modules should provide a definition of the pam_config 10 * struct appropriate to that module. None of the PAM utility functions need 11 * to know what that configuration struct looks like, and it must be freed 12 * before calling putil_args_free(). 13 * 14 * The canonical version of this file is maintained in the rra-c-util package, 15 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. 16 * 17 * Written by Russ Allbery <eagle@eyrie.org> 18 * Copyright 2010, 2012-2014 19 * The Board of Trustees of the Leland Stanford Junior University 20 * 21 * Permission is hereby granted, free of charge, to any person obtaining a 22 * copy of this software and associated documentation files (the "Software"), 23 * to deal in the Software without restriction, including without limitation 24 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 25 * and/or sell copies of the Software, and to permit persons to whom the 26 * Software is furnished to do so, subject to the following conditions: 27 * 28 * The above copyright notice and this permission notice shall be included in 29 * all copies or substantial portions of the Software. 30 * 31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 32 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 33 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 34 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 35 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 36 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 37 * DEALINGS IN THE SOFTWARE. 38 * 39 * SPDX-License-Identifier: MIT 40 */ 41 42 #include <config.h> 43 #ifdef HAVE_KRB5 44 # include <portable/krb5.h> 45 #endif 46 #include <portable/pam.h> 47 #include <portable/system.h> 48 49 #include <errno.h> 50 51 #include <pam-util/args.h> 52 #include <pam-util/logging.h> 53 54 55 /* 56 * Allocate a new pam_args struct and return it, or NULL on memory allocation 57 * or Kerberos initialization failure. If HAVE_KRB5 is defined, we also 58 * allocate a Kerberos context. 59 */ 60 struct pam_args * 61 putil_args_new(pam_handle_t *pamh, int flags) 62 { 63 struct pam_args *args; 64 #ifdef HAVE_KRB5 65 krb5_error_code status; 66 #endif 67 68 args = calloc(1, sizeof(struct pam_args)); 69 if (args == NULL) { 70 putil_crit(NULL, "cannot allocate memory: %s", strerror(errno)); 71 return NULL; 72 } 73 args->pamh = pamh; 74 args->silent = ((flags & PAM_SILENT) == PAM_SILENT); 75 76 #ifdef HAVE_KRB5 77 if (issetugid()) 78 status = krb5_init_secure_context(&args->ctx); 79 else 80 status = krb5_init_context(&args->ctx); 81 if (status != 0) { 82 putil_err_krb5(args, status, "cannot create Kerberos context"); 83 free(args); 84 return NULL; 85 } 86 #endif /* HAVE_KRB5 */ 87 return args; 88 } 89 90 91 /* 92 * Free a pam_args struct. The config member must be freed separately. 93 */ 94 void 95 putil_args_free(struct pam_args *args) 96 { 97 if (args == NULL) 98 return; 99 #ifdef HAVE_KRB5 100 free(args->realm); 101 if (args->ctx != NULL) 102 krb5_free_context(args->ctx); 103 #endif 104 free(args); 105 } 106