xref: /freebsd/lib/libpam/modules/pam_exec/pam_exec.c (revision b52b9d56d4e96089873a75f9e29062eec19fabba) 
1 /*-
2  * Copyright (c) 2001 Networks Associates Technology, Inc.
3  * All rights reserved.
4  *
5  * This software was developed for the FreeBSD Project by ThinkSec AS and
6  * NAI Labs, the Security Research Division of Network Associates, Inc.
7  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
8  * DARPA CHATS research program.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. The name of the author may not be used to endorse or promote
19  *    products derived from this software without specific prior written
20  *    permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #include <sys/types.h>
39 #include <sys/wait.h>
40 
41 #include <errno.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <unistd.h>
45 
46 #include <security/pam_appl.h>
47 #include <security/pam_modules.h>
48 #include <security/openpam.h>
49 
50 static int
51 _pam_exec(pam_handle_t *pamh __unused, int flags __unused,
52     int argc, const char *argv[])
53 {
54 	int childerr, status;
55 	pid_t pid;
56 
57 	if (argc < 1)
58 		return (PAM_SERVICE_ERR);
59 
60 	/*
61 	 * XXX For additional credit, divert child's stdin/stdout/stderr
62 	 * to the conversation function.
63 	 */
64 	childerr = 0;
65 	if ((pid = vfork()) == 0) {
66 		execv(argv[0], argv);
67 		childerr = errno;
68 		_exit(1);
69 	} else if (pid == -1) {
70 		openpam_log(PAM_LOG_ERROR, "vfork(): %m");
71 		return (PAM_SYSTEM_ERR);
72 	}
73 	if (waitpid(pid, &status, 0) == -1) {
74 		openpam_log(PAM_LOG_ERROR, "waitpid(): %m");
75 		return (PAM_SYSTEM_ERR);
76 	}
77 	if (childerr != 0) {
78 		openpam_log(PAM_LOG_ERROR, "execv(): %m");
79 		return (PAM_SYSTEM_ERR);
80 	}
81 	if (WIFSIGNALED(status)) {
82 		openpam_log(PAM_LOG_ERROR, "%s caught signal %d%s",
83 		    argv[0], WTERMSIG(status),
84 		    WCOREDUMP(status) ? " (core dumped)" : "");
85 		return (PAM_SYSTEM_ERR);
86 	}
87 	if (!WIFEXITED(status)) {
88 		openpam_log(PAM_LOG_ERROR, "unknown status 0x%x", status);
89 		return (PAM_SYSTEM_ERR);
90 	}
91 	if (WEXITSTATUS(status) != 0) {
92 		openpam_log(PAM_LOG_ERROR, "%s returned code %d",
93 		    argv[0], WEXITSTATUS(status));
94 		return (PAM_SYSTEM_ERR);
95 	}
96 	return (PAM_SUCCESS);
97 }
98 
99 PAM_EXTERN int
100 pam_sm_authenticate(pam_handle_t *pamh, int flags,
101     int argc, const char *argv[])
102 {
103 
104 	return (_pam_exec(pamh, flags, argc, argv));
105 }
106 
107 PAM_EXTERN int
108 pam_sm_setcred(pam_handle_t *pamh, int flags,
109     int argc, const char *argv[])
110 {
111 
112 	return (_pam_exec(pamh, flags, argc, argv));
113 }
114 
115 PAM_EXTERN int
116 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
117     int argc, const char *argv[])
118 {
119 
120 	return (_pam_exec(pamh, flags, argc, argv));
121 }
122 
123 PAM_EXTERN int
124 pam_sm_open_session(pam_handle_t *pamh, int flags,
125     int argc, const char *argv[])
126 {
127 
128 	return (_pam_exec(pamh, flags, argc, argv));
129 }
130 
131 PAM_EXTERN int
132 pam_sm_close_session(pam_handle_t *pamh, int flags,
133     int argc, const char *argv[])
134 {
135 
136 	return (_pam_exec(pamh, flags, argc, argv));
137 }
138 
139 PAM_EXTERN int
140 pam_sm_chauthtok(pam_handle_t *pamh, int flags,
141     int argc, const char *argv[])
142 {
143 
144 	return (_pam_exec(pamh, flags, argc, argv));
145 }
146 
147 PAM_MODULE_ENTRY("pam_exec");
148