Mercurial > dropbear

annotate svr-authpam.c @ 169:21e99b6190dd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed obselete (and incorrect) comment.
author Matt Johnston <matt@ucc.asn.au>
date Fri, 07 Jan 2005 16:39:48 +0000
parents 0cfba3034be5
children 161557a9dde8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
2 * Dropbear SSH
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
4 * Copyright (c) 2004 Martin Carlsson
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
5 * Portions (c) 2004 Matt Johnston
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 * All rights reserved.
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * in the Software without restriction, including without limitation the rights
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 * furnished to do so, subject to the following conditions:
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * The above copyright notice and this permission notice shall be included in
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 * all copies or substantial portions of the Software.
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 * SOFTWARE. */
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
26 /* Validates a user password using PAM */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "includes.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "session.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "buffer.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "dbutil.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "auth.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #if defined(HAVE_SECURITY_PAM_APPL_H)
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include <security/pam_appl.h>
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #elif defined (HAVE_PAM_PAM_APPL_H)
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 #include <pam/pam_appl.h>
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 #endif
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39
127
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
40 #ifdef ENABLE_SVR_PAM_AUTH
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
41
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 struct UserDataS {
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
43 char* user;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
44 char* passwd;
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 };
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
47 /* PAM conversation function - for now we only handle one message */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 int
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 pamConvFunc(int num_msg,
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
50 const struct pam_message **msg,
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
51 struct pam_response **respp,
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
52 void *appdata_ptr) {
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
54 int rc = PAM_SUCCESS;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
55 struct pam_response* resp = NULL;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
56 struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr;
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
57
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
58 const char* message = (*msg)->msg;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
59
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
60 TRACE(("enter pamConvFunc"))
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
61
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
62 if (num_msg != 1) {
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
63 /* If you're getting here - Dropbear probably can't support your pam
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
64 * modules. This whole file is a bit of a hack around lack of
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
65 * asynchronocity in PAM anyway */
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
66 dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported.");
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
67 return PAM_CONV_ERR;
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
68 }
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
69
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
70 TRACE(("msg_style is %d", (*msg)->msg_style))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
71 if (message) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
72 TRACE(("message is '%s'", message))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
73 } else {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
74 TRACE(("null message"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
75 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
77 switch((*msg)->msg_style) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
78
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
79 case PAM_PROMPT_ECHO_OFF:
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
80
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
81 if (strcmp(message, "Password:") != 0) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
82 TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
83 rc = PAM_CONV_ERR;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
84 break;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
85 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
86
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
87 /* You have to read the PAM module-writers' docs (do we look like
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
88 * module writers? no.) to find out that the module will
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
89 * free the pam_response and its resp element - ie we _must_ malloc
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
90 * it here */
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
91 resp = (struct pam_response*) m_malloc(sizeof(struct pam_response));
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
92 memset(resp, 0, sizeof(struct pam_response));
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
93
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
94 resp->resp = m_strdup(userDatap->passwd);
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
95 m_burn(userDatap->passwd, strlen(userDatap->passwd));
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
96 (*respp) = resp;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
97 break;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
98
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
100 case PAM_PROMPT_ECHO_ON:
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
101
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
102 if ((strcmp(message, "login: " ) != 0)
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
103 && (strcmp(message, "login:" ) != 0)
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
104 && (strcmp(message, "Please enter username: " ) != 0)) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
105 TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
106 rc = PAM_CONV_ERR;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
107 break;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
108 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
109
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
110 /* You have to read the PAM module-writers' docs (do we look like
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
111 * module writers? no.) to find out that the module will
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
112 * free the pam_response and its resp element - ie we _must_ malloc
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
113 * it here */
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
114 resp = (struct pam_response*) m_malloc(sizeof(struct pam_response));
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
115 memset(resp, 0, sizeof(struct pam_response));
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
116
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
117 resp->resp = m_strdup(userDatap->user);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
118 TRACE(("userDatap->user='%s'", userDatap->user))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
119 (*respp) = resp;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
120 break;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
121
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
122 default:
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
123 TRACE(("Unknown message type"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
124 rc = PAM_CONV_ERR;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
125 break;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
126 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
127
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
128 TRACE(("leave pamConvFunc, rc %d", rc))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
129
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
130 return rc;
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131 }
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 /* Process a password auth request, sending success or failure messages as
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
134 * appropriate. To the client it looks like it's doing normal password auth (as
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
135 * opposed to keyboard-interactive or something), so the pam module has to be
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
136 * fairly standard (ie just "what's your username, what's your password, OK").
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
137 *
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
138 * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
139 * gets very messy trying to send the interactive challenges, and read the
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
140 * interactive responses, over the network. */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 void svr_auth_pam() {
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
142
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
143 struct UserDataS userData = {NULL, NULL};
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
144 struct pam_conv pamConv = {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
145 pamConvFunc,
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
146 &userData /* submitted to pamvConvFunc as appdata_ptr */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
147 };
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
149 pam_handle_t* pamHandlep = NULL;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
150
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
151 unsigned char * password = NULL;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
152 unsigned int passwordlen;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
153
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
154 int rc = PAM_SUCCESS;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
155 unsigned char changepw;
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
157 /* check if client wants to change password */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
158 changepw = buf_getbyte(ses.payload);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
159 if (changepw) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
160 /* not implemented by this server */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
161 send_msg_userauth_failure(0, 1);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
162 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
163 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
164
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
165 password = buf_getstring(ses.payload, &passwordlen);
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166
131
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
167 /* used to pass data to the PAM conversation function - don't bother with
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
168 * strdup() etc since these are touched only by our own conversation
9c372a039532 strdup() variables correctly for the PAM conversation function
Matt Johnston <matt@ucc.asn.au>
parents: 127
diff changeset
169 * function (above) which takes care of it */
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
170 userData.user = ses.authstate.printableuser;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
171 userData.passwd = password;
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
173 /* Init pam */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
174 if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
175 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n",
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
176 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
177 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
178 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
180 /* just to set it to something */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
181 if ((rc = pam_set_item(pamHandlep, PAM_TTY, "ssh") != PAM_SUCCESS)) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
182 dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n",
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
183 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
184 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
185 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
186
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
187 (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
188
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
189 /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
190
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
191 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
192 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n",
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
193 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
194 dropbear_log(LOG_WARNING,
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
195 "bad PAM password attempt for '%s' from %s",
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
196 ses.authstate.printableuser,
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
197 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
198 send_msg_userauth_failure(0, 1);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
199 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
200 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
202 if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
203 dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n",
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
204 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
205 dropbear_log(LOG_WARNING,
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
206 "bad PAM password attempt for '%s' from %s",
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
207 ses.authstate.printableuser,
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
208 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
209 send_msg_userauth_failure(0, 1);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
210 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
211 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
213 /* successful authentication */
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
214 dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
215 ses.authstate.printableuser,
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
216 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
217 send_msg_userauth_success();
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
218
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
219 cleanup:
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
220 if (password != NULL) {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
221 m_burn(password, passwordlen);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
222 m_free(password);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
223 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
224 if (pamHandlep != NULL) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
225 TRACE(("pam_end"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
226 (void) pam_end(pamHandlep, 0 /* pam_status */);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
227 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 }
127
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
229
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
230 #endif /* ENABLE_SVR_PAM_AUTH */