Mercurial > dropbear
annotate svr-authpam.c @ 121:9337c9f9a607 private-rez
PAM improvements
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 14 Sep 2004 12:51:16 +0000 |
| parents | 3394a7cb30cd |
| children | 33d976eeb859 |
| rev | line source |
|---|---|
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
| 121 | 2 * Dropbear SSH |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
| 121 | 4 * Copyright (c) 2004 Martin Carlsson |
| 5 * Portions (c) 2004 Matt Johnston | |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * All rights reserved. |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * all copies or substantial portions of the Software. |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * SOFTWARE. */ |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
| 121 | 26 /* Validates a user password using PAM */ |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "includes.h" |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "session.h" |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "buffer.h" |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "dbutil.h" |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "auth.h" |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #if defined(HAVE_SECURITY_PAM_APPL_H) |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include <security/pam_appl.h> |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #elif defined (HAVE_PAM_PAM_APPL_H) |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 #include <pam/pam_appl.h> |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 #endif |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 struct UserDataS { |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
41 char* user; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
42 char* passwd; |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 }; |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
45 /* PAM conversation function - for now we only handle one message */ |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 int |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 pamConvFunc(int num_msg, |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
48 const struct pam_message **msg, |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
49 struct pam_response **respp, |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
50 void *appdata_ptr) { |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
52 int rc = PAM_SUCCESS; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
53 struct pam_response* resp = NULL; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
54 struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr; |
| 121 | 55 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
56 const char* message = (*msg)->msg; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
57 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
58 TRACE(("enter pamConvFunc")); |
| 121 | 59 |
| 60 if (num_msg != 1) { | |
| 61 /* If you're getting here - Dropbear probably can't support your pam | |
| 62 * modules. This whole file is a bit of a hack around lack of | |
| 63 * asynchronocity in PAM anyway */ | |
| 64 dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported."); | |
| 65 return PAM_CONV_ERR; | |
| 66 } | |
| 67 | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
68 TRACE(("msg_style is %d", (*msg)->msg_style)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
69 if (message) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
70 TRACE(("message is '%s'", message)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
71 } else { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
72 TRACE(("null message")); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
73 } |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
75 switch((*msg)->msg_style) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
76 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
77 case PAM_PROMPT_ECHO_OFF: |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
78 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
79 if (strcmp(message, "Password:") != 0) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
80 TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt")); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
81 rc = PAM_CONV_ERR; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
82 break; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
83 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
84 |
| 121 | 85 /* This looks leaky, but the PAM module-writer docs |
| 86 * assure us that the caller will free it... */ | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
87 resp = (struct pam_response*) m_malloc(sizeof(struct pam_response)); |
| 121 | 88 memset(resp, 0, sizeof(struct pam_response)); |
| 89 | |
| 90 /* Safe to just use the direct pointer (no strdup) since | |
| 91 * it shouldn't be getting munged at all */ | |
| 92 resp->resp = userDatap->passwd; | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
93 (*respp) = resp; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
94 break; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
95 |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
97 case PAM_PROMPT_ECHO_ON: |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
98 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
99 if ((strcmp(message, "login: " ) != 0) |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
100 && (strcmp(message, "login:" ) != 0) |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
101 && (strcmp(message, "Please enter username: " ) != 0)) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
102 TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt")); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
103 rc = PAM_CONV_ERR; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
104 break; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
105 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
106 |
| 121 | 107 /* This looks leaky, but the PAM module-writer docs |
| 108 * assure us that the caller will free it... */ | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
109 resp = (struct pam_response*) m_malloc(sizeof(struct pam_response)); |
| 121 | 110 memset(resp, 0, sizeof(struct pam_response)); |
| 111 | |
| 112 /* Safe to just use the direct pointer (no strdup) since | |
| 113 * it shouldn't be getting munged at all */ | |
| 114 resp->resp = userDatap->user; | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
115 TRACE(("userDatap->user='%s'", userDatap->user)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
116 (*respp) = resp; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
117 break; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
118 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
119 default: |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
120 TRACE(("Unknown message type")); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
121 rc = PAM_CONV_ERR; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
122 break; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
123 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
124 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
125 TRACE(("leave pamConvFunc, rc %d", rc)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
126 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
127 return rc; |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 } |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
|
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 /* Process a password auth request, sending success or failure messages as |
| 121 | 131 * appropriate. To the client it looks like it's doing normal password auth (as |
| 132 * opposed to keyboard-interactive or something), so the pam module has to be | |
| 133 * fairly standard (ie just "what's your username, what's your password, OK"). | |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
134 * |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
135 * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
136 * gets very messy trying to send the interactive challenges, and read the |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
137 * interactive responses, over the network. */ |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 void svr_auth_pam() { |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
139 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
140 struct UserDataS userData; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
141 struct pam_conv pamConv = { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
142 pamConvFunc, |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
143 &userData /* submitted to pamvConvFunc as appdata_ptr */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
144 }; |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
146 pam_handle_t* pamHandlep = NULL; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
147 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
148 unsigned char * password = NULL; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
149 unsigned int passwordlen; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
150 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
151 int rc = PAM_SUCCESS; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
152 unsigned char changepw; |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
154 /* check if client wants to change password */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
155 changepw = buf_getbyte(ses.payload); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
156 if (changepw) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
157 /* not implemented by this server */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
158 send_msg_userauth_failure(0, 1); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
159 goto cleanup; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
160 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
161 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
162 password = buf_getstring(ses.payload, &passwordlen); |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
164 /* used to pass data to the PAM conversation function */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
165 userData.user = ses.authstate.printableuser; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
166 userData.passwd = password; |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
168 /* Init pam */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
169 if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
170 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
171 rc, pam_strerror(pamHandlep, rc)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
172 goto cleanup; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
173 } |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
175 /* just to set it to something */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
176 if ((rc = pam_set_item(pamHandlep, PAM_TTY, "ssh") != PAM_SUCCESS)) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
177 dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
178 rc, pam_strerror(pamHandlep, rc)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
179 goto cleanup; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
180 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
181 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
182 (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
183 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
184 /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
185 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
186 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
187 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
188 rc, pam_strerror(pamHandlep, rc)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
189 dropbear_log(LOG_WARNING, |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
190 "bad pam password attempt for '%s'", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
191 ses.authstate.printableuser); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
192 send_msg_userauth_failure(0, 1); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
193 goto cleanup; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
194 } |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
196 if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
197 dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
198 rc, pam_strerror(pamHandlep, rc)); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
199 dropbear_log(LOG_WARNING, |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
200 "bad pam password attempt for '%s'", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
201 ses.authstate.printableuser); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
202 send_msg_userauth_failure(0, 1); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
203 goto cleanup; |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
204 } |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 |
|
119
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
206 /* successful authentication */ |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
207 dropbear_log(LOG_NOTICE, "pam password auth succeeded for '%s'", |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
208 ses.authstate.printableuser); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
209 send_msg_userauth_success(); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
210 |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
211 cleanup: |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
212 if (password != NULL) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
213 m_burn(password, passwordlen); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
214 m_free(password); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
215 } |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
216 if (pamHandlep != NULL) { |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
217 (void) pam_end(pamHandlep, 0 /* pam_status */); |
|
3394a7cb30cd
propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents:
57
diff
changeset
|
218 } |
|
57
3b2a5a1c4347
svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 } |