4 * $Id: pam_item.c,v 1.8 1997/02/15 15:58:49 morgan Exp morgan $
5 * $FreeBSD: src/contrib/libpam/libpam/pam_item.c,v 1.1.1.1.6.2 2001/06/11 15:28:12 markm Exp $
15 #include "pam_private.h"
21 (X) = (Y) ? _pam_strdup(Y) : NULL; \
38 IF_NO_PAMH("pam_set_item", pamh, PAM_SYSTEM_ERR);
44 /* Setting handlers_loaded to 0 will cause the handlers
45 * to be reloaded on the next call to a service module.
47 pamh->handlers.handlers_loaded = 0;
48 RESET(pamh->service_name, item);
51 for (tmp=pamh->service_name; *tmp; ++tmp)
52 *tmp = tolower(*tmp); /* require lower case */
56 RESET(pamh->user, item);
59 RESET(pamh->prompt, item);
62 D(("setting tty to %s", item));
63 RESET(pamh->tty, item);
66 RESET(pamh->ruser, item);
69 RESET(pamh->rhost, item);
73 * The man page says this is only supposed to be available to
74 * the module providers. In order to use this item the app
75 * has to #include <security/pam_modules.h>. This is something
76 * it is *not* supposed to do with "Linux-"PAM! - AGM.
79 char *_TMP_ = pamh->authtok;
80 if (_TMP_ == item) /* not changed so leave alone */
82 pamh->authtok = (item) ? _pam_strdup(item) : NULL;
84 _pam_overwrite(_TMP_);
92 char *_TMP_ = pamh->oldauthtok;
93 if (_TMP_ == item) /* not changed so leave alone */
95 pamh->oldauthtok = (item) ? _pam_strdup(item) : NULL;
97 _pam_overwrite(_TMP_);
102 case PAM_CONV: /* want to change the conversation function */
104 pam_system_log(pamh, NULL, LOG_ERR,
105 "pam_set_item: attempt to set conv() to NULL");
106 retval = PAM_PERM_DENIED;
108 struct pam_conv *tconv;
111 (struct pam_conv *) malloc(sizeof(struct pam_conv))
113 pam_system_log(pamh, NULL, LOG_CRIT,
114 "pam_set_item: malloc failed for pam_conv");
115 retval = PAM_BUF_ERR;
117 memcpy(tconv, item, sizeof(struct pam_conv));
118 _pam_drop(pamh->pam_conversation);
119 pamh->pam_conversation = tconv;
124 pamh->fail_delay.delay_fn_ptr = item;
128 char *old_ident = pamh->pam_default_log.ident;
131 /* reset the default state */
132 pamh->pam_default_log.ident = x_strdup(PAM_LOG_STATE_IDENT);
133 pamh->pam_default_log.option = PAM_LOG_STATE_OPTION;
134 pamh->pam_default_log.facility = PAM_LOG_STATE_FACILITY;
136 const struct pam_log_state *state = item;
138 pamh->pam_default_log.ident = x_strdup(state->ident);
139 pamh->pam_default_log.option = state->option;
140 pamh->pam_default_log.facility = state->facility;
142 _pam_overwrite(old_ident);
143 _pam_drop(old_ident);
148 retval = PAM_BAD_ITEM;
155 const pam_handle_t *pamh,
160 IF_NO_PAMH("pam_get_item",pamh,PAM_SYSTEM_ERR);
163 pam_system_log(pamh, NULL, LOG_ERR,
164 "pam_get_item: nowhere to place requested item");
165 return PAM_PERM_DENIED;
170 *item = pamh->service_name;
175 case PAM_USER_PROMPT:
176 *item = pamh->prompt;
179 D(("returning tty=%s", pamh->tty));
189 *item = pamh->authtok;
192 *item = pamh->oldauthtok;
195 *item = pamh->pam_conversation;
198 *item = pamh->fail_delay.delay_fn_ptr;
201 *item = &(pamh->pam_default_log);
204 /* XXX - I made this up */
211 /* added by AGM 1996/3/2 */
213 int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
215 const char *use_prompt;
217 struct pam_message msg,*pmsg;
218 struct pam_response *resp;
221 IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR);
223 if (pamh->pam_conversation == NULL) {
224 pam_system_log(pamh, NULL, LOG_ERR,
225 "pam_get_user: no conv element in pamh");
226 return PAM_SERVICE_ERR;
229 if (user == NULL) { /* ensure the the module has suplied a destination */
230 pam_system_log(pamh, NULL, LOG_ERR,
231 "pam_get_user: nowhere to record username");
232 return PAM_PERM_DENIED;
236 if (pamh->user) { /* have one so return it */
241 /* will need a prompt */
243 if (use_prompt == NULL) {
244 use_prompt = pamh->prompt;
245 if (use_prompt == NULL) {
246 use_prompt = PAM_DEFAULT_PROMPT;
250 /* If we are resuming an old conversation, we verify that the prompt
251 is the same. Anything else is an error. */
252 if (pamh->former.want_user) {
253 /* must have a prompt to resume with */
254 if (! pamh->former.prompt) {
255 pam_system_log(pamh, NULL, LOG_ERR,
256 "pam_get_user: failed to resume with prompt"
261 /* must be the same prompt as last time */
262 if (strcmp(pamh->former.prompt, use_prompt)) {
263 pam_system_log(pamh, NULL, LOG_ERR,
264 "pam_get_user: resumed with different prompt");
268 /* ok, we can resume where we left off last time */
269 pamh->former.want_user = PAM_FALSE;
270 _pam_overwrite(pamh->former.prompt);
271 _pam_drop(pamh->former.prompt);
274 /* converse with application -- prompt user for a username */
276 msg.msg_style = PAM_PROMPT_ECHO_ON;
277 msg.msg = use_prompt;
280 retval = pamh->pam_conversation->
281 conv(1, (const struct pam_message **) &pmsg, &resp,
282 pamh->pam_conversation->appdata_ptr);
284 if (retval == PAM_CONV_AGAIN) {
285 /* conversation function is waiting for an event - save state */
286 D(("conversation function is not ready yet"));
287 pamh->former.want_user = PAM_TRUE;
288 pamh->former.prompt = _pam_strdup(use_prompt);
289 } else if (resp == NULL) {
291 * conversation should have given a response
293 D(("pam_get_user: no response provided"));
294 retval = PAM_CONV_ERR;
295 } else if (retval == PAM_SUCCESS) { /* copy the username */
297 * now we set the PAM_USER item -- this was missing from pre.53
298 * releases. However, reading the Sun manual, it is part of
301 RESET(pamh->user, resp->resp);
307 * note 'resp' is allocated by the application and is
308 * correctly free()'d here
310 _pam_drop_reply(resp, 1);
313 return retval; /* pass on any error from conversation */