Sākums Izpētīt Palīdzība
Pierakstīties
SoftwareDesign
/
csu3_am335x
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Atzars: master
Atzari Tagi
csu3_am335x
/
EVSE
/
GPL
/
linux-pam-1.5.2
/
libpamc
/
test
/
modules
/
pam_secret.c

pam_secret.c 16 KB
Patstāvīgā saite Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669 
  1. /*
    2. 

  2.  * $Id$
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 1999 Andrew G. Morgan <morgan@linux.kernel.org>
    5. 

  5.  */
    6. 

  6. 

  7. /*
    8. 

  8.  * WARNING: AS WRITTEN THIS CODE IS NOT SECURE. THE MD5 IMPLEMENTATION
    9. 

  9.  *          NEEDS TO BE INTEGRATED MORE NATIVELY.
    10. 

  10.  */
    11. 

  11. 

  12. #include <fcntl.h>
    13. 

  13. #include <pwd.h>
    14. 

  14. #include <stdio.h>
    15. 

  15. #include <string.h>
    16. 

  16. #include <sys/types.h>
    17. 

  17. #include <sys/stat.h>
    18. 

  18. 

  19. #include <security/pam_modules.h>
    20. 

  20. #include <security/pam_client.h>
    21. 

  21. #include <security/_pam_macros.h>
    22. 

  22. 

  23. /*
    24. 

  24.  * This is a sample module that demonstrates the use of binary prompts
    25. 

  25.  * and how they can be used to implement sophisticated authentication
    26. 

  26.  * schemes.
    27. 

  27.  */
    28. 

  28. 

  29. struct ps_state_s {
    30. 

  30.     int retval;        /* last retval returned by the authentication fn */
    31. 

  31.     int state;         /* what state the module was in when it
    32. 

  32. 			  returned incomplete */
    33. 

  33. 

  34.     char *username;    /* the name of the local user */
    35. 

  35. 

  36.     char server_cookie[33]; /* storage for 32 bytes of server cookie */
    37. 

  37.     char client_cookie[33]; /* storage for 32 bytes of client cookie */
    38. 

  38. 

  39.     char *secret_data; /* pointer to <NUL> terminated secret_data */
    40. 

  40.     int invalid_secret;  /* indication of whether the secret is valid */
    41. 

  41. 

  42.     pamc_bp_t current_prompt;    /* place to store the current prompt */
    43. 

  43.     pamc_bp_t current_reply;     /* place to receive the reply prompt */
    44. 

  44. };
    45. 

  45. 

  46. #define PS_STATE_ID   "PAM_SECRET__STATE"
    47. 

  47. #define PS_AGENT_ID   "secret@here"
    48. 

  48. #define PS_STATE_DEAD          0
    49. 

  49. #define PS_STATE_INIT          1
    50. 

  50. #define PS_STATE_PROMPT1       2
    51. 

  51. #define PS_STATE_PROMPT2       3
    52. 

  52. 

  53. #define MAX_LEN_HOSTNAME       512
    54. 

  54. #define MAX_FILE_LINE_LEN      1024
    55. 

  55. 

  56. /*
    57. 

  57.  * Routine for generating 16*8 bits of random data represented in ASCII hex
    58. 

  58.  */
    59. 

  59. 

  60. static int generate_cookie(unsigned char *buffer_33)
    61. 

  61. {
    62. 

  62.     static const char hexarray[] = "0123456789abcdef";
    63. 

  63.     int i, fd;
    64. 

  64. 

  65.     /* fill buffer_33 with 32 hex characters (lower case) + '\0' */
    66. 

  66.     fd = open("/dev/urandom", O_RDONLY);
    67. 

  67.     if (fd < 0) {
    68. 

  68. 	D(("failed to open /dev/urandom"));
    69. 

  69. 	return 0;
    70. 

  70.     }
    71. 

  71.     read(fd, buffer_33 + 16, 16);
    72. 

  72.     close(fd);
    73. 

  73. 

  74.     /* expand top 16 bytes into 32 nibbles */
    75. 

  75.     for (i=0; i<16; ++i) {
    76. 

  76. 	buffer_33[2*i  ] = hexarray[(buffer_33[16+i] & 0xf0)>>4];
    77. 

  77. 	buffer_33[2*i+1] = hexarray[(buffer_33[16+i] & 0x0f)];
    78. 

  78.     }
    79. 

  79. 

  80.     buffer_33[32] = '\0';
    81. 

  81. 

  82.     return 1;
    83. 

  83. }
    84. 

  84. 

  85. /*
    86. 

  86.  * XXX - This is a hack, and is fundamentally insecure. Its subject to
    87. 

  87.  * all sorts of attacks not to mention the fact that all our secrets
    88. 

  88.  * will be displayed on the command line for someone doing 'ps' to
    89. 

  89.  * see. This is just for programming convenience in this instance, it
    90. 

  90.  * needs to be replaced with the md5 code. Although I am loath to
    91. 

  91.  * add yet another instance of md5 code to the Linux-PAM source code.
    92. 

  92.  * [Need to think of a cleaner way to do this for the distribution as
    93. 

  93.  * a whole...]
    94. 

  94.  */
    95. 

  95. 

  96. #define COMMAND_FORMAT "/bin/echo -n '%s|%s|%s'|/usr/bin/md5sum -"
    97. 

  97. 

  98. int create_digest(const char *d1, const char *d2, const char *d3,
    99. 

  99. 		  char *buffer_33)
    100. 

  100. {
    101. 

  101.     int length;
    102. 

  102.     char *buffer;
    103. 

  103.     FILE *pipe;
    104. 

  104. 

  105.     length = strlen(d1)+strlen(d2)+strlen(d3)+sizeof(COMMAND_FORMAT);
    106. 

  106.     buffer = malloc(length);
    107. 

  107.     if (buffer == NULL) {
    108. 

  108. 	D(("out of memory"));
    109. 

  109. 	return 0;
    110. 

  110.     }
    111. 

  111. 

  112.     sprintf(buffer, COMMAND_FORMAT, d1,d2,d3);
    113. 

  113. 

  114.     D(("executing pipe [%s]", buffer));
    115. 

  115.     pipe = popen(buffer, "r");
    116. 

  116.     memset(buffer, 0, length);
    117. 

  117.     free(buffer);
    118. 

  118. 

  119.     if (pipe == NULL) {
    120. 

  120. 	D(("failed to launch pipe"));
    121. 

  121. 	return 0;
    122. 

  122.     }
    123. 

  123. 

  124.     if (fgets(buffer_33, 33, pipe) == NULL) {
    125. 

  125. 	D(("failed to read digest"));
    126. 

  126. 	return 0;
    127. 

  127.     }
    128. 

  128. 

  129.     if (strlen(buffer_33) != 32) {
    130. 

  130. 	D(("digest was not 32 chars"));
    131. 

  131. 	return 0;
    132. 

  132.     }
    133. 

  133. 

  134.     fclose(pipe);
    135. 

  135. 

  136.     D(("done [%s]", buffer_33));
    137. 

  137. 

  138.     return 1;
    139. 

  139. }
    140. 

  140. 

  141. /*
    142. 

  142.  * method to attempt to instruct the application's conversation function
    143. 

  143.  */
    144. 

  144. 

  145. static int converse(pam_handle_t *pamh, struct ps_state_s *new)
    146. 

  146. {
    147. 

  147.     int retval;
    148. 

  148.     struct pam_conv *conv;
    149. 

  149. 

  150.     D(("called"));
    151. 

  151. 

  152.     retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
    153. 

  153.     if (retval == PAM_SUCCESS) {
    154. 

  154. 	struct pam_message msg;
    155. 

  155. 	struct pam_response *single_reply;
    156. 

  156. 	const struct pam_message *msg_ptr;
    157. 

  157. 

  158. 	memset(&msg, 0, sizeof(msg));
    159. 

  159. 	msg.msg_style = PAM_BINARY_PROMPT;
    160. 

  160. 	msg.msg = (const char *) new->current_prompt;
    161. 

  161. 	msg_ptr = &msg;
    162. 

  162. 

  163. 	single_reply = NULL;
    164. 

  164. 	retval = conv->conv(1, &msg_ptr, &single_reply, conv->appdata_ptr);
    165. 

  165. 	if (retval == PAM_SUCCESS) {
    166. 

  166. 	    if ((single_reply == NULL) || (single_reply->resp == NULL)) {
    167. 

  167. 		retval == PAM_CONV_ERR;
    168. 

  168. 	    } else {
    169. 

  169. 		new->current_reply = (pamc_bp_t) single_reply->resp;
    170. 

  170. 		single_reply->resp = NULL;
    171. 

  171. 	    }
    172. 

  172. 	}
    173. 

  173. 

  174. 	if (single_reply) {
    175. 

  175. 	    free(single_reply);
    176. 

  176. 	}
    177. 

  177.     }
    178. 

  178. 

  179. #ifdef PAM_DEBUG
    180. 

  180.     if (retval == PAM_SUCCESS) {
    181. 

  181. 	D(("reply has length=%d and control=%u",
    182. 

  182. 	   PAM_BP_LENGTH(new->current_reply),
    183. 

  183. 	   PAM_BP_CONTROL(new->current_reply)));
    184. 

  184.     }
    185. 

  185.     D(("returning %s", pam_strerror(pamh, retval)));
    186. 

  186. #endif
    187. 

  187. 

  188.     return retval;
    189. 

  189. }
    190. 

  190. 

  191. /*
    192. 

  192.  * identify the secret in question
    193. 

  193.  */
    194. 

  194. 

  195. #define SECRET_FILE_FORMAT "%s/.secret@here"
    196. 

  196. 

  197. char *identify_secret(char *identity, const char *user)
    198. 

  198. {
    199. 

  199.     struct passwd *pwd;
    200. 

  200.     char *temp;
    201. 

  201.     FILE *secrets;
    202. 

  202.     int length_id;
    203. 

  203. 

  204.     pwd = getpwnam(user);
    205. 

  205.     if ((pwd == NULL) || (pwd->pw_dir == NULL)) {
    206. 

  206. 	D(("user [%s] is not known", user));
    207. 

  207. 	return NULL;
    208. 

  208.     }
    209. 

  209. 

  210.     length_id = strlen(pwd->pw_dir) + sizeof(SECRET_FILE_FORMAT);
    211. 

  211.     temp = malloc(length_id);
    212. 

  212.     if (temp == NULL) {
    213. 

  213. 	D(("out of memory"));
    214. 

  214. 	pwd = NULL;
    215. 

  215. 	return NULL;
    216. 

  216.     }
    217. 

  217. 

  218.     sprintf(temp, SECRET_FILE_FORMAT, pwd->pw_dir);
    219. 

  219.     pwd = NULL;
    220. 

  220. 

  221.     D(("opening key file [%s]", temp));
    222. 

  222.     secrets = fopen(temp, "r");
    223. 

  223.     memset(temp, 0, length_id);
    224. 

  224. 

  225.     if (secrets == NULL) {
    226. 

  226. 	D(("failed to open key file"));
    227. 

  227. 	return NULL;
    228. 

  228.     }
    229. 

  229. 

  230.     length_id = strlen(identity);
    231. 

  231.     temp = malloc(MAX_FILE_LINE_LEN);
    232. 

  232. 

  233.     for (;;) {
    234. 

  234. 	char *secret = NULL;
    235. 

  235. 

  236. 	if (fgets(temp, MAX_FILE_LINE_LEN, secrets) == NULL) {
    237. 

  237. 	    fclose(secrets);
    238. 

  238. 	    return NULL;
    239. 

  239. 	}
    240. 

  240. 

  241. 	D(("cf[%s][%s]", identity, temp));
    242. 

  242. 	if (memcmp(temp, identity, length_id)) {
    243. 

  243. 	    continue;
    244. 

  244. 	}
    245. 

  245. 

  246. 	D(("found entry"));
    247. 

  247. 	fclose(secrets);
    248. 

  248. 

  249. 	for (secret=temp+length_id; *secret; ++secret) {
    250. 

  250. 	    if (!(*secret == ' ' || *secret == '\n' || *secret == '\t')) {
    251. 

  251. 		break;
    252. 

  252. 	    }
    253. 

  253. 	}
    254. 

  254. 

  255. 	memmove(temp, secret, MAX_FILE_LINE_LEN-(secret-(temp+length_id)));
    256. 

  256. 	secret = temp;
    257. 

  257. 

  258. 	for (; *secret; ++secret) {
    259. 

  259. 	    if (*secret == ' ' || *secret == '\n' || *secret == '\t') {
    260. 

  260. 		break;
    261. 

  261. 	    }
    262. 

  262. 	}
    263. 

  263. 

  264. 	if (*secret) {
    265. 

  265. 	    *secret = '\0';
    266. 

  266. 	}
    267. 

  267. 

  268. 	D(("secret found [%s]", temp));
    269. 

  269. 

  270. 	return temp;
    271. 

  271.     }
    272. 

  272. 

  273.     /* NOT REACHED */
    274. 

  274. }
    275. 

  275. 

  276. /*
    277. 

  277.  * function to perform the two message authentication process
    278. 

  278.  * (with support for event driven conversation functions)
    279. 

  279.  */
    280. 

  280. 

  281. static int auth_sequence(pam_handle_t *pamh,
    282. 

  282. 			 const struct ps_state_s *old, struct ps_state_s *new)
    283. 

  283. {
    284. 

  284.     const char *rhostname;
    285. 

  285.     const char *rusername;
    286. 

  286.     int retval;
    287. 

  287. 

  288.     retval = pam_get_item(pamh, PAM_RUSER, (const void **) &rusername);
    289. 

  289.     if ((retval != PAM_SUCCESS) || (rusername == NULL)) {
    290. 

  290. 	D(("failed to obtain an rusername"));
    291. 

  291. 	new->state = PS_STATE_DEAD;
    292. 

  292. 	return PAM_AUTH_ERR;
    293. 

  293.     }
    294. 

  294. 

  295.     retval = pam_get_item(pamh, PAM_RHOST, (const void **) &rhostname);
    296. 

  296.     if ((retval != PAM_SUCCESS) || (rhostname == NULL)) {
    297. 

  297. 	D(("failed to identify local hostname: ", pam_strerror(pamh, retval)));
    298. 

  298. 	new->state = PS_STATE_DEAD;
    299. 

  299. 	return PAM_AUTH_ERR;
    300. 

  300.     }
    301. 

  301. 

  302.     D(("switch on new->state=%d [%s@%s]", new->state, rusername, rhostname));
    303. 

  303.     switch (new->state) {
    304. 

  304. 

  305.     case PS_STATE_INIT:
    306. 

  306.     {
    307. 

  307. 	const char *user = NULL;
    308. 

  308. 

  309. 	retval = pam_get_user(pamh, &user, NULL);
    310. 

  310. 

  311. 	if ((retval == PAM_SUCCESS) && (user == NULL)) {
    312. 

  312. 	    D(("success but no username?"));
    313. 

  313. 	    new->state = PS_STATE_DEAD;
    314. 

  314. 	    retval = PAM_USER_UNKNOWN;
    315. 

  315. 	}
    316. 

  316. 

  317. 	if (retval != PAM_SUCCESS) {
    318. 

  318. 	    if (retval == PAM_CONV_AGAIN) {
    319. 

  319. 		retval = PAM_INCOMPLETE;
    320. 

  320. 	    } else {
    321. 

  321. 		new->state = PS_STATE_DEAD;
    322. 

  322. 	    }
    323. 

  323. 	    D(("state init failed: %s", pam_strerror(pamh, retval)));
    324. 

  324. 	    return retval;
    325. 

  325. 	}
    326. 

  326. 

  327. 	/* nothing else in this 'case' can be retried */
    328. 

  328. 

  329. 	new->username = strdup(user);
    330. 

  330. 	if (new->username == NULL) {
    331. 

  331. 	    D(("out of memory"));
    332. 

  332. 	    new->state = PS_STATE_DEAD;
    333. 

  333. 	    return PAM_BUF_ERR;
    334. 

  334. 	}
    335. 

  335. 

  336. 	if (! generate_cookie(new->server_cookie)) {
    337. 

  337. 	    D(("problem generating server cookie"));
    338. 

  338. 	    new->state = PS_STATE_DEAD;
    339. 

  339. 	    return PAM_ABORT;
    340. 

  340. 	}
    341. 

  341. 

  342. 	new->current_prompt = NULL;
    343. 

  343. 	PAM_BP_RENEW(&new->current_prompt, PAM_BPC_SELECT,
    344. 

  344. 		     sizeof(PS_AGENT_ID) + strlen(rusername) + 1
    345. 

  345. 		     + strlen(rhostname) + 1 + 32);
    346. 

  346. 	sprintf(PAM_BP_WDATA(new->current_prompt),
    347. 

  347. 		PS_AGENT_ID "/%s@%s|%.32s", rusername, rhostname,
    348. 

  348. 		new->server_cookie);
    349. 

  349. 

  350. 	/* note, the BP is guaranteed by the spec to be <NUL> terminated */
    351. 

  351. 	D(("initialization packet [%s]", PAM_BP_DATA(new->current_prompt)));
    352. 

  352. 

  353. 	/* fall through */
    354. 

  354. 	new->state = PS_STATE_PROMPT1;
    355. 

  355. 

  356. 	D(("fall through to state_prompt1"));
    357. 

  357.     }
    358. 

  358. 

  359.     case PS_STATE_PROMPT1:
    360. 

  360.     {
    361. 

  361. 	int i, length;
    362. 

  362. 

  363. 	/* send {secret@here/jdoe@client.host|<s_cookie>} */
    364. 

  364. 	retval = converse(pamh, new);
    365. 

  365. 	if (retval != PAM_SUCCESS) {
    366. 

  366. 	    if (retval == PAM_CONV_AGAIN) {
    367. 

  367. 		D(("conversation failed to complete"));
    368. 

  368. 		return PAM_INCOMPLETE;
    369. 

  369. 	    } else {
    370. 

  370. 		new->state = PS_STATE_DEAD;
    371. 

  371. 		return retval;
    372. 

  372. 	    }
    373. 

  373. 	}
    374. 

  374. 

  375. 	if (retval != PAM_SUCCESS) {
    376. 

  376. 	    D(("failed to read ruser@rhost"));
    377. 

  377. 	    new->state = PS_STATE_DEAD;
    378. 

  378. 	    return PAM_AUTH_ERR;
    379. 

  379. 	}
    380. 

  380. 

  381. 	/* expect to receive the following {<seqid>|<a_cookie>} */
    382. 

  382. 	if (new->current_reply == NULL) {
    383. 

  383. 	    D(("converstation returned [%s] but gave no reply",
    384. 

  384. 	       pam_strerror(pamh, retval)));
    385. 

  385. 	    new->state = PS_STATE_DEAD;
    386. 

  386. 	    return PAM_CONV_ERR;
    387. 

  387. 	}
    388. 

  388. 

  389. 	/* find | */
    390. 

  390. 	length = PAM_BP_LENGTH(new->current_reply);
    391. 

  391. 	for (i=0; i<length; ++i) {
    392. 

  392. 	    if (PAM_BP_RDATA(new->current_reply)[i] == '|') {
    393. 

  393. 		break;
    394. 

  394. 	    }
    395. 

  395. 	}
    396. 

  396. 	if (i >= length) {
    397. 

  397. 	    D(("malformed response (no |) of length %d", length));
    398. 

  398. 	    new->state = PS_STATE_DEAD;
    399. 

  399. 	    return PAM_CONV_ERR;
    400. 

  400. 	}
    401. 

  401. 	if ((length - ++i) != 32) {
    402. 

  402. 	    D(("cookie is incorrect length (%d,%d) %d != 32",
    403. 

  403. 	       length, i, length-i));
    404. 

  404. 	    new->state = PS_STATE_DEAD;
    405. 

  405. 	    return PAM_CONV_ERR;
    406. 

  406. 	}
    407. 

  407. 

  408. 	/* copy client cookie */
    409. 

  409. 	memcpy(new->client_cookie, PAM_BP_RDATA(new->current_reply)+i, 32);
    410. 

  410. 

  411. 	/* generate a prompt that is length(seqid) + length(|) + 32 long */
    412. 

  412. 	PAM_BP_RENEW(&new->current_prompt, PAM_BPC_OK, i+32);
    413. 

  413. 	/* copy the head of the response prompt */
    414. 

  414. 	memcpy(PAM_BP_WDATA(new->current_prompt),
    415. 

  415. 	       PAM_BP_RDATA(new->current_reply), i);
    416. 

  416. 	PAM_BP_RENEW(&new->current_reply, 0, 0);
    417. 

  417. 

  418. 	/* look up the secret */
    419. 

  419. 	new->invalid_secret = 0;
    420. 

  420. 

  421. 	if (new->secret_data == NULL) {
    422. 

  422. 	    char *ruser_rhost;
    423. 

  423. 

  424. 	    ruser_rhost = malloc(strlen(rusername)+2+strlen(rhostname));
    425. 

  425. 	    if (ruser_rhost == NULL) {
    426. 

  426. 		D(("out of memory"));
    427. 

  427. 		new->state = PS_STATE_DEAD;
    428. 

  428. 		return PAM_BUF_ERR;
    429. 

  429. 	    }
    430. 

  430. 	    sprintf(ruser_rhost, "%s@%s", rusername, rhostname);
    431. 

  431. 	    new->secret_data = identify_secret(ruser_rhost, new->username);
    432. 

  432. 

  433. 	    memset(ruser_rhost, 0, strlen(ruser_rhost));
    434. 

  434. 	    free(ruser_rhost);
    435. 

  435. 	}
    436. 

  436. 

  437. 	if (new->secret_data == NULL) {
    438. 

  438. 	    D(("secret not found for user"));
    439. 

  439. 	    new->invalid_secret = 1;
    440. 

  440. 

  441. 	    /* need to make up a secret */
    442. 

  442. 	    new->secret_data = malloc(32 + 1);
    443. 

  443. 	    if (new->secret_data == NULL) {
    444. 

  444. 		D(("out of memory"));
    445. 

  445. 		new->state = PS_STATE_DEAD;
    446. 

  446. 		return PAM_BUF_ERR;
    447. 

  447. 	    }
    448. 

  448. 	    if (! generate_cookie(new->secret_data)) {
    449. 

  449. 		D(("what's up - no fake cookie generated?"));
    450. 

  450. 		new->state = PS_STATE_DEAD;
    451. 

  451. 		return PAM_ABORT;
    452. 

  452. 	    }
    453. 

  453. 	}
    454. 

  454. 

  455. 	/* construct md5[<client_cookie>|<server_cookie>|<secret_data>] */
    456. 

  456. 	if (! create_digest(new->client_cookie, new->server_cookie,
    457. 

  457. 			    new->secret_data,
    458. 

  458. 			    PAM_BP_WDATA(new->current_prompt)+i)) {
    459. 

  459. 	    D(("md5 digesting failed"));
    460. 

  460. 	    new->state = PS_STATE_DEAD;
    461. 

  461. 	    return PAM_ABORT;
    462. 

  462. 	}
    463. 

  463. 

  464. 	/* prompt2 is now constructed - fall through to send it */
    465. 

  465.     }
    466. 

  466. 

  467.     case PS_STATE_PROMPT2:
    468. 

  468.     {
    469. 

  469. 	/* send {<seqid>|md5[<client_cookie>|<server_cookie>|<secret_data>]} */
    470. 

  470. 	retval = converse(pamh, new);
    471. 

  471. 	if (retval != PAM_SUCCESS) {
    472. 

  472. 	    if (retval == PAM_CONV_AGAIN) {
    473. 

  473. 		D(("conversation failed to complete"));
    474. 

  474. 		return PAM_INCOMPLETE;
    475. 

  475. 	    } else {
    476. 

  476. 		new->state = PS_STATE_DEAD;
    477. 

  477. 		return retval;
    478. 

  478. 	    }
    479. 

  479. 	}
    480. 

  480. 

  481. 	/* After we complete this section, we should not be able to
    482. 

  482. 	   recall this authentication function. So, we force all
    483. 

  483. 	   future calls into the weeds. */
    484. 

  484. 

  485. 	new->state = PS_STATE_DEAD;
    486. 

  486. 

  487. 	/* expect reply:{md5[<secret_data>|<server_cookie>|<client_cookie>]} */
    488. 

  488. 

  489. 	{
    490. 

  490. 	    int cf;
    491. 

  491. 	    char expectation[33];
    492. 

  492. 

  493. 	    if (!create_digest(new->secret_data, new->server_cookie,
    494. 

  494. 			       new->client_cookie, expectation)) {
    495. 

  495. 		new->state = PS_STATE_DEAD;
    496. 

  496. 		return PAM_ABORT;
    497. 

  497. 	    }
    498. 

  498. 

  499. 	    cf = strcmp(expectation, PAM_BP_RDATA(new->current_reply));
    500. 

  500. 	    memset(expectation, 0, sizeof(expectation));
    501. 

  501. 	    if (cf || new->invalid_secret) {
    502. 

  502. 		D(("failed to authenticate"));
    503. 

  503. 		return PAM_AUTH_ERR;
    504. 

  504. 	    }
    505. 

  505. 	}
    506. 

  506. 

  507. 	D(("correctly authenticated :)"));
    508. 

  508. 	return PAM_SUCCESS;
    509. 

  509.     }
    510. 

  510. 

  511.     default:
    512. 

  512. 	new->state = PS_STATE_DEAD;
    513. 

  513. 

  514.     case PS_STATE_DEAD:
    515. 

  515. 

  516. 	D(("state is currently dead/unknown"));
    517. 

  517. 	return PAM_AUTH_ERR;
    518. 

  518.     }
    519. 

  519. 

  520.     fprintf(stderr, "pam_secret: this should not be reached\n");
    521. 

  521.     return PAM_ABORT;
    522. 

  522. }
    523. 

  523. 

  524. static void clean_data(pam_handle_t *pamh, void *datum, int error_status)
    525. 

  525. {
    526. 

  526.     struct ps_state_s *data = datum;
    527. 

  527. 

  528.     D(("liberating datum=%p", datum));
    529. 

  529. 

  530.     if (data) {
    531. 

  531. 	D(("renew prompt"));
    532. 

  532. 	PAM_BP_RENEW(&data->current_prompt, 0, 0);
    533. 

  533. 	D(("renew reply"));
    534. 

  534. 	PAM_BP_RENEW(&data->current_reply, 0, 0);
    535. 

  535. 	D(("overwrite datum"));
    536. 

  536. 	memset(data, 0, sizeof(struct ps_state_s));
    537. 

  537. 	D(("liberate datum"));
    538. 

  538. 	free(data);
    539. 

  539.     }
    540. 

  540. 

  541.     D(("done."));
    542. 

  542. }
    543. 

  543. 

  544. /*
    545. 

  545.  * front end for the authentication function
    546. 

  546.  */
    547. 

  547. 

  548. int pam_sm_authenticate(pam_handle_t *pamh, int flags,
    549. 

  549. 			int argc, const char **argv)
    550. 

  550. {
    551. 

  551.     int retval;
    552. 

  552.     struct ps_state_s *new_data;
    553. 

  553.     const struct ps_state_s *old_data;
    554. 

  554. 

  555.     D(("called"));
    556. 

  556. 

  557.     new_data = calloc(1, sizeof(struct ps_state_s));
    558. 

  558.     if (new_data == NULL) {
    559. 

  559. 	D(("out of memory"));
    560. 

  560. 	return PAM_BUF_ERR;
    561. 

  561.     }
    562. 

  562.     new_data->retval = PAM_SUCCESS;
    563. 

  563. 

  564.     retval = pam_get_data(pamh, PS_STATE_ID, (const void **) &old_data);
    565. 

  565.     if (retval == PAM_SUCCESS) {
    566. 

  566. 	new_data->state = old_data->state;
    567. 

  567. 	memcpy(new_data->server_cookie, old_data->server_cookie, 32);
    568. 

  568. 	memcpy(new_data->client_cookie, old_data->client_cookie, 32);
    569. 

  569. 	if (old_data->username) {
    570. 

  570. 	    new_data->username = strdup(old_data->username);
    571. 

  571. 	}
    572. 

  572. 	if (old_data->secret_data) {
    573. 

  573. 	    new_data->secret_data = strdup(old_data->secret_data);
    574. 

  574. 	}
    575. 

  575. 	if (old_data->current_prompt) {
    576. 

  576. 	    int length;
    577. 

  577. 

  578. 	    length = PAM_BP_LENGTH(old_data->current_prompt);
    579. 

  579. 	    PAM_BP_RENEW(&new_data->current_prompt,
    580. 

  580. 			 PAM_BP_CONTROL(old_data->current_prompt), length);
    581. 

  581. 	    PAM_BP_FILL(new_data->current_prompt, 0, length,
    582. 

  582. 			PAM_BP_RDATA(old_data->current_prompt));
    583. 

  583. 	}
    584. 

  584. 	/* don't need to duplicate current_reply */
    585. 

  585.     } else {
    586. 

  586. 	old_data = NULL;
    587. 

  587. 	new_data->state = PS_STATE_INIT;
    588. 

  588.     }
    589. 

  589. 

  590.     D(("call auth_sequence"));
    591. 

  591.     new_data->retval = auth_sequence(pamh, old_data, new_data);
    592. 

  592.     D(("returned from auth_sequence"));
    593. 

  593. 

  594.     retval = pam_set_data(pamh, PS_STATE_ID, new_data, clean_data);
    595. 

  595.     if (retval != PAM_SUCCESS) {
    596. 

  596. 	D(("unable to store new_data"));
    597. 

  597.     } else {
    598. 

  598. 	retval = new_data->retval;
    599. 

  599.     }
    600. 

  600. 

  601.     old_data = new_data = NULL;
    602. 

  602. 

  603.     D(("done (%d)", retval));
    604. 

  604.     return retval;
    605. 

  605. }
    606. 

  606. 

  607. /*
    608. 

  608.  * front end for the credential setting function
    609. 

  609.  */
    610. 

  610. 

  611. #define AUTH_SESSION_TICKET_ENV_FORMAT "AUTH_SESSION_TICKET="
    612. 

  612. 

  613. int pam_sm_setcred(pam_handle_t *pamh, int flags,
    614. 

  614. 		   int argc, const char **argv)
    615. 

  615. {
    616. 

  616.     int retval;
    617. 

  617.     const struct ps_state_s *old_data;
    618. 

  618. 

  619.     D(("called"));
    620. 

  620. 

  621.     /* XXX - need to pay attention to the various flavors of call */
    622. 

  622. 

  623.     /* XXX - need provide an option to turn this feature on/off: if
    624. 

  624.        other modules want to supply an AUTH_SESSION_TICKET, we should
    625. 

  625.        leave it up to the admin which module dominiates. */
    626. 

  626. 

  627.     retval = pam_get_data(pamh, PS_STATE_ID, (const void **) &old_data);
    628. 

  628.     if (retval != PAM_SUCCESS) {
    629. 

  629. 	D(("no data to base decision on"));
    630. 

  630. 	return PAM_AUTH_ERR;
    631. 

  631.     }
    632. 

  632. 

  633.     /*
    634. 

  634.      * If ok, export a derived shared secret session ticket to the
    635. 

  635.      * client's PAM environment - the ticket has the form
    636. 

  636.      *
    637. 

  637.      * AUTH_SESSION_TICKET =
    638. 

  638.      *        md5[<server_cookie>|<secret_data>|<client_cookie>]
    639. 

  639.      *
    640. 

  640.      * This is a precursor to supporting a spoof resistant trusted
    641. 

  641.      * path mechanism. This shared secret ticket can be used to add
    642. 

  642.      * a hard-to-guess checksum to further authentication data.
    643. 

  643.      */
    644. 

  644. 

  645.     retval = old_data->retval;
    646. 

  646.     if (retval == PAM_SUCCESS) {
    647. 

  647. 	char envticket[sizeof(AUTH_SESSION_TICKET_ENV_FORMAT)+32];
    648. 

  648. 

  649. 	memcpy(envticket, AUTH_SESSION_TICKET_ENV_FORMAT,
    650. 

  650. 	       sizeof(AUTH_SESSION_TICKET_ENV_FORMAT));
    651. 

  651. 

  652. 	if (! create_digest(old_data->server_cookie, old_data->secret_data,
    653. 

  653. 			    old_data->client_cookie,
    654. 

  654. 			    envticket+sizeof(AUTH_SESSION_TICKET_ENV_FORMAT)-1
    655. 

  655. 	    )) {
    656. 

  656. 	    D(("unable to generate a digest for session ticket"));
    657. 

  657. 	    return PAM_ABORT;
    658. 

  658. 	}
    659. 

  659. 

  660. 	D(("putenv[%s]", envticket));
    661. 

  661. 	retval = pam_putenv(pamh, envticket);
    662. 

  662. 	memset(envticket, 0, sizeof(envticket));
    663. 

  663.     }
    664. 

  664. 

  665.     old_data = NULL;
    666. 

  666.     D(("done (%d)", retval));
    667. 

  667. 

  668.     return retval;
    669. 

  669. }
    670.