80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major Sumit Bose <sbose@redhat.com>
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major Copyright (C) 2009 Red Hat
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major Copyright (C) 2010, rhafer@suse.de, Novell Inc.
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major This program is free software; you can redistribute it and/or modify
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major it under the terms of the GNU Lesser General Public License as published by
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major the Free Software Foundation; either version 3 of the License, or
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major (at your option) any later version.
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major This program is distributed in the hope that it will be useful,
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major but WITHOUT ANY WARRANTY; without even the implied warranty of
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major GNU Lesser General Public License for more details.
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major You should have received a copy of the GNU Lesser General Public License
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major along with this program. If not, see <http://www.gnu.org/licenses/>.
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major#define PWEXP_FLAG "pam_sss:password_expired_flag"
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major#define PW_RESET_MSG_FILENAME_TEMPLATE SSSD_CONF_DIR"/customize/%s/pam_sss_pw_reset_message.%s"
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major#define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Majorstatic void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major ret = vsnprintf(debug_msg, DEBUG_MGS_LEN, fmt, apd);
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major D(("the following message is truncated: %s", debug_msg));
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major } else if (ret < 0) {
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major D(("vsnprintf failed to format debug message!"));
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Majorstatic void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Majorstatic void close_fd(pam_handle_t *pamh, void *ptr, int err)
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major /* Nothing to do */
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major#endif /* PAM_DATA_REPLACE */
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Major D(("Closing the fd"));
80ca0b9f5ad61b2335af25d4dcf25a04ebfcbc91Peter Majorstatic void overwrite_and_free_authtoks(struct pam_items *pi)
const char *msg,
const char *reenter_msg,
char **_answer)
msg);
goto failed;
goto failed;
goto failed;
goto failed;
goto failed;
goto failed;
return PAM_SUCCESS;
return ret;
const char *domain_name,
const char *suffix)
domain_name));
return EINVAL;
goto done;
suffix);
goto done;
goto done;
goto done;
goto done;
filename);
goto done;
goto done;
goto done;
errno = 0;
goto done;
goto done;
done:
return ret;
return EINVAL;
if (ret != 0) {
if (ret != 0) {
return ret;
return PAM_BUF_ERR;
if (expire_date > 0) {
if (ret == 0) {
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
grace);
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
if (delayed_until <= 0) {
return PAM_BUF_ERR;
if (ret == 0) {
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
return PAM_BUF_ERR;
if (msg_len > 0) {
if (!user_msg) {
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
return PAM_BUF_ERR;
if (msg_len > 0) {
if (!user_msg) {
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SYSTEM_ERR;
return PAM_SUCCESS;
return PAM_BUF_ERR;
switch(type) {
return ret;
size_t p=0;
int32_t c;
return PAM_BUF_ERR;
p += sizeof(int32_t);
p += sizeof(int32_t);
return PAM_BUF_ERR;
p += sizeof(int32_t);
p += sizeof(int32_t);
return PAM_BUF_ERR;
switch(type) {
case SSS_PAM_SYSTEM_INFO:
case SSS_PAM_DOMAIN_NAME:
case SSS_ENV_ITEM:
case SSS_PAM_ENV_ITEM:
case SSS_ALL_ENV_ITEM:
case SSS_PAM_USER_INFO:
case SSS_PAM_TEXT_MSG:
case SSS_OTP:
case SSS_PAM_OTP_INFO:
case SSS_PAM_CERT_INFO:
case SSS_PASSWORD_PROMPTING:
p += len;
return PAM_SUCCESS;
return PAM_BAD_ITEM;
return PAM_USER_UNKNOWN;
return PAM_SUCCESS;
if (ret != 0) {
goto done;
errnop = 0;
if (errnop != 0) {
goto done;
goto done;
goto done;
switch (task) {
case SSS_PAM_AUTHENTICATE:
case SSS_PAM_CHAUTHTOK_PRELIM:
case SSS_PAM_CHAUTHTOK:
case SSS_PAM_ACCT_MGMT:
case SSS_PAM_OPEN_SESSION:
case SSS_PAM_SETCRED:
case SSS_PAM_CLOSE_SESSION:
case SSS_PAM_PREAUTH:
return PAM_SYSTEM_ERR;
done:
return pam_status;
const char *prompt)
return ret;
return PAM_BUF_ERR;
return PAM_SUCCESS;
return ret;
return ret;
return PAM_SYSTEM_ERR;
goto done;
goto done;
&needed_size);
goto done;
goto done;
&needed_size);
goto done;
goto done;
done:
return ret;
return EINVAL;
return ENOMEM;
return EFAULT;
return ret;
return PAM_BUF_ERR;
return PAM_SUCCESS;
&answer);
return ret;
return PAM_BUF_ERR;
return PAM_SUCCESS;
const char **domains)
*quiet_mode = false;
*retries = 0;
errno = 0;
if (errno != 0) {
*retries = 0;
*retries = 0;
if (*retries < 0) {
*retries = 0;
*quiet_mode = true;
return PAM_BUF_ERR;
return ret;
return PAM_SUCCESS;
int pam_flags)
return ret;
return ret;
return PAM_SUCCESS;
if (getuid() != 0) {
return PAM_BUF_ERR;
return PAM_BUF_ERR;
return PAM_BUF_ERR;
return ret;
return PAM_SUCCESS;
bool quiet_mode)
return PAM_SUCCESS;
return ENOMEM;
return EFAULT;
return ret;
return PAM_SUCCESS;
return PAM_SYSTEM_ERR;
return ret;
retry = false;
switch(task) {
case SSS_PAM_AUTHENTICATE:
pam_status));
return ret;
return ret;
case SSS_PAM_CHAUTHTOK:
return ret;
case SSS_PAM_ACCT_MGMT:
case SSS_PAM_SETCRED:
case SSS_PAM_OPEN_SESSION:
case SSS_PAM_CLOSE_SESSION:
return PAM_SYSTEM_ERR;
switch (task) {
case SSS_PAM_AUTHENTICATE:
* authentication, see sss_cli.h for details */
case SSS_PAM_ACCT_MGMT:
PAM_SUCCESS) {
case SSS_PAM_CHAUTHTOK:
case SSS_PAM_CHAUTHTOK_PRELIM:
getuid() == 0 &&
PAM_SUCCESS) {
if (ret != 0) {
retries > 0) {
retry = true;
retries--;
} while(retry);
return pam_status;
const char **argv )
const char **argv )
const char **argv )
const char **argv )
const char **argv )
const char **argv )
#ifdef PAM_STATIC