pam_vbox.cpp revision c633dd6d58fe9e7d95cb35b431984df3569936b2
/* $Id$ */
/** @file
* pam_vbox - PAM module for auto logons.
*/
/*
* Copyright (C) 2008-2010 Sun Microsystems, Inc.
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
* Clara, CA 95054 USA or visit http://www.sun.com if you need
* additional information or have any questions.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION
#ifdef _DEBUG
#define PAM_DEBUG
#endif
#ifdef RT_OS_SOLARIS
# include <security/pam_appl.h>
#endif
#include <security/pam_modules.h>
#include <security/pam_appl.h>
#ifdef RT_OS_LINUX
#include <security/_pam_macros.h>
#endif
#ifndef PAM_EXTERN
# define PAM_EXTERN extern
#endif
#include <pwd.h>
#include <syslog.h>
#include <iprt/initterm.h>
#include <VBox/VBoxGuestLib.h>
#define VBOX_MODULE_NAME "pam_vbox"
/** For debugging. */
#ifdef _DEBUG
static pam_handle_t *g_pam_handle;
static int g_verbosity = 99;
#else
static int g_verbosity = 0;
#endif
/**
* Write to system log.
*
* @param pszBuf Buffer to write to the log (NULL-terminated)
*/
static void pam_vbox_writesyslog(char *pszBuf)
{
#ifdef RT_OS_LINUX
closelog();
#elif defined(RT_OS_SOLARIS)
#endif
}
/**
* Displays an error message.
*
* @param pszFormat The message text.
* @param ... Format arguments.
*/
{
/** @todo is this NULL terminated? */
char *buf;
{
}
}
/**
* Displays a debug message.
*
* @param pszFormat The message text.
* @param ... Format arguments.
*/
{
/** @todo is this NULL terminated? */
char *buf;
{
if (g_verbosity)
{
/* Only do normal logging in debug mode; could contain
* sensitive data! */
/* Log to syslog */
}
}
}
int pam_vbox_do_check(pam_handle_t *h)
{
#ifdef _DEBUG
g_pam_handle = h; /* hack for getting assertion text */
#endif
/* Don't make assertions panic because the PAM stack +
* the current logon module won't work anymore (or just restart).
* This could result in not able to log into the system anymore. */
RTAssertSetMayPanic(false);
if (RT_FAILURE(rc))
{
return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
}
pam_vbox_log(h, "pam_vbox_do_check: runtime initialized.\n");
if (RT_SUCCESS(rc))
{
rc = VbglR3InitUser();
if (RT_FAILURE(rc))
{
switch(rc)
{
case VERR_ACCESS_DENIED:
pam_vbox_error(h, "pam_vbox_do_check: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting.\n");
break;
case VERR_FILE_NOT_FOUND:
pam_vbox_error(h, "pam_vbox_do_check: guest driver not found! Guest Additions installed? Aborting.\n");
break;
default:
break;
}
return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
}
pam_vbox_log(h, "pam_vbox_do_check: guest lib initialized.\n");
}
if (RT_SUCCESS(rc))
{
#ifdef RT_OS_SOLARIS
#else
#endif
pam_vbox_log(h, "pam_vbox_do_check: rhost=%s, tty=%s, prompt=%s\n",
if (RT_FAILURE(rc))
{
if (rc == VERR_NOT_FOUND)
pam_vbox_log(h, "pam_vbox_do_check: no credentials available.\n");
else
pamrc = PAM_SUCCESS;
}
else
{
char *pszUsername;
char *pszPassword;
char *pszDomain;
if (RT_FAILURE(rc))
{
}
else
{
pam_vbox_log(h, "pam_vbox_do_check: credentials retrieved: user=%s, password=%s, domain=%s\n",
/* Fill credentials into PAM. */
if (pamrc != PAM_SUCCESS)
{
}
else
{
if (pamrc != PAM_SUCCESS)
}
/** @todo Add handling domains as well. */
3 /* Three wipe passes */);
}
}
VbglR3Term();
} /* VbglR3 init okay */
#if 0 /** @todo implement RTR3Term, or create some hack to force anything containing RTR3Init to stay loaded. */
RTR3Term();
#endif
pam_vbox_log(h, "pam_vbox_do_check: returned with pamrc=%d, msg=%s\n",
/* Never report an error here because if no credentials from the host are available or something
* went wrong we then let do the authentication by the next module in the stack. */
/* We report success here because this is all we can do right now -- we passed the credentials
* password verification to "really" authenticate the user. */
return PAM_SUCCESS;
}
/**
* Performs authentication within the PAM framework.
*
* @todo
*/
{
/* Parse arguments. */
for (int i=0; i<argc; i++)
{
g_verbosity=1;
else
}
pam_vbox_log(h, "pam_vbox_authenticate called.\n");
/* Do the actual check. */
return pam_vbox_do_check(h);
}
/**
* Modifies / deletes user credentials
*
* @todo
*/
{
pam_vbox_log(h, "pam_vbox_setcred called.\n");
return PAM_SUCCESS;
}
{
pam_vbox_log(h, "pam_vbox_acct_mgmt called.\n");
return PAM_SUCCESS;
}
{
pam_vbox_log(h, "pam_vbox_open_session called.\n");
RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
return PAM_SUCCESS;
}
{
pam_vbox_log(h, "pam_vbox_close_session called.\n");
return PAM_SUCCESS;
}
{
pam_vbox_log(h, "pam_vbox_sm_chauthtok called.\n");
return PAM_SUCCESS;
}
#ifdef _DEBUG
DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
{
"\n!!Assertion Failed!!\n"
"Expression: %s\n"
"Location : %s(%d) %s\n",
}
#endif