VBoxAuthPAM.c revision c58f1213e628a545081c70e26c6b67a841cff880
/** @file
*
* VirtualBox External Authentication Library:
* Linux PAM Authentication.
*/
/*
* Copyright (C) 2006-2012 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*/
/* The PAM service name.
*
* authentication rules. It is possible to use an existing service
* name, like "login" for example. But if different set of rules
* specially for VRDP authentication. Note that the name of the
* service must be lowercase. See PAM documentation for details.
*
* The Auth module takes the PAM service name from the
* environment variable VBOX_AUTH_PAM_SERVICE. If the variable
* is not specified, then the 'login' PAM service is used.
*/
#define VBOX_AUTH_PAM_SERVICE_NAME_ENV_OLD "VRDP_AUTH_PAM_SERVICE"
#define VBOX_AUTH_PAM_SERVICE_NAME_ENV "VBOX_AUTH_PAM_SERVICE"
#define VBOX_AUTH_PAM_DEFAULT_SERVICE_NAME "login"
/* The debug log file name.
*
* If defined, debug messages will be written to the file specified in the
* VBOX_AUTH_DEBUG_FILENAME (or deprecated VRDP_AUTH_DEBUG_FILENAME) environment
* variable:
*
* export VBOX_AUTH_DEBUG_FILENAME=pam.log
*
* The above will cause writing to the pam.log.
*/
#define VBOX_AUTH_DEBUG_FILENAME_ENV_OLD "VRDP_AUTH_DEBUG_FILENAME"
#define VBOX_AUTH_DEBUG_FILENAME_ENV "VBOX_AUTH_DEBUG_FILENAME"
/* Dynamic loading of the PAM library.
*
* If defined, the libpam.so is loaded dynamically.
* Enabled by default since it is often required,
* and does not harm.
*/
#define VBOX_AUTH_USE_PAM_DLLOAD
#ifdef VBOX_AUTH_USE_PAM_DLLOAD
/* The name of the PAM library */
# ifdef RT_OS_SOLARIS
# define PAM_LIB_NAME "libpam.so.1"
# elif defined(RT_OS_FREEBSD)
# define PAM_LIB_NAME "libpam.so"
# else
# define PAM_LIB_NAME "libpam.so.0"
# endif
#endif /* VBOX_AUTH_USE_PAM_DLLOAD */
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#ifndef RT_OS_FREEBSD
# include <malloc.h>
#endif
#include <security/pam_appl.h>
#include <VBox/VBoxAuth.h>
#ifdef VBOX_AUTH_USE_PAM_DLLOAD
#include <dlfcn.h>
static int (*fn_pam_start)(const char *service_name,
const char *user,
const struct pam_conv *pam_conversation,
pam_handle_t **pamh);
#else
#define fn_pam_start pam_start
#define fn_pam_authenticate pam_authenticate
#define fn_pam_acct_mgmt pam_acct_mgmt
#define fn_pam_end pam_end
#define fn_pam_strerror pam_strerror
#endif /* VBOX_AUTH_USE_PAM_DLLOAD */
static void debug_printf(const char *fmt, ...)
{
#if defined(VBOX_AUTH_DEBUG_FILENAME_ENV) || defined(VBOX_AUTH_DEBUG_FILENAME_ENV_OLD)
char buffer[1024];
#if defined(VBOX_AUTH_DEBUG_FILENAME_ENV)
#endif /* VBOX_AUTH_DEBUG_FILENAME_ENV */
#if defined(VBOX_AUTH_DEBUG_FILENAME_ENV_OLD)
{
}
#endif /* VBOX_AUTH_DEBUG_FILENAME_ENV_OLD */
if (filename)
{
FILE *f;
if (f != NULL)
{
fclose (f);
}
}
#endif /* VBOX_AUTH_DEBUG_FILENAME_ENV || VBOX_AUTH_DEBUG_FILENAME_ENV_OLD */
}
#ifdef VBOX_AUTH_USE_PAM_DLLOAD
typedef struct _SymMap
{
void **ppfn;
const char *pszName;
} SymMap;
{
{ (void **)&fn_pam_start, "pam_start" },
{ (void **)&fn_pam_authenticate, "pam_authenticate" },
{ (void **)&fn_pam_acct_mgmt, "pam_acct_mgmt" },
{ (void **)&fn_pam_end, "pam_end" },
{ (void **)&fn_pam_strerror, "pam_strerror" },
};
static int auth_pam_init(void)
{
if (!gpvLibPam)
{
return PAM_SYSTEM_ERR;
}
{
{
return PAM_SYSTEM_ERR;
}
iter++;
}
return PAM_SUCCESS;
}
static void auth_pam_close(void)
{
if (gpvLibPam)
{
}
return;
}
#else
static int auth_pam_init(void)
{
return PAM_SUCCESS;
}
static void auth_pam_close(void)
{
return;
}
#endif /* VBOX_AUTH_USE_PAM_DLLOAD */
static const char *auth_get_pam_service (void)
{
{
{
}
}
return service;
}
typedef struct _PamContext
{
char *szUser;
char *szPassword;
} PamContext;
{
int i;
struct pam_response *r;
{
debug_printf("conv: ctx is NULL\n");
return PAM_CONV_ERR;
}
debug_printf("conv: num %d u[%s] p[%d]\n", num_msg, ctx->szUser, ctx->szPassword? strlen (ctx->szPassword): 0);
if (r == NULL)
{
return PAM_CONV_ERR;
}
for (i = 0; i < num_msg; i++)
{
r[i].resp_retcode = 0;
{
}
{
}
else
{
debug_printf("conv: %d style %d: [%s]\n", i, msg[i]->msg_style, msg[i]->msg? msg[i]->msg: "(null)");
}
}
*resp = r;
return PAM_SUCCESS;
}
/* The entry point must be visible. */
#else
# ifdef VBOX_HAVE_VISIBILITY_HIDDEN
# else
# endif
#endif
/* prototype to prevent gcc warning */
const char *szUser,
const char *szPassword,
const char *szDomain,
int fLogon,
unsigned clientId);
const char *szUser,
const char *szPassword,
const char *szDomain,
int fLogon,
unsigned clientId)
{
int rc;
struct pam_conv pam_conversation;
/* Only process logon requests. */
if (!fLogon)
return result; /* Return value is ignored by the caller. */
rc = auth_pam_init ();
if (rc == PAM_SUCCESS)
{
debug_printf("init ok\n");
if (rc == PAM_SUCCESS)
{
debug_printf("start ok\n");
if (rc == PAM_SUCCESS)
{
debug_printf("auth ok\n");
if (rc == PAM_AUTHINFO_UNAVAIL
&&
{
debug_printf("PAM_AUTHINFO_UNAVAIL\n");
rc = PAM_SUCCESS;
}
if (rc == PAM_SUCCESS)
{
debug_printf("access granted\n");
}
else
{
}
}
else
{
}
}
else
{
}
auth_pam_close ();
debug_printf("auth_pam_close completed\n");
}
else
{
}
return result;
}
/* Verify the function prototype. */