Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 1 | #include "includes.h" |
Damien Miller | ec9868a | 2001-06-27 15:36:43 +1000 | [diff] [blame] | 2 | RCSID("$Id: auth2-pam.c,v 1.11 2001/06/27 05:36:44 djm Exp $"); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 3 | |
| 4 | #ifdef USE_PAM |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 5 | #include <security/pam_appl.h> |
| 6 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 7 | #include "ssh.h" |
| 8 | #include "ssh2.h" |
| 9 | #include "auth.h" |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 10 | #include "auth-pam.h" |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 11 | #include "packet.h" |
| 12 | #include "xmalloc.h" |
| 13 | #include "dispatch.h" |
Ben Lindstrom | 226cfa0 | 2001-01-22 05:34:40 +0000 | [diff] [blame] | 14 | #include "log.h" |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 15 | |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 16 | static int do_pam_conversation_kbd_int(int num_msg, |
| 17 | const struct pam_message **msg, struct pam_response **resp, |
| 18 | void *appdata_ptr); |
| 19 | void input_userauth_info_response_pam(int type, int plen, void *ctxt); |
| 20 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 21 | struct { |
| 22 | int finished, num_received, num_expected; |
| 23 | int *prompts; |
| 24 | struct pam_response *responses; |
| 25 | } context_pam2 = {0, 0, 0, NULL}; |
| 26 | |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 27 | static struct pam_conv conv2 = { |
| 28 | do_pam_conversation_kbd_int, |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 29 | NULL, |
| 30 | }; |
| 31 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 32 | int |
| 33 | auth2_pam(Authctxt *authctxt) |
| 34 | { |
| 35 | int retval = -1; |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 36 | |
| 37 | if (authctxt->user == NULL) |
| 38 | fatal("auth2_pam: internal error: no user"); |
| 39 | |
Damien Miller | 22e22bf | 2001-01-19 15:46:38 +1100 | [diff] [blame] | 40 | conv2.appdata_ptr = authctxt; |
Damien Miller | 646aa60 | 2001-02-15 11:51:32 +1100 | [diff] [blame] | 41 | do_pam_set_conv(&conv2); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 42 | |
| 43 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 44 | &input_userauth_info_response_pam); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 45 | retval = (do_pam_authenticate(0) == PAM_SUCCESS); |
| 46 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); |
| 47 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 48 | return retval; |
| 49 | } |
| 50 | |
| 51 | static int |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 52 | do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg, |
| 53 | struct pam_response **resp, void *appdata_ptr) |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 54 | { |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 55 | int i, j, done; |
| 56 | char *text; |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 57 | |
| 58 | context_pam2.finished = 0; |
| 59 | context_pam2.num_received = 0; |
| 60 | context_pam2.num_expected = 0; |
| 61 | context_pam2.prompts = xmalloc(sizeof(int) * num_msg); |
| 62 | context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg); |
| 63 | memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg); |
| 64 | |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 65 | text = NULL; |
| 66 | for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) { |
| 67 | int style = PAM_MSG_MEMBER(msg, i, msg_style); |
| 68 | switch (style) { |
| 69 | case PAM_PROMPT_ECHO_ON: |
| 70 | case PAM_PROMPT_ECHO_OFF: |
| 71 | context_pam2.num_expected++; |
| 72 | break; |
| 73 | case PAM_TEXT_INFO: |
| 74 | case PAM_ERROR_MSG: |
| 75 | default: |
| 76 | /* Capture all these messages to be sent at once */ |
| 77 | message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); |
| 78 | break; |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 79 | } |
| 80 | } |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 81 | |
| 82 | if (context_pam2.num_expected == 0) |
| 83 | return PAM_SUCCESS; |
| 84 | |
| 85 | packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); |
| 86 | packet_put_cstring(""); /* Name */ |
| 87 | packet_put_cstring(""); /* Instructions */ |
| 88 | packet_put_cstring(""); /* Language */ |
| 89 | packet_put_int(context_pam2.num_expected); |
| 90 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 91 | for (i = 0, j = 0; i < num_msg; i++) { |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 92 | int style = PAM_MSG_MEMBER(msg, i, msg_style); |
| 93 | |
| 94 | /* Skip messages which don't need a reply */ |
| 95 | if (style != PAM_PROMPT_ECHO_ON && style != PAM_PROMPT_ECHO_OFF) |
| 96 | continue; |
| 97 | |
| 98 | context_pam2.prompts[j++] = i; |
| 99 | if (text) { |
| 100 | message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 101 | packet_put_cstring(text); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 102 | text = NULL; |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 103 | } else |
| 104 | packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); |
| 105 | packet_put_char(style == PAM_PROMPT_ECHO_ON); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 106 | } |
| 107 | packet_send(); |
| 108 | packet_write_wait(); |
| 109 | |
Damien Miller | 8fa2bda | 2001-02-16 13:03:04 +1100 | [diff] [blame] | 110 | /* |
| 111 | * Grabbing control of execution and spinning until we get what |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 112 | * we want is probably rude, but it seems to work properly, and |
| 113 | * the client *should* be in lock-step with us, so the loop should |
Damien Miller | 8fa2bda | 2001-02-16 13:03:04 +1100 | [diff] [blame] | 114 | * only be traversed once. |
| 115 | */ |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 116 | while(context_pam2.finished == 0) { |
| 117 | done = 1; |
| 118 | dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 119 | if(context_pam2.finished == 0) |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 120 | debug("extra packet during conversation"); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 121 | } |
| 122 | |
| 123 | if(context_pam2.num_received == context_pam2.num_expected) { |
| 124 | *resp = context_pam2.responses; |
| 125 | return PAM_SUCCESS; |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 126 | } else |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 127 | return PAM_CONV_ERR; |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 128 | } |
| 129 | |
| 130 | void |
| 131 | input_userauth_info_response_pam(int type, int plen, void *ctxt) |
| 132 | { |
| 133 | Authctxt *authctxt = ctxt; |
| 134 | unsigned int nresp = 0, rlen = 0, i = 0; |
| 135 | char *resp; |
| 136 | |
| 137 | if (authctxt == NULL) |
| 138 | fatal("input_userauth_info_response_pam: no authentication context"); |
| 139 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 140 | nresp = packet_get_int(); /* Number of responses. */ |
| 141 | debug("got %d responses", nresp); |
| 142 | |
| 143 | for (i = 0; i < nresp; i++) { |
| 144 | int j = context_pam2.prompts[i]; |
Damien Miller | 63dc3e9 | 2001-02-07 12:58:33 +1100 | [diff] [blame] | 145 | |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 146 | resp = packet_get_string(&rlen); |
Damien Miller | b848158 | 2000-12-03 11:51:51 +1100 | [diff] [blame] | 147 | context_pam2.responses[j].resp_retcode = PAM_SUCCESS; |
| 148 | context_pam2.responses[j].resp = xstrdup(resp); |
| 149 | xfree(resp); |
| 150 | context_pam2.num_received++; |
| 151 | } |
| 152 | |
| 153 | context_pam2.finished = 1; |
| 154 | |
| 155 | packet_done(); |
| 156 | } |
| 157 | |
| 158 | #endif |