Annotation of embedaddon/strongswan/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2013 Endian srl
! 3: * Author: Andrea Bonomi - <a.bonomi@endian.com>
! 4: *
! 5: * Permission is hereby granted, free of charge, to any person obtaining a copy
! 6: * of this software and associated documentation files (the "Software"), to deal
! 7: * in the Software without restriction, including without limitation the rights
! 8: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 9: * copies of the Software, and to permit persons to whom the Software is
! 10: * furnished to do so, subject to the following conditions:
! 11: *
! 12: * The above copyright notice and this permission notice shall be included in
! 13: * all copies or substantial portions of the Software.
! 14: *
! 15: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 16: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 17: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 18: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 19: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 20: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 21: * THE SOFTWARE.
! 22: */
! 23:
! 24: #define _GNU_SOURCE
! 25: #include <stdio.h>
! 26:
! 27: #include "xauth_pam_listener.h"
! 28:
! 29: #include <daemon.h>
! 30: #include <library.h>
! 31:
! 32: #include <security/pam_appl.h>
! 33:
! 34: typedef struct private_xauth_pam_listener_t private_xauth_pam_listener_t;
! 35:
! 36: /**
! 37: * Private data of an xauth_pam_listener_t object.
! 38: */
! 39: struct private_xauth_pam_listener_t {
! 40:
! 41: /**
! 42: * Public xauth_pam_listener_t interface.
! 43: */
! 44: xauth_pam_listener_t public;
! 45:
! 46: /**
! 47: * PAM service
! 48: */
! 49: char *service;
! 50: };
! 51:
! 52: /**
! 53: * PAM conv callback function
! 54: */
! 55: static int conv(int num_msg, const struct pam_message **msg,
! 56: struct pam_response **resp, void *data)
! 57: {
! 58: int i;
! 59:
! 60: for (i = 0; i < num_msg; i++)
! 61: {
! 62: /* ignore any text info, but fail on any interaction request */
! 63: if (msg[i]->msg_style != PAM_TEXT_INFO)
! 64: {
! 65: return PAM_CONV_ERR;
! 66: }
! 67: }
! 68: return PAM_SUCCESS;
! 69: }
! 70:
! 71: METHOD(listener_t, ike_updown, bool,
! 72: private_xauth_pam_listener_t *this, ike_sa_t *ike_sa, bool up)
! 73: {
! 74: struct pam_conv null_conv = {
! 75: .conv = conv,
! 76: };
! 77: pam_handle_t *pamh = NULL;
! 78: char *user;
! 79: int ret;
! 80:
! 81: if (asprintf(&user, "%Y", ike_sa->get_other_eap_id(ike_sa)) != -1)
! 82: {
! 83: ret = pam_start(this->service, user, &null_conv, &pamh);
! 84: if (ret == PAM_SUCCESS)
! 85: {
! 86: if (up)
! 87: {
! 88: ret = pam_open_session(pamh, 0);
! 89: if (ret != PAM_SUCCESS)
! 90: {
! 91: DBG1(DBG_IKE, "XAuth pam_open_session for '%s' failed: %s",
! 92: user, pam_strerror(pamh, ret));
! 93: }
! 94: }
! 95: else
! 96: {
! 97: ret = pam_close_session(pamh, 0);
! 98: if (ret != PAM_SUCCESS)
! 99: {
! 100: DBG1(DBG_IKE, "XAuth pam_close_session for '%s' failed: %s",
! 101: user, pam_strerror(pamh, ret));
! 102: }
! 103: }
! 104: }
! 105: else
! 106: {
! 107: DBG1(DBG_IKE, "XAuth pam_start for '%s' failed: %s",
! 108: user, pam_strerror(pamh, ret));
! 109: }
! 110: pam_end(pamh, ret);
! 111: free(user);
! 112: }
! 113: return TRUE;
! 114: }
! 115:
! 116: METHOD(xauth_pam_listener_t, listener_destroy, void,
! 117: private_xauth_pam_listener_t *this)
! 118: {
! 119: free(this);
! 120: }
! 121:
! 122: xauth_pam_listener_t *xauth_pam_listener_create()
! 123: {
! 124: private_xauth_pam_listener_t *this;
! 125:
! 126: INIT(this,
! 127: .public = {
! 128: .listener = {
! 129: .ike_updown = _ike_updown,
! 130: },
! 131: .destroy = _listener_destroy,
! 132: },
! 133: /* Look for PAM service, with a legacy fallback for the eap-gtc plugin.
! 134: * Default to "login". */
! 135: .service = lib->settings->get_str(lib->settings,
! 136: "%s.plugins.xauth-pam.pam_service",
! 137: lib->settings->get_str(lib->settings,
! 138: "%s.plugins.eap-gtc.pam_service",
! 139: "login", lib->ns),
! 140: lib->ns),
! 141: );
! 142:
! 143: return &this->public;
! 144: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>