Return to xauth_pam_listener.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / xauth_pam |
1.1 misho 1: /* 2: * Copyright (C) 2013 Endian srl 3: * Author: Andrea Bonomi - <a.bonomi@endian.com> 4: * 5: * Permission is hereby granted, free of charge, to any person obtaining a copy 6: * of this software and associated documentation files (the "Software"), to deal 7: * in the Software without restriction, including without limitation the rights 8: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9: * copies of the Software, and to permit persons to whom the Software is 10: * furnished to do so, subject to the following conditions: 11: * 12: * The above copyright notice and this permission notice shall be included in 13: * all copies or substantial portions of the Software. 14: * 15: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21: * THE SOFTWARE. 22: */ 23: 24: #define _GNU_SOURCE 25: #include <stdio.h> 26: 27: #include "xauth_pam_listener.h" 28: 29: #include <daemon.h> 30: #include <library.h> 31: 32: #include <security/pam_appl.h> 33: 34: typedef struct private_xauth_pam_listener_t private_xauth_pam_listener_t; 35: 36: /** 37: * Private data of an xauth_pam_listener_t object. 38: */ 39: struct private_xauth_pam_listener_t { 40: 41: /** 42: * Public xauth_pam_listener_t interface. 43: */ 44: xauth_pam_listener_t public; 45: 46: /** 47: * PAM service 48: */ 49: char *service; 50: }; 51: 52: /** 53: * PAM conv callback function 54: */ 55: static int conv(int num_msg, const struct pam_message **msg, 56: struct pam_response **resp, void *data) 57: { 58: int i; 59: 60: for (i = 0; i < num_msg; i++) 61: { 62: /* ignore any text info, but fail on any interaction request */ 63: if (msg[i]->msg_style != PAM_TEXT_INFO) 64: { 65: return PAM_CONV_ERR; 66: } 67: } 68: return PAM_SUCCESS; 69: } 70: 71: METHOD(listener_t, ike_updown, bool, 72: private_xauth_pam_listener_t *this, ike_sa_t *ike_sa, bool up) 73: { 74: struct pam_conv null_conv = { 75: .conv = conv, 76: }; 77: pam_handle_t *pamh = NULL; 78: char *user; 79: int ret; 80: 81: if (asprintf(&user, "%Y", ike_sa->get_other_eap_id(ike_sa)) != -1) 82: { 83: ret = pam_start(this->service, user, &null_conv, &pamh); 84: if (ret == PAM_SUCCESS) 85: { 86: if (up) 87: { 88: ret = pam_open_session(pamh, 0); 89: if (ret != PAM_SUCCESS) 90: { 91: DBG1(DBG_IKE, "XAuth pam_open_session for '%s' failed: %s", 92: user, pam_strerror(pamh, ret)); 93: } 94: } 95: else 96: { 97: ret = pam_close_session(pamh, 0); 98: if (ret != PAM_SUCCESS) 99: { 100: DBG1(DBG_IKE, "XAuth pam_close_session for '%s' failed: %s", 101: user, pam_strerror(pamh, ret)); 102: } 103: } 104: } 105: else 106: { 107: DBG1(DBG_IKE, "XAuth pam_start for '%s' failed: %s", 108: user, pam_strerror(pamh, ret)); 109: } 110: pam_end(pamh, ret); 111: free(user); 112: } 113: return TRUE; 114: } 115: 116: METHOD(xauth_pam_listener_t, listener_destroy, void, 117: private_xauth_pam_listener_t *this) 118: { 119: free(this); 120: } 121: 122: xauth_pam_listener_t *xauth_pam_listener_create() 123: { 124: private_xauth_pam_listener_t *this; 125: 126: INIT(this, 127: .public = { 128: .listener = { 129: .ike_updown = _ike_updown, 130: }, 131: .destroy = _listener_destroy, 132: }, 133: /* Look for PAM service, with a legacy fallback for the eap-gtc plugin. 134: * Default to "login". */ 135: .service = lib->settings->get_str(lib->settings, 136: "%s.plugins.xauth-pam.pam_service", 137: lib->settings->get_str(lib->settings, 138: "%s.plugins.eap-gtc.pam_service", 139: "login", lib->ns), 140: lib->ns), 141: ); 142: 143: return &this->public; 144: }