From 6180f388df5004d5435cd6912445130cf260f94e Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 10 Oct 2001 05:00:11 +0000
Subject: Relevant BUGIDs: 424315

Purpose of commit: cleanup, new feature

Commit summary:
---------------
I'm adding a new module (pam_debug) that helped me to verify that
the new setcred handling did not suffer from a bug in the handling
of 'auth optional'. I'm also fixing a D(()) line from
libpam/pam_dispatch.c which was simply broken.

[There is still an outstanding backward compatibility issue with
 pam_dispatch that I'll address with respect to Bug 468724.]
---
 modules/pam_debug/pam_debug.c | 175 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 modules/pam_debug/pam_debug.c

(limited to 'modules/pam_debug/pam_debug.c')

diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
new file mode 100644
index 00000000..152b977c
--- /dev/null
+++ b/modules/pam_debug/pam_debug.c
@@ -0,0 +1,175 @@
+/* pam_permit module */
+
+/*
+ * $Id$
+ *
+ * Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
+ *
+ */
+
+#define DEFAULT_USER "nobody"
+
+#include <stdio.h>
+
+/*
+ * This module is intended as a debugging aide for determining how
+ * the PAM stack is operating.
+ *
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+
+#define _PAM_ACTION_UNDEF (-10)
+#include "../../libpam/pam_tokens.h"
+
+/* --- authentication management functions --- */
+
+static int state(pam_handle_t *pamh, const char *text)
+{
+    int retval;
+    struct pam_conv *conv;
+    struct pam_message msg[1], *mesg[1];
+    struct pam_response *response;
+
+    retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
+    if ((retval != PAM_SUCCESS) || (conv == NULL)) {
+	D(("failed to obtain conversation function"));
+	return PAM_ABORT;
+    }
+
+    msg[0].msg_style = PAM_TEXT_INFO;
+    msg[0].msg = text;
+    mesg[0] = &msg[0];
+
+    retval = conv->conv(1, (const struct pam_message **) mesg,
+			&response, conv->appdata_ptr);
+    if (retval != PAM_SUCCESS) {
+	D(("conversation failed"));
+    }
+
+    return retval;
+}
+
+static int parse_args(int retval, const char *event,
+		      pam_handle_t *pamh, int argc, const char **argv)
+{
+    int i;
+
+    for (i=0; i<argc; ++i) {
+	int length = strlen(event);
+	if (!strncmp(event, argv[i], length) && (argv[i][length] == '=')) {
+	    int j;
+	    const char *return_string = argv[i] + (length+1);
+
+	    for (j=0; j<_PAM_RETURN_VALUES; ++j) {
+		if (!strcmp(return_string, _pam_token_returns[j])) {
+		    retval = j;
+		    state(pamh, argv[i]);
+		    break;
+		}
+	    }
+	    break;
+	}
+    }
+
+    return retval;
+}
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+			const char **argv)
+{
+    int retval;
+    const char *user=NULL;
+
+    /*
+     * authentication requires we know who the user wants to be
+     */
+    retval = pam_get_user(pamh, &user, NULL);
+    if (retval != PAM_SUCCESS) {
+	D(("get user returned error: %s", pam_strerror(pamh,retval)));
+	return retval;
+    }
+    if (user == NULL || *user == '\0') {
+	D(("username not known"));
+	pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
+    }
+    user = NULL;                                            /* clean up */
+
+    retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
+
+    return retval;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, 
+		   const char **argv)
+{
+    return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv);
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+		     const char **argv)
+{
+    return parse_args(PAM_SUCCESS, "acct", pamh, argc, argv);
+}
+
+/* --- password management --- */
+
+PAM_EXTERN
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+		     const char **argv)
+{
+    if (flags & PAM_PRELIM_CHECK) {
+	return parse_args(PAM_SUCCESS, "prechauthtok", pamh, argc, argv);
+    } else {
+	return parse_args(PAM_SUCCESS, "chauthtok", pamh, argc, argv);
+    }
+}
+
+/* --- session management --- */
+
+PAM_EXTERN
+int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc,
+			const char **argv)
+{
+    return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv);
+}
+
+PAM_EXTERN
+int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
+			 ,const char **argv)
+{
+    return parse_args(PAM_SUCCESS, "close_session", pamh, argc, argv);
+}
+
+/* end of module definition */
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_permit_modstruct = {
+    "pam_debug",
+    pam_sm_authenticate,
+    pam_sm_setcred,
+    pam_sm_acct_mgmt,
+    pam_sm_open_session,
+    pam_sm_close_session,
+    pam_sm_chauthtok
+};
+
+#endif
-- 
cgit v1.2.3