2 * pam.c Functions to access the PAM library. This was taken
3 * from the hacks that miguel a.l. paraz <map@iphil.net>
4 * did on radiusd-cistron-1.5.3 and migrated to a
7 * That, in fact, was again based on the original stuff
8 * from Jeph Blaize <jab@kiva.net> done in May 1997.
10 * Version: @(#)pam.c 1.10 14-Jul-1998 cdent@kiva.net
16 #include <sys/types.h>
17 #include <sys/socket.h>
19 #include <netinet/in.h>
28 # include <security/pam_appl.h>
39 /*************************************************************************
43 * Purpose: Dialogue between RADIUS and PAM modules.
45 * jab - stolen from pop3d
46 *************************************************************************/
48 static char *PAM_username;
49 static char *PAM_password;
50 static int PAM_error =0;
52 static int PAM_conv (int num_msg,
53 const struct pam_message **msg,
54 struct pam_response **resp,
56 int count = 0, replies = 0;
57 struct pam_response *reply = NULL;
58 int size = sizeof(struct pam_response);
60 #define GET_MEM if (reply) realloc(reply, size); else reply = malloc(size); \
61 if (!reply) return PAM_CONV_ERR; \
62 size += sizeof(struct pam_response)
63 #define COPY_STRING(s) (s) ? strdup(s) : NULL
65 for (count = 0; count < num_msg; count++) {
66 switch (msg[count]->msg_style) {
67 case PAM_PROMPT_ECHO_ON:
69 reply[replies].resp_retcode = PAM_SUCCESS;
70 reply[replies++].resp = COPY_STRING(PAM_username);
73 case PAM_PROMPT_ECHO_OFF:
75 reply[replies].resp_retcode = PAM_SUCCESS;
76 reply[replies++].resp = COPY_STRING(PAM_password);
84 /* Must be an error of some sort... */
90 if (reply) *resp = reply;
95 struct pam_conv conv = {
100 /*************************************************************************
104 * Purpose: Check the users password against the standard UNIX
105 * password table + PAM.
108 *************************************************************************/
112 * for most flexibility, passing a pamauth type to this function
113 * allows you to have multiple authentication types (i.e. multiple
114 * files associated with radius in /etc/pam.d)
116 static int pam_pass(char *name, char *passwd, const char *pamauth)
118 pam_handle_t *pamh=NULL;
122 PAM_password = passwd;
124 DEBUG("pam_pass: using pamauth string <%s> for pam.conf lookup", pamauth);
125 retval = pam_start(pamauth, name, &conv, &pamh);
126 if (retval != PAM_SUCCESS) {
127 DEBUG("pam_pass: function pam_start FAILED for <%s>. Reason: %s",
128 name, pam_strerror(pamh, retval));
132 retval = pam_authenticate(pamh, 0);
133 if (retval != PAM_SUCCESS) {
134 DEBUG("pam_pass: function pam_authenticate FAILED for <%s>. Reason: %s",
135 name, pam_strerror(pamh, retval));
140 retval = pam_acct_mgmt(pamh, 0);
141 if (retval != PAM_SUCCESS) {
142 DEBUG("pam_pass: function pam_acct_mgmt FAILED for <%s>. Reason: %s",
143 name, pam_strerror(pamh, retval));
148 DEBUG("pam_pass: authentication succeeded for <%s>", name);
153 /* translate between function declarations */
154 static int pam_auth(REQUEST *request, char *username, char *password)
158 r = pam_pass(username, password, "radiusd");
159 return (r == 0) ? RLM_AUTH_OK : RLM_AUTH_REJECT;
164 static int pam_auth(REQUEST *request, char *username, char *password)
166 return RLM_AUTH_REJECT;
173 0, /* type: reserved */
174 NULL, /* initialize */
175 NULL, /* authorize */
176 pam_auth, /* authenticate */
177 NULL, /* accounting */