2 * Copyright (c) 2015 Andreas Schneider <asn@samba.org>
3 * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek@posteo.se>
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #ifdef HAVE_SECURITY_PAM_APPL_H
27 #include <security/pam_appl.h>
29 #ifdef HAVE_SECURITY_PAM_MODULES_H
30 #include <security/pam_modules.h>
35 /* GCC have printf type attribute check. */
36 #ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT
37 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
39 #define PRINTF_ATTRIBUTE(a,b)
40 #endif /* HAVE_FUNCTION_ATTRIBUTE_FORMAT */
53 static void pwrap_log(enum pwrap_dbglvl_e dbglvl,
55 const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
56 # define PWRAP_LOG(dbglvl, ...) pwrap_log((dbglvl), __func__, __VA_ARGS__)
58 static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl,
61 va_list args) PRINTF_ATTRIBUTE(3, 0);
63 static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl,
71 const char *prefix = "PWRAP";
73 d = getenv("PAM_WRAPPER_DEBUGLEVEL");
82 vsnprintf(buffer, sizeof(buffer), format, args);
86 prefix = "PWRAP_ERROR";
89 prefix = "PWRAP_WARN";
92 prefix = "PWRAP_DEBUG";
95 prefix = "PWRAP_TRACE";
100 "%s(%d) - PAM_SET_ITEM %s: %s\n",
107 static void pwrap_log(enum pwrap_dbglvl_e dbglvl,
108 const char *function,
109 const char *format, ...)
113 va_start(va, format);
114 pwrap_vlog(dbglvl, function, format, va);
118 #define ITEM_FILE_KEY "item_file="
120 static const char *envs[] = {
134 #ifdef PAM_AUTHTOK_TYPE
140 static const int items[] = {
154 #ifdef PAM_AUTHTOK_TYPE
159 static void pam_setitem_env(pam_handle_t *pamh)
165 for (i = 0; envs[i] != NULL; i++) {
171 PWRAP_LOG(PWRAP_LOG_TRACE, "%s=%s", envs[i], v);
173 rv = pam_set_item(pamh, items[i], v);
174 if (rv != PAM_SUCCESS) {
181 pam_sm_authenticate(pam_handle_t *pamh, int flags,
182 int argc, const char *argv[])
184 (void) flags; /* unused */
185 (void) argc; /* unused */
186 (void) argv; /* unused */
188 PWRAP_LOG(PWRAP_LOG_TRACE, "AUTHENTICATE");
190 pam_setitem_env(pamh);
195 pam_sm_setcred(pam_handle_t *pamh, int flags,
196 int argc, const char *argv[])
198 (void) flags; /* unused */
199 (void) argc; /* unused */
200 (void) argv; /* unused */
202 PWRAP_LOG(PWRAP_LOG_TRACE, "SETCRED");
204 pam_setitem_env(pamh);
209 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
210 int argc, const char *argv[])
212 (void) flags; /* unused */
213 (void) argc; /* unused */
214 (void) argv; /* unused */
216 PWRAP_LOG(PWRAP_LOG_TRACE, "ACCT_MGMT");
218 pam_setitem_env(pamh);
223 pam_sm_open_session(pam_handle_t *pamh, int flags,
224 int argc, const char *argv[])
226 (void) flags; /* unused */
227 (void) argc; /* unused */
228 (void) argv; /* unused */
230 PWRAP_LOG(PWRAP_LOG_TRACE, "OPEN_SESSION");
232 pam_setitem_env(pamh);
237 pam_sm_close_session(pam_handle_t *pamh, int flags,
238 int argc, const char *argv[])
240 (void) flags; /* unused */
241 (void) argc; /* unused */
242 (void) argv; /* unused */
244 PWRAP_LOG(PWRAP_LOG_TRACE, "CLOSE_SESSION");
246 pam_setitem_env(pamh);
251 pam_sm_chauthtok(pam_handle_t *pamh, int flags,
252 int argc, const char *argv[])
254 (void) flags; /* unused */
255 (void) argc; /* unused */
256 (void) argv; /* unused */
258 PWRAP_LOG(PWRAP_LOG_TRACE, "CHAUTHTOK");
260 pam_setitem_env(pamh);