/ [pam-modules] / trunk / pam_regex / pam_regex.c
To checkout: svn checkout http://svn.gnu.org.ua/sources/pam-modules/trunk/pam_regex/pam_regex.c
Puszcza

Contents of /trunk/pam_regex/pam_regex.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 63 - (show annotations)
Thu Mar 13 13:53:32 2008 UTC (13 years, 7 months ago) by gray
File MIME type: text/plain
File size: 5584 byte(s)
* configure.ac (PAM_COMMON_INCLUDES): Add -I${top_srcdir}/lib.
(AC_OUTPUT): Add lib/Makefile.
* doc/pam-modules.texi: Document `transform' option.
* Make.rules: New file.

* lib/mem.c, lib/slist.c, lib/log.c, lib/converse.c,
lib/graypam.h, lib/Makefile.am, lib/transform.c.

* pam_regex/pam_regex.c: Implement user name transformations.

* pam_fshadow/Makefile.am, pam_sql/Makefile.am:
Add ../lib/libgraypam.la to LDADD
* pam_fshadow/pam_fshadow.c, pam_sql/pam_mysql.c,
pam_sql/pam_pgsql.c, pam_sql/pam_sql.c: Use functions from ../lib.

1 /* This file is part of pam-modules.
2 Copyright (C) 2001, 2006, 2007, 2008 Sergey Poznyakoff
3
4 This program is free software; you can redistribute it and/or modify it
5 under the terms of the GNU General Public License as published by the
6 Free Software Foundation; either version 3 of the License, or (at your
7 option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License along
15 with this program. If not, see <http://www.gnu.org/licenses/>. */
16
17 #ifdef HAVE__PAM_ACONF_H
18 #include <security/_pam_aconf.h>
19 #endif
20
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <stdarg.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <ctype.h>
27 #include <syslog.h>
28 #include <errno.h>
29 #include <regex.h>
30
31 #include "graypam.h"
32
33 /* indicate the following groups are defined */
34 #define PAM_SM_AUTH
35
36 #ifndef LINUX_PAM
37 #include <security/pam_appl.h>
38 #endif /* LINUX_PAM */
39 #include <security/pam_modules.h>
40
41 #define CNTL_AUTHTOK 0x0010
42 #define CNTL_REGEX_FLAGS 0x0012
43
44 #define SENSE_ALLOW 0
45 #define SENSE_DENY 1
46
47 static int sense;
48 static int cntl_flags;
49 static const char *regex = NULL;
50 static int regex_flags = REG_NOSUB;
51 static const char *transform = NULL;
52 static const char *user_name;
53
54 static void
55 _pam_parse(pam_handle_t *pamh, int argc, const char **argv)
56 {
57 int ctrl = 0;
58
59 gray_log_init(0, MODULE_NAME, LOG_AUTHPRIV);
60
61 /* step through arguments */
62 for (; argc-- > 0; ++argv) {
63
64 /* generic options */
65
66 if (!strncmp(*argv, "debug", 5)) {
67 ctrl |= CNTL_DEBUG;
68 if ((*argv)[5] == '=')
69 CNTL_SET_DEBUG_LEV(ctrl, atoi(*argv + 6));
70 else
71 CNTL_SET_DEBUG_LEV(ctrl, 1);
72 } else if (!strcmp(*argv, "audit"))
73 ctrl |= CNTL_AUDIT;
74 else if (!strncmp(*argv, "waitdebug", 9))
75 WAITDEBUG(*argv + 9);
76 else if (!strcmp(*argv, "use_authtok"))
77 ctrl |= CNTL_AUTHTOK;
78 else if (!strncmp(*argv, "sense=", 6)) {
79 if (strcmp(*argv + 6, "deny") == 0)
80 sense = SENSE_DENY;
81 else if (strcmp(*argv + 6, "allow") == 0)
82 sense = SENSE_ALLOW;
83 else
84 _pam_log(LOG_ERR,"unknown sense value: %s",
85 *argv + 6);
86 } else if (!strncmp(*argv, "transform=", 10))
87 transform = *argv + 10;
88 else if (!strncmp(*argv, "user=",5))
89 user_name = *argv + 5;
90 else if (!strncmp(*argv, "regex=", 6))
91 regex = *argv + 6;
92 else if (!strcmp(*argv, "extended")) {
93 regex_flags |= REG_EXTENDED;
94 ctrl |= CNTL_REGEX_FLAGS;
95 } else if (!strcmp(*argv, "basic")) {
96 regex_flags &= ~REG_EXTENDED;
97 ctrl |= CNTL_REGEX_FLAGS;
98 } else if (!strcmp(*argv, "icase")
99 || !strcmp(*argv, "ignore-case")) {
100 regex_flags |= REG_ICASE;
101 ctrl |= CNTL_REGEX_FLAGS;
102 } else if (!strcmp(*argv, "case")) {
103 regex_flags &= ~REG_ICASE;
104 ctrl |= CNTL_REGEX_FLAGS;
105 } else {
106 _pam_log(LOG_ERR,
107 "unknown option: %s", *argv);
108 }
109 }
110 if (!regex)
111 _pam_log(LOG_ERR, "regex not specified");
112 if (user_name && transform)
113 _pam_log(LOG_ERR, "Both `user' and `transform' are given");
114 if (!(ctrl & CNTL_REGEX_FLAGS))
115 regex_flags |= REG_EXTENDED;
116 cntl_flags = ctrl;
117 }
118
119 /*
120 * PAM framework looks for these entry-points to pass control to the
121 * authentication module.
122 */
123
124 /* Fun starts here :)
125
126 * pam_sm_authenticate() performs authentication
127 *
128 */
129
130 PAM_EXTERN int
131 pam_sm_authenticate(pam_handle_t *pamh,
132 int flags,
133 int argc,
134 const char **argv)
135 {
136 int retval, rc;
137 char *name;
138 regex_t rx;
139 regmatch_t rmatch[2];
140
141 _pam_parse(pamh, argc, argv);
142
143 DEBUG(100,("enter pam_sm_authenticate"));
144
145 if (!regex)
146 return PAM_AUTHINFO_UNAVAIL;
147
148 gray_pam_init(PAM_AUTHINFO_UNAVAIL);
149
150 /*
151 * get username
152 */
153 retval = pam_get_user(pamh, (const char**)&name, "login: ");
154 if (retval == PAM_SUCCESS) {
155 DEBUG(10, ("username [%s] obtained", name));
156 } else {
157 _pam_log(LOG_NOTICE, "can't get username");
158 return PAM_AUTHINFO_UNAVAIL;
159 }
160
161 if (transform) {
162 char *newname;
163 gray_slist_t slist;
164
165 gray_set_transform_expr(transform);
166 slist = gray_slist_create();
167 gray_transform_name_to_slist(slist, name, &newname);
168 DEBUG(100,("new name: %s", newname));
169 MAKE_STR(pamh, newname, name);
170 pam_set_item(pamh, PAM_AUTHTOK, name);
171 }
172
173 if (regex) {
174 for (;;) {
175
176 if (rc = regcomp(&rx, regex, regex_flags)) {
177 char errbuf[512];
178 regerror (rc, &rx, errbuf, sizeof (errbuf));
179 _pam_log(LOG_ERR, "can't compile regex: %s",
180 errbuf);
181 retval = PAM_AUTHINFO_UNAVAIL;
182 break;
183 }
184
185 retval = regexec(&rx, name, 2, rmatch, 0);
186 if (retval) {
187 DEBUG(1,("%s does not match %s",name,regex));
188 }
189
190 switch (sense) {
191 case SENSE_ALLOW:
192 break;
193
194 case SENSE_DENY:
195 retval = !retval;
196 break;
197
198 }
199
200 if (retval != PAM_SUCCESS) {
201 _pam_log(LOG_NOTICE, "rejecting %s", name);
202 retval = PAM_AUTH_ERR;
203 if (user_name)
204 retval = pam_set_item(pamh, PAM_USER,
205 strdup(user_name));
206 } else
207 _pam_log(LOG_NOTICE, "allowing %s", name);
208 break;
209 }
210 }
211
212 DEBUG(100,("exit pam_sm_authenticate: %d", retval));
213 return retval;
214 }
215
216 PAM_EXTERN int
217 pam_sm_setcred(pam_handle_t *pamh,
218 int flags,
219 int argc,
220 const char **argv)
221 {
222 return PAM_SUCCESS;
223 }
224
225 #ifdef PAM_STATIC
226
227 struct pam_module _pam_radius_modstruct = {
228 "pam_regex", /* name of the module */
229 pam_sm_authenticate,
230 pam_sm_setcred,
231 NULL,
232 NULL,
233 NULL,
234 NULL
235 };
236
237 #endif

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

Send suggestions and bug reports to Sergey Poznyakoff
ViewVC Help
Powered by ViewVC 1.1.20