2 * CDE - Common Desktop Environment
4 * Copyright (c) 1993-2012, The Open Group. All rights reserved.
6 * These libraries and programs are free software; you can
7 * redistribute them and/or modify them under the terms of the GNU
8 * Lesser General Public License as published by the Free Software
9 * Foundation; either version 2 of the License, or (at your option)
12 * These libraries and programs are distributed in the hope that
13 * they will be useful, but WITHOUT ANY WARRANTY; without even the
14 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
15 * PURPOSE. See the GNU Lesser General Public License for more
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with these libraries and programs; if not, write
20 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
21 * Floor, Boston, MA 02110-1301 USA
23 /* $XConsortium: sample_authenticate.c /main/2 1996/05/09 04:29:50 drk $ */
25 * Copyright (c) 1995, by Sun Microsystems, Inc.
26 * All rights reserved.
29 #ident "@(#)sample_authenticate.c 1.14 96/01/15 SMI"
31 #include <security/pam_appl.h>
32 #include <security/pam_modules.h>
36 #include <sys/types.h>
41 #include "sample_utils.h"
47 * Sample module for pam_sm_authenticate.
54 * first_pass_good (first password is always good when used with use/try)
55 * first_pass_bad (first password is always bad when used with use/try)
56 * pass=foobar (set good password to "foobar". default good password
58 * always_fail always return PAM_AUTH_ERR
59 * always_succeed always return PAM_SUCCESS
66 * pam_sm_authenticate - Authenticate user
77 struct pam_conv *pam_convp;
78 int err, result = PAM_AUTH_ERR;
79 struct pam_response *ret_resp = (struct pam_response *)0;
80 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
82 int try_first_pass = 0;
83 int use_first_pass = 0;
84 int first_pass_good = 0;
85 int first_pass_bad = 0;
87 char *firstpass, *password;
88 char the_password[64];
91 syslog(LOG_DEBUG, "Sample Authentication\n");
93 strcpy(the_password, "test");
95 for (i = 0; i < argc; i++) {
96 if (strcmp(argv[i], "debug") == 0)
98 else if (strcmp(argv[i], "try_first_pass") == 0)
100 else if (strcmp(argv[i], "first_pass_good") == 0)
102 else if (strcmp(argv[i], "first_pass_bad") == 0)
104 else if (strcmp(argv[i], "use_first_pass") == 0)
106 else if (strcmp(argv[i], "always_fail") == 0)
107 return (PAM_AUTH_ERR);
108 else if (strcmp(argv[i], "always_succeed") == 0)
109 return (PAM_SUCCESS);
110 else if (strcmp(argv[i], "always_ignore") == 0)
112 else if (sscanf(argv[i], "pass=%s", the_password) == 1) {
116 syslog(LOG_DEBUG, "illegal scheme option %s", argv[i]);
119 err = pam_get_item(pamh, PAM_USER, (void**) &user);
120 if (err != PAM_SUCCESS)
123 err = pam_get_item(pamh, PAM_CONV, (void**) &pam_convp);
124 if (err != PAM_SUCCESS)
127 (void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &firstpass);
129 if (firstpass && (use_first_pass || try_first_pass)) {
131 if ((first_pass_good ||
132 strcmp(firstpass, the_password) == 0) &&
134 result = PAM_SUCCESS;
137 if (use_first_pass) goto out;
141 * Get the password from the user
144 (void) sprintf(messages[0], (const char *) PAM_MSG(pamh, 1,
147 (void) sprintf(messages[0], (const char *) PAM_MSG(pamh, 2,
151 err = get_authtok(pam_convp->conv,
152 num_msg, messages, NULL, &ret_resp);
154 if (err != PAM_SUCCESS) {
159 password = ret_resp->resp;
161 if (password == NULL) {
162 result = PAM_AUTH_ERR;
166 /* one last ditch attempt to "login" to TEST */
168 if (strcmp(password, the_password) == 0) {
169 result = PAM_SUCCESS;
170 if (firstpass == NULL) {
171 /* this is the first password, stash it away */
172 pam_set_item(pamh, PAM_AUTHTOK, password);
179 if (ret_resp->resp != 0) {
180 /* avoid leaving password cleartext around */
181 memset(ret_resp->resp, 0,
182 strlen(ret_resp->resp));
184 free_resp(num_msg, ret_resp);