search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
AMD64 - Fix format conversions and other warnings.
[dragonfly.git] / contrib / openpam / lib / pam_get_authtok.c
blob2a974c9c865809cfd026ecb5d795644ba2849300
1 /*-
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2007 Dag-Erling Smørgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
21 * permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: pam_get_authtok.c 408 2007-12-21 11:36:24Z des $
36 */
37
38 #include <sys/param.h>
39
40 #include <stdlib.h>
41 #include <string.h>
42
43 #include <security/pam_appl.h>
44 #include <security/openpam.h>
45
46 #include "openpam_impl.h"
47
48 static const char authtok_prompt[] = "Password:";
49 static const char oldauthtok_prompt[] = "Old Password:";
50 static const char newauthtok_prompt[] = "New Password:";
51
52 /*
53 * OpenPAM extension
54 *
55 * Retrieve authentication token
56 */
57
58 int
59 pam_get_authtok(pam_handle_t *pamh,
60 int item,
61 const char **authtok,
62 const char *prompt)
63 {
64 const void *oldauthtok, *prevauthtok, *promptp;
65 const char *default_prompt;
66 char *resp, *resp2;
67 int pitem, r, style, twice;
68
69 ENTER();
70 if (pamh == NULL || authtok == NULL)
71 RETURNC(PAM_SYSTEM_ERR);
72 *authtok = NULL;
73 twice = 0;
74 switch (item) {
75 case PAM_AUTHTOK:
76 pitem = PAM_AUTHTOK_PROMPT;
77 default_prompt = authtok_prompt;
78 r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
79 if (r == PAM_SUCCESS && oldauthtok != NULL) {
80 default_prompt = newauthtok_prompt;
81 twice = 1;
82 }
83 break;
84 case PAM_OLDAUTHTOK:
85 pitem = PAM_OLDAUTHTOK_PROMPT;
86 default_prompt = oldauthtok_prompt;
87 twice = 0;
88 break;
89 default:
90 RETURNC(PAM_SYMBOL_ERR);
91 }
92 if (openpam_get_option(pamh, "try_first_pass") ||
93 openpam_get_option(pamh, "use_first_pass")) {
94 r = pam_get_item(pamh, item, &prevauthtok);
95 if (r == PAM_SUCCESS && prevauthtok != NULL) {
96 *authtok = prevauthtok;
97 RETURNC(PAM_SUCCESS);
98 }
99 else if (openpam_get_option(pamh, "use_first_pass"))
100 RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
101 }
102 if (prompt == NULL) {
103 r = pam_get_item(pamh, pitem, &promptp);
104 if (r != PAM_SUCCESS || promptp == NULL)
105 prompt = default_prompt;
106 else
107 prompt = promptp;
108 }
109 style = openpam_get_option(pamh, "echo_pass") ?
110 PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
111 r = pam_prompt(pamh, style, &resp, "%s", prompt);
112 if (r != PAM_SUCCESS)
113 RETURNC(r);
114 if (twice) {
115 r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
116 if (r != PAM_SUCCESS) {
117 FREE(resp);
118 RETURNC(r);
119 }
120 if (strcmp(resp, resp2) != 0)
121 FREE(resp);
122 FREE(resp2);
123 }
124 if (resp == NULL)
125 RETURNC(PAM_TRY_AGAIN);
126 r = pam_set_item(pamh, item, resp);
127 FREE(resp);
128 if (r != PAM_SUCCESS)
129 RETURNC(r);
130 r = pam_get_item(pamh, item, (const void **)authtok);
131 RETURNC(r);
132 }
133
134 /*
135 * Error codes:
136 *
137 * =pam_get_item
138 * =pam_prompt
139 * =pam_set_item
140 * !PAM_SYMBOL_ERR
141 * PAM_TRY_AGAIN
142 */
143
144 /**
145 * The =pam_get_authtok function returns the cached authentication token,
146 * or prompts the user if no token is currently cached.
147 * Either way, a pointer to the authentication token is stored in the
148 * location pointed to by the =authtok argument.
149 *
150 * The =item argument must have one of the following values:
151 *
152 * =PAM_AUTHTOK:
153 * Returns the current authentication token, or the new token
154 * when changing authentication tokens.
155 * =PAM_OLDAUTHTOK:
156 * Returns the previous authentication token when changing
157 * authentication tokens.
158 *
159 * The =prompt argument specifies a prompt to use if no token is cached.
160 * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item,
161 * as appropriate, will be used.
162 * If that item is also =NULL, a hardcoded default prompt will be used.
163 *
164 * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
165 * item, =pam_get_authtok will ask the user to confirm the new token by
166 * retyping it.
167 * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN.
168 *
169 * >pam_get_item
170 * >pam_get_user
171 */
DragonFly BSD