2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
15 #include <security/pam_appl.h>
16 #include <afsconfig.h>
17 #include <afs/param.h>
38 char *pam_afs_ident = "pam_afs";
39 char *pam_afs_lh = "OPENAFS_PAM_AFS_AUTH_login_handle";
43 lc_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
46 memset(data, 0, strlen(data));
53 nil_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
58 /* The PAM module needs to be free from libucb dependency. Otherwise,
59 dynamic linking is a problem, the AFS PAM library refuses to coexist
60 with the DCE library. The sigvec() and sigsetmask() are the only two
61 calls that neccesiate the inclusion of libucb.a. There are used by
62 the lwp library to support premeptive threads and signalling between
63 threads. Since the lwp support used by the PAM module uses none of
64 these facilities, we can safely define these to be null functions */
66 #if !defined(AFS_HPUX110_ENV)
67 /* For HP 11.0, this function is in util/hputil.c */
69 sigvec(int sig, const struct sigvec *vec, struct sigvec *ovec)
79 #endif /* AFS_HPUX110_ENV */
81 /* converts string to integer */
84 cv2string(register char *ttp, register unsigned long aval)
86 register char *tp = ttp;
103 do_klog(const char *user, const char *password, const char *lifetime,
104 const char *cell_name)
114 #if defined(AFS_KERBEROS_ENV)
119 if (access(klog_prog, X_OK) != 0) {
120 syslog(LOG_ERR, "can not access klog program '%s'", KLOG);
123 #if defined(AFS_KERBEROS_ENV)
124 argv[argc++] = "klog.krb";
127 argv[argc++] = "klog";
129 argv[argc++] = (char *)user;
131 argv[argc++] = "-cell";
132 argv[argc++] = (char *)cell_name;
134 argv[argc++] = "-silent";
135 argv[argc++] = "-pipe";
136 if (lifetime != NULL) {
137 argv[argc++] = "-lifetime";
138 argv[argc++] = (char *)lifetime;
142 if (pipe(pipedes) != 0) {
143 syslog(LOG_ERR, "can not open pipe: %s", strerror(errno));
148 case (-1): /* Error: fork failed */
149 syslog(LOG_ERR, "fork failed: %s", strerror(errno));
151 case (0): /* child */
158 execv(klog_prog, argv);
160 syslog(LOG_ERR, "execv failed: %s", strerror(errno));
165 write(pipedes[1], password, strlen(password));
166 write(pipedes[1], "\n", 1);
169 if (pid != wait(&status))
171 if (WIFEXITED(status)) {
172 ret = WEXITSTATUS(status);
175 syslog(LOG_NOTICE, "%s for %s failed", klog_prog, user);
178 /* syslog(LOG_DEBUG, "do_klog returns %d", ret); */
182 /* get the current AFS pag for the calling process */
186 gid_t groups[NGROUPS_MAX];
188 afs_uint32 h, l, ret;
190 if (getgroups(sizeof groups / sizeof groups[0], groups) < 2)
193 g0 = groups[0] & 0xffff;
194 g1 = groups[1] & 0xffff;
197 if (g0 < 0xc000 && g1 < 0xc000) {
198 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
200 h = (g1 >> 14) + h + h + h;
201 ret = ((h << 28) | l);
202 /* Additional testing */
203 if (((ret >> 24) & 0xff) == 'A')
211 /* Returns the AFS pag number, if any, otherwise return -1 */
218 if (pag == 0 || pag == -1)
221 /* high order byte is always 'A'; actual pag value is low 24 bits */
222 return (pag & 0xFFFFFF);