2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
15 #include <security/pam_appl.h>
16 #include <afsconfig.h>
17 #include <afs/param.h>
35 char *pam_afs_ident = "pam_afs";
36 char *pam_afs_lh = "OPENAFS_PAM_AFS_AUTH_login_handle";
40 lc_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
43 memset(data, 0, strlen(data));
50 nil_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
55 /* The PAM module needs to be free from libucb dependency. Otherwise,
56 dynamic linking is a problem, the AFS PAM library refuses to coexist
57 with the DCE library. The sigvec() and sigsetmask() are the only two
58 calls that neccesiate the inclusion of libucb.a. There are used by
59 the lwp library to support premeptive threads and signalling between
60 threads. Since the lwp support used by the PAM module uses none of
61 these facilities, we can safely define these to be null functions */
63 #if !defined(AFS_HPUX110_ENV)
64 /* For HP 11.0, this function is in util/hputil.c */
66 sigvec(int sig, const struct sigvec *vec, struct sigvec *ovec)
76 #endif /* AFS_HPUX110_ENV */
78 /* converts string to integer */
81 cv2string(register char *ttp, register unsigned long aval)
83 register char *tp = ttp;
100 do_klog(const char *user, const char *password, const char *lifetime,
101 const char *cell_name)
111 #if defined(AFS_KERBEROS_ENV)
116 if (access(klog_prog, X_OK) != 0) {
117 syslog(LOG_ERR, "can not access klog program '%s'", KLOG);
120 #if defined(AFS_KERBEROS_ENV)
121 argv[argc++] = "klog.krb";
124 argv[argc++] = "klog";
126 argv[argc++] = (char *)user;
128 argv[argc++] = "-cell";
129 argv[argc++] = (char *)cell_name;
131 argv[argc++] = "-silent";
132 argv[argc++] = "-pipe";
133 if (lifetime != NULL) {
134 argv[argc++] = "-lifetime";
135 argv[argc++] = (char *)lifetime;
139 if (pipe(pipedes) != 0) {
140 syslog(LOG_ERR, "can not open pipe: %s", strerror(errno));
145 case (-1): /* Error: fork failed */
146 syslog(LOG_ERR, "fork failed: %s", strerror(errno));
148 case (0): /* child */
155 execv(klog_prog, argv);
157 syslog(LOG_ERR, "execv failed: %s", strerror(errno));
162 write(pipedes[1], password, strlen(password));
163 write(pipedes[1], "\n", 1);
166 if (pid != wait(&status))
168 if (WIFEXITED(status)) {
169 ret = WEXITSTATUS(status);
172 syslog(LOG_NOTICE, "%s for %s failed", klog_prog, user);
175 /* syslog(LOG_DEBUG, "do_klog returns %d", ret); */
179 /* get the current AFS pag for the calling process */
183 #if defined(AFS_AIX51_ENV)
186 if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
190 gid_t groups[NGROUPS_MAX];
192 afs_uint32 h, l, ret;
194 if (getgroups(sizeof groups / sizeof groups[0], groups) < 2)
197 g0 = groups[0] & 0xffff;
198 g1 = groups[1] & 0xffff;
201 if (g0 < 0xc000 && g1 < 0xc000) {
202 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
204 h = (g1 >> 14) + h + h + h;
205 ret = ((h << 28) | l);
206 /* Additional testing */
207 if (((ret >> 24) & 0xff) == 'A')
216 /* Returns the AFS pag number, if any, otherwise return -1 */
223 if (pag == 0 || pag == -1)
226 /* high order byte is always 'A'; actual pag value is low 24 bits */
227 return (pag & 0xFFFFFF);