2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
15 #include <security/pam_appl.h>
16 #include <afsconfig.h>
17 #include <afs/param.h>
29 char *pam_afs_ident = "pam_afs";
30 char *pam_afs_lh = "OPENAFS_PAM_AFS_AUTH_login_handle";
34 lc_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
37 memset(data, 0, strlen(data));
44 nil_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
49 /* The PAM module needs to be free from libucb dependency. Otherwise,
50 dynamic linking is a problem, the AFS PAM library refuses to coexist
51 with the DCE library. The sigvec() and sigsetmask() are the only two
52 calls that neccesiate the inclusion of libucb.a. There are used by
53 the lwp library to support premeptive threads and signalling between
54 threads. Since the lwp support used by the PAM module uses none of
55 these facilities, we can safely define these to be null functions */
57 #if !defined(AFS_HPUX110_ENV)
58 /* For HP 11.0, this function is in util/hputil.c */
60 sigvec(int sig, const struct sigvec *vec, struct sigvec *ovec)
70 #endif /* AFS_HPUX110_ENV */
72 /* converts string to integer */
75 cv2string(register char *ttp, register unsigned long aval)
77 register char *tp = ttp;
94 do_klog(const char *user, const char *password, const char *lifetime,
95 const char *cell_name)
105 #if defined(AFS_KERBEROS_ENV)
110 if (access(klog_prog, X_OK) != 0) {
111 syslog(LOG_ERR, "can not access klog program '%s'", KLOG);
114 #if defined(AFS_KERBEROS_ENV)
115 argv[argc++] = "klog.krb";
118 argv[argc++] = "klog";
120 argv[argc++] = (char *)user;
122 argv[argc++] = "-cell";
123 argv[argc++] = (char *)cell_name;
125 argv[argc++] = "-silent";
126 argv[argc++] = "-pipe";
127 if (lifetime != NULL) {
128 argv[argc++] = "-lifetime";
129 argv[argc++] = (char *)lifetime;
133 if (pipe(pipedes) != 0) {
134 syslog(LOG_ERR, "can not open pipe: %s", strerror(errno));
139 case (-1): /* Error: fork failed */
140 syslog(LOG_ERR, "fork failed: %s", strerror(errno));
142 case (0): /* child */
149 execv(klog_prog, argv);
151 syslog(LOG_ERR, "execv failed: %s", strerror(errno));
156 write(pipedes[1], password, strlen(password));
157 write(pipedes[1], "\n", 1);
160 if (pid != wait(&status))
162 if (WIFEXITED(status)) {
163 ret = WEXITSTATUS(status);
166 syslog(LOG_NOTICE, "%s for %s failed", klog_prog, user);
169 /* syslog(LOG_DEBUG, "do_klog returns %d", ret); */
173 /* get the current AFS pag for the calling process */
177 #if defined(AFS_AIX51_ENV)
180 if (kcred_getpag(cred, PAG_AFS, &pag) < 0 || pag == 0)
184 gid_t groups[NGROUPS_MAX];
186 afs_uint32 h, l, ret;
188 if (getgroups(sizeof groups / sizeof groups[0], groups) < 2)
191 g0 = groups[0] & 0xffff;
192 g1 = groups[1] & 0xffff;
195 if (g0 < 0xc000 && g1 < 0xc000) {
196 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
198 h = (g1 >> 14) + h + h + h;
199 ret = ((h << 28) | l);
200 /* Additional testing */
201 if (((ret >> 24) & 0xff) == 'A')
210 /* Returns the AFS pag number, if any, otherwise return -1 */
217 if (pag == 0 || pag == -1)
220 /* high order byte is always 'A'; actual pag value is low 24 bits */
221 return (pag & 0xFFFFFF);