2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
15 #include <security/pam_appl.h>
16 #include <afsconfig.h>
17 #include <afs/param.h>
33 char *pam_afs_ident = "pam_afs";
34 char *pam_afs_lh = "OPENAFS_PAM_AFS_AUTH_login_handle";
38 lc_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
41 memset(data, 0, strlen(data));
48 nil_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
53 /* The PAM module needs to be free from libucb dependency. Otherwise,
54 dynamic linking is a problem, the AFS PAM library refuses to coexist
55 with the DCE library. The sigvec() and sigsetmask() are the only two
56 calls that neccesiate the inclusion of libucb.a. There are used by
57 the lwp library to support premeptive threads and signalling between
58 threads. Since the lwp support used by the PAM module uses none of
59 these facilities, we can safely define these to be null functions */
61 #if !defined(AFS_HPUX110_ENV)
62 /* For HP 11.0, this function is in util/hputil.c */
64 sigvec(int sig, const struct sigvec *vec, struct sigvec *ovec)
74 #endif /* AFS_HPUX110_ENV */
76 /* converts string to integer */
79 cv2string(register char *ttp, register unsigned long aval)
81 register char *tp = ttp;
98 do_klog(const char *user, const char *password, const char *lifetime,
99 const char *cell_name)
109 #if defined(AFS_KERBEROS_ENV)
114 if (access(klog_prog, X_OK) != 0) {
115 syslog(LOG_ERR, "can not access klog program '%s'", KLOG);
118 #if defined(AFS_KERBEROS_ENV)
119 argv[argc++] = "klog.krb";
122 argv[argc++] = "klog";
124 argv[argc++] = (char *)user;
126 argv[argc++] = "-cell";
127 argv[argc++] = (char *)cell_name;
129 argv[argc++] = "-silent";
130 argv[argc++] = "-pipe";
131 if (lifetime != NULL) {
132 argv[argc++] = "-lifetime";
133 argv[argc++] = (char *)lifetime;
137 if (pipe(pipedes) != 0) {
138 syslog(LOG_ERR, "can not open pipe: %s", strerror(errno));
143 case (-1): /* Error: fork failed */
144 syslog(LOG_ERR, "fork failed: %s", strerror(errno));
146 case (0): /* child */
153 execv(klog_prog, argv);
155 syslog(LOG_ERR, "execv failed: %s", strerror(errno));
160 write(pipedes[1], password, strlen(password));
161 write(pipedes[1], "\n", 1);
164 if (pid != wait(&status))
166 if (WIFEXITED(status)) {
167 ret = WEXITSTATUS(status);
170 syslog(LOG_NOTICE, "%s for %s failed", klog_prog, user);
173 /* syslog(LOG_DEBUG, "do_klog returns %d", ret); */
177 /* get the current AFS pag for the calling process */
181 #if defined(AFS_AIX51_ENV)
182 int code = getpagvalue("afs");
183 if (code < 0 && errno == EINVAL)
187 gid_t groups[NGROUPS_MAX];
189 afs_uint32 h, l, ret;
191 if (getgroups(sizeof groups / sizeof groups[0], groups) < 2)
194 g0 = groups[0] & 0xffff;
195 g1 = groups[1] & 0xffff;
198 if (g0 < 0xc000 && g1 < 0xc000) {
199 l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
201 h = (g1 >> 14) + h + h + h;
202 ret = ((h << 28) | l);
203 /* Additional testing */
204 if (((ret >> 24) & 0xff) == 'A')
213 /* Returns the AFS pag number, if any, otherwise return -1 */
220 if (pag == 0 || pag == -1)
223 /* high order byte is always 'A'; actual pag value is low 24 bits */
224 return (pag & 0xFFFFFF);