2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
15 #ifdef HAVE_SYS_WAIT_H
28 #include <security/pam_appl.h>
35 char *pam_afs_ident = "pam_afs";
36 char *pam_afs_lh = "OPENAFS_PAM_AFS_AUTH_login_handle";
40 lc_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
43 memset(data, 0, strlen(data));
50 nil_cleanup(pam_handle_t * pamh, void *data, int pam_end_status)
55 /* converts string to integer */
58 cv2string(char *ttp, unsigned long aval)
77 do_klog(const char *user, const char *password, const char *lifetime,
78 const char *cell_name)
86 int ret = 1; /* ret different than zero means failure */
89 #if defined(AFS_KERBEROS_ENV)
94 if (access(klog_prog, X_OK) != 0) {
95 syslog(LOG_ERR, "can not access klog program '%s'", KLOG);
98 #if defined(AFS_KERBEROS_ENV)
99 argv[argc++] = "klog.krb";
102 argv[argc++] = "klog";
104 argv[argc++] = (char *)user;
106 argv[argc++] = "-cell";
107 argv[argc++] = (char *)cell_name;
109 argv[argc++] = "-silent";
110 argv[argc++] = "-pipe";
111 if (lifetime != NULL) {
112 argv[argc++] = "-lifetime";
113 argv[argc++] = (char *)lifetime;
117 if (pipe(pipedes) != 0) {
118 syslog(LOG_ERR, "can not open pipe: %s", strerror(errno));
123 case (-1): /* Error: fork failed */
124 syslog(LOG_ERR, "fork failed: %s", strerror(errno));
126 case (0): /* child */
128 fd = dup(pipedes[0]);
131 syslog(LOG_ERR, "do_klog: dup failed for pipedes[0]: %s",
136 fd = dup(pipedes[1]);
140 syslog(LOG_ERR, "do_klog: dup failed for pipedes[1]: %s",
144 execv(klog_prog, argv);
146 syslog(LOG_ERR, "execv failed: %s", strerror(errno));
151 nbytes = write(pipedes[1], password, strlen(password));
154 "do_klog: could not write the password into the input of the pipe: %s",
157 nbytes = write(pipedes[1], "\n", 1);
160 "do_klog: could not write the end-of-line code into the input of the pipe: %s",
165 if (pid != wait(&status))
167 if (WIFEXITED(status)) {
168 ret = WEXITSTATUS(status);
171 syslog(LOG_NOTICE, "%s for %s failed", klog_prog, user);
174 /* syslog(LOG_DEBUG, "do_klog returns %d", ret); */
178 /* Returns the AFS pag number, if any, otherwise return -1 */
185 if (pag == 0 || pag == -1)
188 /* high order byte is always 'A'; actual pag value is low 24 bits */
189 return (pag & 0xFFFFFF);