1 /* passwd-pam.c --- verifying typed passwords with PAM
2 * (Pluggable Authentication Modules.)
3 * written by Bill Nottingham <notting@redhat.com> (and jwz) for
4 * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski <jwz@jwz.org>
6 * Permission to use, copy, modify, distribute, and sell this software and its
7 * documentation for any purpose is hereby granted without fee, provided that
8 * the above copyright notice appear in all copies and that both that
9 * copyright notice and this permission notice appear in supporting
10 * documentation. No representations are made about the suitability of this
11 * software for any purpose. It is provided "as is" without express or
19 #ifndef NO_LOCKING /* whole file */
26 extern char *blurb(void);
31 #include <sys/types.h>
34 #include <security/pam_appl.h>
48 #define countof(x) (sizeof((x))/sizeof(*(x)))
50 static int pam_conversation (int nmsgs,
51 const struct pam_message **msg,
52 struct pam_response **resp,
57 const char *typed_passwd;
62 #ifdef HAVE_PAM_FAIL_DELAY
63 /* We handle delays ourself.*/
64 /* Don't set this to 0 (Linux bug workaround.) */
65 # define PAM_NO_DELAY(pamh) pam_fail_delay ((pamh), 1)
66 # else /* !HAVE_PAM_FAIL_DELAY */
67 # define PAM_NO_DELAY(pamh) /* */
68 # endif /* !HAVE_PAM_FAIL_DELAY */
70 /* PAM sucks in that there is no way to tell whether a particular service
71 is configured at all. That is, there is no way to tell the difference
72 between "authentication of the FOO service is not allowed" and "the
73 user typed the wrong password."
75 On RedHat 5.1 systems, if a service name is not known, it defaults to
76 being not allowed (because the fallback service, /etc/pam.d/other, is
79 On Solaris 2.6 systems, unknown services default to authenticating normally.
81 So, we could simply require that the person who installs xscreensaver
82 set up an "xscreensaver" PAM service. However, if we went that route,
83 it would have a really awful failure mode: the failure mode would be that
84 xscreensaver was willing to *lock* the screen, but would be unwilling to
85 *unlock* the screen. (With the non-PAM password code, the analagous
86 situation -- security not being configured properly, for example do to the
87 executable not being installed as setuid root -- the failure mode is much
88 more palettable, in that xscreensaver will refuse to *lock* the screen,
89 because it can know up front that there is no password that will work.)
91 Another route would be to have the service name to consult be computed at
92 compile-time (perhaps with a configure option.) However, that doesn't
93 really solve the problem, because it means that the same executable might
94 work fine on one machine, but refuse to unlock when run on another
97 Another alternative would be to look in /etc/pam.conf or /etc/pam.d/ at
98 runtime to see what services actually exist. But I think that's no good,
99 because who is to say that the PAM info is actually specified in those
100 files? Opening and reading those files is not a part of the PAM client
101 API, so it's not guarenteed to work on any given system.
103 An alternative I tried was to specify a list of services to try, and to
104 try them all in turn ("xscreensaver", "xlock", "xdm", and "login").
105 This worked, but it was slow (and I also had to do some contortions to
106 work around bugs in Linux PAM 0.64-3.)
108 So what we do today is, try PAM once, and if that fails, try the usual
109 getpwent() method. So if PAM doesn't work, it will at least make an
110 attempt at looking up passwords in /etc/passwd or /etc/shadow instead.
112 This all kind of blows. I'm not sure what else to do.
116 /* This can be called at any time, and says whether the typed password
117 belongs to either the logged in user (real uid, not effective); or
121 pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
123 const char *service = PAM_SERVICE_NAME;
124 pam_handle_t *pamh = 0;
127 struct pam_closure c;
130 struct passwd *p = getpwuid (getuid ());
131 if (!p) return False;
133 user = strdup (p->pw_name);
136 c.typed_passwd = typed_passwd;
137 c.verbose_p = verbose_p;
139 pc.conv = &pam_conversation;
140 pc.appdata_ptr = (void *) &c;
145 status = pam_start (service, c.user, &pc, &pamh);
147 fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n",
148 blurb(), service, c.user,
149 status, pam_strerror (pamh, status));
150 if (status != PAM_SUCCESS) goto DONE;
152 /* #### We should set PAM_TTY to the display we're using, but we
153 don't have that handy from here. So set it to :0.0, which is a
154 good guess (and has the bonus of counting as a "secure tty" as
155 far as PAM is concerned...)
158 const char *tty = ":0.0";
159 status = pam_set_item (pamh, PAM_TTY, strdup(tty));
161 fprintf (stderr, "%s: pam_set_item (p, PAM_TTY, \"%s\") ==> %d (%s)\n",
162 blurb(), tty, status, pam_strerror(pamh, status));
165 /* Try to authenticate as the current user.
168 status = pam_authenticate (pamh, 0);
170 fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n",
171 blurb(), status, pam_strerror(pamh, status));
172 if (status == PAM_SUCCESS) /* Win! */
175 /* If that didn't work, set the user to root, and try to authenticate again.
178 status = pam_set_item (pamh, PAM_USER, strdup(c.user));
180 fprintf (stderr, "%s: pam_set_item(p, PAM_USER, \"%s\") ==> %d (%s)\n",
181 blurb(), c.user, status, pam_strerror(pamh, status));
182 if (status != PAM_SUCCESS) goto DONE;
185 status = pam_authenticate (pamh, 0);
187 fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n",
188 blurb(), status, pam_strerror(pamh, status));
191 if (user) free (user);
194 int status2 = pam_end (pamh, status);
197 fprintf (stderr, "%s: pam_end (...) ==> %d (%s)\n",
199 (status2 == PAM_SUCCESS ? "Success" : "Failure"));
201 return (status == PAM_SUCCESS ? True : False);
206 pam_lock_init (int argc, char **argv, Bool verbose_p)
208 /* We have nothing to do at init-time.
209 However, we might as well do some error checking.
210 If "/etc/pam.d" exists and is a directory, but "/etc/pam.d/xlock"
211 does not exist, warn that PAM probably isn't going to work.
213 const char dir[] = "/etc/pam.d";
214 const char file[] = "/etc/pam.d/" PAM_SERVICE_NAME;
216 if (stat (dir, &st) == 0 && st.st_mode & S_IFDIR)
217 if (stat (file, &st) != 0)
219 "%s: warning: %s does not exist.\n"
220 "%s: password authentication via PAM is unlikely to work.\n",
221 blurb(), file, blurb());
223 /* Return true anyway, just in case. */
228 /* This is the function PAM calls to have a conversation with the user.
229 Really, this function should be the thing that pops up dialog boxes
230 as needed, and prompts for various strings.
232 But, for now, xscreensaver uses its normal password-prompting dialog
233 first, and then this function simply returns the result that has been
236 This means that if PAM was using a retina scanner for auth, xscreensaver
237 would prompt for a password; then pam_conversation() would be called
238 with a string like "Please look into the retina scanner". The user
239 would never see this string, and the prompted-for password would be
243 pam_conversation (int nmsgs,
244 const struct pam_message **msg,
245 struct pam_response **resp,
249 struct pam_response *reply = 0;
250 struct pam_closure *c = (struct pam_closure *) closure;
252 reply = (struct pam_response *) calloc (nmsgs, sizeof (*reply));
253 if (!reply) return PAM_CONV_ERR;
255 for (replies = 0; replies < nmsgs; replies++)
257 switch (msg[replies]->msg_style)
259 case PAM_PROMPT_ECHO_ON:
260 reply[replies].resp_retcode = PAM_SUCCESS;
261 reply[replies].resp = strdup (c->user); /* freed by PAM */
263 fprintf (stderr, "%s: PAM ECHO_ON(\"%s\") ==> \"%s\"\n",
264 blurb(), msg[replies]->msg,
265 reply[replies].resp);
267 case PAM_PROMPT_ECHO_OFF:
268 reply[replies].resp_retcode = PAM_SUCCESS;
269 reply[replies].resp = strdup (c->typed_passwd); /* freed by PAM */
271 fprintf (stderr, "%s: PAM ECHO_OFF(\"%s\") ==> password\n",
272 blurb(), msg[replies]->msg);
276 reply[replies].resp_retcode = PAM_SUCCESS;
277 reply[replies].resp = 0;
279 fprintf (stderr, "%s: PAM TEXT_INFO(\"%s\") ==> ignored\n",
280 blurb(), msg[replies]->msg);
284 reply[replies].resp_retcode = PAM_SUCCESS;
285 reply[replies].resp = 0;
287 fprintf (stderr, "%s: PAM ERROR_MSG(\"%s\") ==> ignored\n",
288 blurb(), msg[replies]->msg);
291 /* Must be an error of some sort... */
294 fprintf (stderr, "%s: PAM unknown %d(\"%s\") ==> ignored\n",
295 blurb(), msg[replies]->msg_style, msg[replies]->msg);
303 #endif /* NO_LOCKING -- whole file */