#include <security/pam_appl.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <syslog.h>
#include <limits.h>
#include "utils.h"
#include <arpa/inet.h>
#include <openvpn-plugin.h>

Include dependency graph for auth-pam.c:

Data Structures
struct	auth_pam_context

struct	name_value

struct	name_value_list

struct	user_pass

Macros
#define	DEBUG(verb) ((verb) >= 4)

#define	COMMAND_VERIFY 0

#define	COMMAND_EXIT 1

#define	RESPONSE_INIT_SUCCEEDED 10

#define	RESPONSE_INIT_FAILED 11

#define	RESPONSE_VERIFY_SUCCEEDED 12

#define	RESPONSE_VERIFY_FAILED 13

#define	RESPONSE_DEFER 14

#define	N_NAME_VALUE 16

Functions
static void	pam_server (int fd, const char service, int verb, const struct name_value_list name_value_list)

static int	recv_control (int fd)

static int	send_control (int fd, int code)

static int	recv_string (int fd, char *buffer, int len)

static int	send_string (int fd, const char *string)

static void	close_fds_except (int keep)

static void	set_signals (void)

static int	name_value_match (const char query, const char match)

static void	split_scrv1_password (struct user_pass *up)

OPENVPN_EXPORT int	openvpn_plugin_open_v3 (const int v3structver, struct openvpn_plugin_args_open_in const args, struct openvpn_plugin_args_open_return ret)

OPENVPN_EXPORT int	openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const char argv[], const char envp[])

OPENVPN_EXPORT void	openvpn_plugin_close_v1 (openvpn_plugin_handle_t handle)

OPENVPN_EXPORT void	openvpn_plugin_abort_v1 (openvpn_plugin_handle_t handle)

static int	my_conv (int n, const struct pam_message msg_array, struct pam_response response_array, void *appdata_ptr)

static int	pam_auth (const char service, const struct user_pass up)

static void	do_deferred_pam_auth (int fd, const char ac_file_name, const char service, const struct user_pass *up)

Variables
static plugin_log_t	plugin_log = NULL

static plugin_secure_memzero_t	plugin_secure_memzero = NULL

static plugin_base64_decode_t	plugin_base64_decode = NULL

static char *	MODULE = "AUTH-PAM"

Macro Definition Documentation

◆ COMMAND_EXIT

#define COMMAND_EXIT 1

Definition at line 59 of file auth-pam.c.

◆ COMMAND_VERIFY

#define COMMAND_VERIFY 0

Definition at line 58 of file auth-pam.c.

◆ DEBUG

#define DEBUG ( verb ) ((verb) >= 4)

Definition at line 55 of file auth-pam.c.

◆ N_NAME_VALUE

#define N_NAME_VALUE 16

Definition at line 101 of file auth-pam.c.

◆ RESPONSE_DEFER

#define RESPONSE_DEFER 14

Definition at line 66 of file auth-pam.c.

◆ RESPONSE_INIT_FAILED

#define RESPONSE_INIT_FAILED 11

Definition at line 63 of file auth-pam.c.

◆ RESPONSE_INIT_SUCCEEDED

#define RESPONSE_INIT_SUCCEEDED 10

Definition at line 62 of file auth-pam.c.

◆ RESPONSE_VERIFY_FAILED

#define RESPONSE_VERIFY_FAILED 13

Definition at line 65 of file auth-pam.c.

◆ RESPONSE_VERIFY_SUCCEEDED

#define RESPONSE_VERIFY_SUCCEEDED 12

Definition at line 64 of file auth-pam.c.

Function Documentation

◆ close_fds_except()

static void close_fds_except ( int keep )

static

Definition at line 251 of file auth-pam.c.

References name_value_list::len.

Referenced by openvpn_plugin_open_v3().

◆ do_deferred_pam_auth()

static void do_deferred_pam_auth	(	int	fd,
		const char *	ac_file_name,
		const char *	service,
		const struct user_pass *	up
	)

static

Definition at line 850 of file auth-pam.c.

References MODULE, pam_auth(), plugin_log, RESPONSE_DEFER, send_control(), service, user_pass::username, and write.

Referenced by pam_server().

◆ my_conv()

static int my_conv	(	int	n,
		const struct pam_message **	msg_array,
		struct pam_response **	response_array,
		void *	appdata_ptr
	)

static

Definition at line 648 of file auth-pam.c.

References user_pass::common_name, name_value_list::data, DEBUG, name_value_list::len, MODULE, msg, name_value::name, user_pass::name_value_list, name_value_match(), user_pass::password, plugin_log, user_pass::response, searchandreplace(), user_pass::username, name_value::value, and user_pass::verb.

Referenced by pam_auth().

◆ name_value_match()

static int name_value_match	(	const char *	query,
		const char *	match
	)

static

Definition at line 284 of file auth-pam.c.

References name_value_list::len.

Referenced by my_conv().

◆ openvpn_plugin_abort_v1()

OPENVPN_EXPORT void openvpn_plugin_abort_v1 ( openvpn_plugin_handle_t handle )

Definition at line 631 of file auth-pam.c.

References COMMAND_EXIT, and send_control().

◆ openvpn_plugin_close_v1()

OPENVPN_EXPORT void openvpn_plugin_close_v1 ( openvpn_plugin_handle_t handle )

Definition at line 600 of file auth-pam.c.

References COMMAND_EXIT, DEBUG, MODULE, plugin_log, and send_control().

◆ openvpn_plugin_func_v1()

OPENVPN_EXPORT int openvpn_plugin_func_v1	(	openvpn_plugin_handle_t	handle,
		const int	type,
		const char *	argv[],
		const char *	envp[]
	)

Definition at line 523 of file auth-pam.c.

References COMMAND_VERIFY, DEBUG, get_env(), MODULE, plugin_log, recv_control(), RESPONSE_DEFER, RESPONSE_VERIFY_SUCCEEDED, send_control(), send_string(), and status.

◆ openvpn_plugin_open_v3()

OPENVPN_EXPORT int openvpn_plugin_open_v3	(	const int	v3structver,
		struct openvpn_plugin_args_open_in const *	args,
		struct openvpn_plugin_args_open_return *	ret
	)