[openssh.git] / auth-pam.c

/*-
 * Copyright (c) 2002 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by ThinkSec AS and
 * NAI Labs, the Security Research Division of Network Associates, Inc.
 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
 * DARPA CHATS research program.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
RCSID("$Id$");

#ifdef USE_PAM
#include <security/pam_appl.h>

#include "auth.h"
#include "auth-pam.h"
#include "buffer.h"
#include "bufaux.h"
#include "canohost.h"
#include "log.h"
#include "monitor_wrap.h"
#include "msg.h"
#include "packet.h"
#include "readpass.h"
#include "servconf.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "auth-options.h"

extern ServerOptions options;

#define __unused

#ifdef USE_POSIX_THREADS
#include <pthread.h>
/*
 * Avoid namespace clash when *not* using pthreads for systems *with* 
 * pthreads, which unconditionally define pthread_t via sys/types.h 
 * (e.g. Linux)
 */
typedef pthread_t sp_pthread_t; 
#else
/*
 * Simulate threads with processes.
 */
typedef pid_t sp_pthread_t;

static void
pthread_exit(void *value __unused)
{
	_exit(0);
}

static int
pthread_create(sp_pthread_t *thread, const void *attr __unused,
    void *(*thread_start)(void *), void *arg)
{
	pid_t pid;

	switch ((pid = fork())) {
	case -1:
		error("fork(): %s", strerror(errno));
		return (-1);
	case 0:
		thread_start(arg);
		_exit(1);
	default:
		*thread = pid;
		return (0);
	}
}

static int
pthread_cancel(sp_pthread_t thread)
{
	return (kill(thread, SIGTERM));
}

static int
pthread_join(sp_pthread_t thread, void **value __unused)
{
	int status;

	waitpid(thread, &status, 0);
	return (status);
}
#endif


static pam_handle_t *sshpam_handle;
static int sshpam_err;
static int sshpam_authenticated;
static int sshpam_new_authtok_reqd;
static int sshpam_session_open;
static int sshpam_cred_established;

struct pam_ctxt {
	sp_pthread_t	 pam_thread;
	int		 pam_psock;
	int		 pam_csock;
	int		 pam_done;
};

static void sshpam_free_ctx(void *);

/*
 * Conversation function for authentication thread.
 */
static int
sshpam_thread_conv(int n, const struct pam_message **msg,
    struct pam_response **resp, void *data)
{
	Buffer buffer;
	struct pam_ctxt *ctxt;
	int i;

	ctxt = data;
	if (n <= 0 || n > PAM_MAX_NUM_MSG)
		return (PAM_CONV_ERR);
	*resp = xmalloc(n * sizeof **resp);
	buffer_init(&buffer);
	for (i = 0; i < n; ++i) {
		resp[i]->resp_retcode = 0;
		resp[i]->resp = NULL;
		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
		case PAM_PROMPT_ECHO_OFF:
			buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
			ssh_msg_send(ctxt->pam_csock, 
			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
			ssh_msg_recv(ctxt->pam_csock, &buffer);
			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
				goto fail;
			resp[i]->resp = buffer_get_string(&buffer, NULL);
			break;
		case PAM_PROMPT_ECHO_ON:
			buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
			ssh_msg_send(ctxt->pam_csock, 
			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
			ssh_msg_recv(ctxt->pam_csock, &buffer);
			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
				goto fail;
			resp[i]->resp = buffer_get_string(&buffer, NULL);
			break;
		case PAM_ERROR_MSG:
			buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
			ssh_msg_send(ctxt->pam_csock, 
			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
			break;
		case PAM_TEXT_INFO:
			buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
			ssh_msg_send(ctxt->pam_csock, 
			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
			break;
		default:
			goto fail;
		}
		buffer_clear(&buffer);
	}
	buffer_free(&buffer);
	return (PAM_SUCCESS);
 fail:
	while (i)
		xfree(resp[--i]);
	xfree(*resp);
	*resp = NULL;
	buffer_free(&buffer);
	return (PAM_CONV_ERR);
}

/*
 * Authentication thread.
 */
static void *
sshpam_thread(void *ctxtp)
{
	struct pam_ctxt *ctxt = ctxtp;
	Buffer buffer;
	struct pam_conv sshpam_conv;
#ifndef USE_POSIX_THREADS
	const char *pam_user;

	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
	setproctitle("%s [pam]", pam_user);
#endif

	sshpam_conv.conv = sshpam_thread_conv;
	sshpam_conv.appdata_ptr = ctxt;

	buffer_init(&buffer);
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&sshpam_conv);
	if (sshpam_err != PAM_SUCCESS)
		goto auth_fail;
	sshpam_err = pam_authenticate(sshpam_handle, 0);
	if (sshpam_err != PAM_SUCCESS)
		goto auth_fail;
	buffer_put_cstring(&buffer, "OK");
	ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
	buffer_free(&buffer);
	pthread_exit(NULL);

 auth_fail:
	buffer_put_cstring(&buffer,
	    pam_strerror(sshpam_handle, sshpam_err));
	ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
	buffer_free(&buffer);
	pthread_exit(NULL);
	
	return (NULL); /* Avoid warning for non-pthread case */
}

static void
sshpam_thread_cleanup(void *ctxtp)
{
	struct pam_ctxt *ctxt = ctxtp;

	pthread_cancel(ctxt->pam_thread);
	pthread_join(ctxt->pam_thread, NULL);
	close(ctxt->pam_psock);
	close(ctxt->pam_csock);
}

static int
sshpam_null_conv(int n, const struct pam_message **msg,
    struct pam_response **resp, void *data)
{
	return (PAM_CONV_ERR);
}

static struct pam_conv null_conv = { sshpam_null_conv, NULL };

static void
sshpam_cleanup(void *arg)
{
	(void)arg;
	debug("PAM: cleanup");
	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
	if (sshpam_cred_established) {
		pam_setcred(sshpam_handle, PAM_DELETE_CRED);
		sshpam_cred_established = 0;
	}
	if (sshpam_session_open) {
		pam_close_session(sshpam_handle, PAM_SILENT);
		sshpam_session_open = 0;
	}
	sshpam_authenticated = sshpam_new_authtok_reqd = 0;
	pam_end(sshpam_handle, sshpam_err);
	sshpam_handle = NULL;
}

static int
sshpam_init(const char *user)
{
	extern u_int utmp_len;
	extern char *__progname;
	const char *pam_rhost, *pam_user;

	if (sshpam_handle != NULL) {
		/* We already have a PAM context; check if the user matches */
		sshpam_err = pam_get_item(sshpam_handle,
		    PAM_USER, (const void **)&pam_user);
		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
			return (0);
		fatal_remove_cleanup(sshpam_cleanup, NULL);
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
	}
	debug("PAM: initializing for \"%s\"", user);
	sshpam_err =
	    pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
	pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns);
	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#ifdef PAM_TTY_KLUDGE
        /*
         * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
         * sshd doesn't set the tty until too late in the auth process and 
	 * may not even set one (for tty-less connections)
         */
	debug("PAM: setting PAM_TTY to \"ssh\"");
	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#endif
	fatal_add_cleanup(sshpam_cleanup, NULL);
	return (0);
}

static void *
sshpam_init_ctx(Authctxt *authctxt)
{
	struct pam_ctxt *ctxt;
	int socks[2];

	/* Refuse to start if we don't have PAM enabled */
	if (!options.use_pam)
		return NULL;

	/* Initialize PAM */
	if (sshpam_init(authctxt->user) == -1) {
		error("PAM: initialization failed");
		return (NULL);
	}

	ctxt = xmalloc(sizeof *ctxt);
	ctxt->pam_done = 0;

	/* Start the authentication thread */
	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
		error("PAM: failed create sockets: %s", strerror(errno));
		xfree(ctxt);
		return (NULL);
	}
	ctxt->pam_psock = socks[0];
	ctxt->pam_csock = socks[1];
	if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
		error("PAM: failed to start authentication thread: %s",
		    strerror(errno));
		close(socks[0]);
		close(socks[1]);
		xfree(ctxt);
		return (NULL);
	}
	fatal_add_cleanup(sshpam_thread_cleanup, ctxt);
	return (ctxt);
}

static int
sshpam_query(void *ctx, char **name, char **info,
    u_int *num, char ***prompts, u_int **echo_on)
{
	Buffer buffer;
	struct pam_ctxt *ctxt = ctx;
	size_t plen;
	u_char type;
	char *msg;
	size_t len;

	buffer_init(&buffer);
	*name = xstrdup("");
	*info = xstrdup("");
	*prompts = xmalloc(sizeof(char *));
	**prompts = NULL;
	plen = 0;
	*echo_on = xmalloc(sizeof(u_int));
	while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
		type = buffer_get_char(&buffer);
		msg = buffer_get_string(&buffer, NULL);
		switch (type) {
		case PAM_PROMPT_ECHO_ON:
		case PAM_PROMPT_ECHO_OFF:
			*num = 1;
			len = plen + strlen(msg) + 1;
			**prompts = xrealloc(**prompts, len);
			plen += snprintf(**prompts + plen, len, "%s", msg);
			**echo_on = (type == PAM_PROMPT_ECHO_ON);
			xfree(msg);
			return (0);
		case PAM_ERROR_MSG:
		case PAM_TEXT_INFO:
			/* accumulate messages */
			len = plen + strlen(msg) + 1;
			**prompts = xrealloc(**prompts, len);
			plen += snprintf(**prompts + plen, len, "%s", msg);
			xfree(msg);
			break;
		case PAM_SUCCESS:
		case PAM_AUTH_ERR:
			if (**prompts != NULL) {
				/* drain any accumulated messages */
#if 0 /* XXX - not compatible with privsep */
				packet_start(SSH2_MSG_USERAUTH_BANNER);
				packet_put_cstring(**prompts);
				packet_put_cstring("");
				packet_send();
				packet_write_wait();
#endif
				xfree(**prompts);
				**prompts = NULL;
			}
			if (type == PAM_SUCCESS) {
				*num = 0;
				**echo_on = 0;
				ctxt->pam_done = 1;
				xfree(msg);
				return (0);
			}
			error("PAM: %s", msg);
		default:
			*num = 0;
			**echo_on = 0;
			xfree(msg);
			ctxt->pam_done = -1;
			return (-1);
		}
	}
	return (-1);
}

/* XXX - see also comment in auth-chall.c:verify_response */
static int
sshpam_respond(void *ctx, u_int num, char **resp)
{
	Buffer buffer;
	struct pam_ctxt *ctxt = ctx;

	debug2("PAM: %s", __func__);
	switch (ctxt->pam_done) {
	case 1:
		sshpam_authenticated = 1;
		return (0);
	case 0:
		break;
	default:
		return (-1);
	}
	if (num != 1) {
		error("PAM: expected one response, got %u", num);
		return (-1);
	}
	buffer_init(&buffer);
	buffer_put_cstring(&buffer, *resp);
	ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer);
	buffer_free(&buffer);
	return (1);
}

static void
sshpam_free_ctx(void *ctxtp)
{
	struct pam_ctxt *ctxt = ctxtp;

	fatal_remove_cleanup(sshpam_thread_cleanup, ctxt);
	sshpam_thread_cleanup(ctxtp);
	xfree(ctxt);
	/*
	 * We don't call sshpam_cleanup() here because we may need the PAM
	 * handle at a later stage, e.g. when setting up a session.  It's
	 * still on the cleanup list, so pam_end() *will* be called before
	 * the server process terminates.
	 */
}

KbdintDevice sshpam_device = {
	"pam",
	sshpam_init_ctx,
	sshpam_query,
	sshpam_respond,
	sshpam_free_ctx
};

KbdintDevice mm_sshpam_device = {
	"pam",
	mm_sshpam_init_ctx,
	mm_sshpam_query,
	mm_sshpam_respond,
	mm_sshpam_free_ctx
};

/*
 * This replaces auth-pam.c
 */
void
start_pam(const char *user)
{
	if (!options.use_pam)
		fatal("PAM: initialisation requested when UsePAM=no");

	if (sshpam_init(user) == -1)
		fatal("PAM: initialisation failed");
}

void
finish_pam(void)
{
	fatal_remove_cleanup(sshpam_cleanup, NULL);
	sshpam_cleanup(NULL);
}

u_int
do_pam_account(void)
{
	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
	debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
	
	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
		return (0);

	if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
		sshpam_new_authtok_reqd = 1;

		/* Prevent forwardings until password changed */
		no_port_forwarding_flag |= 2;
		no_agent_forwarding_flag |= 2;
		no_x11_forwarding_flag |= 2;
	}

	return (1);
}

void
do_pam_session(void)
{
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, 
	    (const void *)&null_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: failed to set PAM_CONV: %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	sshpam_err = pam_open_session(sshpam_handle, 0);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: pam_open_session(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	sshpam_session_open = 1;
}

void
do_pam_set_tty(const char *tty)
{
	if (tty != NULL) {
		debug("PAM: setting PAM_TTY to \"%s\"", tty);
		sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
		if (sshpam_err != PAM_SUCCESS)
			fatal("PAM: failed to set PAM_TTY: %s",
			    pam_strerror(sshpam_handle, sshpam_err));
	}
}

void
do_pam_setcred(int init)
{
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&null_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: failed to set PAM_CONV: %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	if (init) {
		debug("PAM: establishing credentials");
		sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
	} else {
		debug("PAM: reinitializing credentials");
		sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
	}
	if (sshpam_err == PAM_SUCCESS) {
		sshpam_cred_established = 1;
		return;
	}
	if (sshpam_authenticated)
		fatal("PAM: pam_setcred(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	else
		debug("PAM: pam_setcred(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
}

int
is_pam_password_change_required(void)
{
	return (sshpam_new_authtok_reqd);
}

static int
pam_chauthtok_conv(int n, const struct pam_message **msg,
    struct pam_response **resp, void *data)
{
	char input[PAM_MAX_MSG_SIZE];
	int i;

	if (n <= 0 || n > PAM_MAX_NUM_MSG)
		return (PAM_CONV_ERR);
	*resp = xmalloc(n * sizeof **resp);
	for (i = 0; i < n; ++i) {
		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
		case PAM_PROMPT_ECHO_OFF:
			resp[i]->resp =
			    read_passphrase(PAM_MSG_MEMBER(msg, i, msg), 
			    RP_ALLOW_STDIN);
			resp[i]->resp_retcode = PAM_SUCCESS;
			break;
		case PAM_PROMPT_ECHO_ON:
			fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
			fgets(input, sizeof input, stdin);
			resp[i]->resp = xstrdup(input);
			resp[i]->resp_retcode = PAM_SUCCESS;
			break;
		case PAM_ERROR_MSG:
		case PAM_TEXT_INFO:
			fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
			resp[i]->resp_retcode = PAM_SUCCESS;
			break;
		default:
			goto fail;
		}
	}
	return (PAM_SUCCESS);
 fail:
	while (i)
		xfree(resp[--i]);
	xfree(*resp);
	*resp = NULL;
	return (PAM_CONV_ERR);
}

/*
 * XXX this should be done in the authentication phase, but ssh1 doesn't
 * support that
 */
void
do_pam_chauthtok(void)
{
	struct pam_conv pam_conv;

	pam_conv.conv = pam_chauthtok_conv;
	pam_conv.appdata_ptr = NULL;

	if (use_privsep)
		fatal("Password expired (unable to change with privsep)");
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&pam_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: failed to set PAM_CONV: %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	debug("PAM: changing password");
	sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: pam_chauthtok(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
}

/* 
 * Set a PAM environment string. We need to do this so that the session
 * modules can handle things like Kerberos/GSI credentials that appear
 * during the ssh authentication process.
 */

int
do_pam_putenv(char *name, char *value) 
{
	int ret = 1;
#ifdef HAVE_PAM_PUTENV	
	char *compound;
	size_t len;

	len = strlen(name) + strlen(value) + 2;
	compound = xmalloc(len);

	snprintf(compound, len, "%s=%s", name, value);
	ret = pam_putenv(sshpam_handle, compound);
	xfree(compound);
#endif

	return (ret);
}

void
print_pam_messages(void)
{
	/* XXX */
}

char **
fetch_pam_environment(void)
{
#ifdef HAVE_PAM_GETENVLIST
	debug("PAM: retrieving environment");
	return (pam_getenvlist(sshpam_handle));
#else
	return (NULL);
#endif
}

void
free_pam_environment(char **env)
{
	char **envp;

	if (env == NULL)
		return;

	for (envp = env; *envp; envp++)
		xfree(*envp);
	xfree(env);
}

#endif /* USE_PAM */
Commit	Line	Data
05114c74	1	/*-
	2	* Copyright (c) 2002 Networks Associates Technology, Inc.
	3	* All rights reserved.
	4	*
	5	* This software was developed for the FreeBSD Project by ThinkSec AS and
	6	* NAI Labs, the Security Research Division of Network Associates, Inc.
	7	* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
	8	* DARPA CHATS research program.
09564242	9	*
	10	* Redistribution and use in source and binary forms, with or without
	11	* modification, are permitted provided that the following conditions
	12	* are met:
	13	* 1. Redistributions of source code must retain the above copyright
	14	* notice, this list of conditions and the following disclaimer.
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in the
	17	* documentation and/or other materials provided with the distribution.
09564242	18	*
05114c74	19	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
a5c9cd31	30	*/
a5c9cd31	31
5ff453c0	32	/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
a5c9cd31	33	#include "includes.h"
5ff453c0	34	RCSID("$Id$");
a5c9cd31	35
a5c9cd31	36	#ifdef USE_PAM
05114c74	37	#include <security/pam_appl.h>
05114c74	38
fde58bd4	39	#include "auth.h"
5c377b3b	40	#include "auth-pam.h"
05114c74	41	#include "buffer.h"
05114c74	42	#include "bufaux.h"
42f11eb2	43	#include "canohost.h"
05114c74	44	#include "log.h"
	45	#include "monitor_wrap.h"
	46	#include "msg.h"
	47	#include "packet.h"
42f11eb2	48	#include "readpass.h"
05114c74	49	#include "servconf.h"
	50	#include "ssh2.h"
	51	#include "xmalloc.h"
5b9e2464	52	#include "auth-options.h"
a5c9cd31	53
7fceb20d	54	extern ServerOptions options;
7fceb20d	55
05114c74	56	#define __unused
277f55cf	57
05114c74	58	#ifdef USE_POSIX_THREADS
	59	#include <pthread.h>
	60	/*
	61	* Avoid namespace clash when not using pthreads for systems with
	62	* pthreads, which unconditionally define pthread_t via sys/types.h
	63	* (e.g. Linux)
	64	*/
	65	typedef pthread_t sp_pthread_t;
	66	#else
	67	/*
	68	* Simulate threads with processes.
	69	*/
	70	typedef pid_t sp_pthread_t;
a5c9cd31	71
05114c74	72	static void
	73	pthread_exit(void *value __unused)
	74	{
	75	_exit(0);
	76	}
5daf7064	77
05114c74	78	static int
	79	pthread_create(sp_pthread_t thread, const void attr __unused,
	80	void (thread_start)(void ), void arg)
	81	{
	82	pid_t pid;
	83
	84	switch ((pid = fork())) {
	85	case -1:
	86	error("fork(): %s", strerror(errno));
	87	return (-1);
	88	case 0:
	89	thread_start(arg);
	90	_exit(1);
	91	default:
	92	*thread = pid;
	93	return (0);
	94	}
	95	}
a5c9cd31	96
05114c74	97	static int
05114c74	98	pthread_cancel(sp_pthread_t thread)
8c9fe09e	99	{
05114c74	100	return (kill(thread, SIGTERM));
8c9fe09e	101	}
8c9fe09e	102
05114c74	103	static int
05114c74	104	pthread_join(sp_pthread_t thread, void **value __unused)
8c9fe09e	105	{
05114c74	106	int status;
	107
	108	waitpid(thread, &status, 0);
	109	return (status);
8c9fe09e	110	}
05114c74	111	#endif
	112
	113
	114	static pam_handle_t *sshpam_handle;
	115	static int sshpam_err;
	116	static int sshpam_authenticated;
	117	static int sshpam_new_authtok_reqd;
	118	static int sshpam_session_open;
	119	static int sshpam_cred_established;
	120
	121	struct pam_ctxt {
	122	sp_pthread_t pam_thread;
	123	int pam_psock;
	124	int pam_csock;
	125	int pam_done;
	126	};
	127
	128	static void sshpam_free_ctx(void *);
ad55cd03	129
ad55cd03	130	/*
05114c74	131	* Conversation function for authentication thread.
ad55cd03	132	*/
05114c74	133	static int
5b9e2464	134	sshpam_thread_conv(int n, const struct pam_message **msg,
5b9e2464	135	struct pam_response *resp, void data)
a5c9cd31	136	{
05114c74	137	Buffer buffer;
	138	struct pam_ctxt *ctxt;
	139	int i;
	140
	141	ctxt = data;
	142	if (n <= 0 \|\| n > PAM_MAX_NUM_MSG)
	143	return (PAM_CONV_ERR);
	144	resp = xmalloc(n sizeof **resp);
	145	buffer_init(&buffer);
	146	for (i = 0; i < n; ++i) {
	147	resp[i]->resp_retcode = 0;
	148	resp[i]->resp = NULL;
	149	switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
	150	case PAM_PROMPT_ECHO_OFF:
	151	buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
	152	ssh_msg_send(ctxt->pam_csock,
	153	PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
	154	ssh_msg_recv(ctxt->pam_csock, &buffer);
	155	if (buffer_get_char(&buffer) != PAM_AUTHTOK)
	156	goto fail;
	157	resp[i]->resp = buffer_get_string(&buffer, NULL);
	158	break;
	159	case PAM_PROMPT_ECHO_ON:
	160	buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
	161	ssh_msg_send(ctxt->pam_csock,
	162	PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
	163	ssh_msg_recv(ctxt->pam_csock, &buffer);
	164	if (buffer_get_char(&buffer) != PAM_AUTHTOK)
	165	goto fail;
	166	resp[i]->resp = buffer_get_string(&buffer, NULL);
	167	break;
	168	case PAM_ERROR_MSG:
	169	buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
	170	ssh_msg_send(ctxt->pam_csock,
	171	PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
	172	break;
	173	case PAM_TEXT_INFO:
	174	buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
	175	ssh_msg_send(ctxt->pam_csock,
	176	PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
	177	break;
	178	default:
	179	goto fail;
a5c9cd31	180	}
05114c74	181	buffer_clear(&buffer);
a5c9cd31	182	}
05114c74	183	buffer_free(&buffer);
	184	return (PAM_SUCCESS);
	185	fail:
	186	while (i)
	187	xfree(resp[--i]);
	188	xfree(*resp);
	189	*resp = NULL;
	190	buffer_free(&buffer);
	191	return (PAM_CONV_ERR);
	192	}
a5c9cd31	193
05114c74	194	/*
	195	* Authentication thread.
	196	*/
	197	static void *
	198	sshpam_thread(void *ctxtp)
	199	{
	200	struct pam_ctxt *ctxt = ctxtp;
	201	Buffer buffer;
c53917a9	202	struct pam_conv sshpam_conv;
05114c74	203	#ifndef USE_POSIX_THREADS
	204	const char *pam_user;
	205
	206	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
	207	setproctitle("%s [pam]", pam_user);
	208	#endif
a5c9cd31	209
c53917a9	210	sshpam_conv.conv = sshpam_thread_conv;
	211	sshpam_conv.appdata_ptr = ctxt;
	212
05114c74	213	buffer_init(&buffer);
	214	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	215	(const void *)&sshpam_conv);
	216	if (sshpam_err != PAM_SUCCESS)
	217	goto auth_fail;
	218	sshpam_err = pam_authenticate(sshpam_handle, 0);
	219	if (sshpam_err != PAM_SUCCESS)
	220	goto auth_fail;
05114c74	221	buffer_put_cstring(&buffer, "OK");
	222	ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
	223	buffer_free(&buffer);
	224	pthread_exit(NULL);
	225
	226	auth_fail:
	227	buffer_put_cstring(&buffer,
	228	pam_strerror(sshpam_handle, sshpam_err));
	229	ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
	230	buffer_free(&buffer);
	231	pthread_exit(NULL);
	232
	233	return (NULL); /* Avoid warning for non-pthread case */
a5c9cd31	234	}
a5c9cd31	235
05114c74	236	static void
05114c74	237	sshpam_thread_cleanup(void *ctxtp)
a5c9cd31	238	{
05114c74	239	struct pam_ctxt *ctxt = ctxtp;
a5c9cd31	240
05114c74	241	pthread_cancel(ctxt->pam_thread);
	242	pthread_join(ctxt->pam_thread, NULL);
	243	close(ctxt->pam_psock);
	244	close(ctxt->pam_csock);
	245	}
a5c9cd31	246
05114c74	247	static int
5b9e2464	248	sshpam_null_conv(int n, const struct pam_message **msg,
5b9e2464	249	struct pam_response *resp, void data)
05114c74	250	{
05114c74	251	return (PAM_CONV_ERR);
05114c74	252	}
a5c9cd31	253
05114c74	254	static struct pam_conv null_conv = { sshpam_null_conv, NULL };
	255
	256	static void
	257	sshpam_cleanup(void *arg)
	258	{
	259	(void)arg;
	260	debug("PAM: cleanup");
	261	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
	262	if (sshpam_cred_established) {
	263	pam_setcred(sshpam_handle, PAM_DELETE_CRED);
	264	sshpam_cred_established = 0;
	265	}
	266	if (sshpam_session_open) {
	267	pam_close_session(sshpam_handle, PAM_SILENT);
	268	sshpam_session_open = 0;
a5c9cd31	269	}
05114c74	270	sshpam_authenticated = sshpam_new_authtok_reqd = 0;
	271	pam_end(sshpam_handle, sshpam_err);
	272	sshpam_handle = NULL;
a5c9cd31	273	}
a5c9cd31	274
05114c74	275	static int
05114c74	276	sshpam_init(const char *user)
a5c9cd31	277	{
05114c74	278	extern u_int utmp_len;
74678fb9	279	extern char *__progname;
05114c74	280	const char pam_rhost, pam_user;
	281
	282	if (sshpam_handle != NULL) {
	283	/* We already have a PAM context; check if the user matches */
	284	sshpam_err = pam_get_item(sshpam_handle,
	285	PAM_USER, (const void **)&pam_user);
	286	if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
	287	return (0);
	288	fatal_remove_cleanup(sshpam_cleanup, NULL);
	289	pam_end(sshpam_handle, sshpam_err);
	290	sshpam_handle = NULL;
	291	}
	292	debug("PAM: initializing for \"%s\"", user);
01224183	293	sshpam_err =
01224183	294	pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
5ff453c0	295	if (sshpam_err != PAM_SUCCESS) {
	296	pam_end(sshpam_handle, sshpam_err);
	297	sshpam_handle = NULL;
05114c74	298	return (-1);
5ff453c0	299	}
c5a7d788	300	pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns);
05d62329	301	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
05114c74	302	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
5ff453c0	303	if (sshpam_err != PAM_SUCCESS) {
5b9e2464	304	pam_end(sshpam_handle, sshpam_err);
5ff453c0	305	sshpam_handle = NULL;
	306	return (-1);
	307	}
	308	#ifdef PAM_TTY_KLUDGE
	309	/*
	310	* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
	311	* sshd doesn't set the tty until too late in the auth process and
	312	* may not even set one (for tty-less connections)
	313	*/
	314	debug("PAM: setting PAM_TTY to \"ssh\"");
	315	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
05114c74	316	if (sshpam_err != PAM_SUCCESS) {
	317	pam_end(sshpam_handle, sshpam_err);
	318	sshpam_handle = NULL;
	319	return (-1);
a5c9cd31	320	}
5ff453c0	321	#endif
05114c74	322	fatal_add_cleanup(sshpam_cleanup, NULL);
05114c74	323	return (0);
a5c9cd31	324	}
a5c9cd31	325
05114c74	326	static void *
05114c74	327	sshpam_init_ctx(Authctxt *authctxt)
a5c9cd31	328	{
05114c74	329	struct pam_ctxt *ctxt;
05114c74	330	int socks[2];
2b87da3b	331
7fceb20d	332	/* Refuse to start if we don't have PAM enabled */
	333	if (!options.use_pam)
	334	return NULL;
	335
05114c74	336	/* Initialize PAM */
	337	if (sshpam_init(authctxt->user) == -1) {
	338	error("PAM: initialization failed");
	339	return (NULL);
	340	}
5c377b3b	341
05114c74	342	ctxt = xmalloc(sizeof *ctxt);
	343	ctxt->pam_done = 0;
	344
	345	/* Start the authentication thread */
	346	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
	347	error("PAM: failed create sockets: %s", strerror(errno));
	348	xfree(ctxt);
	349	return (NULL);
	350	}
	351	ctxt->pam_psock = socks[0];
	352	ctxt->pam_csock = socks[1];
	353	if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
	354	error("PAM: failed to start authentication thread: %s",
	355	strerror(errno));
	356	close(socks[0]);
	357	close(socks[1]);
	358	xfree(ctxt);
	359	return (NULL);
a5c9cd31	360	}
05114c74	361	fatal_add_cleanup(sshpam_thread_cleanup, ctxt);
	362	return (ctxt);
	363	}
a5c9cd31	364
05114c74	365	static int
	366	sshpam_query(void ctx, char name, char *info,
	367	u_int num, char prompts, u_int echo_on)
	368	{
	369	Buffer buffer;
	370	struct pam_ctxt *ctxt = ctx;
	371	size_t plen;
	372	u_char type;
	373	char *msg;
cbdeccf3	374	size_t len;
05114c74	375
	376	buffer_init(&buffer);
	377	*name = xstrdup("");
	378	*info = xstrdup("");
	379	prompts = xmalloc(sizeof(char ));
	380	**prompts = NULL;
	381	plen = 0;
	382	*echo_on = xmalloc(sizeof(u_int));
	383	while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
	384	type = buffer_get_char(&buffer);
	385	msg = buffer_get_string(&buffer, NULL);
	386	switch (type) {
	387	case PAM_PROMPT_ECHO_ON:
	388	case PAM_PROMPT_ECHO_OFF:
	389	*num = 1;
cbdeccf3	390	len = plen + strlen(msg) + 1;
	391	prompts = xrealloc(prompts, len);
	392	plen += snprintf(**prompts + plen, len, "%s", msg);
05114c74	393	**echo_on = (type == PAM_PROMPT_ECHO_ON);
	394	xfree(msg);
	395	return (0);
	396	case PAM_ERROR_MSG:
	397	case PAM_TEXT_INFO:
	398	/* accumulate messages */
cbdeccf3	399	len = plen + strlen(msg) + 1;
	400	prompts = xrealloc(prompts, len);
	401	plen += snprintf(**prompts + plen, len, "%s", msg);
05114c74	402	xfree(msg);
5daf7064	403	break;
05114c74	404	case PAM_SUCCESS:
	405	case PAM_AUTH_ERR:
	406	if (**prompts != NULL) {
	407	/* drain any accumulated messages */
	408	#if 0 /* XXX - not compatible with privsep */
	409	packet_start(SSH2_MSG_USERAUTH_BANNER);
	410	packet_put_cstring(**prompts);
	411	packet_put_cstring("");
	412	packet_send();
	413	packet_write_wait();
e108cd93	414	#endif
05114c74	415	xfree(**prompts);
	416	**prompts = NULL;
	417	}
	418	if (type == PAM_SUCCESS) {
	419	*num = 0;
	420	**echo_on = 0;
	421	ctxt->pam_done = 1;
	422	xfree(msg);
	423	return (0);
	424	}
	425	error("PAM: %s", msg);
5daf7064	426	default:
05114c74	427	*num = 0;
	428	**echo_on = 0;
	429	xfree(msg);
	430	ctxt->pam_done = -1;
	431	return (-1);
	432	}
a5c9cd31	433	}
05114c74	434	return (-1);
a5c9cd31	435	}
a5c9cd31	436
05114c74	437	/* XXX - see also comment in auth-chall.c:verify_response */
	438	static int
	439	sshpam_respond(void ctx, u_int num, char *resp)
a5c9cd31	440	{
05114c74	441	Buffer buffer;
	442	struct pam_ctxt *ctxt = ctx;
	443
	444	debug2("PAM: %s", __func__);
	445	switch (ctxt->pam_done) {
	446	case 1:
	447	sshpam_authenticated = 1;
	448	return (0);
	449	case 0:
	450	break;
	451	default:
	452	return (-1);
a5c9cd31	453	}
05114c74	454	if (num != 1) {
	455	error("PAM: expected one response, got %u", num);
	456	return (-1);
	457	}
	458	buffer_init(&buffer);
	459	buffer_put_cstring(&buffer, *resp);
	460	ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer);
	461	buffer_free(&buffer);
	462	return (1);
a5c9cd31	463	}
a5c9cd31	464
05114c74	465	static void
05114c74	466	sshpam_free_ctx(void *ctxtp)
a5c9cd31	467	{
05114c74	468	struct pam_ctxt *ctxt = ctxtp;
39ce53de	469
05114c74	470	fatal_remove_cleanup(sshpam_thread_cleanup, ctxt);
	471	sshpam_thread_cleanup(ctxtp);
	472	xfree(ctxt);
	473	/*
	474	* We don't call sshpam_cleanup() here because we may need the PAM
	475	* handle at a later stage, e.g. when setting up a session. It's
	476	* still on the cleanup list, so pam_end() will be called before
	477	* the server process terminates.
	478	*/
ad55cd03	479	}
ad55cd03	480
05114c74	481	KbdintDevice sshpam_device = {
	482	"pam",
	483	sshpam_init_ctx,
	484	sshpam_query,
	485	sshpam_respond,
	486	sshpam_free_ctx
	487	};
	488
	489	KbdintDevice mm_sshpam_device = {
	490	"pam",
	491	mm_sshpam_init_ctx,
	492	mm_sshpam_query,
	493	mm_sshpam_respond,
	494	mm_sshpam_free_ctx
	495	};
2919e060	496
2b87da3b	497	/*
05114c74	498	* This replaces auth-pam.c
ad55cd03	499	*/
05114c74	500	void
05114c74	501	start_pam(const char *user)
ad55cd03	502	{
817e6d38	503	if (!options.use_pam)
	504	fatal("PAM: initialisation requested when UsePAM=no");
	505
05114c74	506	if (sshpam_init(user) == -1)
05114c74	507	fatal("PAM: initialisation failed");
a5c9cd31	508	}
a5c9cd31	509
05114c74	510	void
05114c74	511	finish_pam(void)
a5c9cd31	512	{
05114c74	513	fatal_remove_cleanup(sshpam_cleanup, NULL);
05114c74	514	sshpam_cleanup(NULL);
a5c9cd31	515	}
a5c9cd31	516
5b9e2464	517	u_int
5b9e2464	518	do_pam_account(void)
a5c9cd31	519	{
5b9e2464	520	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
	521	debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
	522
	523	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
	524	return (0);
	525
	526	if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
	527	sshpam_new_authtok_reqd = 1;
	528
	529	/* Prevent forwardings until password changed */
	530	no_port_forwarding_flag \|= 2;
	531	no_agent_forwarding_flag \|= 2;
	532	no_x11_forwarding_flag \|= 2;
	533	}
	534
05114c74	535	return (1);
05114c74	536	}
46c76c63	537
05114c74	538	void
49e82bb9	539	do_pam_session(void)
05114c74	540	{
	541	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	542	(const void *)&null_conv);
	543	if (sshpam_err != PAM_SUCCESS)
	544	fatal("PAM: failed to set PAM_CONV: %s",
	545	pam_strerror(sshpam_handle, sshpam_err));
49e82bb9	546	sshpam_err = pam_open_session(sshpam_handle, 0);
	547	if (sshpam_err != PAM_SUCCESS)
	548	fatal("PAM: pam_open_session(): %s",
	549	pam_strerror(sshpam_handle, sshpam_err));
	550	sshpam_session_open = 1;
	551	}
	552
	553	void
	554	do_pam_set_tty(const char *tty)
	555	{
26b3608b	556	if (tty != NULL) {
	557	debug("PAM: setting PAM_TTY to \"%s\"", tty);
	558	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
	559	if (sshpam_err != PAM_SUCCESS)
	560	fatal("PAM: failed to set PAM_TTY: %s",
	561	pam_strerror(sshpam_handle, sshpam_err));
	562	}
05114c74	563	}
cbd7492e	564
05114c74	565	void
	566	do_pam_setcred(int init)
	567	{
	568	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	569	(const void *)&null_conv);
	570	if (sshpam_err != PAM_SUCCESS)
	571	fatal("PAM: failed to set PAM_CONV: %s",
	572	pam_strerror(sshpam_handle, sshpam_err));
	573	if (init) {
	574	debug("PAM: establishing credentials");
	575	sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
	576	} else {
	577	debug("PAM: reinitializing credentials");
	578	sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
	579	}
	580	if (sshpam_err == PAM_SUCCESS) {
	581	sshpam_cred_established = 1;
	582	return;
	583	}
	584	if (sshpam_authenticated)
	585	fatal("PAM: pam_setcred(): %s",
	586	pam_strerror(sshpam_handle, sshpam_err));
	587	else
	588	debug("PAM: pam_setcred(): %s",
	589	pam_strerror(sshpam_handle, sshpam_err));
a5c9cd31	590	}
a5c9cd31	591
05114c74	592	int
05114c74	593	is_pam_password_change_required(void)
a5c9cd31	594	{
05114c74	595	return (sshpam_new_authtok_reqd);
a5c9cd31	596	}
a5c9cd31	597
05114c74	598	static int
5b9e2464	599	pam_chauthtok_conv(int n, const struct pam_message **msg,
5b9e2464	600	struct pam_response *resp, void data)
ee48c949	601	{
05114c74	602	char input[PAM_MAX_MSG_SIZE];
ee48c949	603	int i;
ee48c949	604
05114c74	605	if (n <= 0 \|\| n > PAM_MAX_NUM_MSG)
	606	return (PAM_CONV_ERR);
	607	resp = xmalloc(n sizeof **resp);
	608	for (i = 0; i < n; ++i) {
	609	switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
	610	case PAM_PROMPT_ECHO_OFF:
	611	resp[i]->resp =
	612	read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
	613	RP_ALLOW_STDIN);
	614	resp[i]->resp_retcode = PAM_SUCCESS;
	615	break;
	616	case PAM_PROMPT_ECHO_ON:
	617	fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
	618	fgets(input, sizeof input, stdin);
	619	resp[i]->resp = xstrdup(input);
	620	resp[i]->resp_retcode = PAM_SUCCESS;
	621	break;
	622	case PAM_ERROR_MSG:
	623	case PAM_TEXT_INFO:
	624	fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
	625	resp[i]->resp_retcode = PAM_SUCCESS;
	626	break;
	627	default:
	628	goto fail;
	629	}
ee48c949	630	}
05114c74	631	return (PAM_SUCCESS);
	632	fail:
	633	while (i)
	634	xfree(resp[--i]);
	635	xfree(*resp);
	636	*resp = NULL;
	637	return (PAM_CONV_ERR);
ee48c949	638	}
ee48c949	639
05114c74	640	/*
	641	* XXX this should be done in the authentication phase, but ssh1 doesn't
	642	* support that
	643	*/
	644	void
	645	do_pam_chauthtok(void)
a5c9cd31	646	{
c53917a9	647	struct pam_conv pam_conv;
	648
	649	pam_conv.conv = pam_chauthtok_conv;
	650	pam_conv.appdata_ptr = NULL;
05114c74	651
05114c74	652	if (use_privsep)
5b9e2464	653	fatal("Password expired (unable to change with privsep)");
05114c74	654	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	655	(const void *)&pam_conv);
	656	if (sshpam_err != PAM_SUCCESS)
	657	fatal("PAM: failed to set PAM_CONV: %s",
	658	pam_strerror(sshpam_handle, sshpam_err));
	659	debug("PAM: changing password");
	660	sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
	661	if (sshpam_err != PAM_SUCCESS)
	662	fatal("PAM: pam_chauthtok(): %s",
	663	pam_strerror(sshpam_handle, sshpam_err));
5daf7064	664	}
5daf7064	665
749560dd	666	/*
	667	* Set a PAM environment string. We need to do this so that the session
	668	* modules can handle things like Kerberos/GSI credentials that appear
	669	* during the ssh authentication process.
	670	*/
	671
	672	int
	673	do_pam_putenv(char name, char value)
	674	{
749560dd	675	int ret = 1;
749560dd	676	#ifdef HAVE_PAM_PUTENV
263c65df	677	char *compound;
	678	size_t len;
	679
	680	len = strlen(name) + strlen(value) + 2;
	681	compound = xmalloc(len);
	682
	683	snprintf(compound, len, "%s=%s", name, value);
	684	ret = pam_putenv(sshpam_handle, compound);
	685	xfree(compound);
749560dd	686	#endif
263c65df	687
749560dd	688	return (ret);
	689	}
	690
05114c74	691	void
05114c74	692	print_pam_messages(void)
5daf7064	693	{
05114c74	694	/* XXX */
05114c74	695	}
2b87da3b	696
05114c74	697	char **
	698	fetch_pam_environment(void)
	699	{
	700	#ifdef HAVE_PAM_GETENVLIST
	701	debug("PAM: retrieving environment");
	702	return (pam_getenvlist(sshpam_handle));
	703	#else
	704	return (NULL);
	705	#endif
	706	}
5c377b3b	707
05114c74	708	void
	709	free_pam_environment(char **env)
	710	{
	711	char **envp;
5daf7064	712
0eb6370a	713	if (env == NULL)
	714	return;
	715
05114c74	716	for (envp = env; *envp; envp++)
	717	xfree(*envp);
	718	xfree(env);
a5c9cd31	719	}
	720
	721	#endif /* USE_PAM */