2019-09-27 13:47:45 +00:00
|
|
|
|
2019-09-09 09:17:41 +00:00
|
|
|
/*
|
|
|
|
|
* Odyssey.
|
|
|
|
|
*
|
|
|
|
|
* Scalable PostgreSQL connection pooler.
|
2020-04-02 11:00:56 +00:00
|
|
|
*/
|
2019-09-09 09:17:41 +00:00
|
|
|
|
2019-09-27 13:47:45 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2019-09-09 09:17:41 +00:00
|
|
|
#include <security/pam_appl.h>
|
2019-09-27 13:47:45 +00:00
|
|
|
|
2019-09-09 09:17:41 +00:00
|
|
|
#include <kiwi.h>
|
2019-09-27 13:47:45 +00:00
|
|
|
#include <odyssey.h>
|
2019-09-09 09:17:41 +00:00
|
|
|
|
|
|
|
|
static int
|
2019-09-27 13:47:45 +00:00
|
|
|
od_pam_conversation(int msgc,
|
|
|
|
|
const struct pam_message **msgv,
|
|
|
|
|
struct pam_response **rspv,
|
|
|
|
|
void *authdata)
|
|
|
|
|
{
|
|
|
|
|
char *password = (char *)authdata;
|
|
|
|
|
if (msgc < 1 || msgv == NULL || password == NULL)
|
2019-09-09 09:17:41 +00:00
|
|
|
return PAM_CONV_ERR;
|
2019-09-27 13:47:45 +00:00
|
|
|
|
2019-09-09 09:17:41 +00:00
|
|
|
*rspv = malloc(msgc * sizeof(struct pam_response));
|
2019-09-27 13:47:45 +00:00
|
|
|
if (*rspv == NULL)
|
2019-09-09 09:17:41 +00:00
|
|
|
return PAM_CONV_ERR;
|
|
|
|
|
memset(*rspv, 0, msgc * sizeof(struct pam_response));
|
2019-09-27 13:47:45 +00:00
|
|
|
|
2020-04-02 11:00:56 +00:00
|
|
|
int rc = PAM_SUCCESS;
|
2019-09-27 13:47:45 +00:00
|
|
|
int counter = 0;
|
2020-04-02 11:00:56 +00:00
|
|
|
for (; counter < msgc; counter++) {
|
2019-09-09 09:17:41 +00:00
|
|
|
if (msgv[counter]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
|
|
|
|
(*rspv)[counter].resp = strdup(password);
|
|
|
|
|
if ((*rspv)[counter].resp == NULL) {
|
2019-09-27 13:47:45 +00:00
|
|
|
rc = PAM_CONV_ERR;
|
|
|
|
|
break;
|
2019-09-09 09:17:41 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-04-02 11:00:56 +00:00
|
|
|
|
2019-09-27 13:47:45 +00:00
|
|
|
if (rc != PAM_SUCCESS) {
|
|
|
|
|
for (; counter >= 0; counter--) {
|
|
|
|
|
if (msgv[counter]->msg_style == PAM_PROMPT_ECHO_OFF)
|
|
|
|
|
free((*rspv)[counter].resp);
|
|
|
|
|
}
|
2019-09-09 09:17:41 +00:00
|
|
|
free(*rspv);
|
2019-09-28 14:27:34 +00:00
|
|
|
*rspv = NULL;
|
2019-09-09 09:17:41 +00:00
|
|
|
}
|
2019-09-27 13:47:45 +00:00
|
|
|
|
|
|
|
|
return rc;
|
2019-09-09 09:17:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2020-06-04 17:35:44 +00:00
|
|
|
od_pam_auth(char *od_pam_service,
|
2020-06-09 09:19:11 +00:00
|
|
|
od_pam_auth_data_t *auth_data,
|
2020-06-04 17:35:44 +00:00
|
|
|
machine_io_t *io)
|
2019-09-27 13:47:45 +00:00
|
|
|
{
|
2020-04-02 11:00:56 +00:00
|
|
|
struct pam_conv conv = {
|
2019-09-27 13:47:45 +00:00
|
|
|
od_pam_conversation,
|
2020-06-09 09:19:11 +00:00
|
|
|
.appdata_ptr = NULL,
|
2019-09-09 09:17:41 +00:00
|
|
|
};
|
2020-06-09 09:19:11 +00:00
|
|
|
char *usrname;
|
|
|
|
|
|
|
|
|
|
od_list_t *i;
|
|
|
|
|
od_list_foreach(&auth_data->link, i)
|
|
|
|
|
{
|
|
|
|
|
od_pam_auth_data_t *param;
|
|
|
|
|
param = od_container_of(i, od_pam_auth_data_t, link);
|
|
|
|
|
switch (param->key) {
|
|
|
|
|
case PAM_USER:
|
|
|
|
|
usrname = param->value;
|
|
|
|
|
break;
|
|
|
|
|
case PAM_AUTHTOK:
|
|
|
|
|
conv.appdata_ptr = param->value;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-09-09 09:17:41 +00:00
|
|
|
|
|
|
|
|
pam_handle_t *pamh = NULL;
|
2019-09-27 13:47:45 +00:00
|
|
|
int rc;
|
2020-06-09 09:19:11 +00:00
|
|
|
rc = pam_start(od_pam_service, usrname, &conv, &pamh);
|
2019-09-27 13:47:45 +00:00
|
|
|
if (rc != PAM_SUCCESS)
|
|
|
|
|
goto error;
|
2020-04-02 11:00:56 +00:00
|
|
|
|
2020-06-04 17:35:44 +00:00
|
|
|
char peer[128];
|
|
|
|
|
od_getpeername(io, peer, sizeof(peer), 1, 0);
|
|
|
|
|
rc = pam_set_item(pamh, PAM_RHOST, peer);
|
|
|
|
|
if (rc != PAM_SUCCESS) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2020-04-07 08:58:13 +00:00
|
|
|
|
2019-09-27 13:47:45 +00:00
|
|
|
rc = pam_authenticate(pamh, 0);
|
|
|
|
|
if (rc != PAM_SUCCESS)
|
|
|
|
|
goto error;
|
2020-04-02 11:00:56 +00:00
|
|
|
|
2019-09-27 13:47:45 +00:00
|
|
|
rc = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
|
|
if (rc != PAM_SUCCESS)
|
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
|
|
rc = pam_end(pamh, rc);
|
|
|
|
|
if (rc != PAM_SUCCESS)
|
2019-09-09 09:17:41 +00:00
|
|
|
return -1;
|
|
|
|
|
|
2019-09-27 13:47:45 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
pam_end(pamh, rc);
|
|
|
|
|
return -1;
|
2019-09-09 09:17:41 +00:00
|
|
|
}
|
2020-06-09 09:19:11 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
od_pam_convert_usr_passwd(od_pam_auth_data_t *d, char *usr, char *passwd)
|
|
|
|
|
{
|
|
|
|
|
od_pam_auth_data_t usr_data;
|
|
|
|
|
usr_data.key = PAM_USER;
|
|
|
|
|
usr_data.value = usr;
|
|
|
|
|
|
|
|
|
|
od_list_init(&usr_data.link);
|
|
|
|
|
|
|
|
|
|
od_pam_auth_data_t passwd_data;
|
|
|
|
|
passwd_data.key = PAM_AUTHTOK;
|
|
|
|
|
passwd_data.value = passwd;
|
|
|
|
|
|
|
|
|
|
od_list_append(&d->link, &passwd_data.link);
|
|
|
|
|
od_list_append(&d->link, &usr_data.link);
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
od_pam_auth_data_t *
|
|
|
|
|
od_pam_auth_data_create()
|
|
|
|
|
{
|
|
|
|
|
od_pam_auth_data_t *d;
|
|
|
|
|
d = (od_pam_auth_data_t *)malloc(sizeof(*d));
|
|
|
|
|
if (d == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
od_list_init(&d->link);
|
|
|
|
|
|
|
|
|
|
return d;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
od_pam_auth_data_free(od_pam_auth_data_t *d)
|
|
|
|
|
{
|
|
|
|
|
od_list_unlink(&d->link);
|
|
|
|
|
free(d);
|
|
|
|
|
}
|
