2 * Copyright (c) 2015 Nathan Holstein <nathan.holstein@gmail.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <sys/types.h>
20 #include <readpassphrase.h>
24 #include <security/pam_appl.h>
28 #define PAM_SERVICE "sudo"
30 #define __UNUSED __attribute__ ((unused))
33 pam_conv(__UNUSED int huh, __UNUSED const struct pam_message **msg,
34 __UNUSED struct pam_response **rsp, __UNUSED void *ptr)
39 static struct pam_conv conv = {
45 check_pam(const char *user)
47 fprintf(stderr, "check_pam(%s)\n", user);
50 pam_handle_t *pamh = NULL;
52 ret = pam_start(PAM_SERVICE, user, &conv, &pamh);
54 fprintf(stderr, "pam_start(\"%s\", \"%s\", ?, ?): failed\n",
59 if ((ret = pam_close_session(pamh, 0)) != 0) {
60 fprintf(stderr, "pam_close_session(): %s\n", pam_strerror(pamh, ret));
68 auth_userokay(char *name, char *style, char *type, char *password)
72 if (style || type || password) {
73 fprintf(stderr, "auth_userokay(name, NULL, NULL, NULL)!\n");
77 int ret = check_pam(name);
79 fprintf(stderr, "PAM authentication failed\n");
85 if (readpassphrase("Password: ", passbuf, sizeof(passbuf),
86 RPP_REQUIRE_TTY) == NULL)
89 explicit_bzero(passbuf, sizeof(passbuf));
92 fprintf(stderr, "failing auth check for %s\n", name);