~titusx/nginx/module-auth-pam

« back to all changes in this revision

Viewing changes to ngx_http_auth_pam_module.c

• browse files at revision 6
• compare with another revision
• download diff
• download tarball
• view history from revision 6

Show diffs side-by-side

added

removed

ngx_http_auth_pam_module.c

19

19

    ngx_str_t  passwd;

20

20

} ngx_http_auth_pam_ctx_t;

21

21

 

22

 

/* PAM userinfo */

 

22

/* PAM authinfo */

23

23

typedef struct {

24

24

    ngx_str_t  username;

25

25

    ngx_str_t  password;

26

 

} ngx_pam_userinfo;

 

26

    ngx_log_t  *log;

 

27

} ngx_pam_authinfo;

27

28

 

28

29

/* Module configuration struct */

29

30

typedef struct {

151

152

                    struct pam_response ** resp, void *appdata_ptr)

152

153

{

153

154

    int  i;

154

 

    ngx_pam_userinfo  *uinfo;

 

155

    ngx_pam_authinfo  *ainfo;

155

156

    struct pam_response  *response;

156

157

 

157

 

    uinfo = (ngx_pam_userinfo *) appdata_ptr;

 

158

    ainfo = (ngx_pam_authinfo *) appdata_ptr;

158

159

    response = NULL;

159

160

 

160

161

    /* parameter sanity checking */

161

 

    if (!resp || !msg || !uinfo)

 

162

    if (!resp || !msg || !ainfo)

162

163

        return PAM_CONV_ERR;

163

164

 

164

165

    /* allocate memory to store response */

176

177

        switch (msg[i]->msg_style) {

177

178

        case PAM_PROMPT_ECHO_ON:

178

179

            /* on memory allocation failure, auth fails */

179

 

            response[i].resp = strdup((const char *)uinfo->username.data);

 

180

            response[i].resp = strdup((const char *)ainfo->username.data);

180

181

            break;

181

182

        case PAM_PROMPT_ECHO_OFF:

182

 

            response[i].resp = strdup((const char *)uinfo->password.data);

 

183

            response[i].resp = strdup((const char *)ainfo->password.data);

 

184

            break;

 

185

        case PAM_ERROR_MSG:

 

186

            ngx_log_error(NGX_LOG_ERR, ainfo->log, 0,

 

187

                          "PAM: \'%s\'.", msg[i]->msg);

 

188

            break;

 

189

        case PAM_TEXT_INFO:

 

190

            ngx_log_error(NGX_LOG_INFO, ainfo->log, 0,

 

191

                          "PAM: \'%s\'.", msg[i]->msg);

183

192

            break;

184

193

        default:

185

194

            free_resp(i, response);

277

286

    ngx_int_t   rc;

278

287

    ngx_http_auth_pam_loc_conf_t  *alcf;

279

288

 

280

 

    ngx_pam_userinfo  uinfo;

 

289

    ngx_pam_authinfo  ainfo;

281

290

    struct pam_conv   conv_info;        /* PAM struct */

282

291

    pam_handle_t      *pamh;

283

292

    u_char            *service_name;

303

312

    p = ngx_cpymem(uname_buf, r->headers_in.user.data , len);

304

313

    *p ='\0';

305

314

 

306

 

    uinfo.username.data = uname_buf;

307

 

    uinfo.username.len  = len;

308

 

 

309

 

    uinfo.password.data = r->headers_in.passwd.data;

310

 

    uinfo.password.len  = r->headers_in.passwd.len;

 

315

    ainfo.username.data = uname_buf;

 

316

    ainfo.username.len  = len;

 

317

 

 

318

    ainfo.password.data = r->headers_in.passwd.data;

 

319

    ainfo.password.len  = r->headers_in.passwd.len;

 

320

 

 

321

    ainfo.log = r->connection->log;

311

322

 

312

323

    conv_info.conv = &ngx_auth_pam_talker;

313

 

    conv_info.appdata_ptr = (void *) &uinfo;

 

324

    conv_info.appdata_ptr = (void *) &ainfo;

314

325

 

315

326

    pamh = NULL;

316

327

 

321

332

        service_name = alcf->service_name.data;

322

333

    }

323

334

    if ((rc = pam_start((const char *) service_name,

324

 

                        (const char *) uinfo.username.data,

 

335

                        (const char *) ainfo.username.data,

325

336

                        &conv_info,

326

337

                        &pamh)) != PAM_SUCCESS) {

327

338

        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,

339

350

                               PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {

340

351

        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,

341

352

                      "PAM: user '%s' - not authenticated: %s",

342

 

                      uinfo.username.data, pam_strerror(pamh, rc));

 

353

                      ainfo.username.data, pam_strerror(pamh, rc));

343

354

        pam_end(pamh, PAM_SUCCESS);

344

355

        return ngx_http_auth_pam_set_realm(r, &alcf->realm);

345

356

    }   /* endif authenticate */

348

359

    if ((rc = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {

349

360

        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,

350

361

                      "PAM: user '%s'  - invalid account: %s",

351

 

                      uinfo.username.data, pam_strerror(pamh, rc));

 

362

                      ainfo.username.data, pam_strerror(pamh, rc));

352

363

        pam_end(pamh, PAM_SUCCESS);

353

364

        return ngx_http_auth_pam_set_realm(r, &alcf->realm);

354

365

    }

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1