1 files changed, 101 insertions, 0 deletions

diff --git a/pam_network_manager.c b/pam_network_manager.c
new file mode 100644
index 0000000..15a2f3c
--- /dev/null
+++ b/pam_network_manager.c
@@ -0,0 +1,101 @@
+/*
+  Copyright (c) 2015, Kristof Stahl <stahl@itsc.uni-luebeck.de>
+  Copyright (c) 2015, Matthias Schiffer <mschiffer@universe-factory.net>
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+    2. Redistributions in binary form must reproduce the above copyright notice,
+       this list of conditions and the following disclaimer in the documentation
+       and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+  CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+/*
+  See:
+
+  http://www.linux-pam.org/Linux-PAM-html/mwg-expected-of-module-auth.html
+  http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html
+  http://www.linux-pam.org/Linux-PAM-html/mwg-see-programming-libs.html
+  some (bad) example.. https://github.com/beatgammit/simple-pam/blob/master/src/mypam.c
+*/
+
+#define PAM_SM_AUTH
+
+#include <stdio.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <security/pam_modules.h>
+
+#include <config.h>
+
+
+#define UNUSED __attribute__((unused))
+
+
+static int authenticate(const char *user, const char *pass) {
+	FILE *stream = popen(PAM_NETWORK_MANAGER_HELPER, "we");
+
+	fputs(user, stream);
+	fputc(0, stream);
+	fputs(pass, stream);
+
+	int status = pclose(stream);
+
+	if (WIFEXITED(status))
+		return WEXITSTATUS(status);
+	else
+		return PAM_SYSTEM_ERR;
+}
+
+#ifdef TEST
+
+int main(int argc, char *argv[]) {
+	if (argc != 2) {
+		fprintf(stderr, "Usage: pam_network_manager_test <user>\n");
+		return 1;
+	}
+
+	char *pass = getpass("Password: ");
+
+	fprintf(stderr, "Return: %i\n", authenticate(argv[1], pass));
+
+	return 0;
+}
+
+#else
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, UNUSED int flags, UNUSED int argc, UNUSED const char **argv) {
+	const void *pass;
+	const void *user;
+	int result;
+
+	result = pam_get_item(pamh, PAM_USER, &user);
+	if (result != PAM_SUCCESS)
+		return PAM_INCOMPLETE;
+
+	result = pam_get_item(pamh, PAM_AUTHTOK, &pass);
+	if (result != PAM_SUCCESS)
+		return PAM_INCOMPLETE;
+
+	return authenticate(user, pass);
+}
+
+#endif