diff options
author | markm <markm@FreeBSD.org> | 2001-05-29 18:32:17 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-05-29 18:32:17 +0000 |
commit | 8d833bf6a1dc67213e8fe8c5774ae6a413dd2deb (patch) | |
tree | eedffe7280d5301f52da4b686f561d61acd4d735 /contrib/libpam/modules/pam_shells | |
parent | fdb8cf17739d4a5c562ccce5e7c635e0a9ce985d (diff) | |
download | FreeBSD-src-8d833bf6a1dc67213e8fe8c5774ae6a413dd2deb.zip FreeBSD-src-8d833bf6a1dc67213e8fe8c5774ae6a413dd2deb.tar.gz |
Bring back from the er, dead some useful PAM modules.
Diffstat (limited to 'contrib/libpam/modules/pam_shells')
-rw-r--r-- | contrib/libpam/modules/pam_shells/Makefile | 16 | ||||
-rw-r--r-- | contrib/libpam/modules/pam_shells/README | 11 | ||||
-rw-r--r-- | contrib/libpam/modules/pam_shells/pam_shells.c | 134 |
3 files changed, 161 insertions, 0 deletions
diff --git a/contrib/libpam/modules/pam_shells/Makefile b/contrib/libpam/modules/pam_shells/Makefile new file mode 100644 index 0000000..f607804 --- /dev/null +++ b/contrib/libpam/modules/pam_shells/Makefile @@ -0,0 +1,16 @@ +# +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ +# $FreeBSD$ +# +# This Makefile controls a build process of $(TITLE) module for +# Linux-PAM. You should not modify this Makefile (unless you know +# what you are doing!). +# +# Created by Andrew Morgan <morgan@linux.kernel.org> 2000/08/27 +# + +include ../../Make.Rules + +TITLE=pam_shells + +include ../Simple.Rules diff --git a/contrib/libpam/modules/pam_shells/README b/contrib/libpam/modules/pam_shells/README new file mode 100644 index 0000000..7e358fe --- /dev/null +++ b/contrib/libpam/modules/pam_shells/README @@ -0,0 +1,11 @@ +$FreeBSD$ +pam_shells: + Authentication is granted if the users shell is listed in + /etc/shells. If no shell is in /etc/passwd (empty), the + /bin/sh is used (following ftpd's convention). + + Also checks to make sure that /etc/shells is a plain + file and not world writable. + + - Erik Troan <ewt@redhat.com>, Red Hat Software. + August 5, 1996. diff --git a/contrib/libpam/modules/pam_shells/pam_shells.c b/contrib/libpam/modules/pam_shells/pam_shells.c new file mode 100644 index 0000000..d83e0f2 --- /dev/null +++ b/contrib/libpam/modules/pam_shells/pam_shells.c @@ -0,0 +1,134 @@ +/* pam_shells module */ + +#define SHELL_FILE "/etc/shells" + +/* + * by Erik Troan <ewt@redhat.com>, Red Hat Software. + * August 5, 1996. + * This code shamelessly ripped from the pam_securetty module. + * $FreeBSD$ + */ + +#define _BSD_SOURCE + +#include <pwd.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/stat.h> +#include <syslog.h> +#include <unistd.h> + +/* + * here, we make a definition for the externally accessible function + * in this file (this definition is required for static a module + * but strongly encouraged generally) it is used to instruct the + * modules include file to define the function prototypes. + */ + +#define PAM_SM_AUTH + +#include <security/pam_modules.h> + +/* some syslogging */ + +static void _pam_log(int err, const char *format, ...) +{ + va_list args; + + va_start(args, format); + openlog("PAM-shells", LOG_CONS|LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +/* --- authentication management functions (only) --- */ + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc + ,const char **argv) +{ + int retval = PAM_AUTH_ERR; + const char *userName; + char *userShell; + char shellFileLine[256]; + struct stat sb; + struct passwd * pw; + FILE * shellFile; + + retval = pam_get_user(pamh,&userName,NULL); + if(retval != PAM_SUCCESS) + return PAM_SERVICE_ERR; + + if(!userName || (strlen(userName) <= 0)) { + /* Don't let them use a NULL username... */ + pam_get_user(pamh,&userName,NULL); + if (retval != PAM_SUCCESS) + return PAM_SERVICE_ERR; + } + + pw = getpwnam(userName); + if (!pw) + return PAM_AUTH_ERR; /* user doesn't exist */ + userShell = pw->pw_shell; + + if(stat(SHELL_FILE,&sb)) { + _pam_log(LOG_ERR, + "%s cannot be stat'd (it probably does not exist)", SHELL_FILE); + return PAM_AUTH_ERR; /* must have /etc/shells */ + } + + if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { + _pam_log(LOG_ERR, + "%s is either world writable or not a normal file", SHELL_FILE); + return PAM_AUTH_ERR; + } + + shellFile = fopen(SHELL_FILE,"r"); + if(shellFile == NULL) { /* Check that we opened it successfully */ + _pam_log(LOG_ERR, + "Error opening %s", SHELL_FILE); + return PAM_SERVICE_ERR; + } + /* There should be no more errors from here on */ + retval=PAM_AUTH_ERR; + /* This loop assumes that PAM_SUCCESS == 0 + and PAM_AUTH_ERR != 0 */ + while((fgets(shellFileLine,255,shellFile) != NULL) + && retval) { + if (shellFileLine[strlen(shellFileLine) - 1] == '\n') + shellFileLine[strlen(shellFileLine) - 1] = '\0'; + retval = strcmp(shellFileLine, userShell); + } + fclose(shellFile); + if(retval) + retval = PAM_AUTH_ERR; + return retval; +} + +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc + ,const char **argv) +{ + return PAM_SUCCESS; +} + + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_shells_modstruct = { + "pam_shells", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + NULL, + NULL, + NULL, +}; + +#endif + +/* end of module definition */ |