diff options
author | markm <markm@FreeBSD.org> | 2001-07-09 18:20:51 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-07-09 18:20:51 +0000 |
commit | 88dfad04754b515a37f4e9e42d148dcbb94385e1 (patch) | |
tree | 378b20c457a49f2edafff995d0e8095ff122e4bd /lib/libpam/modules/pam_nologin | |
parent | ff28ba8b35ae499e8aa7c00b688e3fabb53798e6 (diff) | |
download | FreeBSD-src-88dfad04754b515a37f4e9e42d148dcbb94385e1.zip FreeBSD-src-88dfad04754b515a37f4e9e42d148dcbb94385e1.tar.gz |
Clean up (and in some cases write) the PAM mudules, using
o The new options-processing API
o The new DEBUG-logging API
Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.
Audit, clean up while I'm here.
Diffstat (limited to 'lib/libpam/modules/pam_nologin')
-rw-r--r-- | lib/libpam/modules/pam_nologin/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_nologin/pam_nologin.8 | 77 | ||||
-rw-r--r-- | lib/libpam/modules/pam_nologin/pam_nologin.c | 115 |
3 files changed, 193 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile index db23a3d..bc18408 100644 --- a/lib/libpam/modules/pam_nologin/Makefile +++ b/lib/libpam/modules/pam_nologin/Makefile @@ -27,7 +27,6 @@ LIB= pam_nologin SHLIB_NAME= pam_nologin.so SRCS= pam_nologin.c +MAN= pam_nologin.8 .include <bsd.lib.mk> - -.PATH: ${PAMDIR}/modules/pam_nologin diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.8 b/lib/libpam/modules/pam_nologin/pam_nologin.8 new file mode 100644 index 0000000..dd39981 --- /dev/null +++ b/lib/libpam/modules/pam_nologin/pam_nologin.8 @@ -0,0 +1,77 @@ +.\" Copyright (c) 2001 Mark R V Murray +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd July 8, 2001 +.Dt PAM_NOLOGIN 8 +.Os +.Sh NAME +.Nm pam_nologin +.Nd NoLogin PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_nologin +.Op Ar options +.Sh DESCRIPTION +The NoLogin authentication service module for PAM, +.Nm +provides functionality for only one PAM category: +authentication. +In terms of the +.Ar module-type +parameter, this is the +.Dv auth +feature. +It also provides a null function for session management. +.Ss NoLogin Authentication Module +The NoLogin authentication component +.Pq Fn pam_sm_authenticate , +always returns success for the superuser, +and returns success for all other users +if the file +.Pa /var/run/nologin +does not exist. +If +.Pa /var/run/nologin +does exist, +then its contents are echoed +to non-superusers +before failure is returned. +.Pp +The following options may be passed to the authentication module: +.Bl -tag -xwidth ".Cm use_first_pass" +.It Cm debug +.Xr syslog 3 +debugging information at +.Dv LOG_DEBUG +level. +.El +.Sh SEE ALSO +.Xr syslog 3 , +.Xr nologin 5 , +.Xr pam.conf 5 , +.Xr pam 8 diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c b/lib/libpam/modules/pam_nologin/pam_nologin.c new file mode 100644 index 0000000..4a56342 --- /dev/null +++ b/lib/libpam/modules/pam_nologin/pam_nologin.c @@ -0,0 +1,115 @@ +/*- + * Copyright 2001 Mark R V Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#define PAM_SM_AUTH + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <pwd.h> + +#include <security/_pam_macros.h> +#include <security/pam_modules.h> +#include "pam_mod_misc.h" + +#define NOLOGIN "/var/run/nologin" + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + struct options options; + struct pam_conv *conv; + struct pam_message message, *pmessage; + struct pam_response *resp; + struct passwd *user_pwd; + struct stat st; + int retval, fd; + const char *user; + char *mtmp; + + pam_std_option(&options, NULL, argc, argv); + + PAM_LOG("Options processed"); + + retval = pam_get_user(pamh, &user, NULL); + if (retval != PAM_SUCCESS) + PAM_RETURN(retval); + + PAM_LOG("Got user: %s", user); + + fd = open(NOLOGIN, O_RDONLY, 0); + if (fd < 0) + PAM_RETURN(PAM_SUCCESS); + + PAM_LOG("Opened %s file", NOLOGIN); + + user_pwd = getpwnam(user); + if (user_pwd && user_pwd->pw_uid == 0) { + message.msg_style = PAM_TEXT_INFO; + retval = PAM_SUCCESS; + } + else { + message.msg_style = PAM_ERROR_MSG; + if (!user_pwd) + retval = PAM_USER_UNKNOWN; + else + retval = PAM_AUTH_ERR; + } + + if (fstat(fd, &st) < 0) + PAM_RETURN(retval); + message.msg = mtmp = malloc(st.st_size + 1); + if (!message.msg) + PAM_RETURN(retval); + + read(fd, mtmp, st.st_size); + mtmp[st.st_size] = '\0'; + + pmessage = &message; + resp = NULL; + pam_get_item(pamh, PAM_CONV, (const void **)&conv); + conv->conv(1, (const struct pam_message **)&pmessage, &resp, + conv->appdata_ptr); + + free(mtmp); + if (resp) + _pam_drop_reply(resp, 1); + + PAM_RETURN(retval); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} + +PAM_MODULE_ENTRY("pam_nologin"); |