diff options
author | markm <markm@FreeBSD.org> | 2001-06-04 18:44:47 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-06-04 18:44:47 +0000 |
commit | a28a87bd618dab10608015d41de272cc70121161 (patch) | |
tree | 7dc511b5e8a7db24d6f0579983c67af5892d6abc /lib/libpam/modules/pam_securetty | |
parent | 4f5a9fbe9e7259e3e44ecfc3a6ed6872e6ed606b (diff) | |
download | FreeBSD-src-a28a87bd618dab10608015d41de272cc70121161.zip FreeBSD-src-a28a87bd618dab10608015d41de272cc70121161.tar.gz |
Add some new utility authenticators.
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.
pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
Diffstat (limited to 'lib/libpam/modules/pam_securetty')
-rw-r--r-- | lib/libpam/modules/pam_securetty/Makefile | 31 | ||||
-rw-r--r-- | lib/libpam/modules/pam_securetty/pam_securetty.c | 91 |
2 files changed, 122 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_securetty/Makefile b/lib/libpam/modules/pam_securetty/Makefile new file mode 100644 index 0000000..1bf77db --- /dev/null +++ b/lib/libpam/modules/pam_securetty/Makefile @@ -0,0 +1,31 @@ +# Copyright 2001 Mark R V Murray +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +LIB= pam_securetty +SHLIB_NAME= pam_securetty.so +SRCS= pam_securetty.c + +.include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c new file mode 100644 index 0000000..fe04b3c --- /dev/null +++ b/lib/libpam/modules/pam_securetty/pam_securetty.c @@ -0,0 +1,91 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/types.h> +#include <sys/stat.h> +#include <pwd.h> +#include <ttyent.h> +#include <string.h> + +#define PAM_SM_AUTH +#include <security/pam_modules.h> +#include <pam_mod_misc.h> + +#define TTY_PREFIX "/dev/" + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) +{ + struct ttyent *ttyfileinfo; + struct passwd *user_pwd; + int i, options, retval; + const char *username, *ttyname; + + options = 0; + for (i = 0; i < argc; i++) + pam_std_option(&options, argv[i]); + + retval = pam_get_user(pamh, &username, NULL); + if (retval != PAM_SUCCESS) + return retval; + + retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname); + if (retval != PAM_SUCCESS) + return retval; + + /* Ignore any "/dev/" on the PAM_TTY item */ + if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0) + ttyname += sizeof(TTY_PREFIX) - 1; + + /* If the user is not root, secure ttys do not apply */ + user_pwd = getpwnam(username); + if (user_pwd == NULL) + return PAM_IGNORE; + else if (user_pwd->pw_uid != 0) + return PAM_SUCCESS; + + ttyfileinfo = getttynam(ttyname); + if (ttyfileinfo == NULL) + return PAM_SERVICE_ERR; + + if (ttyfileinfo->ty_status & TTY_SECURE) + return PAM_SUCCESS; + else + return PAM_PERM_DENIED; +} + +PAM_EXTERN +int +pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} + +/* end of module definition */ + +PAM_MODULE_ENTRY("pam_securetty"); |