Move the code from pam_sm_authenticate() to pam_sm_acct_mgmt(). Simplify

it a little and try to make it more resilient to various possible failure
conditions.  Change the man page accordingly, and take advantage of this
opportunity to simplify its language.

Sponsored by:	DARPA, NAI Labs

2 files changed, 58 insertions, 62 deletions

diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.8 b/lib/libpam/modules/pam_securetty/pam_securetty.8
index efc931e..f600c31 100644
--- a/lib/libpam/modules/pam_securetty/pam_securetty.8
+++ b/lib/libpam/modules/pam_securetty/pam_securetty.8
@@ -1,5 +1,12 @@
 .\" Copyright (c) 2001 Mark R V Murray
 .\" All rights reserved.
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" Portions of this software were developed for the FreeBSD Project by
+.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
+.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -9,6 +16,9 @@
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -37,34 +47,27 @@
 .Pa pam_securetty
 .Op Ar options
 .Sh DESCRIPTION
-The SecureTTY authentication service module for PAM,
+The SecureTTY service module for PAM,
 .Nm
 provides functionality for only one PAM category:
-authentication.
+account management.
 In terms of the
 .Ar module-type
 parameter, this is the
-.Dq Li auth
+.Dq Li account
 feature.
-It also provides a null function for session management.
-.Ss SecureTTY Authentication Module
-The SecureTTY authentication component
-.Pq Fn pam_sm_authenticate ,
-returns success if the user is attempting to authenticate as superuser,
-and the process is attached to a secure TTY.
-Alternatively,
-if the user is not authenticating as superuser,
-the module always returns success.
+It also provides null functions for authentication and session
+management.
+.Ss SecureTTY Account Management Module
+The SecureTTY account management component
+.Pq Fn pam_sm_acct_mgmt ,
+returns failure if the user is attempting to authenticate as superuser,
+and the process is attached to an insecure TTY.
+In all other cases, the module returns success.
 .Pp
-A TTY is defined as secure if its entry is fetchable from
+A TTY is considered secure if it is listed in
 .Pa /etc/ttys
-by
-.Xr getttynam 3
-(see
-.Xr ttys 5 ) ,
-and the entry (a
-.Vt "struct ttyent" )
-has the
+and has the
 .Dv TTY_SECURE
 flag set.
 .Pp
diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c
index cb7f23d..7318c4c 100644
--- a/lib/libpam/modules/pam_securetty/pam_securetty.c
+++ b/lib/libpam/modules/pam_securetty/pam_securetty.c
@@ -57,52 +57,12 @@ PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t * pamh, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
-	struct ttyent *ttyfileinfo;
-	struct passwd *pwd;
-	int retval;
-	const char *user, *ttyname;
 
 	pam_std_option(&options, NULL, argc, argv);
 
 	PAM_LOG("Options processed");
 
-	retval = pam_get_user(pamh, &user, NULL);
-	if (retval != PAM_SUCCESS)
-		PAM_RETURN(retval);
-
-	PAM_LOG("Got user: %s", user);
-
-	retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname);
-	if (retval != PAM_SUCCESS)
-		PAM_RETURN(retval);
-
-	PAM_LOG("Got TTY: %s", ttyname);
-
-	/* Ignore any "/dev/" on the PAM_TTY item */
-	if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0)
-		ttyname += sizeof(TTY_PREFIX) - 1;
-
-	/* If the user is not root, secure ttys do not apply */
-	pwd = getpwnam(user);
-	if (pwd == NULL)
-		PAM_RETURN(PAM_IGNORE);
-	else if (pwd->pw_uid != 0)
-		PAM_RETURN(PAM_SUCCESS);
-
-	PAM_LOG("User is not root");
-
-	ttyfileinfo = getttynam(ttyname);
-	if (ttyfileinfo == NULL)
-		PAM_RETURN(PAM_SERVICE_ERR);
-
-	PAM_LOG("Got ttyfileinfo");
-
-	if (ttyfileinfo->ty_status & TTY_SECURE)
-		PAM_RETURN(PAM_SUCCESS);
-	else {
-		PAM_VERBOSE_ERROR("Not on secure TTY");
-		PAM_RETURN(PAM_PERM_DENIED);
-	}
+	PAM_RETURN(PAM_IGNORE);
 }
 
 PAM_EXTERN
@@ -122,12 +82,45 @@ PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, int argc ,const char **argv)
 {
 	struct options options;
+	struct passwd *pwd;
+	struct ttyent *ty;
+	const char *user, *tty;
+	int pam_err;
 
 	pam_std_option(&options, NULL, argc, argv);
 
 	PAM_LOG("Options processed");
 
-	PAM_RETURN(PAM_IGNORE);
+	pam_err = pam_get_user(pamh, &user, NULL);
+	if (pam_err != PAM_SUCCESS)
+		PAM_RETURN(pam_err);
+	if (user == NULL || (pwd = getpwnam(user)) == NULL)
+		PAM_RETURN(PAM_SERVICE_ERR);
+
+	PAM_LOG("Got user: %s", user);
+
+	/* If the user is not root, secure ttys do not apply */
+	if (pwd->pw_uid != 0)
+		PAM_RETURN(PAM_SUCCESS);
+
+	pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
+	if (pam_err != PAM_SUCCESS)
+		PAM_RETURN(pam_err);
+
+	PAM_LOG("Got TTY: %s", tty);
+
+	/* Ignore any "/dev/" on the PAM_TTY item */
+	if (tty != NULL && strncmp(TTY_PREFIX, tty, sizeof(TTY_PREFIX)) == 0) {
+		PAM_LOG("WARNING: PAM_TTY starts with " TTY_PREFIX);
+		tty += sizeof(TTY_PREFIX) - 1;
+	}
+
+	if (tty != NULL && (ty = getttynam(tty)) != NULL &&
+	    (ty->ty_status & TTY_SECURE) != 0)
+		PAM_RETURN(PAM_SUCCESS);
+	
+	PAM_VERBOSE_ERROR("Not on secure TTY");
+	PAM_RETURN(PAM_AUTH_ERR);
 }
 
 PAM_EXTERN int