diff options
| -rw-r--r-- | src/pam_unix/pam_unix.c | 16 | ||||
| -rw-r--r-- | src/pam_unix/pam_unix.c~ | 224 | ||||
| -rw-r--r-- | src/pam_unix/pam_unix.o | bin | 5484 -> 0 bytes |
3 files changed, 11 insertions, 229 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c index 50e305d..c246fd7 100644 --- a/src/pam_unix/pam_unix.c +++ b/src/pam_unix/pam_unix.c @@ -10,15 +10,18 @@ # define MAXHOSTNAMELEN 256 #endif +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_PASSWORD #ifndef __linux__ #include <login_cap.h> #endif + #include <security/pam_modules.h> -#include <pam_mod_misc.h> #include <security/pam_appl.h> - +#include <pam_mod_misc.h> PAM_EXTERN int @@ -35,16 +38,19 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* identify user */ if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { + puts("POULOS1"); PAM_LOG("Authenticating as self"); pwd = getspnam(getlogin()); } else { - if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - PAM_LOG("Authenticating with uname %s", user); + if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { + puts("POULOS2"); + PAM_LOG("Authenticating with uname failed"); return (pam_err); + } pwd = getspnam(user); } - + puts("POULOS3"); /* get password */ if (pwd != NULL) { diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~ deleted file mode 100644 index 50e305d..0000000 --- a/src/pam_unix/pam_unix.c~ +++ /dev/null @@ -1,224 +0,0 @@ - -/* #include <pwd.h> */ -#include <netdb.h> -#include <shadow.h> -#include <sys/types.h> -#include <unistd.h> - - -#ifndef MAXHOSTNAMELEN -# define MAXHOSTNAMELEN 256 -#endif - - -#ifndef __linux__ -#include <login_cap.h> -#endif - -#include <security/pam_modules.h> -#include <pam_mod_misc.h> -#include <security/pam_appl.h> - - - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc , const char **argv ) { - -#ifndef __linux__ - login_cap_t *lc; -#endif - struct spwd *pwd; - const char *pass, *crypt_pass, *user; - int pam_err; - - /* identify user */ - - if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { - PAM_LOG("Authenticating as self"); - pwd = getspnam(getlogin()); - } else { - if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - PAM_LOG("Authenticating with uname %s", user); - return (pam_err); - - pwd = getspnam(user); - } - - /* get password */ - - if (pwd != NULL) { - pass = pwd->sp_pwdp; - if (pass[0] == '\0') { - if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) && - openpam_get_option(pamh, PAM_OPT_NULLOK)) - return (PAM_SUCCESS); - - pass = "*"; - } -#ifndef __linux__ - lc = login_getpwclass(pwd); -#endif - } else { - pass = "*"; -#ifndef __linux__ - lc = login_getpwclass(NULL); -#endif - } - -#ifndef __linux__ - prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL); - pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt); - login_close(lc); -#else - pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL); -#endif - - if (pam_err == PAM_CONV_ERR) - return (pam_err); - if (pam_err != PAM_SUCCESS) - return (PAM_AUTH_ERR); - - /* check shadow */ - - crypt_pass = crypt(pass, pwd->sp_pwdp); - if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 ) - pam_err = PAM_AUTH_ERR; - else - pam_err = PAM_SUCCESS; - - return (pam_err); -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh , int flags , - int argc , const char *argv[] ) { - - /* - * This functions takes care of renewing/initializing - * user credentials as well as gid/uids. Someday, it - * will be completed. For now, it's not very urgent. - */ - - return (PAM_SUCCESS); -} - - -PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , - int argc , const char *argv[] ) { - - - -#ifndef __linux__ - login_cap_t *lc; -#endif - - struct spwd *pwd; - int pam_err; - const char *user; - time_t curtime; - -#ifndef __linux__ - const void *rhost, *tty; - char rhostip[MAXHOSTNAMELEN] = ""; -#endif - - /* Sanity checks for uname,pwd,tty,host etc */ - - pam_err = pam_get_user(pamh, &user, NULL); - - if (pam_err != PAM_SUCCESS) - return (pam_err); - - if (user == NULL || (pwd = getspnam(user)) == NULL) - return (PAM_SERVICE_ERR); -#ifndef __linux__ - - /* - * tty/host info are provided by login classes - * and cannot be used out of the box under Linux - * for sanity checking (BSD only). May need to - * be ported/rewritten to work on Linux as well. - * Time will tell... - */ - pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); - - if (pam_err != PAM_SUCCESS) - return (pam_err); - - pam_err = pam_get_item(pamh, PAM_TTY, &tty); - - if (pam_err != PAM_SUCCESS) - return (pam_err); -#endif - if (*pwd->sp_pwdp == '\0' && - (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) - return (PAM_NEW_AUTHTOK_REQD); - -#ifndef __linux__ - lc = login_getpwclass(pwd); - - if (lc == NULL) { - return (PAM_SERVICE_ERR); - - } -#endif - /* Check if pw_lstchg or pw_expire is set */ - - if (pwd->sp_lstchg || pwd->sp_expire) - curtime = time(NULL) / (60 * 60 * 24); - if (pwd->sp_expire) { - if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) { -#ifndef __linux__ - login_close(lc); -#endif - return (PAM_ACCT_EXPIRED); - } else if ( ( pwd->sp_expire - curtime < pwd->sp_warn) ) { -// pam_error(pamh, "Warning: your account expires on %s", -// ctime(&pwd->pw_expire)); - } - } - - if (pwd->sp_lstchg == 0 ) { - return (PAM_NEW_AUTHTOK_REQD); - } - - /* check all other possibilities (mostly stolen from pam_tcb) */ - - if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) && - (pwd->sp_max != -1) && (pwd->sp_inact != -1) && - (pwd->sp_lstchg != 0)) - return (PAM_ACCT_EXPIRED); - - if (((pwd->sp_lstchg + pwd->sp_max) < curtime) && - (pwd->sp_max != -1)) - return (PAM_ACCT_EXPIRED); - - if ((curtime - pwd->sp_lstchg > pwd->sp_max) - && (curtime - pwd->sp_lstchg > pwd->sp_inact) - && (curtime - pwd->sp_lstchg > pwd->sp_max + pwd->sp_inact) - && (pwd->sp_max != -1) && (pwd->sp_inact != -1)) - return (PAM_ACCT_EXPIRED); - - pam_err = (PAM_SUCCESS); - -#ifndef __linux__ - - /* validate tty/host/time */ - - if (!auth_hostok(lc, rhost, rhostip) || - !auth_ttyok(lc, tty) || - !auth_timeok(lc, time(NULL))) - pam_err = PAM_AUTH_ERR; - - - login_close(lc); -#endif - - return (pam_err); - -} - - -PAM_MODULE_ENTRY("pam_unix") diff --git a/src/pam_unix/pam_unix.o b/src/pam_unix/pam_unix.o Binary files differdeleted file mode 100644 index 61cf162..0000000 --- a/src/pam_unix/pam_unix.o +++ /dev/null |