Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_shells/pam_shells.c
blob: cce6824b72a4a408b1026ac593a37fd3366f4131 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

#include <sys/types.h>
#include <sys/stat.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <pwd.h>

#define PAM_SM_AUTH

#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>

#define SHELLS	"/etc/shells"

PAM_EXTERN int
pam_sm_authenticate(pam_handle_t * pamh, int flags,
		int argc, const char * argv[]) 
{
	struct passwd *pwd;
	struct stat shellfileinfo;
	const char *user;
	const char *shell; 
	char shellfileline[256];
	FILE *shellfile;
	int pam_err;

	if ( ( (pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS ) 
			|| ( user == NULL ) )  {
		PAM_ERROR("Error recovering username.");
		return (pam_err);
	}

	if ( (pwd = getpwnam(user)) == NULL ) { 
		PAM_ERROR("Could not get passwd entry for user [%s]",user);
		return (PAM_SERVICE_ERR);
	}
	
	shell = pwd->pw_shell; 

	if ( stat(SHELLS, &shellfileinfo) ) { 
		PAM_ERROR("Could not open SHELLS file :%s", SHELLS);
		return (PAM_AUTH_ERR);
	}

	if ((shellfileinfo.st_mode & S_IWOTH) || !S_ISREG(shellfileinfo.st_mode)) {
		/* File is either world writable or not a regural file */
		PAM_ERROR("SHELLS file cannot be trusted!");
		return (PAM_AUTH_ERR);
	}
	
	/* Open read-only file with shells */
	if ( (shellfile = fopen(SHELLS,"r")) ==  NULL ) { 
		PAM_ERROR("Could not open SHELLS file :%s", SHELLS);
		return (PAM_SERVICE_ERR);
	}

	pam_err = 1;

	/* Search in SHELLS for user shell */
	while (fgets(shellfileline, sizeof(shellfileline)-1, shellfile) != NULL 
		&& pam_err) { 
	        if (shellfileline[strlen(shellfileline) - 1] == '\n')
	        	shellfileline[strlen(shellfileline) - 1] = '\0';

		pam_err = strcmp(shellfileline, shell);

	}

	fclose(shellfile);

	if (!pam_err) { 
		/* user shell found in SHELLS. Allow access */
		PAM_LOG("Access granted for %s with shell %s.", user, shell);
		return (PAM_SUCCESS); 
	}
	
	return (PAM_AUTH_ERR);
}


PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh , int flags ,
		int argc , const char *argv[])
{

	                return (PAM_SUCCESS);
}

PAM_MODULE_ENTRY("pam_shells");