source-git / pam

Clone
Source Code
GIT

Files

  1.   7e982e56f66b90061d5bf584115f1a5d137a728a
  2.   modules
  3.   pam_nologin
  4.   pam_nologin.c
Blob Blame History Raw 
/* pam_nologin module */

/*
 * $Id$
 *
 * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
 *
 */

#include "config.h"

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <syslog.h>
#include <pwd.h>

#include <security/_pam_macros.h>
/*
 * here, we make a definition for the externally accessible function
 * in this file (this definition is required for static a module
 * but strongly encouraged generally) it is used to instruct the
 * modules include file to define the function prototypes.
 */

#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT

#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>

#define DEFAULT_NOLOGIN_PATH "/var/run/nologin"
#define COMPAT_NOLOGIN_PATH "/etc/nologin"

/*
 * parse some command line options
 */
struct opt_s {
    int retval_when_nofile;
    const char *nologin_file;
};

static void
parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts)
{
    int i;

    memset(opts, 0, sizeof(*opts));

    opts->retval_when_nofile = PAM_IGNORE;

    for (i=0; i<argc; ++i) {
	if (!strcmp("successok", argv[i])) {
	    opts->retval_when_nofile = PAM_SUCCESS;
	} else if (!strncmp("file=", argv[i], 5)) {
	    opts->nologin_file = argv[i] + 5;
	} else {
	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]);
	}
    }
}

/*
 * do the meat of the work for this module
 */

static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
{
    const char *username;
    int retval = opts->retval_when_nofile;
    int fd = -1;

    if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) {
	pam_syslog(pamh, LOG_ERR, "cannot determine username");
	return PAM_USER_UNKNOWN;
    }

    if (opts->nologin_file == NULL) {
	if ((fd = open(DEFAULT_NOLOGIN_PATH, O_RDONLY, 0)) < 0) {
		fd = open(COMPAT_NOLOGIN_PATH, O_RDONLY, 0);
	}
    } else {
	fd = open(opts->nologin_file, O_RDONLY, 0);
    }

    if (fd >= 0) {

	char *mtmp=NULL;
	int msg_style = PAM_TEXT_INFO;
	struct passwd *user_pwd;
	struct stat st;

	user_pwd = pam_modutil_getpwnam(pamh, username);
	if (user_pwd == NULL) {
	    retval = PAM_USER_UNKNOWN;
	    msg_style = PAM_ERROR_MSG;
	} else if (user_pwd->pw_uid) {
	    retval = PAM_AUTH_ERR;
	    msg_style = PAM_ERROR_MSG;
	}

	/* fill in message buffer with contents of /etc/nologin */
	if (fstat(fd, &st) < 0)  {
	    /* give up trying to display message */
	    goto clean_up_fd;
	}

	mtmp = malloc(st.st_size+1);
	if (!mtmp) {
	    pam_syslog(pamh, LOG_CRIT, "out of memory");
	    retval = PAM_BUF_ERR;
	    goto clean_up_fd;
	}

	if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) {
		mtmp[st.st_size] = '\0';
		(void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp);
	}
	else
	    retval = PAM_SYSTEM_ERR;

	free(mtmp);

    clean_up_fd:

	close(fd);
    }

    return retval;
}

/* --- authentication management functions --- */

int
pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
		     int argc, const char **argv)
{
    struct opt_s opts;

    parse_args(pamh, argc, argv, &opts);

    return perform_check(pamh, &opts);
}

int
pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
		int argc, const char **argv)
{
    struct opt_s opts;

    parse_args(pamh, argc, argv, &opts);

    return opts.retval_when_nofile;
}

/* --- account management function --- */

int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
		 int argc, const char **argv)
{
    struct opt_s opts;

    parse_args(pamh, argc, argv, &opts);

    return perform_check(pamh, &opts);
}

/* end of module definition */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation