aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-10 12:48:54 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-10 12:48:54 +0300
commit81557dcc85a155cdfff1d595179dfc390e75da4f (patch)
tree7ee7a5c97a448e55b7d40bd992d340fee6d435ab
parentCompleted authentication method for pam_unix.c (diff)
downloadopenpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.tar.gz
openpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.tar.bz2
openpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.zip
Started work on pam_sm_acct_mgmt
-rw-r--r--src/pam_unix/pam_unix.c83
-rw-r--r--src/pam_unix/pam_unix.c~85
2 files changed, 161 insertions, 7 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c
index 9aa7eec..e3486dd 100644
--- a/src/pam_unix/pam_unix.c
+++ b/src/pam_unix/pam_unix.c
@@ -1,4 +1,9 @@
+#include <pwd.h>
+/* #include <shadow.h> May not be necessary */
+#include <sys/types.h>
+#include <unistd.h>
+
#ifndef (__LINUX__)
#include <login_cap.h>
#endif
@@ -10,7 +15,7 @@
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc, const char **argv) {
+ int argc __unused, const char **argv __unused) {
#ifndef (__LINUX__)
login_cap_t *lc;
@@ -63,14 +68,86 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
return (pam_err);
if (pam_err != PAM_SUCCESS)
return (PAM_AUTH_ERR);
-
+
+ /* check shadow */
crypt_pass = crypt(pass, pwd->pw_passwd);
if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 )
pam_err = PAM_AUTH_ERR;
else
pam_err = PAM_SUCCESS;
-
+
return (pam_err);
}
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
+ int argc __unused, const char *argv[] __unused) {
+
+ /*
+ * This functions takes care of renewing/initializing
+ * user credentials as well as gid/uids. Someday, it
+ * will be completed. For now, it's not very urgent.
+ */
+
+ return (PAM_SUCCESS);
+}
+
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
+ int argc __unused, const char *argv[] __unused) {
+
+
+
+#ifndef (__LINUX__)
+ login_cap_t *lc;
+#endif
+
+ struct passwd *pwd;
+ int pam_err;
+ const char *user;
+ const void *rhost, *tty;
+ char rhostip[MAXHOSTNAMELEN] = "";
+
+ /* Sanity checks for uname,pwd,tty,host etc */
+
+ pam_err = pam_get_user(pamh, &user, NULL);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ if (user == NULL || (pwd = getpwnam(user)) == NULL)
+ return (PAM_SERVICE_ERR);
+
+ pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ pam_err = pam_get_item(pamh, PAM_TTY, &tty);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ if (*pwd->pw_passwd == '\0' &&
+ (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
+ return (PAM_NEW_AUTHTOK_REQD);
+
+#ifndef (__LINUX__)
+ lc = login_getpwclass(pwd);
+
+ if (lc == NULL) {
+ return (PAM_SERVICE_ERR);
+
+ }
+#endif
+ /* Check if pw_change or pw_expire is set */
+
+ if (pwd->pw_change || pwd->pw_expire)
+ gettimeofday(&tp, NULL);
+
+
+}
+
+
diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~
index 99e0fbd..e3486dd 100644
--- a/src/pam_unix/pam_unix.c~
+++ b/src/pam_unix/pam_unix.c~
@@ -1,4 +1,9 @@
+#include <pwd.h>
+/* #include <shadow.h> May not be necessary */
+#include <sys/types.h>
+#include <unistd.h>
+
#ifndef (__LINUX__)
#include <login_cap.h>
#endif
@@ -10,7 +15,7 @@
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc, const char **argv) {
+ int argc __unused, const char **argv __unused) {
#ifndef (__LINUX__)
login_cap_t *lc;
@@ -63,14 +68,86 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
return (pam_err);
if (pam_err != PAM_SUCCESS)
return (PAM_AUTH_ERR);
-
+
+ /* check shadow */
crypt_pass = crypt(pass, pwd->pw_passwd);
- if ( strcmp(crypt_password, pwd->pw_passwd) != 0 )
+ if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 )
pam_err = PAM_AUTH_ERR;
else
pam_err = PAM_SUCCESS;
-
+
return (pam_err);
}
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
+ int argc __unused, const char *argv[] __unused) {
+
+ /*
+ * This functions takes care of renewing/initializing
+ * user credentials as well as gid/uids. Someday, it
+ * will be completed. For now, it's not very urgent.
+ */
+
+ return (PAM_SUCCESS);
+}
+
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
+ int argc __unused, const char *argv[] __unused) {
+
+
+
+#ifndef (__LINUX__)
+ login_cap_t *lc;
+#endif
+
+ struct passwd *pwd;
+ int pam_err;
+ const char *user;
+ const void *rhost, *tty;
+ char rhostip[MAXHOSTNAMELEN] = "";
+
+ /* Sanity checks for uname,pwd,tty,host etc */
+
+ pam_err = pam_get_user(pamh, &user, NULL);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ if (user == NULL || (pwd = getpwnam(user)) == NULL)
+ return (PAM_SERVICE_ERR);
+
+ pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ pam_err = pam_get_item(pamh, PAM_TTY, &tty);
+
+ if (pam_err != PAM_SUCCESS)
+ return (pam_err);
+
+ if (*pwd->pw_passwd == '\0' &&
+ (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
+ return (PAM_NEW_AUTHTOK_REQD);
+
+#ifndef (__LINUX__)
+ lc = login_getpwclass(pwd);
+
+ if (lc == NULL) {
+ return (PAM_SERVICE_ERR);
+
+ }
+#endif
+ /* Check if pw_change or pw_expire is set */
+
+ if (pwd->pw_change || pwd->pw_expire)
+ gettimeofday(&tp, NULL);
+
+
+}
+
+