aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-13 10:58:39 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-06-13 10:58:39 +0300
commit8a3cd585f4f5b8ef0f0452a942d7f4314560a8a8 (patch)
treeb8c85de96805ceb5ecb17fca5f9641f13d33fdf7
parentMinor fixes in pam_unix (diff)
downloadopenpam-modules-8a3cd585f4f5b8ef0f0452a942d7f4314560a8a8.tar.gz
openpam-modules-8a3cd585f4f5b8ef0f0452a942d7f4314560a8a8.tar.bz2
openpam-modules-8a3cd585f4f5b8ef0f0452a942d7f4314560a8a8.zip
Added some PAM info in pam_unix
-rw-r--r--src/pam_unix/pam_unix.c16
-rw-r--r--src/pam_unix/pam_unix.c~224
-rw-r--r--src/pam_unix/pam_unix.obin5484 -> 0 bytes
3 files changed, 11 insertions, 229 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c
index 50e305d..c246fd7 100644
--- a/src/pam_unix/pam_unix.c
+++ b/src/pam_unix/pam_unix.c
@@ -10,15 +10,18 @@
# define MAXHOSTNAMELEN 256
#endif
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_PASSWORD
#ifndef __linux__
#include <login_cap.h>
#endif
+
#include <security/pam_modules.h>
-#include <pam_mod_misc.h>
#include <security/pam_appl.h>
-
+#include <pam_mod_misc.h>
PAM_EXTERN int
@@ -35,16 +38,19 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* identify user */
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
+ puts("POULOS1");
PAM_LOG("Authenticating as self");
pwd = getspnam(getlogin());
} else {
- if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
- PAM_LOG("Authenticating with uname %s", user);
+ if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+ puts("POULOS2");
+ PAM_LOG("Authenticating with uname failed");
return (pam_err);
+ }
pwd = getspnam(user);
}
-
+ puts("POULOS3");
/* get password */
if (pwd != NULL) {
diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~
deleted file mode 100644
index 50e305d..0000000
--- a/src/pam_unix/pam_unix.c~
+++ /dev/null
@@ -1,224 +0,0 @@
-
-/* #include <pwd.h> */
-#include <netdb.h>
-#include <shadow.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-
-#ifndef MAXHOSTNAMELEN
-# define MAXHOSTNAMELEN 256
-#endif
-
-
-#ifndef __linux__
-#include <login_cap.h>
-#endif
-
-#include <security/pam_modules.h>
-#include <pam_mod_misc.h>
-#include <security/pam_appl.h>
-
-
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc , const char **argv ) {
-
-#ifndef __linux__
- login_cap_t *lc;
-#endif
- struct spwd *pwd;
- const char *pass, *crypt_pass, *user;
- int pam_err;
-
- /* identify user */
-
- if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
- PAM_LOG("Authenticating as self");
- pwd = getspnam(getlogin());
- } else {
- if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
- PAM_LOG("Authenticating with uname %s", user);
- return (pam_err);
-
- pwd = getspnam(user);
- }
-
- /* get password */
-
- if (pwd != NULL) {
- pass = pwd->sp_pwdp;
- if (pass[0] == '\0') {
- if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
- openpam_get_option(pamh, PAM_OPT_NULLOK))
- return (PAM_SUCCESS);
-
- pass = "*";
- }
-#ifndef __linux__
- lc = login_getpwclass(pwd);
-#endif
- } else {
- pass = "*";
-#ifndef __linux__
- lc = login_getpwclass(NULL);
-#endif
- }
-
-#ifndef __linux__
- prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
- pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
- login_close(lc);
-#else
- pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
-#endif
-
- if (pam_err == PAM_CONV_ERR)
- return (pam_err);
- if (pam_err != PAM_SUCCESS)
- return (PAM_AUTH_ERR);
-
- /* check shadow */
-
- crypt_pass = crypt(pass, pwd->sp_pwdp);
- if ( strcmp(crypt_pass, pwd->sp_pwdp) != 0 )
- pam_err = PAM_AUTH_ERR;
- else
- pam_err = PAM_SUCCESS;
-
- return (pam_err);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh , int flags ,
- int argc , const char *argv[] ) {
-
- /*
- * This functions takes care of renewing/initializing
- * user credentials as well as gid/uids. Someday, it
- * will be completed. For now, it's not very urgent.
- */
-
- return (PAM_SUCCESS);
-}
-
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
- int argc , const char *argv[] ) {
-
-
-
-#ifndef __linux__
- login_cap_t *lc;
-#endif
-
- struct spwd *pwd;
- int pam_err;
- const char *user;
- time_t curtime;
-
-#ifndef __linux__
- const void *rhost, *tty;
- char rhostip[MAXHOSTNAMELEN] = "";
-#endif
-
- /* Sanity checks for uname,pwd,tty,host etc */
-
- pam_err = pam_get_user(pamh, &user, NULL);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-
- if (user == NULL || (pwd = getspnam(user)) == NULL)
- return (PAM_SERVICE_ERR);
-#ifndef __linux__
-
- /*
- * tty/host info are provided by login classes
- * and cannot be used out of the box under Linux
- * for sanity checking (BSD only). May need to
- * be ported/rewritten to work on Linux as well.
- * Time will tell...
- */
- pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-
- pam_err = pam_get_item(pamh, PAM_TTY, &tty);
-
- if (pam_err != PAM_SUCCESS)
- return (pam_err);
-#endif
- if (*pwd->sp_pwdp == '\0' &&
- (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
- return (PAM_NEW_AUTHTOK_REQD);
-
-#ifndef __linux__
- lc = login_getpwclass(pwd);
-
- if (lc == NULL) {
- return (PAM_SERVICE_ERR);
-
- }
-#endif
- /* Check if pw_lstchg or pw_expire is set */
-
- if (pwd->sp_lstchg || pwd->sp_expire)
- curtime = time(NULL) / (60 * 60 * 24);
- if (pwd->sp_expire) {
- if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) {
-#ifndef __linux__
- login_close(lc);
-#endif
- return (PAM_ACCT_EXPIRED);
- } else if ( ( pwd->sp_expire - curtime < pwd->sp_warn) ) {
-// pam_error(pamh, "Warning: your account expires on %s",
-// ctime(&pwd->pw_expire));
- }
- }
-
- if (pwd->sp_lstchg == 0 ) {
- return (PAM_NEW_AUTHTOK_REQD);
- }
-
- /* check all other possibilities (mostly stolen from pam_tcb) */
-
- if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) &&
- (pwd->sp_max != -1) && (pwd->sp_inact != -1) &&
- (pwd->sp_lstchg != 0))
- return (PAM_ACCT_EXPIRED);
-
- if (((pwd->sp_lstchg + pwd->sp_max) < curtime) &&
- (pwd->sp_max != -1))
- return (PAM_ACCT_EXPIRED);
-
- if ((curtime - pwd->sp_lstchg > pwd->sp_max)
- && (curtime - pwd->sp_lstchg > pwd->sp_inact)
- && (curtime - pwd->sp_lstchg > pwd->sp_max + pwd->sp_inact)
- && (pwd->sp_max != -1) && (pwd->sp_inact != -1))
- return (PAM_ACCT_EXPIRED);
-
- pam_err = (PAM_SUCCESS);
-
-#ifndef __linux__
-
- /* validate tty/host/time */
-
- if (!auth_hostok(lc, rhost, rhostip) ||
- !auth_ttyok(lc, tty) ||
- !auth_timeok(lc, time(NULL)))
- pam_err = PAM_AUTH_ERR;
-
-
- login_close(lc);
-#endif
-
- return (pam_err);
-
-}
-
-
-PAM_MODULE_ENTRY("pam_unix")
diff --git a/src/pam_unix/pam_unix.o b/src/pam_unix/pam_unix.o
deleted file mode 100644
index 61cf162..0000000
--- a/src/pam_unix/pam_unix.o
+++ /dev/null
Binary files differ