aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeraphim Mellos <mellos@ceid.upatras.gr>2008-07-23 12:37:57 +0300
committerSeraphim Mellos <mellos@ceid.upatras.gr>2008-07-23 12:37:57 +0300
commit556854e001ca9babd96d6cbe322594057acd7889 (patch)
treef75f5bb7b037a6804892f7cd71a4927f24e05eff /modules
parentStarted pam_shells (diff)
downloadopenpam-modules-556854e001ca9babd96d6cbe322594057acd7889.tar.gz
openpam-modules-556854e001ca9babd96d6cbe322594057acd7889.tar.bz2
openpam-modules-556854e001ca9babd96d6cbe322594057acd7889.zip
pam_shells completed
Diffstat (limited to 'modules')
-rw-r--r--modules/Makefile2
-rw-r--r--modules/pam_deny/Makefile1
-rw-r--r--modules/pam_nologin/Makefile1
-rw-r--r--modules/pam_permit/Makefile1
-rw-r--r--modules/pam_rootok/Makefile1
-rw-r--r--modules/pam_securetty/Makefile1
-rw-r--r--modules/pam_shells/pam_shells.c74
-rw-r--r--modules/pam_unix/Makefile1
8 files changed, 74 insertions, 8 deletions
diff --git a/modules/Makefile b/modules/Makefile
index 3b5ace0..d985659 100644
--- a/modules/Makefile
+++ b/modules/Makefile
@@ -2,7 +2,7 @@ all install clean:
$(MAKE) -C pam_unix $@
$(MAKE) -C pam_securetty $@
$(MAKE) -C pam_nologin $@
-# $(MAKE) -C pam_shells $@
+ $(MAKE) -C pam_shells $@
# $(MAKE) -C pam_wheel $@
$(MAKE) -C pam_rootok $@
$(MAKE) -C pam_permit $@
diff --git a/modules/pam_deny/Makefile b/modules/pam_deny/Makefile
index 4ebffb1..4fa5c5f 100644
--- a/modules/pam_deny/Makefile
+++ b/modules/pam_deny/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac
diff --git a/modules/pam_nologin/Makefile b/modules/pam_nologin/Makefile
index 981d3ae..2324da2 100644
--- a/modules/pam_nologin/Makefile
+++ b/modules/pam_nologin/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac
diff --git a/modules/pam_permit/Makefile b/modules/pam_permit/Makefile
index 793e176..1d8b0bb 100644
--- a/modules/pam_permit/Makefile
+++ b/modules/pam_permit/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac
diff --git a/modules/pam_rootok/Makefile b/modules/pam_rootok/Makefile
index 6115401..986dea7 100644
--- a/modules/pam_rootok/Makefile
+++ b/modules/pam_rootok/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac
diff --git a/modules/pam_securetty/Makefile b/modules/pam_securetty/Makefile
index f382e4c..e2b85f7 100644
--- a/modules/pam_securetty/Makefile
+++ b/modules/pam_securetty/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 8b1397c..cce6824 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -11,8 +11,80 @@
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
+#define SHELLS "/etc/shells"
+
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t * pamh, int flags,
- int argc, const char * argv[])
+ int argc, const char * argv[])
+{
+ struct passwd *pwd;
+ struct stat shellfileinfo;
+ const char *user;
+ const char *shell;
+ char shellfileline[256];
+ FILE *shellfile;
+ int pam_err;
+
+ if ( ( (pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS )
+ || ( user == NULL ) ) {
+ PAM_ERROR("Error recovering username.");
+ return (pam_err);
+ }
+
+ if ( (pwd = getpwnam(user)) == NULL ) {
+ PAM_ERROR("Could not get passwd entry for user [%s]",user);
+ return (PAM_SERVICE_ERR);
+ }
+
+ shell = pwd->pw_shell;
+
+ if ( stat(SHELLS, &shellfileinfo) ) {
+ PAM_ERROR("Could not open SHELLS file :%s", SHELLS);
+ return (PAM_AUTH_ERR);
+ }
+
+ if ((shellfileinfo.st_mode & S_IWOTH) || !S_ISREG(shellfileinfo.st_mode)) {
+ /* File is either world writable or not a regural file */
+ PAM_ERROR("SHELLS file cannot be trusted!");
+ return (PAM_AUTH_ERR);
+ }
+
+ /* Open read-only file with shells */
+ if ( (shellfile = fopen(SHELLS,"r")) == NULL ) {
+ PAM_ERROR("Could not open SHELLS file :%s", SHELLS);
+ return (PAM_SERVICE_ERR);
+ }
+
+ pam_err = 1;
+
+ /* Search in SHELLS for user shell */
+ while (fgets(shellfileline, sizeof(shellfileline)-1, shellfile) != NULL
+ && pam_err) {
+ if (shellfileline[strlen(shellfileline) - 1] == '\n')
+ shellfileline[strlen(shellfileline) - 1] = '\0';
+
+ pam_err = strcmp(shellfileline, shell);
+
+ }
+
+ fclose(shellfile);
+
+ if (!pam_err) {
+ /* user shell found in SHELLS. Allow access */
+ PAM_LOG("Access granted for %s with shell %s.", user, shell);
+ return (PAM_SUCCESS);
+ }
+
+ return (PAM_AUTH_ERR);
+}
+
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh , int flags ,
+ int argc , const char *argv[])
{
+ return (PAM_SUCCESS);
+}
+
+PAM_MODULE_ENTRY("pam_shells");
diff --git a/modules/pam_unix/Makefile b/modules/pam_unix/Makefile
index ae80af4..34ed3f0 100644
--- a/modules/pam_unix/Makefile
+++ b/modules/pam_unix/Makefile
@@ -23,7 +23,6 @@ all:
case "`uname -s`" in \
Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
LDLIBS="$(LDLIBS)" $(PROJ);;\
- FreeBSD) echo "Not yet supported.";;\
*) echo "OS not supported.";;\
esac