Initial revision

4 files changed, 229 insertions, 0 deletions

diff --git a/modules/pam_nologin/.cvsignore b/modules/pam_nologin/.cvsignore
new file mode 100644
index 00000000..380a834a
--- /dev/null
+++ b/modules/pam_nologin/.cvsignore
@@ -0,0 +1 @@
+dynamic
diff --git a/modules/pam_nologin/Makefile b/modules/pam_nologin/Makefile
new file mode 100644
index 00000000..03d779bf
--- /dev/null
+++ b/modules/pam_nologin/Makefile
@@ -0,0 +1,86 @@
+#
+# This Makefile controls a build process of $(TITLE) module for
+# Linux-PAM. You should not modify this Makefile (unless you know
+# what you are doing!).
+#
+# Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
+#
+
+TITLE=pam_nologin
+
+#
+
+LIBSRC = $(TITLE).c
+LIBOBJ = $(TITLE).o
+LIBOBJD = $(addprefix dynamic/,$(LIBOBJ))
+LIBOBJS = $(addprefix static/,$(LIBOBJ))
+
+dynamic/%.o : %.c
+	$(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
+
+static/%.o : %.c
+	$(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
+
+
+ifdef DYNAMIC
+LIBSHARED = $(TITLE).so
+endif
+
+ifdef STATIC
+LIBSTATIC = lib$(TITLE).o
+endif
+
+####################### don't edit below #######################
+
+dummy:
+
+	@echo "**** This is not a top-level Makefile "
+	exit
+
+all: dirs $(LIBSHARED) $(LIBSTATIC) register
+
+dirs:
+ifdef DYNAMIC
+	mkdir -p ./dynamic
+endif
+ifdef STATIC
+	mkdir -p ./static
+endif
+
+register:
+ifdef STATIC
+	( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) )
+endif
+
+ifdef DYNAMIC
+$(LIBOBJD): $(LIBSRC)
+
+$(LIBSHARED):	$(LIBOBJD)
+		$(LD_D) -o $@ $(LIBOBJD) -lc
+endif
+
+ifdef STATIC
+$(LIBOBJS): $(LIBSRC)
+
+$(LIBSTATIC): $(LIBOBJS)
+	$(LD) -r -o $@ $(LIBOBJS)
+endif
+
+install: all
+	mkdir -p $(FAKEROOT)$(SECUREDIR)
+ifdef DYNAMIC
+	install -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)
+endif
+
+remove:
+	rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so
+
+clean:
+	rm -f $(LIBOBJD) $(LIBOBJS) core *~
+
+extraclean: clean
+	rm -f *.a *.o *.so *.bak dynamic/* static/*
+
+.c.o:	
+	$(CC) $(CFLAGS) -c $<
+
diff --git a/modules/pam_nologin/README b/modules/pam_nologin/README
new file mode 100644
index 00000000..0586de66
--- /dev/null
+++ b/modules/pam_nologin/README
@@ -0,0 +1,12 @@
+# $Id$
+#
+
+This module always lets root in; it lets other users in only if the file
+/etc/nologin doesn't exist.  In any case, if /etc/nologin exists, it's
+contents are displayed to the user.
+
+module services provided:
+
+	auth		_authentication and _setcred (blank)
+
+Michael K. Johnson
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
new file mode 100644
index 00000000..306619e1
--- /dev/null
+++ b/modules/pam_nologin/pam_nologin.c
@@ -0,0 +1,130 @@
+/* pam_nologin module */
+
+/*
+ * $Id$
+ *
+ * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
+ *
+ * $Log$
+ * Revision 1.1  2000/06/20 22:11:46  agmorgan
+ * Initial revision
+ *
+ * Revision 1.1.1.1  1998/07/12 05:17:17  morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.4  1997/04/05 06:36:47  morgan
+ * display message when the user is unknown
+ *
+ * Revision 1.3  1996/12/01 03:00:54  morgan
+ * added prototype to conversation, gave static structure name of module
+ *
+ * Revision 1.2  1996/11/10 21:02:31  morgan
+ * compile against .53
+ *
+ * Revision 1.1  1996/10/25 03:19:36  morgan
+ * Initial revision
+ *
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+
+#include <security/_pam_macros.h>
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#define PAM_SM_AUTH
+
+#include <security/pam_modules.h>
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+                        const char **argv)
+{
+     int retval = PAM_SUCCESS;
+     int fd;
+     const char *username;
+     char *mtmp=NULL;
+     struct passwd *user_pwd;
+     struct pam_conv *conversation;
+     struct pam_message message;
+     struct pam_message *pmessage = &message;
+     struct pam_response *resp = NULL;
+     struct stat st;
+
+     if ((fd = open("/etc/nologin", O_RDONLY, 0)) >= 0) {
+       /* root can still log in; lusers cannot */
+       if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)
+           || !username) {
+         return PAM_SERVICE_ERR;
+       }
+       user_pwd = getpwnam(username);
+       if (user_pwd && user_pwd->pw_uid == 0) {
+         message.msg_style = PAM_TEXT_INFO;
+       } else {
+	   if (!user_pwd) {
+	       retval = PAM_USER_UNKNOWN;
+	   } else {
+	       retval = PAM_AUTH_ERR;
+	   }
+	   message.msg_style = PAM_ERROR_MSG;
+       }
+
+       /* fill in message buffer with contents of /etc/nologin */
+       if (fstat(fd, &st) < 0) /* give up trying to display message */
+         return retval;
+       message.msg = mtmp = malloc(st.st_size+1);
+       /* if malloc failed... */
+       if (!message.msg) return retval;
+       read(fd, mtmp, st.st_size);
+       mtmp[st.st_size] = '\000';
+
+       /* Use conversation function to give user contents of /etc/nologin */
+       pam_get_item(pamh, PAM_CONV, (const void **)&conversation);
+       conversation->conv(1, (const struct pam_message **)&pmessage,
+			  &resp, conversation->appdata_ptr);
+       free(mtmp);
+       if (resp)
+	   _pam_drop_reply(resp, 1);
+     }
+
+     return retval;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+                   const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_nologin_modstruct = {
+     "pam_nologin",
+     pam_sm_authenticate,
+     pam_sm_setcred,
+     NULL,
+     NULL,
+     NULL,
+     NULL,
+};
+
+#endif
+
+/* end of module definition */