summaryrefslogtreecommitdiff
path: root/modules/pam_shells/pam_shells.c
diff options
context:
space:
mode:
authorAndrew G. Morgan <morgan@kernel.org>2002-07-13 05:10:54 +0000
committerAndrew G. Morgan <morgan@kernel.org>2002-07-13 05:10:54 +0000
commitc95e6e34c26fc95f622b4d0535bccede3c655146 (patch)
tree1168d99167e0aa3f3f8f1cde243b8b3461d083c3 /modules/pam_shells/pam_shells.c
parent0912bbea47b70d7dce2de8a98828c4ad04ff68aa (diff)
Relevant BUGIDs: 436435
Purpose of commit: new feature Commit summary: --------------- add account management to a bunch of modules. Submitted by Harald Welte.
Diffstat (limited to 'modules/pam_shells/pam_shells.c')
-rw-r--r--modules/pam_shells/pam_shells.c129
1 files changed, 73 insertions, 56 deletions
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 36dd1a91..b70ba030 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -26,6 +26,7 @@
*/
#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
#include <security/pam_modules.h>
@@ -42,77 +43,93 @@ static void _pam_log(int err, const char *format, ...)
closelog();
}
-/* --- authentication management functions (only) --- */
-
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
- ,const char **argv)
+static int perform_check(pam_handle_t *pamh, int flags)
{
- int retval = PAM_AUTH_ERR;
- const char *userName;
- char *userShell;
- char shellFileLine[256];
- struct stat sb;
- struct passwd * pw;
- FILE * shellFile;
-
- retval = pam_get_user(pamh,&userName,NULL);
- if(retval != PAM_SUCCESS)
- return PAM_SERVICE_ERR;
-
- if(!userName || (strlen(userName) <= 0)) {
- /* Don't let them use a NULL username... */
- pam_get_user(pamh,&userName,NULL);
+ int retval = PAM_AUTH_ERR;
+ const char *userName;
+ char *userShell;
+ char shellFileLine[256];
+ struct stat sb;
+ struct passwd * pw;
+ FILE * shellFile;
+
+ retval = pam_get_user(pamh, &userName, NULL);
+ if (retval != PAM_SUCCESS) {
+ return PAM_SERVICE_ERR;
+ }
+
+ if (!userName || (strlen(userName) <= 0)) {
+ /* Don't let them use a NULL username... */
+ pam_get_user(pamh,&userName,NULL);
if (retval != PAM_SUCCESS)
- return PAM_SERVICE_ERR;
- }
+ return PAM_SERVICE_ERR;
+ }
- pw = getpwnam(userName);
- if (!pw)
+ pw = getpwnam(userName);
+ if (!pw) {
return PAM_AUTH_ERR; /* user doesn't exist */
- userShell = pw->pw_shell;
+ }
+ userShell = pw->pw_shell;
- if(stat(SHELL_FILE,&sb)) {
- _pam_log(LOG_ERR,
- "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
+ if (stat(SHELL_FILE,&sb)) {
+ _pam_log(LOG_ERR, "%s cannot be stat'd (it probably does not exist)",
+ SHELL_FILE);
return PAM_AUTH_ERR; /* must have /etc/shells */
- }
+ }
- if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
- _pam_log(LOG_ERR,
- "%s is either world writable or not a normal file", SHELL_FILE);
+ if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+ _pam_log(LOG_ERR, "%s is either world writable or not a normal file",
+ SHELL_FILE);
return PAM_AUTH_ERR;
- }
+ }
- shellFile = fopen(SHELL_FILE,"r");
- if(shellFile == NULL) { /* Check that we opened it successfully */
+ shellFile = fopen(SHELL_FILE,"r");
+ if (shellFile == NULL) { /* Check that we opened it successfully */
_pam_log(LOG_ERR,
- "Error opening %s", SHELL_FILE);
- return PAM_SERVICE_ERR;
- }
- /* There should be no more errors from here on */
- retval=PAM_AUTH_ERR;
- /* This loop assumes that PAM_SUCCESS == 0
- and PAM_AUTH_ERR != 0 */
- while((fgets(shellFileLine,255,shellFile) != NULL)
- && retval) {
- if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
- shellFileLine[strlen(shellFileLine) - 1] = '\0';
- retval = strcmp(shellFileLine, userShell);
- }
- fclose(shellFile);
- if(retval)
- retval = PAM_AUTH_ERR;
- return retval;
+ "Error opening %s", SHELL_FILE);
+ return PAM_SERVICE_ERR;
+ }
+
+ retval = 1;
+
+ while((fgets(shellFileLine, 255, shellFile) != NULL) && retval) {
+ if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
+ shellFileLine[strlen(shellFileLine) - 1] = '\0';
+ retval = strcmp(shellFileLine, userShell);
+ }
+
+ fclose(shellFile);
+
+ if (retval) {
+ return PAM_AUTH_ERR;
+ } else {
+ return PAM_SUCCESS;
+ }
+}
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return perform_check(pamh, flags);
}
PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
- ,const char **argv)
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,const char **argv)
{
return PAM_SUCCESS;
}
+/* --- account management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return perform_check(pamh, flags);
+}
#ifdef PAM_STATIC
@@ -122,12 +139,12 @@ struct pam_module _pam_shells_modstruct = {
"pam_shells",
pam_sm_authenticate,
pam_sm_setcred,
- NULL,
+ pam_sm_acct_mgmt,
NULL,
NULL,
NULL,
};
-#endif
+#endif /* PAM_STATIC */
/* end of module definition */