Relevant BUGIDs: 436435

Purpose of commit: new feature Commit summary: --------------- add account management to a bunch of modules. Submitted by Harald Welte.
author: Andrew G. Morgan <morgan@kernel.org> 2002-07-13 05:10:54 +0000
committer: Andrew G. Morgan <morgan@kernel.org> 2002-07-13 05:10:54 +0000
commit: c95e6e34c26fc95f622b4d0535bccede3c655146 (patch)
tree: 1168d99167e0aa3f3f8f1cde243b8b3461d083c3 /modules/pam_shells
parent: 0912bbea47b70d7dce2de8a98828c4ad04ff68aa (diff)
1 files changed, 73 insertions, 56 deletions
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 36dd1a91..b70ba030 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -26,6 +26,7 @@
  */
 
 #define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
 
@@ -42,77 +43,93 @@ static void _pam_log(int err, const char *format, ...)
     closelog();
 }
 
-/* --- authentication management functions (only) --- */
-
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
-			,const char **argv)
+static int perform_check(pam_handle_t *pamh, int flags)
 {
-     int retval = PAM_AUTH_ERR;
-     const char *userName;
-     char *userShell;
-     char shellFileLine[256];
-     struct stat sb;
-     struct passwd * pw;
-     FILE * shellFile;
-
-     retval = pam_get_user(pamh,&userName,NULL);
-     if(retval != PAM_SUCCESS) 
-       return PAM_SERVICE_ERR;
-
-     if(!userName || (strlen(userName) <= 0)) {
-       /* Don't let them use a NULL username... */
-       pam_get_user(pamh,&userName,NULL);
+    int retval = PAM_AUTH_ERR;
+    const char *userName;
+    char *userShell;
+    char shellFileLine[256];
+    struct stat sb;
+    struct passwd * pw;
+    FILE * shellFile;
+
+    retval = pam_get_user(pamh, &userName, NULL);
+    if (retval != PAM_SUCCESS) {
+	return PAM_SERVICE_ERR;
+    }
+
+    if (!userName || (strlen(userName) <= 0)) {
+	/* Don't let them use a NULL username... */
+	pam_get_user(pamh,&userName,NULL);
         if (retval != PAM_SUCCESS)
-	  return PAM_SERVICE_ERR;
-     }
+	    return PAM_SERVICE_ERR;
+    }
 
-     pw = getpwnam(userName);
-     if (!pw)
+    pw = getpwnam(userName);
+    if (!pw) {
 	return PAM_AUTH_ERR;		/* user doesn't exist */
-     userShell = pw->pw_shell;
+    }
+    userShell = pw->pw_shell;
 
-     if(stat(SHELL_FILE,&sb)) {
-	_pam_log(LOG_ERR,
-	        "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
+    if (stat(SHELL_FILE,&sb)) {
+	_pam_log(LOG_ERR, "%s cannot be stat'd (it probably does not exist)",
+		 SHELL_FILE);
 	return PAM_AUTH_ERR;		/* must have /etc/shells */
-     }
+    }
 
-     if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
-	_pam_log(LOG_ERR,
-	        "%s is either world writable or not a normal file", SHELL_FILE);
+    if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+	_pam_log(LOG_ERR, "%s is either world writable or not a normal file",
+		 SHELL_FILE);
 	return PAM_AUTH_ERR;
-     }
+    }
 
-     shellFile = fopen(SHELL_FILE,"r");
-     if(shellFile == NULL) { /* Check that we opened it successfully */
+    shellFile = fopen(SHELL_FILE,"r");
+    if (shellFile == NULL) {       /* Check that we opened it successfully */
 	_pam_log(LOG_ERR,
-	        "Error opening %s", SHELL_FILE);
-       return PAM_SERVICE_ERR;
-     }
-     /* There should be no more errors from here on */
-     retval=PAM_AUTH_ERR;
-     /* This loop assumes that PAM_SUCCESS == 0
-        and PAM_AUTH_ERR != 0 */
-     while((fgets(shellFileLine,255,shellFile) != NULL) 
-	   && retval) {
-       if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
-	   shellFileLine[strlen(shellFileLine) - 1] = '\0';
-       retval = strcmp(shellFileLine, userShell);
-     }
-     fclose(shellFile);
-     if(retval)
-       retval = PAM_AUTH_ERR;
-     return retval;
+		 "Error opening %s", SHELL_FILE);
+	return PAM_SERVICE_ERR;
+    }
+
+    retval = 1;
+
+    while((fgets(shellFileLine, 255, shellFile) != NULL) && retval) {
+	if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
+	    shellFileLine[strlen(shellFileLine) - 1] = '\0';
+	retval = strcmp(shellFileLine, userShell);
+    }
+
+    fclose(shellFile);
+
+    if (retval) {
+	return PAM_AUTH_ERR;
+    } else {
+	return PAM_SUCCESS;
+    }
+}
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+			const char **argv)
+{
+    return perform_check(pamh, flags);
 }
 
 PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
-		   ,const char **argv)
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,const char **argv)
 {
      return PAM_SUCCESS;
 }
 
+/* --- account management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+		     const char **argv)
+{
+    return perform_check(pamh, flags);
+}
 
 #ifdef PAM_STATIC
 
@@ -122,12 +139,12 @@ struct pam_module _pam_shells_modstruct = {
      "pam_shells",
      pam_sm_authenticate,
      pam_sm_setcred,
-     NULL,
+     pam_sm_acct_mgmt,
      NULL,
      NULL,
      NULL,
 };
 
-#endif
+#endif /* PAM_STATIC */
 
 /* end of module definition */
author	Andrew G. Morgan <morgan@kernel.org>	2002-07-13 05:10:54 +0000
committer	Andrew G. Morgan <morgan@kernel.org>	2002-07-13 05:10:54 +0000
commit	c95e6e34c26fc95f622b4d0535bccede3c655146 (patch)
tree	1168d99167e0aa3f3f8f1cde243b8b3461d083c3 /modules/pam_shells
parent	0912bbea47b70d7dce2de8a98828c4ad04ff68aa (diff)