Relevant BUGIDs: none

Purpose of commit: cleanup Commit summary: --------------- Remove pam_radius module
author: Thorsten Kukuk <kukuk@thkukuk.de> 2005-09-19 09:36:02 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2005-09-19 09:36:02 +0000
commit: 918af1e76f3d37ba904f51543de904f7b8fad1b5 (patch)
tree: 22725d0c58d0b559fb8519868ab812fa57d7357b /modules
parent: 1a2eca1c44efa21a0126e7d72133164e44612db8 (diff)
5 files changed, 1 insertions, 317 deletions
diff --git a/modules/Makefile.am b/modules/Makefile.am
index 7d635971..f9a04570 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -5,7 +5,7 @@
 SUBDIRS = pammodutil pam_access pam_cracklib pam_debug pam_deny pam_env \
 	pam_filter pam_ftp pam_group pam_issue pam_lastlog pam_limits \
 	pam_listfile pam_localuser pam_mail pam_mkhomedir pam_motd \
-	pam_nologin pam_permit pam_pwdb pam_radius pam_rhosts pam_rootok \
+	pam_nologin pam_permit pam_pwdb pam_rhosts pam_rootok \
 	pam_securetty pam_selinux pam_shells pam_stress pam_succeed_if \
 	pam_tally pam_time pam_umask pam_unix pam_userdb pam_warn \
 	pam_wheel pam_xauth
diff --git a/modules/pam_radius/Makefile.am b/modules/pam_radius/Makefile.am
deleted file mode 100644
index 7020904d..00000000
--- a/modules/pam_radius/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-
-EXTRA_DIST = README
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-noinst_HEADERS = pam_radius.h
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
-AM_LDFLAGS = -no-undefined -avoid-version -module \
-	-L$(top_builddir)/modules/pammodutil -lpammodutil \
-	-L$(top_builddir)/libpam -lpam
-if HAVE_VERSIONING
-  AM_LDFLAGS += -Wl,--version-script=../modules.map
-endif
-
-if HAVE_LIBPWDB
-  securelib_LTLIBRARIES = pam_radius.la
-endif
diff --git a/modules/pam_radius/README b/modules/pam_radius/README
deleted file mode 100644
index 253308fd..00000000
--- a/modules/pam_radius/README
+++ /dev/null
@@ -1,58 +0,0 @@
-
-pam_radius module:
-	RADIUS session module.
-
-WHAT IT DOES:
-	This module is intended to provide the session service for users
-autheticated with a RADIUS server. At the present stage, the only option
-supported is the use of the RADIUS server as an accounting server. There are
-few things which needs to be cleared out first in the PAM project until one
-will be able to use this module and expect it to magically start pppd in
-response to a RADIUS server command to use PPP for this user, or to initiate
-a telnet connection to another host, or to hang and call back the user using
-parameters provided in the RADIUS server response. Most of these things are
-better suited for the radius login application. I hope to make available
-Real Soon (tm) patches for the login apps to make it work this way.
-
-
-ARGUMENTS RECOGNIZED:
-    debug		verbose logging
-
-MODULE SERVICES PROVIDED:
-	session            _open_session and _close_session
-	
-	When opening a session, this module sends an Accounting-Start
-message to the RADIUS server, which will log/update/whatever a database for
-this user. On close, an Accounting-Stop message is sent to the RADIUS
-server.
-
-This module have no other pre-requisites for making it work. One can install
-a RADIUS server just for fun and use it as a centralized accounting server and
-forget about wtmp/last/sac&comp :-)
-
-USAGE:
-	For the services you need this module (login for example) put
-	the following line in /etc/pam.conf as the last line for that
-	service (usually after the pam_unix session line):
-
-	login   session    required     /lib/security/pam_radius.so
-
-	Replace "login" for each service you are using this module.
-
-	This module make extensive use of the API provided in libpwdb
-	0.54preB or later. By default, it will read the radius server
-	configuration (hostname and secret) from /etc/raddb/server. This is
-	a default compiled into libpwdb, and curently there is no way to
-	modify this default without recompiling libpwdb. I am working on
-	extending the radius support from libpwdb to provide a possibility
-	to make this runtime-configurable.
-
-	Also please note that libpwdb will require also the RADIUS
-	dictionary to be present (/etc/raddb/dictionary).
-
-TODO:
-	The work is far from complete. Deal with "real" session things.
-
-AUTHOR:
-        Cristian Gafton <gafton@redhat.com>
-
diff --git a/modules/pam_radius/pam_radius.c b/modules/pam_radius/pam_radius.c
deleted file mode 100644
index b412edf9..00000000
--- a/modules/pam_radius/pam_radius.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * pam_radius 
- *      Process an user session according to a RADIUS server response
- *
- * 1.0 - initial release - Linux ONLY
- * 1.1 - revised and reorganized for libpwdb 0.54preB or higher
- *     - removed the conf= parameter, since we use libpwdb exclusively now
- *
- * See end for Copyright information
- */
-
-#if !(defined(linux))
-#error THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!!
-#endif 
-
-/* Module defines */
-#define BUFFER_SIZE      1024
-#define LONG_VAL_PTR(ptr) ((*(ptr)<<24)+(*((ptr)+1)<<16)+(*((ptr)+2)<<8)+(*((ptr)+3)))
-
-#define PAM_SM_SESSION
-
-#include "pam_radius.h"
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-
-static time_t session_time;
-
-/* we need to save these from open_session to close_session, since
- * when close_session will be called we won't be root anymore and
- * won't be able to access again the radius server configuration file
- * -- cristiang */
-
-static RADIUS_SERVER rad_server;
-static char hostname[BUFFER_SIZE];
-static char secret[BUFFER_SIZE];
-
-/* logging */
-static void _pam_log(int err, const char *format, ...)
-{
-    va_list args;
-
-    va_start(args, format);
-    openlog("pam_radius", LOG_CONS|LOG_PID, LOG_AUTH);
-    vsyslog(err, format, args);
-    va_end(args);
-    closelog();
-}
-
-/* argument parsing */
-
-#define PAM_DEBUG_ARG       0x0001
-
-static int _pam_parse(int argc, const char **argv)
-{
-     int ctrl=0;
-
-     /* step through arguments */
-     for (ctrl=0; argc-- > 0; ++argv) {
-
-          /* generic options */
-
-          if (!strcmp(*argv,"debug"))
-               ctrl |= PAM_DEBUG_ARG;
-          else {
-               _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
-          }
-     }
-
-     return ctrl;
-}
-
-/* now the session stuff */
-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
-                                   int argc, const char **argv)
-{
-    int retval;
-    char *user_name;
-    int ctrl;
-        
-    ctrl = _pam_parse(argc, argv); 
-    retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
-    if ( user_name == NULL || retval != PAM_SUCCESS ) {
-        _pam_log(LOG_CRIT, "open_session - error recovering username");
-        return PAM_SESSION_ERR;
-     }
-	
-    if (ctrl & PAM_DEBUG_ARG)
-        _pam_log(LOG_DEBUG, "starting RADIUS user session for '%s'",
-                             user_name);
-
-    retval = get_server_entries(hostname, secret);
-    if ((retval != PWDB_RADIUS_SUCCESS) ||
-        !strlen(hostname) || !strlen(secret)) {
-	_pam_log(LOG_CRIT, "Could not determine the radius server to talk to");
-        return PAM_IGNORE;
-    }
-    session_time = time(NULL);
-    rad_server.hostname = hostname;
-    rad_server.secret = secret;
-    retval = radius_acct_start(rad_server, user_name);
-    if (retval != PWDB_RADIUS_SUCCESS) {
-	if (ctrl & PAM_DEBUG_ARG)
-	    _pam_log(LOG_DEBUG, "ERROR communicating with the RADIUS server");
-	return PAM_IGNORE;
-    }
-
-    return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,
-                                    int argc, const char **argv)
-{
-    int ctrl;
-    char *user_name;
-    int retval;
-
-    ctrl = _pam_parse(argc, argv); 
-    retval = pam_get_item( pamh, PAM_USER, (void*) &user_name );
-    if ( user_name == NULL || retval != PAM_SUCCESS ) {
-        _pam_log(LOG_CRIT, "open_session - error recovering username");
-        return PAM_SESSION_ERR;
-     }
-
-    if (ctrl & PAM_DEBUG_ARG)
-         _pam_log(LOG_DEBUG, "closing RADIUS user session for '%s'",
-                              user_name);
-
-    if (!strlen(hostname) || !strlen(secret)) {
-        _pam_log(LOG_CRIT, "Could not determine the radius server to talk to");
-        return PAM_IGNORE;
-    }
-    retval = radius_acct_stop(rad_server, user_name, 
-			      time(NULL) - session_time);
-    if (retval != PWDB_RADIUS_SUCCESS) {
-        if (ctrl & PAM_DEBUG_ARG)
-            _pam_log(LOG_DEBUG, "ERROR communicating with the RADIUS server");
-        return PAM_IGNORE;
-    }
-    
-    return PAM_SUCCESS;
-}
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_radius_modstruct = {
-     "pam_radius",
-     NULL,
-     NULL,
-     NULL,
-     pam_sm_open_session,
-     pam_sm_close_session,
-     NULL
-};
-#endif
-
-/*
- * Copyright (c) Cristian Gafton, 1996, <gafton@redhat.com>
- *                                              All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- * 
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions.  (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- * 
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
diff --git a/modules/pam_radius/pam_radius.h b/modules/pam_radius/pam_radius.h
deleted file mode 100644
index 12ee5778..00000000
--- a/modules/pam_radius/pam_radius.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * $Id$
- */
-
-#ifndef PAM_RADIUS_H
-#define PAM_RADIUS_H
-
-#include "config.h"
-
-#include <stdio.h>
-
-#ifndef __USE_POSIX2
-#define __USE_POSIX2
-#endif /* __USE_POSIX2 */
-
-#include <stdlib.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/resource.h>
-
-#include <unistd.h>
-#include <string.h>
-#include <ctype.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <utmp.h>
-#include <time.h>
-#include <netdb.h>
-
-#include <netinet/in.h>
-#include <rpcsvc/ypclnt.h>
-#include <rpc/rpc.h>
-
-#include <pwdb/radius.h>
-#include <pwdb/pwdb_radius.h>
-
-/******************************************************************/
-
-#endif /* PAM_RADIUS_H */
author	Thorsten Kukuk <kukuk@thkukuk.de>	2005-09-19 09:36:02 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2005-09-19 09:36:02 +0000
commit	918af1e76f3d37ba904f51543de904f7b8fad1b5 (patch)
tree	22725d0c58d0b559fb8519868ab812fa57d7357b /modules
parent	1a2eca1c44efa21a0126e7d72133164e44612db8 (diff)