diff options
Diffstat (limited to 'Linux-PAM/modules/pam_nologin/pam_nologin.c')
-rw-r--r-- | Linux-PAM/modules/pam_nologin/pam_nologin.c | 88 |
1 files changed, 31 insertions, 57 deletions
diff --git a/Linux-PAM/modules/pam_nologin/pam_nologin.c b/Linux-PAM/modules/pam_nologin/pam_nologin.c index 8e7e124a..570d9dc3 100644 --- a/Linux-PAM/modules/pam_nologin/pam_nologin.c +++ b/Linux-PAM/modules/pam_nologin/pam_nologin.c @@ -1,18 +1,21 @@ /* pam_nologin module */ /* - * $Id: pam_nologin.c,v 1.6 2005/01/07 15:31:26 t8m Exp $ + * $Id: pam_nologin.c,v 1.11 2005/09/22 22:16:02 ldv Exp $ * * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24 * */ +#include "config.h" + #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> +#include <syslog.h> #include <pwd.h> #include <security/_pam_macros.h> @@ -27,8 +30,8 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> - -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> +#include <security/pam_ext.h> /* * parse some command line options @@ -38,8 +41,8 @@ struct opt_s { const char *nologin_file; }; -static void parse_args(pam_handle_t *pamh, int argc, const char **argv, - struct opt_s *opts) +static void +parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts) { int i; @@ -51,11 +54,10 @@ static void parse_args(pam_handle_t *pamh, int argc, const char **argv, for (i=0; i<argc; ++i) { if (!strcmp("successok", argv[i])) { opts->retval_when_nofile = PAM_SUCCESS; - } else if (!memcmp("file=", argv[i], 5)) { + } else if (!strncmp("file=", argv[i], 5)) { opts->nologin_file = argv[i] + 5; } else { - /* XXX - ignore for now. Later, we'll use the logging - function in pammodutils */ + pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); } } } @@ -67,41 +69,28 @@ static void parse_args(pam_handle_t *pamh, int argc, const char **argv, static int perform_check(pam_handle_t *pamh, struct opt_s *opts) { const char *username; - int retval = PAM_SUCCESS; + int retval = opts->retval_when_nofile; int fd; - retval = opts->retval_when_nofile; - if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) { + pam_syslog(pamh, LOG_WARNING, "cannot determine username"); return PAM_USER_UNKNOWN; } if ((fd = open(opts->nologin_file, O_RDONLY, 0)) >= 0) { char *mtmp=NULL; + int msg_style = PAM_TEXT_INFO; struct passwd *user_pwd; - struct pam_conv *conversation; - struct pam_message message; - struct pam_message *pmessage = &message; - struct pam_response *resp = NULL; struct stat st; - user_pwd = _pammodutil_getpwnam(pamh, username); + user_pwd = pam_modutil_getpwnam(pamh, username); if (user_pwd == NULL) { - retval = PAM_USER_UNKNOWN; - message.msg_style = PAM_ERROR_MSG; - + msg_style = PAM_ERROR_MSG; } else if (user_pwd->pw_uid) { - retval = PAM_AUTH_ERR; - message.msg_style = PAM_ERROR_MSG; - - } else { - - /* root can still log in; lusers cannot */ - message.msg_style = PAM_TEXT_INFO; - + msg_style = PAM_ERROR_MSG; } /* fill in message buffer with contents of /etc/nologin */ @@ -110,31 +99,16 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) goto clean_up_fd; } - message.msg = mtmp = malloc(st.st_size+1); - if (!message.msg) { - /* if malloc failed... */ + mtmp = malloc(st.st_size+1); + if (!mtmp) { + pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto clean_up_fd; } - if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) { - mtmp[st.st_size] = '\000'; - - /* - * Use conversation function to give user contents - * of /etc/nologin - */ - - if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) - == PAM_SUCCESS && conversation && conversation->conv) { - (void) conversation->conv(1, - (const struct pam_message **)&pmessage, - &resp, conversation->appdata_ptr); - - if (resp) { - _pam_drop_reply(resp, 1); - } - } + if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { + mtmp[st.st_size] = '\0'; + (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); } else retval = PAM_SYSTEM_ERR; @@ -151,9 +125,9 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) /* --- authentication management functions --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { struct opt_s opts; @@ -162,9 +136,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, return perform_check(pamh, &opts); } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc, const char **argv) { struct opt_s opts; @@ -175,9 +149,9 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, /* --- account management function --- */ -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { struct opt_s opts; |