3 files changed, 158 insertions, 0 deletions
diff --git a/Linux-PAM/modules/pam_shells/Makefile b/Linux-PAM/modules/pam_shells/Makefile
new file mode 100644
index 00000000..1ead26c5
--- /dev/null
+++ b/Linux-PAM/modules/pam_shells/Makefile
@@ -0,0 +1,15 @@
+#
+# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:33 hartmans Exp $
+#
+# This Makefile controls a build process of $(TITLE) module for
+# Linux-PAM. You should not modify this Makefile (unless you know
+# what you are doing!).
+#
+# Created by Andrew Morgan <morgan@linux.kernel.org> 2000/08/27
+#
+
+include ../../Make.Rules
+
+TITLE=pam_shells
+
+include ../Simple.Rules
diff --git a/Linux-PAM/modules/pam_shells/README b/Linux-PAM/modules/pam_shells/README
new file mode 100644
index 00000000..cbd5bfb5
--- /dev/null
+++ b/Linux-PAM/modules/pam_shells/README
@@ -0,0 +1,10 @@
+pam_shells:
+	Authentication is granted if the users shell is listed in
+	/etc/shells. If no shell is in /etc/passwd (empty), the
+	/bin/sh is used (following ftpd's convention).
+
+	Also checks to make sure that /etc/shells is a plain
+	file and not world writable.
+
+	- Erik Troan <ewt@redhat.com>, Red Hat Software.
+		August 5, 1996.
diff --git a/Linux-PAM/modules/pam_shells/pam_shells.c b/Linux-PAM/modules/pam_shells/pam_shells.c
new file mode 100644
index 00000000..36dd1a91
--- /dev/null
+++ b/Linux-PAM/modules/pam_shells/pam_shells.c
@@ -0,0 +1,133 @@
+/* pam_shells module */
+
+#define SHELL_FILE "/etc/shells"
+
+/*
+ * by Erik Troan <ewt@redhat.com>, Red Hat Software.
+ * August 5, 1996.
+ * This code shamelessly ripped from the pam_securetty module.
+ */
+
+#define _BSD_SOURCE
+
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <syslog.h>
+#include <unistd.h>
+
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#define PAM_SM_AUTH
+
+#include <security/pam_modules.h>
+
+/* some syslogging */
+
+static void _pam_log(int err, const char *format, ...)
+{
+    va_list args;
+
+    va_start(args, format);
+    openlog("PAM-shells", LOG_CONS|LOG_PID, LOG_AUTH);
+    vsyslog(err, format, args);
+    va_end(args);
+    closelog();
+}
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
+			,const char **argv)
+{
+     int retval = PAM_AUTH_ERR;
+     const char *userName;
+     char *userShell;
+     char shellFileLine[256];
+     struct stat sb;
+     struct passwd * pw;
+     FILE * shellFile;
+
+     retval = pam_get_user(pamh,&userName,NULL);
+     if(retval != PAM_SUCCESS) 
+       return PAM_SERVICE_ERR;
+
+     if(!userName || (strlen(userName) <= 0)) {
+       /* Don't let them use a NULL username... */
+       pam_get_user(pamh,&userName,NULL);
+        if (retval != PAM_SUCCESS)
+	  return PAM_SERVICE_ERR;
+     }
+
+     pw = getpwnam(userName);
+     if (!pw)
+	return PAM_AUTH_ERR;		/* user doesn't exist */
+     userShell = pw->pw_shell;
+
+     if(stat(SHELL_FILE,&sb)) {
+	_pam_log(LOG_ERR,
+	        "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
+	return PAM_AUTH_ERR;		/* must have /etc/shells */
+     }
+
+     if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+	_pam_log(LOG_ERR,
+	        "%s is either world writable or not a normal file", SHELL_FILE);
+	return PAM_AUTH_ERR;
+     }
+
+     shellFile = fopen(SHELL_FILE,"r");
+     if(shellFile == NULL) { /* Check that we opened it successfully */
+	_pam_log(LOG_ERR,
+	        "Error opening %s", SHELL_FILE);
+       return PAM_SERVICE_ERR;
+     }
+     /* There should be no more errors from here on */
+     retval=PAM_AUTH_ERR;
+     /* This loop assumes that PAM_SUCCESS == 0
+        and PAM_AUTH_ERR != 0 */
+     while((fgets(shellFileLine,255,shellFile) != NULL) 
+	   && retval) {
+       if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
+	   shellFileLine[strlen(shellFileLine) - 1] = '\0';
+       retval = strcmp(shellFileLine, userShell);
+     }
+     fclose(shellFile);
+     if(retval)
+       retval = PAM_AUTH_ERR;
+     return retval;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
+		   ,const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_shells_modstruct = {
+     "pam_shells",
+     pam_sm_authenticate,
+     pam_sm_setcred,
+     NULL,
+     NULL,
+     NULL,
+     NULL,
+};
+
+#endif
+
+/* end of module definition */