diff options
Diffstat (limited to 'modules/pam_listfile')
-rw-r--r-- | modules/pam_listfile/.cvsignore | 8 | ||||
-rw-r--r-- | modules/pam_listfile/Makefile.am | 31 | ||||
-rw-r--r-- | modules/pam_listfile/README.xml | 41 | ||||
-rw-r--r-- | modules/pam_listfile/pam_listfile.8.xml | 297 | ||||
-rw-r--r-- | modules/pam_listfile/pam_listfile.c | 462 | ||||
-rwxr-xr-x | modules/pam_listfile/tst-pam_listfile | 2 |
6 files changed, 0 insertions, 841 deletions
diff --git a/modules/pam_listfile/.cvsignore b/modules/pam_listfile/.cvsignore deleted file mode 100644 index f54f6f27..00000000 --- a/modules/pam_listfile/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -*.la -*.lo -.deps -.libs -Makefile -Makefile.in -README -pam_listfile.8 diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am deleted file mode 100644 index 2f211320..00000000 --- a/modules/pam_listfile/Makefile.am +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile - -man_MANS = pam_listfile.8 -XMLS = README.xml pam_listfile.8.xml - -TESTS = tst-pam_listfile - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -AM_LDFLAGS = -no-undefined -avoid-version -module -if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -securelib_LTLIBRARIES = pam_listfile.la -pam_listfile_la_LIBADD = -L$(top_builddir)/libpam -lpam - -if ENABLE_REGENERATE_MAN -noinst_DATA = README -README: pam_listfile.8.xml --include $(top_srcdir)/Make.xml.rules -endif - diff --git a/modules/pam_listfile/README.xml b/modules/pam_listfile/README.xml deleted file mode 100644 index d851aef3..00000000 --- a/modules/pam_listfile/README.xml +++ /dev/null @@ -1,41 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_listfile.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml deleted file mode 100644 index e54e80a4..00000000 --- a/modules/pam_listfile/pam_listfile.8.xml +++ /dev/null @@ -1,297 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_listfile"> - - <refmeta> - <refentrytitle>pam_listfile</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_listfile-name"> - <refname>pam_listfile</refname> - <refpurpose>deny or allow services based on an arbitrary file</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_listfile-cmdsynopsis"> - <command>pam_listfile.so</command> - <arg choice="plain"> - item=[tty|user|rhost|ruser|group|shell] - </arg> - <arg choice="plain"> - sense=[allow|deny] - </arg> - <arg choice="plain"> - file=<replaceable>/path/filename</replaceable> - </arg> - <arg choice="plain"> - onerr=[succeed|fail] - </arg> - <arg choice="opt"> - apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>] - </arg> - <arg choice="opt"> - quiet - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_listfile-description"> - - <title>DESCRIPTION</title> - - <para> - pam_listfile is a PAM module which provides a way to deny or - allow services based on an arbitrary file. - </para> - <para> - The module gets the <option>item</option> of the type specified -- - <emphasis>user</emphasis> specifies the username, - <emphasis>PAM_USER</emphasis>; tty specifies the name of the terminal - over which the request has been made, <emphasis>PAM_TTY</emphasis>; - rhost specifies the name of the remote host (if any) from which the - request was made, <emphasis>PAM_RHOST</emphasis>; and ruser specifies - the name of the remote user (if available) who made the request, - <emphasis>PAM_RUSER</emphasis> -- and looks for an instance of that - item in the <option>file=<replaceable>filename</replaceable></option>. - <filename>filename</filename> contains one line per item listed. If - the item is found, then if - <option>sense=<replaceable>allow</replaceable></option>, - <emphasis>PAM_SUCCESS</emphasis> is returned, causing the authorization - request to succeed; else if - <option>sense=<replaceable>deny</replaceable></option>, - <emphasis>PAM_AUTH_ERR</emphasis> is returned, causing the authorization - request to fail. - </para> - <para> - If an error is encountered (for instance, if - <filename>filename</filename> does not exist, or a poorly-constructed - argument is encountered), then if <emphasis>onerr=succeed</emphasis>, - <emphasis>PAM_SUCCESS</emphasis> is returned, otherwise if - <emphasis>onerr=fail</emphasis>, <emphasis>PAM_AUTH_ERR</emphasis> or - <emphasis>PAM_SERVICE_ERR</emphasis> (as appropriate) will be returned. - </para> - <para> - An additional argument, <option>apply=</option>, can be used - to restrict the application of the above to a specific user - (<option>apply=<replaceable>username</replaceable></option>) - or a given group - (<option>apply=<replaceable>@groupname</replaceable></option>). - This added restriction is only meaningful when used with the - <emphasis>tty</emphasis>, <emphasis>rhost</emphasis> and - <emphasis>shell</emphasis> items. - </para> - <para> - Besides this last one, all arguments should be specified; do not - count on any default behavior. - </para> - <para> - No credentials are awarded by this module. - </para> - </refsect1> - - <refsect1 id="pam_listfile-options"> - - <title>OPTIONS</title> - <para> - <variablelist> - - <varlistentry> - <term> - <option>item=[tty|user|rhost|ruser|group|shell]</option> - </term> - <listitem> - <para> - What is listed in the file and should be checked for. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>sense=[allow|deny]</option> - </term> - <listitem> - <para> - Action to take if found in file, if the item is NOT found in - the file, then the opposite action is requested. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>file=<replaceable>/path/filename</replaceable></option> - </term> - <listitem> - <para> - File containing one item per line. The file needs to be a plain - file and not world writeable. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>onerr=[succeed|fail]</option> - </term> - <listitem> - <para> - What to do if something weird happens like being unable to open - the file. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>]</option> - </term> - <listitem> - <para> - Restrict the user class for which the restriction apply. Note that - with <option>item=[user|ruser|group]</option> this does not make sense, - but for <option>item=[tty|rhost|shell]</option> it have a meaning. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>quiet</option> - </term> - <listitem> - <para> - Do not treat service refusals or missing list files as - errors that need to be logged. - </para> - </listitem> - </varlistentry> - </variablelist> - - </para> - </refsect1> - - <refsect1 id="pam_listfile-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - The services <option>auth</option>, <option>account</option>, - <option>password</option> and <option>session</option> are supported. - </para> - </refsect1> - - <refsect1 id='pam_listfile-return_values'> - <title>RETURN VALUES</title> - <para> - <variablelist> - - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para>Authentication failure.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_IGNORE</term> - <listitem> - <para> - The rule does not apply to the <option>apply</option> option. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para> - Error in service module. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Success. - </para> - </listitem> - </varlistentry> - - </variablelist> - </para> - </refsect1> - - <refsect1 id='pam_listfile-examples'> - <title>EXAMPLES</title> - <para> - Classic 'ftpusers' authentication can be implemented with this entry - in <filename>/etc/pam.d/ftpd</filename>: - <programlisting> -# -# deny ftp-access to users listed in the /etc/ftpusers file -# -auth required pam_listfile.so \ - onerr=succeed item=user sense=deny file=/etc/ftpusers - </programlisting> - Note, users listed in <filename>/etc/ftpusers</filename> file are - (counterintuitively) <emphasis>not</emphasis> allowed access to - the ftp service. - </para> - <para> - To allow login access only for certain users, you can use a - <filename>/etc/pam.d/login</filename> entry like this: - <programlisting> -# -# permit login to users listed in /etc/loginusers -# -auth required pam_listfile.so \ - onerr=fail item=user sense=allow file=/etc/loginusers - </programlisting> - For this example to work, all users who are allowed to use the - login service should be listed in the file - <filename>/etc/loginusers</filename>. Unless you are explicitly - trying to lock out root, make sure that when you do this, you leave - a way for root to log in, either by listing root in - <filename>/etc/loginusers</filename>, or by listing a user who is - able to <emphasis>su</emphasis> to the root account. - </para> - </refsect1> - - <refsect1 id='pam_listfile-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_listfile-author'> - <title>AUTHOR</title> - <para> - pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> - and Elliot Lee <sopwith@cuc.edu>. - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c deleted file mode 100644 index f276e5b8..00000000 --- a/modules/pam_listfile/pam_listfile.c +++ /dev/null @@ -1,462 +0,0 @@ -/* - * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. July 25, 1996. - * log refused access error christopher mccrory <chrismcc@netus.com> 1998/7/11 - * - * This code began life as the pam_rootok module. - */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> -#include <syslog.h> -#include <stdarg.h> -#include <string.h> -#include <pwd.h> -#include <grp.h> - -#ifdef DEBUG -#include <assert.h> -#endif - -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - -#include <security/pam_modules.h> -#include <security/_pam_macros.h> -#include <security/pam_modutil.h> -#include <security/pam_ext.h> - -/* checks if a user is on a list of members */ -static int is_on_list(char * const *list, const char *member) -{ - while (*list) { - if (strcmp(*list, member) == 0) - return 1; - list++; - } - return 0; -} - -/* --- authentication management functions (only) --- */ - -/* Extended Items that are not directly available via pam_get_item() */ -#define EI_GROUP (1 << 0) -#define EI_SHELL (1 << 1) - -/* Constants for apply= parameter */ -#define APPLY_TYPE_NULL 0 -#define APPLY_TYPE_NONE 1 -#define APPLY_TYPE_USER 2 -#define APPLY_TYPE_GROUP 3 - -#define LESSER(a, b) ((a) < (b) ? (a) : (b)) - -PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; - const void *void_citemp; - const char *citemp; - char *ifname=NULL; - char aline[256]; - char mybuf[256],myval[256]; - struct stat fileinfo; - FILE *inf; - char apply_val[256]; - int apply_type; - - /* Stuff for "extended" items */ - struct passwd *userinfo; - struct group *grpinfo; - char *itemlist[256]; /* Maximum of 256 items */ - - apply_type=APPLY_TYPE_NULL; - memset(apply_val,0,sizeof(apply_val)); - - for(i=0; i < argc; i++) { - { - const char *junk; - - memset(mybuf,'\0',sizeof(mybuf)); - memset(myval,'\0',sizeof(mybuf)); - junk = strchr(argv[i], '='); - if((junk == NULL) || (junk - argv[i]) >= (int) sizeof(mybuf)) { - pam_syslog(pamh,LOG_ERR, "Bad option: \"%s\"", - argv[i]); - continue; - } - strncpy(mybuf, argv[i], - LESSER(junk - argv[i], (int)sizeof(mybuf) - 1)); - strncpy(myval, junk + 1, sizeof(myval) - 1); - } - if(!strcmp(mybuf,"onerr")) - if(!strcmp(myval,"succeed")) - onerr = PAM_SUCCESS; - else if(!strcmp(myval,"fail")) - onerr = PAM_SERVICE_ERR; - else { - if (ifname) free (ifname); - return PAM_SERVICE_ERR; - } - else if(!strcmp(mybuf,"sense")) - if(!strcmp(myval,"allow")) - sense=0; - else if(!strcmp(myval,"deny")) - sense=1; - else { - if (ifname) free (ifname); - return onerr; - } - else if(!strcmp(mybuf,"file")) { - if (ifname) free (ifname); - ifname = (char *)malloc(strlen(myval)+1); - if (!ifname) - return PAM_BUF_ERR; - strcpy(ifname,myval); - } else if(!strcmp(mybuf,"item")) - if(!strcmp(myval,"user")) - citem = PAM_USER; - else if(!strcmp(myval,"tty")) - citem = PAM_TTY; - else if(!strcmp(myval,"rhost")) - citem = PAM_RHOST; - else if(!strcmp(myval,"ruser")) - citem = PAM_RUSER; - else { /* These items are related to the user, but are not - directly gettable with pam_get_item */ - citem = PAM_USER; - if(!strcmp(myval,"group")) - extitem = EI_GROUP; - else if(!strcmp(myval,"shell")) - extitem = EI_SHELL; - else - citem = 0; - } else if(!strcmp(mybuf,"apply")) { - apply_type=APPLY_TYPE_NONE; - memset(apply_val,'\0',sizeof(apply_val)); - if (myval[0]=='@') { - apply_type=APPLY_TYPE_GROUP; - strncpy(apply_val,myval+1,sizeof(apply_val)-1); - } else { - apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); - } - } else if (!strcmp(mybuf,"quiet")) { - quiet = 1; - } else { - free(ifname); - pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); - return onerr; - } - } - - if(!citem) { - pam_syslog(pamh,LOG_ERR, - "Unknown item or item not specified"); - free(ifname); - return onerr; - } else if(!ifname) { - pam_syslog(pamh,LOG_ERR, "List filename not specified"); - return onerr; - } else if(sense == 2) { - pam_syslog(pamh,LOG_ERR, - "Unknown sense or sense not specified"); - free(ifname); - return onerr; - } else if( - (apply_type==APPLY_TYPE_NONE) || - ((apply_type!=APPLY_TYPE_NULL) && (*apply_val=='\0')) - ) { - pam_syslog(pamh,LOG_ERR, - "Invalid usage for apply= parameter"); - free (ifname); - return onerr; - } - - /* Check if it makes sense to use the apply= parameter */ - if (apply_type != APPLY_TYPE_NULL) { - if((citem==PAM_USER) || (citem==PAM_RUSER)) { - pam_syslog(pamh,LOG_WARNING, - "Non-sense use for apply= parameter"); - apply_type=APPLY_TYPE_NULL; - } - if(extitem && (extitem==EI_GROUP)) { - pam_syslog(pamh,LOG_WARNING, - "Non-sense use for apply= parameter"); - apply_type=APPLY_TYPE_NULL; - } - } - - /* Short-circuit - test if this session apply for this user */ - { - const char *user_name; - int rval; - - rval=pam_get_user(pamh,&user_name,NULL); - if((rval==PAM_SUCCESS) && user_name && user_name[0]) { - /* Got it ? Valid ? */ - if(apply_type==APPLY_TYPE_USER) { - if(strcmp(user_name, apply_val)) { - /* Does not apply to this user */ -#ifdef DEBUG - pam_syslog(pamh,LOG_DEBUG, - "don't apply: apply=%s, user=%s", - apply_val,user_name); -#endif /* DEBUG */ - free(ifname); - return PAM_IGNORE; - } - } else if(apply_type==APPLY_TYPE_GROUP) { - if(!pam_modutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { - /* Not a member of apply= group */ -#ifdef DEBUG - pam_syslog(pamh,LOG_DEBUG, - - "don't apply: %s not a member of group %s", - user_name,apply_val); -#endif /* DEBUG */ - free(ifname); - return PAM_IGNORE; - } - } - } - } - - retval = pam_get_item(pamh,citem,&void_citemp); - citemp = void_citemp; - if(retval != PAM_SUCCESS) { - return onerr; - } - if((citem == PAM_USER) && !citemp) { - retval = pam_get_user(pamh,&citemp,NULL); - if (retval != PAM_SUCCESS || !citemp) { - free(ifname); - return PAM_SERVICE_ERR; - } - } - if((citem == PAM_TTY) && citemp) { - /* Normalize the TTY name. */ - if(strncmp(citemp, "/dev/", 5) == 0) { - citemp += 5; - } - } - - if(!citemp || (strlen(citemp) == 0)) { - free(ifname); - /* The item was NULL - we are sure not to match */ - return sense?PAM_SUCCESS:PAM_AUTH_ERR; - } - - if(extitem) { - switch(extitem) { - case EI_GROUP: - userinfo = pam_modutil_getpwnam(pamh, citemp); - if (userinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", - citemp); - free(ifname); - return onerr; - } - grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid); - if (grpinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed", - (int)userinfo->pw_gid); - free(ifname); - return onerr; - } - itemlist[0] = x_strdup(grpinfo->gr_name); - setgrent(); - for (i=1; (i < (int)(sizeof(itemlist)/sizeof(itemlist[0])-1)) && - (grpinfo = getgrent()); ) { - if (is_on_list(grpinfo->gr_mem,citemp)) { - itemlist[i++] = x_strdup(grpinfo->gr_name); - } - } - endgrent(); - itemlist[i] = NULL; - break; - case EI_SHELL: - /* Assume that we have already gotten PAM_USER in - pam_get_item() - a valid assumption since citem - gets set to PAM_USER in the extitem switch */ - userinfo = pam_modutil_getpwnam(pamh, citemp); - if (userinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", - citemp); - free(ifname); - return onerr; - } - citemp = userinfo->pw_shell; - break; - default: - pam_syslog(pamh,LOG_ERR, - - "Internal weirdness, unknown extended item %d", - extitem); - free(ifname); - return onerr; - } - } -#ifdef DEBUG - pam_syslog(pamh,LOG_INFO, - - "Got file = %s, item = %d, value = %s, sense = %d", - ifname, citem, citemp, sense); -#endif - if(lstat(ifname,&fileinfo)) { - pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); - free(ifname); - return onerr; - } - - if((fileinfo.st_mode & S_IWOTH) - || !S_ISREG(fileinfo.st_mode)) { - /* If the file is world writable or is not a - normal file, return error */ - pam_syslog(pamh,LOG_ERR, - "%s is either world writable or not a normal file", - ifname); - free(ifname); - return PAM_AUTH_ERR; - } - - inf = fopen(ifname,"r"); - if(inf == NULL) { /* Check that we opened it successfully */ - if (onerr == PAM_SERVICE_ERR) { - /* Only report if it's an error... */ - pam_syslog(pamh,LOG_ERR, "Error opening %s", ifname); - } - free(ifname); - return onerr; - } - /* There should be no more errors from here on */ - retval=PAM_AUTH_ERR; - /* This loop assumes that PAM_SUCCESS == 0 - and PAM_AUTH_ERR != 0 */ -#ifdef DEBUG - assert(PAM_SUCCESS == 0); - assert(PAM_AUTH_ERR != 0); -#endif - if(extitem == EI_GROUP) { - while((fgets(aline,sizeof(aline),inf) != NULL) - && retval) { - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\n') - aline[strlen(aline) - 1] = '\0'; - for(i=0;itemlist[i];) - /* If any of the items match, strcmp() == 0, and we get out - of this loop */ - retval = (strcmp(aline,itemlist[i++]) && retval); - } - for(i=0;itemlist[i];) - free(itemlist[i++]); - } else { - while((fgets(aline,sizeof(aline),inf) != NULL) - && retval) { - char *a = aline; - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\n') - aline[strlen(aline) - 1] = '\0'; - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\r') - aline[strlen(aline) - 1] = '\0'; - if(citem == PAM_TTY) - if(strncmp(a, "/dev/", 5) == 0) - a += 5; - retval = strcmp(a,citemp); - } - } - fclose(inf); - free(ifname); - if ((sense && retval) || (!sense && !retval)) { -#ifdef DEBUG - pam_syslog(pamh,LOG_INFO, - "Returning PAM_SUCCESS, retval = %d", retval); -#endif - return PAM_SUCCESS; - } - else { - const void *service; - const char *user_name; -#ifdef DEBUG - pam_syslog(pamh,LOG_INFO, - "Returning PAM_AUTH_ERR, retval = %d", retval); -#endif - (void) pam_get_item(pamh, PAM_SERVICE, &service); - (void) pam_get_user(pamh, &user_name, NULL); - if (!quiet) - pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", - user_name, (const char *)service); - return PAM_AUTH_ERR; - } -} - -PAM_EXTERN int -pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int -pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_listfile_modstruct = { - "pam_listfile", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif /* PAM_STATIC */ - -/* end of module definition */ diff --git a/modules/pam_listfile/tst-pam_listfile b/modules/pam_listfile/tst-pam_listfile deleted file mode 100755 index f555a9f5..00000000 --- a/modules/pam_listfile/tst-pam_listfile +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_listfile.so |