diff options
Diffstat (limited to 'modules/pam_rhosts')
-rw-r--r-- | modules/pam_rhosts/.cvsignore | 8 | ||||
-rw-r--r-- | modules/pam_rhosts/Makefile.am | 32 | ||||
-rw-r--r-- | modules/pam_rhosts/README.xml | 41 | ||||
-rw-r--r-- | modules/pam_rhosts/pam_rhosts.8.xml | 171 | ||||
-rw-r--r-- | modules/pam_rhosts/pam_rhosts.c | 155 | ||||
-rwxr-xr-x | modules/pam_rhosts/tst-pam_rhosts | 2 |
6 files changed, 0 insertions, 409 deletions
diff --git a/modules/pam_rhosts/.cvsignore b/modules/pam_rhosts/.cvsignore deleted file mode 100644 index 8f807d67..00000000 --- a/modules/pam_rhosts/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -*.la -*.lo -.deps -.libs -Makefile -Makefile.in -README -pam_rhosts.8 diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am deleted file mode 100644 index 547ad621..00000000 --- a/modules/pam_rhosts/Makefile.am +++ /dev/null @@ -1,32 +0,0 @@ -# -# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rhosts - -TESTS = tst-pam_rhosts - -man_MANS = pam_rhosts.8 - -XMLS = README.xml pam_rhosts.8.xml - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -AM_LDFLAGS = -no-undefined -avoid-version -module -if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -securelib_LTLIBRARIES = pam_rhosts.la -pam_rhosts_la_LIBADD = -L$(top_builddir)/libpam -lpam - -if ENABLE_REGENERATE_MAN -noinst_DATA = README -README: pam_rhosts.8.xml --include $(top_srcdir)/Make.xml.rules -endif - diff --git a/modules/pam_rhosts/README.xml b/modules/pam_rhosts/README.xml deleted file mode 100644 index 5d3307e7..00000000 --- a/modules/pam_rhosts/README.xml +++ /dev/null @@ -1,41 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_rhosts.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rhosts-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml deleted file mode 100644 index e559f315..00000000 --- a/modules/pam_rhosts/pam_rhosts.8.xml +++ /dev/null @@ -1,171 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_rhosts"> - - <refmeta> - <refentrytitle>pam_rhosts</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_rhosts-name"> - <refname>pam_rhosts</refname> - <refpurpose>The rhosts PAM module</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_rhosts-cmdsynopsis"> - <command>pam_rhosts.so</command> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_rhosts-description"> - - <title>DESCRIPTION</title> - - <para> - This module performs the standard network authentication for services, - as used by traditional implementations of <command>rlogin</command> - and <command>rsh</command> etc. - </para> - <para> - The authentication mechanism of this module is based on the contents - of two files; <filename>/etc/hosts.equiv</filename> (or - and <filename>~/.rhosts</filename>. Firstly, hosts listed in the - former file are treated as equivalent to the localhost. Secondly, - entries in the user's own copy of the latter file is used to map - "<emphasis>remote-host remote-user</emphasis>" pairs to that user's - account on the current host. Access is granted to the user if their - host is present in <filename>/etc/hosts.equiv</filename> and their - remote account is identical to their local one, or if their remote - account has an entry in their personal configuration file. - </para> - <para> - The module authenticates a remote user (internally specified by the - item <parameter>PAM_RUSER</parameter> connecting from the remote - host (internally specified by the item <command>PAM_RHOST</command>). - Accordingly, for applications to be compatible this authentication - module they must set these items prior to calling - <function>pam_authenticate()</function>. The module is not capable - of independently probing the network connection for such information. - </para> - </refsect1> - - <refsect1 id="pam_rhosts-options"> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Print debug information. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>silent</option> - </term> - <listitem> - <para> - Don't print informative messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>superuser=<replaceable>account</replaceable></option> - </term> - <listitem> - <para> - Handle <replaceable>account</replaceable> as root. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_rhosts-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <option>auth</option> service is supported. - </para> - </refsect1> - - <refsect1 id='pam_rhosts-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - The remote host, remote user name or the local user name - couldn't be determined or access was denied by - <filename>.rhosts</filename> file. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User is not known to system. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_rhosts-examples'> - <title>EXAMPLES</title> - <para> - To grant a remote user access by <filename>/etc/hosts.equiv</filename> - or <filename>.rhosts</filename> for <command>rsh</command> add the - following lines to <filename>/etc/pam.d/rsh</filename>: - <programlisting> -#%PAM-1.0 -# -auth required pam_rhosts.so -auth required pam_nologin.so -auth required pam_env.so -auth required pam_unix.so - </programlisting> - </para> - </refsect1> - - <refsect1 id='pam_rhosts-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_rhosts-author'> - <title>AUTHOR</title> - <para> - pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de> - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c deleted file mode 100644 index 8e120614..00000000 --- a/modules/pam_rhosts/pam_rhosts.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "config.h" - -#include <pwd.h> -#include <netdb.h> -#include <string.h> -#include <syslog.h> - -#define PAM_SM_AUTH /* only defines this management group */ - -#include <security/pam_modules.h> -#include <security/pam_modutil.h> -#include <security/pam_ext.h> - -PAM_EXTERN -int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, - const char **argv) -{ - const char *luser = NULL; - const char *ruser = NULL, *rhost = NULL; - const char *opt_superuser = NULL; - const void *c_void; - int opt_debug = 0; - int opt_silent; - int as_root; - int retval; - - opt_silent = flags & PAM_SILENT; - - while (argc-- > 0) { - if (strcmp(*argv, "debug") == 0) - opt_debug = 1; - else if (strcmp (*argv, "silent") == 0 || strcmp(*argv, "suppress") == 0) - opt_silent = 1; - else if (strncmp(*argv, "superuser=", sizeof("superuser=")-1) == 0) - opt_superuser = *argv+sizeof("superuser=")-1; - else - pam_syslog(pamh, LOG_WARNING, "unrecognized option '%s'", *argv); - - ++argv; - } - - retval = pam_get_item (pamh, PAM_RHOST, &c_void); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "could not get the remote host name"); - return retval; - } - rhost = c_void; - - retval = pam_get_item(pamh, PAM_RUSER, &c_void); - ruser = c_void; - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "could not get the remote username"); - return retval; - } - - retval = pam_get_user(pamh, &luser, NULL); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "could not determine name of local user"); - return retval; - } - - if (rhost == NULL || ruser == NULL || luser == NULL) - return PAM_AUTH_ERR; - - if (opt_superuser && strcmp(opt_superuser, luser) == 0) - as_root = 1; - else { - struct passwd *lpwd; - - lpwd = pam_modutil_getpwnam(pamh, luser); - if (lpwd == NULL) { - if (opt_debug) - /* don't print by default, could be the users password */ - pam_syslog(pamh, LOG_DEBUG, - "user '%s' unknown to this system", luser); - return PAM_USER_UNKNOWN; - - } - as_root = (lpwd->pw_uid == 0); - } - -#ifdef HAVE_RUSEROK_AF - retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC); -#else - retval = ruserok (rhost, as_root, ruser, luser); -#endif - if (retval != 0) { - if (!opt_silent || opt_debug) - pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s", - ruser, rhost, luser); - return PAM_AUTH_ERR; - } else { - if (!opt_silent || opt_debug) - pam_syslog(pamh, LOG_NOTICE, "allowed access to %s@%s as %s", - ruser, rhost, luser); - return PAM_SUCCESS; - } -} - - -PAM_EXTERN int -pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - return PAM_SUCCESS; -} - - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_rhosts_modstruct = { - "pam_rhosts", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif diff --git a/modules/pam_rhosts/tst-pam_rhosts b/modules/pam_rhosts/tst-pam_rhosts deleted file mode 100755 index 65e85a98..00000000 --- a/modules/pam_rhosts/tst-pam_rhosts +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_rhosts.so |