From 62101bd49ce2f8b797d361c87762853c56d2481a Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 28 Jun 2006 07:22:40 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature/big release cleanup Commit summary: --------------- Big cleanup to get 0.99.5.0 release done: 2006-06-28 Thorsten Kukuk * bump version number to 0.99.5.0 * modules/pam_rhosts/pam_rhosts.c: New module, replaces pam_rhosts_auth.so. * modules/pam_rhosts/pam_rhosts.8.xml: New. * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source. * modules/pam_rhosts/tst-pam_rhosts: New. * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate manual page and README. * modules/pam_rhosts/README.xml: New. * modules/pam_rhosts/reADME: Regenerated from XML source. * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module writers guide. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * po/POTFILES.in: Add new source files. * libpam/pam_static_modules.h: Add new modules. * modules/pam_keyinit.c: Add _pam_keyinit_modstruct. --- modules/pam_rhosts/pam_rhosts.c | 155 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 modules/pam_rhosts/pam_rhosts.c (limited to 'modules/pam_rhosts/pam_rhosts.c') diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c new file mode 100644 index 00000000..8e120614 --- /dev/null +++ b/modules/pam_rhosts/pam_rhosts.c @@ -0,0 +1,155 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "config.h" + +#include +#include +#include +#include + +#define PAM_SM_AUTH /* only defines this management group */ + +#include +#include +#include + +PAM_EXTERN +int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + const char *luser = NULL; + const char *ruser = NULL, *rhost = NULL; + const char *opt_superuser = NULL; + const void *c_void; + int opt_debug = 0; + int opt_silent; + int as_root; + int retval; + + opt_silent = flags & PAM_SILENT; + + while (argc-- > 0) { + if (strcmp(*argv, "debug") == 0) + opt_debug = 1; + else if (strcmp (*argv, "silent") == 0 || strcmp(*argv, "suppress") == 0) + opt_silent = 1; + else if (strncmp(*argv, "superuser=", sizeof("superuser=")-1) == 0) + opt_superuser = *argv+sizeof("superuser=")-1; + else + pam_syslog(pamh, LOG_WARNING, "unrecognized option '%s'", *argv); + + ++argv; + } + + retval = pam_get_item (pamh, PAM_RHOST, &c_void); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "could not get the remote host name"); + return retval; + } + rhost = c_void; + + retval = pam_get_item(pamh, PAM_RUSER, &c_void); + ruser = c_void; + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "could not get the remote username"); + return retval; + } + + retval = pam_get_user(pamh, &luser, NULL); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "could not determine name of local user"); + return retval; + } + + if (rhost == NULL || ruser == NULL || luser == NULL) + return PAM_AUTH_ERR; + + if (opt_superuser && strcmp(opt_superuser, luser) == 0) + as_root = 1; + else { + struct passwd *lpwd; + + lpwd = pam_modutil_getpwnam(pamh, luser); + if (lpwd == NULL) { + if (opt_debug) + /* don't print by default, could be the users password */ + pam_syslog(pamh, LOG_DEBUG, + "user '%s' unknown to this system", luser); + return PAM_USER_UNKNOWN; + + } + as_root = (lpwd->pw_uid == 0); + } + +#ifdef HAVE_RUSEROK_AF + retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC); +#else + retval = ruserok (rhost, as_root, ruser, luser); +#endif + if (retval != 0) { + if (!opt_silent || opt_debug) + pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s", + ruser, rhost, luser); + return PAM_AUTH_ERR; + } else { + if (!opt_silent || opt_debug) + pam_syslog(pamh, LOG_NOTICE, "allowed access to %s@%s as %s", + ruser, rhost, luser); + return PAM_SUCCESS; + } +} + + +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) +{ + return PAM_SUCCESS; +} + + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_rhosts_modstruct = { + "pam_rhosts", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + NULL, + NULL, + NULL, +}; + +#endif -- cgit v1.2.3