From efd31890b5ed496a5a00c08a262da240e66a4ddc Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Thu, 3 Jan 2019 12:44:11 -0800 Subject: New upstream version 0.76 --- modules/pam_securetty/.cvsignore | 1 - modules/pam_securetty/Makefile | 15 --- modules/pam_securetty/README | 9 -- modules/pam_securetty/pam_securetty.c | 191 ---------------------------------- 4 files changed, 216 deletions(-) delete mode 100644 modules/pam_securetty/.cvsignore delete mode 100644 modules/pam_securetty/Makefile delete mode 100644 modules/pam_securetty/README delete mode 100644 modules/pam_securetty/pam_securetty.c (limited to 'modules/pam_securetty') diff --git a/modules/pam_securetty/.cvsignore b/modules/pam_securetty/.cvsignore deleted file mode 100644 index 380a834a..00000000 --- a/modules/pam_securetty/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -dynamic diff --git a/modules/pam_securetty/Makefile b/modules/pam_securetty/Makefile deleted file mode 100644 index 9b80d2e9..00000000 --- a/modules/pam_securetty/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_securetty - -include ../Simple.Rules diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README deleted file mode 100644 index 1df095c9..00000000 --- a/modules/pam_securetty/README +++ /dev/null @@ -1,9 +0,0 @@ -pam_securetty: - Allows root logins only if the user is logging in on a - "secure" tty, as defined by the listing in /etc/securetty - - Also checks to make sure that /etc/securetty is a plain - file and not world writable. - - - Elliot Lee , Red Hat Software. - July 25, 1996. diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c deleted file mode 100644 index 9e6121e8..00000000 --- a/modules/pam_securetty/pam_securetty.c +++ /dev/null @@ -1,191 +0,0 @@ -/* pam_securetty module */ - -#define SECURETTY_FILE "/etc/securetty" -#define TTY_PREFIX "/dev/" - -/* - * by Elliot Lee , Red Hat Software. - * July 25, 1996. - * This code shamelessly ripped from the pam_rootok module. - * Slight modifications AGM. 1996/12/3 - */ - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PAM_SM_AUTH - -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - -#include - -/* some syslogging */ - -static void _pam_log(int err, const char *format, ...) -{ - va_list args; - - va_start(args, format); - openlog("PAM-securetty", LOG_CONS|LOG_PID, LOG_AUTH); - vsyslog(err, format, args); - va_end(args); - closelog(); -} - -/* argument parsing */ - -#define PAM_DEBUG_ARG 0x0001 - -static int _pam_parse(int argc, const char **argv) -{ - int ctrl=0; - - /* step through arguments */ - for (ctrl=0; argc-- > 0; ++argv) { - - /* generic options */ - - if (!strcmp(*argv,"debug")) - ctrl |= PAM_DEBUG_ARG; - else { - _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv); - } - } - - return ctrl; -} - -/* --- authentication management functions (only) --- */ - -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc - ,const char **argv) -{ - int retval = PAM_AUTH_ERR; - const char *username; - char *uttyname; - char ttyfileline[256]; - struct stat ttyfileinfo; - struct passwd *user_pwd; - FILE *ttyfile; - int ctrl; - - /* parse the arguments */ - ctrl = _pam_parse(argc, argv); - - retval = pam_get_user(pamh, &username, NULL); - if (retval != PAM_SUCCESS || username == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine username"); - } - return (retval == PAM_CONV_AGAIN - ? PAM_INCOMPLETE:PAM_SERVICE_ERR); - } - - retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname); - if (retval != PAM_SUCCESS || uttyname == NULL) { - if (ctrl & PAM_DEBUG_ARG) { - _pam_log(LOG_WARNING, "cannot determine user's tty"); - } - return PAM_SERVICE_ERR; - } - - /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ - if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) - uttyname += sizeof(TTY_PREFIX)-1; - - user_pwd = getpwnam(username); - if (user_pwd == NULL) { - return PAM_IGNORE; - } else if (user_pwd->pw_uid != 0) { /* If the user is not root, - securetty's does not apply - to them */ - return PAM_SUCCESS; - } - - if (stat(SECURETTY_FILE, &ttyfileinfo)) { - _pam_log(LOG_NOTICE, "Couldn't open " SECURETTY_FILE); - return PAM_SUCCESS; /* for compatibility with old securetty handling, - this needs to succeed. But we still log the - error. */ - } - - if ((ttyfileinfo.st_mode & S_IWOTH) - || !S_ISREG(ttyfileinfo.st_mode)) { - /* If the file is world writable or is not a - normal file, return error */ - _pam_log(LOG_ERR, SECURETTY_FILE - " is either world writable or not a normal file"); - return PAM_AUTH_ERR; - } - - ttyfile = fopen(SECURETTY_FILE,"r"); - if(ttyfile == NULL) { /* Check that we opened it successfully */ - _pam_log(LOG_ERR, - "Error opening " SECURETTY_FILE); - return PAM_SERVICE_ERR; - } - /* There should be no more errors from here on */ - retval=PAM_AUTH_ERR; - /* This loop assumes that PAM_SUCCESS == 0 - and PAM_AUTH_ERR != 0 */ - while((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) - && retval) { - if(ttyfileline[strlen(ttyfileline) - 1] == '\n') - ttyfileline[strlen(ttyfileline) - 1] = '\0'; - retval = strcmp(ttyfileline,uttyname); - } - fclose(ttyfile); - if(retval) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_WARNING, "access denied: tty '%s' is not secure !", - uttyname); - retval = PAM_AUTH_ERR; - } - if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) - _pam_log(LOG_DEBUG, "access allowed for '%s' on '%s'", - username, uttyname); - return retval; -} - -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc - ,const char **argv) -{ - return PAM_SUCCESS; -} - - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_securetty_modstruct = { - "pam_securetty", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif - -/* end of module definition */ -- cgit v1.2.3