summaryrefslogtreecommitdiffstats
path: root/modules/pam_issue/pam_issue.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/pam_issue/pam_issue.c294
1 files changed, 294 insertions, 0 deletions
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
new file mode 100644
index 0000000..5fa21c3
--- /dev/null
+++ b/modules/pam_issue/pam_issue.c
@@ -0,0 +1,294 @@
+/* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT
+ *
+ * Copyright 1999 by Ben Collins <bcollins@debian.org>
+ *
+ * Needs to be called before any other auth modules so we can setup the
+ * user prompt before it's first used. Allows one argument option, which
+ * is the full path to a file to be used for issue (uses /etc/issue as a
+ * default) such as "issue=/etc/issue.telnet".
+ *
+ * We can also parse escapes within the the issue file (enabled by
+ * default, but can be disabled with the "noesc" option). It's the exact
+ * same parsing as util-linux's agetty program performs.
+ *
+ * Released under the GNU LGPL version 2 or later
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/utsname.h>
+#include <utmp.h>
+#include <time.h>
+#include <syslog.h>
+
+#define PAM_SM_AUTH
+
+#include <security/_pam_macros.h>
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+
+static int _user_prompt_set = 0;
+
+static int read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt);
+static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt);
+
+/* --- authentication management functions (only) --- */
+
+int
+pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int retval = PAM_SERVICE_ERR;
+ FILE *fp;
+ const char *issue_file = NULL;
+ int parse_esc = 1;
+ const void *item = NULL;
+ const char *cur_prompt;
+ char *issue_prompt = NULL;
+
+ /* If we've already set the prompt, don't set it again */
+ if(_user_prompt_set)
+ return PAM_IGNORE;
+
+ /* We set this here so if we fail below, we wont get further
+ than this next time around (only one real failure) */
+ _user_prompt_set = 1;
+
+ for ( ; argc-- > 0 ; ++argv ) {
+ if (!strncmp(*argv,"issue=",6)) {
+ issue_file = 6 + *argv;
+ D(("set issue_file to: %s", issue_file));
+ } else if (!strcmp(*argv,"noesc")) {
+ parse_esc = 0;
+ D(("turning off escape parsing by request"));
+ } else
+ D(("unknown option passed: %s", *argv));
+ }
+
+ if (issue_file == NULL)
+ issue_file = "/etc/issue";
+
+ if ((fp = fopen(issue_file, "r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file);
+ return PAM_SERVICE_ERR;
+ }
+
+ if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) {
+ fclose(fp);
+ return retval;
+ }
+
+ cur_prompt = item;
+ if (cur_prompt == NULL)
+ cur_prompt = "";
+
+ if (parse_esc)
+ retval = read_issue_quoted(pamh, fp, &issue_prompt);
+ else
+ retval = read_issue_raw(pamh, fp, &issue_prompt);
+
+ fclose(fp);
+
+ if (retval != PAM_SUCCESS)
+ goto out;
+
+ {
+ size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1;
+ char *new_prompt = realloc(issue_prompt, size);
+
+ if (new_prompt == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ retval = PAM_BUF_ERR;
+ goto out;
+ }
+ issue_prompt = new_prompt;
+ }
+
+ strcat(issue_prompt, cur_prompt);
+ retval = pam_set_item(pamh, PAM_USER_PROMPT,
+ (const void *) issue_prompt);
+ out:
+ _pam_drop(issue_prompt);
+ return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval;
+}
+
+int
+pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+static int
+read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt)
+{
+ char *issue;
+ struct stat st;
+
+ *prompt = NULL;
+
+ if (fstat(fileno(fp), &st) < 0) {
+ pam_syslog(pamh, LOG_ERR, "stat error: %m");
+ return PAM_SERVICE_ERR;
+ }
+
+ if ((issue = malloc(st.st_size + 1)) == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ return PAM_BUF_ERR;
+ }
+
+ if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) {
+ pam_syslog(pamh, LOG_ERR, "read error: %m");
+ _pam_drop(issue);
+ return PAM_SERVICE_ERR;
+ }
+
+ issue[st.st_size] = '\0';
+ *prompt = issue;
+ return PAM_SUCCESS;
+}
+
+static int
+read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
+{
+ int c;
+ size_t size = 1024;
+ char *issue;
+ struct utsname uts;
+
+ *prompt = NULL;
+
+ if ((issue = malloc(size)) == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ return PAM_BUF_ERR;
+ }
+
+ issue[0] = '\0';
+ (void) uname(&uts);
+
+ while ((c = getc(fp)) != EOF) {
+ char buf[1024];
+
+ buf[0] = '\0';
+ if (c == '\\') {
+ if ((c = getc(fp)) == EOF)
+ break;
+ switch (c) {
+ case 's':
+ strncat(buf, uts.sysname, sizeof(buf) - 1);
+ break;
+ case 'n':
+ strncat(buf, uts.nodename, sizeof(buf) - 1);
+ break;
+ case 'r':
+ strncat(buf, uts.release, sizeof(buf) - 1);
+ break;
+ case 'v':
+ strncat(buf, uts.version, sizeof(buf) - 1);
+ break;
+ case 'm':
+ strncat(buf, uts.machine, sizeof(buf) - 1);
+ break;
+ case 'o':
+ {
+ char domainname[256];
+
+ if (getdomainname(domainname, sizeof(domainname)) >= 0) {
+ domainname[sizeof(domainname)-1] = '\0';
+ strncat(buf, domainname, sizeof(buf) - 1);
+ }
+ }
+ break;
+ case 'd':
+ case 't':
+ {
+ const char *weekday[] = {
+ "Sun", "Mon", "Tue", "Wed", "Thu",
+ "Fri", "Sat" };
+ const char *month[] = {
+ "Jan", "Feb", "Mar", "Apr", "May",
+ "Jun", "Jul", "Aug", "Sep", "Oct",
+ "Nov", "Dec" };
+ time_t now;
+ struct tm *tm;
+
+ (void) time (&now);
+ tm = localtime(&now);
+
+ if (c == 'd')
+ snprintf (buf, sizeof buf, "%s %s %d %d",
+ weekday[tm->tm_wday], month[tm->tm_mon],
+ tm->tm_mday, tm->tm_year + 1900);
+ else
+ snprintf (buf, sizeof buf, "%02d:%02d:%02d",
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+ }
+ break;
+ case 'l':
+ {
+ char *ttyn = ttyname(1);
+ if (ttyn) {
+ if (!strncmp(ttyn, "/dev/", 5))
+ ttyn += 5;
+ strncat(buf, ttyn, sizeof(buf) - 1);
+ }
+ }
+ break;
+ case 'u':
+ case 'U':
+ {
+ unsigned int users = 0;
+ struct utmp *ut;
+ setutent();
+ while ((ut = getutent())) {
+ if (ut->ut_type == USER_PROCESS)
+ ++users;
+ }
+ endutent();
+ if (c == 'U')
+ snprintf (buf, sizeof buf, "%u %s", users,
+ (users == 1) ? "user" : "users");
+ else
+ snprintf (buf, sizeof buf, "%u", users);
+ break;
+ }
+ default:
+ buf[0] = c; buf[1] = '\0';
+ }
+ } else {
+ buf[0] = c; buf[1] = '\0';
+ }
+
+ if ((strlen(issue) + strlen(buf)) + 1 > size) {
+ char *new_issue;
+
+ size += strlen(buf) + 1;
+ new_issue = (char *) realloc (issue, size);
+ if (new_issue == NULL) {
+ _pam_drop(issue);
+ return PAM_BUF_ERR;
+ }
+ issue = new_issue;
+ }
+ strcat(issue, buf);
+ }
+
+ if (ferror(fp)) {
+ pam_syslog(pamh, LOG_ERR, "read error: %m");
+ _pam_drop(issue);
+ return PAM_SERVICE_ERR;
+ }
+
+ *prompt = issue;
+ return PAM_SUCCESS;
+}
+
+/* end of module definition */