summaryrefslogtreecommitdiffstats
path: root/modules/pam_mail/pam_mail.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_mail/pam_mail.c')
-rw-r--r--modules/pam_mail/pam_mail.c475
1 files changed, 475 insertions, 0 deletions
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
new file mode 100644
index 0000000..0022f6d
--- /dev/null
+++ b/modules/pam_mail/pam_mail.c
@@ -0,0 +1,475 @@
+/* pam_mail module */
+
+/*
+ * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
+ * $HOME additions by David Kinchlea <kinch@kinch.ark.com> 1997/1/7
+ * mailhash additions by Chris Adams <cadams@ro.com> 1998/7/11
+ */
+
+#include "config.h"
+
+#include <ctype.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <errno.h>
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#define DEFAULT_MAIL_DIRECTORY PAM_PATH_MAILDIR
+#define MAIL_FILE_FORMAT "%s%s/%s"
+#define MAIL_ENV_NAME "MAIL"
+#define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s"
+
+/*
+ * here, we make a definition for the externally accessible function
+ * in this file (this definition is required for static a module
+ * but strongly encouraged generally) it is used to instruct the
+ * modules include file to define the function prototypes.
+ */
+
+#define PAM_SM_SESSION
+#define PAM_SM_AUTH
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+/* argument parsing */
+
+#define PAM_DEBUG_ARG 0x0001
+#define PAM_NO_LOGIN 0x0002
+#define PAM_LOGOUT_TOO 0x0004
+#define PAM_NEW_MAIL_DIR 0x0010
+#define PAM_MAIL_SILENT 0x0020
+#define PAM_NO_ENV 0x0040
+#define PAM_HOME_MAIL 0x0100
+#define PAM_EMPTY_TOO 0x0200
+#define PAM_STANDARD_MAIL 0x0400
+#define PAM_QUIET_MAIL 0x1000
+
+#define HAVE_NEW_MAIL 0x1
+#define HAVE_OLD_MAIL 0x2
+#define HAVE_NO_MAIL 0x3
+#define HAVE_MAIL 0x4
+
+static int
+_pam_parse (const pam_handle_t *pamh, int flags, int argc,
+ const char **argv, const char **maildir, size_t *hashcount)
+{
+ int ctrl=0;
+
+ if (flags & PAM_SILENT) {
+ ctrl |= PAM_MAIL_SILENT;
+ }
+
+ *hashcount = 0;
+
+ /* step through arguments */
+ for (; argc-- > 0; ++argv) {
+
+ /* generic options */
+
+ if (!strcmp(*argv,"debug"))
+ ctrl |= PAM_DEBUG_ARG;
+ else if (!strcmp(*argv,"quiet"))
+ ctrl |= PAM_QUIET_MAIL;
+ else if (!strcmp(*argv,"standard"))
+ ctrl |= PAM_STANDARD_MAIL | PAM_EMPTY_TOO;
+ else if (!strncmp(*argv,"dir=",4)) {
+ *maildir = 4 + *argv;
+ if (**maildir != '\0') {
+ D(("new mail directory: %s", *maildir));
+ ctrl |= PAM_NEW_MAIL_DIR;
+ } else {
+ pam_syslog(pamh, LOG_ERR,
+ "dir= specification missing argument - ignored");
+ }
+ } else if (!strncmp(*argv,"hash=",5)) {
+ char *ep = NULL;
+ *hashcount = strtoul(*argv+5,&ep,10);
+ if (!ep) {
+ *hashcount = 0;
+ }
+ } else if (!strcmp(*argv,"close")) {
+ ctrl |= PAM_LOGOUT_TOO;
+ } else if (!strcmp(*argv,"nopen")) {
+ ctrl |= PAM_NO_LOGIN;
+ } else if (!strcmp(*argv,"noenv")) {
+ ctrl |= PAM_NO_ENV;
+ } else if (!strcmp(*argv,"empty")) {
+ ctrl |= PAM_EMPTY_TOO;
+ } else {
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
+ }
+ }
+
+ if ((*hashcount != 0) && !(ctrl & PAM_NEW_MAIL_DIR)) {
+ *maildir = DEFAULT_MAIL_DIRECTORY;
+ ctrl |= PAM_NEW_MAIL_DIR;
+ }
+
+ return ctrl;
+}
+
+static int
+get_folder(pam_handle_t *pamh, int ctrl,
+ const char *path_mail, char **folder_p, size_t hashcount,
+ const struct passwd *pwd)
+{
+ int retval;
+ const char *path;
+ char *folder = NULL;
+
+ if (ctrl & PAM_NEW_MAIL_DIR) {
+ path = path_mail;
+ if (*path == '~') { /* support for $HOME delivery */
+ /*
+ * "~/xxx" and "~xxx" are treated as same
+ */
+ if (!*++path || (*path == '/' && !*++path)) {
+ pam_syslog(pamh, LOG_ERR,
+ "badly formed mail path [%s]", path_mail);
+ retval = PAM_SERVICE_ERR;
+ goto get_folder_cleanup;
+ }
+ ctrl |= PAM_HOME_MAIL;
+ if (hashcount != 0) {
+ pam_syslog(pamh, LOG_ERR,
+ "cannot do hash= and home directory mail");
+ }
+ }
+ } else {
+ path = DEFAULT_MAIL_DIRECTORY;
+ }
+
+ /* put folder together */
+
+ hashcount = hashcount < strlen(pwd->pw_name) ?
+ hashcount : strlen(pwd->pw_name);
+
+ retval = PAM_BUF_ERR;
+ if (ctrl & PAM_HOME_MAIL) {
+ if (asprintf(&folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path) < 0)
+ goto get_folder_cleanup;
+ } else {
+ int rc;
+ size_t i;
+ char *hash;
+
+ if ((hash = malloc(2 * hashcount + 1)) == NULL)
+ goto get_folder_cleanup;
+
+ for (i = 0; i < hashcount; i++) {
+ hash[2 * i] = '/';
+ hash[2 * i + 1] = pwd->pw_name[i];
+ }
+ hash[2 * i] = '\0';
+
+ rc = asprintf(&folder, MAIL_FILE_FORMAT, path, hash, pwd->pw_name);
+ _pam_overwrite(hash);
+ _pam_drop(hash);
+ if (rc < 0)
+ goto get_folder_cleanup;
+ }
+ D(("folder=[%s]", folder));
+ retval = PAM_SUCCESS;
+
+ /* tidy up */
+
+ get_folder_cleanup:
+ path = NULL;
+
+ *folder_p = folder;
+ folder = NULL;
+
+ if (retval == PAM_BUF_ERR)
+ pam_syslog(pamh, LOG_CRIT, "out of memory for mail folder");
+
+ return retval;
+}
+
+static int
+get_mail_status(pam_handle_t *pamh, int ctrl, const char *folder)
+{
+ int type = 0;
+ struct stat mail_st;
+
+ if (stat(folder, &mail_st) < 0)
+ return 0;
+
+ if (S_ISDIR(mail_st.st_mode)) { /* Assume Maildir format */
+ int i, save_errno;
+ char *dir;
+ struct dirent **namelist;
+
+ if (asprintf(&dir, "%s/new", folder) < 0) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ goto get_mail_status_cleanup;
+ }
+ i = scandir(dir, &namelist, 0, alphasort);
+ save_errno = errno;
+ _pam_overwrite(dir);
+ _pam_drop(dir);
+ if (i < 0) {
+ type = 0;
+ namelist = NULL;
+ if (save_errno == ENOMEM) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ goto get_mail_status_cleanup;
+ }
+ }
+ type = (i > 2) ? HAVE_NEW_MAIL : 0;
+ while (--i >= 0)
+ _pam_drop(namelist[i]);
+ _pam_drop(namelist);
+ if (type == 0) {
+ if (asprintf(&dir, "%s/cur", folder) < 0) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ goto get_mail_status_cleanup;
+ }
+ i = scandir(dir, &namelist, 0, alphasort);
+ save_errno = errno;
+ _pam_overwrite(dir);
+ _pam_drop(dir);
+ if (i < 0) {
+ type = 0;
+ namelist = NULL;
+ if (save_errno == ENOMEM) {
+ pam_syslog(pamh, LOG_CRIT, "out of memory");
+ goto get_mail_status_cleanup;
+ }
+ }
+ if (i > 2)
+ type = HAVE_OLD_MAIL;
+ else
+ type = (ctrl & PAM_EMPTY_TOO) ? HAVE_NO_MAIL : 0;
+ while (--i >= 0)
+ _pam_drop(namelist[i]);
+ _pam_drop(namelist);
+ }
+ } else {
+ if (mail_st.st_size > 0) {
+ if (mail_st.st_atime < mail_st.st_mtime) /* new */
+ type = HAVE_NEW_MAIL;
+ else /* old */
+ type = (ctrl & PAM_STANDARD_MAIL) ? HAVE_MAIL : HAVE_OLD_MAIL;
+ } else if (ctrl & PAM_EMPTY_TOO) {
+ type = HAVE_NO_MAIL;
+ } else {
+ type = 0;
+ }
+ }
+
+ get_mail_status_cleanup:
+ memset(&mail_st, 0, sizeof(mail_st));
+ D(("user has %d mail in %s folder", type, folder));
+ return type;
+}
+
+static int
+report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder)
+{
+ int retval;
+
+ if ((ctrl & PAM_MAIL_SILENT) ||
+ ((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL))
+ {
+ D(("keeping quiet"));
+ retval = PAM_SUCCESS;
+ }
+ else
+ {
+ if (ctrl & PAM_STANDARD_MAIL)
+ switch (type)
+ {
+ case HAVE_NO_MAIL:
+ retval = pam_info (pamh, "%s", _("No mail."));
+ break;
+ case HAVE_NEW_MAIL:
+ retval = pam_info (pamh, "%s", _("You have new mail."));
+ break;
+ case HAVE_OLD_MAIL:
+ retval = pam_info (pamh, "%s", _("You have old mail."));
+ break;
+ case HAVE_MAIL:
+ default:
+ retval = pam_info (pamh, "%s", _("You have mail."));
+ break;
+ }
+ else
+ switch (type)
+ {
+ case HAVE_NO_MAIL:
+ retval = pam_info (pamh, _("You have no mail in folder %s."),
+ folder);
+ break;
+ case HAVE_NEW_MAIL:
+ retval = pam_info (pamh, _("You have new mail in folder %s."),
+ folder);
+ break;
+ case HAVE_OLD_MAIL:
+ retval = pam_info (pamh, _("You have old mail in folder %s."),
+ folder);
+ break;
+ case HAVE_MAIL:
+ default:
+ retval = pam_info (pamh, _("You have mail in folder %s."),
+ folder);
+ break;
+ }
+ }
+
+ D(("returning %s", pam_strerror(pamh, retval)));
+ return retval;
+}
+
+static int _do_mail(pam_handle_t *, int, int, const char **, int);
+
+/* --- authentication functions --- */
+
+int
+pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+/* Checking mail as part of authentication */
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ if (!(flags & (PAM_ESTABLISH_CRED|PAM_DELETE_CRED)))
+ return PAM_IGNORE;
+ return _do_mail(pamh,flags,argc,argv,(flags & PAM_ESTABLISH_CRED));
+}
+
+/* --- session management functions --- */
+
+int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
+ ,const char **argv)
+{
+ return _do_mail(pamh,flags,argc,argv,0);
+}
+
+/* Checking mail as part of the session management */
+int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
+ const char **argv)
+{
+ return _do_mail(pamh,flags,argc,argv,1);
+}
+
+
+/* --- The Beaf (Tm) --- */
+
+static int _do_mail(pam_handle_t *pamh, int flags, int argc,
+ const char **argv, int est)
+{
+ int retval, ctrl, type;
+ size_t hashcount;
+ char *folder = NULL;
+ const char *user;
+ const char *path_mail = NULL;
+ const struct passwd *pwd = NULL;
+
+ /*
+ * this module (un)sets the MAIL environment variable, and checks if
+ * the user has any new mail.
+ */
+
+ ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount);
+
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval != PAM_SUCCESS || user == NULL) {
+ pam_syslog(pamh, LOG_ERR, "cannot determine username");
+ return PAM_USER_UNKNOWN;
+ }
+
+ pwd = pam_modutil_getpwnam (pamh, user);
+ if (pwd == NULL) {
+ pam_syslog(pamh, LOG_ERR, "user unknown");
+ return PAM_USER_UNKNOWN;
+ }
+
+ /* which folder? */
+
+ retval = get_folder(pamh, ctrl, path_mail, &folder, hashcount, pwd);
+ if (retval != PAM_SUCCESS) {
+ D(("failed to find folder"));
+ return retval;
+ }
+
+ /* set the MAIL variable? */
+
+ if (!(ctrl & PAM_NO_ENV) && est) {
+ char *tmp;
+
+ if (asprintf(&tmp, MAIL_ENV_FORMAT, folder) < 0) {
+ pam_syslog(pamh, LOG_CRIT,
+ "no memory for " MAIL_ENV_NAME " variable");
+ retval = PAM_BUF_ERR;
+ goto do_mail_cleanup;
+ }
+ D(("setting env: %s", tmp));
+ retval = pam_putenv(pamh, tmp);
+ _pam_overwrite(tmp);
+ _pam_drop(tmp);
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_CRIT,
+ "unable to set " MAIL_ENV_NAME " variable");
+ retval = PAM_BUF_ERR;
+ goto do_mail_cleanup;
+ }
+ } else {
+ D(("not setting " MAIL_ENV_NAME " variable"));
+ }
+
+ /*
+ * OK. we've got the mail folder... what about its status?
+ */
+
+ if ((est && !(ctrl & PAM_NO_LOGIN))
+ || (!est && (ctrl & PAM_LOGOUT_TOO))) {
+ PAM_MODUTIL_DEF_PRIVS(privs);
+
+ if (pam_modutil_drop_priv(pamh, &privs, pwd)) {
+ retval = PAM_SESSION_ERR;
+ goto do_mail_cleanup;
+ } else {
+ type = get_mail_status(pamh, ctrl, folder);
+ if (pam_modutil_regain_priv(pamh, &privs)) {
+ retval = PAM_SESSION_ERR;
+ goto do_mail_cleanup;
+ }
+ }
+
+ if (type != 0) {
+ retval = report_mail(pamh, ctrl, type, folder);
+ type = 0;
+ }
+ }
+
+ /* Delete environment variable? */
+ if ( ! est && ! (ctrl & PAM_NO_ENV) )
+ (void) pam_putenv(pamh, MAIL_ENV_NAME);
+
+ do_mail_cleanup:
+ _pam_overwrite(folder);
+ _pam_drop(folder);
+
+ /* indicate success or failure */
+
+ return retval;
+}
+
+/* end of module definition */