From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:51 +0200 Subject: Adding upstream version 1.5.2. Signed-off-by: Daniel Baumann --- modules/pam_nologin/pam_nologin.c | 163 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 modules/pam_nologin/pam_nologin.c (limited to 'modules/pam_nologin/pam_nologin.c') diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c new file mode 100644 index 0000000..b7f9bab --- /dev/null +++ b/modules/pam_nologin/pam_nologin.c @@ -0,0 +1,163 @@ +/* + * pam_nologin module + * + * Written by Michael K. Johnson 1996/10/24 + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include "pam_inline.h" + +#define DEFAULT_NOLOGIN_PATH "/var/run/nologin" +#define COMPAT_NOLOGIN_PATH "/etc/nologin" + +/* + * parse some command line options + */ +struct opt_s { + int retval_when_nofile; + const char *nologin_file; +}; + +static void +parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts) +{ + int i; + + memset(opts, 0, sizeof(*opts)); + + opts->retval_when_nofile = PAM_IGNORE; + + for (i=0; iretval_when_nofile = PAM_SUCCESS; + } else if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) { + opts->nologin_file = str; + } else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); + } + } +} + +/* + * do the meat of the work for this module + */ + +static int perform_check(pam_handle_t *pamh, struct opt_s *opts) +{ + const char *username; + int retval = opts->retval_when_nofile; + int fd = -1; + + if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)) { + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); + return PAM_USER_UNKNOWN; + } + + if (opts->nologin_file == NULL) { + if ((fd = open(DEFAULT_NOLOGIN_PATH, O_RDONLY, 0)) < 0) { + fd = open(COMPAT_NOLOGIN_PATH, O_RDONLY, 0); + } + } else { + fd = open(opts->nologin_file, O_RDONLY, 0); + } + + if (fd >= 0) { + + char *mtmp=NULL; + int msg_style = PAM_TEXT_INFO; + struct passwd *user_pwd; + struct stat st; + + user_pwd = pam_modutil_getpwnam(pamh, username); + if (user_pwd == NULL) { + retval = PAM_USER_UNKNOWN; + msg_style = PAM_ERROR_MSG; + } else if (user_pwd->pw_uid) { + retval = PAM_AUTH_ERR; + msg_style = PAM_ERROR_MSG; + } + + /* fill in message buffer with contents of /etc/nologin */ + if (fstat(fd, &st) < 0) { + /* give up trying to display message */ + goto clean_up_fd; + } + + mtmp = malloc(st.st_size+1); + if (!mtmp) { + pam_syslog(pamh, LOG_CRIT, "out of memory"); + retval = PAM_BUF_ERR; + goto clean_up_fd; + } + + if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { + mtmp[st.st_size] = '\0'; + (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); + } + else + retval = PAM_SYSTEM_ERR; + + free(mtmp); + + clean_up_fd: + + close(fd); + } + + return retval; +} + +/* --- authentication management functions --- */ + +int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + struct opt_s opts; + + parse_args(pamh, argc, argv, &opts); + + return perform_check(pamh, &opts); +} + +int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc, const char **argv) +{ + struct opt_s opts; + + parse_args(pamh, argc, argv, &opts); + + return opts.retval_when_nofile; +} + +/* --- account management function --- */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + struct opt_s opts; + + parse_args(pamh, argc, argv, &opts); + + return perform_check(pamh, &opts); +} + +/* end of module definition */ -- cgit v1.2.3