diff options
| author |   Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-06-10 12:48:54 +0300 |
|---|---|---|
| committer | Seraphim Mellos <mellos@ceid.upatras.gr> | 2008-06-10 12:48:54 +0300 |
| commit | 81557dcc85a155cdfff1d595179dfc390e75da4f (patch) | |
| tree | 7ee7a5c97a448e55b7d40bd992d340fee6d435ab | |
| parent | Completed authentication method for pam_unix.c (diff) | |
| download | openpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.tar.gz openpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.tar.bz2 openpam-modules-81557dcc85a155cdfff1d595179dfc390e75da4f.zip | |
Started work on pam_sm_acct_mgmt
| -rw-r--r-- | src/pam_unix/pam_unix.c | 83 | ||||
| -rw-r--r-- | src/pam_unix/pam_unix.c~ | 85 |
2 files changed, 161 insertions, 7 deletions
diff --git a/src/pam_unix/pam_unix.c b/src/pam_unix/pam_unix.c index 9aa7eec..e3486dd 100644 --- a/src/pam_unix/pam_unix.c +++ b/src/pam_unix/pam_unix.c @@ -1,4 +1,9 @@ +#include <pwd.h> +/* #include <shadow.h> May not be necessary */ +#include <sys/types.h> +#include <unistd.h> + #ifndef (__LINUX__) #include <login_cap.h> #endif @@ -10,7 +15,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) { + int argc __unused, const char **argv __unused) { #ifndef (__LINUX__) login_cap_t *lc; @@ -63,14 +68,86 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); - + + /* check shadow */ crypt_pass = crypt(pass, pwd->pw_passwd); if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; - + return (pam_err); } +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) { + + /* + * This functions takes care of renewing/initializing + * user credentials as well as gid/uids. Someday, it + * will be completed. For now, it's not very urgent. + */ + + return (PAM_SUCCESS); +} + + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) { + + + +#ifndef (__LINUX__) + login_cap_t *lc; +#endif + + struct passwd *pwd; + int pam_err; + const char *user; + const void *rhost, *tty; + char rhostip[MAXHOSTNAMELEN] = ""; + + /* Sanity checks for uname,pwd,tty,host etc */ + + pam_err = pam_get_user(pamh, &user, NULL); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SERVICE_ERR); + + pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + pam_err = pam_get_item(pamh, PAM_TTY, &tty); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (*pwd->pw_passwd == '\0' && + (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) + return (PAM_NEW_AUTHTOK_REQD); + +#ifndef (__LINUX__) + lc = login_getpwclass(pwd); + + if (lc == NULL) { + return (PAM_SERVICE_ERR); + + } +#endif + /* Check if pw_change or pw_expire is set */ + + if (pwd->pw_change || pwd->pw_expire) + gettimeofday(&tp, NULL); + + +} + + diff --git a/src/pam_unix/pam_unix.c~ b/src/pam_unix/pam_unix.c~ index 99e0fbd..e3486dd 100644 --- a/src/pam_unix/pam_unix.c~ +++ b/src/pam_unix/pam_unix.c~ @@ -1,4 +1,9 @@ +#include <pwd.h> +/* #include <shadow.h> May not be necessary */ +#include <sys/types.h> +#include <unistd.h> + #ifndef (__LINUX__) #include <login_cap.h> #endif @@ -10,7 +15,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) { + int argc __unused, const char **argv __unused) { #ifndef (__LINUX__) login_cap_t *lc; @@ -63,14 +68,86 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); - + + /* check shadow */ crypt_pass = crypt(pass, pwd->pw_passwd); - if ( strcmp(crypt_password, pwd->pw_passwd) != 0 ) + if ( strcmp(crypt_pass, pwd->pw_passwd) != 0 ) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; - + return (pam_err); } +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, + int argc __unused, const char *argv[] __unused) { + + /* + * This functions takes care of renewing/initializing + * user credentials as well as gid/uids. Someday, it + * will be completed. For now, it's not very urgent. + */ + + return (PAM_SUCCESS); +} + + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char *argv[] __unused) { + + + +#ifndef (__LINUX__) + login_cap_t *lc; +#endif + + struct passwd *pwd; + int pam_err; + const char *user; + const void *rhost, *tty; + char rhostip[MAXHOSTNAMELEN] = ""; + + /* Sanity checks for uname,pwd,tty,host etc */ + + pam_err = pam_get_user(pamh, &user, NULL); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (user == NULL || (pwd = getpwnam(user)) == NULL) + return (PAM_SERVICE_ERR); + + pam_err = pam_get_item(pamh, PAM_RHOST, &rhost); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + pam_err = pam_get_item(pamh, PAM_TTY, &tty); + + if (pam_err != PAM_SUCCESS) + return (pam_err); + + if (*pwd->pw_passwd == '\0' && + (flags & PAM_DISALLOW_NULL_AUTHTOK) != 0) + return (PAM_NEW_AUTHTOK_REQD); + +#ifndef (__LINUX__) + lc = login_getpwclass(pwd); + + if (lc == NULL) { + return (PAM_SERVICE_ERR); + + } +#endif + /* Check if pw_change or pw_expire is set */ + + if (pwd->pw_change || pwd->pw_expire) + gettimeofday(&tp, NULL); + + +} + + |