Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_unix/pam_unix.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix/pam_unix.c')
-rw-r--r--modules/pam_unix/pam_unix.c83
1 files changed, 73 insertions, 10 deletions
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c
index a14dbe6..ea1b75d 100644
--- a/modules/pam_unix/pam_unix.c
+++ b/modules/pam_unix/pam_unix.c
@@ -15,7 +15,8 @@
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
-#define PAM_PASSWORD
+#define PAM_SM_PASSWORD
+#define PAM_SM_SESSION
#ifndef __linux__
#include <login_cap.h> /* for BSD login classes */
@@ -32,6 +33,7 @@
#include <security/pam_modules.h>
#include <security/pam_appl.h>
+#include <security/openpam.h>
#include <security/pam_mod_misc.h>
@@ -56,7 +58,7 @@ void makesalt(char salt[SALTSIZE]);
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc , const char **argv ) {
+ int argc , const char *argv[] ) {
#ifndef __linux__
login_cap_t *lc;
@@ -78,7 +80,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
pwd = getpwnam(user);
}
-
+ puts("authenticating as user:");
+ puts(user);
PAM_LOG("Authenticating user: [%s]", user);
/* get password */
@@ -227,17 +230,22 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
}
#endif
/* Check if pw_lstchg or sp_expire is set */
-
+/*
if (pwd->sp_lstchg || pwd->sp_expire)
curtime = time(NULL) / (60 * 60 * 24);
+ puts("before all");
if (pwd->sp_expire) {
+ puts(ctime(&(pwd->sp_expire)));
+ puts(ctime(&curtime));
if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) {
#ifndef __linux__
login_close(lc);
-#endif
+#endif
+ puts("expire 1");
PAM_ERROR("Account has expired!");
return (PAM_ACCT_EXPIRED);
} else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) {
+ puts("expire 2");
PAM_ERROR("Warning: your account expires on %s",
ctime(&pwd->sp_expire));
}
@@ -246,8 +254,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
if (pwd->sp_lstchg == 0 ) {
return (PAM_NEW_AUTHTOK_REQD);
}
-
- /* check all other possibilities (mostly stolen from pam_tcb) */
+ puts("before tcb OK!");
+ * check all other possibilities (mostly stolen from pam_tcb) *
if ((curtime > (pwd->sp_lstchg + pwd->sp_max + pwd->sp_inact)) &&
(pwd->sp_max != -1) && (pwd->sp_inact != -1) &&
@@ -255,12 +263,14 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
PAM_ERROR("Account has expired!");
return (PAM_ACCT_EXPIRED);
}
+ puts("after 1");
if (((pwd->sp_lstchg + pwd->sp_max) < curtime) &&
(pwd->sp_max != -1)) {
PAM_ERROR("Account has expired!");
return (PAM_ACCT_EXPIRED);
}
+ puts("after 2");
if ((curtime - pwd->sp_lstchg > pwd->sp_max)
&& (curtime - pwd->sp_lstchg > pwd->sp_inact)
@@ -270,7 +280,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
return (PAM_ACCT_EXPIRED);
}
- pam_err = (PAM_SUCCESS);
+ puts("after 3");
+*/ pam_err = (PAM_SUCCESS);
#ifndef __linux__
@@ -485,6 +496,56 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
+PAM_EXTERN int
+pam_sm_open_session( pam_handle_t * pamh, int flags,
+ int argc, const char * argv[])
+{
+
+ char *user, *service;
+ int pam_err;
+
+ pam_err = pam_get_item(pamh, PAM_USER, (void *) &user);
+ if ( pam_err != PAM_SUCCESS || user == NULL || *user == '\0') {
+ PAM_ERROR("Open session - Error recovering username");
+ return (PAM_SESSION_ERR);
+ }
+
+ pam_err = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
+ if ( pam_err != PAM_SUCCESS || service == NULL || *service == '\0') {
+ PAM_ERROR("Open session - Error recovering service");
+ return (PAM_SESSION_ERR);
+ }
+
+ PAM_LOG("Opened session for user [%s] by %s(uid=%lu)", user, getlogin(),
+ (unsigned long) getuid());
+
+ return PAM_SUCCESS;
+
+}
+
+PAM_EXTERN int
+pam_sm_close_session( pam_handle_t * pamh, int flags,
+ int argc, const char * argv[])
+{
+ char *user, *service;
+ int pam_err;
+
+ pam_err = pam_get_item(pamh, PAM_USER, (void *) &user);
+ if ( pam_err != PAM_SUCCESS || user == NULL || *user == '\0') {
+ PAM_ERROR("Close session - Error recovering username");
+ return (PAM_SESSION_ERR);
+ }
+
+ pam_err = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
+ if ( pam_err != PAM_SUCCESS || service == NULL || *service == '\0') {
+ PAM_ERROR("Close session - Error recovering service");
+ return (PAM_SESSION_ERR);
+ }
+
+ PAM_LOG("Closed session for user [%s]", user);
+
+ return PAM_SUCCESS;
+}
#ifdef __linux__
@@ -493,7 +554,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
* Update shadow with new user password
*/
-static int update_shadow( pam_handle_t * pamh , const char * user ,const char * newhashedpwd ) {
+static int update_shadow( pam_handle_t * pamh , const char * user,
+ const char * newhashedpwd ) {
FILE *oldshadow, *newshadow;
struct spwd *pwd,*cur_pwd;
struct stat filestat;
@@ -592,7 +654,8 @@ static int update_shadow( pam_handle_t * pamh , const char * user ,const char *
#define NEW_PASSWD "/etc/.passwd"
-static int update_passwd( pam_handle_t * pamh , const char * user ,const char * newhashedpwd ) {
+static int update_passwd( pam_handle_t * pamh, const char * user,
+ const char * newhashedpwd ) {
FILE *oldpasswd, *newpasswd;
struct passwd *pwd,*cur_pwd;
struct stat filestat;