1 /* pam_securetty module */
3 #define SHELL_FILE "/etc/shells"
6 * by Erik Troan <ewt@redhat.com>, Red Hat Software.
8 * This code shamelessly ripped from the pam_securetty module.
20 * here, we make a definition for the externally accessible function
21 * in this file (this definition is required for static a module
22 * but strongly encouraged generally) it is used to instruct the
23 * modules include file to define the function prototypes.
28 #include <security/pam_modules.h>
32 static void _pam_log(int err, const char *format, ...)
36 va_start(args, format);
37 openlog("PAM-shells", LOG_CONS|LOG_PID, LOG_AUTH);
38 vsyslog(err, format, args);
43 /* --- authentication management functions (only) --- */
46 int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
49 int retval = PAM_AUTH_ERR;
52 char shellFileLine[256];
57 retval = pam_get_user(pamh,&userName,NULL);
58 if(retval != PAM_SUCCESS)
59 return PAM_SERVICE_ERR;
61 if(!userName || (strlen(userName) <= 0)) {
62 /* Don't let them use a NULL username... */
63 pam_get_user(pamh,&userName,NULL);
64 if (retval != PAM_SUCCESS)
65 return PAM_SERVICE_ERR;
68 pw = getpwnam(userName);
70 return PAM_AUTH_ERR; /* user doesn't exist */
71 userShell = pw->pw_shell;
73 if(stat(SHELL_FILE,&sb)) {
74 _pam_log(LOG_ERR, SHELL_FILE, " cannot be stat'd (it probably does "
76 return PAM_AUTH_ERR; /* must have /etc/shells */
79 if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
81 SHELL_FILE " is either world writable or not a normal file");
85 shellFile = fopen(SHELL_FILE,"r");
86 if(shellFile == NULL) { /* Check that we opened it successfully */
88 "Error opening " SHELL_FILE);
89 return PAM_SERVICE_ERR;
91 /* There should be no more errors from here on */
93 /* This loop assumes that PAM_SUCCESS == 0
94 and PAM_AUTH_ERR != 0 */
95 while((fgets(shellFileLine,255,shellFile) != NULL)
97 if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
98 shellFileLine[strlen(shellFileLine) - 1] = '\0';
99 retval = strcmp(shellFileLine, userShell);
103 retval = PAM_AUTH_ERR;
108 int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
117 /* static module data */
119 struct pam_module _pam_shells_modstruct = {
131 /* end of module definition */