1 /* pam_shells module */
3 #define SHELL_FILE "/etc/shells"
6 * by Erik Troan <ewt@redhat.com>, Red Hat Software.
8 * This code shamelessly ripped from the pam_securetty module.
9 * $FreeBSD: src/contrib/libpam/modules/pam_shells/pam_shells.c,v 1.3.2.2 2001/06/11 15:28:28 markm Exp $
23 * here, we make a definition for the externally accessible function
24 * in this file (this definition is required for static a module
25 * but strongly encouraged generally) it is used to instruct the
26 * modules include file to define the function prototypes.
31 #include <security/pam_modules.h>
35 static void _pam_log(int err, const char *format, ...)
39 va_start(args, format);
40 openlog("PAM-shells", LOG_CONS|LOG_PID, LOG_AUTH);
41 vsyslog(err, format, args);
46 /* --- authentication management functions (only) --- */
49 int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
52 int retval = PAM_AUTH_ERR;
55 char shellFileLine[256];
60 retval = pam_get_user(pamh,&userName,NULL);
61 if(retval != PAM_SUCCESS)
62 return PAM_SERVICE_ERR;
64 if(!userName || (strlen(userName) <= 0)) {
65 /* Don't let them use a NULL username... */
66 pam_get_user(pamh,&userName,NULL);
67 if (retval != PAM_SUCCESS)
68 return PAM_SERVICE_ERR;
71 pw = getpwnam(userName);
73 return PAM_AUTH_ERR; /* user doesn't exist */
74 userShell = pw->pw_shell;
76 if(stat(SHELL_FILE,&sb)) {
78 "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
79 return PAM_AUTH_ERR; /* must have /etc/shells */
82 if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
84 "%s is either world writable or not a normal file", SHELL_FILE);
88 shellFile = fopen(SHELL_FILE,"r");
89 if(shellFile == NULL) { /* Check that we opened it successfully */
91 "Error opening %s", SHELL_FILE);
92 return PAM_SERVICE_ERR;
94 /* There should be no more errors from here on */
96 /* This loop assumes that PAM_SUCCESS == 0
97 and PAM_AUTH_ERR != 0 */
98 while((fgets(shellFileLine,255,shellFile) != NULL)
100 if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
101 shellFileLine[strlen(shellFileLine) - 1] = '\0';
102 retval = strcmp(shellFileLine, userShell);
106 retval = PAM_AUTH_ERR;
111 int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
120 /* static module data */
122 struct pam_module _pam_shells_modstruct = {
134 /* end of module definition */