1 /* pam_shells module */
3 #define SHELL_FILE "/etc/shells"
6 * by Erik Troan <ewt@redhat.com>, Red Hat Software.
8 * This code shamelessly ripped from the pam_securetty module.
9 * $FreeBSD: src/contrib/libpam/modules/pam_shells/pam_shells.c,v 1.3.2.2 2001/06/11 15:28:28 markm Exp $
10 * $DragonFly: src/contrib/libpam/modules/pam_shells/Attic/pam_shells.c,v 1.2 2003/06/17 04:24:03 dillon Exp $
24 * here, we make a definition for the externally accessible function
25 * in this file (this definition is required for static a module
26 * but strongly encouraged generally) it is used to instruct the
27 * modules include file to define the function prototypes.
32 #include <security/pam_modules.h>
36 static void _pam_log(int err, const char *format, ...)
40 va_start(args, format);
41 openlog("PAM-shells", LOG_CONS|LOG_PID, LOG_AUTH);
42 vsyslog(err, format, args);
47 /* --- authentication management functions (only) --- */
50 int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
53 int retval = PAM_AUTH_ERR;
56 char shellFileLine[256];
61 retval = pam_get_user(pamh,&userName,NULL);
62 if(retval != PAM_SUCCESS)
63 return PAM_SERVICE_ERR;
65 if(!userName || (strlen(userName) <= 0)) {
66 /* Don't let them use a NULL username... */
67 pam_get_user(pamh,&userName,NULL);
68 if (retval != PAM_SUCCESS)
69 return PAM_SERVICE_ERR;
72 pw = getpwnam(userName);
74 return PAM_AUTH_ERR; /* user doesn't exist */
75 userShell = pw->pw_shell;
77 if(stat(SHELL_FILE,&sb)) {
79 "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
80 return PAM_AUTH_ERR; /* must have /etc/shells */
83 if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
85 "%s is either world writable or not a normal file", SHELL_FILE);
89 shellFile = fopen(SHELL_FILE,"r");
90 if(shellFile == NULL) { /* Check that we opened it successfully */
92 "Error opening %s", SHELL_FILE);
93 return PAM_SERVICE_ERR;
95 /* There should be no more errors from here on */
97 /* This loop assumes that PAM_SUCCESS == 0
98 and PAM_AUTH_ERR != 0 */
99 while((fgets(shellFileLine,255,shellFile) != NULL)
101 if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
102 shellFileLine[strlen(shellFileLine) - 1] = '\0';
103 retval = strcmp(shellFileLine, userShell);
107 retval = PAM_AUTH_ERR;
112 int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
121 /* static module data */
123 struct pam_module _pam_shells_modstruct = {
135 /* end of module definition */