2 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2001 Mark R V Murray
6 * Copyright (c) 2001 Networks Associates Technology, Inc.
8 * Copyright (c) 2004 Joe R. Doupnik
11 * Portions of this software were developed for the FreeBSD Project by
12 * ThinkSec AS and NAI Labs, the Security Research Division of Network
13 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
14 * ("CBOSS"), as part of the DARPA CHATS research program.
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote
25 * products derived from this software without specific prior written
27 * 4. Neither the name of the University nor the names of its contributors
28 * may be used to endorse or promote products derived from this software
29 * without specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
32 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
33 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
34 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
35 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
39 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
40 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * $FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.23 2007/07/22 15:17:29 des Exp $
48 #include <sys/param.h>
61 #define PAM_SM_SESSION
63 #include <security/pam_appl.h>
64 #include <security/pam_modules.h>
65 #include <security/pam_mod_misc.h>
67 #define SUPPORT_UTMP 1
68 #define SUPPORT_UTMPX 1
72 static void doutmp(const char *, const char *, const char *,
73 const struct timeval *);
74 static void dolastlog(pam_handle_t *, int, const struct passwd *, const char *,
75 const char *, const struct timeval *);
80 static void doutmpx(const char *, const char *, const char *,
81 const struct sockaddr_storage *ss, const struct timeval *);
82 static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *,
83 const char *, const struct sockaddr_storage *ss, const struct timeval *);
86 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
87 static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *,
91 static void logit(int, const char *, ...) __printflike(2, 3);
94 logit(int level, const char *fmt, ...)
98 openlog("pam_lastlog", LOG_PID, LOG_AUTHPRIV);
100 vsyslog(level, fmt, ap);
107 pam_sm_open_session(pam_handle_t *pamh, int flags,
108 int argc __unused, const char *argv[] __unused)
110 struct passwd *pwd, pwres;
112 const char *user, *rhost, *tty;
113 const void *vrhost, *vtty;
121 pam_err = pam_get_user(pamh, &user, NULL);
122 if (pam_err != PAM_SUCCESS)
126 getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
128 return PAM_SERVICE_ERR;
130 PAM_LOG("Got user: %s", user);
132 pam_err = pam_get_item(pamh, PAM_RHOST, &vrhost);
133 if (pam_err != PAM_SUCCESS)
135 rhost = (const char *)vrhost;
137 pam_err = pam_get_item(pamh, PAM_TTY, &vtty);
138 if (pam_err != PAM_SUCCESS)
140 tty = (const char *)vtty;
143 pam_err = PAM_SERVICE_ERR;
147 if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
148 tty = tty + strlen(_PATH_DEV);
151 pam_err = PAM_SERVICE_ERR;
155 (void)gettimeofday(&now, NULL);
157 if ((flags & PAM_SILENT) != 0)
161 lc = login_getpwclass(pwd);
162 quiet = login_getcapbool(lc, "hushlogin", 0);
169 dolastlogx(pamh, quiet, pwd, rhost, tty, NULL, &now);
170 doutmpx(user, rhost, tty, NULL, &now);
174 doutmp(user, rhost, tty, &now);
175 dolastlog(pamh, quiet, pwd, rhost, tty, &now);
178 if (openpam_get_option(pamh, "no_fail"))
184 pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
185 int argc __unused, const char *argv[] __unused)
190 pam_get_item(pamh, PAM_TTY, &vtty);
192 return PAM_SERVICE_ERR;
193 tty = (const char *)vtty;
195 if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
196 tty = tty + strlen(_PATH_DEV);
199 return PAM_SERVICE_ERR;
202 if (logoutx(tty, 0, DEAD_PROCESS))
203 logwtmpx(tty, "", "", 0, DEAD_PROCESS);
205 logit(LOG_NOTICE, "%s(): no utmpx record for %s",
211 logwtmp(tty, "", "");
213 logit(LOG_NOTICE, "%s(): no utmp record for %s",
219 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
221 domsg(pam_handle_t *pamh, time_t t, const char *host, size_t hsize,
222 const char *line, size_t lsize)
224 char buf[MAXHOSTNAMELEN + 32], *promptresp = NULL;
228 (void)snprintf(buf, sizeof(buf), "from %.*s ",
233 pam_err = pam_prompt(pamh, PAM_TEXT_INFO, &promptresp,
234 "Last login: %.24s %son %.*s\n", ctime(&t), host, (int)lsize, line);
236 if (pam_err == PAM_SUCCESS && promptresp)
243 doutmpx(const char *username, const char *hostname, const char *tty,
244 const struct sockaddr_storage *ss, const struct timeval *now)
249 memset((void *)&utmpx, 0, sizeof(utmpx));
251 (void)strncpy(utmpx.ut_name, username, sizeof(utmpx.ut_name));
253 (void)strncpy(utmpx.ut_host, hostname, sizeof(utmpx.ut_host));
257 (void)strncpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line));
258 utmpx.ut_type = USER_PROCESS;
259 utmpx.ut_pid = getpid();
260 t = tty + strlen(tty);
261 if ((size_t)(t - tty) >= sizeof(utmpx.ut_id)) {
262 (void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
263 sizeof(utmpx.ut_id));
265 (void)strncpy(utmpx.ut_id, tty, sizeof(utmpx.ut_id));
267 if (pututxline(&utmpx) == NULL)
268 logit(LOG_NOTICE, "Cannot update utmpx %m");
270 if (updwtmpx(_PATH_WTMPX, &utmpx) != 0)
271 logit(LOG_NOTICE, "Cannot update wtmpx %m");
275 dolastlogx(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
276 const char *hostname __unused, const char *tty __unused,
277 const struct sockaddr_storage *ss __unused,
278 const struct timeval *now __unused)
282 if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL)
283 domsg(pamh, (time_t)ll.ll_tv.tv_sec, ll.ll_host,
284 sizeof(ll.ll_host), ll.ll_line,
289 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
292 (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
294 (void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
299 (void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss));
301 if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0)
302 logit(LOG_NOTICE, "Cannot update lastlogx %m");
303 PAM_LOG("Login recorded in %s", _PATH_LASTLOGX);
310 doutmp(const char *username, const char *hostname, const char *tty,
311 const struct timeval *now)
315 (void)memset((void *)&utmp, 0, sizeof(utmp));
316 utmp.ut_time = now->tv_sec;
317 (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
319 (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
320 (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
325 dolastlog(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
326 const char *hostname, const char *tty, const struct timeval *now)
331 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) == -1) {
332 logit(LOG_NOTICE, "Cannot open `%s' %m", _PATH_LASTLOG);
335 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
338 if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
340 domsg(pamh, ll.ll_time, ll.ll_host,
341 sizeof(ll.ll_host), ll.ll_line,
343 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
346 ll.ll_time = now->tv_sec;
347 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
350 (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
352 (void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
354 (void)write(fd, &ll, sizeof(ll));
357 PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
361 PAM_MODULE_ENTRY("pam_lastlog");