c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * CDDL HEADER START
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * The contents of this file are subject to the terms of the
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * Common Development and Distribution License (the "License").
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * You may not use this file except in compliance with the License.
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * See the License for the specific language governing permissions
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * and limitations under the License.
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * When distributing Covered Code, include this CDDL HEADER in each
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * If applicable, add the following below this CDDL HEADER, with the
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * fields enclosed by brackets "[]" replaced with your own identifying
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * information: Portions Copyright [yyyy] [name of copyright owner]
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * CDDL HEADER END
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * Use is subject to license terms.
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik#define ILLEGAL_COMBINATION "pam_list: illegal combination of options"
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Juriktypedef enum {
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurikstatic const char *
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurikstring_mode_type(pam_list_mode_t op_mode, boolean_t allow)
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik return ((op_mode == LIST_COMPAT_MODE) ? "compat" :
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Juriklog_illegal_combination(const char *s1, const char *s2)
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik __pam_log(LOG_AUTH | LOG_ERR, ILLEGAL_COMBINATION
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj/*ARGSUSED*/
c8e880c1386b032ac975c61826ba3bc0d8dce5acmjpam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj for (i = 0; i < argc; ++i) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj if (strncasecmp(argv[i], "debug", sizeof ("debug")) == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj } else if (strncasecmp(argv[i], "user", sizeof ("user")) == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj sizeof ("nouser")) == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj } else if (strncasecmp(argv[i], "host", sizeof ("host")) == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj sizeof ("nohost")) == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj sizeof ("user_host_exact")) == 0) {
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik } else if (strcasecmp(argv[i], "compat") == 0) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj if (((check_user || check_host || check_exact) == B_FALSE) ||
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik __pam_log(LOG_AUTH | LOG_ERR, ILLEGAL_COMBINATION);
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik if ((op_mode == LIST_COMPAT_MODE) && (check_user == B_FALSE)) {
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj "pam_list: check_user = %d, check_host = %d,"
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj "check_exact = %d\n",
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj if ((check_user || check_exact) && ((username == NULL) ||
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj "pam_list: username not supplied, critical error");
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj "pam_list: error by gethostname - %m");
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik "pam_list: pam_sm_acct_mgmt for (%s,%s,)",
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik "pam_list: file name not specified");
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik __pam_log(LOG_AUTH | LOG_ERR, "pam_list: fopen of %s: %s",
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj /* lines longer than BUFSIZ-1 */
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj "pam_list: long line in file,"
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj /* remove unneeded colons if necessary */
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj /* ignore free values */
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj /* test for interesting lines = +/- in /etc/passwd */
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik /* simple + matches all */
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik /* simple - is not defined */
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik "pam_list: simple minus unknown, "
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik /* @ is not allowed on the first position */
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik "pam_list: @ is not allowed on the first "
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik /* -user or -@netgroup */
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik /* +user or +@netgroup */
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * if -> netgroup line
c8e880c1386b032ac975c61826ba3bc0d8dce5acmj * else -> user line
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * No match found in /etc/passwd yet. For compat mode
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * a failure to match should result in a return of
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * PAM_PERM_DENIED which is achieved below if 'matched'
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * is false and 'allow' is true.
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik "pam_list: %s for %s", matched ? "matched" : "no match",
ce0ce47a28e767d5bf7dec161e16b4f621aa39a1Milan Jurik * For compatibility with passwd_compat mode to prevent root access