/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <syslog.h>
#include <pwd.h>
#include <unistd.h>
#include <strings.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <libintl.h>
static int parse_allow_name(char *, char *);
/*
* pam_sm_acct_mgmt main account managment routine.
* XXX: The routine just prints out a warning message.
* passwd.
*/
int
int flags,
int argc,
const char **argv)
{
char *user;
char *pg;
int i;
/*LINTED - set but not used. Would be used in a real module. */
int debug = 0;
/*LINTED - set but not used. Would be used in a real module. */
int nowarn = 0;
int error = 0;
if (argc == 0)
return (PAM_SUCCESS);
return (PAM_SERVICE_ERR);
return (PAM_SERVICE_ERR);
/*
* kludge alert. su needs to be handled specially for allow policy.
* we want to use the policy of the current user not the "destination"
* user. This will enable us to prevent su to root but not to rlogin,
* telnet, rsh, ftp to root.
*
* description of problem: user name is the "destination" name. not
* the current name. The allow policy needs to be applied to the
* current name in the case of su. user is "root" in this case and
* we will be getting the root policy instead of the user policy.
*/
return (PAM_SYSTEM_ERR);
}
return (PAM_SUCCESS);
for (i = 0; i < argc; i++) {
debug = 1;
nowarn = 1;
else
}
}
static char *getname();
static int
{
/* catch "allow=" */
if (*cp == '\0')
return (0);
while (cp) {
/* catch things such as =, and ,, */
if (*name == '\0')
continue;
return (1);
}
return (0);
}
static char *
{
/* force name to be initially null string */
*name = '\0';
/* end of string? */
if (*cp == '\0')
return ((char *)0);
while (*cp) {
/* end of name? */
break;
}
/* make name into string */
*name++ = '\0';
}