pam_modules/rhosts_auth/rhosts_auth.c

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License, Version 1.0 only
2N/A * (the "License").  You may not use this file except in compliance
2N/A * with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A
2N/A#pragma ident   "%Z%%M% %I% %E% SMI"
2N/A
2N/A#include <sys/param.h>
2N/A#include <security/pam_appl.h>
2N/A#include <security/pam_modules.h>
2N/A#include <pwd.h>
2N/A#include <shadow.h>
2N/A#include <string.h>
2N/A#include <rpc/types.h>
2N/A#include <rpc/auth.h>
2N/A#include <locale.h>
2N/A#include <crypt.h>
2N/A#include <syslog.h>
2N/A
2N/Aextern int ruserok(const char *, int, const char *, const char *);
2N/A
2N/A/*
2N/A * pam_sm_authenticate  - Checks if the user is allowed remote access
2N/A */
2N/A/*ARGSUSED*/
2N/Aint
2N/Apam_sm_authenticate(
2N/A    pam_handle_t    *pamh,
2N/A    int flags,
2N/A    int argc,
2N/A    const char  **argv)
2N/A{
2N/A    char *host = NULL, *lusername = NULL;
2N/A    struct passwd pwd;
2N/A    char pwd_buffer[1024];
2N/A    int is_superuser;
2N/A    char    *rusername;
2N/A    int i;
2N/A    int debug = 0;
2N/A
2N/A    for (i = 0; i < argc; i++) {
2N/A        if (strcasecmp(argv[i], "debug") == 0)
2N/A            debug = 1;
2N/A        else
2N/A            syslog(LOG_DEBUG, "illegal option %s", argv[i]);
2N/A    }
2N/A
2N/A    if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS)
2N/A        return (PAM_SERVICE_ERR);
2N/A    if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS)
2N/A        return (PAM_SERVICE_ERR);
2N/A    if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS)
2N/A        return (PAM_SERVICE_ERR);
2N/A
2N/A    if (lusername == NULL || *lusername == '\0')
2N/A        return (PAM_USER_UNKNOWN);
2N/A    if (rusername == NULL || *rusername == '\0')
2N/A        return (PAM_AUTH_ERR);
2N/A    if (host == NULL || *host == '\0')
2N/A        return (PAM_AUTH_ERR);
2N/A
2N/A    if (debug) {
2N/A        syslog(LOG_DEBUG,
2N/A            "rhosts authenticate: user = %s, host = %s",
2N/A            lusername, host);
2N/A    }
2N/A
2N/A    if (getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer))
2N/A                                == NULL)
2N/A        return (PAM_USER_UNKNOWN);
2N/A
2N/A    if (pwd.pw_uid == 0)
2N/A        is_superuser = 1;
2N/A    else
2N/A        is_superuser = 0;
2N/A
2N/A    return (ruserok(host, is_superuser, rusername, lusername)
2N/A        == -1 ? PAM_AUTH_ERR : PAM_SUCCESS);
2N/A
2N/A}
2N/A
2N/A/*
2N/A * dummy pam_sm_setcred - does nothing
2N/A */
2N/A/*ARGSUSED*/
2N/Aint
2N/Apam_sm_setcred(
2N/A    pam_handle_t    *pamh,
2N/A    int flags,
2N/A    int argc,
2N/A    const char  **argv)
2N/A{
2N/A    return (PAM_IGNORE);
2N/A}