Example #1
0
File: pam_time.c Project: aosm/pam
static int check_account(const char *service
			 , const char *tty, const char *user)
{
     int from=0,to=0,fd=-1;
     char *buffer=NULL;
     int count=0;
     TIME here_and_now;
     int retval=PAM_SUCCESS;

     here_and_now = time_now();                     /* find current time */
     do {
	  boolean good=TRUE,intime;

	  /* here we get the service name field */

	  fd = read_field(fd,&buffer,&from,&to);

	  if (!buffer || !buffer[0]) {
	       /* empty line .. ? */
	       continue;
	  }
	  ++count;

	  good = logic_field(service, buffer, count, is_same);
	  D(("with service: %s", good ? "passes":"fails" ));

	  /* here we get the terminal name field */

	  fd = read_field(fd,&buffer,&from,&to);
	  if (!buffer || !buffer[0]) {
	       _log_err(PAM_TIME_CONF "; no tty entry #%d", count);
	       continue;
	  }
	  good &= logic_field(tty, buffer, count, is_same);
	  D(("with tty: %s", good ? "passes":"fails" ));

	  /* here we get the username field */

	  fd = read_field(fd,&buffer,&from,&to);
	  if (!buffer || !buffer[0]) {
	       _log_err(PAM_TIME_CONF "; no user entry #%d", count);
	       continue;
	  }
	  good &= logic_field(user, buffer, count, is_same);
	  D(("with user: %s", good ? "passes":"fails" ));

	  /* here we get the time field */

	  fd = read_field(fd,&buffer,&from,&to);
	  if (!buffer || !buffer[0]) {
	       _log_err(PAM_TIME_CONF "; no time entry #%d", count);
	       continue;
	  }

	  intime = logic_field(&here_and_now, buffer, count, check_time);
	  D(("with time: %s", intime ? "passes":"fails" ));

	  fd = read_field(fd,&buffer,&from,&to);
	  if (buffer && buffer[0]) {
	       _log_err(PAM_TIME_CONF "; poorly terminated rule #%d", count);
	       continue;
	  }

	  if (good && !intime) {
	       /*
		* for security parse whole file..  also need to ensure
		* that the buffer is free()'d and the file is closed.
		*/
	       retval = PAM_PERM_DENIED;
	  } else {
	       D(("rule passed"));
	  }
     } while (buffer);

     return retval;
}
Example #2
0
static int check_account(const char *service, const char *tty
     , const char *user)
{
    int from=0,to=0,fd=-1;
    char *buffer=NULL;
    int count=0;
    TIME here_and_now;
    int retval=PAM_SUCCESS;
    gid_t *grps;
    int no_grps;

    /*
     * first we get the current list of groups - the application
     * will have previously done an initgroups(), or equivalent.
     */

    D(("counting supplementary groups"));
    no_grps = getgroups(0, NULL);      /* find the current number of groups */
    if (no_grps > 0) {
	grps = calloc( blk_size(no_grps) , sizeof(gid_t) );
	D(("copying current list into grps [%d big]",blk_size(no_grps)));
	(void) getgroups(no_grps, grps);
#ifdef DEBUG
	{
	    int z;
	    for (z=0; z<no_grps; ++z) {
		D(("gid[%d]=%d", z, grps[z]));
	    }
	}
#endif
    } else {
	D(("no supplementary groups known"));
	no_grps = 0;
	grps = NULL;
    }

    here_and_now = time_now();                         /* find current time */

    /* parse the rules in the configuration file */
    do {
	int good=TRUE;

	/* here we get the service name field */

	fd = read_field(fd,&buffer,&from,&to);
	if (!buffer || !buffer[0]) {
	    /* empty line .. ? */
	    continue;
	}
	++count;
	D(("working on rule #%d",count));

	good = logic_field(service, buffer, count, is_same);
	D(("with service: %s", good ? "passes":"fails" ));

	/* here we get the terminal name field */

	fd = read_field(fd,&buffer,&from,&to);
	if (!buffer || !buffer[0]) {
	    _log_err(PAM_GROUP_CONF "; no tty entry #%d", count);
	    continue;
	}
	good &= logic_field(tty, buffer, count, is_same);
	D(("with tty: %s", good ? "passes":"fails" ));

	/* here we get the username field */

	fd = read_field(fd,&buffer,&from,&to);
	if (!buffer || !buffer[0]) {
	    _log_err(PAM_GROUP_CONF "; no user entry #%d", count);
	    continue;
	}
	good &= logic_field(user, buffer, count, is_same);
	D(("with user: %s", good ? "passes":"fails" ));

	/* here we get the time field */

	fd = read_field(fd,&buffer,&from,&to);
	if (!buffer || !buffer[0]) {
	    _log_err(PAM_GROUP_CONF "; no time entry #%d", count);
	    continue;
	}

	good &= logic_field(&here_and_now, buffer, count, check_time);
	D(("with time: %s", good ? "passes":"fails" ));

	fd = read_field(fd,&buffer,&from,&to);
	if (!buffer || !buffer[0]) {
	    _log_err(PAM_GROUP_CONF "; no listed groups for rule #%d"
		     , count);
	    continue;
	}

	/*
	 * so we have a list of groups, we need to turn it into
	 * something to send to setgroups(2)
	 */

	if (good) {
	    D(("adding %s to gid list", buffer));
	    good = mkgrplist(buffer, &grps, no_grps);
	    if (good < 0) {
		no_grps = 0;
	    } else {
		no_grps = good;
	    }
	}

	/* check the line is terminated correctly */

	fd = read_field(fd,&buffer,&from,&to);
	if (buffer && buffer[0]) {
	    _log_err(PAM_GROUP_CONF "; poorly terminated rule #%d", count);
	}

	if (good > 0) {
	    D(("rule #%d passed, added %d groups", count, good));
	} else if (good < 0) {
	    retval = PAM_BUF_ERR;
	} else {
	    D(("rule #%d failed", count));
	}

    } while (buffer);

    /* now set the groups for the user */

    if (no_grps > 0) {
	int err;
	D(("trying to set %d groups", no_grps));
#ifdef DEBUG
	for (err=0; err<no_grps; ++err) {
	    D(("gid[%d]=%d", err, grps[err]));
	}
#endif
	if ((err = setgroups(no_grps, grps))) {
	    D(("but couldn't set groups %d", err));
	    _log_err("unable to set the group membership for user (err=%d)"
		     , err);
	    retval = PAM_CRED_ERR;
	}
    }

    if (grps) {                                          /* tidy up */
	memset(grps, 0, sizeof(gid_t) * blk_size(no_grps));
	_pam_drop(grps);
	no_grps = 0;
    }

    return retval;
}