/* * Do the actual work of authenticating with PAM. First, get the PAM identity * based on the method used to convert the BIND identity to the PAM identity. * Set up the structures that pam_start needs and call pam_start(). After * that, call pam_authenticate and pam_acct_mgmt. Check the various return * values from these functions and map them to their corresponding LDAP BIND * return values. Return the appropriate LDAP error code. * This function will also set the appropriate LDAP response controls in * the given pblock. * Since this function can be called multiple times, we only want to return * the errors and controls to the user if this is the final call, so the * final_method parameter tells us if this is the last one. Coupled with * the fallback argument, we can tell if we are able to send the response * back to the client. */ static int do_one_pam_auth( Slapi_PBlock *pb, int method, /* get pam identity from ENTRY, RDN, or DN */ PRBool final_method, /* which method is the last one to try */ char *pam_service, /* name of service for pam_start() */ char *map_ident_attr, /* for ENTRY method, name of attribute holding pam identity */ PRBool fallback, /* if true, failure here should fallback to regular bind */ int pw_response_requested /* do we need to send pwd policy resp control */ ) { MyStrBuf pam_id; const char *binddn = NULL; Slapi_DN *bindsdn = NULL; int rc; int retcode = LDAP_SUCCESS; pam_handle_t *pam_handle; struct my_pam_conv_str my_data; struct pam_conv my_pam_conv = {pam_conv_func, NULL}; char *errmsg = NULL; /* free with PR_smprintf_free */ int locked = 0; slapi_pblock_get( pb, SLAPI_BIND_TARGET_SDN, &bindsdn ); if (NULL == bindsdn) { errmsg = PR_smprintf("Null bind dn"); retcode = LDAP_OPERATIONS_ERROR; pam_id.str = NULL; /* initialize pam_id.str */ goto done; /* skip the pam stuff */ } binddn = slapi_sdn_get_dn(bindsdn); if (method == PAMPT_MAP_METHOD_RDN) { derive_from_bind_dn(pb, bindsdn, &pam_id); } else if (method == PAMPT_MAP_METHOD_ENTRY) { derive_from_bind_entry(pb, bindsdn, &pam_id, map_ident_attr, &locked); } else { init_my_str_buf(&pam_id, binddn); } if (locked) { errmsg = PR_smprintf("Account inactivated. Contact system administrator."); retcode = LDAP_UNWILLING_TO_PERFORM; /* user inactivated */ goto done; /* skip the pam stuff */ } if (!pam_id.str) { errmsg = PR_smprintf("Bind DN [%s] is invalid or not found", binddn); retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */ goto done; /* skip the pam stuff */ } /* do the pam stuff */ my_data.pb = pb; my_data.pam_identity = pam_id.str; my_pam_conv.appdata_ptr = &my_data; slapi_lock_mutex(PAMLock); /* from this point on we are in the critical section */ rc = pam_start(pam_service, pam_id.str, &my_pam_conv, &pam_handle); report_pam_error("during pam_start", rc, pam_handle); if (rc == PAM_SUCCESS) { /* use PAM_SILENT - there is no user interaction at this point */ rc = pam_authenticate(pam_handle, 0); report_pam_error("during pam_authenticate", rc, pam_handle); /* check different types of errors here */ if (rc == PAM_USER_UNKNOWN) { errmsg = PR_smprintf("User id [%s] for bind DN [%s] does not exist in PAM", pam_id.str, binddn); retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */ } else if (rc == PAM_AUTH_ERR) { errmsg = PR_smprintf("Invalid PAM password for user id [%s], bind DN [%s]", pam_id.str, binddn); retcode = LDAP_INVALID_CREDENTIALS; /* invalid creds */ } else if (rc == PAM_MAXTRIES) { errmsg = PR_smprintf("Authentication retry limit exceeded in PAM for " "user id [%s], bind DN [%s]", pam_id.str, binddn); if (pw_response_requested) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_ACCTLOCKED); } retcode = LDAP_CONSTRAINT_VIOLATION; /* max retries */ } else if (rc != PAM_SUCCESS) { errmsg = PR_smprintf("Unknown PAM error [%s] for user id [%s], bind DN [%s]", pam_strerror(pam_handle, rc), pam_id.str, binddn); retcode = LDAP_OPERATIONS_ERROR; /* pam config or network problem */ } } /* if user authenticated successfully, see if there is anything we need to report back w.r.t. password or account lockout */ if (rc == PAM_SUCCESS) { rc = pam_acct_mgmt(pam_handle, 0); report_pam_error("during pam_acct_mgmt", rc, pam_handle); /* check different types of errors here */ if (rc == PAM_USER_UNKNOWN) { errmsg = PR_smprintf("User id [%s] for bind DN [%s] does not exist in PAM", pam_id.str, binddn); retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */ } else if (rc == PAM_AUTH_ERR) { errmsg = PR_smprintf("Invalid PAM password for user id [%s], bind DN [%s]", pam_id.str, binddn); retcode = LDAP_INVALID_CREDENTIALS; /* invalid creds */ } else if (rc == PAM_PERM_DENIED) { errmsg = PR_smprintf("Access denied for PAM user id [%s], bind DN [%s]" " - see administrator", pam_id.str, binddn); if (pw_response_requested) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_ACCTLOCKED); } retcode = LDAP_UNWILLING_TO_PERFORM; } else if (rc == PAM_ACCT_EXPIRED) { errmsg = PR_smprintf("Expired PAM password for user id [%s], bind DN [%s]: " "reset required", pam_id.str, binddn); slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); if (pw_response_requested) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED); } retcode = LDAP_INVALID_CREDENTIALS; } else if (rc == PAM_NEW_AUTHTOK_REQD) { /* handled same way as ACCT_EXPIRED */ errmsg = PR_smprintf("Expired PAM password for user id [%s], bind DN [%s]: " "reset required", pam_id.str, binddn); slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); if (pw_response_requested) { slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDEXPIRED); } retcode = LDAP_INVALID_CREDENTIALS; } else if (rc != PAM_SUCCESS) { errmsg = PR_smprintf("Unknown PAM error [%s] for user id [%s], bind DN [%s]", pam_strerror(pam_handle, rc), pam_id.str, binddn); retcode = LDAP_OPERATIONS_ERROR; /* unknown */ } } rc = pam_end(pam_handle, rc); report_pam_error("during pam_end", rc, pam_handle); slapi_unlock_mutex(PAMLock); /* not in critical section any more */ done: delete_my_str_buf(&pam_id); if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) { errmsg = PR_smprintf("Unknown PAM error [%d] for user id [%s], bind DN [%s]", rc, pam_id.str, binddn); retcode = LDAP_OPERATIONS_ERROR; } if (retcode != LDAP_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "%s\n", errmsg); if (final_method && !fallback) { slapi_send_ldap_result(pb, retcode, NULL, errmsg, 0, NULL); } } if (errmsg) { PR_smprintf_free(errmsg); } return retcode; }
static void authenticate (const struct passwd *pw) { const struct passwd *lpw = NULL; const char *cp, *srvname = NULL; int retval; switch (su_mode) { case SU_MODE: srvname = simulate_login ? PAM_SRVNAME_SU_L : PAM_SRVNAME_SU; break; case RUNUSER_MODE: srvname = simulate_login ? PAM_SRVNAME_RUNUSER_L : PAM_SRVNAME_RUNUSER; break; default: abort(); break; } retval = pam_start (srvname, pw->pw_name, &conv, &pamh); if (is_pam_failure(retval)) goto done; if (isatty (0) && (cp = ttyname (0)) != NULL) { const char *tty; if (strncmp (cp, "/dev/", 5) == 0) tty = cp + 5; else tty = cp; retval = pam_set_item (pamh, PAM_TTY, tty); if (is_pam_failure(retval)) goto done; } lpw = current_getpwuid (); if (lpw && lpw->pw_name) { retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); if (is_pam_failure(retval)) goto done; } if (su_mode == RUNUSER_MODE) { /* * This is the only difference between runuser(1) and su(1). The command * runuser(1) does not required authentication, because user is root. */ if (restricted) errx(EXIT_FAILURE, _("may not be used by non-root users")); return; } retval = pam_authenticate (pamh, 0); if (is_pam_failure(retval)) goto done; retval = pam_acct_mgmt (pamh, 0); if (retval == PAM_NEW_AUTHTOK_REQD) { /* Password has expired. Offer option to change it. */ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); } done: log_syslog(pw, !is_pam_failure(retval)); if (is_pam_failure(retval)) { const char *msg; log_btmp(pw); msg = pam_strerror(pamh, retval); pam_end(pamh, retval); sleep (getlogindefs_num ("FAIL_DELAY", 1)); errx (EXIT_FAILURE, "%s", msg?msg:_("incorrect password")); } }
int main(int argc, char **argv) { int devnull_fd = -1; #ifdef TIOCNOTTY int tty_fd = -1; #endif #ifdef HAVE_PAM pam_handle_t *pamh = NULL; int pamr; const char *const *pamenv = NULL; #endif int opt; size_t size = 0; bool start = false; bool stop = false; bool oknodo = false; bool test = false; char *exec = NULL; char *startas = NULL; char *name = NULL; char *pidfile = NULL; char *retry = NULL; int sig = -1; int nicelevel = 0, ionicec = -1, ioniced = 0; bool background = false; bool makepidfile = false; bool interpreted = false; bool progress = false; uid_t uid = 0; gid_t gid = 0; char *home = NULL; int tid = 0; char *redirect_stderr = NULL; char *redirect_stdout = NULL; char *stderr_process = NULL; char *stdout_process = NULL; int stdin_fd; int stdout_fd; int stderr_fd; pid_t pid, spid; RC_PIDLIST *pids; int i; char *svcname = getenv("RC_SVCNAME"); RC_STRINGLIST *env_list; RC_STRING *env; char *tmp, *newpath, *np; char *p; char *token; char *exec_file = NULL; struct passwd *pw; struct group *gr; char *line = NULL; FILE *fp; size_t len; mode_t numask = 022; char **margv; unsigned int start_wait = 0; applet = basename_c(argv[0]); atexit(cleanup); signal_setup(SIGINT, handle_signal); signal_setup(SIGQUIT, handle_signal); signal_setup(SIGTERM, handle_signal); if ((tmp = getenv("SSD_NICELEVEL"))) if (sscanf(tmp, "%d", &nicelevel) != 1) eerror("%s: invalid nice level `%s' (SSD_NICELEVEL)", applet, tmp); if ((tmp = getenv("SSD_IONICELEVEL"))) { int n = sscanf(tmp, "%d:%d", &ionicec, &ioniced); if (n != 1 && n != 2) eerror("%s: invalid ionice level `%s' (SSD_IONICELEVEL)", applet, tmp); if (ionicec == 0) ioniced = 0; else if (ionicec == 3) ioniced = 7; ionicec <<= 13; /* class shift */ } /* Get our user name and initial dir */ p = getenv("USER"); home = getenv("HOME"); if (home == NULL || p == NULL) { pw = getpwuid(getuid()); if (pw != NULL) { if (p == NULL) setenv("USER", pw->pw_name, 1); if (home == NULL) { setenv("HOME", pw->pw_dir, 1); home = pw->pw_dir; } } } while ((opt = getopt_long(argc, argv, getoptstring, longopts, (int *) 0)) != -1) switch (opt) { case 'I': /* --ionice */ if (sscanf(optarg, "%d:%d", &ionicec, &ioniced) == 0) eerrorx("%s: invalid ionice `%s'", applet, optarg); if (ionicec == 0) ioniced = 0; else if (ionicec == 3) ioniced = 7; ionicec <<= 13; /* class shift */ break; case 'K': /* --stop */ stop = true; break; case 'N': /* --nice */ if (sscanf(optarg, "%d", &nicelevel) != 1) eerrorx("%s: invalid nice level `%s'", applet, optarg); break; case 'P': /* --progress */ progress = true; break; case 'R': /* --retry <schedule>|<timeout> */ retry = optarg; break; case 'S': /* --start */ start = true; break; case 'b': /* --background */ background = true; break; case 'c': /* --chuid <username>|<uid> */ /* DEPRECATED */ ewarn("WARNING: -c/--chuid is deprecated and will be removed in the future, please use -u/--user instead"); /* falls through */ case 'u': /* --user <username>|<uid> */ { p = optarg; tmp = strsep(&p, ":"); changeuser = xstrdup(tmp); if (sscanf(tmp, "%d", &tid) != 1) pw = getpwnam(tmp); else pw = getpwuid((uid_t)tid); if (pw == NULL) eerrorx("%s: user `%s' not found", applet, tmp); uid = pw->pw_uid; home = pw->pw_dir; unsetenv("HOME"); if (pw->pw_dir) setenv("HOME", pw->pw_dir, 1); unsetenv("USER"); if (pw->pw_name) setenv("USER", pw->pw_name, 1); if (gid == 0) gid = pw->pw_gid; if (p) { tmp = strsep (&p, ":"); if (sscanf(tmp, "%d", &tid) != 1) gr = getgrnam(tmp); else gr = getgrgid((gid_t) tid); if (gr == NULL) eerrorx("%s: group `%s'" " not found", applet, tmp); gid = gr->gr_gid; } } break; case 'd': /* --chdir /new/dir */ ch_dir = optarg; break; case 'e': /* --env */ putenv(optarg); break; case 'g': /* --group <group>|<gid> */ if (sscanf(optarg, "%d", &tid) != 1) gr = getgrnam(optarg); else gr = getgrgid((gid_t)tid); if (gr == NULL) eerrorx("%s: group `%s' not found", applet, optarg); gid = gr->gr_gid; break; case 'i': /* --interpreted */ interpreted = true; break; case 'k': if (parse_mode(&numask, optarg)) eerrorx("%s: invalid mode `%s'", applet, optarg); break; case 'm': /* --make-pidfile */ makepidfile = true; break; case 'n': /* --name <process-name> */ name = optarg; break; case 'o': /* --oknodo */ /* DEPRECATED */ ewarn("WARNING: -o/--oknodo is deprecated and will be removed in the future"); oknodo = true; break; case 'p': /* --pidfile <pid-file> */ pidfile = optarg; break; case 's': /* --signal <signal> */ sig = parse_signal(applet, optarg); break; case 't': /* --test */ test = true; break; case 'r': /* --chroot /new/root */ ch_root = optarg; break; case 'a': /* --startas <name> */ /* DEPRECATED */ ewarn("WARNING: -a/--startas is deprecated and will be removed in the future, please use -x/--exec or -n/--name instead"); startas = optarg; break; case 'w': if (sscanf(optarg, "%d", &start_wait) != 1) eerrorx("%s: `%s' not a number", applet, optarg); break; case 'x': /* --exec <executable> */ exec = optarg; break; case '1': /* --stdout /path/to/stdout.lgfile */ redirect_stdout = optarg; break; case '2': /* --stderr /path/to/stderr.logfile */ redirect_stderr = optarg; break; case '3': /* --stdout-logger "command to run for stdout logging" */ stdout_process = optarg; break; case '4': /* --stderr-logger "command to run for stderr logging" */ stderr_process = optarg; break; case_RC_COMMON_GETOPT } endpwent(); argc -= optind; argv += optind; /* Allow start-stop-daemon --signal HUP --exec /usr/sbin/dnsmasq * instead of forcing --stop --oknodo as well */ if (!start && !stop && sig != SIGINT && sig != SIGTERM && sig != SIGQUIT && sig != SIGKILL) oknodo = true; if (!exec) exec = startas; else if (!name) name = startas; if (!exec) { exec = *argv; if (!exec) exec = name; if (name && start) *argv = name; } else if (name) { *--argv = name; ++argc; } else if (exec) { *--argv = exec; ++argc; }; if (stop || sig != -1) { if (sig == -1) sig = SIGTERM; if (!*argv && !pidfile && !name && !uid) eerrorx("%s: --stop needs --exec, --pidfile," " --name or --user", applet); if (background) eerrorx("%s: --background is only relevant with" " --start", applet); if (makepidfile) eerrorx("%s: --make-pidfile is only relevant with" " --start", applet); if (redirect_stdout || redirect_stderr) eerrorx("%s: --stdout and --stderr are only relevant" " with --start", applet); if (stdout_process || stderr_process) eerrorx("%s: --stdout-logger and --stderr-logger are only relevant" " with --start", applet); if (start_wait) ewarn("using --wait with --stop has no effect," " use --retry instead"); } else { if (!exec) eerrorx("%s: nothing to start", applet); if (makepidfile && !pidfile) eerrorx("%s: --make-pidfile is only relevant with" " --pidfile", applet); if ((redirect_stdout || redirect_stderr) && !background) eerrorx("%s: --stdout and --stderr are only relevant" " with --background", applet); if ((stdout_process || stderr_process) && !background) eerrorx("%s: --stdout-logger and --stderr-logger are only relevant" " with --background", applet); if (redirect_stdout && stdout_process) eerrorx("%s: do not use --stdout and --stdout-logger together", applet); if (redirect_stderr && stderr_process) eerrorx("%s: do not use --stderr and --stderr-logger together", applet); } /* Expand ~ */ if (ch_dir && *ch_dir == '~') ch_dir = expand_home(home, ch_dir); if (ch_root && *ch_root == '~') ch_root = expand_home(home, ch_root); if (exec) { if (*exec == '~') exec = expand_home(home, exec); /* Validate that the binary exists if we are starting */ if (*exec == '/' || *exec == '.') { /* Full or relative path */ if (ch_root) xasprintf(&exec_file, "%s/%s", ch_root, exec); else xasprintf(&exec_file, "%s", exec); } else { /* Something in $PATH */ p = tmp = xstrdup(getenv("PATH")); exec_file = NULL; while ((token = strsep(&p, ":"))) { if (ch_root) xasprintf(&exec_file, "%s/%s/%s", ch_root, token, exec); else xasprintf(&exec_file, "%s/%s", token, exec); if (exec_file && exists(exec_file)) break; free(exec_file); exec_file = NULL; } free(tmp); } } if (start && !exists(exec_file)) { eerror("%s: %s does not exist", applet, *exec_file ? exec_file : exec); free(exec_file); exit(EXIT_FAILURE); } if (start && retry) ewarn("using --retry with --start has no effect," " use --wait instead"); /* If we don't have a pidfile we should check if it's interpreted * or not. If it we, we need to pass the interpreter through * to our daemon calls to find it correctly. */ if (interpreted && !pidfile) { fp = fopen(exec_file, "r"); if (fp) { line = NULL; if (getline(&line, &size, fp) == -1) eerrorx("%s: %s", applet, strerror(errno)); p = line; fclose(fp); if (p != NULL && line[0] == '#' && line[1] == '!') { p = line + 2; /* Strip leading spaces */ while (*p == ' ' || *p == '\t') p++; /* Remove the trailing newline */ len = strlen(p) - 1; if (p[len] == '\n') p[len] = '\0'; token = strsep(&p, " "); free(exec_file); xasprintf(&exec_file, "%s", token); opt = 0; for (nav = argv; *nav; nav++) opt++; nav = xmalloc(sizeof(char *) * (opt + 3)); nav[0] = exec_file; len = 1; if (p) nav[len++] = p; for (i = 0; i < opt; i++) nav[i + len] = argv[i]; nav[i + len] = '\0'; } } } margv = nav ? nav : argv; if (stop || sig != -1) { if (sig == -1) sig = SIGTERM; if (!stop) oknodo = true; if (retry) parse_schedule(applet, retry, sig); else if (test || oknodo) parse_schedule(applet, "0", sig); else parse_schedule(applet, NULL, sig); if (pidfile) { pid = get_pid(applet, pidfile); if (pid == -1 && errno != ENOENT) exit(EXIT_FAILURE); } else { pid = 0; } i = run_stop_schedule(applet, exec, (const char *const *)margv, pid, uid, test, progress, false); if (i < 0) /* We failed to stop something */ exit(EXIT_FAILURE); if (test || oknodo) return i > 0 ? EXIT_SUCCESS : EXIT_FAILURE; /* Even if we have not actually killed anything, we should * remove information about it as it may have unexpectedly * crashed out. We should also return success as the end * result would be the same. */ if (pidfile && exists(pidfile)) unlink(pidfile); if (svcname) rc_service_daemon_set(svcname, exec, (const char *const *)argv, pidfile, false); exit(EXIT_SUCCESS); } if (pidfile) pid = get_pid(applet, pidfile); else pid = 0; if (pid) pids = rc_find_pids(NULL, NULL, 0, pid); else pids = rc_find_pids(exec, (const char * const *) argv, uid, 0); if (pids) eerrorx("%s: %s is already running", applet, exec); free(pids); if (test) { if (rc_yesno(getenv("EINFO_QUIET"))) exit (EXIT_SUCCESS); einfon("Would start"); while (argc-- > 0) printf(" %s", *argv++); printf("\n"); eindent(); if (uid != 0) einfo("as user id %d", uid); if (gid != 0) einfo("as group id %d", gid); if (ch_root) einfo("in root `%s'", ch_root); if (ch_dir) einfo("in dir `%s'", ch_dir); if (nicelevel != 0) einfo("with a priority of %d", nicelevel); if (name) einfo ("with a process name of %s", name); eoutdent(); exit(EXIT_SUCCESS); } ebeginv("Detaching to start `%s'", exec); eindentv(); /* Remove existing pidfile */ if (pidfile) unlink(pidfile); if (background) signal_setup(SIGCHLD, handle_signal); if ((pid = fork()) == -1) eerrorx("%s: fork: %s", applet, strerror(errno)); /* Child process - lets go! */ if (pid == 0) { pid_t mypid = getpid(); umask(numask); #ifdef TIOCNOTTY tty_fd = open("/dev/tty", O_RDWR); #endif devnull_fd = open("/dev/null", O_RDWR); if (nicelevel) { if (setpriority(PRIO_PROCESS, mypid, nicelevel) == -1) eerrorx("%s: setpritory %d: %s", applet, nicelevel, strerror(errno)); } if (ionicec != -1 && ioprio_set(1, mypid, ionicec | ioniced) == -1) eerrorx("%s: ioprio_set %d %d: %s", applet, ionicec, ioniced, strerror(errno)); if (ch_root && chroot(ch_root) < 0) eerrorx("%s: chroot `%s': %s", applet, ch_root, strerror(errno)); if (ch_dir && chdir(ch_dir) < 0) eerrorx("%s: chdir `%s': %s", applet, ch_dir, strerror(errno)); if (makepidfile && pidfile) { fp = fopen(pidfile, "w"); if (! fp) eerrorx("%s: fopen `%s': %s", applet, pidfile, strerror(errno)); fprintf(fp, "%d\n", mypid); fclose(fp); } #ifdef HAVE_PAM if (changeuser != NULL) { pamr = pam_start("start-stop-daemon", changeuser, &conv, &pamh); if (pamr == PAM_SUCCESS) pamr = pam_acct_mgmt(pamh, PAM_SILENT); if (pamr == PAM_SUCCESS) pamr = pam_open_session(pamh, PAM_SILENT); if (pamr != PAM_SUCCESS) eerrorx("%s: pam error: %s", applet, pam_strerror(pamh, pamr)); } #endif if (gid && setgid(gid)) eerrorx("%s: unable to set groupid to %d", applet, gid); if (changeuser && initgroups(changeuser, gid)) eerrorx("%s: initgroups (%s, %d)", applet, changeuser, gid); if (uid && setuid(uid)) eerrorx ("%s: unable to set userid to %d", applet, uid); /* Close any fd's to the passwd database */ endpwent(); #ifdef TIOCNOTTY ioctl(tty_fd, TIOCNOTTY, 0); close(tty_fd); #endif /* Clean the environment of any RC_ variables */ env_list = rc_stringlist_new(); i = 0; while (environ[i]) rc_stringlist_add(env_list, environ[i++]); #ifdef HAVE_PAM if (changeuser != NULL) { pamenv = (const char *const *)pam_getenvlist(pamh); if (pamenv) { while (*pamenv) { /* Don't add strings unless they set a var */ if (strchr(*pamenv, '=')) putenv(xstrdup(*pamenv)); else unsetenv(*pamenv); pamenv++; } } } #endif TAILQ_FOREACH(env, env_list, entries) { if ((strncmp(env->value, "RC_", 3) == 0 && strncmp(env->value, "RC_SERVICE=", 10) != 0 && strncmp(env->value, "RC_SVCNAME=", 10) != 0) || strncmp(env->value, "SSD_NICELEVEL=", 14) == 0 || strncmp(env->value, "SSD_IONICELEVEL=", 16) == 0) { p = strchr(env->value, '='); *p = '\0'; unsetenv(env->value); continue; } } rc_stringlist_free(env_list); /* For the path, remove the rcscript bin dir from it */ if ((token = getenv("PATH"))) { len = strlen(token); newpath = np = xmalloc(len + 1); while (token && *token) { p = strchr(token, ':'); if (p) { *p++ = '\0'; while (*p == ':') p++; } if (strcmp(token, RC_LIBEXECDIR "/bin") != 0 && strcmp(token, RC_LIBEXECDIR "/sbin") != 0) { len = strlen(token); if (np != newpath) *np++ = ':'; memcpy(np, token, len); np += len; } token = p; } *np = '\0'; unsetenv("PATH"); setenv("PATH", newpath, 1); } stdin_fd = devnull_fd; stdout_fd = devnull_fd; stderr_fd = devnull_fd; if (redirect_stdout) { if ((stdout_fd = open(redirect_stdout, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)) == -1) eerrorx("%s: unable to open the logfile" " for stdout `%s': %s", applet, redirect_stdout, strerror(errno)); }else if (stdout_process) { stdout_fd = rc_pipe_command(stdout_process); if (stdout_fd == -1) eerrorx("%s: unable to open the logging process" " for stdout `%s': %s", applet, stdout_process, strerror(errno)); } if (redirect_stderr) { if ((stderr_fd = open(redirect_stderr, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)) == -1) eerrorx("%s: unable to open the logfile" " for stderr `%s': %s", applet, redirect_stderr, strerror(errno)); }else if (stderr_process) { stderr_fd = rc_pipe_command(stderr_process); if (stderr_fd == -1) eerrorx("%s: unable to open the logging process" " for stderr `%s': %s", applet, stderr_process, strerror(errno)); } if (background) dup2(stdin_fd, STDIN_FILENO); if (background || redirect_stdout || stdout_process || rc_yesno(getenv("EINFO_QUIET"))) dup2(stdout_fd, STDOUT_FILENO); if (background || redirect_stderr || stderr_process || rc_yesno(getenv("EINFO_QUIET"))) dup2(stderr_fd, STDERR_FILENO); for (i = getdtablesize() - 1; i >= 3; --i) close(i); setsid(); execvp(exec, argv); #ifdef HAVE_PAM if (changeuser != NULL && pamr == PAM_SUCCESS) pam_close_session(pamh, PAM_SILENT); #endif eerrorx("%s: failed to exec `%s': %s", applet, exec,strerror(errno)); }
/* * Check authentication against PAM. */ static int CheckPAMAuth(Port *port, char *user, char *password) { int retval; pam_handle_t *pamh = NULL; /* * Apparently, Solaris 2.6 is broken, and needs ugly static variable * workaround */ pam_passwd = password; /* * Set the application data portion of the conversation struct This is * later used inside the PAM conversation to pass the password to the * authentication module. */ pam_passw_conv.appdata_ptr = (char *) password; /* from password above, * not allocated */ /* Optionally, one can set the service name in pg_hba.conf */ if (port->auth_arg && port->auth_arg[0] != '\0') retval = pam_start(port->auth_arg, "pgsql@", &pam_passw_conv, &pamh); else retval = pam_start(PGSQL_PAM_SERVICE, "pgsql@", &pam_passw_conv, &pamh); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("could not create PAM authenticator: %s", pam_strerror(pamh, retval)))); pam_passwd = NULL; /* Unset pam_passwd */ return STATUS_ERROR; } retval = pam_set_item(pamh, PAM_USER, user); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("pam_set_item(PAM_USER) failed: %s", pam_strerror(pamh, retval)))); pam_passwd = NULL; /* Unset pam_passwd */ return STATUS_ERROR; } retval = pam_set_item(pamh, PAM_CONV, &pam_passw_conv); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("pam_set_item(PAM_CONV) failed: %s", pam_strerror(pamh, retval)))); pam_passwd = NULL; /* Unset pam_passwd */ return STATUS_ERROR; } retval = pam_authenticate(pamh, 0); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("pam_authenticate failed: %s", pam_strerror(pamh, retval)))); pam_passwd = NULL; /* Unset pam_passwd */ return STATUS_ERROR; } retval = pam_acct_mgmt(pamh, 0); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("pam_acct_mgmt failed: %s", pam_strerror(pamh, retval)))); pam_passwd = NULL; /* Unset pam_passwd */ return STATUS_ERROR; } retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { ereport(LOG, (errmsg("could not release PAM authenticator: %s", pam_strerror(pamh, retval)))); } pam_passwd = NULL; /* Unset pam_passwd */ return (retval == PAM_SUCCESS ? STATUS_OK : STATUS_ERROR); }
/* * check_perms - check if the caller is allowed to add a group * * Non-root users are only allowed to change their gecos field. * (see also may_change_field()) * * Non-root users must be authenticated. * * It will not return if the user is not allowed. */ static void check_perms (const struct passwd *pw) { #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; struct passwd *pampw; #endif /* * Non-privileged users are only allowed to change the gecos field * if the UID of the user matches the current real UID. */ if (!amroot && pw->pw_uid != getuid ()) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); } #ifdef WITH_SELINUX /* * If the UID of the user does not match the current real UID, * check if the change is allowed by SELinux policy. */ if ((pw->pw_uid != getuid ()) && (is_selinux_enabled () > 0) && (selinux_check_passwd_access (PASSWD__CHFN) != 0)) { fprintf (stderr, _("%s: Permission denied.\n"), Prog); closelog (); exit (E_NOPERM); } #endif #ifndef USE_PAM /* * Non-privileged users are optionally authenticated (must enter the * password of the user whose information is being changed) before * any changes can be made. Idea from util-linux chfn/chsh. * --marekm */ if (!amroot && getdef_bool ("CHFN_AUTH")) { passwd_check (pw->pw_name, pw->pw_passwd, "chfn"); } #else /* !USE_PAM */ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (E_NOPERM); } retval = pam_start ("chfn", pampw->pw_name, &conv, &pamh); if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (NULL != pamh) { (void) pam_end (pamh, retval); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (E_NOPERM); } #endif /* USE_PAM */ }
static int open_session (pam_handle_t *pamh) { struct passwd *buf = NULL; const char *name; int res; name = NULL; pwd = NULL; res = pam_get_item (pamh, PAM_USER, (const void **)&name); if (res != PAM_SUCCESS) { warnx ("couldn't load user from pam"); return res; } /* Yes, buf "leaks" */ buf = malloc (sizeof (struct passwd) + 8192); if (buf == NULL) res = ENOMEM; else res = getpwnam_r (name, buf, (char *)(buf + 1), 8192, &pwd); if (pwd == NULL) { warnx ("couldn't load user info for: %s: %s", name, res == 0 ? "not found" : strerror (res)); return PAM_SYSTEM_ERR; } /* * If we're already running as the right user, and have authenticated * then skip starting a new session. This is used when testing, or * running as your own user. */ want_session = !(geteuid () != 0 && geteuid () == pwd->pw_uid && getuid () == pwd->pw_uid && getegid () == pwd->pw_gid && getgid () == pwd->pw_gid); if (want_session) { debug ("checking access for %s", name); res = pam_acct_mgmt (pamh, 0); if (res != PAM_SUCCESS) { warnx ("user account access failed: %s: %s", name, pam_strerror (pamh, res)); /* We change PAM_AUTH_ERR to PAM_PERM_DENIED so that we can * distinguish between failures here and in * * pam_authenticate. */ if (res == PAM_AUTH_ERR) res = PAM_PERM_DENIED; return res; } debug ("opening pam session for %s", name); pam_putenv (pamh, "XDG_SESSION_CLASS=user"); res = pam_setcred (pamh, PAM_ESTABLISH_CRED); if (res != PAM_SUCCESS) { warnx ("establishing credentials failed: %s: %s", name, pam_strerror (pamh, res)); return res; } res = pam_open_session (pamh, 0); if (res != PAM_SUCCESS) { warnx ("couldn't open session: %s: %s", name, pam_strerror (pamh, res)); return res; } res = pam_setcred (pamh, PAM_REINITIALIZE_CRED); if (res != PAM_SUCCESS) { warnx ("reinitializing credentials failed: %s: %s", name, pam_strerror (pamh, res)); return res; } } return PAM_SUCCESS; }
int vsf_sysdep_check_auth(struct mystr* p_user_str, const struct mystr* p_pass_str, const struct mystr* p_remote_host) { int retval; #ifdef PAM_USER pam_item_t item; const char* pam_user_name = 0; #endif struct pam_conv the_conv = { &pam_conv_func, 0 }; if (s_pamh != 0) { bug("vsf_sysdep_check_auth"); } str_copy(&s_pword_str, p_pass_str); retval = pam_start(tunable_pam_service_name, str_getbuf(p_user_str), &the_conv, &s_pamh); if (retval != PAM_SUCCESS) { s_pamh = 0; return 0; } #ifdef PAM_RHOST retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host)); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } #endif #ifdef PAM_TTY retval = pam_set_item(s_pamh, PAM_TTY, "ftp"); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } #endif #ifdef PAM_RUSER retval = pam_set_item(s_pamh, PAM_RUSER, str_getbuf(p_user_str)); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } #endif retval = pam_authenticate(s_pamh, 0); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } #ifdef PAM_USER retval = pam_get_item(s_pamh, PAM_USER, &item); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } pam_user_name = item; str_alloc_text(p_user_str, pam_user_name); #endif retval = pam_acct_mgmt(s_pamh, 0); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } retval = pam_setcred(s_pamh, PAM_ESTABLISH_CRED); if (retval != PAM_SUCCESS) { (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } if (!tunable_session_support) { /* You're in already! */ (void) pam_end(s_pamh, retval); s_pamh = 0; return 1; } /* Must do this BEFORE opening a session for pam_limits to count us */ vsf_insert_uwtmp(p_user_str, p_remote_host); retval = pam_open_session(s_pamh, 0); if (retval != PAM_SUCCESS) { vsf_remove_uwtmp(); (void) pam_setcred(s_pamh, PAM_DELETE_CRED); (void) pam_end(s_pamh, retval); s_pamh = 0; return 0; } /* We MUST ensure the PAM session, utmp, wtmp etc. are cleaned up, however * we exit. */ vsf_sysutil_set_exit_func(vsf_auth_shutdown); /* You're in dude */ return 1; }
int pam_authenticate_session(char** username, int fd) { int rv; if ((rv = pam_start(PAM_APPL_NAME, *username, &conv, &pam_h)) != PAM_SUCCESS) fatal("pam_start() failure: %d", rv); #ifdef SUN_PAM_TTY_BUG if ((rv = pam_set_item(pam_h, PAM_TTY, "/dev/nld")) != PAM_SUCCESS) fatal("pam_set_item(PAM_TTY,/dev/nld"); #endif pam_conv_fd = fd; if ((rv = pam_authenticate(pam_h, 0)) != PAM_SUCCESS) { debug("pam_authenticate(): %s", pam_strerror(pam_h, rv)); pam_conv_fd = -1; return -1; } rv = pam_acct_mgmt(pam_h, 0); char* pam_user = 0; if ((rv = pam_get_item(pam_h, PAM_USER, (PAM_CONST void**)&pam_user)) != PAM_SUCCESS) { pam_user = 0; debug("pam_get_item(PAM_USER): %s", pam_strerror(pam_h, rv)); } else if (!(pam_user = strdup(pam_user))) fatal("malloc()"); else { free(*username); *username = pam_user; } if (rv == PAM_NEW_AUTHTOK_REQD) { debug("pam_acct_mgmt(): PAM_NEW_AUTHTOK_REQD for %s", *username); #if CHAUTHTOK_CHECKS_RUID struct passwd pw, *pwp; char pw_buf[1024]; rv = getpwnam_r(*username, &pw, pw_buf, sizeof(pw_buf), &pwp); if (!pwp) { if (rv) { errno = rv; perror("Fetching user for pam_chauthtok failed. getpwnam_r()"); } else debug("Fetching user for pam_chauthtok failed: not found"); pam_conv_fd = -1; return -1; } if (setreuid(pw.pw_uid,-1) < 0) perror_fatal("setreuid() for pam_chauthtok failed"); #endif rv = pam_chauthtok(pam_h, PAM_CHANGE_EXPIRED_AUTHTOK); #if CHAUTHTOK_CHECKS_RUID if (setreuid(0,-1) < 0) perror_fatal("setreuid() after pam_chauthtok failed"); #endif if (rv != PAM_SUCCESS) { debug("pam_chauthtok(PAM_CHANGE_EXPIRED_AUTHTOK): %s", pam_strerror(pam_h, rv)); pam_conv_fd = -1; return -1; } } else if (rv != PAM_SUCCESS) { debug("pam_acct_mgmt(): %s", pam_strerror(pam_h, rv)); pam_conv_fd = -1; return -1; } pam_conv_fd = -1; authenticated = 1; return 0; }
void doit(struct sockaddr *fromp) { extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ struct passwd *pwd; u_short port; fd_set ready, readfrom; int cc, fd, nfd, pv[2], pid, s; int one = 1; const char *cp, *errorstr; char sig, buf[BUFSIZ]; char *cmdbuf, luser[16], ruser[16]; char rhost[2 * MAXHOSTNAMELEN + 1]; char numericname[INET6_ADDRSTRLEN]; int af, srcport; int maxcmdlen; login_cap_t *lc; maxcmdlen = (int)sysconf(_SC_ARG_MAX); if (maxcmdlen <= 0 || (cmdbuf = malloc(maxcmdlen)) == NULL) exit(1); (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); (void) signal(SIGTERM, SIG_DFL); af = fromp->sa_family; srcport = ntohs(*((in_port_t *)&fromp->sa_data)); if (af == AF_INET) { inet_ntop(af, &((struct sockaddr_in *)fromp)->sin_addr, numericname, sizeof numericname); } else if (af == AF_INET6) { inet_ntop(af, &((struct sockaddr_in6 *)fromp)->sin6_addr, numericname, sizeof numericname); } else { syslog(LOG_ERR, "malformed \"from\" address (af %d)", af); exit(1); } #ifdef IP_OPTIONS if (af == AF_INET) { u_char optbuf[BUFSIZ/3]; socklen_t optsize = sizeof(optbuf), ipproto, i; struct protoent *ip; if ((ip = getprotobyname("ip")) != NULL) ipproto = ip->p_proto; else ipproto = IPPROTO_IP; if (!getsockopt(0, ipproto, IP_OPTIONS, optbuf, &optsize) && optsize != 0) { for (i = 0; i < optsize; ) { u_char c = optbuf[i]; if (c == IPOPT_LSRR || c == IPOPT_SSRR) { syslog(LOG_NOTICE, "connection refused from %s with IP option %s", numericname, c == IPOPT_LSRR ? "LSRR" : "SSRR"); exit(1); } if (c == IPOPT_EOL) break; i += (c == IPOPT_NOP) ? 1 : optbuf[i+1]; } } } #endif if (srcport >= IPPORT_RESERVED || srcport < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "connection from %s on illegal port %u", numericname, srcport); exit(1); } (void) alarm(60); port = 0; s = 0; /* not set or used if port == 0 */ for (;;) { char c; if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { if (cc < 0) syslog(LOG_NOTICE, "read: %m"); shutdown(0, SHUT_RDWR); exit(1); } if (c == 0) break; port = port * 10 + c - '0'; } (void) alarm(0); if (port != 0) { int lport = IPPORT_RESERVED - 1; s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, "2nd socket from %s on unreserved port %u", numericname, port); exit(1); } *((in_port_t *)&fromp->sa_data) = htons(port); if (connect(s, fromp, fromp->sa_len) < 0) { syslog(LOG_INFO, "connect second port %d: %m", port); exit(1); } } errorstr = NULL; realhostname_sa(rhost, sizeof(rhost) - 1, fromp, fromp->sa_len); rhost[sizeof(rhost) - 1] = '\0'; /* XXX truncation! */ (void) alarm(60); getstr(ruser, sizeof(ruser), "ruser"); getstr(luser, sizeof(luser), "luser"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); pam_err = pam_start("rsh", luser, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_start(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } if ((pam_err = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS || (pam_err = pam_set_item(pamh, PAM_RHOST, rhost)) != PAM_SUCCESS) { syslog(LOG_ERR|LOG_AUTH, "pam_set_item(): %s", pam_strerror(pamh, pam_err)); rshd_errx(1, "Login incorrect."); } pam_err = pam_authenticate(pamh, 0); if (pam_err == PAM_SUCCESS) { if ((pam_err = pam_get_user(pamh, &cp, NULL)) == PAM_SUCCESS) { strncpy(luser, cp, sizeof(luser)); luser[sizeof(luser) - 1] = '\0'; /* XXX truncation! */ } pam_err = pam_acct_mgmt(pamh, 0); } if (pam_err != PAM_SUCCESS) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, pam_strerror(pamh, pam_err), cmdbuf); rshd_errx(1, "Login incorrect."); } setpwent(); pwd = getpwnam(luser); if (pwd == NULL) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: unknown login. cmd='%.80s'", ruser, rhost, luser, cmdbuf); if (errorstr == NULL) errorstr = "Login incorrect."; rshd_errx(1, errorstr, rhost); } lc = login_getpwclass(pwd); if (pwd->pw_uid) auth_checknologin(lc); if (chdir(pwd->pw_dir) < 0) { if (chdir("/") < 0 || login_getcapbool(lc, "requirehome", !!pwd->pw_uid)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: no home directory. cmd='%.80s'", ruser, rhost, luser, cmdbuf); rshd_errx(0, "No remote home directory."); } pwd->pw_dir = slash; } if (lc != NULL && fromp->sa_family == AF_INET) { /*XXX*/ char remote_ip[MAXHOSTNAMELEN]; strncpy(remote_ip, numericname, sizeof(remote_ip) - 1); remote_ip[sizeof(remote_ip) - 1] = 0; /* XXX truncation! */ if (!auth_hostok(lc, rhost, remote_ip)) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", ruser, rhost, luser, __rcmd_errstr, cmdbuf); rshd_errx(1, "Login incorrect."); } if (!auth_timeok(lc, time(NULL))) rshd_errx(1, "Logins not available right now"); } /* * PAM modules might add supplementary groups in * pam_setcred(), so initialize them first. * But we need to open the session as root. */ if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETGROUP) != 0) { syslog(LOG_ERR, "setusercontext: %m"); exit(1); } if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_open_session: %s", pam_strerror(pamh, pam_err)); } else if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, pam_err)); } (void) write(STDERR_FILENO, "\0", 1); sent_null = 1; if (port) { if (pipe(pv) < 0) rshd_errx(1, "Can't make pipe."); pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { (void) close(0); (void) close(1); (void) close(2); (void) close(pv[1]); FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); if (pv[0] > s) nfd = pv[0]; else nfd = s; ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); else killpg(pid, sig); } if (FD_ISSET(pv[0], &ready)) { errno = 0; cc = read(pv[0], buf, sizeof(buf)); if (cc <= 0) { shutdown(s, SHUT_RDWR); FD_CLR(pv[0], &readfrom); } else { (void)write(s, buf, cc); } } } while (FD_ISSET(s, &readfrom) || FD_ISSET(pv[0], &readfrom)); PAM_END; exit(0); } (void) close(s); (void) close(pv[0]); dup2(pv[1], 2); close(pv[1]); } else { pid = fork(); if (pid == -1) rshd_errx(1, "Can't fork; try again."); if (pid) { /* Parent. */ while (wait(NULL) > 0 || errno == EINTR) /* nothing */ ; PAM_END; exit(0); } } for (fd = getdtablesize(); fd > 2; fd--) (void) close(fd); if (setsid() == -1) syslog(LOG_ERR, "setsid() failed: %m"); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failed: %m"); if (*pwd->pw_shell == '\0') pwd->pw_shell = bshell; (void) pam_setenv(pamh, "HOME", pwd->pw_dir, 1); (void) pam_setenv(pamh, "SHELL", pwd->pw_shell, 1); (void) pam_setenv(pamh, "USER", pwd->pw_name, 1); (void) pam_setenv(pamh, "PATH", _PATH_DEFPATH, 1); environ = pam_getenvlist(pamh); (void) pam_end(pamh, pam_err); cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { syslog(LOG_ERR, "setusercontext(): %m"); exit(1); } login_close(lc); endpwent(); if (log_success || pwd->pw_uid == 0) { syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", ruser, rhost, luser, cmdbuf); } execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL); err(1, "%s", pwd->pw_shell); exit(1); }
int main(int argc, char *argv[]) { pam_handle_t *pamh; char *user; char *action; int ret; if (argc == 1) { fprintf(stderr, "missing action and user name, using default\n"); action = strdup("auth"); user = strdup("dummy"); } else if (argc == 2) { fprintf(stdout, "using first argument as action and default user name\n"); action = strdup(argv[1]); user = strdup("dummy"); } else { action = strdup(argv[1]); user = strdup(argv[2]); } if (action == NULL || user == NULL) { fprintf(stderr, "Out of memory!\n"); return 1; } fprintf(stdout, "action: %s\nuser: %s\n", action,user); ret = pam_start("sss_test", user, &conv, &pamh); if (ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); return 1; } if ( strncmp(action, "auth", 4)== 0 ) { fprintf(stdout, "testing pam_authenticate\n"); ret = pam_authenticate(pamh, 0); fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "chau", 4)== 0 ) { fprintf(stdout, "testing pam_chauthtok\n"); ret = pam_chauthtok(pamh, 0); fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "acct", 4)== 0 ) { fprintf(stdout, "testing pam_acct_mgmt\n"); ret = pam_acct_mgmt(pamh, 0); fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "setc", 4)== 0 ) { fprintf(stdout, "testing pam_setcred\n"); ret = pam_setcred(pamh, 0); fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); } else if ( strncmp(action, "open", 4)== 0 ) { fprintf(stdout, "testing pam_open_session\n"); ret = pam_open_session(pamh, 0); fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "clos", 4)== 0 ) { fprintf(stdout, "testing pam_close_session\n"); ret = pam_close_session(pamh, 0); fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); } else { fprintf(stderr, "unknown action\n"); } pam_end(pamh, ret); return 0; }
int main(int argc, char *argv[]) { int authenticated = 0; int retcode; char *username; int setcred = 1; if (argc < 2 || argc > 3) { fprintf(stderr, "Usage: %s [-u] <user>\n", argv[0]); exit(1); } if (argc == 3) { if (strcmp(argv[1], "-u") != 0) { fprintf(stderr, "Usage: %s [-u] <user>\n", argv[0]); exit(1); } /* service = "unixtest"; */ setcred = 0; username = argv[2]; } else { username = argv[1]; } if ((retcode = pam_start(service, username, &pam_conv, &pamh)) != PAM_SUCCESS) { fprintf(stderr, "PAM error %d\n", retcode); exit(1); } authenticated = ((retcode = pam_authenticate(pamh, 0)) == PAM_SUCCESS); if (!authenticated) { fprintf(stderr, "PAM couldn't authenticate you.\n"); pam_end(pamh, PAM_ABORT); exit(1); } if ((retcode = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { fprintf(stderr, "pam_acct_mgmt returned %d.\n", retcode); pam_end(pamh, PAM_ABORT); exit(1); } /* pam_open_session */ if (setcred) if ((retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { fprintf(stderr, "pam_setcred returned %d.\n", retcode); pam_end(pamh, PAM_ABORT); exit(1); } if ((retcode = pam_open_session(pamh, PAM_SILENT)) != PAM_SUCCESS) { fprintf(stderr, "pam_open_session returned %d.\n", retcode); pam_end(pamh, PAM_ABORT); exit(1); } pam_end(pamh, PAM_SUCCESS); putenv((char *)new_envstring); putenv((char *)new_homestring); if ((retcode = chdir("/tmp")) != 0) { fprintf(stderr, "chdir returned %d.\n", retcode); exit(1); } printf("Type exit to back out.\n"); return execl("/bin/csh", "/bin/csh", NULL); }
int main(int argc, char **argv) { #ifdef HAVE_LIBPAM int retcode = 0; const char * const * env; #endif #ifdef USE_SETE_ID struct passwd *pass; #endif memset(buf, 0, sizeof(buf)); memset(file, 0, sizeof(file)); if (strrchr(argv[0],'/')==NULL) prog_name = argv[0]; else prog_name = strrchr(argv[0],'/')+1; uid = getuid(); /* get current dir */ if ( getcwd(orig_dir, sizeof(orig_dir)) == NULL ) die_e("getcwd"); /* interpret command line options */ parseopt(argc, argv); #ifdef USE_SETE_ID if ( ! (pass = getpwnam(USERNAME)) ) die("user \"%s\" is not in passwd file. Aborting.", USERNAME); fcrontab_uid = pass->pw_uid; fcrontab_gid = pass->pw_gid; #ifdef HAVE_LIBPAM /* Open PAM session for the user and obtain any security credentials we might need */ debug("username: %s", user); retcode = pam_start("fcrontab", user, &apamconv, &pamh); if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not start PAM"); retcode = pam_authenticate(pamh, 0); /* is user really user? */ if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not authenticate user using PAM (%d)", retcode); retcode = pam_acct_mgmt(pamh, 0); /* permitted access? */ if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not init PAM account management (%d)", retcode); retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not set PAM credentials"); retcode = pam_open_session(pamh, 0); if (retcode != PAM_SUCCESS) die_pame(pamh, retcode, "Could not open PAM session"); env = (const char * const *) pam_getenvlist(pamh); while (env && *env) { if (putenv((char*) *env)) die_e("Could not copy PAM environment"); env++; } /* Close the log here, because PAM calls openlog(3) and our log messages could go to the wrong facility */ xcloselog(); #endif /* USE_PAM */ if (uid != fcrontab_uid) if (seteuid(fcrontab_uid) != 0) die_e("Couldn't change euid to fcrontab_uid[%d]",fcrontab_uid); /* change directory */ if (chdir(fcrontabs) != 0) { error_e("Could not chdir to %s", fcrontabs); xexit (EXIT_ERR); } /* get user's permissions */ if (seteuid(uid) != 0) die_e("Could not change euid to %d", uid); if (setegid(fcrontab_gid) != 0) die_e("Could not change egid to " GROUPNAME "[%d]", fcrontab_gid); #else /* USE_SETE_ID */ if (setuid(ROOTUID) != 0 ) die_e("Could not change uid to ROOTUID"); if (setgid(ROOTGID) != 0) die_e("Could not change gid to ROOTGID"); /* change directory */ if (chdir(fcrontabs) != 0) { error_e("Could not chdir to %s", fcrontabs); xexit (EXIT_ERR); } #endif /* USE_SETE_ID */ /* this program is seteuid : we set default permission mode * to 640 for a normal user, 600 for root, for security reasons */ if ( asuid == ROOTUID ) umask(066); /* octal : '0' + number in octal notation */ else umask(026); snprintf(buf, sizeof(buf), "%s.orig", user); /* determine what action should be taken */ if ( file_opt ) { if ( strcmp(argv[file_opt], "-") == 0 ) xexit(install_stdin()); else { if ( *argv[file_opt] != '/' ) /* this is just the file name, not the path : complete it */ snprintf(file, sizeof(file), "%s/%s", orig_dir, argv[file_opt]); else { strncpy(file, argv[file_opt], sizeof(file) - 1); file[sizeof(file)-1] = '\0'; } if (make_file(file) == OK) xexit(EXIT_OK); else xexit(EXIT_ERR); } } /* remove user's entries */ if ( rm_opt == 1 ) { if ( remove_fcrontab(1) == ENOENT ) fprintf(stderr, "no fcrontab for %s\n", user); xexit (EXIT_OK); } /* list user's entries */ if ( list_opt == 1 ) { list_file(buf); xexit(EXIT_OK); } /* edit user's entries */ if ( edit_opt == 1 ) { edit_file(buf); xexit(EXIT_OK); } /* reinstall user's entries */ if ( reinstall_opt == 1 ) { reinstall(buf); xexit(EXIT_OK); } /* never reached */ return EXIT_OK; }
/** * This function is the PAM conversation driver. It conducts a full * authentication round by invoking the GUI with various prompts. */ void pam_try_unlock(saver_info *si, Bool verbose_p, Bool (*valid_p)(const char *typed_passwd, Bool verbose_p)) { const char *service = PAM_SERVICE_NAME; pam_handle_t *pamh = 0; int status = -1; struct pam_conv pc; sigset_t set; struct timespec timeout; pc.conv = &pam_conversation; pc.appdata_ptr = (void *) si; /* On SunOS 5.6, the `appdata_ptr' slot seems to be ignored, and the `closure' argument to pc.conv always comes in as random garbage. */ suns_pam_implementation_blows = (void *) si; /* Initialize PAM. */ status = pam_start (service, si->user, &pc, &pamh); if (verbose_p) fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n", blurb(), service, si->user, status, PAM_STRERROR (pamh, status)); if (status != PAM_SUCCESS) goto DONE; /* #### We should set PAM_TTY to the display we're using, but we don't have that handy from here. So set it to :0.0, which is a good guess (and has the bonus of counting as a "secure tty" as far as PAM is concerned...) */ { char *tty = strdup (":0.0"); status = pam_set_item (pamh, PAM_TTY, tty); if (verbose_p) fprintf (stderr, "%s: pam_set_item (p, PAM_TTY, \"%s\") ==> %d (%s)\n", blurb(), tty, status, PAM_STRERROR(pamh, status)); free (tty); } /* Try to authenticate as the current user. We must turn off our SIGCHLD handler for the duration of the call to pam_authenticate(), because in some cases, the underlying PAM code will do this: 1: fork a setuid subprocess to do some dirty work; 2: read a response from that subprocess; 3: waitpid(pid, ...) on that subprocess. If we (the ignorant parent process) have a SIGCHLD handler, then there's a race condition between steps 2 and 3: if the subprocess exits before waitpid() was called, then our SIGCHLD handler fires, and gets notified of the subprocess death; then PAM's call to waitpid() fails, because the process has already been reaped. I consider this a bug in PAM, since the caller should be able to have whatever signal handlers it wants -- the PAM documentation doesn't say "oh by the way, if you use PAM, you can't use SIGCHLD." */ PAM_NO_DELAY(pamh); if (verbose_p) fprintf (stderr, "%s: pam_authenticate (...) ...\n", blurb()); timeout.tv_sec = 0; timeout.tv_nsec = 1; set = block_sigchld(); status = pam_authenticate (pamh, 0); # ifdef HAVE_SIGTIMEDWAIT sigtimedwait (&set, NULL, &timeout); /* #### What is the portable thing to do if we don't have it? */ # endif /* HAVE_SIGTIMEDWAIT */ unblock_sigchld(); if (verbose_p) fprintf (stderr, "%s: pam_authenticate (...) ==> %d (%s)\n", blurb(), status, PAM_STRERROR(pamh, status)); if (status == PAM_SUCCESS) /* Win! */ { int status2; /* On most systems, it doesn't matter whether the account modules are run, or whether they fail or succeed. On some systems, the account modules fail, because they were never configured properly, but it's necessary to run them anyway because certain PAM modules depend on side effects of the account modules having been run. And on still other systems, the account modules are actually used, and failures in them should be considered to be true! So: - We run the account modules on all systems. - Whether we ignore them is a configure option. It's all kind of a mess. */ status2 = pam_acct_mgmt (pamh, 0); if (verbose_p) fprintf (stderr, "%s: pam_acct_mgmt (...) ==> %d (%s)\n", blurb(), status2, PAM_STRERROR(pamh, status2)); /* HPUX for some reason likes to make PAM defines different from * everyone else's. */ #ifdef PAM_AUTHTOKEN_REQD if (status2 == PAM_AUTHTOKEN_REQD) #else if (status2 == PAM_NEW_AUTHTOK_REQD) #endif { status2 = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (verbose_p) fprintf (stderr, "%s: pam_chauthtok (...) ==> %d (%s)\n", blurb(), status2, PAM_STRERROR(pamh, status2)); } /* If 'configure' requested that we believe the results of PAM account module failures, then obey that status code. Otherwise ignore it. */ #ifdef PAM_CHECK_ACCOUNT_TYPE status = status2; #endif /* Each time we successfully authenticate, refresh credentials, for Kerberos/AFS/DCE/etc. If this fails, just ignore that failure and blunder along; it shouldn't matter. */ #if defined(__linux__) /* Apparently the Linux PAM library ignores PAM_REFRESH_CRED and only refreshes credentials when using PAM_REINITIALIZE_CRED. */ status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED); #else /* But Solaris requires PAM_REFRESH_CRED or extra prompts appear. */ status2 = pam_setcred (pamh, PAM_REFRESH_CRED); #endif if (verbose_p) fprintf (stderr, "%s: pam_setcred (...) ==> %d (%s)\n", blurb(), status2, PAM_STRERROR(pamh, status2)); } DONE: if (pamh) { int status2 = pam_end (pamh, status); pamh = 0; if (verbose_p) fprintf (stderr, "%s: pam_end (...) ==> %d (%s)\n", blurb(), status2, (status2 == PAM_SUCCESS ? "Success" : "Failure")); } if (status == PAM_SUCCESS) si->unlock_state = ul_success; /* yay */ else if (si->unlock_state == ul_cancel || si->unlock_state == ul_time) ; /* more specific failures ok */ else si->unlock_state = ul_fail; /* generic failure */ }
/** * Check the credentials and return the gid/uid of user. * * @param pszUser username * @param pszPasswd password * @param gid where to store the GID of the user * @param uid where to store the UID of the user * @returns IPRT status code */ static int rtCheckCredentials(const char *pszUser, const char *pszPasswd, gid_t *pGid, uid_t *pUid) { #if defined(RT_OS_DARWIN) RTLogPrintf("rtCheckCredentials\n"); /* * Resolve user to UID and GID. */ char szBuf[_4K]; struct passwd Pw; struct passwd *pPw; if (getpwnam_r(pszUser, &Pw, szBuf, sizeof(szBuf), &pPw) != 0) return VERR_AUTHENTICATION_FAILURE; if (!pPw) return VERR_AUTHENTICATION_FAILURE; *pUid = pPw->pw_uid; *pGid = pPw->pw_gid; /* * Use PAM for the authentication. * Note! libpam.2.dylib was introduced with 10.6.x (OpenPAM). */ void *hModPam = dlopen("libpam.dylib", RTLD_LAZY | RTLD_GLOBAL); if (hModPam) { int (*pfnPamStart)(const char *, const char *, struct pam_conv *, pam_handle_t **); int (*pfnPamAuthenticate)(pam_handle_t *, int); int (*pfnPamAcctMgmt)(pam_handle_t *, int); int (*pfnPamSetItem)(pam_handle_t *, int, const void *); int (*pfnPamEnd)(pam_handle_t *, int); *(void **)&pfnPamStart = dlsym(hModPam, "pam_start"); *(void **)&pfnPamAuthenticate = dlsym(hModPam, "pam_authenticate"); *(void **)&pfnPamAcctMgmt = dlsym(hModPam, "pam_acct_mgmt"); *(void **)&pfnPamSetItem = dlsym(hModPam, "pam_set_item"); *(void **)&pfnPamEnd = dlsym(hModPam, "pam_end"); ASMCompilerBarrier(); if ( pfnPamStart && pfnPamAuthenticate && pfnPamAcctMgmt && pfnPamSetItem && pfnPamEnd) { #define pam_start pfnPamStart #define pam_authenticate pfnPamAuthenticate #define pam_acct_mgmt pfnPamAcctMgmt #define pam_set_item pfnPamSetItem #define pam_end pfnPamEnd /* Do the PAM stuff. Note! Abusing 'login' here for now... */ pam_handle_t *hPam = NULL; RTPROCPAMARGS PamConvArgs = { pszUser, pszPasswd }; struct pam_conv PamConversation; RT_ZERO(PamConversation); PamConversation.appdata_ptr = &PamConvArgs; PamConversation.conv = rtPamConv; int rc = pam_start("login", pszUser, &PamConversation, &hPam); if (rc == PAM_SUCCESS) { rc = pam_set_item(hPam, PAM_RUSER, pszUser); if (rc == PAM_SUCCESS) rc = pam_authenticate(hPam, 0); if (rc == PAM_SUCCESS) { rc = pam_acct_mgmt(hPam, 0); if ( rc == PAM_SUCCESS || rc == PAM_AUTHINFO_UNAVAIL /*??*/) { pam_end(hPam, PAM_SUCCESS); dlclose(hModPam); return VINF_SUCCESS; } Log(("rtCheckCredentials: pam_acct_mgmt -> %d\n", rc)); } else Log(("rtCheckCredentials: pam_authenticate -> %d\n", rc)); pam_end(hPam, rc); } else Log(("rtCheckCredentials: pam_start -> %d\n", rc)); } else Log(("rtCheckCredentials: failed to resolve symbols: %p %p %p %p %p\n", pfnPamStart, pfnPamAuthenticate, pfnPamAcctMgmt, pfnPamSetItem, pfnPamEnd)); dlclose(hModPam); } else Log(("rtCheckCredentials: Loading libpam.dylib failed\n")); return VERR_AUTHENTICATION_FAILURE; #elif defined(RT_OS_LINUX) struct passwd *pw; pw = getpwnam(pszUser); if (!pw) return VERR_AUTHENTICATION_FAILURE; if (!pszPasswd) pszPasswd = ""; struct spwd *spwd; /* works only if /etc/shadow is accessible */ spwd = getspnam(pszUser); if (spwd) pw->pw_passwd = spwd->sp_pwdp; /* Default fCorrect=true if no password specified. In that case, pw->pw_passwd * must be NULL (no password set for this user). Fail if a password is specified * but the user does not have one assigned. */ int fCorrect = !pszPasswd || !*pszPasswd; if (pw->pw_passwd && *pw->pw_passwd) { struct crypt_data *data = (struct crypt_data*)RTMemTmpAllocZ(sizeof(*data)); /* be reentrant */ char *pszEncPasswd = crypt_r(pszPasswd, pw->pw_passwd, data); fCorrect = pszEncPasswd && !strcmp(pszEncPasswd, pw->pw_passwd); RTMemTmpFree(data); } if (!fCorrect) return VERR_AUTHENTICATION_FAILURE; *pGid = pw->pw_gid; *pUid = pw->pw_uid; return VINF_SUCCESS; #elif defined(RT_OS_SOLARIS) struct passwd *ppw, pw; char szBuf[1024]; if (getpwnam_r(pszUser, &pw, szBuf, sizeof(szBuf), &ppw) != 0 || ppw == NULL) return VERR_AUTHENTICATION_FAILURE; if (!pszPasswd) pszPasswd = ""; struct spwd spwd; char szPwdBuf[1024]; /* works only if /etc/shadow is accessible */ if (getspnam_r(pszUser, &spwd, szPwdBuf, sizeof(szPwdBuf)) != NULL) ppw->pw_passwd = spwd.sp_pwdp; char *pszEncPasswd = crypt(pszPasswd, ppw->pw_passwd); if (strcmp(pszEncPasswd, ppw->pw_passwd)) return VERR_AUTHENTICATION_FAILURE; *pGid = ppw->pw_gid; *pUid = ppw->pw_uid; return VINF_SUCCESS; #else NOREF(pszUser); NOREF(pszPasswd); NOREF(pGid); NOREF(pUid); return VERR_AUTHENTICATION_FAILURE; #endif }
/* * main - userdel command */ int main (int argc, char **argv) { int errors = 0; /* Error in the removal of the home directory */ #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("userdel"); #ifdef WITH_AUDIT audit_help_open (); #endif /* WITH_AUDIT */ { /* * Parse the command line options. */ int c; static struct option long_options[] = { {"force", no_argument, NULL, 'f'}, {"help", no_argument, NULL, 'h'}, {"remove", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, #ifdef WITH_SELINUX {"selinux-user", no_argument, NULL, 'Z'}, #endif /* WITH_SELINUX */ {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX "fhrR:Z", #else /* !WITH_SELINUX */ "fhrR:", #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { case 'f': /* force remove even if not owned by user */ fflg = true; break; case 'h': usage (E_SUCCESS); break; case 'r': /* remove home dir and mailbox */ rflg = true; break; case 'R': /* no-op, handled in process_root_flag () */ break; #ifdef WITH_SELINUX case 'Z': if (is_selinux_enabled () > 0) { Zflg = true; } else { fprintf (stderr, _("%s: -Z requires SELinux enabled kernel\n"), Prog); exit (E_BAD_ARG); } break; #endif /* WITH_SELINUX */ default: usage (E_USAGE); } } } if ((optind + 1) != argc) { usage (E_USAGE); } #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (pampw == NULL) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (E_PW_UPDATE); } retval = pam_start ("userdel", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM: %s\n"), Prog, pam_strerror (pamh, retval)); SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); if (NULL != pamh) { (void) pam_end (pamh, retval); } exit (E_PW_UPDATE); } (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ is_shadow_pwd = spw_file_present (); #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif /* SHADOWGRP */ #ifdef ENABLE_SUBIDS is_sub_uid = sub_uid_file_present (); is_sub_gid = sub_gid_file_present (); #endif /* ENABLE_SUBIDS */ /* * Start with a quick check to see if the user exists. */ user_name = argv[argc - 1]; { struct passwd *pwd; pwd = getpwnam (user_name); /* local, no need for xgetpwnam */ if (NULL == pwd) { fprintf (stderr, _("%s: user '%s' does not exist\n"), Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "deleting user not found", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ exit (E_NOTFOUND); } user_id = pwd->pw_uid; user_gid = pwd->pw_gid; user_home = xstrdup (pwd->pw_dir); } #ifdef WITH_TCB if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) { exit (E_NOTFOUND); } #endif /* WITH_TCB */ #ifdef USE_NIS /* * Now make sure it isn't an NIS user. */ if (__ispwNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: user %s is a NIS user\n"), Prog, user_name); if ( !yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "passwd.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif /* USE_NIS */ /* * Check to make certain the user isn't logged in. * Note: This is a best effort basis. The user may log in between, * a cron job may be started on her behalf, etc. */ if (user_busy (user_name, user_id) != 0) { if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, "deleting user logged in", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ exit (E_USER_BUSY); } } /* * Do the hard stuff - open the files, create the user entries, * create the home directory, then close and update the files. */ open_files (); update_user (); update_groups (); if (rflg) { errors += remove_mailbox (); } if (rflg) { int home_owned = is_owner (user_id, user_home); if (-1 == home_owned) { fprintf (stderr, _("%s: %s home directory (%s) not found\n"), Prog, user_name, user_home); rflg = 0; } else if ((0 == home_owned) && !fflg) { fprintf (stderr, _("%s: %s not owned by %s, not removing\n"), Prog, user_home, user_name); rflg = 0; errors++; /* continue */ } } #ifdef EXTRA_CHECK_HOME_DIR /* This may be slow, the above should be good enough. */ if (rflg && !fflg) { struct passwd *pwd; /* * For safety, refuse to remove the home directory if it * would result in removing some other user's home * directory. Still not perfect so be careful, but should * prevent accidents if someone has /home or / as home * directory... --marekm */ setpwent (); while ((pwd = getpwent ())) { if (strcmp (pwd->pw_name, user_name) == 0) { continue; } if (path_prefix (user_home, pwd->pw_dir)) { fprintf (stderr, _("%s: not removing directory %s (would remove home of user %s)\n"), Prog, user_home, pwd->pw_name); rflg = false; errors++; /* continue */ break; } } endpwent (); } #endif /* EXTRA_CHECK_HOME_DIR */ if (rflg) { if (remove_tree (user_home, true) != 0) { fprintf (stderr, _("%s: error removing directory %s\n"), Prog, user_home); errors++; /* continue */ } #ifdef WITH_AUDIT else { audit_logger (AUDIT_DEL_USER, Prog, "deleting home directory", user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ } #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, "deleting home directory", user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } #endif /* WITH_AUDIT */ #ifdef WITH_SELINUX if (Zflg) { if (del_seuser (user_name) != 0) { fprintf (stderr, _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, "removing SELinux user mapping", user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); } } #endif /* WITH_SELINUX */ /* * Cancel any crontabs or at jobs. Have to do this before we remove * the entry from /etc/passwd. */ user_cancel (user_name); close_files (); #ifdef WITH_TCB errors += remove_tcbdir (user_name, user_id); #endif /* WITH_TCB */ nscd_flush_cache ("passwd"); nscd_flush_cache ("group"); return ((0 != errors) ? E_HOMEDIR : E_SUCCESS); }
/* * login - create a new login session for a user * * login is typically called by getty as the second step of a * new user session. getty is responsible for setting the line * characteristics to a reasonable set of values and getting * the name of the user to be logged in. login may also be * called to create a new user session on a pty for a variety * of reasons, such as X servers or network logins. * * the flags which login supports are * * -p - preserve the environment * -r - perform autologin protocol for rlogin * -f - do not perform authentication, user is preauthenticated * -h - the name of the remote host */ int main (int argc, char **argv) { const char *tmptty; char tty[BUFSIZ]; #ifdef RLOGIN char term[128] = ""; #endif /* RLOGIN */ #if defined(HAVE_STRFTIME) && !defined(USE_PAM) char ptime[80]; #endif unsigned int delay; unsigned int retries; bool subroot = false; #ifndef USE_PAM bool is_console; #endif int err; const char *cp; const char *tmp; char fromhost[512]; struct passwd *pwd = NULL; char **envp = environ; const char *failent_user; /*@null@*/struct utmp *utent; #ifdef USE_PAM int retcode; pid_t child; char *pam_user = NULL; #else struct spwd *spwd = NULL; #endif /* * Some quick initialization. */ sanitize_env (); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); initenv (); amroot = (getuid () == 0); Prog = Basename (argv[0]); if (geteuid() != 0) { fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog); exit (1); } process_flags (argc, argv); if ((isatty (0) == 0) || (isatty (1) == 0) || (isatty (2) == 0)) { exit (1); /* must be a terminal */ } utent = get_current_utmp (); /* * Be picky if run by normal users (possible if installed setuid * root), but not if run by root. This way it still allows logins * even if your getty is broken, or if something corrupts utmp, * but users must "exec login" which will use the existing utmp * entry (will not overwrite remote hostname). --marekm */ if (!amroot && (NULL == utent)) { (void) puts (_("No utmp entry. You must exec \"login\" from the lowest level \"sh\"")); exit (1); } /* NOTE: utent might be NULL afterwards */ tmptty = ttyname (0); if (NULL == tmptty) { tmptty = "UNKNOWN"; } STRFCPY (tty, tmptty); #ifndef USE_PAM is_console = console (tty); #endif if (rflg || hflg) { /* * Add remote hostname to the environment. I think * (not sure) I saw it once on Irix. --marekm */ addenv ("REMOTEHOST", hostname); } if (fflg) { preauth_flag = true; } if (hflg) { reason = PW_RLOGIN; } #ifdef RLOGIN if (rflg) { assert (NULL == username); username = xmalloc (USER_NAME_MAX_LENGTH + 1); username[USER_NAME_MAX_LENGTH] = '\0'; if (do_rlogin (hostname, username, USER_NAME_MAX_LENGTH, term, sizeof term)) { preauth_flag = true; } else { free (username); username = NULL; } } #endif /* RLOGIN */ OPENLOG ("login"); setup_tty (); #ifndef USE_PAM (void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); { /* * Use the ULIMIT in the login.defs file, and if * there isn't one, use the default value. The * user may have one for themselves, but otherwise, * just take what you get. */ long limit = getdef_long ("ULIMIT", -1L); if (limit != -1) { set_filesize_limit (limit); } } #endif /* * The entire environment will be preserved if the -p flag * is used. */ if (pflg) { while (NULL != *envp) { /* add inherited environment, */ addenv (*envp, NULL); /* some variables change later */ envp++; } } #ifdef RLOGIN if (term[0] != '\0') { addenv ("TERM", term); } else #endif /* RLOGIN */ { /* preserve TERM from getty */ if (!pflg) { tmp = getenv ("TERM"); if (NULL != tmp) { addenv ("TERM", tmp); } } } init_env (); if (optind < argc) { /* now set command line variables */ set_env (argc - optind, &argv[optind]); } if (rflg || hflg) { cp = hostname; #ifdef HAVE_STRUCT_UTMP_UT_HOST } else if ((NULL != utent) && ('\0' != utent->ut_host[0])) { cp = utent->ut_host; #endif /* HAVE_STRUCT_UTMP_UT_HOST */ } else { cp = ""; } if ('\0' != *cp) { snprintf (fromhost, sizeof fromhost, " on '%.100s' from '%.200s'", tty, cp); } else { snprintf (fromhost, sizeof fromhost, " on '%.100s'", tty); } top: /* only allow ALARM sec. for login */ (void) signal (SIGALRM, alarm_handler); timeout = getdef_unum ("LOGIN_TIMEOUT", ALARM); if (timeout > 0) { (void) alarm (timeout); } environ = newenvp; /* make new environment active */ delay = getdef_unum ("FAIL_DELAY", 1); retries = getdef_unum ("LOGIN_RETRIES", RETRIES); #ifdef USE_PAM retcode = pam_start ("login", username, &conv, &pamh); if (retcode != PAM_SUCCESS) { fprintf (stderr, _("login: PAM Failure, aborting: %s\n"), pam_strerror (pamh, retcode)); SYSLOG ((LOG_ERR, "Couldn't initialize PAM: %s", pam_strerror (pamh, retcode))); exit (99); } /* * hostname & tty are either set to NULL or their correct values, * depending on how much we know. We also set PAM's fail delay to * ours. * * PAM_RHOST and PAM_TTY are used for authentication, only use * information coming from login or from the caller (e.g. no utmp) */ retcode = pam_set_item (pamh, PAM_RHOST, hostname); PAM_FAIL_CHECK; retcode = pam_set_item (pamh, PAM_TTY, tty); PAM_FAIL_CHECK; #ifdef HAS_PAM_FAIL_DELAY retcode = pam_fail_delay (pamh, 1000000 * delay); PAM_FAIL_CHECK; #endif /* if fflg, then the user has already been authenticated */ if (!fflg) { unsigned int failcount = 0; char hostn[256]; char loginprompt[256]; /* That's one hell of a prompt :) */ /* Make the login prompt look like we want it */ if (gethostname (hostn, sizeof (hostn)) == 0) { snprintf (loginprompt, sizeof (loginprompt), _("%s login: "******"login: "******"TOO MANY LOGIN TRIES (%u)%s FOR '%s'", failcount, fromhost, failent_user)); fprintf (stderr, _("Maximum number of tries exceeded (%u)\n"), failcount); PAM_END; exit(0); } else if (retcode == PAM_ABORT) { /* Serious problems, quit now */ (void) fputs (_("login: abort requested by PAM\n"), stderr); SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()")); PAM_END; exit(99); } else if (retcode != PAM_SUCCESS) { SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%u)%s FOR '%s', %s", failcount, fromhost, failent_user, pam_strerror (pamh, retcode))); failed = true; } if (!failed) { break; } #ifdef WITH_AUDIT audit_fd = audit_open (); audit_log_acct_message (audit_fd, AUDIT_USER_LOGIN, NULL, /* Prog. name */ "login", failent_user, AUDIT_NO_ID, hostname, NULL, /* addr */ tty, 0); /* result */ close (audit_fd); #endif /* WITH_AUDIT */ (void) puts (""); (void) puts (_("Login incorrect")); if (failcount >= retries) { SYSLOG ((LOG_NOTICE, "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", failcount, fromhost, failent_user)); fprintf (stderr, _("Maximum number of tries exceeded (%u)\n"), failcount); PAM_END; exit(0); } /* * Let's give it another go around. * Even if a username was given on the command * line, prompt again for the username. */ retcode = pam_set_item (pamh, PAM_USER, NULL); PAM_FAIL_CHECK; } /* We don't get here unless they were authenticated above */ (void) alarm (0); } /* Check the account validity */ retcode = pam_acct_mgmt (pamh, 0); if (retcode == PAM_NEW_AUTHTOK_REQD) { retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); } PAM_FAIL_CHECK; /* Open the PAM session */ get_pam_user (&pam_user); retcode = pam_open_session (pamh, hushed (pam_user) ? PAM_SILENT : 0); PAM_FAIL_CHECK; /* Grab the user information out of the password file for future usage * First get the username that we are actually using, though. * * From now on, we will discard changes of the user (PAM_USER) by * PAM APIs. */ get_pam_user (&pam_user); if (NULL != username) { free (username); } username = xstrdup (pam_user); failent_user = get_failent_user (username); pwd = xgetpwnam (username); if (NULL == pwd) { SYSLOG ((LOG_ERR, "cannot find user %s", failent_user)); fprintf (stderr, _("Cannot find user (%s)\n"), username); exit (1); } /* This set up the process credential (group) and initialize the * supplementary group access list. * This has to be done before pam_setcred */ if (setup_groups (pwd) != 0) { exit (1); } retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED); PAM_FAIL_CHECK; /* NOTE: If pam_setcred changes PAM_USER, this will not be taken * into account. */ #else /* ! USE_PAM */ while (true) { /* repeatedly get login/password pairs */ bool failed; /* user_passwd is always a pointer to this constant string * or a passwd or shadow password that will be memzero by * pw_free / spw_free. * Do not free() user_passwd. */ const char *user_passwd = "!"; /* Do some cleanup to avoid keeping entries we do not need * anymore. */ if (NULL != pwd) { pw_free (pwd); pwd = NULL; } if (NULL != spwd) { spw_free (spwd); spwd = NULL; } failed = false; /* haven't failed authentication yet */ if (NULL == username) { /* need to get a login id */ if (subroot) { closelog (); exit (1); } preauth_flag = false; username = xmalloc (USER_NAME_MAX_LENGTH + 1); username[USER_NAME_MAX_LENGTH] = '\0'; login_prompt (_("\n%s login: "******"!", * the account is locked and the user cannot * login, even if they have been * "pre-authenticated." */ if ( ('!' == user_passwd[0]) || ('*' == user_passwd[0])) { failed = true; } } if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) { spwd = xgetspnam (username); if (NULL != spwd) { user_passwd = spwd->sp_pwdp; } else { /* The user exists in passwd, but not in * shadow. SHADOW_PASSWD_STRING indicates * that the password shall be in shadow. */ SYSLOG ((LOG_WARN, "no shadow password for '%s'%s", username, fromhost)); } } /* * The -r and -f flags provide a name which has already * been authenticated by some server. */ if (preauth_flag) { goto auth_ok; } if (pw_auth (user_passwd, username, reason, (char *) 0) == 0) { goto auth_ok; } SYSLOG ((LOG_WARN, "invalid password for '%s' %s", failent_user, fromhost)); failed = true; auth_ok: /* * This is the point where all authenticated users wind up. * If you reach this far, your password has been * authenticated and so on. */ if ( !failed && (NULL != pwd) && (0 == pwd->pw_uid) && !is_console) { SYSLOG ((LOG_CRIT, "ILLEGAL ROOT LOGIN %s", fromhost)); failed = true; } if ( !failed && !login_access (username, ('\0' != *hostname) ? hostname : tty)) { SYSLOG ((LOG_WARN, "LOGIN '%s' REFUSED %s", username, fromhost)); failed = true; } if ( (NULL != pwd) && getdef_bool ("FAILLOG_ENAB") && !failcheck (pwd->pw_uid, &faillog, failed)) { SYSLOG ((LOG_CRIT, "exceeded failure limit for '%s' %s", username, fromhost)); failed = true; } if (!failed) { break; } /* don't log non-existent users */ if ((NULL != pwd) && getdef_bool ("FAILLOG_ENAB")) { failure (pwd->pw_uid, tty, &faillog); } if (getdef_str ("FTMP_FILE") != NULL) { #ifdef USE_UTMPX struct utmpx *failent = prepare_utmpx (failent_user, tty, /* FIXME: or fromhost? */hostname, utent); #else /* !USE_UTMPX */ struct utmp *failent = prepare_utmp (failent_user, tty, hostname, utent); #endif /* !USE_UTMPX */ failtmp (failent_user, failent); free (failent); } retries--; if (retries <= 0) { SYSLOG ((LOG_CRIT, "REPEATED login failures%s", fromhost)); } /* * If this was a passwordless account and we get here, login * was denied (securetty, faillog, etc.). There was no * password prompt, so do it now (will always fail - the bad * guys won't see that the passwordless account exists at * all). --marekm */ if (user_passwd[0] == '\0') { pw_auth ("!", username, reason, (char *) 0); } /* * Authentication of this user failed. * The username must be confirmed in the next try. */ free (username); username = NULL; /* * Wait a while (a la SVR4 /usr/bin/login) before attempting * to login the user again. If the earlier alarm occurs * before the sleep() below completes, login will exit. */ if (delay > 0) { (void) sleep (delay); } (void) puts (_("Login incorrect")); /* allow only one attempt with -r or -f */ if (rflg || fflg || (retries <= 0)) { closelog (); exit (1); } } /* while (true) */ #endif /* ! USE_PAM */ assert (NULL != username); assert (NULL != pwd); (void) alarm (0); /* turn off alarm clock */ #ifndef USE_PAM /* PAM does this */ /* * porttime checks moved here, after the user has been * authenticated. now prints a message, as suggested * by Ivan Nejgebauer <*****@*****.**>. --marekm */ if ( getdef_bool ("PORTTIME_CHECKS_ENAB") && !isttytime (username, tty, time ((time_t *) 0))) { SYSLOG ((LOG_WARN, "invalid login time for '%s'%s", username, fromhost)); closelog (); bad_time_notify (); exit (1); } check_nologin (pwd->pw_uid == 0); #endif if (getenv ("IFS")) { /* don't export user IFS ... */ addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ } if (pwd->pw_shell[0] == '*') { /* subsystem root */ pwd->pw_shell++; /* skip the '*' */ subsystem (pwd); /* figure out what to execute */ subroot = true; /* say I was here again */ endpwent (); /* close all of the file which were */ endgrent (); /* open in the original rooted file */ endspent (); /* system. they will be re-opened */ #ifdef SHADOWGRP endsgent (); /* in the new rooted file system */ #endif goto top; /* go do all this all over again */ } #ifdef WITH_AUDIT audit_fd = audit_open (); audit_log_acct_message (audit_fd, AUDIT_USER_LOGIN, NULL, /* Prog. name */ "login", username, AUDIT_NO_ID, hostname, NULL, /* addr */ tty, 1); /* result */ close (audit_fd); #endif /* WITH_AUDIT */ #ifndef USE_PAM /* pam_lastlog handles this */ if (getdef_bool ("LASTLOG_ENAB")) { /* give last login and log this one */ dolastlog (&ll, pwd, tty, hostname); } #endif #ifndef USE_PAM /* PAM handles this as well */ /* * Have to do this while we still have root privileges, otherwise we * don't have access to /etc/shadow. */ if (NULL != spwd) { /* check for age of password */ if (expire (pwd, spwd)) { /* The user updated her password, get the new * entries. * Use the x variants because we need to keep the * entry for a long time, and there might be other * getxxyy in between. */ pw_free (pwd); pwd = xgetpwnam (username); if (NULL == pwd) { SYSLOG ((LOG_ERR, "cannot find user %s after update of expired password", username)); exit (1); } spw_free (spwd); spwd = xgetspnam (username); } } setup_limits (pwd); /* nice, ulimit etc. */ #endif /* ! USE_PAM */ chown_tty (pwd); #ifdef USE_PAM /* * We must fork before setuid() because we need to call * pam_close_session() as root. */ (void) signal (SIGINT, SIG_IGN); child = fork (); if (child < 0) { /* error in fork() */ fprintf (stderr, _("%s: failure forking: %s"), Prog, strerror (errno)); PAM_END; exit (0); } else if (child != 0) { /* * parent - wait for child to finish, then cleanup * session */ wait (NULL); PAM_END; exit (0); } /* child */ #endif /* If we were init, we need to start a new session */ if (getppid() == 1) { setsid(); if (ioctl(0, TIOCSCTTY, 1) != 0) { fprintf (stderr, _("TIOCSCTTY failed on %s"), tty); } } /* * The utmp entry needs to be updated to indicate the new status * of the session, the new PID and SID. */ update_utmp (username, tty, hostname, utent); /* The pwd and spwd entries for the user have been copied. * * Close all the files so that unauthorized access won't occur. */ endpwent (); /* stop access to password file */ endgrent (); /* stop access to group file */ endspent (); /* stop access to shadow passwd file */ #ifdef SHADOWGRP endsgent (); /* stop access to shadow group file */ #endif /* Drop root privileges */ #ifndef USE_PAM if (setup_uid_gid (pwd, is_console)) #else /* The group privileges were already dropped. * See setup_groups() above. */ if (change_uid (pwd)) #endif { exit (1); } setup_env (pwd); /* set env vars, cd to the home dir */ #ifdef USE_PAM { const char *const *env; env = (const char *const *) pam_getenvlist (pamh); while ((NULL != env) && (NULL != *env)) { addenv (*env, NULL); env++; } } #endif (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); if (!hushed (username)) { addenv ("HUSHLOGIN=FALSE", NULL); /* * pam_unix, pam_mail and pam_lastlog should take care of * this */ #ifndef USE_PAM motd (); /* print the message of the day */ if ( getdef_bool ("FAILLOG_ENAB") && (0 != faillog.fail_cnt)) { failprint (&faillog); /* Reset the lockout times if logged in */ if ( (0 != faillog.fail_max) && (faillog.fail_cnt >= faillog.fail_max)) { (void) puts (_("Warning: login re-enabled after temporary lockout.")); SYSLOG ((LOG_WARN, "login '%s' re-enabled after temporary lockout (%d failures)", username, (int) faillog.fail_cnt)); } } if ( getdef_bool ("LASTLOG_ENAB") && (ll.ll_time != 0)) { time_t ll_time = ll.ll_time; #ifdef HAVE_STRFTIME (void) strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", localtime (&ll_time)); printf (_("Last login: %s on %s"), ptime, ll.ll_line); #else printf (_("Last login: %.19s on %s"), ctime (&ll_time), ll.ll_line); #endif #ifdef HAVE_LL_HOST /* __linux__ || SUN4 */ if ('\0' != ll.ll_host[0]) { printf (_(" from %.*s"), (int) sizeof ll.ll_host, ll.ll_host); } #endif printf (".\n"); } agecheck (spwd); mailcheck (); /* report on the status of mail */ #endif /* !USE_PAM */ } else { addenv ("HUSHLOGIN=TRUE", NULL); } ttytype (tty); (void) signal (SIGQUIT, SIG_DFL); /* default quit signal */ (void) signal (SIGTERM, SIG_DFL); /* default terminate signal */ (void) signal (SIGALRM, SIG_DFL); /* default alarm signal */ (void) signal (SIGHUP, SIG_DFL); /* added this. --marekm */ (void) signal (SIGINT, SIG_DFL); /* default interrupt signal */ if (0 == pwd->pw_uid) { SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost)); } else if (getdef_bool ("LOG_OK_LOGINS")) { SYSLOG ((LOG_INFO, "'%s' logged in %s", username, fromhost)); } closelog (); tmp = getdef_str ("FAKE_SHELL"); if (NULL != tmp) { err = shell (tmp, pwd->pw_shell, newenvp); /* fake shell */ } else { /* exec the shell finally */ err = shell (pwd->pw_shell, (char *) 0, newenvp); } return ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); }
/* * Attempt to authenticate the user using PAM. Returns 0 if the user is * authenticated, or 1 if not authenticated. If some sort of PAM system * error occurs (e.g., the "/etc/pam.conf" file is missing) then this * function returns -1. This can be used as an indication that we should * fall back to a different authentication mechanism. */ static int auth_pam(void) { const char *tmpl_user; const void *item; int rval; pam_err = pam_authenticate(pamh, pam_silent); switch (pam_err) { case PAM_SUCCESS: /* * With PAM we support the concept of a "template" * user. The user enters a login name which is * authenticated by PAM, usually via a remote service * such as RADIUS or TACACS+. If authentication * succeeds, a different but related "template" name * is used for setting the credentials, shell, and * home directory. The name the user enters need only * exist on the remote authentication server, but the * template name must be present in the local password * database. * * This is supported by two various mechanisms in the * individual modules. However, from the application's * point of view, the template user is always passed * back as a changed value of the PAM_USER item. */ pam_err = pam_get_item(pamh, PAM_USER, &item); if (pam_err == PAM_SUCCESS) { tmpl_user = (const char *)item; if (strcmp(username, tmpl_user) != 0) pwd = getpwnam(tmpl_user); } else { pam_syslog("pam_get_item(PAM_USER)"); } rval = 0; break; case PAM_AUTH_ERR: case PAM_USER_UNKNOWN: case PAM_MAXTRIES: rval = 1; break; default: pam_syslog("pam_authenticate()"); rval = -1; break; } if (rval == 0) { pam_err = pam_acct_mgmt(pamh, pam_silent); switch (pam_err) { case PAM_SUCCESS: break; case PAM_NEW_AUTHTOK_REQD: pam_err = pam_chauthtok(pamh, pam_silent|PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) { pam_syslog("pam_chauthtok()"); rval = 1; } break; default: pam_syslog("pam_acct_mgmt()"); rval = 1; break; } } if (rval != 0) { pam_end(pamh, pam_err); pamh = NULL; } return (rval); }
int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; int retval; char *user; /* char *password; */ char buf[BUFSIZE]; time_t pamh_created = 0; signal(SIGHUP, signal_received); /* make standard output line buffered */ setvbuf(stdout, NULL, _IOLBF, 0); while (retval = PAM_SUCCESS, fgets(buf, BUFSIZE, stdin)) { user = buf; password = strchr(buf, '\n'); if (!password) { fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); fprintf(stdout, "ERR\n"); continue; } *password = '******'; password = strchr(buf, ' '); if (!password) { fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); fprintf(stdout, "ERR\n"); continue; } *password++ = '\0'; conv.appdata_ptr = (char *) password; /* from buf above. not allocated */ #ifdef PAM_CONNECTION_TTL if (pamh_created + PAM_CONNECTION_TTL >= time(NULL)) reset_pam = 1; #endif if (reset_pam && pamh) { /* Close previous PAM connection */ retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); } pamh = NULL; } if (!pamh) { /* Initialize PAM connection */ retval = pam_start(SQUID_PAM_SERVICE, "squid@", &conv, &pamh); if (retval != PAM_SUCCESS) { fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); } reset_pam = 0; pamh_created = time(NULL); } if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_USER, user); if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_CONV, &conv); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); if (retval == PAM_SUCCESS) { fprintf(stdout, "OK\n"); } else { fprintf(stdout, "ERR\n"); } } if (pamh) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { pamh = NULL; fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); } } return (retval == PAM_SUCCESS ? 0 : 1); /* indicate success */ }
static int sftppam_driver_authenticate(sftp_kbdint_driver_t *driver, const char *user) { int res; pr_signals_block(); PRIVS_ROOT res = pam_authenticate(sftppam_pamh, 0); if (res != PAM_SUCCESS) { switch (res) { case PAM_USER_UNKNOWN: sftppam_auth_code = PR_AUTH_NOPWD; break; default: sftppam_auth_code = PR_AUTH_BADPWD; } (void) pr_log_writefile(sftp_logfd, MOD_SFTP_PAM_VERSION, "PAM authentication error (%d) for user '%s': %s", res, user, pam_strerror(sftppam_pamh, res)); (void) pr_log_pri(PR_LOG_NOTICE, MOD_SFTP_PAM_VERSION ": PAM authentication error (%d) for user '%s': %s", res, user, pam_strerror(sftppam_pamh, res)); PRIVS_RELINQUISH pr_signals_unblock(); errno = EPERM; return -1; } res = pam_acct_mgmt(sftppam_pamh, 0); if (res != PAM_SUCCESS) { switch (res) { #ifdef PAM_AUTHTOKEN_REQD case PAM_AUTHTOKEN_REQD: pr_trace_msg(trace_channel, 8, "PAM account mgmt error: PAM_AUTHTOKEN_REQD"); break; #endif case PAM_ACCT_EXPIRED: pr_trace_msg(trace_channel, 8, "PAM account mgmt error: PAM_ACCT_EXPIRED"); sftppam_auth_code = PR_AUTH_DISABLEDPWD; break; #ifdef PAM_ACCT_DISABLED case PAM_ACCT_DISABLED: pr_trace_msg(trace_channel, 8, "PAM account mgmt error: PAM_ACCT_DISABLED"); sftppam_auth_code = PR_AUTH_DISABLEDPWD; break; #endif case PAM_USER_UNKNOWN: pr_trace_msg(trace_channel, 8, "PAM account mgmt error: PAM_USER_UNKNOWN"); sftppam_auth_code = PR_AUTH_NOPWD; break; default: sftppam_auth_code = PR_AUTH_BADPWD; break; } pr_trace_msg(trace_channel, 1, "PAM account mgmt error (%d) for user '%s': %s", res, user, pam_strerror(sftppam_pamh, res)); PRIVS_RELINQUISH pr_signals_unblock(); errno = EPERM; return -1; } res = pam_open_session(sftppam_pamh, 0); if (res != PAM_SUCCESS) { sftppam_auth_code = PR_AUTH_DISABLEDPWD; pr_trace_msg(trace_channel, 1, "PAM session error (%d) for user '%s': %s", res, user, pam_strerror(sftppam_pamh, res)); PRIVS_RELINQUISH pr_signals_unblock(); errno = EPERM; return -1; } #ifdef PAM_CRED_ESTABLISH res = pam_setcred(sftppam_pamh, PAM_CRED_ESTABLISH); #else res = pam_setcred(sftppam_pamh, PAM_ESTABLISH_CRED); #endif /* !PAM_CRED_ESTABLISH */ if (res != PAM_SUCCESS) { switch (res) { case PAM_CRED_EXPIRED: pr_trace_msg(trace_channel, 8, "PAM credentials error: PAM_CRED_EXPIRED"); sftppam_auth_code = PR_AUTH_AGEPWD; break; case PAM_USER_UNKNOWN: pr_trace_msg(trace_channel, 8, "PAM credentials error: PAM_USER_UNKNOWN"); sftppam_auth_code = PR_AUTH_NOPWD; break; default: sftppam_auth_code = PR_AUTH_BADPWD; break; } pr_trace_msg(trace_channel, 1, "PAM credentials error (%d) for user '%s': %s", res, user, pam_strerror(sftppam_pamh, res)); PRIVS_RELINQUISH pr_signals_unblock(); errno = EPERM; return -1; } /* XXX Not sure why these platforms have different treatment...? */ #if defined(SOLARIS2) || defined(HPUX10) || defined(HPUX11) res = pam_close_session(sftppam_pamh, 0); if (sftppam_pamh) { pam_end(sftppam_pamh, res); sftppam_pamh = NULL; } #endif PRIVS_RELINQUISH pr_signals_unblock(); return 0; }
static int knet_vty_pam_auth_user(struct knet_vty *vty, const char *user) { pam_handle_t *pamh=NULL; struct pam_conv conv; int err; int retry = 1; conv.conv = knet_pam_misc_conv; conv.appdata_ptr = (void *)vty; retry_auth: err = pam_start("kronosnet", user, &conv, &pamh); if (err != PAM_SUCCESS) { errno = EINVAL; log_error("PAM fatal error: %s", pam_strerror(pamh, err)); knet_vty_write(vty, "PAM fatal error: %s", pam_strerror(pamh, err)); goto out_fatal; } err = pam_authenticate(pamh, 0); if (err != PAM_SUCCESS) { if (vty->got_epipe) { errno = EPIPE; goto out_fatal; } else { errno = EINVAL; goto out_clean; } } if (knet_vty_get_pam_user(vty, pamh) != PAM_SUCCESS) { log_error("PAM: unable to get PAM_USER: %s", pam_strerror(pamh, err)); knet_vty_write(vty, "PAM: unable to get PAM_USER: %s", pam_strerror(pamh, err)); goto out_clean; } err = pam_acct_mgmt(pamh, 0); if (err != PAM_SUCCESS) { log_info("User: %s failed to authenticate on vty(%d) attempt %d", vty->username, vty->conn_num, retry); goto out_clean; } out_clean: if (pamh) { pam_end(pamh, err); pamh = NULL; } if ((err != PAM_SUCCESS) && (retry < AUTH_MAX_RETRY)) { retry++; goto retry_auth; } out_fatal: if (pamh) { pam_end(pamh, err); pamh = NULL; } knet_vty_write(vty, "\n"); return err; }
int main(int argc, char **argv) { pam_handle_t *pamh=NULL; char *username=NULL; int retcode; /* did the user call with a username as an argument ? */ if (argc > 2) { fprintf(stderr,"usage: %s [username]\n",argv[0]); } else if (argc == 2) { username = argv[1]; } /* initialize the Linux-PAM library */ retcode = pam_start("blank", username, &conv, &pamh); bail_out(pamh,1,retcode,"pam_start"); /* test the environment stuff */ { #define MAXENV 15 const char *greek[MAXENV] = { "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon", "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu", "l=zeta", "h=", "d", "k=xi" }; char **env; int i; for (i=0; i<MAXENV; ++i) { retcode = pam_putenv(pamh,greek[i]); bail_out(pamh,0,retcode,"pam_putenv"); } env = pam_getenvlist(pamh); if (env) env = pam_misc_drop_env(env); else fprintf(stderr,"???\n"); fprintf(stderr,"a test: c=[%s], j=[%s]\n" , pam_getenv(pamh, "c"), pam_getenv(pamh, "j")); } /* to avoid using goto we abuse a loop here */ for (;;) { /* authenticate the user --- `0' here, could have been PAM_SILENT * | PAM_DISALLOW_NULL_AUTHTOK */ retcode = pam_authenticate(pamh, 0); bail_out(pamh,0,retcode,"pam_authenticate"); /* has the user proved themself valid? */ if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* the user is valid, but should they have access at this time? */ retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */ bail_out(pamh,0,retcode,"pam_acct_mgmt"); if (retcode == PAM_NEW_AUTHTOK_REQD) { fprintf(stderr,"Application must request new password...\n"); retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); bail_out(pamh,0,retcode,"pam_chauthtok"); } if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); bail_out(pamh,0,retcode,"pam_setcred1"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem setting user credentials\n" ,argv[0]); break; } /* open a session for the user --- `0' could be PAM_SILENT */ retcode = pam_open_session(pamh,0); bail_out(pamh,0,retcode,"pam_open_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem opening a session\n",argv[0]); break; } fprintf(stderr,"The user has been authenticated and `logged in'\n"); /* close a session for the user --- `0' could be PAM_SILENT * it is possible that this pam_close_call is in another program.. */ retcode = pam_close_session(pamh,0); bail_out(pamh,0,retcode,"pam_close_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred2"); break; /* don't go on for ever! */ } /* close the Linux-PAM library */ retcode = pam_end(pamh, PAM_SUCCESS); pamh = NULL; bail_out(pamh,1,retcode,"pam_end"); exit(0); }
int main(int argc, char *argv[]) { char hostname[MAXHOSTNAMELEN]; const char *user, *tty; const void *item; char **args, **pam_envlist, **pam_env; struct passwd *pwd; int o, pam_err, status; pid_t pid; while ((o = getopt(argc, argv, "")) != -1) switch (o) { default: usage(); } argc -= optind; argv += optind; if (argc > 0) { user = *argv; --argc; ++argv; } else { user = "******"; } /* initialize PAM */ pamc.conv = &openpam_ttyconv; pam_start("su", user, &pamc, &pamh); /* set some items */ gethostname(hostname, sizeof(hostname)); if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) goto pamerr; user = getlogin(); if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS) goto pamerr; tty = ttyname(STDERR_FILENO); if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) goto pamerr; /* authenticate the applicant */ if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) goto pamerr; if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD) pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) goto pamerr; /* establish the requested credentials */ if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) goto pamerr; /* authentication succeeded; open a session */ if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) goto pamerr; /* get mapped user name; PAM may have changed it */ pam_err = pam_get_item(pamh, PAM_USER, &item); if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user = item)) == NULL) goto pamerr; /* export PAM environment */ if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) { putenv(*pam_env); free(*pam_env); } free(pam_envlist); } /* build argument list */ if ((args = calloc(argc + 2, sizeof *args)) == NULL) { warn("calloc()"); goto err; } *args = pwd->pw_shell; memcpy(args + 1, argv, argc * sizeof *args); /* fork and exec */ switch ((pid = fork())) { case -1: warn("fork()"); goto err; case 0: /* child: give up privs and start a shell */ /* set uid and groups */ if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { warn("initgroups()"); _exit(1); } if (setgid(pwd->pw_gid) == -1) { warn("setgid()"); _exit(1); } if (setuid(pwd->pw_uid) == -1) { warn("setuid()"); _exit(1); } execve(*args, args, environ); warn("execve()"); _exit(1); default: /* parent: wait for child to exit */ waitpid(pid, &status, 0); /* close the session and release PAM resources */ pam_err = pam_close_session(pamh, 0); pam_end(pamh, pam_err); exit(WEXITSTATUS(status)); } pamerr: fprintf(stderr, "Sorry\n"); err: pam_end(pamh, pam_err); exit(1); }
/* * main - groupmod command * */ int main (int argc, char **argv) { #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; int retval; #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ /* * Get my name so that I can use it to report errors. */ Prog = Basename (argv[0]); (void) setlocale (LC_ALL, ""); (void) bindtextdomain (PACKAGE, LOCALEDIR); (void) textdomain (PACKAGE); process_root_flag ("-R", argc, argv); OPENLOG ("groupmod"); #ifdef WITH_AUDIT audit_help_open (); #endif if (atexit (do_cleanups) != 0) { fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); exit (1); } process_flags (argc, argv); #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM { struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ if (NULL == pampw) { fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); exit (1); } retval = pam_start ("groupmod", pampw->pw_name, &conv, &pamh); } if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); } if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); } if (PAM_SUCCESS != retval) { fprintf (stderr, _("%s: PAM: %s\n"), Prog, pam_strerror (pamh, retval)); SYSLOG((LOG_ERR, "%s", pam_strerror (pamh, retval))); if (NULL != pamh) { (void) pam_end (pamh, retval); } exit (1); } (void) pam_end (pamh, retval); #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #ifdef SHADOWGRP is_shadow_grp = sgr_file_present (); #endif { struct group *grp; /* * Start with a quick check to see if the group exists. */ grp = getgrnam (group_name); /* local, no need for xgetgrnam */ if (NULL == grp) { fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); exit (E_NOTFOUND); } else { group_id = grp->gr_gid; } } #ifdef USE_NIS /* * Now make sure it isn't an NIS group. */ if (__isgrNIS ()) { char *nis_domain; char *nis_master; fprintf (stderr, _("%s: group %s is a NIS group\n"), Prog, group_name); if (!yp_get_default_domain (&nis_domain) && !yp_master (nis_domain, "group.byname", &nis_master)) { fprintf (stderr, _("%s: %s is the NIS master\n"), Prog, nis_master); } exit (E_NOTFOUND); } #endif if (gflg) { check_new_gid (); } if (nflg) { check_new_name (); } lock_files (); /* * Now if the group is not changed, it's our fault. * Make sure failures will be reported. */ prepare_failure_reports (); /* * Do the hard stuff - open the files, create the group entries, * then close and update the files. */ open_files (); grp_update (); close_files (); nscd_flush_cache ("group"); return E_SUCCESS; }
static void run_file(const char *filename, uid_t uid, gid_t gid) { /* Run a file by spawning off a process which redirects I/O, * spawns a subshell, then waits for it to complete and sends * mail to the user. */ pid_t pid; int fd_out, fd_in; int queue; char mailbuf[LOGNAMESIZE + 1], fmt[49]; char *mailname = NULL; FILE *stream; int send_mail = 0; struct stat buf, lbuf; off_t size; struct passwd *pentry; int fflags; uid_t nuid; gid_t ngid; #ifdef PAM pam_handle_t *pamh = NULL; int pam_err; struct pam_conv pamc = { .conv = openpam_nullconv, .appdata_ptr = NULL }; #endif PRIV_START if (chmod(filename, S_IRUSR) != 0) { perr("cannot change file permissions"); } PRIV_END pid = fork(); if (pid == -1) perr("cannot fork"); else if (pid != 0) return; /* Let's see who we mail to. Hopefully, we can read it from * the command file; if not, send it to the owner, or, failing that, * to root. */ pentry = getpwuid(uid); if (pentry == NULL) perrx("Userid %lu not found - aborting job %s", (unsigned long) uid, filename); #ifdef PAM PRIV_START pam_err = pam_start(atrun, pentry->pw_name, &pamc, &pamh); if (pam_err != PAM_SUCCESS) perrx("cannot start PAM: %s", pam_strerror(pamh, pam_err)); pam_err = pam_acct_mgmt(pamh, PAM_SILENT); /* Expired password shouldn't prevent the job from running. */ if (pam_err != PAM_SUCCESS && pam_err != PAM_NEW_AUTHTOK_REQD) perrx("Account %s (userid %lu) unavailable for job %s: %s", pentry->pw_name, (unsigned long)uid, filename, pam_strerror(pamh, pam_err)); pam_end(pamh, pam_err); PRIV_END #endif /* PAM */ PRIV_START stream=fopen(filename, "r"); PRIV_END if (stream == NULL) perr("cannot open input file"); if ((fd_in = dup(fileno(stream))) <0) perr("error duplicating input file descriptor"); if (fstat(fd_in, &buf) == -1) perr("error in fstat of input file descriptor"); if (lstat(filename, &lbuf) == -1) perr("error in fstat of input file"); if (S_ISLNK(lbuf.st_mode)) perrx("Symbolic link encountered in job %s - aborting", filename); if ((lbuf.st_dev != buf.st_dev) || (lbuf.st_ino != buf.st_ino) || (lbuf.st_uid != buf.st_uid) || (lbuf.st_gid != buf.st_gid) || (lbuf.st_size!=buf.st_size)) perrx("Somebody changed files from under us for job %s - aborting", filename); if (buf.st_nlink > 1) perrx("Somebody is trying to run a linked script for job %s", filename); if ((fflags = fcntl(fd_in, F_GETFD)) <0) perr("error in fcntl"); fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); snprintf(fmt, sizeof(fmt), "#!/bin/sh\n# atrun uid=%%ld gid=%%ld\n# mail %%%ds %%d", LOGNAMESIZE); if (fscanf(stream, fmt, &nuid, &ngid, mailbuf, &send_mail) != 4) perrx("File %s is in wrong format - aborting", filename); if (mailbuf[0] == '-') perrx("Illegal mail name %s in %s", mailbuf, filename); mailname = mailbuf; if (nuid != uid) perrx("Job %s - userid %u does not match file uid %u", filename, nuid, uid); if (ngid != gid) perrx("Job %s - groupid %u does not match file gid %u", filename, ngid, gid); fclose(stream); if (chdir(ATSPOOL_DIR) < 0) perr("cannot chdir to %s", ATSPOOL_DIR); /* Create a file to hold the output of the job we are about to run. * Write the mail header. */ if((fd_out=open(filename, O_WRONLY | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR)) < 0) perr("cannot create output file"); write_string(fd_out, "Subject: Output from your job "); write_string(fd_out, filename); write_string(fd_out, "\n\n"); fstat(fd_out, &buf); size = buf.st_size; close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); pid = fork(); if (pid < 0) perr("error in fork"); else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; /* Set up things for the child; we want standard input from the input file, * and standard output and error sent to our output file. */ if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0) perr("error in lseek"); if (dup(fd_in) != STDIN_FILENO) perr("error in I/O redirection"); if (dup(fd_out) != STDOUT_FILENO) perr("error in I/O redirection"); if (dup(fd_out) != STDERR_FILENO) perr("error in I/O redirection"); close(fd_in); close(fd_out); if (chdir(ATJOB_DIR) < 0) perr("cannot chdir to %s", ATJOB_DIR); queue = *filename; PRIV_START nice(tolower(queue) - 'a'); #ifdef LOGIN_CAP /* * For simplicity and safety, set all aspects of the user context * except for a selected subset: Don't set priority, which was * set based on the queue file name according to the tradition. * Don't bother to set environment, including path vars, either * because it will be discarded anyway. Although the job file * should set umask, preset it here just in case. */ if (setusercontext(NULL, pentry, uid, LOGIN_SETALL & ~(LOGIN_SETPRIORITY | LOGIN_SETPATH | LOGIN_SETENV)) != 0) exit(EXIT_FAILURE); /* setusercontext() logged the error */ #else /* LOGIN_CAP */ if (initgroups(pentry->pw_name,pentry->pw_gid)) perr("cannot init group access list"); if (setgid(gid) < 0 || setegid(pentry->pw_gid) < 0) perr("cannot change group"); if (setlogin(pentry->pw_name)) perr("cannot set login name"); if (setuid(uid) < 0 || seteuid(uid) < 0) perr("cannot set user id"); #endif /* LOGIN_CAP */ if (chdir(pentry->pw_dir)) chdir("/"); if(execle("/bin/sh","sh",NULL, nenvp) != 0) perr("exec failed for /bin/sh"); PRIV_END }
int authenticate_user(const char *user, const char *passwd) { #ifndef HAVE_PAM gboolean pass = TRUE; #else int rc = 0; gboolean pass = FALSE; const void *p_user = NULL; struct pam_conv p_conv; struct pam_handle *pam_h = NULL; static const char *pam_name = NULL; if (pam_name == NULL) { pam_name = getenv("CIB_pam_service"); } if (pam_name == NULL) { pam_name = "login"; } p_conv.conv = construct_pam_passwd; p_conv.appdata_ptr = strdup(passwd); rc = pam_start(pam_name, user, &p_conv, &pam_h); if (rc != PAM_SUCCESS) { crm_err("Could not initialize PAM: %s (%d)", pam_strerror(pam_h, rc), rc); goto bail; } rc = pam_authenticate(pam_h, 0); if (rc != PAM_SUCCESS) { crm_err("Authentication failed for %s: %s (%d)", user, pam_strerror(pam_h, rc), rc); goto bail; } /* Make sure we authenticated the user we wanted to authenticate. * Since we also run as non-root, it might be worth pre-checking * the user has the same EID as us, since that the only user we * can authenticate. */ rc = pam_get_item(pam_h, PAM_USER, &p_user); if (rc != PAM_SUCCESS) { crm_err("Internal PAM error: %s (%d)", pam_strerror(pam_h, rc), rc); goto bail; } else if (p_user == NULL) { crm_err("Unknown user authenticated."); goto bail; } else if (safe_str_neq(p_user, user)) { crm_err("User mismatch: %s vs. %s.", (const char *)p_user, (const char *)user); goto bail; } rc = pam_acct_mgmt(pam_h, 0); if (rc != PAM_SUCCESS) { crm_err("Access denied: %s (%d)", pam_strerror(pam_h, rc), rc); goto bail; } pass = TRUE; bail: pam_end(pam_h, rc); #endif return pass; }
int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; int retval = PAM_SUCCESS; char *user; /* char *password; */ char buf[BUFSIZE]; time_t pamh_created = 0; int ttl = DEFAULT_SQUID_PAM_TTL; char *service = DEFAULT_SQUID_PAM_SERVICE; int no_acct_mgmt = 0; /* make standard output line buffered */ setvbuf(stdout, NULL, _IOLBF, 0); while (1) { int ch = getopt(argc, argv, "1n:t:o"); switch (ch) { case -1: goto start; case 'n': service = optarg; break; case 't': ttl = atoi(optarg); break; case '1': ttl = 0; break; case 'o': no_acct_mgmt = 1; break; default: fprintf(stderr, "Unknown getopt value '%c'\n", ch); usage(argv[0]); exit(1); } } start: if (optind < argc) { fprintf(stderr, "Unknown option '%s'\n", argv[optind]); usage(argv[0]); exit(1); } while (fgets(buf, BUFSIZE, stdin)) { user = buf; password = strchr(buf, '\n'); if (!password) { fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); goto error; } *password = '******'; password = strchr(buf, ' '); if (!password) { fprintf(stderr, "authenticator: Unexpected input '%s'\n", buf); goto error; } *password++ = '\0'; rfc1738_unescape(user); rfc1738_unescape(password); conv.appdata_ptr = (char *) password; /* from buf above. not allocated */ if (ttl == 0) { /* Create PAM connection */ retval = pam_start(service, user, &conv, &pamh); if (retval != PAM_SUCCESS) { fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); goto error; } } else if (!pamh || (time(NULL) - pamh_created) >= ttl || pamh_created > time(NULL)) { /* Close previous PAM connection */ if (pamh) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); } pamh = NULL; } /* Initialize persistent PAM connection */ retval = pam_start(service, "squid@", &conv, &pamh); if (retval != PAM_SUCCESS) { fprintf(stderr, "ERROR: failed to create PAM authenticator\n"); goto error; } pamh_created = time(NULL); } /* Authentication */ retval = PAM_SUCCESS; if (ttl != 0) { if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_USER, user); if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_CONV, &conv); } if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS && !no_acct_mgmt) retval = pam_acct_mgmt(pamh, 0); if (retval == PAM_SUCCESS) { fprintf(stdout, "OK\n"); } else { error: fprintf(stdout, "ERR\n"); } /* cleanup */ retval = PAM_SUCCESS; #ifdef PAM_AUTHTOK if (ttl != 0) { if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); } #endif if (ttl == 0 || retval != PAM_SUCCESS) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); } pamh = NULL; } } if (pamh) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { pamh = NULL; fprintf(stderr, "ERROR: failed to release PAM authenticator\n"); } } return 0; }
int main (int argc, char *argv[]) { int rc; const char *user_to_auth; const char *cookie; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; rc = 0; pam_h = NULL; /* clear the entire environment to avoid attacks using with libraries honoring environment variables */ if (_polkit_clearenv () != 0) goto error; /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); /* check that we are setuid root */ if (geteuid () != 0) { gchar *s; fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n"); /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); send_to_helper ("PAM_ERROR_MSG ", s); g_free (s); goto error; } openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 3) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); goto error; } user_to_auth = argv[1]; cookie = argv[2]; if (getuid () != 0) { /* check we're running with a non-tty stdin */ if (isatty (STDIN_FILENO) != 0) { syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n"); goto error; } } #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); #endif /* PAH_DEBUG */ pam_conversation.conv = conversation_function; pam_conversation.appdata_ptr = NULL; /* start the pam stack */ rc = pam_start ("polkit-1", user_to_auth, &pam_conversation, &pam_h); if (rc != PAM_SUCCESS) { fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc)); goto error; } /* set the requesting user */ rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth); if (rc != PAM_SUCCESS) { fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc)); goto error; } /* is user really user? */ rc = pam_authenticate (pam_h, 0); if (rc != PAM_SUCCESS) { const char *err; err = pam_strerror (pam_h, rc); fprintf (stderr, "polkit-agent-helper-1: pam_authenticate failed: %s\n", err); goto error; } /* permitted access? */ rc = pam_acct_mgmt (pam_h, 0); if (rc != PAM_SUCCESS) { const char *err; err = pam_strerror (pam_h, rc); fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", err); goto error; } /* did we auth the right user? */ rc = pam_get_item (pam_h, PAM_USER, &authed_user); if (rc != PAM_SUCCESS) { const char *err; err = pam_strerror (pam_h, rc); fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", err); goto error; } if (strcmp (authed_user, user_to_auth) != 0) { fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead", user_to_auth, (const char *) authed_user); goto error; } #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth); #endif /* PAH_DEBUG */ pam_end (pam_h, rc); pam_h = NULL; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ /* now send a D-Bus message to the PolicyKit daemon that * includes a) the cookie; and b) the user we authenticated */ if (!send_dbus_message (cookie, user_to_auth)) { #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ goto error; } #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ fprintf (stdout, "SUCCESS\n"); flush_and_wait(); return 0; error: if (pam_h != NULL) pam_end (pam_h, rc); fprintf (stdout, "FAILURE\n"); flush_and_wait(); return 1; }
int main(int argc, char **argv) { pam_handle_t *pamh=NULL; const char *username=NULL; const char *service="xsh"; int retcode; /* did the user call with a username as an argument ? * did they also */ if (argc > 3) { fprintf(stderr,"usage: %s [username [service-name]]\n",argv[0]); } if (argc >= 2) { username = argv[1]; } if (argc == 3) { service = argv[2]; } /* initialize the Linux-PAM library */ retcode = pam_start(service, username, &conv, &pamh); bail_out(pamh,1,retcode,"pam_start"); /* to avoid using goto we abuse a loop here */ for (;;) { /* authenticate the user --- `0' here, could have been PAM_SILENT * | PAM_DISALLOW_NULL_AUTHTOK */ retcode = pam_authenticate(pamh, 0); bail_out(pamh,0,retcode,"pam_authenticate"); /* has the user proved themself valid? */ if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* the user is valid, but should they have access at this time? */ retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */ bail_out(pamh,0,retcode,"pam_acct_mgmt"); if (retcode == PAM_NEW_AUTHTOK_REQD) { fprintf(stderr,"Application must request new password...\n"); retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); bail_out(pamh,0,retcode,"pam_chauthtok"); } if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); bail_out(pamh,0,retcode,"pam_setcred"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem setting user credentials\n" ,argv[0]); break; } /* open a session for the user --- `0' could be PAM_SILENT */ retcode = pam_open_session(pamh,0); bail_out(pamh,0,retcode,"pam_open_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem opening a session\n",argv[0]); break; } pam_get_item(pamh, PAM_USER, (const void **) &username); fprintf(stderr, "The user [%s] has been authenticated and `logged in'\n", username); /* this is always a really bad thing for security! */ system("/bin/sh"); /* close a session for the user --- `0' could be PAM_SILENT * it is possible that this pam_close_call is in another program.. */ retcode = pam_close_session(pamh,0); bail_out(pamh,0,retcode,"pam_close_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem deleting user credentials\n" ,argv[0]); break; } break; /* don't go on for ever! */ } /* close the Linux-PAM library */ retcode = pam_end(pamh, PAM_SUCCESS); pamh = NULL; bail_out(pamh,1,retcode,"pam_end"); exit(0); }
int main(int argc, char **argv) { extern int optind; extern char *optarg, **environ; struct group *gr; register int ch; register char *p; int ask, fflag, hflag, pflag, cnt, errsv; int quietlog, passwd_req; char *domain, *ttyn; char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10]; char *termenv; char *childArgv[10]; char *buff; int childArgc = 0; #ifdef HAVE_SECURITY_PAM_MISC_H int retcode; pam_handle_t *pamh = NULL; struct pam_conv conv = { misc_conv, NULL }; pid_t childPid; #else char *salt, *pp; #endif #ifdef LOGIN_CHOWN_VCS char vcsn[20], vcsan[20]; #endif pid = getpid(); signal(SIGALRM, timedout); alarm((unsigned int)timeout); signal(SIGQUIT, SIG_IGN); signal(SIGINT, SIG_IGN); setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); setpriority(PRIO_PROCESS, 0, 0); initproctitle(argc, argv); /* * -p is used by getty to tell login not to destroy the environment * -f is used to skip a second login authentication * -h is used by other servers to pass the name of the remote * host to login so that it may be placed in utmp and wtmp */ gethostname(tbuf, sizeof(tbuf)); xstrncpy(thishost, tbuf, sizeof(thishost)); domain = index(tbuf, '.'); username = tty_name = hostname = NULL; fflag = hflag = pflag = 0; passwd_req = 1; while ((ch = getopt(argc, argv, "fh:p")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': if (getuid()) { fprintf(stderr, _("login: -h for super-user only.\n")); exit(1); } hflag = 1; if (domain && (p = index(optarg, '.')) && strcasecmp(p, domain) == 0) *p = 0; hostname = strdup(optarg); /* strdup: Ambrose C. Li */ { struct hostent *he = gethostbyname(hostname); /* he points to static storage; copy the part we use */ hostaddress[0] = 0; if (he && he->h_addr_list && he->h_addr_list[0]) memcpy(hostaddress, he->h_addr_list[0], sizeof(hostaddress)); } break; case 'p': pflag = 1; break; case '?': default: fprintf(stderr, _("usage: login [-fp] [username]\n")); exit(1); } argc -= optind; argv += optind; if (*argv) { char *p = *argv; username = strdup(p); ask = 0; /* wipe name - some people mistype their password here */ /* (of course we are too late, but perhaps this helps a little ..) */ while(*p) *p++ = ' '; } else ask = 1; for (cnt = getdtablesize(); cnt > 2; cnt--) close(cnt); ttyn = ttyname(0); if (ttyn == NULL || *ttyn == '\0') { /* no snprintf required - see definition of tname */ sprintf(tname, "%s??", _PATH_TTY); ttyn = tname; } check_ttyname(ttyn); if (strncmp(ttyn, "/dev/", 5) == 0) tty_name = ttyn+5; else tty_name = ttyn; if (strncmp(ttyn, "/dev/tty", 8) == 0) tty_number = ttyn+8; else { char *p = ttyn; while (*p && !isdigit(*p)) p++; tty_number = p; } #ifdef LOGIN_CHOWN_VCS /* find names of Virtual Console devices, for later mode change */ snprintf(vcsn, sizeof(vcsn), "/dev/vcs%s", tty_number); snprintf(vcsan, sizeof(vcsan), "/dev/vcsa%s", tty_number); #endif /* set pgid to pid */ setpgrp(); /* this means that setsid() will fail */ { struct termios tt, ttt; tcgetattr(0, &tt); ttt = tt; ttt.c_cflag &= ~HUPCL; /* These can fail, e.g. with ttyn on a read-only filesystem */ chown(ttyn, 0, 0); chmod(ttyn, TTY_MODE); /* Kill processes left on this tty */ tcsetattr(0,TCSAFLUSH,&ttt); signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */ vhangup(); signal(SIGHUP, SIG_DFL); /* open stdin,stdout,stderr to the tty */ opentty(ttyn); /* restore tty modes */ tcsetattr(0,TCSAFLUSH,&tt); } openlog("login", LOG_ODELAY, LOG_AUTHPRIV); #if 0 /* other than iso-8859-1 */ printf("\033(K"); fprintf(stderr,"\033(K"); #endif #ifdef HAVE_SECURITY_PAM_MISC_H /* * username is initialized to NULL * and if specified on the command line it is set. * Therefore, we are safe not setting it to anything */ retcode = pam_start("login",username, &conv, &pamh); if(retcode != PAM_SUCCESS) { fprintf(stderr, _("login: PAM Failure, aborting: %s\n"), pam_strerror(pamh, retcode)); syslog(LOG_ERR, _("Couldn't initialize PAM: %s"), pam_strerror(pamh, retcode)); exit(99); } /* hostname & tty are either set to NULL or their correct values, depending on how much we know */ retcode = pam_set_item(pamh, PAM_RHOST, hostname); PAM_FAIL_CHECK; retcode = pam_set_item(pamh, PAM_TTY, tty_name); PAM_FAIL_CHECK; /* * [email protected]: Provide a user prompt to PAM * so that the "login: "******"Password: "******"login: "******"\033(K"); fprintf(stderr,"\033(K"); #endif /* if fflag == 1, then the user has already been authenticated */ if (fflag && (getuid() == 0)) passwd_req = 0; else passwd_req = 1; if(passwd_req == 1) { int failcount=0; /* if we didn't get a user on the command line, set it to NULL */ pam_get_item(pamh, PAM_USER, (const void **) &username); if (!username) pam_set_item(pamh, PAM_USER, NULL); /* there may be better ways to deal with some of these conditions, but at least this way I don't think we'll be giving away information... */ /* Perhaps someday we can trust that all PAM modules will pay attention to failure count and get rid of MAX_LOGIN_TRIES? */ retcode = pam_authenticate(pamh, 0); while((failcount++ < PAM_MAX_LOGIN_TRIES) && ((retcode == PAM_AUTH_ERR) || (retcode == PAM_USER_UNKNOWN) || (retcode == PAM_CRED_INSUFFICIENT) || (retcode == PAM_AUTHINFO_UNAVAIL))) { pam_get_item(pamh, PAM_USER, (const void **) &username); syslog(LOG_NOTICE,_("FAILED LOGIN %d FROM %s FOR %s, %s"), failcount, hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); fprintf(stderr,_("Login incorrect\n\n")); pam_set_item(pamh,PAM_USER,NULL); retcode = pam_authenticate(pamh, 0); } if (retcode != PAM_SUCCESS) { pam_get_item(pamh, PAM_USER, (const void **) &username); if (retcode == PAM_MAXTRIES) syslog(LOG_NOTICE,_("TOO MANY LOGIN TRIES (%d) FROM %s FOR " "%s, %s"), failcount, hostname, username, pam_strerror(pamh, retcode)); else syslog(LOG_NOTICE,_("FAILED LOGIN SESSION FROM %s FOR %s, %s"), hostname, username, pam_strerror(pamh, retcode)); logbtmp(tty_name, username, hostname); fprintf(stderr,_("\nLogin incorrect\n")); pam_end(pamh, retcode); exit(0); } retcode = pam_acct_mgmt(pamh, 0); if(retcode == PAM_NEW_AUTHTOK_REQD) { retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); } PAM_FAIL_CHECK; } /* * Grab the user information out of the password file for future usage * First get the username that we are actually using, though. */ retcode = pam_get_item(pamh, PAM_USER, (const void **) &username); PAM_FAIL_CHECK; if (!username || !*username) { fprintf(stderr, _("\nSession setup problem, abort.\n")); syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."), __FUNCTION__, __LINE__); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } if (!(pwd = getpwnam(username))) { fprintf(stderr, _("\nSession setup problem, abort.\n")); syslog(LOG_ERR, _("Invalid user name \"%s\" in %s:%d. Abort."), username, __FUNCTION__, __LINE__); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } /* * Create a copy of the pwd struct - otherwise it may get * clobbered by PAM */ memcpy(&pwdcopy, pwd, sizeof(*pwd)); pwd = &pwdcopy; pwd->pw_name = strdup(pwd->pw_name); pwd->pw_passwd = strdup(pwd->pw_passwd); pwd->pw_gecos = strdup(pwd->pw_gecos); pwd->pw_dir = strdup(pwd->pw_dir); pwd->pw_shell = strdup(pwd->pw_shell); if (!pwd->pw_name || !pwd->pw_passwd || !pwd->pw_gecos || !pwd->pw_dir || !pwd->pw_shell) { fprintf(stderr, _("login: Out of memory\n")); syslog(LOG_ERR, "Out of memory"); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } username = pwd->pw_name; /* * Initialize the supplementary group list. * This should be done before pam_setcred because * the PAM modules might add groups during pam_setcred. */ if (initgroups(username, pwd->pw_gid) < 0) { syslog(LOG_ERR, "initgroups: %m"); fprintf(stderr, _("\nSession setup problem, abort.\n")); pam_end(pamh, PAM_SYSTEM_ERR); exit(1); } retcode = pam_open_session(pamh, 0); PAM_FAIL_CHECK; retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); PAM_FAIL_CHECK; #else /* ! HAVE_SECURITY_PAM_MISC_H */ for (cnt = 0;; ask = 1) { if (ask) { fflag = 0; getloginname(); } /* Dirty patch to fix a gigantic security hole when using yellow pages. This problem should be solved by the libraries, and not by programs, but this must be fixed urgently! If the first char of the username is '+', we avoid login success. Feb 95 <*****@*****.**> */ if (username[0] == '+') { puts(_("Illegal username")); badlogin(username); sleepexit(1); } /* (void)strcpy(tbuf, username); why was this here? */ if ((pwd = getpwnam(username))) { # ifdef SHADOW_PWD struct spwd *sp; if ((sp = getspnam(username))) pwd->pw_passwd = sp->sp_pwdp; # endif salt = pwd->pw_passwd; } else salt = "xx"; if (pwd) { initgroups(username, pwd->pw_gid); checktty(username, tty_name, pwd); /* in checktty.c */ } /* if user not super-user, check for disabled logins */ if (pwd == NULL || pwd->pw_uid) checknologin(); /* * Disallow automatic login to root; if not invoked by * root, disallow if the uid's differ. */ if (fflag && pwd) { int uid = getuid(); passwd_req = pwd->pw_uid == 0 || (uid && uid != pwd->pw_uid); } /* * If trying to log in as root, but with insecure terminal, * refuse the login attempt. */ if (pwd && pwd->pw_uid == 0 && !rootterm(tty_name)) { fprintf(stderr, _("%s login refused on this terminal.\n"), pwd->pw_name); if (hostname) syslog(LOG_NOTICE, _("LOGIN %s REFUSED FROM %s ON TTY %s"), pwd->pw_name, hostname, tty_name); else syslog(LOG_NOTICE, _("LOGIN %s REFUSED ON TTY %s"), pwd->pw_name, tty_name); continue; } /* * If no pre-authentication and a password exists * for this user, prompt for one and verify it. */ if (!passwd_req || (pwd && !*pwd->pw_passwd)) break; setpriority(PRIO_PROCESS, 0, -4); pp = getpass(_("Password: "******"CRYPTO", 6) == 0) { if (pwd && cryptocard()) break; } # endif /* CRYPTOCARD */ p = crypt(pp, salt); setpriority(PRIO_PROCESS, 0, 0); # ifdef KERBEROS /* * If not present in pw file, act as we normally would. * If we aren't Kerberos-authenticated, try the normal * pw file for a password. If that's ok, log the user * in without issueing any tickets. */ if (pwd && !krb_get_lrealm(realm,1)) { /* * get TGT for local realm; be careful about uid's * here for ticket file ownership */ setreuid(geteuid(),pwd->pw_uid); kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm, "krbtgt", realm, DEFAULT_TKT_LIFE, pp); setuid(0); if (kerror == INTK_OK) { memset(pp, 0, strlen(pp)); notickets = 0; /* user got ticket */ break; } } # endif /* KERBEROS */ memset(pp, 0, strlen(pp)); if (pwd && !strcmp(p, pwd->pw_passwd)) break; printf(_("Login incorrect\n")); badlogin(username); /* log ALL bad logins */ failures++; /* we allow 10 tries, but after 3 we start backing off */ if (++cnt > 3) { if (cnt >= 10) { sleepexit(1); } sleep((unsigned int)((cnt - 3) * 5)); } } #endif /* !HAVE_SECURITY_PAM_MISC_H */ /* committed to login -- turn off timeout */ alarm((unsigned int)0); endpwent(); /* This requires some explanation: As root we may not be able to read the directory of the user if it is on an NFS mounted filesystem. We temporarily set our effective uid to the user-uid making sure that we keep root privs. in the real uid. A portable solution would require a fork(), but we rely on Linux having the BSD setreuid() */ { char tmpstr[MAXPATHLEN]; uid_t ruid = getuid(); gid_t egid = getegid(); /* avoid snprintf - old systems do not have it, or worse, have a libc in which snprintf is the same as sprintf */ if (strlen(pwd->pw_dir) + sizeof(_PATH_HUSHLOGIN) + 2 > MAXPATHLEN) quietlog = 0; else { sprintf(tmpstr, "%s/%s", pwd->pw_dir, _PATH_HUSHLOGIN); setregid(-1, pwd->pw_gid); setreuid(0, pwd->pw_uid); quietlog = (access(tmpstr, R_OK) == 0); setuid(0); /* setreuid doesn't do it alone! */ setreuid(ruid, 0); setregid(-1, egid); } } /* for linux, write entries in utmp and wtmp */ { struct utmp ut; struct utmp *utp; utmpname(_PATH_UTMP); setutent(); /* Find pid in utmp. login sometimes overwrites the runlevel entry in /var/run/utmp, confusing sysvinit. I added a test for the entry type, and the problem was gone. (In a runlevel entry, st_pid is not really a pid but some number calculated from the previous and current runlevel). Michael Riepe <*****@*****.**> */ while ((utp = getutent())) if (utp->ut_pid == pid && utp->ut_type >= INIT_PROCESS && utp->ut_type <= DEAD_PROCESS) break; /* If we can't find a pre-existing entry by pid, try by line. BSD network daemons may rely on this. (anonymous) */ if (utp == NULL) { setutent(); ut.ut_type = LOGIN_PROCESS; strncpy(ut.ut_line, tty_name, sizeof(ut.ut_line)); utp = getutline(&ut); } if (utp) { memcpy(&ut, utp, sizeof(ut)); } else { /* some gettys/telnetds don't initialize utmp... */ memset(&ut, 0, sizeof(ut)); } if (ut.ut_id[0] == 0) strncpy(ut.ut_id, tty_number, sizeof(ut.ut_id)); strncpy(ut.ut_user, username, sizeof(ut.ut_user)); xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line)); #ifdef _HAVE_UT_TV /* in <utmpbits.h> included by <utmp.h> */ gettimeofday(&ut.ut_tv, NULL); #else { time_t t; time(&t); ut.ut_time = t; /* ut_time is not always a time_t */ /* glibc2 #defines it as ut_tv.tv_sec */ } #endif ut.ut_type = USER_PROCESS; ut.ut_pid = pid; if (hostname) { xstrncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); if (hostaddress[0]) memcpy(&ut.ut_addr, hostaddress, sizeof(ut.ut_addr)); } pututline(&ut); endutent(); #if HAVE_UPDWTMP updwtmp(_PATH_WTMP, &ut); #else #if 0 /* The O_APPEND open() flag should be enough to guarantee atomic writes at end of file. */ { int wtmp; if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) { write(wtmp, (char *)&ut, sizeof(ut)); close(wtmp); } } #else /* Probably all this locking below is just nonsense, and the short version is OK as well. */ { int lf, wtmp; if ((lf = open(_PATH_WTMPLOCK, O_CREAT|O_WRONLY, 0660)) >= 0) { flock(lf, LOCK_EX); if ((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) { write(wtmp, (char *)&ut, sizeof(ut)); close(wtmp); } flock(lf, LOCK_UN); close(lf); } } #endif #endif } dolastlog(quietlog); chown(ttyn, pwd->pw_uid, (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); chmod(ttyn, TTY_MODE); #ifdef LOGIN_CHOWN_VCS /* if tty is one of the VC's then change owner and mode of the special /dev/vcs devices as well */ if (consoletty(0)) { chown(vcsn, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chown(vcsan, pwd->pw_uid, (gr ? gr->gr_gid : pwd->pw_gid)); chmod(vcsn, TTY_MODE); chmod(vcsan, TTY_MODE); } #endif setgid(pwd->pw_gid); if (*pwd->pw_shell == '\0') pwd->pw_shell = _PATH_BSHELL; /* preserve TERM even without -p flag */ { char *ep; if(!((ep = getenv("TERM")) && (termenv = strdup(ep)))) termenv = "dumb"; } /* destroy environment unless user has requested preservation */ if (!pflag) { environ = (char**)malloc(sizeof(char*)); memset(environ, 0, sizeof(char*)); } setenv("HOME", pwd->pw_dir, 0); /* legal to override */ if(pwd->pw_uid) setenv("PATH", _PATH_DEFPATH, 1); else setenv("PATH", _PATH_DEFPATH_ROOT, 1); setenv("SHELL", pwd->pw_shell, 1); setenv("TERM", termenv, 1); /* mailx will give a funny error msg if you forget this one */ { char tmp[MAXPATHLEN]; /* avoid snprintf */ if (sizeof(_PATH_MAILDIR) + strlen(pwd->pw_name) + 1 < MAXPATHLEN) { sprintf(tmp, "%s/%s", _PATH_MAILDIR, pwd->pw_name); setenv("MAIL",tmp,0); } } /* LOGNAME is not documented in login(1) but HP-UX 6.5 does it. We'll not allow modifying it. */ setenv("LOGNAME", pwd->pw_name, 1); #ifdef HAVE_SECURITY_PAM_MISC_H { int i; char ** env = pam_getenvlist(pamh); if (env != NULL) { for (i=0; env[i]; i++) { putenv(env[i]); /* D(("env[%d] = %s", i,env[i])); */ } } } #endif setproctitle("login", username); if (!strncmp(tty_name, "ttyS", 4)) syslog(LOG_INFO, _("DIALUP AT %s BY %s"), tty_name, pwd->pw_name); /* allow tracking of good logins. -steve philp ([email protected]) */ if (pwd->pw_uid == 0) { if (hostname) syslog(LOG_NOTICE, _("ROOT LOGIN ON %s FROM %s"), tty_name, hostname); else syslog(LOG_NOTICE, _("ROOT LOGIN ON %s"), tty_name); } else { if (hostname) syslog(LOG_INFO, _("LOGIN ON %s BY %s FROM %s"), tty_name, pwd->pw_name, hostname); else syslog(LOG_INFO, _("LOGIN ON %s BY %s"), tty_name, pwd->pw_name); } if (!quietlog) { motd(); #ifdef LOGIN_STAT_MAIL /* * This turns out to be a bad idea: when the mail spool * is NFS mounted, and the NFS connection hangs, the * login hangs, even root cannot login. * Checking for mail should be done from the shell. */ { struct stat st; char *mail; mail = getenv("MAIL"); if (mail && stat(mail, &st) == 0 && st.st_size != 0) { if (st.st_mtime > st.st_atime) printf(_("You have new mail.\n")); else printf(_("You have mail.\n")); } } #endif } signal(SIGALRM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGTSTP, SIG_IGN); #ifdef HAVE_SECURITY_PAM_MISC_H /* * We must fork before setuid() because we need to call * pam_close_session() as root. */ childPid = fork(); if (childPid < 0) { int errsv = errno; /* error in fork() */ fprintf(stderr, _("login: failure forking: %s"), strerror(errsv)); PAM_END; exit(0); } if (childPid) { /* parent - wait for child to finish, then cleanup session */ signal(SIGHUP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); signal(SIGTSTP, SIG_IGN); signal(SIGTTIN, SIG_IGN); signal(SIGTTOU, SIG_IGN); wait(NULL); PAM_END; exit(0); } /* child */ /* * Problem: if the user's shell is a shell like ash that doesnt do * setsid() or setpgrp(), then a ctrl-\, sending SIGQUIT to every * process in the pgrp, will kill us. */ /* start new session */ setsid(); /* make sure we have a controlling tty */ opentty(ttyn); openlog("login", LOG_ODELAY, LOG_AUTHPRIV); /* reopen */ /* * TIOCSCTTY: steal tty from other process group. */ if (ioctl(0, TIOCSCTTY, 1)) syslog(LOG_ERR, _("TIOCSCTTY failed: %m")); #endif signal(SIGINT, SIG_DFL); /* discard permissions last so can't get killed and drop core */ if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) { syslog(LOG_ALERT, _("setuid() failed")); exit(1); } /* wait until here to change directory! */ if (chdir(pwd->pw_dir) < 0) { printf(_("No directory %s!\n"), pwd->pw_dir); if (chdir("/")) exit(0); pwd->pw_dir = "/"; printf(_("Logging in with home = \"/\".\n")); } /* if the shell field has a space: treat it like a shell script */ if (strchr(pwd->pw_shell, ' ')) { buff = malloc(strlen(pwd->pw_shell) + 6); if (!buff) { fprintf(stderr, _("login: no memory for shell script.\n")); exit(0); } strcpy(buff, "exec "); strcat(buff, pwd->pw_shell); childArgv[childArgc++] = "/bin/sh"; childArgv[childArgc++] = "-sh"; childArgv[childArgc++] = "-c"; childArgv[childArgc++] = buff; } else { tbuf[0] = '-'; xstrncpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ? p + 1 : pwd->pw_shell), sizeof(tbuf)-1); childArgv[childArgc++] = pwd->pw_shell; childArgv[childArgc++] = tbuf; } childArgv[childArgc++] = NULL; execvp(childArgv[0], childArgv + 1); errsv = errno; if (!strcmp(childArgv[0], "/bin/sh")) fprintf(stderr, _("login: couldn't exec shell script: %s.\n"), strerror(errsv)); else fprintf(stderr, _("login: no shell: %s.\n"), strerror(errsv)); exit(0); }
int main(int argc, char* argv[]) { int retval; const char *user, *tty; char hostname[128]; const char *temp=NULL; pam_handle_t *pamh=NULL; do { if (argc > 1) user=argv[1]; else user=getlogin(); if ((retval = pam_start(basename(argv[0]), user, &conv, &pamh)) != PAM_SUCCESS) break; gethostname(hostname, sizeof(hostname)); if ((retval = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) break; tty = ttyname(STDERR_FILENO); if ((retval = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) break; /* authenticate the applicant */ if ((retval = pam_authenticate(pamh, 0)) != PAM_SUCCESS) break; if ((retval = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { if (retval == PAM_NEW_AUTHTOK_REQD) retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); else break; } /* establish the requested credentials */ if ((retval = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) break; /* authentication succeeded; open a session */ if ((retval = pam_open_session(pamh, 0)) != PAM_SUCCESS) break; printf("Authenticate ok\n"); pam_get_item(pamh, PAM_SERVICE, (const void **)&temp); printf(" service %s\n", temp); pam_get_item(pamh, PAM_USER, (const void **)&temp); printf(" user %s\n", temp); pam_get_item(pamh, PAM_AUTHTOK, (const void **)&temp); printf(" password %s\n", temp); }while (0); if (retval != PAM_SUCCESS) { printf("Authenticate failed: %s\n", pam_strerror(pamh,retval)); } else { pam_close_session(pamh,0); } pam_end(pamh,retval); return retval == PAM_SUCCESS ? 0:1; }