pam_securetty.c revision 79476 
1/*-
2 * Copyright (c) 2001 Mark R V Murray
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/lib/libpam/modules/pam_securetty/pam_securetty.c 79476 2001-07-09 18:20:51Z markm $
27 */
28
29#include <sys/types.h>
30#include <sys/stat.h>
31#include <pwd.h>
32#include <ttyent.h>
33#include <string.h>
34
35#define PAM_SM_AUTH
36#include <security/pam_modules.h>
37#include <pam_mod_misc.h>
38
39#define TTY_PREFIX	"/dev/"
40
41PAM_EXTERN int
42pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
43{
44	struct options options;
45	struct ttyent *ttyfileinfo;
46	struct passwd *user_pwd;
47	int retval;
48	const char *user, *ttyname;
49
50	pam_std_option(&options, NULL, argc, argv);
51
52	PAM_LOG("Options processed");
53
54	retval = pam_get_user(pamh, &user, NULL);
55	if (retval != PAM_SUCCESS)
56		PAM_RETURN(retval);
57
58	PAM_LOG("Got user: %s", user);
59
60	retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname);
61	if (retval != PAM_SUCCESS)
62		PAM_RETURN(retval);
63
64	PAM_LOG("Got TTY: %s", ttyname);
65
66	/* Ignore any "/dev/" on the PAM_TTY item */
67	if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0)
68		ttyname += sizeof(TTY_PREFIX) - 1;
69
70	/* If the user is not root, secure ttys do not apply */
71	user_pwd = getpwnam(user);
72	if (user_pwd == NULL)
73		PAM_RETURN(PAM_IGNORE);
74	else if (user_pwd->pw_uid != 0)
75		PAM_RETURN(PAM_SUCCESS);
76
77	PAM_LOG("User is not root");
78
79	ttyfileinfo = getttynam(ttyname);
80	if (ttyfileinfo == NULL)
81		PAM_RETURN(PAM_SERVICE_ERR);
82
83	PAM_LOG("Got ttyfileinfo");
84
85	if (ttyfileinfo->ty_status & TTY_SECURE)
86		PAM_RETURN(PAM_SUCCESS);
87	else
88		PAM_RETURN(PAM_PERM_DENIED);
89}
90
91PAM_EXTERN
92int
93pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
94{
95	return PAM_SUCCESS;
96}
97
98PAM_MODULE_ENTRY("pam_securetty");
99