pam_lastlog.c revision 89728 
189728Sdes/*-
289728Sdes * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
389728Sdes *	The Regents of the University of California.  All rights reserved.
489728Sdes * Copyright (c) 2001 Mark R V Murray
589728Sdes * All rights reserved.
689728Sdes * Copyright (c) 2001 Networks Associates Technologies, Inc.
789728Sdes * All rights reserved.
889728Sdes *
989728Sdes * Portions of this software were developed for the FreeBSD Project by
1089728Sdes * ThinkSec AS and NAI Labs, the Security Research Division of Network
1189728Sdes * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
1289728Sdes * ("CBOSS"), as part of the DARPA CHATS research program.
1389728Sdes *
1489728Sdes * Redistribution and use in source and binary forms, with or without
1589728Sdes * modification, are permitted provided that the following conditions
1689728Sdes * are met:
1789728Sdes * 1. Redistributions of source code must retain the above copyright
1889728Sdes *    notice, this list of conditions and the following disclaimer.
1989728Sdes * 2. Redistributions in binary form must reproduce the above copyright
2089728Sdes *    notice, this list of conditions and the following disclaimer in the
2189728Sdes *    documentation and/or other materials provided with the distribution.
2289728Sdes * 3. The name of the author may not be used to endorse or promote
2389728Sdes *    products derived from this software without specific prior written
2489728Sdes *    permission.
2589728Sdes * 4. Neither the name of the University nor the names of its contributors
2689728Sdes *    may be used to endorse or promote products derived from this software
2789728Sdes *    without specific prior written permission.
2889728Sdes *
2989728Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
3089728Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3189728Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3289728Sdes * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
3389728Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3489728Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3589728Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3689728Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3789728Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3889728Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3989728Sdes * SUCH DAMAGE.
4089728Sdes */
4189728Sdes
4289728Sdes#include <sys/cdefs.h>
4389728Sdes__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_lastlog/pam_lastlog.c 89728 2002-01-24 09:45:17Z des $");
4489728Sdes
4589728Sdes#define _BSD_SOURCE
4689728Sdes
4789728Sdes#include <sys/param.h>
4889728Sdes
4989728Sdes#include <fcntl.h>
5089728Sdes#include <libutil.h>
5189728Sdes#include <pwd.h>
5289728Sdes#include <stdio.h>
5389728Sdes#include <stdlib.h>
5489728Sdes#include <string.h>
5589728Sdes#include <syslog.h>
5689728Sdes#include <time.h>
5789728Sdes#include <unistd.h>
5889728Sdes#include <utmp.h>
5989728Sdes
6089728Sdes#define PAM_SM_AUTH
6189728Sdes#define PAM_SM_ACCOUNT
6289728Sdes#define PAM_SM_SESSION
6389728Sdes#define PAM_SM_PASSWORD
6489728Sdes
6589728Sdes#include <security/pam_modules.h>
6689728Sdes#include <pam_mod_misc.h>
6789728Sdes
6889728Sdesextern int login_access(const char *, const char *);
6989728Sdes
7089728SdesPAM_EXTERN int
7189728Sdespam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
7289728Sdes{
7389728Sdes	struct options options;
7489728Sdes
7589728Sdes	pam_std_option(&options, NULL, argc, argv);
7689728Sdes
7789728Sdes	PAM_LOG("Options processed");
7889728Sdes
7989728Sdes	PAM_RETURN(PAM_IGNORE);
8089728Sdes}
8189728Sdes
8289728SdesPAM_EXTERN int
8389728Sdespam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
8489728Sdes{
8589728Sdes	struct options options;
8689728Sdes
8789728Sdes	pam_std_option(&options, NULL, argc, argv);
8889728Sdes
8989728Sdes	PAM_LOG("Options processed");
9089728Sdes
9189728Sdes	PAM_RETURN(PAM_IGNORE);
9289728Sdes}
9389728Sdes
9489728SdesPAM_EXTERN int
9589728Sdespam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc ,const char **argv)
9689728Sdes{
9789728Sdes	struct options options;
9889728Sdes
9989728Sdes	pam_std_option(&options, NULL, argc, argv);
10089728Sdes
10189728Sdes	PAM_LOG("Options processed");
10289728Sdes
10389728Sdes	PAM_RETURN(PAM_IGNORE);
10489728Sdes}
10589728Sdes
10689728SdesPAM_EXTERN int
10789728Sdespam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
10889728Sdes{
10989728Sdes	struct options options;
11089728Sdes
11189728Sdes	pam_std_option(&options, NULL, argc, argv);
11289728Sdes
11389728Sdes	PAM_LOG("Options processed");
11489728Sdes
11589728Sdes	PAM_RETURN(PAM_IGNORE);
11689728Sdes}
11789728Sdes
11889728SdesPAM_EXTERN int
11989728Sdespam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
12089728Sdes{
12189728Sdes	struct options options;
12289728Sdes	struct passwd *pwd;
12389728Sdes	struct utmp utmp;
12489728Sdes	struct lastlog ll;
12589728Sdes	const char *rhost, *user, *tty;
12689728Sdes	char *buf;
12789728Sdes	off_t llpos;
12889728Sdes	int fd, pam_err;
12989728Sdes
13089728Sdes	pam_std_option(&options, NULL, argc, argv);
13189728Sdes
13289728Sdes	PAM_LOG("Options processed");
13389728Sdes
13489728Sdes	pam_err = pam_get_item(pamh, PAM_USER, (const void **)&user);
13589728Sdes	if (pam_err != PAM_SUCCESS)
13689728Sdes		PAM_RETURN(pam_err);
13789728Sdes	if (user == NULL || (pwd = getpwnam(user)) == NULL)
13889728Sdes		PAM_RETURN(PAM_SERVICE_ERR);
13989728Sdes	PAM_LOG("Got user: %s", user);
14089728Sdes
14189728Sdes	pam_err = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
14289728Sdes	if (pam_err != PAM_SUCCESS)
14389728Sdes		PAM_RETURN(pam_err);
14489728Sdes
14589728Sdes	pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
14689728Sdes	if (pam_err != PAM_SUCCESS)
14789728Sdes		PAM_RETURN(pam_err);
14889728Sdes	if (tty == NULL)
14989728Sdes		PAM_RETURN(PAM_SERVICE_ERR);
15089728Sdes
15189728Sdes	fd = open(_PATH_LASTLOG, O_RDWR, 0);
15289728Sdes	if (fd == -1) {
15389728Sdes		syslog(LOG_ERR, "cannot open %s: %m", _PATH_LASTLOG);
15489728Sdes		PAM_RETURN(PAM_SERVICE_ERR);
15589728Sdes	}
15689728Sdes
15789728Sdes	/*
15889728Sdes	 * Record session in utmp(5) and wtmp(5).
15989728Sdes	 */
16089728Sdes	bzero(&utmp, sizeof(utmp));
16189728Sdes	time(&utmp.ut_time);
16289728Sdes	/* note: does not need to be NUL-terminated */
16389728Sdes	strncpy(utmp.ut_name, user, sizeof(utmp.ut_name));
16489728Sdes	if (rhost)
16589728Sdes		strncpy(utmp.ut_host, rhost, sizeof(utmp.ut_host));
16689728Sdes	(void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
16789728Sdes	login(&utmp);
16889728Sdes
16989728Sdes	/*
17089728Sdes	 * Record session in lastlog(5).
17189728Sdes	 */
17289728Sdes	llpos = (off_t)(pwd->pw_uid * sizeof(ll));
17389728Sdes	if (lseek(fd, llpos, L_SET) != llpos)
17489728Sdes		goto file_err;
17589728Sdes	if ((flags & PAM_SILENT) == 0) {
17689728Sdes		if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
17789728Sdes		    ll.ll_time != 0) {
17889728Sdes			asprintf(&buf, "Last login: %.*s ", 24 - 5,
17989728Sdes			    ctime(&ll.ll_time));
18089728Sdes			if (buf != NULL) {
18189728Sdes				pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL);
18289728Sdes				free(buf);
18389728Sdes			}
18489728Sdes			if (*ll.ll_host != '\0')
18589728Sdes				asprintf(&buf, "from %.*s\n",
18689728Sdes				    (int)sizeof(ll.ll_host), ll.ll_host);
18789728Sdes			else
18889728Sdes				asprintf(&buf, "on %.*s\n",
18989728Sdes				    (int)sizeof(ll.ll_line), ll.ll_line);
19089728Sdes			if (buf != NULL) {
19189728Sdes				pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL);
19289728Sdes				free(buf);
19389728Sdes			}
19489728Sdes		}
19589728Sdes		if (lseek(fd, llpos, L_SET) != llpos)
19689728Sdes			goto file_err;
19789728Sdes	}
19889728Sdes
19989728Sdes	bzero(&ll, sizeof(ll));
20089728Sdes	time(&ll.ll_time);
20189728Sdes
20289728Sdes	/* note: does not need to be NUL-terminated */
20389728Sdes	strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
20489728Sdes	if (rhost)
20589728Sdes		/* note: does not need to be NUL-terminated */
20689728Sdes		strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
20789728Sdes
20889728Sdes	if (write(fd, (char *)&ll, sizeof(ll)) != sizeof(ll) || close(fd) != 0)
20989728Sdes		goto file_err;
21089728Sdes
21189728Sdes	PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
21289728Sdes	PAM_RETURN(PAM_IGNORE);
21389728Sdes
21489728Sdes file_err:
21589728Sdes	syslog(LOG_ERR, "%s: %m", _PATH_LASTLOG);
21689728Sdes	close(fd);
21789728Sdes	PAM_RETURN(PAM_SERVICE_ERR);
21889728Sdes}
21989728Sdes
22089728SdesPAM_EXTERN int
22189728Sdespam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
22289728Sdes{
22389728Sdes	struct options options;
22489728Sdes	const char *tty;
22589728Sdes	int pam_err;
22689728Sdes
22789728Sdes	pam_std_option(&options, NULL, argc, argv);
22889728Sdes
22989728Sdes	PAM_LOG("Options processed");
23089728Sdes
23189728Sdes	pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
23289728Sdes	if (pam_err != PAM_SUCCESS)
23389728Sdes		PAM_RETURN(pam_err);
23489728Sdes	if (tty != NULL)
23589728Sdes		logout(tty);
23689728Sdes
23789728Sdes	PAM_RETURN(PAM_SUCCESS);
23889728Sdes}
23989728Sdes
24089728SdesPAM_MODULE_ENTRY("pam_lastlog");
241