pam_lastlog.c revision 90229
189728Sdes/*- 289728Sdes * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 389728Sdes * The Regents of the University of California. All rights reserved. 489728Sdes * Copyright (c) 2001 Mark R V Murray 589728Sdes * All rights reserved. 689728Sdes * Copyright (c) 2001 Networks Associates Technologies, Inc. 789728Sdes * All rights reserved. 889728Sdes * 989728Sdes * Portions of this software were developed for the FreeBSD Project by 1089728Sdes * ThinkSec AS and NAI Labs, the Security Research Division of Network 1189728Sdes * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 1289728Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1389728Sdes * 1489728Sdes * Redistribution and use in source and binary forms, with or without 1589728Sdes * modification, are permitted provided that the following conditions 1689728Sdes * are met: 1789728Sdes * 1. Redistributions of source code must retain the above copyright 1889728Sdes * notice, this list of conditions and the following disclaimer. 1989728Sdes * 2. Redistributions in binary form must reproduce the above copyright 2089728Sdes * notice, this list of conditions and the following disclaimer in the 2189728Sdes * documentation and/or other materials provided with the distribution. 2289728Sdes * 3. The name of the author may not be used to endorse or promote 2389728Sdes * products derived from this software without specific prior written 2489728Sdes * permission. 2589728Sdes * 4. Neither the name of the University nor the names of its contributors 2689728Sdes * may be used to endorse or promote products derived from this software 2789728Sdes * without specific prior written permission. 2889728Sdes * 2989728Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 3089728Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 3189728Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 3289728Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 3389728Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 3489728Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 3589728Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3689728Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3789728Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3889728Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3989728Sdes * SUCH DAMAGE. 4089728Sdes */ 4189728Sdes 4289728Sdes#include <sys/cdefs.h> 4389728Sdes__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_lastlog/pam_lastlog.c 90229 2002-02-05 06:08:26Z des $"); 4489728Sdes 4589728Sdes#define _BSD_SOURCE 4689728Sdes 4789728Sdes#include <sys/param.h> 4889728Sdes 4989728Sdes#include <fcntl.h> 5089728Sdes#include <libutil.h> 5189728Sdes#include <pwd.h> 5289728Sdes#include <stdio.h> 5389728Sdes#include <stdlib.h> 5489728Sdes#include <string.h> 5589728Sdes#include <syslog.h> 5689728Sdes#include <time.h> 5789728Sdes#include <unistd.h> 5889728Sdes#include <utmp.h> 5989728Sdes 6089728Sdes#define PAM_SM_AUTH 6189728Sdes#define PAM_SM_ACCOUNT 6289728Sdes#define PAM_SM_SESSION 6389728Sdes#define PAM_SM_PASSWORD 6489728Sdes 6590229Sdes#include <security/pam_appl.h> 6689728Sdes#include <security/pam_modules.h> 6790229Sdes#include <security/pam_mod_misc.h> 6889728Sdes 6989728Sdesextern int login_access(const char *, const char *); 7089728Sdes 7189728SdesPAM_EXTERN int 7289760Smarkmpam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) 7389728Sdes{ 7489728Sdes struct options options; 7589728Sdes 7689728Sdes pam_std_option(&options, NULL, argc, argv); 7789728Sdes 7889728Sdes PAM_LOG("Options processed"); 7989728Sdes 8089728Sdes PAM_RETURN(PAM_IGNORE); 8189728Sdes} 8289728Sdes 8389728SdesPAM_EXTERN int 8489760Smarkmpam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) 8589728Sdes{ 8689728Sdes struct options options; 8789728Sdes 8889728Sdes pam_std_option(&options, NULL, argc, argv); 8989728Sdes 9089728Sdes PAM_LOG("Options processed"); 9189728Sdes 9289728Sdes PAM_RETURN(PAM_IGNORE); 9389728Sdes} 9489728Sdes 9589728SdesPAM_EXTERN int 9689760Smarkmpam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, int argc ,const char **argv) 9789728Sdes{ 9889728Sdes struct options options; 9989728Sdes 10089728Sdes pam_std_option(&options, NULL, argc, argv); 10189728Sdes 10289728Sdes PAM_LOG("Options processed"); 10389728Sdes 10489728Sdes PAM_RETURN(PAM_IGNORE); 10589728Sdes} 10689728Sdes 10789728SdesPAM_EXTERN int 10889760Smarkmpam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) 10989728Sdes{ 11089728Sdes struct options options; 11189728Sdes 11289728Sdes pam_std_option(&options, NULL, argc, argv); 11389728Sdes 11489728Sdes PAM_LOG("Options processed"); 11589728Sdes 11689728Sdes PAM_RETURN(PAM_IGNORE); 11789728Sdes} 11889728Sdes 11989728SdesPAM_EXTERN int 12089728Sdespam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) 12189728Sdes{ 12289728Sdes struct options options; 12389728Sdes struct passwd *pwd; 12489728Sdes struct utmp utmp; 12589728Sdes struct lastlog ll; 12689728Sdes const char *rhost, *user, *tty; 12789728Sdes char *buf; 12889728Sdes off_t llpos; 12989728Sdes int fd, pam_err; 13089728Sdes 13189728Sdes pam_std_option(&options, NULL, argc, argv); 13289728Sdes 13389728Sdes PAM_LOG("Options processed"); 13489728Sdes 13589728Sdes pam_err = pam_get_item(pamh, PAM_USER, (const void **)&user); 13689728Sdes if (pam_err != PAM_SUCCESS) 13789728Sdes PAM_RETURN(pam_err); 13889728Sdes if (user == NULL || (pwd = getpwnam(user)) == NULL) 13989728Sdes PAM_RETURN(PAM_SERVICE_ERR); 14089728Sdes PAM_LOG("Got user: %s", user); 14189728Sdes 14289728Sdes pam_err = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); 14389728Sdes if (pam_err != PAM_SUCCESS) 14489728Sdes PAM_RETURN(pam_err); 14589728Sdes 14689728Sdes pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty); 14789728Sdes if (pam_err != PAM_SUCCESS) 14889728Sdes PAM_RETURN(pam_err); 14989728Sdes if (tty == NULL) 15089728Sdes PAM_RETURN(PAM_SERVICE_ERR); 15189728Sdes 15289728Sdes fd = open(_PATH_LASTLOG, O_RDWR, 0); 15389728Sdes if (fd == -1) { 15489728Sdes syslog(LOG_ERR, "cannot open %s: %m", _PATH_LASTLOG); 15589728Sdes PAM_RETURN(PAM_SERVICE_ERR); 15689728Sdes } 15789728Sdes 15889728Sdes /* 15989728Sdes * Record session in lastlog(5). 16089728Sdes */ 16189728Sdes llpos = (off_t)(pwd->pw_uid * sizeof(ll)); 16289728Sdes if (lseek(fd, llpos, L_SET) != llpos) 16389728Sdes goto file_err; 16489728Sdes if ((flags & PAM_SILENT) == 0) { 16589728Sdes if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && 16689728Sdes ll.ll_time != 0) { 16789728Sdes asprintf(&buf, "Last login: %.*s ", 24 - 5, 16889728Sdes ctime(&ll.ll_time)); 16989728Sdes if (buf != NULL) { 17089728Sdes pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL); 17189728Sdes free(buf); 17289728Sdes } 17389728Sdes if (*ll.ll_host != '\0') 17489728Sdes asprintf(&buf, "from %.*s\n", 17589728Sdes (int)sizeof(ll.ll_host), ll.ll_host); 17689728Sdes else 17789728Sdes asprintf(&buf, "on %.*s\n", 17889728Sdes (int)sizeof(ll.ll_line), ll.ll_line); 17989728Sdes if (buf != NULL) { 18089728Sdes pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL); 18189728Sdes free(buf); 18289728Sdes } 18389728Sdes } 18489728Sdes if (lseek(fd, llpos, L_SET) != llpos) 18589728Sdes goto file_err; 18689728Sdes } 18789728Sdes 18889728Sdes bzero(&ll, sizeof(ll)); 18989728Sdes time(&ll.ll_time); 19089728Sdes 19189728Sdes /* note: does not need to be NUL-terminated */ 19289728Sdes strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 19389743Sdes if (rhost != NULL) 19489728Sdes /* note: does not need to be NUL-terminated */ 19589728Sdes strncpy(ll.ll_host, rhost, sizeof(ll.ll_host)); 19689728Sdes 19789728Sdes if (write(fd, (char *)&ll, sizeof(ll)) != sizeof(ll) || close(fd) != 0) 19889728Sdes goto file_err; 19989728Sdes 20089728Sdes PAM_LOG("Login recorded in %s", _PATH_LASTLOG); 20189748Sdes 20289748Sdes /* 20389748Sdes * Record session in utmp(5) and wtmp(5). 20489748Sdes */ 20589748Sdes bzero(&utmp, sizeof(utmp)); 20689748Sdes time(&utmp.ut_time); 20789748Sdes /* note: does not need to be NUL-terminated */ 20889748Sdes strncpy(utmp.ut_name, user, sizeof(utmp.ut_name)); 20989748Sdes if (rhost != NULL) 21089748Sdes strncpy(utmp.ut_host, rhost, sizeof(utmp.ut_host)); 21189748Sdes (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); 21289748Sdes login(&utmp); 21389748Sdes 21489728Sdes PAM_RETURN(PAM_IGNORE); 21589728Sdes 21689728Sdes file_err: 21789728Sdes syslog(LOG_ERR, "%s: %m", _PATH_LASTLOG); 21889728Sdes close(fd); 21989728Sdes PAM_RETURN(PAM_SERVICE_ERR); 22089728Sdes} 22189728Sdes 22289728SdesPAM_EXTERN int 22390145Smarkmpam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) 22489728Sdes{ 22589728Sdes struct options options; 22689728Sdes 22789728Sdes pam_std_option(&options, NULL, argc, argv); 22889728Sdes 22989728Sdes PAM_LOG("Options processed"); 23089728Sdes 23189728Sdes PAM_RETURN(PAM_SUCCESS); 23289728Sdes} 23389728Sdes 23489728SdesPAM_MODULE_ENTRY("pam_lastlog"); 235