1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22/* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27#pragma ident "%Z%%M% %I% %E% SMI" 28 29#include <sys/param.h> 30#include <security/pam_appl.h> 31#include <security/pam_modules.h> 32#include <pwd.h> 33#include <shadow.h> 34#include <string.h> 35#include <rpc/types.h> 36#include <rpc/auth.h> 37#include <locale.h> 38#include <crypt.h> 39#include <syslog.h> 40 41extern int ruserok(const char *, int, const char *, const char *); 42 43/* 44 * pam_sm_authenticate - Checks if the user is allowed remote access 45 */ 46/*ARGSUSED*/ 47int 48pam_sm_authenticate( 49 pam_handle_t *pamh, 50 int flags, 51 int argc, 52 const char **argv) 53{ 54 char *host = NULL, *lusername = NULL; 55 struct passwd pwd; 56 char pwd_buffer[1024]; 57 int is_superuser; 58 char *rusername; 59 int i; 60 int debug = 0; 61 62 for (i = 0; i < argc; i++) { 63 if (strcasecmp(argv[i], "debug") == 0) 64 debug = 1; 65 else 66 syslog(LOG_DEBUG, "illegal option %s", argv[i]); 67 } 68 69 if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS) 70 return (PAM_SERVICE_ERR); 71 if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS) 72 return (PAM_SERVICE_ERR); 73 if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS) 74 return (PAM_SERVICE_ERR); 75 76 if (lusername == NULL || *lusername == '\0') 77 return (PAM_USER_UNKNOWN); 78 if (rusername == NULL || *rusername == '\0') 79 return (PAM_AUTH_ERR); 80 if (host == NULL || *host == '\0') 81 return (PAM_AUTH_ERR); 82 83 if (debug) { 84 syslog(LOG_DEBUG, 85 "rhosts authenticate: user = %s, host = %s", 86 lusername, host); 87 } 88 89 if (getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer)) 90 == NULL) 91 return (PAM_USER_UNKNOWN); 92 93 if (pwd.pw_uid == 0) 94 is_superuser = 1; 95 else 96 is_superuser = 0; 97 98 return (ruserok(host, is_superuser, rusername, lusername) 99 == -1 ? PAM_AUTH_ERR : PAM_SUCCESS); 100 101} 102 103/* 104 * dummy pam_sm_setcred - does nothing 105 */ 106/*ARGSUSED*/ 107int 108pam_sm_setcred( 109 pam_handle_t *pamh, 110 int flags, 111 int argc, 112 const char **argv) 113{ 114 return (PAM_IGNORE); 115} 116