Home | History | Annotate | Download | only in rhosts_auth
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License, Version 1.0 only
      6  * (the "License").  You may not use this file except in compliance
      7  * with the License.
      8  *
      9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10  * or http://www.opensolaris.org/os/licensing.
     11  * See the License for the specific language governing permissions
     12  * and limitations under the License.
     13  *
     14  * When distributing Covered Code, include this CDDL HEADER in each
     15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16  * If applicable, add the following below this CDDL HEADER, with the
     17  * fields enclosed by brackets "[]" replaced with your own identifying
     18  * information: Portions Copyright [yyyy] [name of copyright owner]
     19  *
     20  * CDDL HEADER END
     21  */
     22 /*
     23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     28 
     29 #include <sys/param.h>
     30 #include <security/pam_appl.h>
     31 #include <security/pam_modules.h>
     32 #include <pwd.h>
     33 #include <shadow.h>
     34 #include <string.h>
     35 #include <rpc/types.h>
     36 #include <rpc/auth.h>
     37 #include <locale.h>
     38 #include <crypt.h>
     39 #include <syslog.h>
     40 
     41 extern int ruserok(const char *, int, const char *, const char *);
     42 
     43 /*
     44  * pam_sm_authenticate	- Checks if the user is allowed remote access
     45  */
     46 /*ARGSUSED*/
     47 int
     48 pam_sm_authenticate(
     49 	pam_handle_t	*pamh,
     50 	int	flags,
     51 	int	argc,
     52 	const char	**argv)
     53 {
     54 	char *host = NULL, *lusername = NULL;
     55 	struct passwd pwd;
     56 	char pwd_buffer[1024];
     57 	int	is_superuser;
     58 	char	*rusername;
     59 	int	i;
     60 	int	debug = 0;
     61 
     62 	for (i = 0; i < argc; i++) {
     63 		if (strcasecmp(argv[i], "debug") == 0)
     64 			debug = 1;
     65 		else
     66 			syslog(LOG_DEBUG, "illegal option %s", argv[i]);
     67 	}
     68 
     69 	if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS)
     70 		return (PAM_SERVICE_ERR);
     71 	if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS)
     72 		return (PAM_SERVICE_ERR);
     73 	if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS)
     74 		return (PAM_SERVICE_ERR);
     75 
     76 	if (lusername == NULL || *lusername == '\0')
     77 		return (PAM_USER_UNKNOWN);
     78 	if (rusername == NULL || *rusername == '\0')
     79 		return (PAM_AUTH_ERR);
     80 	if (host == NULL || *host == '\0')
     81 		return (PAM_AUTH_ERR);
     82 
     83 	if (debug) {
     84 		syslog(LOG_DEBUG,
     85 			"rhosts authenticate: user = %s, host = %s",
     86 			lusername, host);
     87 	}
     88 
     89 	if (getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer))
     90 								== NULL)
     91 		return (PAM_USER_UNKNOWN);
     92 
     93 	if (pwd.pw_uid == 0)
     94 		is_superuser = 1;
     95 	else
     96 		is_superuser = 0;
     97 
     98 	return (ruserok(host, is_superuser, rusername, lusername)
     99 		== -1 ? PAM_AUTH_ERR : PAM_SUCCESS);
    100 
    101 }
    102 
    103 /*
    104  * dummy pam_sm_setcred - does nothing
    105  */
    106 /*ARGSUSED*/
    107 int
    108 pam_sm_setcred(
    109 	pam_handle_t	*pamh,
    110 	int	flags,
    111 	int	argc,
    112 	const char	**argv)
    113 {
    114 	return (PAM_IGNORE);
    115 }
    116