1
/* pam_securetty module */
3
#define SECURETTY_FILE "/etc/securetty"
4
#define TTY_PREFIX "/dev/"
7
* by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
9
* This code shamelessly ripped from the pam_rootok module.
10
* Slight modifications AGM. 1996/12/3
17
#include <sys/types.h>
28
* here, we make a definition for the externally accessible function
29
* in this file (this definition is required for static a module
30
* but strongly encouraged generally) it is used to instruct the
31
* modules include file to define the function prototypes.
36
#include <security/pam_modules.h>
37
#include <security/_pam_modutil.h>
41
static void _pam_log(int err, const char *format, ...)
45
va_start(args, format);
46
openlog("PAM-securetty", LOG_CONS|LOG_PID, LOG_AUTH);
47
vsyslog(err, format, args);
52
/* argument parsing */
54
#define PAM_DEBUG_ARG 0x0001
56
static int _pam_parse(int argc, const char **argv)
60
/* step through arguments */
61
for (ctrl=0; argc-- > 0; ++argv) {
65
if (!strcmp(*argv,"debug"))
66
ctrl |= PAM_DEBUG_ARG;
68
_pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
75
/* --- authentication management functions (only) --- */
78
int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
81
int retval = PAM_AUTH_ERR;
84
struct passwd *user_pwd;
88
/* parse the arguments */
89
ctrl = _pam_parse(argc, argv);
91
retval = pam_get_user(pamh, &username, NULL);
92
if (retval != PAM_SUCCESS || username == NULL) {
93
if (ctrl & PAM_DEBUG_ARG) {
94
_pam_log(LOG_WARNING, "cannot determine username");
96
return (retval == PAM_CONV_AGAIN
97
? PAM_INCOMPLETE:PAM_SERVICE_ERR);
100
retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname);
101
if (retval != PAM_SUCCESS || uttyname == NULL) {
102
if (ctrl & PAM_DEBUG_ARG) {
103
_pam_log(LOG_WARNING, "cannot determine user's tty");
105
return PAM_SERVICE_ERR;
108
user_pwd = getpwnam(username);
109
if (user_pwd == NULL) {
111
} else if (user_pwd->pw_uid != 0) { /* If the user is not root,
112
securetty's does not apply
117
retval = _pammodutil_tty_secure( uttyname);
118
if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG))
119
_pam_log(LOG_DEBUG, "access allowed for '%s' on '%s'",
125
int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
134
/* static module data */
136
struct pam_module _pam_securetty_modstruct = {
148
/* end of module definition */