[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM OPIE opieaccess checking



/* pam_opietrust.c
 *
 * Copyright (C) 1999 by Mark Atwood <mra@pobox.com>
 * You may redistribute this module under the GNU Public License version 2.
 *
 */

/* NO WARRANTY: THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  */

/* The following options are permitted in the pam.conf file:
   
   debug = enable debugging output to syslog(AUTHPRIV.DEBUG)
   
 */

/* Capabilities provided by this module */
#define PAM_SM_AUTH

#include <stdio.h>
#include <syslog.h>
#include <string.h>

#include <security/pam_modules.h>
#include <security/pam_misc.h>

#include <opie.h>

/* Prototypes */
int read_options(int argc, const char ** argv);

/* Module-globals representing command-line flags */
int debug=0;



/* pam_sm_authenticate: Entry point for a PAM request to validate a user. */

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,
				   int flags,
				   int argc,
				   const char **argv)
{
  char const *pam_rhost;

  int rc;

  rc = read_options(argc, argv);
  if (rc != PAM_SUCCESS) return rc;

  rc = pam_get_item(pamh, PAM_RHOST, &pam_rhost);
  if ((rc != PAM_SUCCESS)
      || (pam_rhost == NULL)
      || (strlen(pam_rhost) <= 0)) {
    if (debug) {
      syslog(LOG_AUTHPRIV|LOG_WARNING,
	     "pam_opietrust: cant get PAM_RHOST."
	     " Assuming local trusted connection");
      return PAM_SUCCESS;
    }
  }

  if (opieaccessfile(pam_rhost)) {
    if (debug)
      syslog(LOG_AUTHPRIV|LOG_NOTICE,
	     "pam_opietrust: remotehost %s trusted",
	     pam_rhost);
      return PAM_SUCCESS;
  } else {
    syslog(LOG_AUTHPRIV|LOG_WARNING,
	   "pam_opietrust: remotehost %s not trusted",
	   pam_rhost);
    return PAM_AUTH_ERR;
  }
}

PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, 
			      int flags,
			      int argc, 
			      const char **argv)
{
  return PAM_SUCCESS;
}

/* Read "command-line" options */
int read_options(int argc, const char **argv)
{
  int i;
  for (i=0; i<argc; i++) {
    if (!strcmp(argv[i], "debug")) 
      debug++;
    else /* PAM spec says unknown options must be ignored */
      syslog(LOG_AUTHPRIV|LOG_WARNING,
	     "pam_opietrust: unknown argument '%s'",
	     argv[i]);
  }
  return PAM_SUCCESS;
}



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []