diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_time/pam_time.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_time/pam_time.c')
| -rw-r--r-- | modules/pam_time/pam_time.c | 80 |
1 files changed, 44 insertions, 36 deletions
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 26a374b5..089ae22d 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -1,6 +1,6 @@ -/* pam_time module */ - /* + * pam_time module + * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/6/22 * (File syntax and much other inspiration from the shadow package * shadow-960129) @@ -23,6 +23,12 @@ #include <fcntl.h> #include <netdb.h> +#include <security/_pam_macros.h> +#include <security/pam_modules.h> +#include <security/pam_ext.h> +#include <security/pam_modutil.h> +#include "pam_inline.h" + #ifdef HAVE_LIBAUDIT #include <libaudit.h> #endif @@ -42,27 +48,15 @@ typedef enum { AND, OR } operator; -/* - * here, we make definitions for the externally accessible functions - * in this file (these definitions are required for static modules - * but strongly encouraged generally) they are used to instruct the - * modules include file to define their prototypes. - */ - -#define PAM_SM_ACCOUNT - -#include <security/_pam_macros.h> -#include <security/pam_modules.h> -#include <security/pam_ext.h> -#include <security/pam_modutil.h> - static int -_pam_parse (const pam_handle_t *pamh, int argc, const char **argv) +_pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile) { int ctrl = 0; + *conffile = PAM_TIME_CONF; /* step through arguments */ for (; argc-- > 0; ++argv) { + const char *str; /* generic options */ @@ -70,7 +64,15 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) ctrl |= PAM_DEBUG_ARG; } else if (!strcmp(*argv, "noaudit")) { ctrl |= PAM_NO_AUDIT; - } else { + } else if ((str = pam_str_skip_prefix(*argv, "conffile=")) != NULL) { + if (str[0] == '\0') { + pam_syslog(pamh, LOG_ERR, + "conffile= specification missing argument - ignored"); + } else { + *conffile = str; + D(("new Configuration File: %s", *conffile)); + } + } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } @@ -108,7 +110,7 @@ trim_spaces(char *buf, char *from) #define STATE_EOF 3 /* end of file or error */ static int -read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) +read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, const char *file) { char *to; char *src; @@ -127,9 +129,9 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) } *from = 0; *state = STATE_NL; - fd = open(PAM_TIME_CONF, O_RDONLY); + fd = open(file, O_RDONLY); if (fd < 0) { - pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_TIME_CONF); + pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file); _pam_drop(*buf); *state = STATE_EOF; return -1; @@ -145,7 +147,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) while (fd != -1 && to - *buf < PAM_TIME_BUFLEN) { i = pam_modutil_read(fd, to, PAM_TIME_BUFLEN - (to - *buf)); if (i < 0) { - pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_TIME_CONF); + pam_syslog(pamh, LOG_ERR, "error reading %s: %m", file); close(fd); memset(*buf, 0, PAM_TIME_BUFLEN); _pam_drop(*buf); @@ -213,6 +215,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++src; /* skip it */ break; } + /* fallthrough */ default: *to++ = c; onspace = 0; @@ -327,6 +330,7 @@ logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule, return FALSE; } next = VAL; + not = FALSE; } at += l; } @@ -504,7 +508,7 @@ check_time(pam_handle_t *pamh, const void *AT, const char *times, static int check_account(pam_handle_t *pamh, const char *service, - const char *tty, const char *user) + const char *tty, const char *user, const char *file) { int from=0, state=STATE_NL, fd=-1; char *buffer=NULL; @@ -518,7 +522,7 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the service name field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (!buffer || !buffer[0]) { /* empty line .. ? */ continue; @@ -527,7 +531,7 @@ check_account(pam_handle_t *pamh, const char *service, if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } @@ -536,10 +540,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the terminal name field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } good &= logic_field(pamh, tty, buffer, count, is_same); @@ -547,10 +551,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the username field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_TIME_CONF, count); + "%s: malformed rule #%d", file, count); continue; } /* If buffer starts with @, we are using netgroups */ @@ -566,10 +570,10 @@ check_account(pam_handle_t *pamh, const char *service, /* here we get the time field */ - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, file); if (state == STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: poorly terminated rule #%d", PAM_TIME_CONF, count); + "%s: poorly terminated rule #%d", file, count); continue; } @@ -599,10 +603,15 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, const void *service=NULL, *void_tty=NULL; const char *tty; const char *user=NULL; + const char *conf_file = NULL; int ctrl; int rv; - ctrl = _pam_parse(pamh, argc, argv); + ctrl = _pam_parse(pamh, argc, argv, &conf_file); + + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, "conffile=%s", conf_file); + } /* set service name */ @@ -614,9 +623,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "can not get the username"); + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } @@ -651,7 +659,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, D(("user=%s", user)); D(("tty=%s", tty)); - rv = check_account(pamh, service, tty, user); + rv = check_account(pamh, service, tty, user, conf_file); if (rv != PAM_SUCCESS) { #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { |