1 files changed, 81 insertions, 56 deletions

diff --git a/Linux-PAM/modules/pam_shells/pam_shells.c b/Linux-PAM/modules/pam_shells/pam_shells.c
index 36dd1a91..64359eac 100644
--- a/Linux-PAM/modules/pam_shells/pam_shells.c
+++ b/Linux-PAM/modules/pam_shells/pam_shells.c
@@ -12,8 +12,10 @@
 
 #include <pwd.h>
 #include <stdarg.h>
+#include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <sys/stat.h>
 #include <syslog.h>
 #include <unistd.h>
@@ -26,8 +28,10 @@
  */
 
 #define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
+#include <security/_pam_modutil.h>
 
 /* some syslogging */
 
@@ -42,77 +46,98 @@ static void _pam_log(int err, const char *format, ...)
     closelog();
 }
 
-/* --- authentication management functions (only) --- */
-
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
-			,const char **argv)
+static int perform_check(pam_handle_t *pamh, int flags)
 {
-     int retval = PAM_AUTH_ERR;
-     const char *userName;
-     char *userShell;
-     char shellFileLine[256];
-     struct stat sb;
-     struct passwd * pw;
-     FILE * shellFile;
-
-     retval = pam_get_user(pamh,&userName,NULL);
-     if(retval != PAM_SUCCESS) 
-       return PAM_SERVICE_ERR;
-
-     if(!userName || (strlen(userName) <= 0)) {
-       /* Don't let them use a NULL username... */
-       pam_get_user(pamh,&userName,NULL);
+    int retval = PAM_AUTH_ERR;
+    const char *userName;
+    char *userShell;
+    char shellFileLine[256];
+    struct stat sb;
+    struct passwd * pw;
+    FILE * shellFile;
+
+    retval = pam_get_user(pamh, &userName, NULL);
+    if (retval != PAM_SUCCESS) {
+	return PAM_SERVICE_ERR;
+    }
+
+    if (!userName || (userName[0] == '\0')) {
+
+	/* Don't let them use a NULL username... */
+	retval = pam_get_user(pamh,&userName,NULL);
         if (retval != PAM_SUCCESS)
-	  return PAM_SERVICE_ERR;
-     }
+	    return PAM_SERVICE_ERR;
 
-     pw = getpwnam(userName);
-     if (!pw)
+	/* It could still be NULL the second time. */
+    	if (!userName || (userName[0] == '\0'))
+	    return PAM_SERVICE_ERR;
+    }
+
+    pw = _pammodutil_getpwnam(pamh, userName);
+    if (!pw) {
 	return PAM_AUTH_ERR;		/* user doesn't exist */
-     userShell = pw->pw_shell;
+    }
+    userShell = pw->pw_shell;
 
-     if(stat(SHELL_FILE,&sb)) {
-	_pam_log(LOG_ERR,
-	        "%s cannot be stat'd (it probably does not exist)", SHELL_FILE);
+    if (stat(SHELL_FILE,&sb)) {
+	_pam_log(LOG_ERR, "%s cannot be stat'd (it probably does not exist)",
+		 SHELL_FILE);
 	return PAM_AUTH_ERR;		/* must have /etc/shells */
-     }
+    }
 
-     if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
-	_pam_log(LOG_ERR,
-	        "%s is either world writable or not a normal file", SHELL_FILE);
+    if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+	_pam_log(LOG_ERR, "%s is either world writable or not a normal file",
+		 SHELL_FILE);
 	return PAM_AUTH_ERR;
-     }
+    }
 
-     shellFile = fopen(SHELL_FILE,"r");
-     if(shellFile == NULL) { /* Check that we opened it successfully */
+    shellFile = fopen(SHELL_FILE,"r");
+    if (shellFile == NULL) {       /* Check that we opened it successfully */
 	_pam_log(LOG_ERR,
-	        "Error opening %s", SHELL_FILE);
-       return PAM_SERVICE_ERR;
-     }
-     /* There should be no more errors from here on */
-     retval=PAM_AUTH_ERR;
-     /* This loop assumes that PAM_SUCCESS == 0
-        and PAM_AUTH_ERR != 0 */
-     while((fgets(shellFileLine,255,shellFile) != NULL) 
-	   && retval) {
-       if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
-	   shellFileLine[strlen(shellFileLine) - 1] = '\0';
-       retval = strcmp(shellFileLine, userShell);
-     }
-     fclose(shellFile);
-     if(retval)
-       retval = PAM_AUTH_ERR;
-     return retval;
+		 "Error opening %s", SHELL_FILE);
+	return PAM_SERVICE_ERR;
+    }
+
+    retval = 1;
+
+    while(retval && (fgets(shellFileLine, 255, shellFile) != NULL)) {
+	if (shellFileLine[strlen(shellFileLine) - 1] == '\n')
+	    shellFileLine[strlen(shellFileLine) - 1] = '\0';
+	retval = strcmp(shellFileLine, userShell);
+    }
+
+    fclose(shellFile);
+
+    if (retval) {
+	return PAM_AUTH_ERR;
+    } else {
+	return PAM_SUCCESS;
+    }
+}
+
+/* --- authentication management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+			const char **argv)
+{
+    return perform_check(pamh, flags);
 }
 
 PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
-		   ,const char **argv)
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,const char **argv)
 {
      return PAM_SUCCESS;
 }
 
+/* --- account management functions (only) --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+		     const char **argv)
+{
+    return perform_check(pamh, flags);
+}
 
 #ifdef PAM_STATIC
 
@@ -122,12 +147,12 @@ struct pam_module _pam_shells_modstruct = {
      "pam_shells",
      pam_sm_authenticate,
      pam_sm_setcred,
-     NULL,
+     pam_sm_acct_mgmt,
      NULL,
      NULL,
      NULL,
 };
 
-#endif
+#endif /* PAM_STATIC */
 
 /* end of module definition */