diff options
Diffstat (limited to 'modules/pam_localuser')
| -rw-r--r-- | modules/pam_localuser/.cvsignore | 8 | ||||
| -rw-r--r-- | modules/pam_localuser/Makefile.am | 31 | ||||
| -rw-r--r-- | modules/pam_localuser/README | 38 | ||||
| -rw-r--r-- | modules/pam_localuser/README.xml | 41 | ||||
| -rw-r--r-- | modules/pam_localuser/pam_localuser.8 | 88 | ||||
| -rw-r--r-- | modules/pam_localuser/pam_localuser.8.xml | 173 | ||||
| -rw-r--r-- | modules/pam_localuser/pam_localuser.c | 174 | ||||
| -rwxr-xr-x | modules/pam_localuser/tst-pam_localuser | 2 |
8 files changed, 0 insertions, 555 deletions
diff --git a/modules/pam_localuser/.cvsignore b/modules/pam_localuser/.cvsignore deleted file mode 100644 index 621104aa..00000000 --- a/modules/pam_localuser/.cvsignore +++ /dev/null @@ -1,8 +0,0 @@ -*.la -*.lo -*.so -*~ -.deps -.libs -Makefile -Makefile.in diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am deleted file mode 100644 index ae331755..00000000 --- a/modules/pam_localuser/Makefile.am +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_localuser - -TESTS = tst-pam_localuser - -man_MANS = pam_localuser.8 -XMLS = README.xml pam_localuser.8.xml - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -AM_LDFLAGS = -no-undefined -avoid-version -module \ - -L$(top_builddir)/libpam -lpam -if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -securelib_LTLIBRARIES = pam_localuser.la - -if ENABLE_REGENERATE_MAN -noinst_DATA = README -README: pam_localuser.8.xml --include $(top_srcdir)/Make.xml.rules -endif - diff --git a/modules/pam_localuser/README b/modules/pam_localuser/README deleted file mode 100644 index 50663ead..00000000 --- a/modules/pam_localuser/README +++ /dev/null @@ -1,38 +0,0 @@ -pam_localuser — require users to be listed in /etc/passwd - -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -DESCRIPTION - -pam_localuser is a PAM module to help implementing site-wide login policies, -where they typically include a subset of the network's users and a few accounts -that are local to a particular workstation. Using pam_localuser and pam_wheel -or pam_listfile is an effective way to restrict access to either local users -and/or a subset of the network's users. - -This could also be implemented using pam_listfile.so and a very short awk -script invoked by cron, but it's common enough to have been separated out. - -OPTIONS - -debug - - Print debug information. - -file=/path/passwd - - Use a file other than /etc/passwd. - -EXAMPLES - -Add the following line to /etc/pam.d/su to allow only local users in group -wheel to use su. - -account sufficient pam_localuser.so -account required pam_wheel.so - - -AUTHOR - -pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. - diff --git a/modules/pam_localuser/README.xml b/modules/pam_localuser/README.xml deleted file mode 100644 index 4ab56d9d..00000000 --- a/modules/pam_localuser/README.xml +++ /dev/null @@ -1,41 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_localuser.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 deleted file mode 100644 index e88f0b57..00000000 --- a/modules/pam_localuser/pam_localuser.8 +++ /dev/null @@ -1,88 +0,0 @@ -.\" Title: pam_localuser -.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.0 <http://docbook.sf.net/> -.\" Date: 12/13/2006 -.\" Manual: Linux\-PAM Manual -.\" Source: Linux\-PAM Manual -.\" -.TH "PAM_LOCALUSER" "8" "12/13/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.SH "NAME" -pam_localuser \- require users to be listed in /etc/passwd -.SH "SYNOPSIS" -.HP 17 -\fBpam_localuser.so\fR [debug] [file=\fI/path/passwd\fR] -.SH "DESCRIPTION" -.PP -pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users. -.PP -This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out. -.SH "OPTIONS" -.PP -.PP -\fBdebug\fR -.RS 3n -Print debug information. -.RE -.PP -\fBfile=\fR\fB\fI/path/passwd\fR\fR -.RS 3n -Use a file other than -\fI/etc/passwd\fR. -.RE -.SH "MODULE SERVICES PROVIDED" -.PP -All services (\fBaccount\fR, -\fBauth\fR, -\fBpassword\fR -and -\fBsession\fR) are supported. -.SH "RETURN VALUES" -.PP -.PP -PAM_SUCCESS -.RS 3n -The new localuser was set successfull. -.RE -.PP -PAM_SERVICE_ERR -.RS 3n -No username was given. -.RE -.PP -PAM_USER_UNKNOWN -.RS 3n -User not known. -.RE -.SH "EXAMPLES" -.PP -Add the following line to -\fI/etc/pam.d/su\fR -to allow only local users in group wheel to use su. -.sp -.RS 3n -.nf -account sufficient pam_localuser.so -account required pam_wheel.so - -.fi -.RE -.sp -.SH "FILES" -.PP -\fI/etc/passwd\fR -.RS 3n -Local user account information. -.RE -.SH "SEE ALSO" -.PP - -\fBpam.conf\fR(5), -\fBpam.d\fR(8), -\fBpam\fR(8) -.SH "AUTHOR" -.PP -pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml deleted file mode 100644 index ac00ce99..00000000 --- a/modules/pam_localuser/pam_localuser.8.xml +++ /dev/null @@ -1,173 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_localuser"> - - <refmeta> - <refentrytitle>pam_localuser</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_localuser-name"> - <refname>pam_localuser</refname> - <refpurpose>require users to be listed in /etc/passwd</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_localuser-cmdsynopsis"> - <command>pam_localuser.so</command> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - file=<replaceable>/path/passwd</replaceable> - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_localuser-description"> - - <title>DESCRIPTION</title> - - <para> - pam_localuser is a PAM module to help implementing site-wide login - policies, where they typically include a subset of the network's - users and a few accounts that are local to a particular workstation. - Using pam_localuser and pam_wheel or pam_listfile is an effective - way to restrict access to either local users and/or a subset of the - network's users. - </para> - <para> - This could also be implemented using pam_listfile.so and a very - short awk script invoked by cron, but it's common enough to have - been separated out. - </para> - - </refsect1> - - <refsect1 id="pam_localuser-options"> - - <title>OPTIONS</title> - <para> - <variablelist> - - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Print debug information. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <option>file=<replaceable>/path/passwd</replaceable></option> - </term> - <listitem> - <para> - Use a file other than <filename>/etc/passwd</filename>. - </para> - </listitem> - </varlistentry> - - </variablelist> - - </para> - </refsect1> - - <refsect1 id="pam_localuser-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - All services (<option>account</option>, <option>auth</option>, - <option>password</option> and <option>session</option>) are supported. - </para> - </refsect1> - - <refsect1 id='pam_localuser-return_values'> - <title>RETURN VALUES</title> - <para> - <variablelist> - - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The new localuser was set successfull. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para> - No username was given. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User not known. - </para> - </listitem> - </varlistentry> - - </variablelist> - </para> - </refsect1> - - <refsect1 id='pam_localuser-examples'> - <title>EXAMPLES</title> - <para> - Add the following line to <filename>/etc/pam.d/su</filename> to - allow only local users in group wheel to use su. - <programlisting> -account sufficient pam_localuser.so -account required pam_wheel.so - </programlisting> - </para> - </refsect1> - - <refsect1 id="pam_localuser-files"> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/etc/passwd</filename></term> - <listitem> - <para>Local user account information.</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_localuser-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_localuser-author'> - <title>AUTHOR</title> - <para> - pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c deleted file mode 100644 index aa43bc4c..00000000 --- a/modules/pam_localuser/pam_localuser.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Copyright 2001, 2004 Red Hat, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -#include <errno.h> -#include <limits.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <stdio.h> -#include <stdarg.h> -#include <time.h> -#include <unistd.h> -#include <sys/stat.h> -#include <sys/types.h> - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#include <security/pam_modules.h> -#include <security/_pam_macros.h> -#include <security/pam_ext.h> - -#define MODULE_NAME "pam_localuser" - -PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int i, ret = PAM_SUCCESS; - FILE *fp; - int debug = 0; - const char *filename = "/etc/passwd"; - char line[LINE_MAX], name[LINE_MAX]; - const char* user; - - /* process arguments */ - for(i = 0; i < argc; i++) { - if(strcmp("debug", argv[i]) == 0) { - debug = 1; - } - } - for(i = 0; i < argc; i++) { - if(strncmp("file=", argv[i], 5) == 0) { - filename = argv[i] + 5; - if(debug) { - pam_syslog (pamh, LOG_DEBUG, - "set filename to \"%s\"", - filename); - } - } - } - - /* open the file */ - fp = fopen(filename, "r"); - if(fp == NULL) { - pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m", - filename); - return PAM_SYSTEM_ERR; - } - - if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog (pamh, LOG_ERR, "user name not specified yet"); - fclose(fp); - return PAM_SYSTEM_ERR; - } - - if ((user == NULL) || (strlen(user) == 0)) { - pam_syslog (pamh, LOG_ERR, "user name not valid"); - fclose(fp); - return PAM_SYSTEM_ERR; - } - - /* scan the file, using fgets() instead of fgetpwent() because i - * don't want to mess with applications which call fgetpwent() */ - ret = PAM_PERM_DENIED; - snprintf(name, sizeof(name), "%s:", user); - i = strlen(name); - while(fgets(line, sizeof(line), fp) != NULL) { - if(debug) { - pam_syslog (pamh, LOG_DEBUG, "checking \"%s\"", line); - } - if(strncmp(name, line, i) == 0) { - ret = PAM_SUCCESS; - break; - } - } - - /* okay, we're done */ - fclose(fp); - return ret; -} - -PAM_EXTERN int -pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -PAM_EXTERN int -pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) -{ - return pam_sm_authenticate(pamh, flags, argc, argv); -} - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_localuser_modstruct = { - "pam_localuser", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif diff --git a/modules/pam_localuser/tst-pam_localuser b/modules/pam_localuser/tst-pam_localuser deleted file mode 100755 index 2bcdf6b9..00000000 --- a/modules/pam_localuser/tst-pam_localuser +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_localuser.so |