106 lines
2.6 KiB
C
106 lines
2.6 KiB
C
/*
|
|
* CDE - Common Desktop Environment
|
|
*
|
|
* Copyright (c) 1993-2012, The Open Group. All rights reserved.
|
|
*
|
|
* These libraries and programs are free software; you can
|
|
* redistribute them and/or modify them under the terms of the GNU
|
|
* Lesser General Public License as published by the Free Software
|
|
* Foundation; either version 2 of the License, or (at your option)
|
|
* any later version.
|
|
*
|
|
* These libraries and programs are distributed in the hope that
|
|
* they will be useful, but WITHOUT ANY WARRANTY; without even the
|
|
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
* PURPOSE. See the GNU Lesser General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with these libraries and programs; if not, write
|
|
* to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
|
|
* Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
/* $XConsortium: rhosts_auth.c /main/5 1996/05/09 04:29:04 drk $ */
|
|
|
|
/*
|
|
* Copyright (c) 1992-1995, by Sun Microsystems, Inc.
|
|
* All rights reserved.
|
|
*/
|
|
|
|
#ident "@(#)rhosts_auth.c 1.19 96/02/02 SMI"
|
|
|
|
#include "unix_headers.h"
|
|
|
|
/*
|
|
* pam_sm_auth_netuser - Checks if the user is allowed remote access
|
|
*/
|
|
|
|
int
|
|
pam_sm_authenticate(
|
|
pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
char *host = NULL, *lusername = NULL;
|
|
struct passwd pwd;
|
|
char pwd_buffer[1024];
|
|
int is_superuser;
|
|
char *rusername;
|
|
int err;
|
|
int i;
|
|
int debug = 0;
|
|
|
|
for (i = 0; i < argc; i++) {
|
|
if (strcasecmp(argv[i], "debug") == 0)
|
|
debug = 1;
|
|
else
|
|
syslog(LOG_DEBUG, "illegal option %s", argv[i]);
|
|
}
|
|
|
|
if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS)
|
|
return (PAM_SERVICE_ERR);
|
|
if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS)
|
|
return (PAM_SERVICE_ERR);
|
|
if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS)
|
|
return (PAM_SERVICE_ERR);
|
|
|
|
if (debug) {
|
|
syslog(LOG_DEBUG,
|
|
"rhosts authenticate: user = %s, host = %s",
|
|
lusername, host);
|
|
}
|
|
|
|
if (getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer))
|
|
== NULL)
|
|
return (PAM_USER_UNKNOWN);
|
|
|
|
/*
|
|
* RHOST may not be set due to unknown USER or reset by previous
|
|
* authentication failure.
|
|
*/
|
|
if ((rusername == NULL) || (rusername[0] == '\0'))
|
|
return (PAM_AUTH_ERR);
|
|
|
|
if (pwd.pw_uid == 0)
|
|
is_superuser = 1;
|
|
else
|
|
is_superuser = 0;
|
|
|
|
return (ruserok(host, is_superuser, rusername, lusername)
|
|
== -1 ? PAM_AUTH_ERR : PAM_SUCCESS);
|
|
|
|
}
|
|
|
|
/*
|
|
* dummy pam_sm_setcred - does nothing
|
|
*/
|
|
pam_sm_setcred(
|
|
pam_handle_t *pamh,
|
|
int flags,
|
|
int argc,
|
|
const char **argv)
|
|
{
|
|
return (PAM_SUCCESS);
|
|
}
|