xref: /freebsd/lib/libpam/modules/pam_lastlog/pam_lastlog.c (revision eacee0ff7ec955b32e09515246bd97b6edcd2b0f) 
1 /*-
2  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  * Copyright (c) 2001 Mark R V Murray
5  * All rights reserved.
6  * Copyright (c) 2001 Networks Associates Technologies, Inc.
7  * All rights reserved.
8  *
9  * Portions of this software were developed for the FreeBSD Project by
10  * ThinkSec AS and NAI Labs, the Security Research Division of Network
11  * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
12  * ("CBOSS"), as part of the DARPA CHATS research program.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  * 1. Redistributions of source code must retain the above copyright
18  *    notice, this list of conditions and the following disclaimer.
19  * 2. Redistributions in binary form must reproduce the above copyright
20  *    notice, this list of conditions and the following disclaimer in the
21  *    documentation and/or other materials provided with the distribution.
22  * 3. The name of the author may not be used to endorse or promote
23  *    products derived from this software without specific prior written
24  *    permission.
25  * 4. Neither the name of the University nor the names of its contributors
26  *    may be used to endorse or promote products derived from this software
27  *    without specific prior written permission.
28  *
29  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39  * SUCH DAMAGE.
40  */
41 
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD$");
44 
45 #define _BSD_SOURCE
46 
47 #include <sys/param.h>
48 
49 #include <fcntl.h>
50 #include <libutil.h>
51 #include <pwd.h>
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #include <syslog.h>
56 #include <time.h>
57 #include <unistd.h>
58 #include <utmp.h>
59 
60 #define PAM_SM_AUTH
61 #define PAM_SM_ACCOUNT
62 #define PAM_SM_SESSION
63 #define PAM_SM_PASSWORD
64 
65 #include <security/pam_appl.h>
66 #include <security/pam_modules.h>
67 #include <security/pam_mod_misc.h>
68 
69 extern int login_access(const char *, const char *);
70 
71 PAM_EXTERN int
72 pam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
73 {
74 	struct options options;
75 
76 	pam_std_option(&options, NULL, argc, argv);
77 
78 	PAM_LOG("Options processed");
79 
80 	PAM_RETURN(PAM_IGNORE);
81 }
82 
83 PAM_EXTERN int
84 pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
85 {
86 	struct options options;
87 
88 	pam_std_option(&options, NULL, argc, argv);
89 
90 	PAM_LOG("Options processed");
91 
92 	PAM_RETURN(PAM_IGNORE);
93 }
94 
95 PAM_EXTERN int
96 pam_sm_acct_mgmt(pam_handle_t *pamh __unused, int flags __unused, int argc ,const char **argv)
97 {
98 	struct options options;
99 
100 	pam_std_option(&options, NULL, argc, argv);
101 
102 	PAM_LOG("Options processed");
103 
104 	PAM_RETURN(PAM_IGNORE);
105 }
106 
107 PAM_EXTERN int
108 pam_sm_chauthtok(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
109 {
110 	struct options options;
111 
112 	pam_std_option(&options, NULL, argc, argv);
113 
114 	PAM_LOG("Options processed");
115 
116 	PAM_RETURN(PAM_IGNORE);
117 }
118 
119 PAM_EXTERN int
120 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
121 {
122 	struct options options;
123 	struct passwd *pwd;
124 	struct utmp utmp;
125 	struct lastlog ll;
126 	const char *rhost, *user, *tty;
127 	char *buf;
128 	off_t llpos;
129 	int fd, pam_err;
130 
131 	pam_std_option(&options, NULL, argc, argv);
132 
133 	PAM_LOG("Options processed");
134 
135 	pam_err = pam_get_item(pamh, PAM_USER, (const void **)&user);
136 	if (pam_err != PAM_SUCCESS)
137 		PAM_RETURN(pam_err);
138 	if (user == NULL || (pwd = getpwnam(user)) == NULL)
139 		PAM_RETURN(PAM_SERVICE_ERR);
140 	PAM_LOG("Got user: %s", user);
141 
142 	pam_err = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
143 	if (pam_err != PAM_SUCCESS)
144 		PAM_RETURN(pam_err);
145 
146 	pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
147 	if (pam_err != PAM_SUCCESS)
148 		PAM_RETURN(pam_err);
149 	if (tty == NULL)
150 		PAM_RETURN(PAM_SERVICE_ERR);
151 
152 	fd = open(_PATH_LASTLOG, O_RDWR, 0);
153 	if (fd == -1) {
154 		syslog(LOG_ERR, "cannot open %s: %m", _PATH_LASTLOG);
155 		PAM_RETURN(PAM_SERVICE_ERR);
156 	}
157 
158 	/*
159 	 * Record session in lastlog(5).
160 	 */
161 	llpos = (off_t)(pwd->pw_uid * sizeof(ll));
162 	if (lseek(fd, llpos, L_SET) != llpos)
163 		goto file_err;
164 	if ((flags & PAM_SILENT) == 0) {
165 		if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
166 		    ll.ll_time != 0) {
167 			asprintf(&buf, "Last login: %.*s ", 24 - 5,
168 			    ctime(&ll.ll_time));
169 			if (buf != NULL) {
170 				pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL);
171 				free(buf);
172 			}
173 			if (*ll.ll_host != '\0')
174 				asprintf(&buf, "from %.*s\n",
175 				    (int)sizeof(ll.ll_host), ll.ll_host);
176 			else
177 				asprintf(&buf, "on %.*s\n",
178 				    (int)sizeof(ll.ll_line), ll.ll_line);
179 			if (buf != NULL) {
180 				pam_prompt(pamh, PAM_TEXT_INFO, buf, NULL);
181 				free(buf);
182 			}
183 		}
184 		if (lseek(fd, llpos, L_SET) != llpos)
185 			goto file_err;
186 	}
187 
188 	bzero(&ll, sizeof(ll));
189 	time(&ll.ll_time);
190 
191 	/* note: does not need to be NUL-terminated */
192 	strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
193 	if (rhost != NULL)
194 		/* note: does not need to be NUL-terminated */
195 		strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
196 
197 	if (write(fd, (char *)&ll, sizeof(ll)) != sizeof(ll) || close(fd) != 0)
198 		goto file_err;
199 
200 	PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
201 
202 	/*
203 	 * Record session in utmp(5) and wtmp(5).
204 	 */
205 	bzero(&utmp, sizeof(utmp));
206 	time(&utmp.ut_time);
207 	/* note: does not need to be NUL-terminated */
208 	strncpy(utmp.ut_name, user, sizeof(utmp.ut_name));
209 	if (rhost != NULL)
210 		strncpy(utmp.ut_host, rhost, sizeof(utmp.ut_host));
211 	(void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
212 	login(&utmp);
213 
214 	PAM_RETURN(PAM_IGNORE);
215 
216  file_err:
217 	syslog(LOG_ERR, "%s: %m", _PATH_LASTLOG);
218 	close(fd);
219 	PAM_RETURN(PAM_SERVICE_ERR);
220 }
221 
222 PAM_EXTERN int
223 pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
224 {
225 	struct options options;
226 
227 	pam_std_option(&options, NULL, argc, argv);
228 
229 	PAM_LOG("Options processed");
230 
231 	PAM_RETURN(PAM_SUCCESS);
232 }
233 
234 PAM_MODULE_ENTRY("pam_lastlog");
235