1397fa725SMark Murray /*- 2397fa725SMark Murray * Copyright (c) 2001 Mark R V Murray 3397fa725SMark Murray * All rights reserved. 4397fa725SMark Murray * 5397fa725SMark Murray * Redistribution and use in source and binary forms, with or without 6397fa725SMark Murray * modification, are permitted provided that the following conditions 7397fa725SMark Murray * are met: 8397fa725SMark Murray * 1. Redistributions of source code must retain the above copyright 9397fa725SMark Murray * notice, this list of conditions and the following disclaimer. 10397fa725SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 11397fa725SMark Murray * notice, this list of conditions and the following disclaimer in the 12397fa725SMark Murray * documentation and/or other materials provided with the distribution. 13397fa725SMark Murray * 14397fa725SMark Murray * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15397fa725SMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16397fa725SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17397fa725SMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18397fa725SMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19397fa725SMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20397fa725SMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21397fa725SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22397fa725SMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23397fa725SMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24397fa725SMark Murray * SUCH DAMAGE. 25397fa725SMark Murray * 26397fa725SMark Murray * $FreeBSD$ 27397fa725SMark Murray */ 28397fa725SMark Murray 29397fa725SMark Murray #include <sys/types.h> 30397fa725SMark Murray #include <sys/stat.h> 31397fa725SMark Murray #include <pwd.h> 32397fa725SMark Murray #include <ttyent.h> 33397fa725SMark Murray #include <string.h> 34397fa725SMark Murray 35397fa725SMark Murray #define PAM_SM_AUTH 36397fa725SMark Murray #include <security/pam_modules.h> 37397fa725SMark Murray #include <pam_mod_misc.h> 38397fa725SMark Murray 39397fa725SMark Murray #define TTY_PREFIX "/dev/" 40397fa725SMark Murray 41397fa725SMark Murray PAM_EXTERN int 42397fa725SMark Murray pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) 43397fa725SMark Murray { 441642eb1aSMark Murray struct options options; 45397fa725SMark Murray struct ttyent *ttyfileinfo; 4634beb374SMark Murray struct passwd *pwd; 471642eb1aSMark Murray int retval; 481642eb1aSMark Murray const char *user, *ttyname; 49397fa725SMark Murray 501642eb1aSMark Murray pam_std_option(&options, NULL, argc, argv); 51397fa725SMark Murray 521642eb1aSMark Murray PAM_LOG("Options processed"); 531642eb1aSMark Murray 541642eb1aSMark Murray retval = pam_get_user(pamh, &user, NULL); 55397fa725SMark Murray if (retval != PAM_SUCCESS) 561642eb1aSMark Murray PAM_RETURN(retval); 571642eb1aSMark Murray 581642eb1aSMark Murray PAM_LOG("Got user: %s", user); 59397fa725SMark Murray 60397fa725SMark Murray retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname); 61397fa725SMark Murray if (retval != PAM_SUCCESS) 621642eb1aSMark Murray PAM_RETURN(retval); 631642eb1aSMark Murray 641642eb1aSMark Murray PAM_LOG("Got TTY: %s", ttyname); 65397fa725SMark Murray 66397fa725SMark Murray /* Ignore any "/dev/" on the PAM_TTY item */ 67397fa725SMark Murray if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0) 68397fa725SMark Murray ttyname += sizeof(TTY_PREFIX) - 1; 69397fa725SMark Murray 70397fa725SMark Murray /* If the user is not root, secure ttys do not apply */ 7134beb374SMark Murray pwd = getpwnam(user); 7234beb374SMark Murray if (pwd == NULL) 731642eb1aSMark Murray PAM_RETURN(PAM_IGNORE); 7434beb374SMark Murray else if (pwd->pw_uid != 0) 751642eb1aSMark Murray PAM_RETURN(PAM_SUCCESS); 761642eb1aSMark Murray 771642eb1aSMark Murray PAM_LOG("User is not root"); 78397fa725SMark Murray 79397fa725SMark Murray ttyfileinfo = getttynam(ttyname); 80397fa725SMark Murray if (ttyfileinfo == NULL) 811642eb1aSMark Murray PAM_RETURN(PAM_SERVICE_ERR); 821642eb1aSMark Murray 831642eb1aSMark Murray PAM_LOG("Got ttyfileinfo"); 84397fa725SMark Murray 85397fa725SMark Murray if (ttyfileinfo->ty_status & TTY_SECURE) 861642eb1aSMark Murray PAM_RETURN(PAM_SUCCESS); 8734beb374SMark Murray else { 8834beb374SMark Murray PAM_VERBOSE_ERROR("Not on secure TTY"); 891642eb1aSMark Murray PAM_RETURN(PAM_PERM_DENIED); 90397fa725SMark Murray } 9134beb374SMark Murray } 92397fa725SMark Murray 93397fa725SMark Murray PAM_EXTERN 94397fa725SMark Murray int 95397fa725SMark Murray pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) 96397fa725SMark Murray { 9734beb374SMark Murray struct options options; 9834beb374SMark Murray 9934beb374SMark Murray pam_std_option(&options, NULL, argc, argv); 10034beb374SMark Murray 10134beb374SMark Murray PAM_LOG("Options processed"); 10234beb374SMark Murray 10334beb374SMark Murray PAM_RETURN(PAM_SUCCESS); 104397fa725SMark Murray } 105397fa725SMark Murray 106397fa725SMark Murray PAM_MODULE_ENTRY("pam_securetty"); 107