xref: /freebsd/lib/libpam/modules/pam_securetty/pam_securetty.c (revision 397fa7252147b78a5fc6579ed483809f9f254d0d) 
1397fa725SMark Murray /*-
2397fa725SMark Murray  * Copyright (c) 2001 Mark R V Murray
3397fa725SMark Murray  * All rights reserved.
4397fa725SMark Murray  *
5397fa725SMark Murray  * Redistribution and use in source and binary forms, with or without
6397fa725SMark Murray  * modification, are permitted provided that the following conditions
7397fa725SMark Murray  * are met:
8397fa725SMark Murray  * 1. Redistributions of source code must retain the above copyright
9397fa725SMark Murray  *    notice, this list of conditions and the following disclaimer.
10397fa725SMark Murray  * 2. Redistributions in binary form must reproduce the above copyright
11397fa725SMark Murray  *    notice, this list of conditions and the following disclaimer in the
12397fa725SMark Murray  *    documentation and/or other materials provided with the distribution.
13397fa725SMark Murray  *
14397fa725SMark Murray  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15397fa725SMark Murray  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16397fa725SMark Murray  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17397fa725SMark Murray  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18397fa725SMark Murray  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19397fa725SMark Murray  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20397fa725SMark Murray  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21397fa725SMark Murray  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22397fa725SMark Murray  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23397fa725SMark Murray  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24397fa725SMark Murray  * SUCH DAMAGE.
25397fa725SMark Murray  *
26397fa725SMark Murray  * $FreeBSD$
27397fa725SMark Murray  */
28397fa725SMark Murray 
29397fa725SMark Murray #include <sys/types.h>
30397fa725SMark Murray #include <sys/stat.h>
31397fa725SMark Murray #include <pwd.h>
32397fa725SMark Murray #include <ttyent.h>
33397fa725SMark Murray #include <string.h>
34397fa725SMark Murray 
35397fa725SMark Murray #define PAM_SM_AUTH
36397fa725SMark Murray #include <security/pam_modules.h>
37397fa725SMark Murray #include <pam_mod_misc.h>
38397fa725SMark Murray 
39397fa725SMark Murray #define TTY_PREFIX	"/dev/"
40397fa725SMark Murray 
41397fa725SMark Murray PAM_EXTERN int
42397fa725SMark Murray pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
43397fa725SMark Murray {
44397fa725SMark Murray 	struct ttyent  *ttyfileinfo;
45397fa725SMark Murray 	struct passwd  *user_pwd;
46397fa725SMark Murray 	int             i, options, retval;
47397fa725SMark Murray 	const char     *username, *ttyname;
48397fa725SMark Murray 
49397fa725SMark Murray 	options = 0;
50397fa725SMark Murray 	for (i = 0; i < argc; i++)
51397fa725SMark Murray 		pam_std_option(&options, argv[i]);
52397fa725SMark Murray 
53397fa725SMark Murray 	retval = pam_get_user(pamh, &username, NULL);
54397fa725SMark Murray 	if (retval != PAM_SUCCESS)
55397fa725SMark Murray 		return retval;
56397fa725SMark Murray 
57397fa725SMark Murray 	retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname);
58397fa725SMark Murray 	if (retval != PAM_SUCCESS)
59397fa725SMark Murray 		return retval;
60397fa725SMark Murray 
61397fa725SMark Murray 	/* Ignore any "/dev/" on the PAM_TTY item */
62397fa725SMark Murray 	if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0)
63397fa725SMark Murray 		ttyname += sizeof(TTY_PREFIX) - 1;
64397fa725SMark Murray 
65397fa725SMark Murray 	/* If the user is not root, secure ttys do not apply */
66397fa725SMark Murray 	user_pwd = getpwnam(username);
67397fa725SMark Murray 	if (user_pwd == NULL)
68397fa725SMark Murray 		return PAM_IGNORE;
69397fa725SMark Murray 	else if (user_pwd->pw_uid != 0)
70397fa725SMark Murray 		return PAM_SUCCESS;
71397fa725SMark Murray 
72397fa725SMark Murray 	ttyfileinfo = getttynam(ttyname);
73397fa725SMark Murray 	if (ttyfileinfo == NULL)
74397fa725SMark Murray 		return PAM_SERVICE_ERR;
75397fa725SMark Murray 
76397fa725SMark Murray 	if (ttyfileinfo->ty_status & TTY_SECURE)
77397fa725SMark Murray 		return PAM_SUCCESS;
78397fa725SMark Murray 	else
79397fa725SMark Murray 		return PAM_PERM_DENIED;
80397fa725SMark Murray }
81397fa725SMark Murray 
82397fa725SMark Murray PAM_EXTERN
83397fa725SMark Murray int
84397fa725SMark Murray pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
85397fa725SMark Murray {
86397fa725SMark Murray 	return PAM_SUCCESS;
87397fa725SMark Murray }
88397fa725SMark Murray 
89397fa725SMark Murray /* end of module definition */
90397fa725SMark Murray 
91397fa725SMark Murray PAM_MODULE_ENTRY("pam_securetty");
92