xref: /freebsd/lib/libpam/modules/pam_securetty/pam_securetty.c (revision 6990ffd8a95caaba6858ad44ff1b3157d1efba8f) 
1 /*-
2  * Copyright (c) 2001 Mark R V Murray
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  * $FreeBSD$
27  */
28 
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <pwd.h>
32 #include <ttyent.h>
33 #include <string.h>
34 
35 #define PAM_SM_AUTH
36 #include <security/pam_modules.h>
37 #include <pam_mod_misc.h>
38 
39 #define TTY_PREFIX	"/dev/"
40 
41 PAM_EXTERN int
42 pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
43 {
44 	struct options options;
45 	struct ttyent *ttyfileinfo;
46 	struct passwd *pwd;
47 	int retval;
48 	const char *user, *ttyname;
49 
50 	pam_std_option(&options, NULL, argc, argv);
51 
52 	PAM_LOG("Options processed");
53 
54 	retval = pam_get_user(pamh, &user, NULL);
55 	if (retval != PAM_SUCCESS)
56 		PAM_RETURN(retval);
57 
58 	PAM_LOG("Got user: %s", user);
59 
60 	retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname);
61 	if (retval != PAM_SUCCESS)
62 		PAM_RETURN(retval);
63 
64 	PAM_LOG("Got TTY: %s", ttyname);
65 
66 	/* Ignore any "/dev/" on the PAM_TTY item */
67 	if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0)
68 		ttyname += sizeof(TTY_PREFIX) - 1;
69 
70 	/* If the user is not root, secure ttys do not apply */
71 	pwd = getpwnam(user);
72 	if (pwd == NULL)
73 		PAM_RETURN(PAM_IGNORE);
74 	else if (pwd->pw_uid != 0)
75 		PAM_RETURN(PAM_SUCCESS);
76 
77 	PAM_LOG("User is not root");
78 
79 	ttyfileinfo = getttynam(ttyname);
80 	if (ttyfileinfo == NULL)
81 		PAM_RETURN(PAM_SERVICE_ERR);
82 
83 	PAM_LOG("Got ttyfileinfo");
84 
85 	if (ttyfileinfo->ty_status & TTY_SECURE)
86 		PAM_RETURN(PAM_SUCCESS);
87 	else {
88 		PAM_VERBOSE_ERROR("Not on secure TTY");
89 		PAM_RETURN(PAM_PERM_DENIED);
90 	}
91 }
92 
93 PAM_EXTERN
94 int
95 pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
96 {
97 	struct options options;
98 
99 	pam_std_option(&options, NULL, argc, argv);
100 
101 	PAM_LOG("Options processed");
102 
103 	PAM_RETURN(PAM_SUCCESS);
104 }
105 
106 PAM_MODULE_ENTRY("pam_securetty");
107