xref: /illumos-gate/usr/src/lib/pam_modules/unix_session/unix_session.c (revision 24da5b34f49324ed742a340010ed5bd3d4e06625)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <strings.h>
30 #include <sys/types.h>
31 #include <sys/wait.h>
32 #include <sys/stat.h>
33 #include <fcntl.h>
34 #include <stdlib.h>
35 #include <security/pam_appl.h>
36 #include <security/pam_modules.h>
37 #include <security/pam_impl.h>
38 #include <syslog.h>
39 #include <pwd.h>
40 #include <shadow.h>
41 #include <lastlog.h>
42 #include <ctype.h>
43 #include <unistd.h>
44 #include <stdlib.h>
45 #include <stdio.h>
46 #include <libintl.h>
47 #include <signal.h>
48 #include <thread.h>
49 #include <synch.h>
50 #include <errno.h>
51 #include <time.h>
52 #include <string.h>
53 #include <crypt.h>
54 #include <assert.h>
55 #include <nss_dbdefs.h>
56 
57 #define	LASTLOG		"/var/adm/lastlog"
58 
59 /*
60  * pam_sm_close_session	- Terminate a PAM authenticated session
61  */
62 /*ARGSUSED*/
63 int
64 pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
65 	const char **argv)
66 {
67 	int	i;
68 	int	debug = 0;
69 
70 	for (i = 0; i < argc; i++) {
71 		if (strcasecmp(argv[i], "debug") == 0)
72 			debug = 1;
73 		else
74 			syslog(LOG_ERR, "illegal option %s", argv[i]);
75 	}
76 
77 	if (debug)
78 		syslog(LOG_DEBUG,
79 		    "pam_unix_session: inside pam_sm_close_session()");
80 
81 	return (PAM_SUCCESS);
82 }
83 
84 /*ARGSUSED*/
85 int
86 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
87 	const char **argv)
88 {
89 	int	error;
90 	char    *ttyn, *rhost, *user;
91 	int	fdl;
92 	struct lastlog  newll;
93 	struct passwd pwd;
94 	char    buffer[NSS_BUFLEN_PASSWD];
95 	int	i;
96 	int	debug = 0;
97 	offset_t	offset;
98 	time_t  cur_time;
99 
100 	for (i = 0; i < argc; i++) {
101 		if (strcasecmp(argv[i], "debug") == 0)
102 			debug = 1;
103 		else
104 			syslog(LOG_ERR, "illegal option %s", argv[i]);
105 	}
106 
107 	if (debug)
108 		syslog(LOG_DEBUG,
109 		    "pam_unix_session: inside pam_sm_open_session()");
110 
111 	if ((error = pam_get_item(pamh, PAM_TTY, (void **)&ttyn))
112 	    != PAM_SUCCESS ||
113 	    (error = pam_get_item(pamh, PAM_USER, (void **)&user))
114 	    != PAM_SUCCESS ||
115 	    (error = pam_get_item(pamh, PAM_RHOST, (void **)&rhost))
116 	    != PAM_SUCCESS) {
117 		return (error);
118 	}
119 
120 	if (user == NULL || *user == '\0')
121 		return (PAM_USER_UNKNOWN);
122 
123 	/* report error if ttyn not set */
124 	if (ttyn == NULL)
125 		return (PAM_SESSION_ERR);
126 
127 	if (getpwnam_r(user, &pwd, buffer, sizeof (buffer)) == NULL) {
128 		return (PAM_USER_UNKNOWN);
129 	}
130 
131 	if ((fdl = open(LASTLOG, O_RDWR|O_CREAT|O_DSYNC, 0444)) >= 0) {
132 		/*
133 		 * The value of lastlog is read by the UNIX
134 		 * account management module
135 		 */
136 		offset = (offset_t)pwd.pw_uid *
137 		    (offset_t)sizeof (struct lastlog);
138 
139 		if (llseek(fdl, offset, SEEK_SET) != offset) {
140 			syslog(LOG_ERR,
141 			    "pam_unix_session: Can't update lastlog: uid %d "
142 			    "too large", pwd.pw_uid);
143 			(void) close(fdl);
144 			return (PAM_SUCCESS);
145 		}
146 		/*
147 		 * use time32_t in case of _LP64
148 		 * since it's written in lastlog.h
149 		 */
150 		(void) time(&cur_time);
151 
152 		bzero((char *)&newll, sizeof (struct lastlog));
153 #ifdef _LP64
154 		newll.ll_time = (time32_t)cur_time;
155 #else
156 		newll.ll_time = cur_time;
157 #endif
158 		if ((strncmp(ttyn, "/dev/", 5) == 0)) {
159 			(void) strlcpy(newll.ll_line,
160 			    (ttyn + sizeof ("/dev/")-1),
161 			    sizeof (newll.ll_line));
162 		} else {
163 			(void) strlcpy(newll.ll_line, ttyn,
164 			    sizeof (newll.ll_line));
165 		}
166 		if (rhost != NULL) {
167 			(void) strlcpy(newll.ll_host, rhost,
168 			    sizeof (newll.ll_host));
169 		}
170 		if (debug) {
171 			char	buf[26];
172 
173 			(void) ctime_r((const time_t *)&cur_time, buf,
174 			    sizeof (buf));
175 			buf[24] = '\000';
176 			syslog(LOG_DEBUG, "pam_unix_session: "
177 			    "user = %s, time = %s, tty = %s, host = %s.",
178 			    user, buf, newll.ll_line, newll.ll_host);
179 		}
180 		if (write(fdl, (char *)&newll, sizeof (newll))
181 		    != sizeof (newll))
182 			syslog(LOG_ERR, "pam_unix_session: Can't write "
183 			    "lastlog: uid %d: %m", pwd.pw_uid);
184 		if (close(fdl) != 0)
185 			syslog(LOG_ERR, "pam_unix_session: Can't close "
186 			    "lastlog: uid %d: %m", pwd.pw_uid);
187 	}
188 	return (PAM_SUCCESS);
189 }
190