search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix mdoc(7)/man(7) mix up.
[netbsd-mini2440.git] / lib / libpam / modules / pam_lastlog / pam_lastlog.c
blob25c3eacf07f38ad05d8ca678323fe16d6189c7f2
1 /* $NetBSD: pam_lastlog.c,v 1.12 2006/11/03 18:55:40 christos Exp $ */
2
3 /*-
4 * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
5 * The Regents of the University of California. All rights reserved.
6 * Copyright (c) 2001 Mark R V Murray
7 * All rights reserved.
8 * Copyright (c) 2001 Networks Associates Technology, Inc.
9 * All rights reserved.
10 * Copyright (c) 2004 Joe R. Doupnik
11 * All rights reserved.
12 *
13 * Portions of this software were developed for the FreeBSD Project by
14 * ThinkSec AS and NAI Labs, the Security Research Division of Network
15 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
16 * ("CBOSS"), as part of the DARPA CHATS research program.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 * 3. The name of the author may not be used to endorse or promote
27 * products derived from this software without specific prior written
28 * permission.
29 * 4. Neither the name of the University nor the names of its contributors
30 * may be used to endorse or promote products derived from this software
31 * without specific prior written permission.
32 *
33 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 * SUCH DAMAGE.
44 */
45
46 #include <sys/cdefs.h>
47 #ifdef __FreeBSD__
48 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $");
49 #else
50 __RCSID("$NetBSD: pam_lastlog.c,v 1.12 2006/11/03 18:55:40 christos Exp $");
51 #endif
52
53 #include <sys/param.h>
54
55 #include <fcntl.h>
56 #include <util.h>
57 #include <paths.h>
58 #include <pwd.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <syslog.h>
63 #include <time.h>
64 #include <unistd.h>
65 #include <stdarg.h>
66 #ifdef LOGIN_CAP
67 #include <login_cap.h>
68 #endif
69
70 #define PAM_SM_SESSION
71
72 #include <security/pam_appl.h>
73 #include <security/pam_modules.h>
74 #include <security/pam_mod_misc.h>
75
76 #ifdef SUPPORT_UTMP
77 #include <utmp.h>
78 static void doutmp(const char *, const char *, const char *,
79 const struct timeval *);
80 static void dolastlog(pam_handle_t *, int, const struct passwd *, const char *,
81 const char *, const struct timeval *);
82 #endif
83
84 #ifdef SUPPORT_UTMPX
85 #include <utmpx.h>
86 static void doutmpx(const char *, const char *, const char *,
87 const struct sockaddr_storage *ss, const struct timeval *);
88 static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *,
89 const char *, const struct sockaddr_storage *ss, const struct timeval *);
90 #endif
91
92 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
93 static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *,
94 size_t);
95 #endif
96
97 static void
98 logit(int level, const char *fmt, ...)
99 {
100 va_list ap;
101 struct syslog_data data = SYSLOG_DATA_INIT;
102
103 openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data);
104 va_start(ap, fmt);
105 vsyslog_r(level, &data, fmt, ap);
106 va_end(ap);
107 closelog_r(&data);
108 }
109
110
111 PAM_EXTERN int
112 pam_sm_open_session(pam_handle_t *pamh, int flags,
113 int argc __unused, const char *argv[] __unused)
114 {
115 struct passwd *pwd, pwres;
116 struct timeval now;
117 const char *user, *rhost, *tty, *nuser;
118 const void *vrhost, *vtty, *vss, *vnuser;
119 const struct sockaddr_storage *ss;
120 int pam_err;
121 char pwbuf[1024];
122 #ifdef LOGIN_CAP
123 login_cap_t *lc;
124 #endif
125
126 pam_err = pam_get_user(pamh, &user, NULL);
127 if (pam_err != PAM_SUCCESS)
128 return pam_err;
129
130 if (user == NULL ||
131 getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
132 pwd == NULL)
133 return PAM_SERVICE_ERR;
134
135 PAM_LOG("Got user: %s", user);
136
137 pam_err = pam_get_item(pamh, PAM_RHOST, &vrhost);
138 if (pam_err != PAM_SUCCESS)
139 goto err;
140 rhost = (const char *)vrhost;
141
142 pam_err = pam_get_item(pamh, PAM_SOCKADDR, &vss);
143 if (pam_err != PAM_SUCCESS)
144 goto err;
145 ss = (const struct sockaddr_storage *)vss;
146
147 pam_err = pam_get_item(pamh, PAM_TTY, &vtty);
148 if (pam_err != PAM_SUCCESS)
149 goto err;
150 tty = (const char *)vtty;
151
152 if (tty == NULL) {
153 pam_err = PAM_SERVICE_ERR;
154 goto err;
155 }
156
157 if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
158 nuser = NULL;
159 else
160 nuser = (const char *)vnuser;
161
162 if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
163 tty = tty + strlen(_PATH_DEV);
164
165 if (*tty == '\0') {
166 pam_err = PAM_SERVICE_ERR;
167 goto err;
168 }
169
170 (void)gettimeofday(&now, NULL);
171
172 if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
173 int quiet;
174 if ((flags & PAM_SILENT) != 0)
175 quiet = 1;
176 else {
177 #ifdef LOGIN_CAP
178 lc = login_getpwclass(pwd);
179 quiet = login_getcapbool(lc, "hushlogin", 0);
180 login_close(lc);
181 #else
182 quiet = 0;
183 #endif
184 }
185 #ifdef SUPPORT_UTMPX
186 doutmpx(user, rhost, tty, ss, &now);
187 dolastlogx(pamh, quiet, pwd, rhost, tty, ss, &now);
188 quiet = 1;
189 #endif
190 #ifdef SUPPORT_UTMP
191 doutmp(user, rhost, tty, &now);
192 dolastlog(pamh, quiet, pwd, rhost, tty, &now);
193 #endif
194 }
195 err:
196 if (openpam_get_option(pamh, "no_fail"))
197 return PAM_SUCCESS;
198 return pam_err;
199 }
200
201 PAM_EXTERN int
202 pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
203 int argc __unused, const char *argv[] __unused)
204 {
205 const void *vtty, *vnuser;
206 const char *tty, *nuser;
207
208 if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
209 nuser = NULL;
210 else
211 nuser = (const char *)vnuser;
212
213 pam_get_item(pamh, PAM_TTY, &vtty);
214 if (vtty == NULL)
215 return PAM_SERVICE_ERR;
216 tty = (const char *)vtty;
217
218 if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
219 tty = tty + strlen(_PATH_DEV);
220
221 if (*tty == '\0')
222 return PAM_SERVICE_ERR;
223
224 if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
225
226 #ifdef SUPPORT_UTMPX
227 if (logoutx(tty, 0, DEAD_PROCESS))
228 logwtmpx(tty, "", "", 0, DEAD_PROCESS);
229 else
230 logit(LOG_NOTICE, "%s(): no utmpx record for %s",
231 __func__, tty);
232 #endif
233
234 #ifdef SUPPORT_UTMP
235 if (logout(tty))
236 logwtmp(tty, "", "");
237 else
238 logit(LOG_NOTICE, "%s(): no utmp record for %s",
239 __func__, tty);
240 #endif
241 }
242 return PAM_SUCCESS;
243 }
244
245 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
246 static void
247 domsg(pam_handle_t *pamh, time_t t, const char *host, size_t hsize,
248 const char *line, size_t lsize)
249 {
250 char buf[MAXHOSTNAMELEN + 32], *promptresp = NULL;
251 int pam_err;
252
253 if (*host) {
254 (void)snprintf(buf, sizeof(buf), "from %.*s ",
255 (int)hsize, host);
256 host = buf;
257 }
258
259 pam_err = pam_prompt(pamh, PAM_TEXT_INFO, &promptresp,
260 "Last login: %.24s %son %.*s\n", ctime(&t), host, (int)lsize, line);
261
262 if (pam_err == PAM_SUCCESS && promptresp)
263 free(promptresp);
264 }
265 #endif
266
267 #ifdef SUPPORT_UTMPX
268 static void
269 doutmpx(const char *username, const char *hostname, const char *tty,
270 const struct sockaddr_storage *ss, const struct timeval *now)
271 {
272 struct utmpx utmpx;
273 const char *t;
274
275 memset((void *)&utmpx, 0, sizeof(utmpx));
276 utmpx.ut_tv = *now;
277 (void)strncpy(utmpx.ut_name, username, sizeof(utmpx.ut_name));
278 if (hostname) {
279 (void)strncpy(utmpx.ut_host, hostname, sizeof(utmpx.ut_host));
280 if (ss)
281 utmpx.ut_ss = *ss;
282 }
283 (void)strncpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line));
284 utmpx.ut_type = USER_PROCESS;
285 utmpx.ut_pid = getpid();
286 t = tty + strlen(tty);
287 if ((size_t)(t - tty) >= sizeof(utmpx.ut_id)) {
288 (void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
289 sizeof(utmpx.ut_id));
290 } else {
291 (void)strncpy(utmpx.ut_id, tty, sizeof(utmpx.ut_id));
292 }
293 if (pututxline(&utmpx) == NULL)
294 logit(LOG_NOTICE, "Cannot update utmpx %m");
295 endutxent();
296 if (updwtmpx(_PATH_WTMPX, &utmpx) != 0)
297 logit(LOG_NOTICE, "Cannot update wtmpx %m");
298 }
299
300 static void
301 dolastlogx(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
302 const char *hostname, const char *tty, const struct sockaddr_storage *ss,
303 const struct timeval *now)
304 {
305 struct lastlogx ll;
306 if (!quiet) {
307 if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL)
308 domsg(pamh, (time_t)ll.ll_tv.tv_sec, ll.ll_host,
309 sizeof(ll.ll_host), ll.ll_line,
310 sizeof(ll.ll_line));
311 }
312 ll.ll_tv = *now;
313 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
314
315 if (hostname)
316 (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
317 else
318 (void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
319
320 if (ss)
321 ll.ll_ss = *ss;
322 else
323 (void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss));
324
325 if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0)
326 logit(LOG_NOTICE, "Cannot update lastlogx %m");
327 PAM_LOG("Login recorded in %s", _PATH_LASTLOGX);
328 }
329 #endif
330
331 #ifdef SUPPORT_UTMP
332 static void
333 doutmp(const char *username, const char *hostname, const char *tty,
334 const struct timeval *now)
335 {
336 struct utmp utmp;
337
338 (void)memset((void *)&utmp, 0, sizeof(utmp));
339 utmp.ut_time = now->tv_sec;
340 (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
341 if (hostname)
342 (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
343 (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
344 login(&utmp);
345 }
346
347 static void
348 dolastlog(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
349 const char *hostname, const char *tty, const struct timeval *now)
350 {
351 struct lastlog ll;
352 int fd;
353
354 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) == -1) {
355 logit(LOG_NOTICE, "Cannot open `%s' %m", _PATH_LASTLOG);
356 return;
357 }
358 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
359
360 if (!quiet) {
361 if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
362 ll.ll_time != 0)
363 domsg(pamh, ll.ll_time, ll.ll_host,
364 sizeof(ll.ll_host), ll.ll_line,
365 sizeof(ll.ll_line));
366 (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
367 }
368
369 ll.ll_time = now->tv_sec;
370 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
371
372 if (hostname)
373 (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
374 else
375 (void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
376
377 (void)write(fd, &ll, sizeof(ll));
378 (void)close(fd);
379
380 PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
381 }
382 #endif
383
384 PAM_MODULE_ENTRY("pam_lastlog");
NetBSD on the FriendlyARM MINI2440