diff options
author | Guido Guenther <agx@sigxcpu.org> | 2007-04-27 21:55:19 +0200 |
---|---|---|
committer | Guido Guenther <agx@bogon.sigxcpu.org> | 2007-04-27 21:55:19 +0200 |
commit | bd02f5e6d2b0599b5768b0b7205621f517070d49 (patch) | |
tree | 4342f2c63f628416a22768ece254e49535f85d03 /pam_naming.c |
Import version 0.1upstream/0.1upstream
Diffstat (limited to 'pam_naming.c')
-rw-r--r-- | pam_naming.c | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/pam_naming.c b/pam_naming.c new file mode 100644 index 0000000..75d2ae8 --- /dev/null +++ b/pam_naming.c @@ -0,0 +1,116 @@ +/* pam_naming module */ + +/* + * (c) 2005 Guido Guenther <agx@sigxcpu.org> + * + * TODO: threadsafety for pcre functions + */ + +#define _BSD_SOURCE + +#include <stdio.h> +#include <unistd.h> +#include <syslog.h> +#include <stdarg.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <pcre.h> + +/* + * here, we make a definition for the externally accessible function + * in this file (this definition is required for static a module + * but strongly encouraged generally) it is used to instruct the + * modules include file to define the function prototypes. + */ + +#define PAM_SM_AUTH + +#include <security/pam_modules.h> + + +static void _pam_log(int err, const char *format, ...) +{ + va_list args; + + va_start(args, format); + openlog("PAM-naming", LOG_CONS|LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + + +static int check_naming(pam_handle_t *pamh, int argc, const char* argv[]) +{ + pcre *re = NULL; + int ret=PAM_SUCCESS, i; + const char* user; + const char* regex=NULL; + const char *error = NULL; + int erroffset; + + for (i = 0; i < argc; i++) { + if (!strncmp (argv[i], "regex=", 5)) + regex = argv[i] + 6; + else + _pam_log(LOG_ERR, "illegal option %s", argv[i]); + ret=PAM_SYSTEM_ERR; + } + if(regex==NULL) { + _pam_log(LOG_ERR, "regex argument missing"); + goto out; + } + if((ret=pam_get_item(pamh, PAM_USER, (const void **)&user)) != PAM_SUCCESS) { + _pam_log(LOG_ERR, "Couldnt retrieve username"); + goto out; + } + re = pcre_compile(regex, 0, &error, &erroffset, NULL); + if(!re) { + _pam_log(LOG_ERR, "Error in regex \"%s\" at %d: %s", regex, erroffset, error); + ret=PAM_SYSTEM_ERR; + goto out; + } + if(pcre_exec(re, NULL , user, strlen(user), 0, 0, NULL, 0) == -1) { + _pam_log(LOG_INFO, "%s didn\'t match %s", user, regex); + ret=PAM_USER_UNKNOWN; + } + /* Success */ +out: + if(re) + pcre_free(re); + return ret; +} + +/* --- authentication management functions (only) --- */ + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return check_naming(pamh, argc, argv); +} + +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return PAM_SUCCESS; +} + + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_warn_modstruct = { + "pam_exec", + pam_sm_authenticate, + pam_sm_setcred, +}; + +#endif + +/* end of module definition */ |