Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Make.defs~13
-rw-r--r--modules/pam_nologin/pam_nologin.c~20
-rw-r--r--modules/pam_rootok/Makefile41
-rw-r--r--modules/pam_rootok/Makefile~41
-rw-r--r--modules/pam_rootok/pam_rootok.c~31
-rw-r--r--modules/pam_rootok/pam_rootok.obin0 -> 5364 bytes
-rwxr-xr-xmodules/pam_rootok/pam_rootok.sobin0 -> 9484 bytes
-rw-r--r--modules/pam_securetty/Makefile41
-rw-r--r--modules/pam_securetty/Makefile~41
-rw-r--r--modules/pam_securetty/pam_securetty.c~70
-rw-r--r--modules/pam_securetty/pam_securetty.obin0 -> 5372 bytes
-rwxr-xr-xmodules/pam_securetty/pam_securetty.sobin0 -> 9074 bytes
-rw-r--r--modules/pam_unix/pam_unix.c~1
-rw-r--r--modules/pam_unix/pam_unix.obin0 -> 25212 bytes
-rwxr-xr-xmodules/pam_unix/pam_unix.sobin0 -> 26156 bytes
15 files changed, 299 insertions, 0 deletions
diff --git a/Make.defs~ b/Make.defs~
new file mode 100644
index 0000000..cbaea77
--- /dev/null
+++ b/Make.defs~
@@ -0,0 +1,13 @@
+#
+## Copyright (c) 2008 by Seraphim Mellos. See LICENSE.
+#
+
+CC = gcc
+LD = $(CC)
+RM = rm -f
+MKDIR = mkdir -p
+INSTALL = install -c
+CFLAGS = -Wall -g -fPIC -I../../include -I/opt/local/include -O2 -D_XOPEN_SOURCE=500 -D_SVID_SOURCE -fno-stack-protector
+LDFLAGS = -shared -L/opt/local/lib # -Wl,$(LINKEROPTS)
+LINKEROPTS =
+LDLIBS = -lpam -lcrypt
diff --git a/modules/pam_nologin/pam_nologin.c~ b/modules/pam_nologin/pam_nologin.c~
new file mode 100644
index 0000000..db95fbe
--- /dev/null
+++ b/modules/pam_nologin/pam_nologin.c~
@@ -0,0 +1,20 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#ifndef __linux__
+#include <login_cap.h>
+#endif
+
+#define PAM_SM_AUTH
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
+
+#define NOLOGIN_FILE "/etc/nologin"
+
diff --git a/modules/pam_rootok/Makefile b/modules/pam_rootok/Makefile
new file mode 100644
index 0000000..6115401
--- /dev/null
+++ b/modules/pam_rootok/Makefile
@@ -0,0 +1,41 @@
+#
+## Copyright (c) 2008 by Seraphim Mellos. See LICENSE.
+#
+
+include ../../Make.defs
+
+TITLE = pam_rootok
+PAM_SO_SUFFIX =
+LIBSHARED = $(TITLE).so$(PAM_SO_SUFFIX)
+SHLIBMODE = 755
+MAN8 = $(TITLE).8
+MANMODE = 644
+#SECUREDIR = /lib/security
+#MANDIR = /usr/share/man
+#DESTDIR =
+
+
+
+PROJ = $(LIBSHARED)
+OBJS = pam_rootok.o
+
+all:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ LDLIBS="$(LDLIBS)" $(PROJ);;\
+ FreeBSD) echo "Not yet supported.";;\
+ *) echo "OS not supported.";;\
+ esac
+
+$(LIBSHARED): $(OBJS)
+ $(LD) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(LIBSHARED)
+
+.c.o:
+ $(CC) $(CFLAGS) -c $*.c
+
+
+clean:
+ $(RM) $(PROJ) *.o
+
+
+
diff --git a/modules/pam_rootok/Makefile~ b/modules/pam_rootok/Makefile~
new file mode 100644
index 0000000..4285e98
--- /dev/null
+++ b/modules/pam_rootok/Makefile~
@@ -0,0 +1,41 @@
+#
+## Copyright (c) 2008 by Seraphim Mellos. See LICENSE.
+#
+
+include ../../Make.defs
+
+TITLE = pam_rootok
+PAM_SO_SUFFIX =
+LIBSHARED = $(TITLE).so$(PAM_SO_SUFFIX)
+SHLIBMODE = 755
+MAN8 = $(TITLE).8
+MANMODE = 644
+#SECUREDIR = /lib/security
+#MANDIR = /usr/share/man
+#DESTDIR =
+
+
+
+PROJ = $(LIBSHARED)
+OBJS = pam_unix.o
+
+all:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ LDLIBS="$(LDLIBS)" $(PROJ);;\
+ FreeBSD) echo "Not yet supported.";;\
+ *) echo "OS not supported.";;\
+ esac
+
+$(LIBSHARED): $(OBJS)
+ $(LD) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(LIBSHARED)
+
+.c.o:
+ $(CC) $(CFLAGS) -c $*.c
+
+
+clean:
+ $(RM) $(PROJ) *.o
+
+
+
diff --git a/modules/pam_rootok/pam_rootok.c~ b/modules/pam_rootok/pam_rootok.c~
new file mode 100644
index 0000000..9adec8c
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.c~
@@ -0,0 +1,31 @@
+#include <sys/cdefs.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <stdio.h>
+
+#define PAM_SM_AUTH
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags ,
+ int argc , const char *argv[] )
+{
+
+ if (getuid() == 0)
+ return (PAM_SUCCESS);
+
+ PAM_ERROR("User is not superuser");
+
+ return (PAM_AUTH_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags,
+ int argc , const char *argv[] )
+{
+
+ return (PAM_SUCCESS);
+}
diff --git a/modules/pam_rootok/pam_rootok.o b/modules/pam_rootok/pam_rootok.o
new file mode 100644
index 0000000..fbe51db
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.o
Binary files differ
diff --git a/modules/pam_rootok/pam_rootok.so b/modules/pam_rootok/pam_rootok.so
new file mode 100755
index 0000000..271d34a
--- /dev/null
+++ b/modules/pam_rootok/pam_rootok.so
Binary files differ
diff --git a/modules/pam_securetty/Makefile b/modules/pam_securetty/Makefile
new file mode 100644
index 0000000..f382e4c
--- /dev/null
+++ b/modules/pam_securetty/Makefile
@@ -0,0 +1,41 @@
+#
+## Copyright (c) 2008 by Seraphim Mellos. See LICENSE.
+#
+
+include ../../Make.defs
+
+TITLE = pam_securetty
+PAM_SO_SUFFIX =
+LIBSHARED = $(TITLE).so$(PAM_SO_SUFFIX)
+SHLIBMODE = 755
+MAN8 = $(TITLE).8
+MANMODE = 644
+#SECUREDIR = /lib/security
+#MANDIR = /usr/share/man
+#DESTDIR =
+
+
+
+PROJ = $(LIBSHARED)
+OBJS = pam_securetty.o
+
+all:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ LDLIBS="$(LDLIBS)" $(PROJ);;\
+ FreeBSD) echo "Not yet supported.";;\
+ *) echo "OS not supported.";;\
+ esac
+
+$(LIBSHARED): $(OBJS)
+ $(LD) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(LIBSHARED)
+
+.c.o:
+ $(CC) $(CFLAGS) -c $*.c
+
+
+clean:
+ $(RM) $(PROJ) *.o
+
+
+
diff --git a/modules/pam_securetty/Makefile~ b/modules/pam_securetty/Makefile~
new file mode 100644
index 0000000..6115401
--- /dev/null
+++ b/modules/pam_securetty/Makefile~
@@ -0,0 +1,41 @@
+#
+## Copyright (c) 2008 by Seraphim Mellos. See LICENSE.
+#
+
+include ../../Make.defs
+
+TITLE = pam_rootok
+PAM_SO_SUFFIX =
+LIBSHARED = $(TITLE).so$(PAM_SO_SUFFIX)
+SHLIBMODE = 755
+MAN8 = $(TITLE).8
+MANMODE = 644
+#SECUREDIR = /lib/security
+#MANDIR = /usr/share/man
+#DESTDIR =
+
+
+
+PROJ = $(LIBSHARED)
+OBJS = pam_rootok.o
+
+all:
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \
+ LDLIBS="$(LDLIBS)" $(PROJ);;\
+ FreeBSD) echo "Not yet supported.";;\
+ *) echo "OS not supported.";;\
+ esac
+
+$(LIBSHARED): $(OBJS)
+ $(LD) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(LIBSHARED)
+
+.c.o:
+ $(CC) $(CFLAGS) -c $*.c
+
+
+clean:
+ $(RM) $(PROJ) *.o
+
+
+
diff --git a/modules/pam_securetty/pam_securetty.c~ b/modules/pam_securetty/pam_securetty.c~
new file mode 100644
index 0000000..d0979de
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.c~
@@ -0,0 +1,70 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <ttyent.h>
+#include <pwd.h>
+
+
+#define PAM_SM_ACCOUNT
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
+
+#define TTY_PREFIX "/dev/"
+
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
+ int argc, const char * argv[])
+{
+ struct passwd *pwd;
+ struct ttyent *ttyinfo;
+ const char *user;
+ const char *tty;
+ int pam_err;
+
+ if ( ( (pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS )
+ || ( user == NULL ) ) {
+ PAM_ERROR("Error recovering username.");
+ return (pam_err);
+ }
+
+ if ( (pwd = getpwnam(user)) == NULL ) {
+ PAM_ERROR("Could not get passwd entry for user [%s]",user);
+ return (PAM_SERVICE_ERR);
+ }
+
+ if ( pwd->pw_uid != 0 ) {
+ /* secure tty applies only to root */
+ return (PAM_SUCCESS);
+ }
+
+ if ( (pam_err = pam_get_item(pamh, PAM_TTY,(void *) &tty) ) != PAM_SUCCESS ) {
+ return (pam_err);
+ }
+
+ if (tty != NULL && strncmp(TTY_PREFIX, tty, sizeof(TTY_PREFIX)) == 0) {
+ PAM_LOG("tty starts with " TTY_PREFIX);
+ /* skip prefix */
+ tty = (const char *)tty + sizeof(TTY_PREFIX) - 1;
+ }
+
+ /*
+ * Linux-PAM, before checking the actual tty,
+ * opens /etc/securettys to check if it's world
+ * writable or not a normal file and only continues
+ * if neither is correct. Sounds like a good idea -
+ * maybe it should be done here as well...
+ */
+
+
+ if ( tty != NULL && (ttyinfo = getttynam(tty)) != NULL &&
+ (ttyinfo->ty_status & TTY_SECURE) != 0)
+ return (PAM_SUCCESS);
+
+ PAM_ERROR("Access denied: tty%s is not secure", tty);
+ return (PAM_AUTH_ERR);
+}
+
+PAM_MODULE_ENTRY("pam_securetty");
diff --git a/modules/pam_securetty/pam_securetty.o b/modules/pam_securetty/pam_securetty.o
new file mode 100644
index 0000000..442e249
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.o
Binary files differ
diff --git a/modules/pam_securetty/pam_securetty.so b/modules/pam_securetty/pam_securetty.so
new file mode 100755
index 0000000..071e877
--- /dev/null
+++ b/modules/pam_securetty/pam_securetty.so
Binary files differ
diff --git a/modules/pam_unix/pam_unix.c~ b/modules/pam_unix/pam_unix.c~
index 9a504d0..ea1b75d 100644
--- a/modules/pam_unix/pam_unix.c~
+++ b/modules/pam_unix/pam_unix.c~
@@ -33,6 +33,7 @@
#include <security/pam_modules.h>
#include <security/pam_appl.h>
+#include <security/openpam.h>
#include <security/pam_mod_misc.h>
diff --git a/modules/pam_unix/pam_unix.o b/modules/pam_unix/pam_unix.o
new file mode 100644
index 0000000..b463d1b
--- /dev/null
+++ b/modules/pam_unix/pam_unix.o
Binary files differ
diff --git a/modules/pam_unix/pam_unix.so b/modules/pam_unix/pam_unix.so
new file mode 100755
index 0000000..a77c352
--- /dev/null
+++ b/modules/pam_unix/pam_unix.so
Binary files differ