diff options
| author | Ian C <ianc@noddybox.co.uk> | 2025-12-05 09:01:30 +0000 |
|---|---|---|
| committer | Ian C <ianc@noddybox.co.uk> | 2025-12-05 09:01:30 +0000 |
| commit | 4e30282b85b28d56d0a0d42c8e8be93af5f3919a (patch) | |
| tree | e7b085ff0c118e26fd630b8d748998eaa8e0af2c | |
| parent | 6c7ccd0fd56de27a7987bdb2b8d3a352b39acd14 (diff) | |
| -rw-r--r-- | README | 7 | ||||
| -rw-r--r-- | pam_file.c | 17 |
2 files changed, 21 insertions, 3 deletions
@@ -2,7 +2,8 @@ Simple PAM module to check the username's existance (or lack of) in a file. To use simply call from a PAM file passing the file to check (file=) and the mode (mode=). If mode is block then a user is authenticated if they don't -exist in the file. Any other mode means the user is authenticated if they do -appear in the file, e.g. +exist in the file. Checks can be logged to syslog by supply a syslog argument. +Any other mode means the user is authenticated if they do appear in the file, +e.g. -auth required pam_file.so file=/etc/email.allow mode=allow +auth required pam_file.so file=/etc/email.allow mode=allow syslog @@ -23,6 +23,9 @@ #include <stdlib.h> #include <stdio.h> #include <string.h> + +#include <syslog.h> + #include <security/pam_appl.h> #include <security/pam_modules.h> @@ -43,8 +46,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, { static const char *file_arg="file="; static const char *mode_arg="mode="; + static const char *syslog_arg="syslog"; const char *file = NULL; const char *mode = NULL; + int do_syslog = 0; const char *user; char buff[1024]; FILE *fp; @@ -68,6 +73,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, { mode = argv[f] + strlen(mode_arg); } + + if (strcmp(syslog_arg, argv[f]) == 0) + { + do_syslog = 1; + } } if (!file && !mode) @@ -108,6 +118,13 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam, } } + if (do_syslog) + { + syslog(LOG_INFO, "pam_file %s user %s", + result == PAM_SUCCESS ? "allowed":"blocked", + user); + } + fclose(fp); return result; |