pam_file.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

/*

    pam_file - Simple PAM module to check a username in a file

    Copyright (C) 2018  Ian Cowburn (ianc@noddybox.co.uk)

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/
#define PAM_SM_AUTH

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>

static void RemoveNL(char *p)
{
    size_t l = strlen(p);

    while(l && p[l-1] == '\n')
    {
    	p[--l] = 0;
    }
}

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam,
				   int flags,
				   int argc,
				   const char *argv[])
{
    static const char *file_arg="file=";
    static const char *mode_arg="mode=";
    const char *file = NULL;
    const char *mode = NULL;
    const char *user;
    char buff[1024];
    FILE *fp;
    int block;
    int result;
    int f;

    if (pam_get_user(pam, &user, NULL) != PAM_SUCCESS || user == NULL)
    {
    	return PAM_IGNORE;
    }

    for(f = 0; f < argc; f++)
    {
    	if (strncmp(file_arg, argv[f], strlen(file_arg)) == 0)
	{
	    file = argv[f] + strlen(file_arg);
	}

    	if (strncmp(mode_arg, argv[f], strlen(mode_arg)) == 0)
	{
	    mode = argv[f] + strlen(mode_arg);
	}
    }

    if (!file && !mode)
    {
    	return PAM_IGNORE;
    }

    block = strcmp(mode, "block") == 0;

    if (!(fp = fopen(file, "r")))
    {
    	return PAM_IGNORE;
    }

    if (block)
    {
    	result = PAM_SUCCESS;
    }
    else
    {
    	result = PAM_AUTH_ERR;
    }

    while(fgets(buff, sizeof buff, fp))
    {
	RemoveNL(buff);

    	if (strcmp(buff, user) == 0)
	{
	    if (block)
	    {
	    	result = PAM_AUTH_ERR;
	    }
	    else
	    {
	    	result = PAM_SUCCESS;
	    }
	}
    }

    fclose(fp);

    return result;
}