/* $NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * Copyright (c) 2001 Mark R V Murray * All rights reserved. * Copyright (c) 2001 Networks Associates Technology, Inc. * All rights reserved. * Copyright (c) 2004 Joe R. Doupnik * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $"); #else __RCSID("$NetBSD: pam_lastlog.c,v 1.15 2014/01/07 02:07:43 joerg Exp $"); #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef LOGIN_CAP #include #endif #define PAM_SM_SESSION #include #include #include #ifdef SUPPORT_UTMP #include static void doutmp(const char *, const char *, const char *, const struct timeval *); static void dolastlog(pam_handle_t *, int, const struct passwd *, const char *, const char *, const struct timeval *); #endif #ifdef SUPPORT_UTMPX #include static void doutmpx(const char *, const char *, const char *, const struct sockaddr_storage *ss, const struct timeval *); static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *, const char *, const struct sockaddr_storage *ss, const struct timeval *); #endif #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *, size_t); #endif __printflike(2, 3) static void logit(int level, const char *fmt, ...) { va_list ap; struct syslog_data data = SYSLOG_DATA_INIT; openlog_r("pam_lastlog", LOG_PID, LOG_AUTHPRIV, &data); va_start(ap, fmt); vsyslog_r(level, &data, fmt, ap); va_end(ap); closelog_r(&data); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc __unused, const char *argv[] __unused) { struct passwd *pwd, pwres; struct timeval now; const char *user, *rhost, *tty, *nuser; const void *vrhost, *vtty, *vss, *vnuser; const struct sockaddr_storage *ss; int pam_err; char pwbuf[1024]; #ifdef LOGIN_CAP login_cap_t *lc; #endif pam_err = pam_get_user(pamh, &user, NULL); if (pam_err != PAM_SUCCESS) return pam_err; if (user == NULL || getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL) return PAM_SERVICE_ERR; PAM_LOG("Got user: %s", user); pam_err = pam_get_item(pamh, PAM_RHOST, &vrhost); if (pam_err != PAM_SUCCESS) goto err; rhost = (const char *)vrhost; pam_err = pam_get_item(pamh, PAM_SOCKADDR, &vss); if (pam_err != PAM_SUCCESS) goto err; ss = (const struct sockaddr_storage *)vss; pam_err = pam_get_item(pamh, PAM_TTY, &vtty); if (pam_err != PAM_SUCCESS) goto err; tty = (const char *)vtty; if (tty == NULL) { pam_err = PAM_SERVICE_ERR; goto err; } if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS) nuser = NULL; else nuser = (const char *)vnuser; if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0) tty = tty + strlen(_PATH_DEV); if (*tty == '\0') { pam_err = PAM_SERVICE_ERR; goto err; } (void)gettimeofday(&now, NULL); if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) { int quiet; if ((flags & PAM_SILENT) != 0) quiet = 1; else { #ifdef LOGIN_CAP lc = login_getpwclass(pwd); quiet = login_getcapbool(lc, "hushlogin", 0); login_close(lc); #else quiet = 0; #endif } #ifdef SUPPORT_UTMPX doutmpx(user, rhost, tty, ss, &now); dolastlogx(pamh, quiet, pwd, rhost, tty, ss, &now); quiet = 1; #endif #ifdef SUPPORT_UTMP doutmp(user, rhost, tty, &now); dolastlog(pamh, quiet, pwd, rhost, tty, &now); #endif } err: if (openpam_get_option(pamh, "no_fail")) return PAM_SUCCESS; return pam_err; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc __unused, const char *argv[] __unused) { const void *vtty, *vnuser; const char *tty, *nuser; if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS) nuser = NULL; else nuser = (const char *)vnuser; pam_get_item(pamh, PAM_TTY, &vtty); if (vtty == NULL) return PAM_SERVICE_ERR; tty = (const char *)vtty; if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0) tty = tty + strlen(_PATH_DEV); if (*tty == '\0') return PAM_SERVICE_ERR; if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) { #ifdef SUPPORT_UTMPX if (logoutx(tty, 0, DEAD_PROCESS)) logwtmpx(tty, "", "", 0, DEAD_PROCESS); else logit(LOG_NOTICE, "%s(): no utmpx record for %s", __func__, tty); #endif #ifdef SUPPORT_UTMP if (logout(tty)) logwtmp(tty, "", ""); else logit(LOG_NOTICE, "%s(): no utmp record for %s", __func__, tty); #endif } return PAM_SUCCESS; } #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP) static void domsg(pam_handle_t *pamh, time_t t, const char *host, size_t hsize, const char *line, size_t lsize) { char buf[MAXHOSTNAMELEN + 32], *promptresp = NULL; int pam_err; if (*host) { (void)snprintf(buf, sizeof(buf), "from %.*s ", (int)hsize, host); host = buf; } pam_err = pam_prompt(pamh, PAM_TEXT_INFO, &promptresp, "Last login: %.24s %son %.*s\n", ctime(&t), host, (int)lsize, line); if (pam_err == PAM_SUCCESS && promptresp) free(promptresp); } #endif #ifdef SUPPORT_UTMPX static void doutmpx(const char *username, const char *hostname, const char *tty, const struct sockaddr_storage *ss, const struct timeval *now) { struct utmpx utmpx; const char *t; memset((void *)&utmpx, 0, sizeof(utmpx)); utmpx.ut_tv = *now; (void)strncpy(utmpx.ut_name, username, sizeof(utmpx.ut_name)); if (hostname) { (void)strncpy(utmpx.ut_host, hostname, sizeof(utmpx.ut_host)); if (ss) utmpx.ut_ss = *ss; } (void)strncpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line)); utmpx.ut_type = USER_PROCESS; utmpx.ut_pid = getpid(); t = tty + strlen(tty); if ((size_t)(t - tty) >= sizeof(utmpx.ut_id)) { (void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id), sizeof(utmpx.ut_id)); } else { (void)strncpy(utmpx.ut_id, tty, sizeof(utmpx.ut_id)); } if (pututxline(&utmpx) == NULL) logit(LOG_NOTICE, "Cannot update utmpx: %s", strerror(errno)); endutxent(); if (updwtmpx(_PATH_WTMPX, &utmpx) != 0) logit(LOG_NOTICE, "Cannot update wtmpx: %s", strerror(errno)); } static void dolastlogx(pam_handle_t *pamh, int quiet, const struct passwd *pwd, const char *hostname, const char *tty, const struct sockaddr_storage *ss, const struct timeval *now) { struct lastlogx ll; if (!quiet) { if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL) domsg(pamh, (time_t)ll.ll_tv.tv_sec, ll.ll_host, sizeof(ll.ll_host), ll.ll_line, sizeof(ll.ll_line)); } ll.ll_tv = *now; (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (hostname) (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); else (void)memset(ll.ll_host, 0, sizeof(ll.ll_host)); if (ss) ll.ll_ss = *ss; else (void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss)); if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0) logit(LOG_NOTICE, "Cannot update lastlogx: %s", strerror(errno)); PAM_LOG("Login recorded in %s", _PATH_LASTLOGX); } #endif #ifdef SUPPORT_UTMP static void doutmp(const char *username, const char *hostname, const char *tty, const struct timeval *now) { struct utmp utmp; (void)memset((void *)&utmp, 0, sizeof(utmp)); utmp.ut_time = now->tv_sec; (void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name)); if (hostname) (void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host)); (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); login(&utmp); } static void dolastlog(pam_handle_t *pamh, int quiet, const struct passwd *pwd, const char *hostname, const char *tty, const struct timeval *now) { struct lastlog ll; int fd; if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) == -1) { logit(LOG_NOTICE, "Cannot open `%s': %s", _PATH_LASTLOG, strerror(errno)); return; } (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET); if (!quiet) { if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) && ll.ll_time != 0) domsg(pamh, ll.ll_time, ll.ll_host, sizeof(ll.ll_host), ll.ll_line, sizeof(ll.ll_line)); (void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET); } ll.ll_time = now->tv_sec; (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (hostname) (void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); else (void)memset(ll.ll_host, 0, sizeof(ll.ll_host)); (void)write(fd, &ll, sizeof(ll)); (void)close(fd); PAM_LOG("Login recorded in %s", _PATH_LASTLOG); } #endif PAM_MODULE_ENTRY("pam_lastlog");