aboutsummaryrefslogtreecommitdiff
path: root/libexec/rlogind
diff options
context:
space:
mode:
authorRuslan Ermilov <ru@FreeBSD.org>2000-10-12 07:18:20 +0000
committerRuslan Ermilov <ru@FreeBSD.org>2000-10-12 07:18:20 +0000
commit6f1214d91833ea199c7b4bc7a12e2bd944f6e90b (patch)
treeeb16892761afe09f2a52ed641538476139ab7854 /libexec/rlogind
parent80e3ea20974d1c10df69c86f56557e83bd986b89 (diff)
downloadsrc-6f1214d91833ea199c7b4bc7a12e2bd944f6e90b.tar.gz
src-6f1214d91833ea199c7b4bc7a12e2bd944f6e90b.zip
Notes
Diffstat (limited to 'libexec/rlogind')
-rw-r--r--libexec/rlogind/Makefile8
-rw-r--r--libexec/rlogind/auth_pam.c142
-rw-r--r--libexec/rlogind/rlogind.c24
3 files changed, 0 insertions, 174 deletions
diff --git a/libexec/rlogind/Makefile b/libexec/rlogind/Makefile
index f22df18a1bf8..5cb2e96b9531 100644
--- a/libexec/rlogind/Makefile
+++ b/libexec/rlogind/Makefile
@@ -8,12 +8,4 @@ DPADD= ${LIBUTIL}
LDADD= -lutil
CFLAGS+= -Wall -DINET6
-.if defined(NOPAM)
-CFLAGS+= -DNO_PAM
-.else
-SRCS+= auth_pam.c
-DPADD+= ${LIBPAM}
-LDADD+= ${MINUSLPAM}
-.endif
-
.include <bsd.prog.mk>
diff --git a/libexec/rlogind/auth_pam.c b/libexec/rlogind/auth_pam.c
deleted file mode 100644
index e45210783ed8..000000000000
--- a/libexec/rlogind/auth_pam.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*-
- * Copyright (c) 1999 John Polstra
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-#include <paths.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-/*
- * Attempt to authenticate the user using PAM. Returns 0 if the user is
- * authenticated, or 1 if not authenticated. If some sort of PAM system
- * error occurs (e.g., the "/etc/pam.conf" file is missing) then this
- * function returns -1. This can be used as an indication that we should
- * fall back to a different authentication mechanism.
- */
-
-int
-auth_pam(char *username)
-{
- struct passwd *pawd;
- pam_handle_t *pamh = NULL;
- const char *tmpl_user;
- const void *item;
- int rval;
- char *tty, *ttyn;
- char hostname[MAXHOSTNAMELEN];
- char tname[sizeof(_PATH_TTY) + 10];
- int e;
-
- static struct pam_conv conv = { misc_conv, NULL };
-
- ttyn = ttyname(STDIN_FILENO);
-
- if (ttyn == NULL || *ttyn == '\0') {
- (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
- ttyn = tname;
- }
- if ((tty = strrchr(ttyn, '/')) != NULL)
- ++tty;
- else
- tty = ttyn;
-
- rval = gethostname(hostname, sizeof(hostname));
-
- if (rval < 0) {
- syslog(LOG_ERR, "auth_pam: Failed to resolve local hostname");
- return -1;
- }
- if ((e = pam_start("rshd", username, &conv, &pamh)) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e));
- return -1;
- }
- if ((e = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_set_item(PAM_TTY): %s",
- pam_strerror(pamh, e));
- return -1;
- }
- if (hostname != NULL &&
- (e = pam_set_item(pamh,PAM_RHOST, hostname)) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
- pam_strerror(pamh, e));
- return -1;
- }
-
- e = pam_authenticate(pamh, 0);
-
- switch (e) {
- case PAM_SUCCESS:
- /*
- * With PAM we support the concept of a "template"
- * user. The user enters a login name which is
- * authenticated by PAM, usually via a remote service
- * such as RADIUS or TACACS+. If authentication
- * succeeds, a different but related "template" name
- * is used for setting the credentials, shell, and
- * home directory. The name the user enters need only
- * exist on the remote authentication server, but the
- * template name must be present in the local password
- * database.
- *
- * This is supported by two various mechanisms in the
- * individual modules. However, from the application's
- * point of view, the template user is always passed
- * back as a changed value of the PAM_USER item.
- */
- if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
- PAM_SUCCESS) {
- tmpl_user = (const char *) item;
- if (strcmp(username, tmpl_user) != 0)
- pawd = getpwnam(tmpl_user);
- } else
- syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e));
- rval = 0;
- break;
-
- case PAM_AUTH_ERR:
- case PAM_USER_UNKNOWN:
- case PAM_MAXTRIES:
- rval = 1;
- break;
-
- default:
- syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e));
- rval = -1;
- break;
- }
- if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
- rval = -1;
- }
- return rval;
-}
diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index eec34e752579..46833a6b3592 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -80,10 +80,6 @@ static const char rcsid[] =
#include <unistd.h>
#include "pathnames.h"
-#ifndef NO_PAM
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-#endif
#ifndef TIOCPKT_WINDOW
#define TIOCPKT_WINDOW 0x80
@@ -131,9 +127,6 @@ void setup_term __P((int));
int do_krb_login __P((struct sockaddr_in *));
void usage __P((void));
-#ifndef NO_PAM
-extern int auth_pam __P((char *));
-#endif
int
main(argc, argv)
@@ -570,28 +563,11 @@ int
do_rlogin(dest)
union sockunion *dest;
{
-#ifndef NO_PAM
- int retval;
-#endif
getstr(rusername, sizeof(rusername), "remuser too long");
getstr(lusername, sizeof(lusername), "locuser too long");
getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
-#ifndef NO_PAM
- retval = auth_pam(lusername);
-
- if (retval) {
- if (retval == -1) {
- syslog(LOG_ERR, "PAM authentication failed");
- }
- else {
- syslog(LOG_ERR,
- "User %s failed PAM authentication", lusername);
- exit(1);
- }
- }
-#endif
pwd = getpwnam(lusername);
if (pwd == NULL)
return (-1);