xref: /netbsd-src/lib/libpam/modules/pam_lastlog/pam_lastlog.c (revision e5548b402ae4c44fb816de42c7bba9581ce23ef5) 
1 /*	$NetBSD: pam_lastlog.c,v 1.8 2005/04/19 03:15:35 christos Exp $	*/
2 
3 /*-
4  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  * Copyright (c) 2001 Mark R V Murray
7  * All rights reserved.
8  * Copyright (c) 2001 Networks Associates Technology, Inc.
9  * All rights reserved.
10  * Copyright (c) 2004 Joe R. Doupnik
11  * All rights reserved.
12  *
13  * Portions of this software were developed for the FreeBSD Project by
14  * ThinkSec AS and NAI Labs, the Security Research Division of Network
15  * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
16  * ("CBOSS"), as part of the DARPA CHATS research program.
17  *
18  * Redistribution and use in source and binary forms, with or without
19  * modification, are permitted provided that the following conditions
20  * are met:
21  * 1. Redistributions of source code must retain the above copyright
22  *    notice, this list of conditions and the following disclaimer.
23  * 2. Redistributions in binary form must reproduce the above copyright
24  *    notice, this list of conditions and the following disclaimer in the
25  *    documentation and/or other materials provided with the distribution.
26  * 3. The name of the author may not be used to endorse or promote
27  *    products derived from this software without specific prior written
28  *    permission.
29  * 4. Neither the name of the University nor the names of its contributors
30  *    may be used to endorse or promote products derived from this software
31  *    without specific prior written permission.
32  *
33  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
34  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
37  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43  * SUCH DAMAGE.
44  */
45 
46 #include <sys/cdefs.h>
47 #ifdef __FreeBSD__
48 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $");
49 #else
50 __RCSID("$NetBSD: pam_lastlog.c,v 1.8 2005/04/19 03:15:35 christos Exp $");
51 #endif
52 
53 #include <sys/param.h>
54 
55 #include <fcntl.h>
56 #include <util.h>
57 #include <paths.h>
58 #include <pwd.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <syslog.h>
63 #include <time.h>
64 #include <unistd.h>
65 #ifdef LOGIN_CAP
66 #include <login_cap.h>
67 #endif
68 
69 #define PAM_SM_SESSION
70 
71 #include <security/pam_appl.h>
72 #include <security/pam_modules.h>
73 #include <security/pam_mod_misc.h>
74 
75 #ifdef SUPPORT_UTMP
76 #include <utmp.h>
77 static void doutmp(const char *, const char *, const char *,
78     const struct timeval *);
79 static void dolastlog(pam_handle_t *, int, const struct passwd *, const char *,
80     const char *, const struct timeval *);
81 #endif
82 
83 #ifdef SUPPORT_UTMPX
84 #include <utmpx.h>
85 static void doutmpx(const char *, const char *, const char *,
86     const struct sockaddr_storage *ss, const struct timeval *);
87 static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *,
88     const char *, const struct sockaddr_storage *ss, const struct timeval *);
89 #endif
90 
91 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
92 static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *,
93     size_t);
94 #endif
95 
96 PAM_EXTERN int
97 pam_sm_open_session(pam_handle_t *pamh, int flags,
98     int argc __unused, const char *argv[] __unused)
99 {
100 	struct passwd *pwd, pwres;
101 	struct timeval now;
102 	const char *user, *rhost, *tty, *nuser;
103 	const void *vrhost, *vtty, *vss, *vnuser;
104 	const struct sockaddr_storage *ss;
105 	int pam_err;
106 	char pwbuf[1024];
107 
108 	pam_err = pam_get_user(pamh, &user, NULL);
109 	if (pam_err != PAM_SUCCESS)
110 		return pam_err;
111 
112 	if (user == NULL ||
113 	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
114 	    pwd == NULL)
115 		return PAM_SERVICE_ERR;
116 
117 	PAM_LOG("Got user: %s", user);
118 
119 	pam_err = pam_get_item(pamh, PAM_RHOST, &vrhost);
120 	if (pam_err != PAM_SUCCESS)
121 		goto err;
122 	rhost = (const char *)vrhost;
123 
124 	pam_err = pam_get_item(pamh, PAM_SOCKADDR, &vss);
125 	if (pam_err != PAM_SUCCESS)
126 		goto err;
127 	ss = (const struct sockaddr_storage *)vss;
128 
129 	pam_err = pam_get_item(pamh, PAM_TTY, &vtty);
130 	if (pam_err != PAM_SUCCESS)
131 		goto err;
132 	tty = (const char *)vtty;
133 
134 	if (tty == NULL) {
135 		pam_err = PAM_SERVICE_ERR;
136 		goto err;
137 	}
138 
139 	if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
140 		nuser = NULL;
141 	else
142 		nuser = (const char *)vnuser;
143 
144 	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
145 		tty = tty + strlen(_PATH_DEV);
146 
147 	if (*tty == '\0') {
148 		pam_err = PAM_SERVICE_ERR;
149 		goto err;
150 	}
151 
152 	(void)gettimeofday(&now, NULL);
153 
154 	if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
155 		int quiet;
156 #ifdef LOGIN_CAP
157 		quiet = login_getcapbool(login_getpwclass(pwd), "hushlogin", 0);
158 #else
159 		quiet = 0;
160 #endif
161 #ifdef SUPPORT_UTMPX
162 		doutmpx(user, rhost, tty, ss, &now);
163 		dolastlogx(pamh, quiet, pwd, rhost, tty, ss, &now);
164 		quiet = 1;
165 #endif
166 #ifdef SUPPORT_UTMP
167 		doutmp(user, rhost, tty, &now);
168 		dolastlog(pamh, quiet, pwd, rhost, tty, &now);
169 #endif
170 	}
171 err:
172 	if (openpam_get_option(pamh, "no_fail"))
173 		return PAM_SUCCESS;
174 	return pam_err;
175 }
176 
177 PAM_EXTERN int
178 pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
179     int argc __unused, const char *argv[] __unused)
180 {
181 	const void *vtty, *vnuser;
182 	const char *tty, *nuser;
183 
184 	if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
185 		nuser = NULL;
186 	else
187 		nuser = (const char *)vnuser;
188 
189 	pam_get_item(pamh, PAM_TTY, &vtty);
190 	if (vtty == NULL)
191 		return PAM_SERVICE_ERR;
192 	tty = (const char *)vtty;
193 
194 	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
195 		tty = tty + strlen(_PATH_DEV);
196 
197 	if (*tty == '\0')
198 		return PAM_SERVICE_ERR;
199 
200 	if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
201 
202 #ifdef SUPPORT_UTMPX
203 		if (logoutx(tty, 0, DEAD_PROCESS))
204 			logwtmpx(tty, "", "", 0, DEAD_PROCESS);
205 		else
206 			syslog(LOG_NOTICE, "%s(): no utmpx record for %s",
207 			    __func__, tty);
208 #endif
209 
210 #ifdef SUPPORT_UTMP
211 		if (logout(tty))
212 			logwtmp(tty, "", "");
213 		else
214 			syslog(LOG_NOTICE, "%s(): no utmp record for %s",
215 		    __func__, tty);
216 #endif
217 	}
218         return PAM_SUCCESS;
219 }
220 
221 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
222 static void
223 domsg(pam_handle_t *pamh, time_t t, const char *host, size_t hsize,
224     const char *line, size_t lsize)
225 {
226 	char buf[MAXHOSTNAMELEN + 32], *promptresp = NULL;
227 	int pam_err;
228 
229 	if (*host) {
230 		(void)snprintf(buf, sizeof(buf), "from %.*s ",
231 		    (int)hsize, host);
232 		host = buf;
233 	}
234 
235 	pam_err = pam_prompt(pamh, PAM_TEXT_INFO, &promptresp,
236 	    "Last login: %.24s %son %.*s\n", ctime(&t), host, (int)lsize, line);
237 
238 	if (pam_err == PAM_SUCCESS && promptresp)
239 		free(promptresp);
240 }
241 #endif
242 
243 #ifdef SUPPORT_UTMPX
244 static void
245 doutmpx(const char *username, const char *hostname, const char *tty,
246     const struct sockaddr_storage *ss, const struct timeval *now)
247 {
248 	struct utmpx utmpx;
249 	const char *t;
250 
251 	memset((void *)&utmpx, 0, sizeof(utmpx));
252 	utmpx.ut_tv = *now;
253 	(void)strncpy(utmpx.ut_name, username, sizeof(utmpx.ut_name));
254 	if (hostname) {
255 		(void)strncpy(utmpx.ut_host, hostname, sizeof(utmpx.ut_host));
256 		if (ss)
257 			utmpx.ut_ss = *ss;
258 	}
259 	(void)strncpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line));
260 	utmpx.ut_type = USER_PROCESS;
261 	utmpx.ut_pid = getpid();
262 	t = tty + strlen(tty);
263 	if (t - tty >= sizeof(utmpx.ut_id)) {
264 		(void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
265 		    sizeof(utmpx.ut_id));
266 	} else {
267 		(void)strncpy(utmpx.ut_id, tty, sizeof(utmpx.ut_id));
268 	}
269 	if (pututxline(&utmpx) == NULL)
270 		syslog(LOG_NOTICE, "Cannot update utmpx %m");
271 	endutxent();
272 	if (updwtmpx(_PATH_WTMPX, &utmpx) != 0)
273 		syslog(LOG_NOTICE, "Cannot update wtmpx %m");
274 }
275 
276 static void
277 dolastlogx(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
278     const char *hostname, const char *tty, const struct sockaddr_storage *ss,
279     const struct timeval *now)
280 {
281 	struct lastlogx ll;
282 	if (!quiet) {
283 	    if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL)
284 		    domsg(pamh, (time_t)ll.ll_tv.tv_sec, ll.ll_host,
285 			sizeof(ll.ll_host), ll.ll_line,
286 			sizeof(ll.ll_line));
287 	}
288 	ll.ll_tv = *now;
289 	(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
290 
291 	if (hostname)
292 		(void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
293 	else
294 		(void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
295 
296 	if (ss)
297 		ll.ll_ss = *ss;
298 	else
299 		(void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss));
300 
301 	if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0)
302 		syslog(LOG_NOTICE, "Cannot update lastlogx %m");
303 	PAM_LOG("Login recorded in %s", _PATH_LASTLOGX);
304 }
305 #endif
306 
307 #ifdef SUPPORT_UTMP
308 static void
309 doutmp(const char *username, const char *hostname, const char *tty,
310     const struct timeval *now)
311 {
312 	struct utmp utmp;
313 
314 	(void)memset((void *)&utmp, 0, sizeof(utmp));
315 	utmp.ut_time = now->tv_sec;
316 	(void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
317 	if (hostname)
318 		(void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
319 	(void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
320 	login(&utmp);
321 }
322 
323 static void
324 dolastlog(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
325     const char *hostname, const char *tty, const struct timeval *now)
326 {
327 	struct lastlog ll;
328 	int fd;
329 
330 	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) == -1) {
331 		syslog(LOG_NOTICE, "Cannot open `%s' %m", _PATH_LASTLOG);
332 		return;
333 	}
334 	(void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
335 
336 	if (!quiet) {
337 		if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
338 		    ll.ll_time != 0)
339 			domsg(pamh, ll.ll_time, ll.ll_host,
340 			    sizeof(ll.ll_host), ll.ll_line,
341 			    sizeof(ll.ll_line));
342 		(void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
343 	}
344 
345 	ll.ll_time = now->tv_sec;
346 	(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
347 
348 	if (hostname)
349 		(void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
350 	else
351 		(void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
352 
353 	(void)write(fd, &ll, sizeof(ll));
354 	(void)close(fd);
355 
356 	PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
357 }
358 #endif
359 
360 PAM_MODULE_ENTRY("pam_lastlog");
361