xref: /netbsd-src/lib/libpam/modules/pam_lastlog/pam_lastlog.c (revision eb961d0e02b7a46a9acfa877b02df48df6637278) 
1 /*	$NetBSD: pam_lastlog.c,v 1.9 2006/02/19 00:13:09 christos Exp $	*/
2 
3 /*-
4  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  * Copyright (c) 2001 Mark R V Murray
7  * All rights reserved.
8  * Copyright (c) 2001 Networks Associates Technology, Inc.
9  * All rights reserved.
10  * Copyright (c) 2004 Joe R. Doupnik
11  * All rights reserved.
12  *
13  * Portions of this software were developed for the FreeBSD Project by
14  * ThinkSec AS and NAI Labs, the Security Research Division of Network
15  * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
16  * ("CBOSS"), as part of the DARPA CHATS research program.
17  *
18  * Redistribution and use in source and binary forms, with or without
19  * modification, are permitted provided that the following conditions
20  * are met:
21  * 1. Redistributions of source code must retain the above copyright
22  *    notice, this list of conditions and the following disclaimer.
23  * 2. Redistributions in binary form must reproduce the above copyright
24  *    notice, this list of conditions and the following disclaimer in the
25  *    documentation and/or other materials provided with the distribution.
26  * 3. The name of the author may not be used to endorse or promote
27  *    products derived from this software without specific prior written
28  *    permission.
29  * 4. Neither the name of the University nor the names of its contributors
30  *    may be used to endorse or promote products derived from this software
31  *    without specific prior written permission.
32  *
33  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
34  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
37  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43  * SUCH DAMAGE.
44  */
45 
46 #include <sys/cdefs.h>
47 #ifdef __FreeBSD__
48 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v 1.20 2004/01/26 19:28:37 des Exp $");
49 #else
50 __RCSID("$NetBSD: pam_lastlog.c,v 1.9 2006/02/19 00:13:09 christos Exp $");
51 #endif
52 
53 #include <sys/param.h>
54 
55 #include <fcntl.h>
56 #include <util.h>
57 #include <paths.h>
58 #include <pwd.h>
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <syslog.h>
63 #include <time.h>
64 #include <unistd.h>
65 #ifdef LOGIN_CAP
66 #include <login_cap.h>
67 #endif
68 
69 #define PAM_SM_SESSION
70 
71 #include <security/pam_appl.h>
72 #include <security/pam_modules.h>
73 #include <security/pam_mod_misc.h>
74 
75 #ifdef SUPPORT_UTMP
76 #include <utmp.h>
77 static void doutmp(const char *, const char *, const char *,
78     const struct timeval *);
79 static void dolastlog(pam_handle_t *, int, const struct passwd *, const char *,
80     const char *, const struct timeval *);
81 #endif
82 
83 #ifdef SUPPORT_UTMPX
84 #include <utmpx.h>
85 static void doutmpx(const char *, const char *, const char *,
86     const struct sockaddr_storage *ss, const struct timeval *);
87 static void dolastlogx(pam_handle_t *, int, const struct passwd *, const char *,
88     const char *, const struct sockaddr_storage *ss, const struct timeval *);
89 #endif
90 
91 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
92 static void domsg(pam_handle_t *, time_t, const char *, size_t, const char *,
93     size_t);
94 #endif
95 
96 PAM_EXTERN int
97 pam_sm_open_session(pam_handle_t *pamh, int flags,
98     int argc __unused, const char *argv[] __unused)
99 {
100 	struct passwd *pwd, pwres;
101 	struct timeval now;
102 	const char *user, *rhost, *tty, *nuser;
103 	const void *vrhost, *vtty, *vss, *vnuser;
104 	const struct sockaddr_storage *ss;
105 	int pam_err;
106 	char pwbuf[1024];
107 
108 	pam_err = pam_get_user(pamh, &user, NULL);
109 	if (pam_err != PAM_SUCCESS)
110 		return pam_err;
111 
112 	if (user == NULL ||
113 	    getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
114 	    pwd == NULL)
115 		return PAM_SERVICE_ERR;
116 
117 	PAM_LOG("Got user: %s", user);
118 
119 	pam_err = pam_get_item(pamh, PAM_RHOST, &vrhost);
120 	if (pam_err != PAM_SUCCESS)
121 		goto err;
122 	rhost = (const char *)vrhost;
123 
124 	pam_err = pam_get_item(pamh, PAM_SOCKADDR, &vss);
125 	if (pam_err != PAM_SUCCESS)
126 		goto err;
127 	ss = (const struct sockaddr_storage *)vss;
128 
129 	pam_err = pam_get_item(pamh, PAM_TTY, &vtty);
130 	if (pam_err != PAM_SUCCESS)
131 		goto err;
132 	tty = (const char *)vtty;
133 
134 	if (tty == NULL) {
135 		pam_err = PAM_SERVICE_ERR;
136 		goto err;
137 	}
138 
139 	if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
140 		nuser = NULL;
141 	else
142 		nuser = (const char *)vnuser;
143 
144 	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
145 		tty = tty + strlen(_PATH_DEV);
146 
147 	if (*tty == '\0') {
148 		pam_err = PAM_SERVICE_ERR;
149 		goto err;
150 	}
151 
152 	(void)gettimeofday(&now, NULL);
153 
154 	if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
155 		int quiet;
156 		if ((flags & PAM_SILENT) != 0)
157 			quiet = 1;
158 		else {
159 #ifdef LOGIN_CAP
160 			quiet = login_getcapbool(login_getpwclass(pwd),
161 			    "hushlogin", 0);
162 #else
163 			quiet = 0;
164 #endif
165 		}
166 #ifdef SUPPORT_UTMPX
167 		doutmpx(user, rhost, tty, ss, &now);
168 		dolastlogx(pamh, quiet, pwd, rhost, tty, ss, &now);
169 		quiet = 1;
170 #endif
171 #ifdef SUPPORT_UTMP
172 		doutmp(user, rhost, tty, &now);
173 		dolastlog(pamh, quiet, pwd, rhost, tty, &now);
174 #endif
175 	}
176 err:
177 	if (openpam_get_option(pamh, "no_fail"))
178 		return PAM_SUCCESS;
179 	return pam_err;
180 }
181 
182 PAM_EXTERN int
183 pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
184     int argc __unused, const char *argv[] __unused)
185 {
186 	const void *vtty, *vnuser;
187 	const char *tty, *nuser;
188 
189 	if (pam_get_item(pamh, PAM_NUSER, &vnuser) != PAM_SUCCESS)
190 		nuser = NULL;
191 	else
192 		nuser = (const char *)vnuser;
193 
194 	pam_get_item(pamh, PAM_TTY, &vtty);
195 	if (vtty == NULL)
196 		return PAM_SERVICE_ERR;
197 	tty = (const char *)vtty;
198 
199 	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
200 		tty = tty + strlen(_PATH_DEV);
201 
202 	if (*tty == '\0')
203 		return PAM_SERVICE_ERR;
204 
205 	if (openpam_get_option(pamh, "no_nested") == NULL || nuser == NULL) {
206 
207 #ifdef SUPPORT_UTMPX
208 		if (logoutx(tty, 0, DEAD_PROCESS))
209 			logwtmpx(tty, "", "", 0, DEAD_PROCESS);
210 		else
211 			syslog(LOG_NOTICE, "%s(): no utmpx record for %s",
212 			    __func__, tty);
213 #endif
214 
215 #ifdef SUPPORT_UTMP
216 		if (logout(tty))
217 			logwtmp(tty, "", "");
218 		else
219 			syslog(LOG_NOTICE, "%s(): no utmp record for %s",
220 		    __func__, tty);
221 #endif
222 	}
223         return PAM_SUCCESS;
224 }
225 
226 #if defined(SUPPORT_UTMPX) || defined(SUPPORT_UTMP)
227 static void
228 domsg(pam_handle_t *pamh, time_t t, const char *host, size_t hsize,
229     const char *line, size_t lsize)
230 {
231 	char buf[MAXHOSTNAMELEN + 32], *promptresp = NULL;
232 	int pam_err;
233 
234 	if (*host) {
235 		(void)snprintf(buf, sizeof(buf), "from %.*s ",
236 		    (int)hsize, host);
237 		host = buf;
238 	}
239 
240 	pam_err = pam_prompt(pamh, PAM_TEXT_INFO, &promptresp,
241 	    "Last login: %.24s %son %.*s\n", ctime(&t), host, (int)lsize, line);
242 
243 	if (pam_err == PAM_SUCCESS && promptresp)
244 		free(promptresp);
245 }
246 #endif
247 
248 #ifdef SUPPORT_UTMPX
249 static void
250 doutmpx(const char *username, const char *hostname, const char *tty,
251     const struct sockaddr_storage *ss, const struct timeval *now)
252 {
253 	struct utmpx utmpx;
254 	const char *t;
255 
256 	memset((void *)&utmpx, 0, sizeof(utmpx));
257 	utmpx.ut_tv = *now;
258 	(void)strncpy(utmpx.ut_name, username, sizeof(utmpx.ut_name));
259 	if (hostname) {
260 		(void)strncpy(utmpx.ut_host, hostname, sizeof(utmpx.ut_host));
261 		if (ss)
262 			utmpx.ut_ss = *ss;
263 	}
264 	(void)strncpy(utmpx.ut_line, tty, sizeof(utmpx.ut_line));
265 	utmpx.ut_type = USER_PROCESS;
266 	utmpx.ut_pid = getpid();
267 	t = tty + strlen(tty);
268 	if (t - tty >= sizeof(utmpx.ut_id)) {
269 		(void)strncpy(utmpx.ut_id, t - sizeof(utmpx.ut_id),
270 		    sizeof(utmpx.ut_id));
271 	} else {
272 		(void)strncpy(utmpx.ut_id, tty, sizeof(utmpx.ut_id));
273 	}
274 	if (pututxline(&utmpx) == NULL)
275 		syslog(LOG_NOTICE, "Cannot update utmpx %m");
276 	endutxent();
277 	if (updwtmpx(_PATH_WTMPX, &utmpx) != 0)
278 		syslog(LOG_NOTICE, "Cannot update wtmpx %m");
279 }
280 
281 static void
282 dolastlogx(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
283     const char *hostname, const char *tty, const struct sockaddr_storage *ss,
284     const struct timeval *now)
285 {
286 	struct lastlogx ll;
287 	if (!quiet) {
288 	    if (getlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != NULL)
289 		    domsg(pamh, (time_t)ll.ll_tv.tv_sec, ll.ll_host,
290 			sizeof(ll.ll_host), ll.ll_line,
291 			sizeof(ll.ll_line));
292 	}
293 	ll.ll_tv = *now;
294 	(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
295 
296 	if (hostname)
297 		(void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
298 	else
299 		(void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
300 
301 	if (ss)
302 		ll.ll_ss = *ss;
303 	else
304 		(void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss));
305 
306 	if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0)
307 		syslog(LOG_NOTICE, "Cannot update lastlogx %m");
308 	PAM_LOG("Login recorded in %s", _PATH_LASTLOGX);
309 }
310 #endif
311 
312 #ifdef SUPPORT_UTMP
313 static void
314 doutmp(const char *username, const char *hostname, const char *tty,
315     const struct timeval *now)
316 {
317 	struct utmp utmp;
318 
319 	(void)memset((void *)&utmp, 0, sizeof(utmp));
320 	utmp.ut_time = now->tv_sec;
321 	(void)strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
322 	if (hostname)
323 		(void)strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
324 	(void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
325 	login(&utmp);
326 }
327 
328 static void
329 dolastlog(pam_handle_t *pamh, int quiet, const struct passwd *pwd,
330     const char *hostname, const char *tty, const struct timeval *now)
331 {
332 	struct lastlog ll;
333 	int fd;
334 
335 	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) == -1) {
336 		syslog(LOG_NOTICE, "Cannot open `%s' %m", _PATH_LASTLOG);
337 		return;
338 	}
339 	(void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
340 
341 	if (!quiet) {
342 		if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
343 		    ll.ll_time != 0)
344 			domsg(pamh, ll.ll_time, ll.ll_host,
345 			    sizeof(ll.ll_host), ll.ll_line,
346 			    sizeof(ll.ll_line));
347 		(void)lseek(fd, (off_t)(pwd->pw_uid * sizeof(ll)), SEEK_SET);
348 	}
349 
350 	ll.ll_time = now->tv_sec;
351 	(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
352 
353 	if (hostname)
354 		(void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
355 	else
356 		(void)memset(ll.ll_host, 0, sizeof(ll.ll_host));
357 
358 	(void)write(fd, &ll, sizeof(ll));
359 	(void)close(fd);
360 
361 	PAM_LOG("Login recorded in %s", _PATH_LASTLOG);
362 }
363 #endif
364 
365 PAM_MODULE_ENTRY("pam_lastlog");
366