1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <strings.h>
28 #include <syslog.h>
29
30 #include <security/pam_appl.h>
31 #include <security/pam_modules.h>
32
33 /*
34 * pam_deny - PAM service module that returns the default error code for
35 * all service module types.
36 *
37 * Entry argv = debug, syslog call LOG_AUTH | LOG_DEBUG.
38 *
39 * Exit PAM_* appropriate for service module type.
40 *
41 * Uses PAM_USER, PAM_SERVICE
42 */
43
44 static void
debug(pam_handle_t * pamh,int flags,int argc,const char ** argv,char * mod)45 debug(pam_handle_t *pamh, int flags, int argc, const char **argv, char *mod)
46 {
47 char *user;
48 char *service;
49
50 if (argc < 1 || strcmp(argv[0], "debug") != 0)
51 return;
52
53 (void) pam_get_item(pamh, PAM_SERVICE, (void **)&service);
54 (void) pam_get_item(pamh, PAM_USER, (void **)&user);
55
56 syslog(LOG_AUTH | LOG_DEBUG, "%s pam_deny:%s(%x) for %s",
57 service ? service : "No Service Specified", mod, flags,
58 user ? user : "No User Specified");
59 }
60
61 int
pam_sm_authenticate(pam_handle_t * pamh,int flags,int argc,const char ** argv)62 pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
63 {
64 debug(pamh, flags, argc, argv, "pam_sm_authenticate");
65 return (PAM_AUTH_ERR);
66 }
67
68 int
pam_sm_setcred(pam_handle_t * pamh,int flags,int argc,const char ** argv)69 pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
70 {
71 debug(pamh, flags, argc, argv, "pam_sm_setcred");
72 return (PAM_CRED_ERR);
73 }
74
75 int
pam_sm_acct_mgmt(pam_handle_t * pamh,int flags,int argc,const char ** argv)76 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
77 {
78 debug(pamh, flags, argc, argv, "pam_sm_acct_mgmt");
79 return (PAM_ACCT_EXPIRED);
80 }
81
82 int
pam_sm_open_session(pam_handle_t * pamh,int flags,int argc,const char ** argv)83 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
84 {
85 debug(pamh, flags, argc, argv, "pam_sm_open_session");
86 return (PAM_SESSION_ERR);
87 }
88
89 int
pam_sm_close_session(pam_handle_t * pamh,int flags,int argc,const char ** argv)90 pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
91 {
92 debug(pamh, flags, argc, argv, "pam_sm_close_session");
93 return (PAM_SESSION_ERR);
94 }
95
96 int
pam_sm_chauthtok(pam_handle_t * pamh,int flags,int argc,const char ** argv)97 pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
98 {
99 debug(pamh, flags, argc, argv, "pam_sm_chauthtok");
100 return (PAM_AUTHTOK_ERR);
101 }
102