diff --git a/cde/programs/dtlogin/Imakefile b/cde/programs/dtlogin/Imakefile index 7e1249749..057b7fb25 100644 --- a/cde/programs/dtlogin/Imakefile +++ b/cde/programs/dtlogin/Imakefile @@ -130,6 +130,13 @@ DEPXAUTHLIB = DEPXDMCPLIB = #endif +#ifdef HasPamLibrary +DTPAMSVCLIB = -lDtPamSvc +EXTRA_DEFINES += -DHAS_PAM_LIBRARY +#else +DTPAMSVCLIB = +#endif + /************************************************************************** * * Source and object modules @@ -291,7 +298,8 @@ EXTRA_RES_DEFINES = \ $(DEPXTOOLLIB) $(DEPXLIB) DEPLIBS3 = $(DEPXDMCPLIB) $(DEPXMLIB) $(DEPXTOOLLIB) $(DEPXLIB) - BASE_LIBS1 = $(XAUTHLIB) $(LOGINXMULIB) $(XDMCPLIB) $(LOGINXLIB) + BASE_LIBS1 = $(XAUTHLIB) $(LOGINXMULIB) $(XDMCPLIB) $(LOGINXLIB) \ + $(DTPAMSVCLIB) BASE_LIBS2 = $(DTWIDGETLIB) $(DTSVCLIB) $(TTLIB) $(XMLIB) \ $(XTOOLLIB) $(XLIB) $(XINLIB) BASE_LIBS3 = $(DTWIDGETLIB) $(DTSVCLIB) $(TTLIB) $(XDMCPLIB) $(XMLIB) \ diff --git a/cde/programs/dtlogin/account.c b/cde/programs/dtlogin/account.c index 3ea5c320f..b70276573 100644 --- a/cde/programs/dtlogin/account.c +++ b/cde/programs/dtlogin/account.c @@ -137,9 +137,14 @@ Account( struct display *d, char *user, char *line, pid_t pid, #endif /* NeedWidePrototypes */ waitType exitcode ) { -#if !defined(CSRG_BASED) /* we cannot do this on BSD ... */ +#if !defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY) +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + struct utmpx utmp; /* local struct for new entry */ + struct utmpx *u; /* pointer to entry in utmp file */ +#else struct utmp utmp; /* local struct for new entry */ struct utmp *u; /* pointer to entry in utmp file */ +#endif int fd; char buf[32]; char* user_str = user ? user : "NULL"; @@ -169,6 +174,9 @@ Account( struct display *d, char *user, char *line, pid_t pid, #ifdef PAM PamAccounting("dtlogin", d->name, d->utmpId, user, line, pid, type, exitcode); +#elif defined(HAS_PAM_LIBRARY) + _DtAccounting("dtlogin", d->name, d->utmpId, user, + line, pid, type, exitcode); #else # ifdef SUNAUTH solaris_accounting("dtlogin", d->name, d->utmpId, user, @@ -178,14 +186,23 @@ Account( struct display *d, char *user, char *line, pid_t pid, #ifdef sun return; +#else +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + bzero(&utmp, sizeof(struct utmpx)); #else bzero(&utmp, sizeof(struct utmp)); +#endif strncpy(utmp.ut_id, d->utmpId, sizeof(u->ut_id) - 1); utmp.ut_type = LOGIN_PROCESS; +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + setutxent(); + if ( (u = getutxid(&utmp)) == NULL ) u = &utmp; +#else setutent(); if ( (u = getutid(&utmp)) == NULL ) u = &utmp; +#endif /* * make sure process ID's match if this is DEAD_PROCESS... @@ -195,7 +212,11 @@ Account( struct display *d, char *user, char *line, pid_t pid, if ((type == DEAD_PROCESS && pid != 0 && u->ut_pid != pid) || (type == DEAD_PROCESS && u->ut_type == DEAD_PROCESS) ) { +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + endutxent(); +#else endutent(); +#endif return; } @@ -247,8 +268,10 @@ Account( struct display *d, char *user, char *line, pid_t pid, if (type) { u->ut_type = type; if (type == DEAD_PROCESS) { +#if !(defined(__FreeBSD__) && OSMAJORVERSION > 8) u->ut_exit.e_termination = waitSig(exitcode); u->ut_exit.e_exit = waitCode(exitcode); +#endif #ifndef SVR4 (void) memset((char *) u->ut_host, '\0', sizeof(u->ut_host)); #endif @@ -263,11 +286,17 @@ Account( struct display *d, char *user, char *line, pid_t pid, #endif } +#if !(defined(__FreeBSD__) && OSMAJORVERSION > 8) if (type == USER_PROCESS) u->ut_exit.e_exit = (d->displayType.location == Local ? 1 : 0 ); +#endif } +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + (void) time(&u->ut_tv); +#else (void) time(&u->ut_time); +#endif /* * write to utmp... @@ -277,9 +306,14 @@ Account( struct display *d, char *user, char *line, pid_t pid, * to wtmp!) */ +#if defined(__FreeBSD__) && OSMAJORVERSION > 8 + pututxline(u); +#else pututline(u); +#endif +#if !(defined(__FreeBSD__) && OSMAJORVERSION > 8) /* * write the same entry to wtmp... */ @@ -297,6 +331,9 @@ Account( struct display *d, char *user, char *line, pid_t pid, */ endutent(); +#else + endutxent(); +#endif #ifdef __PASSWD_ETC /* Now fill in the "rgy utmp" struct */ diff --git a/cde/programs/dtlogin/config/Imakefile b/cde/programs/dtlogin/config/Imakefile index b07623e40..4728678e2 100644 --- a/cde/programs/dtlogin/config/Imakefile +++ b/cde/programs/dtlogin/config/Imakefile @@ -26,6 +26,14 @@ LOCAL_CPP_DEFINES = -DCDE_CONFIGURATION_TOP=$(CDE_CONFIGURATION_TOP) \ LOCAL_CPP_DEFINES += -DFREEBSD #endif +#ifdef HasPamLibrary +LOCAL_CPP_DEFINES += -DHAS_PAM_LIBRARY +#ifdef PamAuthenticationModule +PAM_AUTHENTICATION_MODULE=PamAuthenticationModule +LOCAL_CPP_DEFINES += -DPAM_AUTHENTICATION_MODULE=$(PAM_AUTHENTICATION_MODULE) +#endif +#endif + #ifdef SunArchitecture EXTRA_CPP_TARGETS = \ 0015.sun.env \ @@ -48,7 +56,8 @@ CPP_TARGETS = \ Xstartup current.session \ display.current.session display.home.session \ dtlslocale dtprofile \ - home.session $(EXTRA_CPP_TARGETS) + home.session dtlogin.pam.conf \ + $(EXTRA_CPP_TARGETS) AllTarget($(CPP_TARGETS)) @@ -81,3 +90,7 @@ CppSourceFile(display.home.session,display.home.session.src,$(LOCAL_CPP_DEFINES) CppSourceFile(dtlslocale,dtlslocale.src,$(LOCAL_CPP_DEFINES),) CppSourceFile(dtprofile,dtprofile.src,$(LOCAL_CPP_DEFINES),) CppSourceFile(home.session,home.session.src,$(LOCAL_CPP_DEFINES),) + +#ifdef HasPamLibrary +CppSourceFile(dtlogin.pam.conf,dtlogin.pam.conf.src,$(LOCAL_CPP_DEFINES),) +#endif diff --git a/cde/programs/dtlogin/config/Xsetup.src b/cde/programs/dtlogin/config/Xsetup.src index 3c6a0e63f..b4a06f870 100644 --- a/cde/programs/dtlogin/config/Xsetup.src +++ b/cde/programs/dtlogin/config/Xsetup.src @@ -80,3 +80,18 @@ fi fi fi #endif + +#ifdef HAS_PAM_LIBRARY +#ifdef __FreeBSD__ +#define PAM_D /usr/local/etc/pam.d +#else +#define PAM_D /etc/pam.d +#endif + + if [ ! -f PAM_D/dtlogin ]; then + if [ -f CDE_INSTALLATION_TOP/config/dtlogin.pam.conf ]; then + /bin/cp CDE_INSTALLATION_TOP/config/dtlogin.pam.conf PAM_D/dtlogin + /bin/chmod 644 PAM_D/dtlogin + fi + fi +#endif diff --git a/cde/programs/dtlogin/config/dtlogin.pam.conf.src b/cde/programs/dtlogin/config/dtlogin.pam.conf.src new file mode 100644 index 000000000..72db900b3 --- /dev/null +++ b/cde/programs/dtlogin/config/dtlogin.pam.conf.src @@ -0,0 +1,11 @@ +#ifdef PAM_AUTHENTICATION_MODULE +auth sufficient PAM_AUTHENTICATION_MODULE +#endif +auth required pam_unix.so + +account required pam_nologin.so +account required pam_unix.so + +session required pam_lastlog.so + +password required pam_deny.so diff --git a/cde/programs/dtlogin/session.c b/cde/programs/dtlogin/session.c index c5b587fe2..e5771038c 100644 --- a/cde/programs/dtlogin/session.c +++ b/cde/programs/dtlogin/session.c @@ -166,6 +166,7 @@ struct greet_state { }; char *globalDisplayName; +extern char *progName; /* Global argv[0]; dtlogin name and path */ /*************************************************************************** * @@ -276,9 +277,10 @@ SessionPingFailed( struct display *d ) AbortClient (clientPid); source (&verify, d->reset); + char* user = getEnv (verify.userEnviron, "USER"); + #if defined (PAM) || defined(SUNAUTH) { - char* user = getEnv (verify.userEnviron, "USER"); char* ttyLine = d->gettyLine; #ifdef DEF_NETWORK_DEV @@ -310,6 +312,9 @@ SessionPingFailed( struct display *d ) } #endif +#if !defined(sun) && defined(HAS_PAM_LIBRARY) + Account(d, user, NULL, clientPid, DEAD_PROCESS, NULL); +#endif } SessionExit (d, RESERVER_DISPLAY); } @@ -597,9 +602,10 @@ ManageSession( struct display *d ) Debug ("Source reset program %s\n", d->reset); source (&verify, d->reset); + char* user = getEnv (verify.userEnviron, "USER"); + #if defined(PAM) || defined(SUNAUTH) { - char* user = getEnv (verify.userEnviron, "USER"); char* ttyLine = d->gettyLine; # ifdef DEF_NETWORK_DEV @@ -631,6 +637,10 @@ ManageSession( struct display *d ) } #endif +#if !defined(sun) && defined(HAS_PAM_LIBRARY) + Account(d, user, NULL, clientPid, DEAD_PROCESS, NULL); +#endif + SessionExit (d, OBEYSESS_DISPLAY); } @@ -1262,7 +1272,7 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp ) } #endif -#if !defined(sun) && !defined(CSRG_BASED) +#if !defined(sun) && (!defined(CSRG_BASED) || defined(HAS_PAM_LIBRARY)) Account(d, user, NULL, getpid(), USER_PROCESS, status); #endif @@ -1344,6 +1354,18 @@ StartClient( struct verify_info *verify, struct display *d, int *pidp ) Debug("Can't set User's Credentials (user=%s)\n",user); return(0); } +#elif defined(HAS_PAM_LIBRARY) + char *prog_name = strrchr(progName, '/'); + if (!prog_name || _DtSetCred(prog_name + 1, user, verify->uid, +#ifdef NGROUPS + verify->groups[0] +#else + verify->gid +#endif + ) > 0 ) { + Debug("Can't set User's Credentials (user=%s)\n",user); + return(0); + } #endif #ifdef SUNAUTH @@ -1843,7 +1865,6 @@ execute(char **argv, char **environ ) #define MSGSIZE 512 extern int session_set; -extern char *progName; /* Global argv[0]; dtlogin name and path */ int response[2], request[2]; diff --git a/cde/programs/dtlogin/sysauth.c b/cde/programs/dtlogin/sysauth.c index 34a987b28..fd7d453c2 100644 --- a/cde/programs/dtlogin/sysauth.c +++ b/cde/programs/dtlogin/sysauth.c @@ -84,7 +84,7 @@ #include #include -#ifdef PAM +#if defined(PAM) || defined(HAS_PAM_LIBRARY) #include #endif @@ -114,7 +114,8 @@ /* * Define as generic those without platform specific code. */ -#if !(defined(__hpux) || defined(_AIX) || defined(sun)) +#if !(defined(__hpux) || defined(_AIX) || defined(sun) || \ + defined(HAS_PAM_LIBRARY)) #define generic #endif @@ -1061,7 +1062,8 @@ WriteBtmp( char *name ) ***************************************************************************/ -#ifdef sun +#if defined(sun) || defined(HAS_PAM_LIBRARY) + /*************************************************************************** * * Start authentication routines (SUN) @@ -1150,8 +1152,14 @@ Authenticate( struct display *d, char *name, char *passwd, char **msg ) * Authenticate user and return status */ -#ifdef PAM - status = PamAuthenticate("dtlogin", d->name, passwd, name, ttyLine); +#if defined(PAM) || defined(HAS_PAM_LIBRARY) + status = +#ifdef PAM + PamAuthenticate +#else + _DtAuthentication +#endif + ("dtlogin", d->name, passwd, name, ttyLine); switch(status) { case PAM_SUCCESS: