1 /* pam_lastlog module */
6 * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
8 * This module does the necessary work to display the last login
9 * time+date for this user, it then updates this entry for the
10 * present (login) service.
15 # include <features.h>
30 #include <sys/types.h>
35 #include <pwdb/pwdb_public.h> /* use POSIX front end */
38 #if defined(hpux) || defined(sunos) || defined(solaris)
39 # ifndef _PATH_LASTLOG
40 # define _PATH_LASTLOG "/usr/adm/lastlog"
41 # endif /* _PATH_LASTLOG */
43 # define UT_HOSTSIZE 16
44 # endif /* UT_HOSTSIZE */
46 # define UT_LINESIZE 12
47 # endif /* UT_LINESIZE */
52 char ll_line[UT_LINESIZE];
53 char ll_host[UT_HOSTSIZE]; /* same as in utmp */
57 /* XXX - time before ignoring lock. Is 1 sec enough? */
58 #define LASTLOG_IGNORE_LOCK_TIME 1
60 #define DEFAULT_HOST "" /* "[no.where]" */
61 #define DEFAULT_TERM "" /* "tt???" */
62 #define LASTLOG_NEVER_WELCOME "Welcome to your new account!"
63 #define LASTLOG_INTRO "Last login:"
64 #define LASTLOG_TIME " %s"
65 #define _LASTLOG_HOST_FORMAT " from %%.%ds"
66 #define _LASTLOG_LINE_FORMAT " on %%.%ds"
67 #define LASTLOG_TAIL ""
68 #define LASTLOG_MAXSIZE (sizeof(LASTLOG_INTRO)+0 \
69 +sizeof(LASTLOG_TIME)+strlen(the_time) \
70 +sizeof(_LASTLOG_HOST_FORMAT)+UT_HOSTSIZE \
71 +sizeof(_LASTLOG_LINE_FORMAT)+UT_LINESIZE \
72 +sizeof(LASTLOG_TAIL))
75 * here, we make a definition for the externally accessible function
76 * in this file (this definition is required for static a module
77 * but strongly encouraged generally) it is used to instruct the
78 * modules include file to define the function prototypes.
81 #define PAM_SM_SESSION
83 #include <security/pam_modules.h>
84 #include <security/_pam_macros.h>
88 static void _log_err(int err, const char *format, ...)
92 va_start(args, format);
93 openlog("PAM-lastlog", LOG_CONS|LOG_PID, LOG_AUTH);
94 vsyslog(err, format, args);
99 /* argument parsing */
101 #define LASTLOG_DATE 01 /* display the date of the last login */
102 #define LASTLOG_HOST 02 /* display the last host used (if set) */
103 #define LASTLOG_LINE 04 /* display the last terminal used */
104 #define LASTLOG_NEVER 010 /* display a welcome message for first login */
105 #define LASTLOG_DEBUG 020 /* send info to syslog(3) */
106 #define LASTLOG_QUIET 040 /* keep quiet about things */
108 static int _pam_parse(int flags, int argc, const char **argv)
110 int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE);
112 /* does the appliction require quiet? */
113 if (flags & PAM_SILENT) {
114 ctrl |= LASTLOG_QUIET;
117 /* step through arguments */
118 for (; argc-- > 0; ++argv) {
120 /* generic options */
122 if (!strcmp(*argv,"debug")) {
123 ctrl |= LASTLOG_DEBUG;
124 } else if (!strcmp(*argv,"nodate")) {
125 ctrl |= ~LASTLOG_DATE;
126 } else if (!strcmp(*argv,"noterm")) {
127 ctrl |= ~LASTLOG_LINE;
128 } else if (!strcmp(*argv,"nohost")) {
129 ctrl |= ~LASTLOG_HOST;
130 } else if (!strcmp(*argv,"silent")) {
131 ctrl |= LASTLOG_QUIET;
132 } else if (!strcmp(*argv,"never")) {
133 ctrl |= LASTLOG_NEVER;
135 _log_err(LOG_ERR,"unknown option; %s",*argv);
139 D(("ctrl = %o", ctrl));
143 /* a front end for conversations */
145 static int converse(pam_handle_t *pamh, int ctrl, int nargs
146 , struct pam_message **message
147 , struct pam_response **response)
150 struct pam_conv *conv;
152 D(("begin to converse"));
154 retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ;
155 if ( retval == PAM_SUCCESS ) {
157 retval = conv->conv(nargs, ( const struct pam_message ** ) message
158 , response, conv->appdata_ptr);
160 D(("returned from application's conversation function"));
162 if (retval != PAM_SUCCESS && (ctrl & LASTLOG_DEBUG) ) {
163 _log_err(LOG_DEBUG, "conversation failure [%s]"
164 , pam_strerror(pamh, retval));
168 _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
169 , pam_strerror(pamh, retval));
172 D(("ready to return from module conversation"));
174 return retval; /* propagate error status */
177 static int make_remark(pam_handle_t *pamh, int ctrl, const char *remark)
181 if (!(ctrl & LASTLOG_QUIET)) {
182 struct pam_message msg[1], *mesg[1];
183 struct pam_response *resp=NULL;
186 msg[0].msg_style = PAM_TEXT_INFO;
189 retval = converse(pamh, ctrl, 1, mesg, &resp);
193 _pam_drop_reply(resp, 1);
196 D(("keeping quiet"));
197 retval = PAM_SUCCESS;
200 D(("returning %s", pam_strerror(pamh, retval)));
205 * Values for the announce flags..
208 static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid)
210 struct flock last_lock;
211 struct lastlog last_login;
212 int retval = PAM_SESSION_ERR;
215 /* obtain the last login date and all the relevant info */
216 last_fd = open(_PATH_LASTLOG, O_RDWR);
218 D(("unable to open the %s file", _PATH_LASTLOG));
219 if (announce & LASTLOG_DEBUG) {
220 _log_err(LOG_DEBUG, "unable to open %s file", _PATH_LASTLOG);
222 retval = PAM_PERM_DENIED;
226 /* read the lastlogin file - for this uid */
227 (void) lseek(last_fd, sizeof(last_login) * (off_t) uid, SEEK_SET);
229 memset(&last_lock, 0, sizeof(last_lock));
230 last_lock.l_type = F_RDLCK;
231 last_lock.l_whence = SEEK_SET;
232 last_lock.l_start = sizeof(last_login) * (off_t) uid;
233 last_lock.l_len = sizeof(last_login);
235 if ( fcntl(last_fd, F_SETLK, &last_lock) < 0 ) {
236 D(("locking %s failed..(waiting a little)", _PATH_LASTLOG));
237 _log_err(LOG_ALERT, "%s file is locked/read", _PATH_LASTLOG);
238 sleep(LASTLOG_IGNORE_LOCK_TIME);
241 win = ( read(last_fd, &last_login, sizeof(last_login))
242 == sizeof(last_login) );
244 last_lock.l_type = F_UNLCK;
245 (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */
248 D(("First login for user uid=%d", _PATH_LASTLOG, uid));
249 if (announce & LASTLOG_DEBUG) {
250 _log_err(LOG_DEBUG, "creating lastlog for uid %d", uid);
252 memset(&last_login, 0, sizeof(last_login));
256 (void) lseek(last_fd, sizeof(last_login) * (off_t) uid, SEEK_SET);
258 if (!(announce & LASTLOG_QUIET)) {
259 if (last_login.ll_time) {
263 the_time = ctime(&last_login.ll_time);
264 the_time[-1+strlen(the_time)] = '\0'; /* delete '\n' */
266 remark = malloc(LASTLOG_MAXSIZE);
267 if (remark == NULL) {
268 D(("no memory for last login remark"));
269 retval = PAM_BUF_ERR;
273 /* printing prefix */
274 at = sprintf(remark, "%s", LASTLOG_INTRO);
276 /* we want the date? */
277 if (announce & LASTLOG_DATE) {
278 at += sprintf(remark+at, LASTLOG_TIME, the_time);
281 /* we want & have the host? */
282 if ((announce & LASTLOG_HOST)
283 && (last_login.ll_host[0] != '\0')) {
284 char format[2*sizeof(_LASTLOG_HOST_FORMAT)];
286 (void) sprintf(format, _LASTLOG_HOST_FORMAT
288 D(("format: %s", format));
289 at += sprintf(remark+at, format, last_login.ll_host);
290 _pam_overwrite(format);
293 /* we want and have the terminal? */
294 if ((announce & LASTLOG_LINE)
295 && (last_login.ll_line[0] != '\0')) {
296 char format[2*sizeof(_LASTLOG_LINE_FORMAT)];
298 (void) sprintf(format, _LASTLOG_LINE_FORMAT
300 D(("format: %s", format));
301 at += sprintf(remark+at, format, last_login.ll_line);
302 _pam_overwrite(format);
305 /* display requested combo */
306 sprintf(remark+at, "%s", LASTLOG_TAIL);
308 retval = make_remark(pamh, announce, remark);
310 /* free all the stuff malloced */
311 _pam_overwrite(remark);
314 } else if ((!last_login.ll_time) && (announce & LASTLOG_NEVER)) {
315 D(("this is the first time this user has logged in"));
316 retval = make_remark(pamh, announce, LASTLOG_NEVER_WELCOME);
319 D(("no text was requested"));
320 retval = PAM_SUCCESS;
323 /* write latest value */
325 const char *remote_host=NULL
326 , *terminal_line=DEFAULT_TERM;
328 /* set this login date */
329 D(("set the most recent login time"));
331 (void) time(&last_login.ll_time); /* set the time */
333 /* set the remote host */
334 (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host);
335 if (remote_host == NULL) {
336 remote_host = DEFAULT_HOST;
339 /* copy to last_login */
340 strncpy(last_login.ll_host, remote_host
341 , sizeof(last_login.ll_host));
344 /* set the terminal line */
345 (void) pam_get_item(pamh, PAM_TTY, (const void **)&terminal_line);
346 D(("terminal = %s", terminal_line));
347 if (terminal_line == NULL) {
348 terminal_line = DEFAULT_TERM;
349 } else if ( !strncmp("/dev/", terminal_line, 5) ) {
350 /* strip leading "/dev/" from tty.. */
353 D(("terminal = %s", terminal_line));
355 /* copy to last_login */
356 strncpy(last_login.ll_line, terminal_line
357 , sizeof(last_login.ll_line));
358 terminal_line = NULL;
360 D(("locking last_log file"));
362 /* now we try to lock this file-record exclusively; non-blocking */
363 memset(&last_lock, 0, sizeof(last_lock));
364 last_lock.l_type = F_WRLCK;
365 last_lock.l_whence = SEEK_SET;
366 last_lock.l_start = sizeof(last_login) * (off_t) uid;
367 last_lock.l_len = sizeof(last_login);
369 if ( fcntl(last_fd, F_SETLK, &last_lock) < 0 ) {
370 D(("locking %s failed..(waiting a little)", _PATH_LASTLOG));
371 _log_err(LOG_ALERT, "%s file is locked/write", _PATH_LASTLOG);
372 sleep(LASTLOG_IGNORE_LOCK_TIME);
375 D(("writing to the last_log file"));
376 (void) write(last_fd, &last_login, sizeof(last_login));
378 last_lock.l_type = F_UNLCK;
379 (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */
382 close(last_fd); /* all done */
384 D(("all done with last login"));
387 /* reset the last login structure */
388 memset(&last_login, 0, sizeof(last_login));
393 /* --- authentication management functions (only) --- */
396 int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc
401 const struct passwd *pwd;
405 * this module gets the uid of the PAM_USER. Uses it to display
406 * last login info and then updates the lastlog for that user.
409 ctrl = _pam_parse(flags, argc, argv);
413 retval = pam_get_item(pamh, PAM_USER, (const void **)&user);
414 if (retval != PAM_SUCCESS || user == NULL || *user == '\0') {
415 _log_err(LOG_NOTICE, "user unknown");
416 return PAM_USER_UNKNOWN;
421 pwd = getpwnam(user);
423 D(("couldn't identify user %s", user));
424 return PAM_CRED_INSUFFICIENT;
427 pwd = NULL; /* tidy up */
429 /* process the current login attempt (indicate last) */
431 retval = last_login_date(pamh, ctrl, uid);
433 /* indicate success or failure */
435 uid = -1; /* forget this */
441 int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
449 /* static module data */
451 struct pam_module _pam_lastlog_modstruct = {
457 pam_sm_close_session,
463 /* end of module definition */