6 * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
7 * $HOME additions by David Kinchlea <kinch@kinch.ark.com> 1997/1/7
8 * mailhash additions by Chris Adams <cadams@ro.com> 1998/7/11
11 #include <security/_pam_aconf.h>
21 #include <sys/types.h>
26 #include <pwdb/pwdb_public.h>
29 #define DEFAULT_MAIL_DIRECTORY PAM_PATH_MAILDIR
30 #define MAIL_FILE_FORMAT "%s%s/%s"
31 #define MAIL_ENV_NAME "MAIL"
32 #define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s"
33 #define YOUR_MAIL_VERBOSE_FORMAT "You have %s mail in %s."
34 #define YOUR_MAIL_STANDARD_FORMAT "You have %smail."
35 #define NO_MAIL_STANDARD_FORMAT "No mail."
38 * here, we make a definition for the externally accessible function
39 * in this file (this definition is required for static a module
40 * but strongly encouraged generally) it is used to instruct the
41 * modules include file to define the function prototypes.
44 #define PAM_SM_SESSION
47 #include <security/pam_modules.h>
48 #include <security/_pam_macros.h>
52 static void _log_err(int err, const char *format, ...)
56 va_start(args, format);
57 openlog("PAM-mail", LOG_CONS|LOG_PID, LOG_AUTH);
58 vsyslog(err, format, args);
63 /* argument parsing */
65 #define PAM_DEBUG_ARG 0x0001
66 #define PAM_NO_LOGIN 0x0002
67 #define PAM_LOGOUT_TOO 0x0004
68 #define PAM_NEW_MAIL_DIR 0x0010
69 #define PAM_MAIL_SILENT 0x0020
70 #define PAM_NO_ENV 0x0040
71 #define PAM_HOME_MAIL 0x0100
72 #define PAM_EMPTY_TOO 0x0200
73 #define PAM_STANDARD_MAIL 0x0400
74 #define PAM_QUIET_MAIL 0x1000
76 static int _pam_parse(int flags, int argc, const char **argv, char **maildir,
81 if (flags & PAM_SILENT) {
82 ctrl |= PAM_MAIL_SILENT;
87 /* step through arguments */
88 for (; argc-- > 0; ++argv) {
92 if (!strcmp(*argv,"debug"))
93 ctrl |= PAM_DEBUG_ARG;
94 else if (!strcmp(*argv,"quiet"))
95 ctrl |= PAM_QUIET_MAIL;
96 else if (!strcmp(*argv,"standard"))
97 ctrl |= PAM_STANDARD_MAIL | PAM_EMPTY_TOO;
98 else if (!strncmp(*argv,"dir=",4)) {
99 *maildir = x_strdup(4+*argv);
100 if (*maildir != NULL) {
101 D(("new mail directory: %s", *maildir));
102 ctrl |= PAM_NEW_MAIL_DIR;
105 "failed to duplicate mail directory - ignored");
107 } else if (!strncmp(*argv,"hash=",5)) {
109 *hashcount = strtol(*argv+5,&ep,10);
110 if (!ep || (*hashcount < 0)) {
113 } else if (!strcmp(*argv,"close")) {
114 ctrl |= PAM_LOGOUT_TOO;
115 } else if (!strcmp(*argv,"nopen")) {
116 ctrl |= PAM_NO_LOGIN;
117 } else if (!strcmp(*argv,"noenv")) {
119 } else if (!strcmp(*argv,"empty")) {
120 ctrl |= PAM_EMPTY_TOO;
122 _log_err(LOG_ERR,"pam_parse: unknown option; %s",*argv);
126 if ((*hashcount != 0) && !(ctrl & PAM_NEW_MAIL_DIR)) {
127 *maildir = x_strdup(DEFAULT_MAIL_DIRECTORY);
128 ctrl |= PAM_NEW_MAIL_DIR;
134 /* a front end for conversations */
136 static int converse(pam_handle_t *pamh, int ctrl, int nargs
137 , struct pam_message **message
138 , struct pam_response **response)
141 struct pam_conv *conv;
143 D(("begin to converse"));
145 retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ;
146 if ( retval == PAM_SUCCESS ) {
148 retval = conv->conv(nargs, ( const struct pam_message ** ) message
149 , response, conv->appdata_ptr);
151 D(("returned from application's conversation function"));
153 if (retval != PAM_SUCCESS && (PAM_DEBUG_ARG & ctrl) ) {
154 _log_err(LOG_DEBUG, "conversation failure [%s]"
155 , pam_strerror(pamh, retval));
159 _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
160 , pam_strerror(pamh, retval));
163 D(("ready to return from module conversation"));
165 return retval; /* propagate error status */
168 static int get_folder(pam_handle_t *pamh, int ctrl,
169 char **path_mail, char **folder_p, int hashcount)
172 const char *user, *path;
174 const struct passwd *pwd=NULL;
176 retval = pam_get_user(pamh, &user, NULL);
177 if (retval != PAM_SUCCESS || user == NULL) {
178 _log_err(LOG_ERR, "no user specified");
179 return PAM_USER_UNKNOWN;
182 if (ctrl & PAM_NEW_MAIL_DIR) {
184 if (*path == '~') { /* support for $HOME delivery */
185 pwd = getpwnam(user);
187 _log_err(LOG_ERR, "user [%s] unknown", user);
188 _pam_overwrite(*path_mail);
189 _pam_drop(*path_mail);
190 return PAM_USER_UNKNOWN;
193 * "~/xxx" and "~xxx" are treated as same
195 if (!*++path || (*path == '/' && !*++path)) {
196 _log_err(LOG_ALERT, "badly formed mail path [%s]", *path_mail);
197 _pam_overwrite(*path_mail);
198 _pam_drop(*path_mail);
201 ctrl |= PAM_HOME_MAIL;
202 if (hashcount != 0) {
203 _log_err(LOG_ALERT, "can't do hash= and home directory mail");
207 path = DEFAULT_MAIL_DIRECTORY;
210 /* put folder together */
212 if (ctrl & PAM_HOME_MAIL) {
213 folder = malloc(sizeof(MAIL_FILE_FORMAT)
214 +strlen(pwd->pw_dir)+strlen(path));
216 folder = malloc(sizeof(MAIL_FILE_FORMAT)+strlen(path)+strlen(user)
220 if (folder != NULL) {
221 if (ctrl & PAM_HOME_MAIL) {
222 sprintf(folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path);
225 char *hash = malloc(2*hashcount+1);
228 for (i = 0; i < hashcount; i++) {
230 hash[2*i+1] = user[i];
233 sprintf(folder, MAIL_FILE_FORMAT, path, hash, user);
234 _pam_overwrite(hash);
237 sprintf(folder, "error");
240 D(("folder =[%s]", folder));
245 _pam_overwrite(*path_mail);
246 _pam_drop(*path_mail);
249 if (folder == NULL) {
250 _log_err(LOG_CRIT, "out of memory for mail folder");
260 static const char *get_mail_status(int ctrl, const char *folder)
262 const char *type = NULL;
263 static char dir[256];
265 struct dirent **namelist;
268 if (stat(folder, &mail_st) == 0) {
269 if (S_ISDIR(mail_st.st_mode)) { /* Assume Maildir format */
270 sprintf(dir, "%.250s/new", folder);
271 i = scandir(dir, &namelist, 0, alphasort);
279 sprintf(dir, "%.250s/cur", folder);
280 i = scandir(dir, &namelist, 0, alphasort);
285 } else if (ctrl & PAM_EMPTY_TOO) {
294 if (mail_st.st_size > 0) {
295 if (mail_st.st_atime < mail_st.st_mtime) /* new */
296 type = (ctrl & PAM_STANDARD_MAIL) ? "new " : "new";
298 type = (ctrl & PAM_STANDARD_MAIL) ? "" : "old";
299 } else if (ctrl & PAM_EMPTY_TOO) {
308 memset(&mail_st, 0, sizeof(mail_st));
309 D(("user has %s mail in %s folder", type, folder));
313 static int report_mail(pam_handle_t *pamh, int ctrl
314 , const char *type, const char *folder)
318 if (!(ctrl & PAM_MAIL_SILENT) || ((ctrl & PAM_QUIET_MAIL) && strcmp(type, "new"))) {
321 if (ctrl & PAM_STANDARD_MAIL)
322 if (!strcmp(type, "no"))
323 remark = malloc(strlen(NO_MAIL_STANDARD_FORMAT)+1);
325 remark = malloc(strlen(YOUR_MAIL_STANDARD_FORMAT)+strlen(type)+1);
327 remark = malloc(strlen(YOUR_MAIL_VERBOSE_FORMAT)+strlen(type)+strlen(folder)+1);
328 if (remark == NULL) {
329 retval = PAM_BUF_ERR;
331 struct pam_message msg[1], *mesg[1];
332 struct pam_response *resp=NULL;
334 if (ctrl & PAM_STANDARD_MAIL)
335 if (!strcmp(type, "no"))
336 sprintf(remark, NO_MAIL_STANDARD_FORMAT);
338 sprintf(remark, YOUR_MAIL_STANDARD_FORMAT, type);
340 sprintf(remark, YOUR_MAIL_VERBOSE_FORMAT, type, folder);
343 msg[0].msg_style = PAM_TEXT_INFO;
346 retval = converse(pamh, ctrl, 1, mesg, &resp);
348 _pam_overwrite(remark);
351 _pam_drop_reply(resp, 1);
354 D(("keeping quiet"));
355 retval = PAM_SUCCESS;
358 D(("returning %s", pam_strerror(pamh, retval)));
362 static int _do_mail(pam_handle_t *, int, int, const char **, int);
364 /* --- authentication functions --- */
367 int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,
373 /* Checking mail as part of authentication */
375 int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
378 if (!(flags & (PAM_ESTABLISH_CRED|PAM_DELETE_CRED)))
380 return _do_mail(pamh,flags,argc,argv,(flags & PAM_ESTABLISH_CRED));
383 /* --- session management functions --- */
386 int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
389 return _do_mail(pamh,flags,argc,argv,0);;
392 /* Checking mail as part of the session management */
394 int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
397 return _do_mail(pamh,flags,argc,argv,1);
401 /* --- The Beaf (Tm) --- */
403 static int _do_mail(pam_handle_t *pamh, int flags, int argc,
404 const char **argv, int est)
406 int retval, ctrl, hashcount;
407 char *path_mail=NULL, *folder;
411 * this module (un)sets the MAIL environment variable, and checks if
412 * the user has any new mail.
415 ctrl = _pam_parse(flags, argc, argv, &path_mail, &hashcount);
417 /* Do we have anything to do? */
419 if (flags & PAM_SILENT)
424 retval = get_folder(pamh, ctrl, &path_mail, &folder, hashcount);
425 if (retval != PAM_SUCCESS) {
426 D(("failed to find folder"));
430 /* set the MAIL variable? */
432 if (!(ctrl & PAM_NO_ENV) && est) {
435 tmp = malloc(strlen(folder)+sizeof(MAIL_ENV_FORMAT));
437 sprintf(tmp, MAIL_ENV_FORMAT, folder);
438 D(("setting env: %s", tmp));
439 retval = pam_putenv(pamh, tmp);
442 if (retval != PAM_SUCCESS) {
443 _pam_overwrite(folder);
445 _log_err(LOG_CRIT, "unable to set " MAIL_ENV_NAME " variable");
449 _log_err(LOG_CRIT, "no memory for " MAIL_ENV_NAME " variable");
450 _pam_overwrite(folder);
455 D(("not setting " MAIL_ENV_NAME " variable"));
459 * OK. we've got the mail folder... what about its status?
462 if ((est && !(ctrl & PAM_NO_LOGIN))
463 || (!est && (ctrl & PAM_LOGOUT_TOO))) {
464 type = get_mail_status(ctrl, folder);
466 retval = report_mail(pamh, ctrl, type, folder);
471 /* Delete environment variable? */
473 (void) pam_putenv(pamh, MAIL_ENV_NAME);
475 _pam_overwrite(folder); /* clean up */
478 /* indicate success or failure */
485 /* static module data */
487 struct pam_module _pam_mail_modstruct = {
493 pam_sm_close_session,
499 /* end of module definition */
projects / linux-pam / blob