Print this page
5110 want pam_timestamp module


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2012 Milan Jurik. All rights reserved.

  24  */
  25 /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
  26 /*        All Rights Reserved   */
  27 
  28 /*      Copyright (c) 1987, 1988 Microsoft Corporation  */
  29 /*        All Rights Reserved   */
  30 
  31 /*
  32  *      su [-] [name [arg ...]] change userid, `-' changes environment.
  33  *      If SULOG is defined, all attempts to su to another user are
  34  *      logged there.
  35  *      If CONSOLE is defined, all successful attempts to su to uid 0
  36  *      are also logged there.
  37  *
  38  *      If su cannot create, open, or write entries into SULOG,
  39  *      (or on the CONSOLE, if defined), the entry will not
  40  *      be logged -- thus losing a record of the su's attempted
  41  *      during this period.
  42  */
  43 


 266                                 ttyn = "/dev/???";
 267         if ((username = cuserid(NULL)) == NULL)
 268                 username = "(null)";
 269 
 270         /*
 271          * if Sulog defined, create SULOG, if it does not exist, with
 272          * mode read/write user. Change owner and group to root
 273          */
 274         if (Sulog != NULL) {
 275                 (void) close(open(Sulog, O_WRONLY | O_APPEND | O_CREAT,
 276                     (S_IRUSR|S_IWUSR)));
 277                 (void) chown(Sulog, (uid_t)ROOT, (gid_t)ROOT);
 278         }
 279 
 280 #ifdef DYNAMIC_SU
 281         if (pam_start(embedded ? EMBEDDED_NAME : "su", nptr,
 282             embedded ? &emb_pam_conv : &pam_conv, &pamh) != PAM_SUCCESS)
 283                 exit(1);
 284         if (pam_set_item(pamh, PAM_TTY, ttyn) != PAM_SUCCESS)
 285                 exit(1);



 286 #endif  /* DYNAMIC_SU */
 287 
 288         openlog("su", LOG_CONS, LOG_AUTH);
 289 
 290 #ifdef DYNAMIC_SU
 291 
 292         /*
 293          * Use the same value of sleeptime and password required that
 294          * login(1) uses.
 295          * This is obtained by reading the file /etc/default/login
 296          * using the def*() functions
 297          */
 298         if (defopen(DEFAULT_LOGIN) == 0) {
 299                 if ((ptr = defread("SLEEPTIME=")) != NULL) {
 300                         sleeptime = atoi(ptr);
 301                         if (sleeptime < 0 || sleeptime > 5)
 302                                 sleeptime = SLEEPTIME;
 303                 }
 304 
 305                 if ((ptr = defread("PASSREQ=")) != NULL &&




   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2012 Milan Jurik. All rights reserved.
  24  * Copyright 2014 Nexenta Systems, Inc.
  25  */
  26 /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
  27 /*        All Rights Reserved   */
  28 
  29 /*      Copyright (c) 1987, 1988 Microsoft Corporation  */
  30 /*        All Rights Reserved   */
  31 
  32 /*
  33  *      su [-] [name [arg ...]] change userid, `-' changes environment.
  34  *      If SULOG is defined, all attempts to su to another user are
  35  *      logged there.
  36  *      If CONSOLE is defined, all successful attempts to su to uid 0
  37  *      are also logged there.
  38  *
  39  *      If su cannot create, open, or write entries into SULOG,
  40  *      (or on the CONSOLE, if defined), the entry will not
  41  *      be logged -- thus losing a record of the su's attempted
  42  *      during this period.
  43  */
  44 


 267                                 ttyn = "/dev/???";
 268         if ((username = cuserid(NULL)) == NULL)
 269                 username = "(null)";
 270 
 271         /*
 272          * if Sulog defined, create SULOG, if it does not exist, with
 273          * mode read/write user. Change owner and group to root
 274          */
 275         if (Sulog != NULL) {
 276                 (void) close(open(Sulog, O_WRONLY | O_APPEND | O_CREAT,
 277                     (S_IRUSR|S_IWUSR)));
 278                 (void) chown(Sulog, (uid_t)ROOT, (gid_t)ROOT);
 279         }
 280 
 281 #ifdef DYNAMIC_SU
 282         if (pam_start(embedded ? EMBEDDED_NAME : "su", nptr,
 283             embedded ? &emb_pam_conv : &pam_conv, &pamh) != PAM_SUCCESS)
 284                 exit(1);
 285         if (pam_set_item(pamh, PAM_TTY, ttyn) != PAM_SUCCESS)
 286                 exit(1);
 287         if (getpwuid_r(getuid(), &pwd, pwdbuf, sizeof (pwdbuf)) == NULL ||
 288             pam_set_item(pamh, PAM_AUSER, pwd.pw_name) != PAM_SUCCESS)
 289                 exit(1);
 290 #endif  /* DYNAMIC_SU */
 291 
 292         openlog("su", LOG_CONS, LOG_AUTH);
 293 
 294 #ifdef DYNAMIC_SU
 295 
 296         /*
 297          * Use the same value of sleeptime and password required that
 298          * login(1) uses.
 299          * This is obtained by reading the file /etc/default/login
 300          * using the def*() functions
 301          */
 302         if (defopen(DEFAULT_LOGIN) == 0) {
 303                 if ((ptr = defread("SLEEPTIME=")) != NULL) {
 304                         sleeptime = atoi(ptr);
 305                         if (sleeptime < 0 || sleeptime > 5)
 306                                 sleeptime = SLEEPTIME;
 307                 }
 308 
 309                 if ((ptr = defread("PASSREQ=")) != NULL &&