From 775cc18c70f9aa3fd81b76a0f2fc6eaa03a16bab Mon Sep 17 00:00:00 2001
From: Seraphim Mellos <mellos@ceid.upatras.gr>
Date: Mon, 21 Jul 2008 14:56:25 +0300
Subject: Redesigned pam_securetty

---
 modules/pam_securetty/pam_securetty.c | 54 +++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 12 deletions(-)

diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index f6d7bc2..98e01bc 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -2,7 +2,7 @@
 #include <sys/stat.h>
 #include <stdio.h>
 #include <string.h>
-#include <ttyent.h>
+#include <sys/stat.h>
 #include <pwd.h>
 
 #define PAM_SM_AUTH
@@ -12,15 +12,18 @@
 #include <security/pam_mod_misc.h>
 
 #define TTY_PREFIX      "/dev/"
+#define SECURETTY 	"/etc/securetty"
 
 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t * pamh, int flags,
 		int argc, const char * argv[]) 
 {
 	struct passwd *pwd;
-	struct ttyent *ttyinfo;
+	struct stat ttyfileinfo;
 	const char *user;
 	const char *tty; 
+	char ttyfileline[256];
+	FILE *ttyfile;
 	int pam_err;
 
 	if ( ( (pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS ) 
@@ -48,18 +51,45 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags,
 		/* get rid of prefix */
 		tty = (const char *)tty + sizeof(TTY_PREFIX) - 1;
 	}
-	/*
-	 * Linux-PAM, before checking the actual tty, 
-	 * opens /etc/securettys to check if it's world
-	 * writable or not a normal file and only continues 
-	 * if neither is correct. Sounds like a good idea - 
-	 * maybe it should be done here as well...
-	 */
-
-	if ( tty != NULL && (ttyinfo = getttynam(tty)) != NULL && 
-			(ttyinfo->ty_status & TTY_SECURE) != 0) 
+	
+	if ( stat(SECURETTY, &ttyfileinfo) ) { 
+		PAM_ERROR("Could not open SECURETTY file :%s", SECURETTY);
+		/* From LinuxPAM, they say that for compatibility issues, 
+		 * this needs to succeed. Who am I to judge... */
 		return (PAM_SUCCESS);
+	}
+
+	if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
+		/* File is either world writable or not a regural file */
+		PAM_ERROR("SECURETTY file cannot be trusted!");
+		return (PAM_AUTH_ERR);
+	}
 	
+	/* Open read-only file with securettys */
+	if ( (ttyfile = fopen(SECURETTY,"r")) ==  NULL ) { 
+		PAM_ERROR("Could not open SECURETTY file :%s", SECURETTY);
+		return (PAM_AUTH_ERR);
+	}
+
+	pam_err = 1;
+	/* Search in SECURETTY for tty */
+	while (fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL 
+		&& pam_err) { 
+	        if (ttyfileline[strlen(ttyfileline) - 1] == '\n')
+	        	ttyfileline[strlen(ttyfileline) - 1] = '\0';
+
+		pam_err = strcmp(ttyfileline, tty);
+
+	}
+
+	fclose(ttyfile);
+
+	if (!pam_err) { 
+		/* tty found in SECURETTY. Allow access */
+		PAM_LOG("Access granted for %s on tty %s.", user, tty);
+		return (PAM_SUCCESS); 
+	}
+
 	PAM_ERROR("Access denied: tty %s is not secure", tty);
 	return (PAM_AUTH_ERR);
 }
-- 
cgit v1.2.3-65-gdbad