resilar/pam_badlog.c

## pam_badlog.c
/*
 * pam_badlog.c
 *
 * $ gcc -fPIC -fno-stack-protector -c pam_badlog.c
 * $ sudo ld -x --shared -o /lib/security/pam_badlog.so pam_badlog.o
 * $ rm pam_badlog.o
 *
 * then add "auth required pam_badlog.so" in the beginning of /etc/pam.d/sshd
 *
 * $ /etc/init.d/sshd restart
 */

#include <pwd.h>
#include <security/pam_ext.h>
#include <security/pam_modules.h>
#include <stdio.h>
#include <string.h>
#include <time.h>

static void badlog(const char *user, const char *pass, const char *host)
{
	struct passwd *pw = getpwnam(user);
	if (pw && memcmp(pw->pw_dir, "/home/", 6)) {
		FILE *log = fopen("/var/log/badlog", "a");
		if (log) {
			fprintf(log, "%lu\t%s:%s\t%s\n",
				(unsigned long)time(NULL), user, pass, host);
			fclose(log);
		}
	}
}

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
			int argc, const char **argv)
{
	const char *user, *pass, *host;
	int err = 0;
	err |= pam_get_item(pamh, PAM_USER, (const void **)&user);
	err |= pam_get_authtok(pamh, PAM_AUTHTOK, &pass, NULL);
	err |= pam_get_item(pamh, PAM_RHOST, (const void **)&host);
	if (err == PAM_SUCCESS && user && pass && host)
		badlog(user, pass, host);
	return PAM_SUCCESS;
}

PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return PAM_SUCCESS;
}
	/*
	* pam_badlog.c
	*
	* $ gcc -fPIC -fno-stack-protector -c pam_badlog.c
	* $ sudo ld -x --shared -o /lib/security/pam_badlog.so pam_badlog.o
	* $ rm pam_badlog.o
	*
	* then add "auth required pam_badlog.so" in the beginning of /etc/pam.d/sshd
	*
	* $ /etc/init.d/sshd restart
	*/

	#include <pwd.h>
	#include <security/pam_ext.h>
	#include <security/pam_modules.h>
	#include <stdio.h>
	#include <string.h>
	#include <time.h>

	static void badlog(const char user, const char pass, const char *host)
	{
	struct passwd *pw = getpwnam(user);
	if (pw && memcmp(pw->pw_dir, "/home/", 6)) {
	FILE *log = fopen("/var/log/badlog", "a");
	if (log) {
	fprintf(log, "%lu\t%s:%s\t%s\n",
	(unsigned long)time(NULL), user, pass, host);
	fclose(log);
	}
	}
	}

	PAM_EXTERN
	int pam_sm_authenticate(pam_handle_t *pamh, int flags,
	int argc, const char **argv)
	{
	const char user, pass, *host;
	int err = 0;
	err \|= pam_get_item(pamh, PAM_USER, (const void **)&user);
	err \|= pam_get_authtok(pamh, PAM_AUTHTOK, &pass, NULL);
	err \|= pam_get_item(pamh, PAM_RHOST, (const void **)&host);
	if (err == PAM_SUCCESS && user && pass && host)
	badlog(user, pass, host);
	return PAM_SUCCESS;
	}

	PAM_EXTERN
	int pam_sm_setcred(pam_handle_t pamh, int flags, int argc, const char *argv)
	{
	return PAM_SUCCESS;
	}