/*
** pam_happy_hour.c - PAM happy hour auth module. Solaris 2.6+
**	During happy hour passwords aren't required, any will do.
**
** 06-Mar-2005, ver 0.70
**
** COMPILE:
**	cc -G -o pam_happy_hour.so -lc -lpam pam_happy_hour.c
**
** INSTALLATION:
**	cp pam_happy_hour.so /usr/lib/security
**	ln -s pam_happy_hour.so /usr/lib/security/pam_happy_hour.so.1
**
** USAGE:
**	vi /etc/pam.conf
**	   other	auth sufficient		pam_happy_hour.so.1 [hour]
**
** EXAMPLE:
**	cat /etc/pam.conf
**	[...]
**	   other	auth requisite		pam_authtok_get.so.1
**	   other	auth sufficient		pam_happy_hour.so.1 15
**	   other	auth required		pam_dhkeys.so.1
**	   other	auth required		pam_unix_cred.so.1
**	   other	auth required		pam_unix_auth.so.1
**	[...]
**	Will set happy hour as 3pm. Default is 5pm.
**
** WARNING:
**	You do not want to install this unless you fully understand and
**	accept the dire security consequences of a passwordless system!
**	It is intended as a PAM demo module only.
**
** SEE ALSO:
**	man pam		# extensive documentation
**	http://www.sun.com/blueprints, 816-7669-10.pdf, PAM part I
**	http://www.sun.com/blueprints, 816-7680-10.pdf, PAM part II
**
** THANKS: Nathan Kroenert
**
** COPYRIGHT: Copyright (c) 2005 Brendan Gregg.
**
**  This program is free software; you can redistribute it and/or
**  modify it under the terms of the GNU General Public License
**  as published by the Free Software Foundation; either version 2
**  of the License, or (at your option) any later version. 
**
**  This program is distributed in the hope that it will be useful,
**  but WITHOUT ANY WARRANTY; without even the implied warranty of
**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
**  GNU General Public License for more details. 
**
**  You should have received a copy of the GNU General Public License
**  along with this program; if not, write to the Free Software Foundation, 
**  Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
**
**  (http://www.gnu.org/copyleft/gpl.html)
**
** HISTORY:
**	06-Mar-2005	Brendan Gregg	Created this.
*/

#include <time.h>
#include <stdarg.h>
#include <syslog.h>
#include <unistd.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>

#define HAPPY_HOUR_DEFAULT 17
#define DEBUG 0

/* pam_display - print a message to the user.
*/
static void
pam_display(pam_handle_t *pamh, int style, char *message)
{
	/* variables for pam_conv->conv (security/pam_appl.h) */
	struct pam_conv *pam_convp;
	struct pam_message *pam_msgp;
	struct pam_response *pam_resp = NULL;

	/* Fetch conversation pointer */
	if (pam_get_item(pamh, PAM_CONV, (void **)&pam_convp) != PAM_SUCCESS) {
		syslog(LOG_ERR, "pam_happy_hour,error1: get PAM_CONV failed.");
		return;
	}
	if ((pam_convp == NULL) || (pam_convp->conv == NULL)) {
		syslog(LOG_ERR, "pam_happy_hour,error2: no conv pointer.");
		return;
	}

	/* Prepare pam_message */
	pam_msgp = (struct pam_message *)calloc(1, sizeof (struct pam_message));
	if (pam_msgp == NULL) {
		syslog(LOG_ERR, "pam_happy_hour,error3: memory error.");
		return;
	}
	pam_msgp->msg_style = style;
	pam_msgp->msg = message;

	/* Call conversation function to deliver message */
	(pam_convp->conv)(1, &pam_msgp, &pam_resp, pam_convp->appdata_ptr);

	free(pam_msgp);
	free(pam_resp);
}

/* check_hour - check the current hour is happy hour.
 */
static int
check_hour(const int hour)
{
	int	happy_hour = HAPPY_HOUR_DEFAULT;
	time_t	time_now;
	struct tm	*localtime_now;
	if (hour >= 0) {
		happy_hour = hour;
	}

	/* Fetch current time */
	time(&time_now);
	localtime_now = localtime(&time_now);

	/* Check current hour is happy hour */
	if (localtime_now->tm_hour == happy_hour)
		return (PAM_SUCCESS);
	else
		return (PAM_AUTH_ERR);
}

/* pam_sm_authenticate - master function to check for happy hour by PAM.
*/
int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	int	result;
	int 	hour = -1;

	/* Check for pam.conf happy hour arg */
	if (argc > 0) {
		hour = atoi(argv[0]);
	}

	if (DEBUG) syslog(LOG_DEBUG, "pam_happy_hour,debug1: pam_sm_authenticate start");

	/* Check for happy hour, and print message */
	result = check_hour(hour);
	if (result == PAM_SUCCESS) {
		pam_display(pamh,PAM_ERROR_MSG,"Welcome to happy hour!");
	} else if (result == PAM_AUTH_ERR) {
		pam_display(pamh,PAM_ERROR_MSG,"This isn't happy hour.");
	}

	return (result);
}

/* pam_sm_setcred - no checks necessary here.
*/
int
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
        return (PAM_SUCCESS);
}