diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-04-06 08:07:11 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-04-06 08:07:11 +0000 |
| commit | f65cb94d257c71b708bcaa270dd00cf26e8566c0 (patch) | |
| tree | f69b258bb358fc773f9a5563054a193711e2cd49 /modules/pam_rootok | |
| parent | e7611b86bb932608dc84d6d4618093a27def99f4 (diff) | |
| download | linux-pam-git-f65cb94d257c71b708bcaa270dd00cf26e8566c0.tar.gz | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
and chauthtok.
* modules/pam_rootok/pam_rootok.8.xml: Document new module
types.
Diffstat (limited to 'modules/pam_rootok')
| -rw-r--r-- | modules/pam_rootok/pam_rootok.8.xml | 3 | ||||
| -rw-r--r-- | modules/pam_rootok/pam_rootok.c | 51 |
2 files changed, 42 insertions, 12 deletions
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml index e2d2441f..6f44b845 100644 --- a/modules/pam_rootok/pam_rootok.8.xml +++ b/modules/pam_rootok/pam_rootok.8.xml @@ -57,7 +57,8 @@ <refsect1 id="pam_rootok-types"> <title>MODULE TYPES PROVIDED</title> <para> - Only the <option>auth</option> type is provided. + The <option>auth</option>, <option>acct</option> and + <option>password</option> module types are provided. </para> </refsect1> diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index c5f6bb55..8d368cee 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -55,16 +55,11 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) return ctrl; } -/* --- authentication management functions (only) --- */ - -PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) +static int +check_for_root (pam_handle_t *pamh, int ctrl) { - int ctrl; int retval = PAM_AUTH_ERR; - ctrl = _pam_parse(pamh, argc, argv); if (getuid() == 0) #ifdef WITH_SELINUX if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0) @@ -72,13 +67,26 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, retval = PAM_SUCCESS; if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, "authentication %s", - (retval==PAM_SUCCESS) ? "succeeded" : "failed"); + pam_syslog(pamh, LOG_DEBUG, "root check %s", + (retval==PAM_SUCCESS) ? "succeeded" : "failed"); } return retval; } +/* --- management functions --- */ + +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + int ctrl; + + ctrl = _pam_parse(pamh, argc, argv); + + return check_for_root (pamh, ctrl); +} + PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) @@ -86,6 +94,27 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SUCCESS; } +PAM_EXTERN int +pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + int ctrl; + + ctrl = _pam_parse(pamh, argc, argv); + + return check_for_root (pamh, ctrl); +} + +PAM_EXTERN int +pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + int ctrl; + + ctrl = _pam_parse(pamh, argc, argv); + + return check_for_root (pamh, ctrl); +} #ifdef PAM_STATIC @@ -95,10 +124,10 @@ struct pam_module _pam_rootok_modstruct = { "pam_rootok", pam_sm_authenticate, pam_sm_setcred, + pam_sm_acct_mgmt, NULL, NULL, - NULL, - NULL, + pam_sm_chauthtok, }; #endif |