diff options
| author | Tomas Mraz <tm@t8m.info> | 2010-08-26 19:16:18 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2010-08-26 19:16:18 +0000 |
| commit | e9e593f6ddeaf975b7fe8446d184e6bc387d450b (patch) | |
| tree | 29926b2b1ef14b70e63af8ee6c150472b9a667b3 /modules/pam_nologin | |
| parent | 75961e09da633883e0bbc6ba5cbde46404180b15 (diff) | |
| download | pam-e9e593f6ddeaf975b7fe8446d184e6bc387d450b.tar.gz pam-e9e593f6ddeaf975b7fe8446d184e6bc387d450b.tar.bz2 pam-e9e593f6ddeaf975b7fe8446d184e6bc387d450b.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-08-26 Tomas Mraz <t8m@centrum.cz>
* modules/pam_nologin/pam_nologin.c (perform_check): Try first
/var/run/nologin if the nologin file is not explicitly specified.
* modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin
is tried first.
Diffstat (limited to 'modules/pam_nologin')
| -rw-r--r-- | modules/pam_nologin/pam_nologin.8.xml | 11 | ||||
| -rw-r--r-- | modules/pam_nologin/pam_nologin.c | 16 |
2 files changed, 19 insertions, 8 deletions
diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml index b30b6bed..94c4887b 100644 --- a/modules/pam_nologin/pam_nologin.8.xml +++ b/modules/pam_nologin/pam_nologin.8.xml @@ -33,10 +33,10 @@ <para> pam_nologin is a PAM module that prevents users from logging into - the system when <filename>/etc/nologin</filename> exists. The contents - of the <filename>/etc/nologin</filename> file are displayed to the - user. The pam_nologin module has no effect on the root user's ability - to log in. + the system when <filename>/var/run/nologin</filename> or + <filename>/etc/nologin</filename>exists. The contents + of the file are displayed to the user. The pam_nologin module + has no effect on the root user's ability to log in. </para> </refsect1> @@ -51,6 +51,7 @@ <listitem> <para> Use this file instead the default + <filename>/var/run/nologin</filename> or <filename>/etc/nologin</filename>. </para> </listitem> @@ -107,7 +108,7 @@ <listitem> <para> Success: either the user is root or the - <filename>/etc/nologin</filename> file does not exist. + nologin file does not exist. </para> </listitem> </varlistentry> diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 54ecc82b..f047c324 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -33,6 +33,9 @@ #include <security/pam_modutil.h> #include <security/pam_ext.h> +#define DEFAULT_NOLOGIN_PATH "/var/run/nologin" +#define COMPAT_NOLOGIN_PATH "/etc/nologin" + /* * parse some command line options */ @@ -49,7 +52,6 @@ parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts) memset(opts, 0, sizeof(*opts)); opts->retval_when_nofile = PAM_IGNORE; - opts->nologin_file = "/etc/nologin"; for (i=0; i<argc; ++i) { if (!strcmp("successok", argv[i])) { @@ -70,14 +72,22 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) { const char *username; int retval = opts->retval_when_nofile; - int fd; + int fd = -1; if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) { pam_syslog(pamh, LOG_WARNING, "cannot determine username"); return PAM_USER_UNKNOWN; } - if ((fd = open(opts->nologin_file, O_RDONLY, 0)) >= 0) { + if (opts->nologin_file == NULL) { + if ((fd = open(DEFAULT_NOLOGIN_PATH, O_RDONLY, 0)) < 0) { + fd = open(COMPAT_NOLOGIN_PATH, O_RDONLY, 0); + } + } else { + fd = open(opts->nologin_file, O_RDONLY, 0); + } + + if (fd >= 0) { char *mtmp=NULL; int msg_style = PAM_TEXT_INFO; |