diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:05:01 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:27:13 -0800 |
| commit | 419bd504587ec2bfc9085fe56e7a53433fd1eae6 (patch) | |
| tree | d516c2ccae28dbd020cb69f50162f5d32acd7648 /modules/pam_rootok/pam_rootok.c | |
| parent | c68dce23face9f26b651917b418c7f80931fa7b7 (diff) | |
| parent | 9c52e721044e7501c3d4567b36d222dc7326224a (diff) | |
| download | pam-419bd504587ec2bfc9085fe56e7a53433fd1eae6.tar.gz pam-419bd504587ec2bfc9085fe56e7a53433fd1eae6.tar.bz2 pam-419bd504587ec2bfc9085fe56e7a53433fd1eae6.zip | |
merge upstream version 1.0.1
Diffstat (limited to 'modules/pam_rootok/pam_rootok.c')
| -rw-r--r-- | modules/pam_rootok/pam_rootok.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c new file mode 100644 index 00000000..4eb34412 --- /dev/null +++ b/modules/pam_rootok/pam_rootok.c @@ -0,0 +1,106 @@ +/* pam_rootok module */ + +/* + * $Id: pam_rootok.c,v 1.7 2005/12/12 14:45:02 ldv Exp $ + * + * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 + */ + +#include "config.h" + +#include <stdio.h> +#include <unistd.h> +#include <syslog.h> +#include <stdarg.h> +#include <string.h> + +/* + * here, we make a definition for the externally accessible function + * in this file (this definition is required for static a module + * but strongly encouraged generally) it is used to instruct the + * modules include file to define the function prototypes. + */ + +#define PAM_SM_AUTH + +#include <security/pam_modules.h> +#include <security/pam_ext.h> + +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#include <selinux/av_permissions.h> +#endif + +/* argument parsing */ + +#define PAM_DEBUG_ARG 01 + +static int +_pam_parse (const pam_handle_t *pamh, int argc, const char **argv) +{ + int ctrl=0; + + /* step through arguments */ + for (ctrl=0; argc-- > 0; ++argv) { + + /* generic options */ + + if (!strcmp(*argv,"debug")) + ctrl |= PAM_DEBUG_ARG; + else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + } + } + + return ctrl; +} + +/* --- authentication management functions (only) --- */ + +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + int ctrl; + int retval = PAM_AUTH_ERR; + + ctrl = _pam_parse(pamh, argc, argv); + if (getuid() == 0) +#ifdef WITH_SELINUX + if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0) +#endif + retval = PAM_SUCCESS; + + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, "authentication %s", + (retval==PAM_SUCCESS) ? "succeeded" : "failed"); + } + + return retval; +} + +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) +{ + return PAM_SUCCESS; +} + + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_rootok_modstruct = { + "pam_rootok", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + NULL, + NULL, + NULL, +}; + +#endif + +/* end of module definition */ |