aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_wheel/pam_wheel.c
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2004-11-11 13:04:55 +0000
committerTomas Mraz <tm@t8m.info>2004-11-11 13:04:55 +0000
commit0185894c8971caf571087ff5ef9b022968544a39 (patch)
treefaf19cc5357697490af3ee7a1ad88158aad4a22f /modules/pam_wheel/pam_wheel.c
parent72850b3a5fd87662a18189b3f998b68bb1ce68fe (diff)
downloadpam-0185894c8971caf571087ff5ef9b022968544a39.tar.gz
pam-0185894c8971caf571087ff5ef9b022968544a39.tar.bz2
pam-0185894c8971caf571087ff5ef9b022968544a39.zip
Relevant BUGIDs: Red Hat bz 73351
Purpose of commit: new feature Commit summary: --------------- Add only_root option to pam_wheel to make it affect only authentication to root account.
Diffstat (limited to 'modules/pam_wheel/pam_wheel.c')
-rw-r--r--modules/pam_wheel/pam_wheel.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index 8cd8eb31..92cd44b9 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -75,7 +75,8 @@ static int is_on_list(char * const *list, const char *member)
#define PAM_DEBUG_ARG 0x0001
#define PAM_USE_UID_ARG 0x0002
#define PAM_TRUST_ARG 0x0004
-#define PAM_DENY_ARG 0x0010
+#define PAM_DENY_ARG 0x0010
+#define PAM_ROOT_ONLY_ARG 0x0020
static int _pam_parse(int argc, const char **argv, char *use_group,
size_t group_length)
@@ -97,6 +98,8 @@ static int _pam_parse(int argc, const char **argv, char *use_group,
ctrl |= PAM_TRUST_ARG;
else if (!strcmp(*argv,"deny"))
ctrl |= PAM_DENY_ARG;
+ else if (!strcmp(*argv,"root_only"))
+ ctrl |= PAM_ROOT_ONLY_ARG;
else if (!strncmp(*argv,"group=",6))
strncpy(use_group,*argv+6,group_length-1);
else {
@@ -124,14 +127,19 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl,
return PAM_SERVICE_ERR;
}
- /* su to a uid 0 account ? */
pwd = _pammodutil_getpwnam (pamh, username);
if (!pwd) {
if (ctrl & PAM_DEBUG_ARG) {
_pam_log(LOG_NOTICE,"unknown user %s",username);
- }
+ }
return PAM_USER_UNKNOWN;
}
+ if (ctrl & PAM_ROOT_ONLY_ARG) {
+ /* su to a non uid 0 account ? */
+ if (pwd->pw_uid != 0) {
+ return PAM_IGNORE;
+ }
+ }
if (ctrl & PAM_USE_UID_ARG) {
tpwd = _pammodutil_getpwuid (pamh, getuid());
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 14:54:26 +0000