diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2012-01-13 18:33:27 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2012-01-13 18:33:27 +0100 |
| commit | 91e4c3633f34a6590743ee105746308664078073 (patch) | |
| tree | 58c6a773cfef76788a4aa572e9466d1e7d7b3431 /modules | |
| parent | 0f585d99d70fc14fe3c1335b7626642096dc2eef (diff) | |
| download | pam-91e4c3633f34a6590743ee105746308664078073.tar.gz pam-91e4c3633f34a6590743ee105746308664078073.tar.bz2 pam-91e4c3633f34a6590743ee105746308664078073.zip | |
Add possibility to match ruser, rhost, and tty in pam_succeed_if.
* modules/pam_succeed_if/pam_succeed_if.c (evaluate): Match ruser,
rhost, and tty as left operand.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Document the new
possible left operands.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8.xml | 9 | ||||
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 28 |
2 files changed, 32 insertions, 5 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index cc61e088..7bdcb024 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -33,8 +33,8 @@ <para> pam_succeed_if.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being - authenticated. One use is to select whether to load other modules based - on this test. + authenticated or values of other PAM items. One use is to select whether + to load other modules based on this test. </para> <para> @@ -105,8 +105,9 @@ <para> Available fields are <emphasis>user</emphasis>, <emphasis>uid</emphasis>, <emphasis>gid</emphasis>, - <emphasis>shell</emphasis>, <emphasis>home</emphasis> - and <emphasis>service</emphasis>: + <emphasis>shell</emphasis>, <emphasis>home</emphasis>, + <emphasis>ruser</emphasis>, <emphasis>rhost</emphasis>, + <emphasis>tty</emphasis> and <emphasis>service</emphasis>: </para> <variablelist> diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 2670c258..32a73738 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -281,11 +281,37 @@ evaluate(pam_handle_t *pamh, int debug, } if (strcasecmp(left, "service") == 0) { const void *svc; - if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS) + if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS || + svc == NULL) svc = ""; snprintf(buf, sizeof(buf), "%s", (const char *)svc); left = buf; } + if (strcasecmp(left, "ruser") == 0) { + const void *ruser; + if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS || + ruser == NULL) + ruser = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)ruser); + left = buf; + user = buf; + } + if (strcasecmp(left, "rhost") == 0) { + const void *rhost; + if (pam_get_item(pamh, PAM_SERVICE, &rhost) != PAM_SUCCESS || + rhost == NULL) + rhost = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)rhost); + left = buf; + } + if (strcasecmp(left, "tty") == 0) { + const void *tty; + if (pam_get_item(pamh, PAM_SERVICE, &tty) != PAM_SUCCESS || + tty == NULL) + tty = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)tty); + left = buf; + } /* If we have no idea what's going on, return an error. */ if (left != buf) { pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left); |