aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_rootok
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_rootok')
-rw-r--r--modules/pam_rootok/.cvsignore6
-rw-r--r--modules/pam_rootok/Makefile.am33
-rw-r--r--modules/pam_rootok/README33
-rw-r--r--modules/pam_rootok/README.xml41
-rw-r--r--modules/pam_rootok/pam_rootok.877
-rw-r--r--modules/pam_rootok/pam_rootok.8.xml130
-rw-r--r--modules/pam_rootok/pam_rootok.c106
-rwxr-xr-xmodules/pam_rootok/tst-pam_rootok2
8 files changed, 0 insertions, 428 deletions
diff --git a/modules/pam_rootok/.cvsignore b/modules/pam_rootok/.cvsignore
deleted file mode 100644
index 9fb98574..00000000
--- a/modules/pam_rootok/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am
deleted file mode 100644
index 7a97f20f..00000000
--- a/modules/pam_rootok/Makefile.am
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok
-
-man_MANS = pam_rootok.8
-XMLS = README.xml pam_rootok.8.xml
-
-TESTS = tst-pam_rootok
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-if HAVE_LIBSELINUX
-AM_CFLAGS += -DWITH_SELINUX
-endif
-AM_LDFLAGS = -no-undefined -avoid-version -module \
- -L$(top_builddir)/libpam -lpam @LIBSELINUX@
-if HAVE_VERSIONING
- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-securelib_LTLIBRARIES = pam_rootok.la
-
-if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_rootok.8.xml
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_rootok/README b/modules/pam_rootok/README
deleted file mode 100644
index 55a44756..00000000
--- a/modules/pam_rootok/README
+++ /dev/null
@@ -1,33 +0,0 @@
-pam_rootok — Gain only root access
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-pam_rootok is a PAM module that authenticates the user if their UID is 0.
-Applications that are created setuid-root generally retain the UID of the user
-but run with the authority of an enhanced effective-UID. It is the real UID
-that is checked.
-
-OPTIONS
-
-debug
-
- Print debug information.
-
-EXAMPLES
-
-In the case of the su(1) application the historical usage is to permit the
-superuser to adopt the identity of a lesser user without the use of a password.
-To obtain this behavior with PAM the following pair of lines are needed for the
-corresponding entry in the /etc/pam.d/su configuration file:
-
-# su authentication. Root is granted access by default.
-auth sufficient pam_rootok.so
-auth required pam_unix.so
-
-
-AUTHOR
-
-pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
-
diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml
deleted file mode 100644
index 6fb58cd0..00000000
--- a/modules/pam_rootok/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_rootok.8.xml">
--->
-]>
-
-<article>
-
- <articleinfo>
-
- <title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/>
- </title>
-
- </articleinfo>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-description"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-options"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-examples"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-author"]/*)'/>
- </section>
-
-</article>
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
deleted file mode 100644
index 79618050..00000000
--- a/modules/pam_rootok/pam_rootok.8
+++ /dev/null
@@ -1,77 +0,0 @@
-.\" Title: pam_rootok
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/23/2006
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
-.\"
-.TH "PAM_ROOTOK" "8" "06/23/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-pam_rootok \- Gain only root access
-.SH "SYNOPSIS"
-.HP 14
-\fBpam_rootok.so\fR [debug]
-.SH "DESCRIPTION"
-.PP
-pam_rootok is a PAM module that authenticates the user if their
-\fIUID\fR
-is
-\fI0\fR. Applications that are created setuid\-root generally retain the
-\fIUID\fR
-of the user but run with the authority of an enhanced effective\-UID. It is the real
-\fIUID\fR
-that is checked.
-.SH "OPTIONS"
-.TP 3n
-\fBdebug\fR
-Print debug information.
-.SH "MODULE SERVICES PROVIDED"
-.PP
-Only the
-\fBauth\fR
-service is supported.
-.SH "RETURN VALUES"
-.TP 3n
-PAM_SUCCESS
-The
-\fIUID\fR
-is
-\fI0\fR.
-.TP 3n
-PAM_AUTH_ERR
-The
-\fIUID\fR
-is
-\fBnot\fR
-\fI0\fR.
-.SH "EXAMPLES"
-.PP
-In the case of the
-\fBsu\fR(1)
-application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the
-\fI/etc/pam.d/su\fR
-configuration file:
-.sp
-.RS 3n
-.nf
-# su authentication. Root is granted access by default.
-auth sufficient pam_rootok.so
-auth required pam_unix.so
-
-.fi
-.RE
-.sp
-.SH "SEE ALSO"
-.PP
-
-\fBsu\fR(1),
-\fBpam.conf\fR(5),
-\fBpam.d\fR(8),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml
deleted file mode 100644
index ec8dee43..00000000
--- a/modules/pam_rootok/pam_rootok.8.xml
+++ /dev/null
@@ -1,130 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_rootok">
-
- <refmeta>
- <refentrytitle>pam_rootok</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_rootok-name">
- <refname>pam_rootok</refname>
- <refpurpose>Gain only root access</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_rootok-cmdsynopsis">
- <command>pam_rootok.so</command>
- <arg choice="opt">
- debug
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_rootok-description">
-
- <title>DESCRIPTION</title>
-
- <para>
- pam_rootok is a PAM module that authenticates the user if their
- <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
- Applications that are created setuid-root generally retain the
- <emphasis>UID</emphasis> of the user but run with the authority
- of an enhanced effective-UID. It is the real <emphasis>UID</emphasis>
- that is checked.
- </para>
- </refsect1>
-
- <refsect1 id="pam_rootok-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Print debug information.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_rootok-services">
- <title>MODULE SERVICES PROVIDED</title>
- <para>
- Only the <option>auth</option> service is supported.
- </para>
- </refsect1>
-
- <refsect1 id='pam_rootok-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The <emphasis>UID</emphasis> is <emphasis>0</emphasis>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- The <emphasis>UID</emphasis> is <emphasis remap='B'>not</emphasis>
- <emphasis>0</emphasis>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_rootok-examples'>
- <title>EXAMPLES</title>
- <para>
- In the case of the <citerefentry>
- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry> application the historical usage is to
- permit the superuser to adopt the identity of a lesser user
- without the use of a password. To obtain this behavior with PAM
- the following pair of lines are needed for the corresponding entry
- in the <filename>/etc/pam.d/su</filename> configuration file:
- <programlisting>
-# su authentication. Root is granted access by default.
-auth sufficient pam_rootok.so
-auth required pam_unix.so
- </programlisting>
- </para>
- </refsect1>
-
- <refsect1 id='pam_rootok-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_rootok-author'>
- <title>AUTHOR</title>
- <para>
- pam_rootok was written by Andrew G. Morgan, &lt;morgan@kernel.org&gt;.
- </para>
- </refsect1>
-
-</refentry>
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
deleted file mode 100644
index c5f6bb55..00000000
--- a/modules/pam_rootok/pam_rootok.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* pam_rootok module */
-
-/*
- * $Id$
- *
- * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <string.h>
-
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-
-#include <security/pam_modules.h>
-#include <security/pam_ext.h>
-
-#ifdef WITH_SELINUX
-#include <selinux/selinux.h>
-#include <selinux/av_permissions.h>
-#endif
-
-/* argument parsing */
-
-#define PAM_DEBUG_ARG 01
-
-static int
-_pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
-{
- int ctrl=0;
-
- /* step through arguments */
- for (ctrl=0; argc-- > 0; ++argv) {
-
- /* generic options */
-
- if (!strcmp(*argv,"debug"))
- ctrl |= PAM_DEBUG_ARG;
- else {
- pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
- }
- }
-
- return ctrl;
-}
-
-/* --- authentication management functions (only) --- */
-
-PAM_EXTERN int
-pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int ctrl;
- int retval = PAM_AUTH_ERR;
-
- ctrl = _pam_parse(pamh, argc, argv);
- if (getuid() == 0)
-#ifdef WITH_SELINUX
- if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0)
-#endif
- retval = PAM_SUCCESS;
-
- if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_DEBUG, "authentication %s",
- (retval==PAM_SUCCESS) ? "succeeded" : "failed");
- }
-
- return retval;
-}
-
-PAM_EXTERN int
-pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
-{
- return PAM_SUCCESS;
-}
-
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_rootok_modstruct = {
- "pam_rootok",
- pam_sm_authenticate,
- pam_sm_setcred,
- NULL,
- NULL,
- NULL,
- NULL,
-};
-
-#endif
-
-/* end of module definition */
diff --git a/modules/pam_rootok/tst-pam_rootok b/modules/pam_rootok/tst-pam_rootok
deleted file mode 100755
index 385ef760..00000000
--- a/modules/pam_rootok/tst-pam_rootok
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_rootok.so
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-11 16:04:17 +0000