diff options
author | Pavel Březina <pbrezina@redhat.com> | 2020-01-10 15:53:35 +0100 |
---|---|---|
committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2020-01-28 12:24:13 +0100 |
commit | 926d7935edf35385e6c28bb97666aee443b71e46 (patch) | |
tree | eaf1b725e24359dbd4e7a1f73450a8b20cd05f77 /configure.ac | |
parent | 4dd9b97b762cc73816cb867d49c9d0d0b91d642c (diff) |
pam_usertype: new module to tell if uid is in login.defs ranges
This module will check if the user account type is system or regular based
on its uid. To evaluate the condition it will use 0-99 reserved range
together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`.
If these values are not set, it uses configure-time defaults
`--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page
`SYS_UID_MAX` defaults to `UID_MIN - 1`.
This information can be used to skip specific module in pam stack
based on the account type. `pam_succeed_if uid < 1000` is used at the moment
however it does not reflect changes to `login.defs`.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 90818683..2e7f131f 100644 --- a/configure.ac +++ b/configure.ac @@ -649,6 +649,27 @@ AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT) AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1]) +dnl +dnl Get values for default uid ranges in login.defs used in pam_usertype +dnl +AC_ARG_WITH([uidmin], AS_HELP_STRING([--with-uidmin=<number>],[default value for regular user min uid (1000)]), opt_uidmin=$withval) +if test x"$opt_uidmin" == x; then + opt_uidmin=1000 +fi +AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.]) + +AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=<number>],[default value for system user min uid (101)]), opt_sysuidmin=$withval) +if test x"$opt_sysuidmin" == x; then + opt_sysuidmin=101 +fi +AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.]) + +AC_ARG_WITH([kerneloverflowuid], AS_HELP_STRING([--with-kernel-overflow-uid=<number>],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval) +if test x"$opt_kerneloverflowuid" == x; then + opt_kerneloverflowuid=65534 +fi +AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.]) + dnl Files to be created from when we run configure AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ @@ -677,6 +698,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ modules/pam_umask/Makefile \ modules/pam_unix/Makefile modules/pam_userdb/Makefile \ + modules/pam_usertype/Makefile \ modules/pam_warn/Makefile modules/pam_wheel/Makefile \ modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \ doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \ |