Relevant BUGIDs: Red Hat bz 73351

Purpose of commit: new feature Commit summary: --------------- Add only_root option to pam_wheel to make it affect only authentication to root account.
author: Tomas Mraz <tm@t8m.info> 2004-11-11 13:04:55 +0000
committer: Tomas Mraz <tm@t8m.info> 2004-11-11 13:04:55 +0000
commit: 0185894c8971caf571087ff5ef9b022968544a39 (patch)
tree: faf19cc5357697490af3ee7a1ad88158aad4a22f /modules/pam_wheel/pam_wheel.c
parent: 72850b3a5fd87662a18189b3f998b68bb1ce68fe (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index 8cd8eb31..92cd44b9 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -75,7 +75,8 @@ static int is_on_list(char * const *list, const char *member)
 #define PAM_DEBUG_ARG       0x0001
 #define PAM_USE_UID_ARG     0x0002
 #define PAM_TRUST_ARG       0x0004
-#define PAM_DENY_ARG        0x0010  
+#define PAM_DENY_ARG        0x0010
+#define PAM_ROOT_ONLY_ARG   0x0020
 
 static int _pam_parse(int argc, const char **argv, char *use_group,
 		      size_t group_length)
@@ -97,6 +98,8 @@ static int _pam_parse(int argc, const char **argv, char *use_group,
                ctrl |= PAM_TRUST_ARG;
           else if (!strcmp(*argv,"deny"))
                ctrl |= PAM_DENY_ARG;
+          else if (!strcmp(*argv,"root_only"))
+               ctrl |= PAM_ROOT_ONLY_ARG;
           else if (!strncmp(*argv,"group=",6))
 	       strncpy(use_group,*argv+6,group_length-1);
           else {
@@ -124,14 +127,19 @@ static int perform_check(pam_handle_t *pamh, int flags, int ctrl,
         return PAM_SERVICE_ERR;
     }
 
-    /* su to a uid 0 account ? */
     pwd = _pammodutil_getpwnam (pamh, username);
     if (!pwd) {
         if (ctrl & PAM_DEBUG_ARG) {
             _pam_log(LOG_NOTICE,"unknown user %s",username);
-	}
+        }
         return PAM_USER_UNKNOWN;
     }
+    if (ctrl & PAM_ROOT_ONLY_ARG) {
+	/* su to a non uid 0 account ? */
+        if (pwd->pw_uid != 0) {
+            return PAM_IGNORE;
+        }
+    }
      
     if (ctrl & PAM_USE_UID_ARG) {
 	tpwd = _pammodutil_getpwuid (pamh, getuid());
author	Tomas Mraz <tm@t8m.info>	2004-11-11 13:04:55 +0000
committer	Tomas Mraz <tm@t8m.info>	2004-11-11 13:04:55 +0000
commit	0185894c8971caf571087ff5ef9b022968544a39 (patch)
tree	faf19cc5357697490af3ee7a1ad88158aad4a22f /modules/pam_wheel/pam_wheel.c
parent	72850b3a5fd87662a18189b3f998b68bb1ce68fe (diff)