summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_rootok/pam_rootok.c
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_rootok/pam_rootok.c')
-rw-r--r--Linux-PAM/modules/pam_rootok/pam_rootok.c48
1 files changed, 22 insertions, 26 deletions
diff --git a/Linux-PAM/modules/pam_rootok/pam_rootok.c b/Linux-PAM/modules/pam_rootok/pam_rootok.c
index e1e09b6e..4eb34412 100644
--- a/Linux-PAM/modules/pam_rootok/pam_rootok.c
+++ b/Linux-PAM/modules/pam_rootok/pam_rootok.c
@@ -1,12 +1,12 @@
/* pam_rootok module */
/*
- * $Id: pam_rootok.c,v 1.3 2002/05/26 23:00:28 agmorgan Exp $
+ * $Id: pam_rootok.c,v 1.7 2005/12/12 14:45:02 ldv Exp $
*
* Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
*/
-#define _GNU_SOURCE
+#include "config.h"
#include <stdio.h>
#include <unistd.h>
@@ -24,26 +24,19 @@
#define PAM_SM_AUTH
#include <security/pam_modules.h>
+#include <security/pam_ext.h>
-/* some syslogging */
-
-static void _pam_log(int err, const char *format, ...)
-{
- va_list args;
-
- va_start(args, format);
- openlog("PAM-rootok", LOG_CONS|LOG_PID, LOG_AUTH);
- vsyslog(err, format, args);
- va_end(args);
- closelog();
-}
-
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/av_permissions.h>
+#endif
/* argument parsing */
#define PAM_DEBUG_ARG 01
-static int _pam_parse(int argc, const char **argv)
+static int
+_pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
{
int ctrl=0;
@@ -55,7 +48,7 @@ static int _pam_parse(int argc, const char **argv)
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
else {
- _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
@@ -64,28 +57,31 @@ static int _pam_parse(int argc, const char **argv)
/* --- authentication management functions (only) --- */
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
- ,const char **argv)
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
int ctrl;
int retval = PAM_AUTH_ERR;
- ctrl = _pam_parse(argc, argv);
+ ctrl = _pam_parse(pamh, argc, argv);
if (getuid() == 0)
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0)
+#endif
retval = PAM_SUCCESS;
if (ctrl & PAM_DEBUG_ARG) {
- _pam_log(LOG_DEBUG, "authentication %s"
- , retval==PAM_SUCCESS ? "succeeded":"failed" );
+ pam_syslog(pamh, LOG_DEBUG, "authentication %s",
+ (retval==PAM_SUCCESS) ? "succeeded" : "failed");
}
return retval;
}
-PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
- ,const char **argv)
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 15:18:06 +0000