summaryrefslogtreecommitdiff
path: root/modules/pam_rootok
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_rootok')
-rw-r--r--modules/pam_rootok/Makefile6
-rw-r--r--modules/pam_rootok/pam_rootok.c8
2 files changed, 14 insertions, 0 deletions
diff --git a/modules/pam_rootok/Makefile b/modules/pam_rootok/Makefile
index 3460c2a2..0c868c91 100644
--- a/modules/pam_rootok/Makefile
+++ b/modules/pam_rootok/Makefile
@@ -13,3 +13,9 @@ include ../../Make.Rules
TITLE=pam_rootok
include ../Simple.Rules
+
+ifeq ($(HAVE_LIBSELINUX),yes)
+CFLAGS += -DWITH_SELINUX
+LINK_PAMMODUTILS += -lselinux
+endif
+
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index a7342104..93e31691 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -39,6 +39,11 @@ static void _pam_log(int err, const char *format, ...)
}
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/av_permissions.h>
+#endif
+
/* argument parsing */
#define PAM_DEBUG_ARG 01
@@ -73,6 +78,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
ctrl = _pam_parse(argc, argv);
if (getuid() == 0)
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0)
+#endif
retval = PAM_SUCCESS;
if (ctrl & PAM_DEBUG_ARG) {