diff options
Diffstat (limited to 'modules/pam_rootok')
-rw-r--r-- | modules/pam_rootok/Makefile | 6 | ||||
-rw-r--r-- | modules/pam_rootok/pam_rootok.c | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/modules/pam_rootok/Makefile b/modules/pam_rootok/Makefile index 3460c2a2..0c868c91 100644 --- a/modules/pam_rootok/Makefile +++ b/modules/pam_rootok/Makefile @@ -13,3 +13,9 @@ include ../../Make.Rules TITLE=pam_rootok include ../Simple.Rules + +ifeq ($(HAVE_LIBSELINUX),yes) +CFLAGS += -DWITH_SELINUX +LINK_PAMMODUTILS += -lselinux +endif + diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index a7342104..93e31691 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -39,6 +39,11 @@ static void _pam_log(int err, const char *format, ...) } +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#include <selinux/av_permissions.h> +#endif + /* argument parsing */ #define PAM_DEBUG_ARG 01 @@ -73,6 +78,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc ctrl = _pam_parse(argc, argv); if (getuid() == 0) +#ifdef WITH_SELINUX + if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0) +#endif retval = PAM_SUCCESS; if (ctrl & PAM_DEBUG_ARG) { |