diff options
| -rw-r--r-- | modules/Makefile | 4 | ||||
| -rw-r--r-- | modules/Makefile~ | 10 | ||||
| -rw-r--r-- | modules/pam_securetty/pam_securetty.c | 20 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix.c | 5 |
4 files changed, 18 insertions, 21 deletions
diff --git a/modules/Makefile b/modules/Makefile index e09247c..3b5ace0 100644 --- a/modules/Makefile +++ b/modules/Makefile @@ -2,8 +2,8 @@ all install clean: $(MAKE) -C pam_unix $@ $(MAKE) -C pam_securetty $@ $(MAKE) -C pam_nologin $@ - $(MAKE) -C pam_shells $@ - $(MAKE) -C pam_wheel $@ +# $(MAKE) -C pam_shells $@ +# $(MAKE) -C pam_wheel $@ $(MAKE) -C pam_rootok $@ $(MAKE) -C pam_permit $@ $(MAKE) -C pam_deny $@ diff --git a/modules/Makefile~ b/modules/Makefile~ deleted file mode 100644 index e09247c..0000000 --- a/modules/Makefile~ +++ /dev/null @@ -1,10 +0,0 @@ -all install clean: - $(MAKE) -C pam_unix $@ - $(MAKE) -C pam_securetty $@ - $(MAKE) -C pam_nologin $@ - $(MAKE) -C pam_shells $@ - $(MAKE) -C pam_wheel $@ - $(MAKE) -C pam_rootok $@ - $(MAKE) -C pam_permit $@ - $(MAKE) -C pam_deny $@ - diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 78c4bd5..f6d7bc2 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -1,11 +1,11 @@ #include <sys/types.h> #include <sys/stat.h> +#include <stdio.h> #include <string.h> #include <ttyent.h> #include <pwd.h> - -#define PAM_SM_ACCOUNT +#define PAM_SM_AUTH #include <security/pam_appl.h> #include <security/pam_modules.h> @@ -14,7 +14,7 @@ #define TTY_PREFIX "/dev/" PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, +pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char * argv[]) { struct passwd *pwd; @@ -45,10 +45,9 @@ pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, if (tty != NULL && strncmp(TTY_PREFIX, tty, sizeof(TTY_PREFIX)) == 0) { PAM_LOG("tty starts with " TTY_PREFIX); - /* skip prefix */ + /* get rid of prefix */ tty = (const char *)tty + sizeof(TTY_PREFIX) - 1; } - /* * Linux-PAM, before checking the actual tty, * opens /etc/securettys to check if it's world @@ -60,9 +59,18 @@ pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, if ( tty != NULL && (ttyinfo = getttynam(tty)) != NULL && (ttyinfo->ty_status & TTY_SECURE) != 0) return (PAM_SUCCESS); - + PAM_ERROR("Access denied: tty %s is not secure", tty); return (PAM_AUTH_ERR); } + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh , int flags , + int argc , const char *argv[]) +{ + + return (PAM_SUCCESS); +} + PAM_MODULE_ENTRY("pam_securetty"); diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c index 4072938..ad066e0 100644 --- a/modules/pam_unix/pam_unix.c +++ b/modules/pam_unix/pam_unix.c @@ -94,7 +94,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL); PAM_LOG("Got password for user [%s]", user); - if (pam_err == PAM_CONV_ERR) return (pam_err); if (pam_err != PAM_SUCCESS) @@ -144,7 +143,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , int pam_err; const char *user; time_t curtime; - + /* Sanity checks for uname,pwd,tty,host etc */ pam_err = pam_get_user(pamh, &user, NULL); @@ -205,6 +204,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags , } } + pam_err = (PAM_SUCCESS); return (pam_err); @@ -396,7 +396,6 @@ pam_sm_close_session( pam_handle_t * pamh, int flags, { char *user, *service; int pam_err; - pam_err = pam_get_item(pamh, PAM_USER, (void *) &user); if ( pam_err != PAM_SUCCESS || user == NULL || *user == '\0') { PAM_ERROR("Close session - Error recovering username"); |