diff options
author | markm <markm@FreeBSD.org> | 2001-05-24 18:35:52 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-05-24 18:35:52 +0000 |
commit | f6fb59fd55444f9a5790254517e6de17d847af71 (patch) | |
tree | 0f62e708d9f6d461f07efb40b3ffb011eeedc6f9 | |
parent | 52aca8b17abe6d748d95a990a5e3fb5bd081130b (diff) | |
download | FreeBSD-src-f6fb59fd55444f9a5790254517e6de17d847af71.zip FreeBSD-src-f6fb59fd55444f9a5790254517e6de17d847af71.tar.gz |
Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
-rw-r--r-- | lib/libpam/libpam/pam_mod_misc.h | 1 | ||||
-rw-r--r-- | lib/libpam/libpam/pam_std_option.c | 1 | ||||
-rw-r--r-- | lib/libpam/libpam/security/pam_mod_misc.h | 1 | ||||
-rw-r--r-- | lib/libpam/modules/pam_unix/pam_unix.c | 11 |
4 files changed, 11 insertions, 3 deletions
diff --git a/lib/libpam/libpam/pam_mod_misc.h b/lib/libpam/libpam/pam_mod_misc.h index 06f474d..8e15fee 100644 --- a/lib/libpam/libpam/pam_mod_misc.h +++ b/lib/libpam/libpam/pam_mod_misc.h @@ -38,6 +38,7 @@ #define PAM_OPT_TRY_FIRST_PASS 0x08 #define PAM_OPT_USE_MAPPED_PASS 0x10 #define PAM_OPT_ECHO_PASS 0x20 +#define PAM_OPT_AUTH_AS_SELF 0x40 __BEGIN_DECLS int pam_get_pass(pam_handle_t *, const char **, const char *, int); diff --git a/lib/libpam/libpam/pam_std_option.c b/lib/libpam/libpam/pam_std_option.c index 0c00908..fb39806 100644 --- a/lib/libpam/libpam/pam_std_option.c +++ b/lib/libpam/libpam/pam_std_option.c @@ -48,6 +48,7 @@ pam_std_option(int *options, const char *name) { "try_first_pass", PAM_OPT_TRY_FIRST_PASS }, { "use_mapped_pass", PAM_OPT_USE_MAPPED_PASS }, { "echo_pass", PAM_OPT_ECHO_PASS }, + { "auth_as_self", PAM_OPT_AUTH_AS_SELF }, { NULL, 0 } }; struct opttab *p; diff --git a/lib/libpam/libpam/security/pam_mod_misc.h b/lib/libpam/libpam/security/pam_mod_misc.h index 06f474d..8e15fee 100644 --- a/lib/libpam/libpam/security/pam_mod_misc.h +++ b/lib/libpam/libpam/security/pam_mod_misc.h @@ -38,6 +38,7 @@ #define PAM_OPT_TRY_FIRST_PASS 0x08 #define PAM_OPT_USE_MAPPED_PASS 0x10 #define PAM_OPT_ECHO_PASS 0x20 +#define PAM_OPT_AUTH_AS_SELF 0x40 __BEGIN_DECLS int pam_get_pass(pam_handle_t *, const char **, const char *, int); diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 329b784..c8ddde7 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -62,12 +62,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, options = 0; for (i = 0; i < argc; i++) pam_std_option(&options, argv[i]); - if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - return retval; + if (options & PAM_OPT_AUTH_AS_SELF) + pwd = getpwuid(getuid()); + else { + if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return retval; + pwd = getpwnam(user); + } if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, options)) != PAM_SUCCESS) return retval; - if ((pwd = getpwnam(user)) != NULL) { + if (pwd != NULL) { encrypted = crypt(password, pwd->pw_passwd); if (password[0] == '\0' && pwd->pw_passwd[0] != '\0') encrypted = ":"; |