diff options
author | markm <markm@FreeBSD.org> | 2001-08-26 18:05:35 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-08-26 18:05:35 +0000 |
commit | c98dbe0779203037f1326ffdc3932cec3bd10d6f (patch) | |
tree | 80c6a01529d6be7fd3ef915a66719410883de5ee /lib | |
parent | 62645669be03c4d9d64b78e3505b57479c3793b6 (diff) | |
download | FreeBSD-src-c98dbe0779203037f1326ffdc3932cec3bd10d6f.zip FreeBSD-src-c98dbe0779203037f1326ffdc3932cec3bd10d6f.tar.gz |
Introduce better logging, error reporting and use of login_cap data.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libpam/modules/pam_nologin/pam_nologin.8 | 8 | ||||
-rw-r--r-- | lib/libpam/modules/pam_nologin/pam_nologin.c | 19 |
2 files changed, 21 insertions, 6 deletions
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.8 b/lib/libpam/modules/pam_nologin/pam_nologin.8 index 7b56b25..a2c5990 100644 --- a/lib/libpam/modules/pam_nologin/pam_nologin.8 +++ b/lib/libpam/modules/pam_nologin/pam_nologin.8 @@ -61,6 +61,13 @@ does exist, then its contents are echoed to non-superusers before failure is returned. +If a "nologin" capability +is specified in +.Xr login.conf 5 , +then the file thus specified +is used instead. +This usually defaults to +.Pa /var/run/nologin . .Pp The following options may be passed to the authentication module: .Bl -tag -width ".Cm no_warn" @@ -77,6 +84,7 @@ authentication attempt was declined. .El .Sh SEE ALSO .Xr syslog 3 , +.Xr login.conf 5 , .Xr nologin 5 , .Xr pam.conf 5 , .Xr pam 8 diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c b/lib/libpam/modules/pam_nologin/pam_nologin.c index 5b1e19f..9b06653 100644 --- a/lib/libpam/modules/pam_nologin/pam_nologin.c +++ b/lib/libpam/modules/pam_nologin/pam_nologin.c @@ -28,13 +28,14 @@ #define PAM_SM_AUTH -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> +#include <fcntl.h> +#include <login_cap.h> #include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> #include <security/_pam_macros.h> #include <security/pam_modules.h> @@ -45,11 +46,12 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { + login_cap_t *lc; struct options options; struct passwd *pwd; struct stat st; int retval, fd; - const char *user; + const char *user, *nologin; char *mtmp; pam_std_option(&options, NULL, argc, argv); @@ -62,7 +64,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) PAM_LOG("Got user: %s", user); - fd = open(NOLOGIN, O_RDONLY, 0); + lc = login_getclass(NULL); + nologin = login_getcapstr(lc, "nologin", NOLOGIN, NOLOGIN); + login_close(lc); + lc = NULL; + + fd = open(nologin, O_RDONLY, 0); if (fd < 0) PAM_RETURN(PAM_SUCCESS); |