From f6fb59fd55444f9a5790254517e6de17d847af71 Mon Sep 17 00:00:00 2001 From: markm Date: Thu, 24 May 2001 18:35:52 +0000 Subject: Add the "auth_as_self" option to the pam_unix module (there is no reason not to add it to others later). This causes the pam_unix module to check the user's _own_ password, not the password of the account that the user is authenticating into. This will allow eg: WHEELSU type behaviour from su(1). --- lib/libpam/libpam/pam_mod_misc.h | 1 + lib/libpam/libpam/pam_std_option.c | 1 + lib/libpam/libpam/security/pam_mod_misc.h | 1 + lib/libpam/modules/pam_unix/pam_unix.c | 11 ++++++++--- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/libpam/libpam/pam_mod_misc.h b/lib/libpam/libpam/pam_mod_misc.h index 06f474d..8e15fee 100644 --- a/lib/libpam/libpam/pam_mod_misc.h +++ b/lib/libpam/libpam/pam_mod_misc.h @@ -38,6 +38,7 @@ #define PAM_OPT_TRY_FIRST_PASS 0x08 #define PAM_OPT_USE_MAPPED_PASS 0x10 #define PAM_OPT_ECHO_PASS 0x20 +#define PAM_OPT_AUTH_AS_SELF 0x40 __BEGIN_DECLS int pam_get_pass(pam_handle_t *, const char **, const char *, int); diff --git a/lib/libpam/libpam/pam_std_option.c b/lib/libpam/libpam/pam_std_option.c index 0c00908..fb39806 100644 --- a/lib/libpam/libpam/pam_std_option.c +++ b/lib/libpam/libpam/pam_std_option.c @@ -48,6 +48,7 @@ pam_std_option(int *options, const char *name) { "try_first_pass", PAM_OPT_TRY_FIRST_PASS }, { "use_mapped_pass", PAM_OPT_USE_MAPPED_PASS }, { "echo_pass", PAM_OPT_ECHO_PASS }, + { "auth_as_self", PAM_OPT_AUTH_AS_SELF }, { NULL, 0 } }; struct opttab *p; diff --git a/lib/libpam/libpam/security/pam_mod_misc.h b/lib/libpam/libpam/security/pam_mod_misc.h index 06f474d..8e15fee 100644 --- a/lib/libpam/libpam/security/pam_mod_misc.h +++ b/lib/libpam/libpam/security/pam_mod_misc.h @@ -38,6 +38,7 @@ #define PAM_OPT_TRY_FIRST_PASS 0x08 #define PAM_OPT_USE_MAPPED_PASS 0x10 #define PAM_OPT_ECHO_PASS 0x20 +#define PAM_OPT_AUTH_AS_SELF 0x40 __BEGIN_DECLS int pam_get_pass(pam_handle_t *, const char **, const char *, int); diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 329b784..c8ddde7 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -62,12 +62,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, options = 0; for (i = 0; i < argc; i++) pam_std_option(&options, argv[i]); - if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - return retval; + if (options & PAM_OPT_AUTH_AS_SELF) + pwd = getpwuid(getuid()); + else { + if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return retval; + pwd = getpwnam(user); + } if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, options)) != PAM_SUCCESS) return retval; - if ((pwd = getpwnam(user)) != NULL) { + if (pwd != NULL) { encrypted = crypt(password, pwd->pw_passwd); if (password[0] == '\0' && pwd->pw_passwd[0] != '\0') encrypted = ":"; -- cgit v1.1