Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libpam/modules/pam_group Add a new option "authenticate"...
details: https://anonhg.NetBSD.org/src/rev/4253c3eaf074
branches: trunk
changeset: 573593:4253c3eaf074
user: christos <christos%NetBSD.org@localhost>
date: Tue Feb 01 22:55:11 2005 +0000
description:
Add a new option "authenticate" that requires the user to enter his own
password to login.
diffstat:
lib/libpam/modules/pam_group/pam_group.8 | 6 +++-
lib/libpam/modules/pam_group/pam_group.c | 34 ++++++++++++++++++++++++++++++-
2 files changed, 36 insertions(+), 4 deletions(-)
diffs (108 lines):
diff -r a24408d6b16d -r 4253c3eaf074 lib/libpam/modules/pam_group/pam_group.8
--- a/lib/libpam/modules/pam_group/pam_group.8 Tue Feb 01 22:54:33 2005 +0000
+++ b/lib/libpam/modules/pam_group/pam_group.8 Tue Feb 01 22:55:11 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pam_group.8,v 1.2 2004/12/12 08:18:44 christos Exp $
+.\" $NetBSD: pam_group.8,v 1.3 2005/02/01 22:55:11 christos Exp $
.\" Copyright (c) 2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
@@ -33,7 +33,7 @@
.\"
.\" $FreeBSD: src/lib/libpam/modules/pam_group/pam_group.8,v 1.3 2004/07/02 23:52:17 ru Exp $
.\"
-.Dd February 6, 2003
+.Dd February 1, 2004
.Dt PAM_GROUP 8
.Os
.Sh NAME
@@ -68,6 +68,8 @@
.It Cm root_only
Skip this module entirely if the target account is not the superuser
account.
+.It Cm authenticate
+The user is asked to authenticate using his own password.
.El
.Sh SEE ALSO
.Xr pam.conf 5 ,
diff -r a24408d6b16d -r 4253c3eaf074 lib/libpam/modules/pam_group/pam_group.c
--- a/lib/libpam/modules/pam_group/pam_group.c Tue Feb 01 22:54:33 2005 +0000
+++ b/lib/libpam/modules/pam_group/pam_group.c Tue Feb 01 22:55:11 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_group.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */
+/* $NetBSD: pam_group.c,v 1.3 2005/02/01 22:55:11 christos Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_group/pam_group.c,v 1.4 2003/12/11 13:55:15 des Exp $");
#else
-__RCSID("$NetBSD: pam_group.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
+__RCSID("$NetBSD: pam_group.c,v 1.3 2005/02/01 22:55:11 christos Exp $");
#endif
#include <sys/types.h>
@@ -50,13 +50,16 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#include <login_cap.h>
#define PAM_SM_AUTH
#include <security/pam_appl.h>
#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
#include <security/openpam.h>
+static int authenticate(pam_handle_t *, struct passwd *, int);
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
@@ -67,6 +70,7 @@
char *const *list;
struct passwd *pwd;
struct group *grp;
+ int pam_err;
/* get target account */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
@@ -102,6 +106,10 @@
return (PAM_SUCCESS);
return (PAM_AUTH_ERR);
found:
+ if (openpam_get_option(pamh, "authenticate"))
+ if ((pam_err = authenticate(pamh, pwd, flags)) != PAM_SUCCESS)
+ return pam_err;
+
if (openpam_get_option(pamh, "deny"))
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
@@ -120,4 +128,26 @@
return (PAM_SUCCESS);
}
+static int
+authenticate(pam_handle_t *pamh, struct passwd *pwd, int flags)
+{
+ int retval;
+ login_cap_t *lc;
+ const char *pass;
+
+ lc = login_getpwclass(pwd);
+ retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, NULL);
+ login_close(lc);
+
+ if (retval != PAM_SUCCESS)
+ return retval;
+ PAM_LOG("Got password");
+ if (strcmp(crypt(pass, pwd->pw_passwd), pwd->pw_passwd) == 0)
+ return PAM_SUCCESS;
+
+ PAM_VERBOSE_ERROR("UNIX authentication refused");
+ return PAM_AUTH_ERR;
+}
+
+
PAM_MODULE_ENTRY("pam_group");
Home |
Main Index |
Thread Index |
Old Index