OpenPAMify.

svn path=/head/; revision=110240
2003-02-02 18:43:58 +00:00 · 2003-02-02 18:43:58 +00:00 · cb6e9daaa9 · 2020-12-20 02:59:44 +00:00
commit cb6e9daaa9
parent f1c2c0a87e
1 changed files with 10 additions and 33 deletions
--- a/lib/libpam/modules/pam_wheel/pam_wheel.c
+++ b/lib/libpam/modules/pam_wheel/pam_wheel.c
@ -54,24 +54,6 @@ __FBSDID("$FreeBSD$");
 #include <security/pam_modules.h>
 #include <security/pam_mod_misc.h>

-enum {
-	PAM_OPT_DENY = PAM_OPT_STD_MAX,
-	PAM_OPT_GROUP,
-	PAM_OPT_TRUST,
-	PAM_OPT_AUTH_AS_SELF,
-	PAM_OPT_NOROOT_OK,
-	PAM_OPT_EXEMPT_IF_EMPTY
-};
-
-static struct opttab other_options[] = {
-	{ "deny",		PAM_OPT_DENY },
-	{ "group",		PAM_OPT_GROUP },
-	{ "trust",		PAM_OPT_TRUST },
-	{ "auth_as_self",	PAM_OPT_AUTH_AS_SELF },
-	{ "noroot_ok",		PAM_OPT_NOROOT_OK },
-	{ "exempt_if_empty",	PAM_OPT_EXEMPT_IF_EMPTY },
-	{ NULL, 0 }
-};

 /* Is member in list? */
 static int
@ -85,19 +67,14 @@ in_list(char *const *list, const char *member)

 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t * pamh, int flags __unused,
-    int argc, const char *argv[])
+    int argc __unused, const char *argv[] __unused)
 {
-	struct options options;
 	struct passwd *pwd;
 	struct group *grp;
 	int retval;
 	uid_t tuid;
 	const char *user, *targetuser;
-	char *use_group;
-
-	pam_std_option(&options, other_options, argc, argv);
-
-	PAM_LOG("Options processed");
+	const char *use_group;

 	retval = pam_get_user(pamh, &targetuser, NULL);
 	if (retval != PAM_SUCCESS)
@ -110,7 +87,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused,

 	PAM_LOG("Got target user: %s   uid: %d", targetuser, tuid);

-	if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
+	if (openpam_get_option(pamh, "auth_as_self")) {
 		pwd = getpwnam(getlogin());
 		user = strdup(pwd->pw_name);
 	}
@ -131,13 +108,13 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused,
 	PAM_LOG("Not superuser");

 	/* If authenticating as something non-superuser, return OK */
-	if (pam_test_option(&options, PAM_OPT_NOROOT_OK, NULL))
+	if (openpam_get_option(pamh, "noroot_ok"))
 		if (tuid != 0)
 			return (PAM_SUCCESS);

 	PAM_LOG("Checking group");

-	if (!pam_test_option(&options, PAM_OPT_GROUP, &use_group)) {
+	if ((use_group = openpam_get_option(pamh, "group")) == NULL) {
 		if ((grp = getgrnam("wheel")) == NULL)
 			grp = getgrgid(0);
 	}
@ -145,7 +122,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused,
 		grp = getgrnam(use_group);

 	if (grp == NULL || grp->gr_mem == NULL) {
-		if (pam_test_option(&options, PAM_OPT_DENY, NULL))
+		if (openpam_get_option(pamh, "deny"))
 			return (PAM_IGNORE);
 		else {
 			PAM_VERBOSE_ERROR("Permission denied");
@ -157,22 +134,22 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused,

 	/* If the group is empty, see if we exempt empty groups. */
 	if (*(grp->gr_mem) == NULL) {
-		if (pam_test_option(&options, PAM_OPT_EXEMPT_IF_EMPTY, NULL))
+		if (openpam_get_option(pamh, "exempt_if_empty"))
 			return (PAM_IGNORE);
 	}

 	if (pwd->pw_gid == grp->gr_gid || in_list(grp->gr_mem, pwd->pw_name)) {
-		if (pam_test_option(&options, PAM_OPT_DENY, NULL)) {
+		if (openpam_get_option(pamh, "deny")) {
 			PAM_VERBOSE_ERROR("Member of group %s; denied",
 			    grp->gr_name);
 			return (PAM_PERM_DENIED);
 		}
-		if (pam_test_option(&options, PAM_OPT_TRUST, NULL))
+		if (openpam_get_option(pamh, "trust"))
 			return (PAM_SUCCESS);
 		return (PAM_IGNORE);
 	}

-	if (pam_test_option(&options, PAM_OPT_DENY, NULL))
+	if (openpam_get_option(pamh, "deny"))
 		return (PAM_SUCCESS);

 	PAM_VERBOSE_ERROR("Not member of group %s; denied", grp->gr_name);