From 16722cb2c139ad17c36d42bd53844e2d0880d740 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Sat, 19 Jul 2014 21:04:21 +0000
Subject: [PATCH] Add support for the "account" facility.

PR:		115164
MFC after:	1 week
---
 lib/libpam/modules/pam_group/pam_group.8 |  7 ++++++-
 lib/libpam/modules/pam_group/pam_group.c | 23 +++++++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/lib/libpam/modules/pam_group/pam_group.8 b/lib/libpam/modules/pam_group/pam_group.8
index 985094b1ed24..4f368e577c22 100644
--- a/lib/libpam/modules/pam_group/pam_group.8
+++ b/lib/libpam/modules/pam_group/pam_group.8
@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 9, 2011
+.Dd July 19, 2014
 .Dt PAM_GROUP 8
 .Os
 .Sh NAME
@@ -48,6 +48,11 @@
 .Sh DESCRIPTION
 The group service module for PAM accepts or rejects users based on
 their membership in a particular file group.
+.Nm pam_group
+provides functionality for two PAM categories: authentication and
+account management.
+In terms of the module-type parameter, they are the ``auth'' and
+``account'' features.
 .Pp
 The following options may be passed to the
 .Nm
diff --git a/lib/libpam/modules/pam_group/pam_group.c b/lib/libpam/modules/pam_group/pam_group.c
index 5b918c0f16a6..6cf2774a308f 100644
--- a/lib/libpam/modules/pam_group/pam_group.c
+++ b/lib/libpam/modules/pam_group/pam_group.c
@@ -47,15 +47,14 @@ __FBSDID("$FreeBSD$");
 #include <unistd.h>
 
 #define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
 
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
 #include <security/openpam.h>
 
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
+static int
+pam_group(pam_handle_t *pamh)
 {
 	int local, remote;
 	const char *group, *user;
@@ -120,6 +119,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		goto not_found;
 }
 
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
+    int argc __unused, const char *argv[] __unused)
+{
+
+	return (pam_group(pamh));
+}
+
 PAM_EXTERN int
 pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused,
     int argc __unused, const char *argv[] __unused)
@@ -128,4 +135,12 @@ pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused,
 	return (PAM_SUCCESS);
 }
 
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
+    int argc __unused, const char *argv[] __unused)
+{
+
+	return (pam_group(pamh));
+}
+
 PAM_MODULE_ENTRY("pam_group");