Use a better method of getting user credentials to account for

(legal) UID duplication.

Rename use_uid to auth_as_self for consistency with other modules.
This commit is contained in:
Mark Murray 2001-07-14 08:42:39 +00:00
parent 6fd676c982
commit f042a54245
2 changed files with 8 additions and 8 deletions

View File

@ -61,13 +61,13 @@ The following options may be passed to the authentication module:
debugging information at
.Dv LOG_DEBUG
level.
.It Cm use_uid
.It Cm auth_as_self
check for
.Dq Li wheel
membership against
the current UID
the current login name
(given by
.Xr getuid 2 ) .
.Xr getlogin 2 ) .
.It Cm trust
return
.Dv PAM_SUCCESS
@ -92,7 +92,7 @@ instead of the default group
.Dq Li wheel .
.El
.Sh SEE ALSO
.Xr getuid 2 ,
.Xr getlogin 2 ,
.Xr syslog 3 ,
.Xr group 5 ,
.Xr pam.conf 5 ,

View File

@ -42,13 +42,13 @@
#include <pam_mod_misc.h>
enum { PAM_OPT_DENY=PAM_OPT_STD_MAX, PAM_OPT_GROUP, PAM_OPT_TRUST,
PAM_OPT_USE_UID };
PAM_OPT_AUTH_AS_SELF };
static struct opttab other_options[] = {
{ "deny", PAM_OPT_DENY },
{ "group", PAM_OPT_GROUP },
{ "trust", PAM_OPT_TRUST },
{ "use_uid", PAM_OPT_USE_UID },
{ "auth_as_self", PAM_OPT_AUTH_AS_SELF },
{ NULL, 0 }
};
@ -92,8 +92,8 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
PAM_LOG("Not superuser");
if (pam_test_option(&options, PAM_OPT_USE_UID, NULL)) {
temppwd = getpwuid(getuid());
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
temppwd = getpwnam(getlogin());
if (temppwd == NULL)
PAM_RETURN(PAM_SERVICE_ERR);
fromsu = temppwd->pw_name;