Use a better method of getting user credentials to account for
(legal) UID duplication. Rename use_uid to auth_as_self for consistency with other modules.
This commit is contained in:
parent
6fd676c982
commit
f042a54245
@ -61,13 +61,13 @@ The following options may be passed to the authentication module:
|
||||
debugging information at
|
||||
.Dv LOG_DEBUG
|
||||
level.
|
||||
.It Cm use_uid
|
||||
.It Cm auth_as_self
|
||||
check for
|
||||
.Dq Li wheel
|
||||
membership against
|
||||
the current UID
|
||||
the current login name
|
||||
(given by
|
||||
.Xr getuid 2 ) .
|
||||
.Xr getlogin 2 ) .
|
||||
.It Cm trust
|
||||
return
|
||||
.Dv PAM_SUCCESS
|
||||
@ -92,7 +92,7 @@ instead of the default group
|
||||
.Dq Li wheel .
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr getuid 2 ,
|
||||
.Xr getlogin 2 ,
|
||||
.Xr syslog 3 ,
|
||||
.Xr group 5 ,
|
||||
.Xr pam.conf 5 ,
|
||||
|
@ -42,13 +42,13 @@
|
||||
#include <pam_mod_misc.h>
|
||||
|
||||
enum { PAM_OPT_DENY=PAM_OPT_STD_MAX, PAM_OPT_GROUP, PAM_OPT_TRUST,
|
||||
PAM_OPT_USE_UID };
|
||||
PAM_OPT_AUTH_AS_SELF };
|
||||
|
||||
static struct opttab other_options[] = {
|
||||
{ "deny", PAM_OPT_DENY },
|
||||
{ "group", PAM_OPT_GROUP },
|
||||
{ "trust", PAM_OPT_TRUST },
|
||||
{ "use_uid", PAM_OPT_USE_UID },
|
||||
{ "auth_as_self", PAM_OPT_AUTH_AS_SELF },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
@ -92,8 +92,8 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||
|
||||
PAM_LOG("Not superuser");
|
||||
|
||||
if (pam_test_option(&options, PAM_OPT_USE_UID, NULL)) {
|
||||
temppwd = getpwuid(getuid());
|
||||
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
|
||||
temppwd = getpwnam(getlogin());
|
||||
if (temppwd == NULL)
|
||||
PAM_RETURN(PAM_SERVICE_ERR);
|
||||
fromsu = temppwd->pw_name;
|
||||
|
Loading…
Reference in New Issue
Block a user