Implement the "binding" control flag (from Solaris 9)
Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@161 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
d185910864
commit
a9b8bb1e92
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/include/security/pam_constants.h#15 $
|
* $P4: //depot/projects/openpam/include/security/pam_constants.h#16 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _PAM_CONSTANTS_H_INCLUDED
|
#ifndef _PAM_CONSTANTS_H_INCLUDED
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/lib/openpam_configure.c#4 $
|
* $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
@ -150,6 +150,8 @@ openpam_read_policy_file(pam_chain_t *policy[],
|
||||||
flag = PAM_SUFFICIENT;
|
flag = PAM_SUFFICIENT;
|
||||||
} else if (strcmp(p, "optional") == 0) {
|
} else if (strcmp(p, "optional") == 0) {
|
||||||
flag = PAM_OPTIONAL;
|
flag = PAM_OPTIONAL;
|
||||||
|
} else if (strcmp(p, "binding") == 0) {
|
||||||
|
flag = PAM_BINDING;
|
||||||
} else {
|
} else {
|
||||||
openpam_log(PAM_LOG_ERROR,
|
openpam_log(PAM_LOG_ERROR,
|
||||||
"%s: invalid control flag on line %d: '%s'",
|
"%s: invalid control flag on line %d: '%s'",
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#16 $
|
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
@ -109,13 +109,14 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||||
|
|
||||||
if (r == PAM_IGNORE)
|
if (r == PAM_IGNORE)
|
||||||
continue;
|
continue;
|
||||||
if (r == PAM_SUCCESS || r == PAM_NEW_AUTHTOK_REQD) {
|
if (r == PAM_SUCCESS) {
|
||||||
/*
|
/*
|
||||||
* For pam_setcred() and pam_chauthtok() with the
|
* For pam_setcred() and pam_chauthtok() with the
|
||||||
* PAM_PRELIM_CHECK flag, treat "sufficient" as
|
* PAM_PRELIM_CHECK flag, treat "sufficient" as
|
||||||
* "optional".
|
* "optional".
|
||||||
*/
|
*/
|
||||||
if (chain->flag == PAM_SUFFICIENT && !fail &&
|
if ((chain->flag == PAM_SUFFICIENT ||
|
||||||
|
chain->flag == PAM_BINDING) && !fail &&
|
||||||
primitive != PAM_SM_SETCRED &&
|
primitive != PAM_SM_SETCRED &&
|
||||||
!(primitive == PAM_SM_CHAUTHTOK &&
|
!(primitive == PAM_SM_CHAUTHTOK &&
|
||||||
(flags & PAM_PRELIM_CHECK)))
|
(flags & PAM_PRELIM_CHECK)))
|
||||||
|
@ -132,7 +133,8 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||||
*/
|
*/
|
||||||
if (err == 0)
|
if (err == 0)
|
||||||
err = r;
|
err = r;
|
||||||
if (chain->flag == PAM_REQUIRED && !fail) {
|
if ((chain->flag == PAM_REQUIRED ||
|
||||||
|
chain->flag == PAM_BINDING) && !fail) {
|
||||||
openpam_log(PAM_LOG_DEBUG, "required module failed");
|
openpam_log(PAM_LOG_DEBUG, "required module failed");
|
||||||
fail = 1;
|
fail = 1;
|
||||||
err = r;
|
err = r;
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/lib/openpam_impl.h#15 $
|
* $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef _OPENPAM_IMPL_H_INCLUDED
|
#ifndef _OPENPAM_IMPL_H_INCLUDED
|
||||||
|
@ -48,7 +48,8 @@ extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
|
||||||
#define PAM_REQUISITE 2
|
#define PAM_REQUISITE 2
|
||||||
#define PAM_SUFFICIENT 3
|
#define PAM_SUFFICIENT 3
|
||||||
#define PAM_OPTIONAL 4
|
#define PAM_OPTIONAL 4
|
||||||
#define PAM_NUM_CONTROLFLAGS 5
|
#define PAM_BINDING 5
|
||||||
|
#define PAM_NUM_CONTROLFLAGS 6
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Chains
|
* Chains
|
||||||
|
|
Loading…
Reference in New Issue