mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-31 14:25:15 +00:00
pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
This commit is contained in:
64
check.c
64
check.c
@@ -77,6 +77,10 @@ static char rcsid[] = "$Id$";
|
||||
#ifdef HAVE_KERB4
|
||||
# include <krb.h>
|
||||
#endif /* HAVE_KERB4 */
|
||||
#ifdef HAVE_PAM
|
||||
# include <security/pam_appl.h>
|
||||
# include <security/pam_misc.h>
|
||||
#endif /* HAVE_PAM */
|
||||
#ifdef HAVE_AFS
|
||||
# include <afs/stds.h>
|
||||
# include <afs/kautils.h>
|
||||
@@ -112,6 +116,9 @@ static void reminder __P((void));
|
||||
#ifdef HAVE_KERB4
|
||||
static int sudo_krb_validate_user __P((struct passwd *, char *));
|
||||
#endif /* HAVE_KERB4 */
|
||||
#ifdef HAVE_PAM
|
||||
static void pam_attempt_auth __P((void));
|
||||
#endif /* HAVE_PAM */
|
||||
#ifdef HAVE_SKEY
|
||||
static char *sudo_skeyprompt __P((struct skey *, char *));
|
||||
#endif /* HAVE_SKEY */
|
||||
@@ -131,6 +138,12 @@ union config_record configure;
|
||||
#ifdef HAVE_SKEY
|
||||
struct skey skey;
|
||||
#endif
|
||||
#ifdef HAVE_PAM
|
||||
static struct pam_conv conv = {
|
||||
misc_conv,
|
||||
NULL
|
||||
};
|
||||
#endif
|
||||
#ifdef HAVE_OPIE
|
||||
struct opie opie;
|
||||
#endif
|
||||
@@ -164,7 +177,11 @@ void check_user()
|
||||
if (rtn == 2)
|
||||
reminder(); /* do the reminder if ticket file is new */
|
||||
#endif /* NO_MESSAGE */
|
||||
#ifdef HAVE_PAM
|
||||
pam_attempt_auth();
|
||||
#else /* !HAVE_PAM */
|
||||
check_passwd();
|
||||
#endif /* HAVE_PAM */
|
||||
}
|
||||
|
||||
update_timestamp();
|
||||
@@ -715,6 +732,53 @@ static int sudo_krb_validate_user(pw_ent, pass)
|
||||
}
|
||||
#endif /* HAVE_KERB4 */
|
||||
|
||||
#ifdef HAVE_PAM
|
||||
/********************************************************************
|
||||
* pam_attempt_auth()
|
||||
*
|
||||
* Try to authenticate the user using Pluggable Authentication
|
||||
* Modules (PAM). Added 9/11/98 by Gary J. Calvin
|
||||
*/
|
||||
static void pam_attempt_auth()
|
||||
{
|
||||
pam_handle_t *pamh=NULL;
|
||||
int retval;
|
||||
register int counter = TRIES_FOR_PASSWORD;
|
||||
|
||||
/* printf("PAM Authentication\n"); */
|
||||
retval = pam_start("sudo", user_name, &conv, &pamh);
|
||||
if (retval != PAM_SUCCESS) {
|
||||
pam_end(pamh, retval);
|
||||
exit(1);
|
||||
}
|
||||
while (counter > 0) {
|
||||
retval = pam_authenticate(pamh, 0);
|
||||
if (retval == PAM_SUCCESS) {
|
||||
set_perms(PERM_USER, 0);
|
||||
pam_end(pamh, retval);
|
||||
return;
|
||||
}
|
||||
|
||||
--counter;
|
||||
#ifdef USE_INSULTS
|
||||
(void) fprintf(stderr, "%s\n", INSULT);
|
||||
#else
|
||||
(void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
|
||||
#endif /* USE_INSULTS */
|
||||
}
|
||||
set_perms(PERM_USER, 0);
|
||||
|
||||
if (counter > 0) {
|
||||
log_error(PASSWORD_NOT_CORRECT);
|
||||
inform_user(PASSWORD_NOT_CORRECT);
|
||||
} else {
|
||||
log_error(PASSWORDS_NOT_CORRECT);
|
||||
inform_user(PASSWORDS_NOT_CORRECT);
|
||||
}
|
||||
pam_end(pamh, retval);
|
||||
exit(1);
|
||||
}
|
||||
#endif /* HAVE_PAM */
|
||||
|
||||
#ifdef HAVE_SKEY
|
||||
/********************************************************************
|
||||
|
@@ -111,6 +111,9 @@
|
||||
# define HAVE_KERB4
|
||||
#endif /* HAVE_KERB5 */
|
||||
|
||||
/* Define if you use PAM. */
|
||||
#define HAVE_PAM
|
||||
|
||||
/* Define if you use AFS. */
|
||||
#undef HAVE_AFS
|
||||
|
||||
|
17
configure.in
17
configure.in
@@ -135,6 +135,16 @@ AC_ARG_WITH(kerb5, [ --with-kerb5 enable kerberos v5 support],
|
||||
;;
|
||||
esac])
|
||||
|
||||
AC_ARG_WITH(pam, [ --with-pam enable PAM support],
|
||||
[case $with_pam in
|
||||
yes) AC_DEFINE(HAVE_PAM)
|
||||
echo 'Configuring for use with PAM'
|
||||
;;
|
||||
no) ;;
|
||||
*) echo "Ignoring unknown argument to --with-pam: $with_pam"
|
||||
;;
|
||||
esac])
|
||||
|
||||
AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
|
||||
[case $with_AFS in
|
||||
yes) AC_DEFINE(HAVE_AFS)
|
||||
@@ -880,6 +890,13 @@ if test "$with_kerb4" = "yes" -o "$with_kerb5" = "yes"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl PAM libs and includes
|
||||
dnl
|
||||
if test "$with_pam" = "yes"; then
|
||||
SUDO_LIBS="${SUDO_LIBS} -ldl -lpam -lpam_misc"
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl extra AFS libs and includes
|
||||
dnl
|
||||
|
Reference in New Issue
Block a user