(from Linux distributors - kukuk)
* Add pam_xauth module (Bug 436440 - kukuk)
* configure.in: Fix check for libcrypt (Bug 417704 - kukuk)
+* Add the "broken_shadow" argument to pam_unix, for ignoring errors
+ reading shadow information (from Linux distributors - kukuk)
0.77: Mon Sep 23 10:25:42 PDT 2002
/* Andrew Morgan (morgan@kernel.org) -- an example application
* that invokes a shell, based on blank.c */
+#include <security/_pam_aconf.h>
+
#include <stdio.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
-#include <security/_pam_aconf.h>
-
#include <pwd.h>
#include <sys/types.h>
#include <unistd.h>
fprintf(stderr,"%s: problem closing a session\n",argv[0]);
break;
}
-
+
/* `0' could be as above */
retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,0,retcode,"pam_setcred");
CFLAGS = -g -I ../../include
test.libpamc: test.libpamc.o
- $(CC) -o $@ $< -L ../.. -lpamc
+ $(CC) -o $@ $(CFLAGS) $< -L ../.. -lpamc
clean:
rm -f test.libpamc test.libpamc.o
int limit_item;
int limit_type = 0;
long limit_value;
- const char **endptr = &lim_value;
+ char *endptr;
const char *value_orig = lim_value;
if (ctrl & PAM_DEBUG_ARG)
return;
}
- /*
- * there is a warning here because the library prototype for this
- * function is incorrect.
- */
- limit_value = strtol(lim_value, endptr, 10);
+ limit_value = strtol (lim_value, &endptr, 10);
/* special case value when limiting logins */
- if (limit_value == 0 && value_orig == *endptr) { /* no chars read */
+ if (limit_value == 0 && value_orig == endptr) { /* no chars read */
if (strcmp(lim_value,"-") != 0) {
_pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value);
return;
when the session begins. This allows users to be present in central
database (such as nis, kerb or ldap) without using a distributed
file system or pre-creating a large number of directories.
-
+
Here is a sample /etc/pam.d/login file for Debian GNU/Linux
2.1:
-
+
auth requisite pam_securetty.so
auth sufficient pam_ldap.so
auth required pam_pwdb.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_pwdb.so
session optional pam_lastlog.so
- password required pam_pwdb.so
-
+ password required pam_pwdb.so
+
Released under the GNU LGPL version 2 or later
Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999
- Structure taken from pam_lastlogin by Andrew Morgan
+ Structure taken from pam_lastlogin by Andrew Morgan
<morgan@parc.power.net> 1996
*/
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
+#include <security/_pam_modutil.h>
+
/* argument parsing */
#define MKHOMEDIR_DEBUG 020 /* keep quiet about things */
return ctrl;
}
-/* This common function is used to send a message to the applications
- conversion function. Our only use is to ask the application to print
+/* This common function is used to send a message to the applications
+ conversion function. Our only use is to ask the application to print
an informative message that we are creating a home directory */
static int converse(pam_handle_t * pamh, int ctrl, int nargs
,struct pam_message **message
{
_log_err(LOG_DEBUG, "unable to create directory %s",dest);
return PAM_PERM_DENIED;
- }
+ }
if (chmod(dest,0777 & (~UMask)) != 0 ||
chown(dest,pwd->pw_uid,pwd->pw_gid) != 0)
{
}
for (Dir = readdir(D); Dir != 0; Dir = readdir(D))
- {
+ {
int SrcFd;
int DestFd;
int Res;
const char *user;
const struct passwd *pwd;
struct stat St;
-
+
/* Parse the flag values */
ctrl = _pam_parse(flags, argc, argv);
}
/* Ignore */
-PAM_EXTERN
+PAM_EXTERN
int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc
,const char **argv)
{
nis - use NIS RPC for setting new password
remember=X - remember X old passwords, they are kept in
/etc/security/opasswd in MD5 crypted form
+ broken_shadow - ignore errors reading shadow information for
+ users in the account management module
invalid arguments are logged to syslog.
return PAM_SUCCESS;
}
+ if (!spent)
+ if (on(UNIX_BROKEN_SHADOW,ctrl))
+ return PAM_SUCCESS;
+
if (!spent)
return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
#define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */
#define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */
#define UNIX_NOREAP 21 /* don't reap child process */
+#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging
+ * information during acct management */
/* -------------- */
-#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */
+#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ident "$Id$"
+/* "$Id$" */
#include "../../_pam_aconf.h"
#include <sys/types.h>
const char *_pammodutil_getlogin(pam_handle_t *pamh)
{
int status;
- const char *logname, *curr_tty;
+ char *logname;
+ const char *curr_tty;
char *curr_user;
struct utmp *ut, line;
#include <unistd.h>
#include <errno.h>
+#include <security/pam_modules.h>
+#include "include/security/_pam_modutil.h"
+
int _pammodutil_read(int fd, char *buffer, int count)
{
int block, offset = 0;
-
+
while (count > 0) {
block = read(fd, &buffer[offset], count);
int _pammodutil_write(int fd, const char *buffer, int count)
{
int block, offset = 0;
-
+
while (count > 0) {
block = write(fd, &buffer[offset], count);
offset += block;
count -= block;
}
-
+
return offset;
}
-
projects / linux-pam / commitdiff