<para>
pam_succeed_if.so is designed to succeed or fail authentication
based on characteristics of the account belonging to the user being
- authenticated. One use is to select whether to load other modules based
- on this test.
+ authenticated or values of other PAM items. One use is to select whether
+ to load other modules based on this test.
</para>
<para>
<para>
Available fields are <emphasis>user</emphasis>,
<emphasis>uid</emphasis>, <emphasis>gid</emphasis>,
- <emphasis>shell</emphasis>, <emphasis>home</emphasis>
- and <emphasis>service</emphasis>:
+ <emphasis>shell</emphasis>, <emphasis>home</emphasis>,
+ <emphasis>ruser</emphasis>, <emphasis>rhost</emphasis>,
+ <emphasis>tty</emphasis> and <emphasis>service</emphasis>:
</para>
<variablelist>
}
if (strcasecmp(left, "service") == 0) {
const void *svc;
- if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS)
+ if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS ||
+ svc == NULL)
svc = "";
snprintf(buf, sizeof(buf), "%s", (const char *)svc);
left = buf;
}
+ if (strcasecmp(left, "ruser") == 0) {
+ const void *ruser;
+ if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS ||
+ ruser == NULL)
+ ruser = "";
+ snprintf(buf, sizeof(buf), "%s", (const char *)ruser);
+ left = buf;
+ user = buf;
+ }
+ if (strcasecmp(left, "rhost") == 0) {
+ const void *rhost;
+ if (pam_get_item(pamh, PAM_SERVICE, &rhost) != PAM_SUCCESS ||
+ rhost == NULL)
+ rhost = "";
+ snprintf(buf, sizeof(buf), "%s", (const char *)rhost);
+ left = buf;
+ }
+ if (strcasecmp(left, "tty") == 0) {
+ const void *tty;
+ if (pam_get_item(pamh, PAM_SERVICE, &tty) != PAM_SUCCESS ||
+ tty == NULL)
+ tty = "";
+ snprintf(buf, sizeof(buf), "%s", (const char *)tty);
+ left = buf;
+ }
/* If we have no idea what's going on, return an error. */
if (left != buf) {
pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left);
projects / linux-pam / commitdiff