summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org>2018-08-14 13:20:28 (GMT)
committer Sergey Poznyakoff <gray@gnu.org>2018-08-14 13:20:35 (GMT)
commit082c967151db85d4ad551fa458c48fc7a783f446 (patch) (side-by-side diff)
tree0ac20d07aa0cecc6be9f369299fa927617d0d0b8
parent23951fcddb211ecbb470ee17d035584bfbe38029 (diff)
downloadpam-modules-082c967151db85d4ad551fa458c48fc7a783f446.tar.gz
pam-modules-082c967151db85d4ad551fa458c48fc7a783f446.tar.bz2
Minor fixes
* configure.ac: Don't build static libraries. * examples/ldappubkey: Optionally authenticate via PAM`
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--configure.ac1
-rwxr-xr-xexamples/ldappubkey22
-rw-r--r--pam_innetgr/pam_innetgr.c2
-rw-r--r--pam_umotd/pam_umotd.c2
-rw-r--r--pamck/conv.c2
5 files changed, 25 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac
index 82fbc8a..584aa4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,6 +35,7 @@ dnl Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
+AM_DISABLE_STATIC
LT_PREREQ(2.2.5a)
LT_INIT
diff --git a/examples/ldappubkey b/examples/ldappubkey
index 5bf2828..3a47b18 100755
--- a/examples/ldappubkey
+++ b/examples/ldappubkey
@@ -127,7 +127,16 @@ Full hostname of the machine.
Default value is:
(&(objectClass=posixAccount)($uid=$arg))
-
+
+=item B<PublicKeyPAMService> I<NAME>
+
+If this setting is present, B<ldappubkey> will first try to authenticate
+using LDAP service I<NAME> and the user name supplied in the command line.
+It will exit immediately if the authentication fails.
+
+This can be used to enforce additional restrictions on who is allowed to
+log in remotely on the server.
+
=back
=head1 OPTIONS
@@ -279,6 +288,17 @@ my $arg = $ARGV[0];
my $hostname = get_fqdn_hostname();
$filter =~ s/(?<!\\)(\$(?:uid|arg|hostname))/$1/eeg;
+if (my $service = $config{publickeypamservice}) {
+ use Authen::PAM qw(:constants);
+ my $pamh;
+ ref($pamh = new Authen::PAM($service, $arg)) ||
+ die "Error code $pamh during PAM init!";
+ my $res = $pamh->pam_authenticate;
+ if ($res != PAM_SUCCESS) {
+ die "pam_authenticate: ". $pamh->pam_strerror($res) . "\n";
+ }
+}
+
my $res = assert($ldap->search(base => $config{'base'},
filter => $filter,
attrs => \@attrs ),
diff --git a/pam_innetgr/pam_innetgr.c b/pam_innetgr/pam_innetgr.c
index 2b9dc58..a926737 100644
--- a/pam_innetgr/pam_innetgr.c
+++ b/pam_innetgr/pam_innetgr.c
@@ -62,7 +62,7 @@ struct pam_opt pam_opt[] = {
#endif
int
-xgetname (int (*getfn)(char *, size_t), char **storage)
+xgetname(int (*getfn)(char *, size_t), char **storage)
{
char *buffer = NULL;
size_t size = 0;
diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c
index b14ffab..2fea67c 100644
--- a/pam_umotd/pam_umotd.c
+++ b/pam_umotd/pam_umotd.c
@@ -105,7 +105,7 @@ static int
read_fd(pam_handle_t *pamh, const char *file, int fd)
{
char buf[1024], *p;
- ssize_t rd;
+ ssize_t rd = 0;
size_t total = 0;
size_t level = 0;
diff --git a/pamck/conv.c b/pamck/conv.c
index 692aca0..440f6cb 100644
--- a/pamck/conv.c
+++ b/pamck/conv.c
@@ -120,7 +120,7 @@ pamck_conv(int num_msg, const struct pam_message **msg,
if (!reply)
return PAM_CONV_ERR;
for (i = 0; i < num_msg; i++) {
- char *str;
+ char *str = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:

Return to:

Send suggestions and report system problems to the System administrator.