diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2018-08-14 16:20:28 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2018-08-14 16:20:35 +0300 |
commit | 082c967151db85d4ad551fa458c48fc7a783f446 (patch) | |
tree | 0ac20d07aa0cecc6be9f369299fa927617d0d0b8 | |
parent | 23951fcddb211ecbb470ee17d035584bfbe38029 (diff) | |
download | pam-modules-082c967151db85d4ad551fa458c48fc7a783f446.tar.gz pam-modules-082c967151db85d4ad551fa458c48fc7a783f446.tar.bz2 |
Minor fixes
* configure.ac: Don't build static libraries.
* examples/ldappubkey: Optionally authenticate via PAM`
-rw-r--r-- | configure.ac | 1 | ||||
-rwxr-xr-x | examples/ldappubkey | 22 | ||||
-rw-r--r-- | pam_innetgr/pam_innetgr.c | 2 | ||||
-rw-r--r-- | pam_umotd/pam_umotd.c | 2 | ||||
-rw-r--r-- | pamck/conv.c | 2 |
5 files changed, 25 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac index 82fbc8a..584aa4f 100644 --- a/configure.ac +++ b/configure.ac @@ -32,12 +32,13 @@ AC_SUBST(VI_REVISION,0) AC_SUBST(VI_AGE,0) dnl Checks for programs. AC_PROG_CC AC_PROG_INSTALL +AM_DISABLE_STATIC LT_PREREQ(2.2.5a) LT_INIT dnl Checks for libraries. AC_CHECK_LIB(pam, pam_get_item,:, [AC_MSG_ERROR([Required library libpam is not found])]) diff --git a/examples/ldappubkey b/examples/ldappubkey index 5bf2828..3a47b18 100755 --- a/examples/ldappubkey +++ b/examples/ldappubkey @@ -124,13 +124,22 @@ Full hostname of the machine. =back Default value is: (&(objectClass=posixAccount)($uid=$arg)) - + +=item B<PublicKeyPAMService> I<NAME> + +If this setting is present, B<ldappubkey> will first try to authenticate +using LDAP service I<NAME> and the user name supplied in the command line. +It will exit immediately if the authentication fails. + +This can be used to enforce additional restrictions on who is allowed to +log in remotely on the server. + =back =head1 OPTIONS =over 4 @@ -276,12 +285,23 @@ my @attrs = split /\s+/, $config{'publickeyattribute'}; my $filter = $config{'publickeyfilter'}; my $uid = "$config{'uid'}"; my $arg = $ARGV[0]; my $hostname = get_fqdn_hostname(); $filter =~ s/(?<!\\)(\$(?:uid|arg|hostname))/$1/eeg; +if (my $service = $config{publickeypamservice}) { + use Authen::PAM qw(:constants); + my $pamh; + ref($pamh = new Authen::PAM($service, $arg)) || + die "Error code $pamh during PAM init!"; + my $res = $pamh->pam_authenticate; + if ($res != PAM_SUCCESS) { + die "pam_authenticate: ". $pamh->pam_strerror($res) . "\n"; + } +} + my $res = assert($ldap->search(base => $config{'base'}, filter => $filter, attrs => \@attrs ), "searching for $filter in $config{'base'}"); foreach my $entry ($res->entries()) { diff --git a/pam_innetgr/pam_innetgr.c b/pam_innetgr/pam_innetgr.c index 2b9dc58..a926737 100644 --- a/pam_innetgr/pam_innetgr.c +++ b/pam_innetgr/pam_innetgr.c @@ -59,13 +59,13 @@ struct pam_opt pam_opt[] = { #endif #ifndef SIZE_T_MAX # define SIZE_T_MAX ((size_t)-1) #endif int -xgetname (int (*getfn)(char *, size_t), char **storage) +xgetname(int (*getfn)(char *, size_t), char **storage) { char *buffer = NULL; size_t size = 0; char *p; while (1) { diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c index b14ffab..2fea67c 100644 --- a/pam_umotd/pam_umotd.c +++ b/pam_umotd/pam_umotd.c @@ -102,13 +102,13 @@ get_la(double *ret) static int read_fd(pam_handle_t *pamh, const char *file, int fd) { char buf[1024], *p; - ssize_t rd; + ssize_t rd = 0; size_t total = 0; size_t level = 0; while (total < max_output_size) { size_t rdsize = sizeof(buf) - level - 1; diff --git a/pamck/conv.c b/pamck/conv.c index 692aca0..440f6cb 100644 --- a/pamck/conv.c +++ b/pamck/conv.c @@ -117,13 +117,13 @@ pamck_conv(int num_msg, const struct pam_message **msg, return PAM_CONV_ERR; reply = calloc(num_msg, sizeof(struct pam_response)); if (!reply) return PAM_CONV_ERR; for (i = 0; i < num_msg; i++) { - char *str; + char *str = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: if (pass) str = strdup(pass); else |