Switch: Strict mode. Lock out if config is broken or not.
This commit is contained in:
parent
90714490d1
commit
01b4a1bbed
src/pam_panic
@ -93,6 +93,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|
|||||||
int8_t bReboot = 0;
|
int8_t bReboot = 0;
|
||||||
int8_t bPoweroff = 0;
|
int8_t bPoweroff = 0;
|
||||||
int8_t bPassword = 0;
|
int8_t bPassword = 0;
|
||||||
|
int8_t bStrict = 0;
|
||||||
|
|
||||||
// gettext
|
// gettext
|
||||||
setlocale(LC_ALL, "");
|
setlocale(LC_ALL, "");
|
||||||
@ -122,6 +123,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|
|||||||
if(strstr(argv[i], "password") != NULL){
|
if(strstr(argv[i], "password") != NULL){
|
||||||
bPassword = 1;
|
bPassword = 1;
|
||||||
}
|
}
|
||||||
|
if(strstr(argv[i], "strict") != NULL){
|
||||||
|
bStrict = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if(strstr(argv[i], "serious") != NULL){
|
if(strstr(argv[i], "serious") != NULL){
|
||||||
argSplit(&serious_arg, &serious_temp, argv[i]);
|
argSplit(&serious_arg, &serious_temp, argv[i]);
|
||||||
@ -139,7 +143,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|
|||||||
|| (bSerious && serious_temp == NULL)
|
|| (bSerious && serious_temp == NULL)
|
||||||
) {
|
) {
|
||||||
pam_syslog(pamh, LOG_ERR, _("ERROR: Arguments invalid. Note that \"allow\" and \"reject\" must have a valid GPT UUID."));
|
pam_syslog(pamh, LOG_ERR, _("ERROR: Arguments invalid. Note that \"allow\" and \"reject\" must have a valid GPT UUID."));
|
||||||
|
if(bStrict)
|
||||||
return (PAM_ABORT);
|
return (PAM_ABORT);
|
||||||
|
else
|
||||||
|
return (PAM_IGNORE);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Poweroff wins.
|
// Poweroff wins.
|
||||||
@ -175,7 +182,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|
|||||||
// Check if panic key exist
|
// Check if panic key exist
|
||||||
if(bSerious && access(serious_dev, F_OK) == -1){
|
if(bSerious && access(serious_dev, F_OK) == -1){
|
||||||
pam_syslog(pamh, LOG_ALERT, _("ALERT for argument \"serious\": Device doesn't exist."));
|
pam_syslog(pamh, LOG_ALERT, _("ALERT for argument \"serious\": Device doesn't exist."));
|
||||||
|
if(bStrict)
|
||||||
return (PAM_ABORT);
|
return (PAM_ABORT);
|
||||||
|
else
|
||||||
|
return (PAM_IGNORE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -187,7 +197,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|
|||||||
}
|
}
|
||||||
// Prompt for password
|
// Prompt for password
|
||||||
else if(bPassword){
|
else if(bPassword){
|
||||||
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff);
|
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff, bStrict);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (PAM_ABORT);
|
return (PAM_ABORT);
|
||||||
|
@ -62,7 +62,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
|
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict){
|
||||||
|
|
||||||
// gettext
|
// gettext
|
||||||
setlocale (LC_ALL, "");
|
setlocale (LC_ALL, "");
|
||||||
@ -84,7 +84,10 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
|
|||||||
// Read passwords from file
|
// Read passwords from file
|
||||||
char pw[2][99];
|
char pw[2][99];
|
||||||
if(readPassword(pamh, pw))
|
if(readPassword(pamh, pw))
|
||||||
|
if(bStrict)
|
||||||
return(PAM_ABORT);
|
return(PAM_ABORT);
|
||||||
|
else
|
||||||
|
return(PAM_IGNORE);
|
||||||
|
|
||||||
|
|
||||||
for(int i=0; i<3; i++){
|
for(int i=0; i<3; i++){
|
||||||
|
@ -18,7 +18,7 @@ LICENSE : GNU-GPLv3
|
|||||||
#error PPASSFILE must be declared!
|
#error PPASSFILE must be declared!
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff);
|
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict);
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user