1 /* pam_rootok module */
6 * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
18 * here, we make a definition for the externally accessible function
19 * in this file (this definition is required for static a module
20 * but strongly encouraged generally) it is used to instruct the
21 * modules include file to define the function prototypes.
26 #include <security/pam_modules.h>
27 #include <security/pam_ext.h>
30 #include <selinux/selinux.h>
31 #include <selinux/av_permissions.h>
34 /* argument parsing */
36 #define PAM_DEBUG_ARG 01
39 _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
43 /* step through arguments */
44 for (ctrl=0; argc-- > 0; ++argv) {
48 if (!strcmp(*argv,"debug"))
49 ctrl |= PAM_DEBUG_ARG;
51 pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
59 check_for_root (pam_handle_t *pamh, int ctrl)
61 int retval = PAM_AUTH_ERR;
65 if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0)
69 if (ctrl & PAM_DEBUG_ARG) {
70 pam_syslog(pamh, LOG_DEBUG, "root check %s",
71 (retval==PAM_SUCCESS) ? "succeeded" : "failed");
77 /* --- management functions --- */
80 pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
81 int argc, const char **argv)
85 ctrl = _pam_parse(pamh, argc, argv);
87 return check_for_root (pamh, ctrl);
91 pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
92 int argc UNUSED, const char **argv UNUSED)
98 pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
99 int argc, const char **argv)
103 ctrl = _pam_parse(pamh, argc, argv);
105 return check_for_root (pamh, ctrl);
109 pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED,
110 int argc, const char **argv)
114 ctrl = _pam_parse(pamh, argc, argv);
116 return check_for_root (pamh, ctrl);
121 /* static module data */
123 struct pam_module _pam_rootok_modstruct = {
135 /* end of module definition */