opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git
Log | Files | Refs | README | LICENSE

commit c387f2c31718d4f34c77203dae6bb8c4bc0abc94
parent e246f9e2fee02046072b69a9e8c29767db7f4652
Author: Duncaen <mail@duncano.de>
Date:   Sun,  8 May 2016 19:38:18 +0200

set PAM_USER, PAM_RUSER and PAM_TTY if available

Diffstat:
doas_pam.c | 23+++++++++++++++++++++++
1 file changed, 23 insertions(+), 0 deletions(-)

diff --git a/doas_pam.c b/doas_pam.c @@ -116,6 +116,7 @@ doas_pam(char *name, int interactive, int nopass) .conv = doas_pam_conv, .appdata_ptr = NULL, }; + const char *ttydev, *tty; pid_t child; int ret; @@ -127,6 +128,28 @@ doas_pam(char *name, int interactive, int nopass) errx(1, "pam_start(\"%s\", \"%s\", ?, ?): failed\n", PAM_SERVICE_NAME, name); + ret = pam_set_item(pamh, PAM_USER, name); + if (ret != PAM_SUCCESS) + errx(1, "pam_set_item(?, PAM_USER, \"%s\"): %s\n", + name, pam_strerror(pamh, ret)); + + ret = pam_set_item(pamh, PAM_RUSER, name); + if (ret != PAM_SUCCESS) + errx(1, "pam_set_item(?, PAM_RUSER, \"%s\"): %s\n", + name, pam_strerror(pamh, ret)); + + if (isatty(0) && (ttydev = ttyname(0)) != NULL) { + if (strncmp(ttydev, "/dev/", 5)) + tty = ttydev + 5; + else + tty = ttydev; + + ret = pam_set_item(pamh, PAM_TTY, tty); + if (ret != PAM_SUCCESS) + errx(1, "pam_set_item(?, PAM_TTY, \"%s\"): %s\n", + tty, pam_strerror(pamh, ret)); + } + if (!nopass) { if (!interactive) errx(1, "Authorization required");