Add support for require pam-account the-service-name.

author: Jan Pazdziora <jpazdziora@redhat.com> 2014-01-06 12:32:57 +0800
committer: Jan Pazdziora <jpazdziora@redhat.com> 2014-01-06 15:10:13 +0800
commit: c80a81dacc4eeae4a28de6713c77978b2dd4ff64 (patch)
tree: cf58454505210a4da40eeb6fb20e8e80c0ba8a16 /mod_authnz_pam.c
parent: 67060fba58bfe53f5e81447eb623c386549773d9 (diff)
download: mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.gz
mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.xz
mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/mod_authnz_pam.c b/mod_authnz_pam.c
index 6ebc77e..08e687b 100644
--- a/mod_authnz_pam.c
+++ b/mod_authnz_pam.c
@@ -120,8 +120,36 @@ static const authn_provider authn_pam_provider = {
 	&pam_auth_account,
 };
 
+static int check_user_access(request_rec * r) {
+	int m = r->method_number;
+	const apr_array_header_t * reqs_arr = ap_requires(r);
+	if (! reqs_arr) {
+		return DECLINED;
+	}
+	require_line * reqs = (require_line *)reqs_arr->elts;
+	int x;
+	for (x = 0; x < reqs_arr->nelts; x++) {
+		if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
+			continue;
+		}
+		const char * t = reqs[x].requirement;
+		const char * w = ap_getword_white(r->pool, &t);
+		if (!strcasecmp(w, "pam-account")) {
+			const char * pam_service = ap_getword_conf(r->pool, &t);
+			if (pam_service && strlen(pam_service)) {
+				authn_status ret = pam_authenticate_with_login_password(r, pam_service, r->user, NULL, _PAM_STEP_ACCOUNT);
+				if (ret == AUTH_GRANTED) {
+					return OK;
+				}
+			}
+		}
+	}
+	return DECLINED;
+}
+
 static void register_hooks(apr_pool_t * p) {
 	ap_register_provider(p, AUTHN_PROVIDER_GROUP, "PAM", "0", &authn_pam_provider);
+	ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);
 }
 
 module AP_MODULE_DECLARE_DATA authnz_pam_module = {
author	Jan Pazdziora <jpazdziora@redhat.com>	2014-01-06 12:32:57 +0800
committer	Jan Pazdziora <jpazdziora@redhat.com>	2014-01-06 15:10:13 +0800
commit	c80a81dacc4eeae4a28de6713c77978b2dd4ff64 (patch)
tree	cf58454505210a4da40eeb6fb20e8e80c0ba8a16 /mod_authnz_pam.c
parent	67060fba58bfe53f5e81447eb623c386549773d9 (diff)
download	mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.gz mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.xz mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.zip