diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2014-01-06 12:32:57 +0800 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2014-01-06 15:10:13 +0800 |
commit | c80a81dacc4eeae4a28de6713c77978b2dd4ff64 (patch) | |
tree | cf58454505210a4da40eeb6fb20e8e80c0ba8a16 /mod_authnz_pam.c | |
parent | 67060fba58bfe53f5e81447eb623c386549773d9 (diff) | |
download | mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.gz mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.tar.xz mod_authnz_pam-c80a81dacc4eeae4a28de6713c77978b2dd4ff64.zip |
Add support for require pam-account the-service-name.
Diffstat (limited to 'mod_authnz_pam.c')
-rw-r--r-- | mod_authnz_pam.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/mod_authnz_pam.c b/mod_authnz_pam.c index 6ebc77e..08e687b 100644 --- a/mod_authnz_pam.c +++ b/mod_authnz_pam.c @@ -120,8 +120,36 @@ static const authn_provider authn_pam_provider = { &pam_auth_account, }; +static int check_user_access(request_rec * r) { + int m = r->method_number; + const apr_array_header_t * reqs_arr = ap_requires(r); + if (! reqs_arr) { + return DECLINED; + } + require_line * reqs = (require_line *)reqs_arr->elts; + int x; + for (x = 0; x < reqs_arr->nelts; x++) { + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + continue; + } + const char * t = reqs[x].requirement; + const char * w = ap_getword_white(r->pool, &t); + if (!strcasecmp(w, "pam-account")) { + const char * pam_service = ap_getword_conf(r->pool, &t); + if (pam_service && strlen(pam_service)) { + authn_status ret = pam_authenticate_with_login_password(r, pam_service, r->user, NULL, _PAM_STEP_ACCOUNT); + if (ret == AUTH_GRANTED) { + return OK; + } + } + } + } + return DECLINED; +} + static void register_hooks(apr_pool_t * p) { ap_register_provider(p, AUTHN_PROVIDER_GROUP, "PAM", "0", &authn_pam_provider); + ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA authnz_pam_module = { |