diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2013-11-21 10:42:43 +0800 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2013-11-21 10:42:43 +0800 |
commit | b7645cfe72934d31b5bb03394dedd356c2060197 (patch) | |
tree | af3a4003c10c8cea466bd78c87dd837ebf8699c8 | |
parent | 7ebe240077c581daaab278a51628fa915ca1df3e (diff) | |
download | mod_intercept_form_submit-b7645cfe72934d31b5bb03394dedd356c2060197.tar.gz mod_intercept_form_submit-b7645cfe72934d31b5bb03394dedd356c2060197.tar.xz mod_intercept_form_submit-b7645cfe72934d31b5bb03394dedd356c2060197.zip |
Perform PAM account validation, not just authentication.
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | mod_intercept_form_submit.c | 8 |
2 files changed, 9 insertions, 0 deletions
@@ -85,6 +85,7 @@ http_application_sss example, file /etc/pam.d/http_application_sss could be created with content auth required pam_sss.so + account required pam_sss.so to authenticate against sssd. diff --git a/mod_intercept_form_submit.c b/mod_intercept_form_submit.c index d5ba62b..110d09f 100644 --- a/mod_intercept_form_submit.c +++ b/mod_intercept_form_submit.c @@ -109,6 +109,14 @@ int pam_authenticate_with_login_password(request_rec * r, const char * pam_servi pam_end(pamh, ret); return 0; } + if ((ret = pam_acct_mgmt(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) { + const char * strerr = pam_strerror(pamh, ret); + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, + "mod_intercept_form_submit: PAM account validation failed for user %s: %s", login, strerr); + apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr)); + pam_end(pamh, ret); + return 0; + } apr_table_setn(r->subprocess_env, _REMOTE_USER_ENV_NAME, login); r->user = login; ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, r->server, "mod_intercept_form_submit: PAM authentication passed for user %s", login); |