* Provide a simply /etc/pam.d/init as without it will not work (sigh!)
* Extend sulogin to support additional encryption algorithms
* Re-enable maintenance message of sulogin
+ * Remove PAM session start part from init as sulogin do not use
+ and will not use a PAM conv() function. The current sulogin
+ is able to handle DES as well as MD5, SHA, and Blowfish encrypted
+ passwords due using getpwnam(3).
+ * Enable the sulogin fallback password check to handle MD5, SHA, and
+ Blowfish encrypted passwords in case of getpwnam(3) fails.
-- Petter Reinholdtsen <pere@hungry.com> Sun, 12 Jul 2009 19:58:10 +0200
# endif
#endif
-#ifdef USE_PAM
-# include <security/pam_appl.h>
-# include <security/pam_misc.h>
-#endif
-
#include "init.h"
#include "initreq.h"
#include "paths.h"
}
-#ifdef USE_PAM
-static pam_handle_t *pamh = NULL;
-# ifdef __GNUC__
-static int
-init_conv(int num_msg, const struct pam_message **msgm,
- struct pam_response **response __attribute__((unused)),
- void *appdata_ptr __attribute__((unused)))
-# else
-static int
-init_conv(int num_msg, const struct pam_message **msgm,
- struct pam_response **response, void *appdata_ptr)
-# endif
-{
- int i;
- for (i = 0; i < num_msg; i++) {
- const struct pam_message *msg = msgm[i];
- if (msg == (const struct pam_message*)0)
- continue;
- if (msg->msg == (char*)0)
- continue;
- switch (msg->msg_style) {
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- initlog(L_VB, "pam_message %s", msg->msg);
- default:
- break;
- }
- }
- return 0;
-}
-static const struct pam_conv conv = { init_conv, NULL };
-# define PAM_FAIL_CHECK(func, args...) \
- { \
- if ((pam_ret = (func)(args)) != PAM_SUCCESS) { \
- initlog(L_VB, "%s", pam_strerror(pamh, pam_ret)); \
- goto pam_error; \
- } \
- }
-#endif /* USE_PAM */
-
-
/*
* Build a new environment for execve().
*/
char i_cons[32];
char i_shell[] = "SHELL=" SHELL;
char **e;
-#ifdef USE_PAM
- char **pamenv = (char**)0;
-#endif
int n, i;
for (n = 0; environ[n]; n++)
;
n += NR_EXTRA_ENV;
- if (child) {
-#ifdef USE_PAM
- pamenv = pam_getenvlist(pamh);
- for (i = 0; pamenv[i]; i++)
- ;
- n += i;
-#endif
+ if (child)
n += 8;
- }
e = calloc(n, sizeof(char *));
for (n = 0; environ[n]; n++)
}
if (child) {
-#ifdef USE_PAM
- for (i = 0; pamenv[i]; i++)
- e[n++] = istrdup(pamenv[i]);
-#endif
snprintf(i_cons, sizeof(i_cons), "CONSOLE=%s", console_dev);
i_lvl[9] = thislevel;
i_prev[10] = prevlevel;
sigprocmask(SIG_BLOCK, &nmask, &omask);
if ((pid = fork()) == 0) {
-#ifdef USE_PAM
- int pam_ret;
-#endif
+
close(0);
close(1);
close(2);
dup(f);
}
-#ifdef USE_PAM
- PAM_FAIL_CHECK(pam_start, "init", "root" , &conv, &pamh);
- PAM_FAIL_CHECK(pam_set_item, pamh, PAM_TTY, console_dev);
- PAM_FAIL_CHECK(pam_acct_mgmt, pamh, PAM_SILENT);
- PAM_FAIL_CHECK(pam_open_session, pamh, PAM_SILENT);
- PAM_FAIL_CHECK(pam_setcred, pamh, PAM_ESTABLISH_CRED|PAM_SILENT);
-#endif
/*
* Update utmp/wtmp file prior to starting
* any child. This MUST be done right here in
if (ch->process[0] != '+')
write_utmp_wtmp("", ch->id, getpid(), DEAD_PROCESS, NULL);
-#ifdef USE_PAM
- (void)pam_setcred(pamh, PAM_DELETE_CRED|PAM_SILENT);
- pam_ret = pam_close_session(pamh, PAM_SILENT);
- pam_error:
- pam_end(pamh, pam_ret);
-#endif
exit(1);
}
*res = pid;
git.wh0rd.org / sysvinit.git / commitdiff
