diff options
author | Andrew Morgan <morgan@kernel.org> | 2007-08-13 23:16:50 -0700 |
---|---|---|
committer | Andrew Morgan <morgan@kernel.org> | 2007-08-13 23:34:41 -0700 |
commit | cd45c57c35df7d2ff352ce74a27329e7fec39ae3 (patch) | |
tree | 193caa01752ff4c2e186ad32ebce9172b021fe34 /pam_cap | |
parent | fa0a8b847d6038b538762b8420cabe4569ecaada (diff) | |
download | platform_external_libcap-cd45c57c35df7d2ff352ce74a27329e7fec39ae3.tar.gz platform_external_libcap-cd45c57c35df7d2ff352ce74a27329e7fec39ae3.tar.bz2 platform_external_libcap-cd45c57c35df7d2ff352ce74a27329e7fec39ae3.zip |
Build with a pam_cap module.
Note, I've been confused about the capset/capget system calls.
It would seem that the current way(TM) is to get the raw API
from libc.
Diffstat (limited to 'pam_cap')
-rw-r--r-- | pam_cap/Makefile | 16 | ||||
-rw-r--r-- | pam_cap/capability.conf | 7 | ||||
-rw-r--r-- | pam_cap/pam_cap.c | 11 | ||||
-rw-r--r-- | pam_cap/test.c | 10 |
4 files changed, 27 insertions, 17 deletions
diff --git a/pam_cap/Makefile b/pam_cap/Makefile index 03d2597..453b63c 100644 --- a/pam_cap/Makefile +++ b/pam_cap/Makefile @@ -1,13 +1,19 @@ # simple make file for the pam_cap module +topdir=$(shell pwd)/.. +include ../Make.Rules + +all: pam_cap.so + $(MAKE) testcompile + pam_cap.so: pam_cap.o - ld -x --shared -o pam_cap.so $< -lcap + $(LD) -o pam_cap.so $< $(LIBS) pam_cap.o: pam_cap.c - $(CC) -fPIC -c $< + $(CC) $(CFLAGS) -c $< -o $@ -test: test.c pam_cap.o - $(CC) -o test test.c pam_cap.o -lpam -ldl -lcap +testcompile: test.c pam_cap.o + $(CC) $(CFLAGS) -o $@ $+ -lpam -ldl $(LIBS) clean: - rm -f *.o *.so test + rm -f *.o *.so testcompile diff --git a/pam_cap/capability.conf b/pam_cap/capability.conf index 30e4984..40d85fc 100644 --- a/pam_cap/capability.conf +++ b/pam_cap/capability.conf @@ -8,10 +8,9 @@ # and thus you'll know about Linux's capability support. # [If you don't know about libcap, the sources for it are here: # -# ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/ +# http://linux.kernel.org/pub/linux/libs/security/linux-privs/ # -# despite evidence to the contrary, the 2-2 library should be used for 2.3 -# kernels too.] +# .] # # Here are some sample lines (remove the preceding '#' if you want to # use them @@ -23,7 +22,7 @@ # cap_net_raw,cap_fowner luser ## 'everyone else' gets no inheritable capabilities -# none * +none * ## if there is no '*' entry, all users not explicitly mentioned will ## get all available capabilities. This is a permissive default, and diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c index 2b887fc..94c5ebc 100644 --- a/pam_cap/pam_cap.c +++ b/pam_cap/pam_cap.c @@ -1,10 +1,8 @@ /* - * Copyright (c) Andrew G. Morgan <morgan@linux.kernel.org> + * Copyright (c) 1999,2007 Andrew G. Morgan <morgan@kernel.org> * * The purpose of this module is to enforce inheritable capability sets * for a specified user. - * - * $Id$ <- no version yet ;) */ /* #define DEBUG */ @@ -13,6 +11,8 @@ #include <string.h> #include <errno.h> #include <stdarg.h> +#include <stdlib.h> +#include <syslog.h> #include <sys/capability.h> @@ -60,7 +60,7 @@ static char *read_capabilities_for_user(const char *user, const char *source) continue; } - while (line = strtok(NULL, CAP_FILE_DELIMITERS)) { + while ((line = strtok(NULL, CAP_FILE_DELIMITERS))) { if (strcmp("*", line) == 0) { D(("wildcard matched")); @@ -191,7 +191,7 @@ cleanup_cap_s: cap_free(cap_s); cap_s = NULL; } - + return ok; } @@ -308,4 +308,3 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, return (retval ? PAM_SUCCESS:PAM_IGNORE ); } - diff --git a/pam_cap/test.c b/pam_cap/test.c index 692ac28..5150ba5 100644 --- a/pam_cap/test.c +++ b/pam_cap/test.c @@ -1,6 +1,12 @@ #include <stdio.h> +#include <stdlib.h> +#include <security/pam_modules.h> -main() +int main(int argc, char **argv) { - pam_sm_authenticate(NULL, 0, NULL, 0); + if (pam_sm_authenticate(NULL, 0, 0, NULL) != PAM_SUCCESS) { + printf("failed to authenticate\n"); + exit(1); + } + exit(0); } |