aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Holstein <nathan.holstein@gmail.com>2015-08-06 01:16:35 -0400
committerNathan Holstein <nathan.holstein@gmail.com>2015-08-06 01:16:35 -0400
commitc0e3a9f6690cfcefaa390a63c89cfa2f074287ad (patch)
tree51cb024b59adcf673160cd7185f883d6e08ce2a9
parentb785ec90e5ba76d857e208a7d5d46a1b1b87b83f (diff)
downloadopendoas-c0e3a9f6690cfcefaa390a63c89cfa2f074287ad.tar.gz
Add PAM service definition for doas.
These are the same configuration in MacOSX's default service definition for sudo.
-rw-r--r--Makefile4
-rw-r--r--libopenbsd/auth_userokay.c2
-rw-r--r--pam.d__doas5
3 files changed, 10 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index f2277ab..59c4ee7 100644
--- a/Makefile
+++ b/Makefile
@@ -14,3 +14,7 @@ COPTS+= -Wall -Wextra -Werror -pedantic -std=c11
LDFLAGS+= -lpam
include bsd.prog.mk
+
+/etc/pam.d/doas: pam.d__doas
+ cp $< $@
+install: /etc/pam.d/doas
diff --git a/libopenbsd/auth_userokay.c b/libopenbsd/auth_userokay.c
index ab3d5e0..5565146 100644
--- a/libopenbsd/auth_userokay.c
+++ b/libopenbsd/auth_userokay.c
@@ -27,7 +27,7 @@
#include "openbsd.h"
-#define PAM_SERVICE "sudo"
+#define PAM_SERVICE "doas"
#define __UNUSED __attribute__ ((unused))
diff --git a/pam.d__doas b/pam.d__doas
new file mode 100644
index 0000000..87551fb
--- /dev/null
+++ b/pam.d__doas
@@ -0,0 +1,5 @@
+# sudo: auth account password session
+auth required pam_opendirectory.so
+account required pam_permit.so
+password required pam_deny.so
+session required pam_permit.so