From e3229abd35f24060489e0ef8a9624952ddc21233 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sven=20M=C3=A4der?= <maeder@phys.ethz.ch>
Date: Thu, 27 Jun 2024 11:25:14 +0200
Subject: [PATCH] Allow to use in session

---
 README.md |  2 +-
 pam_tty.c | 39 ++++++++++++++++++++++-----------------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 11c73ab..c929b78 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@ PAM module to check if the login occurs via a specific tty like a serial console
 It will return `PAM_SUCCESS` if the first characters of the
 tty used for login matches one of the strings supplied as
 value of argument `tty`.
+Can be used in `auth` and `session`, in other groups returns `PAM_IGNORE`.
 
 Example: `tty=/dev/ttyS` will match all logins via a serial
 console like `/dev/ttyS0`, `/dev/ttyS1`, etc.
@@ -44,7 +45,6 @@ cd pam-tty
 ```sh
 make
 ```
-
 Or, if you are running a multilib system:
 
 ```sh
diff --git a/pam_tty.c b/pam_tty.c
index 878ba30..9c7cfbd 100644
--- a/pam_tty.c
+++ b/pam_tty.c
@@ -109,23 +109,8 @@ static char** get_values(char* list, const char* delimiter) {
     return values;
 }
 
-/* PAM entry point for session creation */
-int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
-    return(PAM_IGNORE);
-}
-
-/* PAM entry point for session cleanup */
-int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
-    return(PAM_IGNORE);
-}
-
-/* PAM entry point for accounting */
-int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
-    return(PAM_IGNORE);
-}
-
-/* PAM entry point for authentication verification */
-int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+/* Returns PAM_SUCCESS if login occurs via a specific tty */
+int pam_tty(pam_handle_t *pamh, int argc, const char **argv) {
     int pgi_ret, i;
     unsigned int debug = 0;
     char *tty;
@@ -184,6 +169,26 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar
     return(PAM_IGNORE);
 }
 
+/* PAM entry point for session creation */
+int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return(pam_tty(pamh, argc, argv));
+}
+
+/* PAM entry point for session cleanup */
+int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return(PAM_IGNORE);
+}
+
+/* PAM entry point for accounting */
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return(PAM_IGNORE);
+}
+
+/* PAM entry point for authentication verification */
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return(pam_tty(pamh, argc, argv));
+}
+
 /*
    PAM entry point for setting user credentials (that is, to actually
    establish the authenticated user's credentials to the service provider)