diff options
| author | Steve Langasek <vorlon@debian.org> | 2010-07-29 20:16:39 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:32:38 -0800 |
| commit | 655c7a8843261079fecf0b6e15de77972a0eb708 (patch) | |
| tree | 167aeb717538bdc9f685a652009038d586530779 /modules/pam_access/pam_access.c | |
| parent | 6ce511785e4b9751ef184236c2cf8f63bc25f512 (diff) | |
| parent | 8645d4f5131d25692dfd78d3e1c46b03f33febf3 (diff) | |
| download | pam-655c7a8843261079fecf0b6e15de77972a0eb708.tar.gz pam-655c7a8843261079fecf0b6e15de77972a0eb708.tar.bz2 pam-655c7a8843261079fecf0b6e15de77972a0eb708.zip | |
merge from trunk
Diffstat (limited to 'modules/pam_access/pam_access.c')
| -rw-r--r-- | modules/pam_access/pam_access.c | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index ba8effe3..e9f0caa3 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -41,11 +41,12 @@ #include <errno.h> #include <ctype.h> #include <sys/utsname.h> -#include <rpcsvc/ypclnt.h> #include <arpa/inet.h> #include <netdb.h> #include <sys/socket.h> - +#ifdef HAVE_RPCSVC_YPCLNT_H +#include <rpcsvc/ypclnt.h> +#endif #ifdef HAVE_LIBAUDIT #include <libaudit.h> #endif @@ -465,13 +466,31 @@ static int netgroup_match (pam_handle_t *pamh, const char *netgroup, const char *machine, const char *user, int debug) { - char *mydomain = NULL; int retval; + char *mydomain = NULL; +#ifdef HAVE_YP_GET_DEFAUTL_DOMAIN yp_get_default_domain(&mydomain); +#elif defined(HAVE_GETDOMAINNAME) + char domainname_res[256]; + if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) + { + if (strcmp (domainname_res, "(none)") == 0) + { + /* If domainname is not set, some systems will return "(none)" */ + domainname_res[0] = '\0'; + } + mydomain = domainname_res; + } +#endif +#ifdef HAVE_INNETGR retval = innetgr (netgroup, machine, user, mydomain); +#else + retval = 0; + pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support"); +#endif if (debug == YES) pam_syslog (pamh, LOG_DEBUG, "netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)", @@ -479,7 +498,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, machine ? machine : "NULL", user ? user : "NULL", mydomain ? mydomain : "NULL"); return retval; - } /* user_match - match a username against one token */ @@ -511,9 +529,14 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item) return (user_match (pamh, tok, item) && from_match (pamh, at + 1, &fake_item)); } else if (tok[0] == '@') { /* netgroup */ - if (item->hostname == NULL) - return NO; - return (netgroup_match (pamh, tok + 1, item->hostname, string, item->debug)); + const char *hostname = NULL; + if (tok[1] == '@') { /* add hostname to netgroup match */ + if (item->hostname == NULL) + return NO; + ++tok; + hostname = item->hostname; + } + return (netgroup_match (pamh, tok + 1, hostname, string, item->debug)); } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')') return (group_match (pamh, tok, string, item->debug)); else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */ |