Relevant BUGIDs: 2892189

Purpose of commit: bugfix

Commit summary:
---------------
2009-11-18  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c(user_match): Revert the netgroup
        match to the original behavior, add new syntax for adding the local
        hostname.
        * modules/pam_access/access.conf.5.xml: Document the new syntax
	for adding the local hostname to the netgroup match.

1 files changed, 8 insertions, 3 deletions

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 963ce528..e9f0caa3 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -529,9 +529,14 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
 	return (user_match (pamh, tok, item) &&
 		from_match (pamh, at + 1, &fake_item));
     } else if (tok[0] == '@') {			/* netgroup */
-	if (item->hostname == NULL)
-	    return NO;
-        return (netgroup_match (pamh, tok + 1, item->hostname, string, item->debug));
+	const char *hostname = NULL;
+	if (tok[1] == '@') {			/* add hostname to netgroup match */
+		if (item->hostname == NULL)
+		    return NO;
+		++tok;
+		hostname = item->hostname;
+	}
+        return (netgroup_match (pamh, tok + 1, hostname, string, item->debug));
     } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
       return (group_match (pamh, tok, string, item->debug));
     else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */