diff options
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | doc/modules/pam_access.sgml | 17 | ||||
| -rw-r--r-- | modules/pam_access/access.conf | 6 | ||||
| -rw-r--r-- | modules/pam_access/pam_access.c | 11 |
4 files changed, 29 insertions, 7 deletions
@@ -55,6 +55,8 @@ bug report - outstanding bugs are listed here: 0.76: please submit patches for this section with actual code/doc patches! +* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan), + made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan). * pam_limits: keep well know behaviour of maxlogins default ('*') limit (Bug 533664 - baggins) * pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan) diff --git a/doc/modules/pam_access.sgml b/doc/modules/pam_access.sgml index 00c7ea16..8a910d13 100644 --- a/doc/modules/pam_access.sgml +++ b/doc/modules/pam_access.sgml @@ -22,8 +22,6 @@ Alexei Nogin <alexei@nogin.dnttm.ru> <tag><bf>Maintainer:</bf></tag> -Author - <tag><bf>Management groups provided:</bf></tag> account @@ -59,7 +57,8 @@ Provides logdaemon style login access control. <tag><bf>Recognized arguments:</bf></tag> -<tt>accessfile=<it>/path/to/file.conf</it></tt> +<tt>accessfile=<it>/path/to/file.conf</it></tt>; +<tt>fieldsep=<it>separators</it></tt> <tag><bf>Description:</bf></tag> @@ -79,7 +78,17 @@ arguments: indicate an alternative <em/access/ configuration file to override the default. This can be useful when different services need different access lists. - + +<item><tt>fieldsep=<it>separators</it></tt> - +this option modifies the field separator character that +<tt/pam_access/ will recognize when parsing the access configuration +file. For example: <tt>fieldsep=|</tt> will cause the default `:' +character to be treated as part of a field value and `|' becomes the +field separator. Doing this is useful in conjuction with a system that +wants to use pam_access with X based applications, since the +<tt/PAM_TTY/ item is likely to be of the form "hostname:0" which +includes a `:' character in its value. + </itemize> <tag><bf>Examples/suggested usage:</bf></tag> diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf index 9ecf2ffd..dbaadf67 100644 --- a/modules/pam_access/access.conf +++ b/modules/pam_access/access.conf @@ -8,6 +8,12 @@ # # Format of the login access control table is three fields separated by a # ":" character: +# +# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so +# module, you can change the field separation character to be +# '|'. This is useful for configurations where you are trying to use +# pam_access with X applications that provide PAM_TTY values that are +# the display variable like "host:0".] # # permission : users : origins # diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 33bf767f..68a137ca 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -87,7 +87,7 @@ int strcasecmp(const char *s1, const char *s2); /* Delimiters for fields and for lists of users, ttys or hosts. */ -static const char fs[] = ":"; /* field separator */ +static const char *fs = ":"; /* field separator */ static const char sep[] = ", \t"; /* list-element separator */ /* Constants to be used in assignments only, not in comparisons... */ @@ -126,7 +126,12 @@ static int parse_args(struct login_info *loginfo, int argc, const char **argv) int i; for (i=0; i<argc; ++i) { - if (!strncmp("accessfile=", argv[i], 11)) { + if (!strncmp("fieldsep=", argv[i], 9)) { + + /* the admin wants to override the default field separators */ + fs = argv[i]+9; + + } else if (!strncmp("accessfile=", argv[i], 11)) { FILE *fp = fopen(11 + argv[i], "r"); if (fp) { @@ -427,7 +432,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc return PAM_ABORT; } - if (from==NULL) { + if ((from==NULL) || (*from=='\0')) { /* local login, set tty name */ |