1 From c681bd104627139eac2f40fe303e1f67676233e8 Mon Sep 17 00:00:00 2001
2 From: Yousong Zhou <yszhou4tech@gmail.com>
3 Date: Wed, 17 Jun 2015 15:33:43 +0800
4 Subject: [PATCH 7/7] Check if innetgr is available at compile time.
6 innetgr may not be there so make sure that when innetgr is not present
7 then we inform about it and not use it.
9 * modules/pam_group/pam_group.c: ditto
10 * modules/pam_succeed_if/pam_succeed_if.c: ditto
11 * modules/pam_time/pam_time.c: ditto
13 Signed-off-by: Khem Raj <raj.khem at gmail.com>
14 Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
16 modules/pam_group/pam_group.c | 4 ++++
17 modules/pam_succeed_if/pam_succeed_if.c | 17 +++++++++++++----
18 modules/pam_time/pam_time.c | 4 ++++
19 3 files changed, 21 insertions(+), 4 deletions(-)
21 diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
22 index be5f20f..6a065ca 100644
23 --- a/modules/pam_group/pam_group.c
24 +++ b/modules/pam_group/pam_group.c
25 @@ -656,7 +656,11 @@ static int check_account(pam_handle_t *pamh, const char *service,
27 /* If buffer starts with @, we are using netgroups */
30 good &= innetgr (&buffer[1], NULL, user, NULL);
32 + pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
34 /* otherwise, if the buffer starts with %, it's a UNIX group */
35 else if (buffer[0] == '%')
36 good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
37 diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
38 index aa828fc..c0c68a0 100644
39 --- a/modules/pam_succeed_if/pam_succeed_if.c
40 +++ b/modules/pam_succeed_if/pam_succeed_if.c
41 @@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
43 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
45 -evaluate_innetgr(const char *host, const char *user, const char *group)
46 +evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
49 if (innetgr(group, host, user, NULL) == 1)
52 + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
57 /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
59 -evaluate_notinnetgr(const char *host, const char *user, const char *group)
60 +evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
63 if (innetgr(group, host, user, NULL) == 0)
66 + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
71 @@ -387,14 +396,14 @@ evaluate(pam_handle_t *pamh, int debug,
73 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
75 - return evaluate_innetgr(rhost, user, right);
76 + return evaluate_innetgr(pamh, rhost, user, right);
78 /* (Rhost, user) is not in this group. */
79 if (strcasecmp(qual, "notinnetgr") == 0) {
81 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
83 - return evaluate_notinnetgr(rhost, user, right);
84 + return evaluate_notinnetgr(pamh, rhost, user, right);
87 return PAM_SERVICE_ERR;
88 diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
89 index c94737c..0b34a14 100644
90 --- a/modules/pam_time/pam_time.c
91 +++ b/modules/pam_time/pam_time.c
92 @@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const char *service,
94 /* If buffer starts with @, we are using netgroups */
97 good &= innetgr (&buffer[1], NULL, user, NULL);
99 + pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
102 good &= logic_field(pamh, user, buffer, count, is_same);
103 D(("with user: %s", good ? "passes":"fails" ));
projects / feed / packages.git / blob