| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- innetgr may not be there so make sure that when innetgr is not present
- then we inform about it and not use it.
- -Khem
- --- a/modules/pam_group/pam_group.c
- +++ b/modules/pam_group/pam_group.c
- @@ -656,7 +656,11 @@ static int check_account(pam_handle_t *p
- }
- /* If buffer starts with @, we are using netgroups */
- if (buffer[0] == '@')
- +#ifdef HAVE_INNETGR
- good &= innetgr (&buffer[1], NULL, user, NULL);
- +#else
- + pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
- +#endif
- /* otherwise, if the buffer starts with %, it's a UNIX group */
- else if (buffer[0] == '%')
- good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
- --- a/modules/pam_time/pam_time.c
- +++ b/modules/pam_time/pam_time.c
- @@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const
- }
- /* If buffer starts with @, we are using netgroups */
- if (buffer[0] == '@')
- - good &= innetgr (&buffer[1], NULL, user, NULL);
- +#ifdef HAVE_INNETGR
- + good &= innetgr (&buffer[1], NULL, user, NULL);
- +#else
- + pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
- +#endif
- else
- - good &= logic_field(pamh, user, buffer, count, is_same);
- + good &= logic_field(pamh, user, buffer, count, is_same);
- D(("with user: %s", good ? "passes":"fails" ));
-
- /* here we get the time field */
- --- a/modules/pam_succeed_if/pam_succeed_if.c
- +++ b/modules/pam_succeed_if/pam_succeed_if.c
- @@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh,
- }
- /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
- static int
- -evaluate_innetgr(const char *host, const char *user, const char *group)
- +evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
- {
- +#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 1)
- return PAM_SUCCESS;
- +#else
- + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
- +#endif
- +
- return PAM_AUTH_ERR;
- }
- /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
- static int
- -evaluate_notinnetgr(const char *host, const char *user, const char *group)
- +evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
- {
- +#ifdef HAVE_INNETGR
- if (innetgr(group, host, user, NULL) == 0)
- return PAM_SUCCESS;
- +#else
- + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
- +#endif
- return PAM_AUTH_ERR;
- }
-
- @@ -387,14 +396,14 @@ evaluate(pam_handle_t *pamh, int debug,
- const void *rhost;
- if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
- rhost = NULL;
- - return evaluate_innetgr(rhost, user, right);
- + return evaluate_innetgr(pamh, rhost, user, right);
- }
- /* (Rhost, user) is not in this group. */
- if (strcasecmp(qual, "notinnetgr") == 0) {
- const void *rhost;
- if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
- rhost = NULL;
- - return evaluate_notinnetgr(rhost, user, right);
- + return evaluate_notinnetgr(pamh, rhost, user, right);
- }
- /* Fail closed. */
- return PAM_SERVICE_ERR;
|
