login_access.c (87628) | login_access.c (89994) |
---|---|
1 /* 2 * This module implements a simple but effective form of login access 3 * control based on login names and on host (or domain) names, internet 4 * addresses (or network numbers), or on terminal line names in case of 5 * non-networked logins. Diagnostics are reported through syslog(3). 6 * 7 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 8 */ 9 10#ifdef LOGIN_ACCESS 11#if 0 12#ifndef lint 13static char sccsid[] = "%Z% %M% %I% %E% %U%"; 14#endif 15#endif 16 17#include <sys/cdefs.h> | 1 /* 2 * This module implements a simple but effective form of login access 3 * control based on login names and on host (or domain) names, internet 4 * addresses (or network numbers), or on terminal line names in case of 5 * non-networked logins. Diagnostics are reported through syslog(3). 6 * 7 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 8 */ 9 10#ifdef LOGIN_ACCESS 11#if 0 12#ifndef lint 13static char sccsid[] = "%Z% %M% %I% %E% %U%"; 14#endif 15#endif 16 17#include <sys/cdefs.h> |
18__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_login_access/login_access.c 87628 2001-12-10 21:13:08Z dwmalone $"); | 18__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_login_access/login_access.c 89994 2002-01-30 19:10:21Z des $"); |
19 20#include <sys/types.h> 21#include <ctype.h> 22#include <errno.h> 23#include <grp.h> 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> --- 8 unchanged lines hidden (view full) --- 35static char fs[] = ":"; /* field separator */ 36static char sep[] = ", \t"; /* list-element separator */ 37 38 /* Constants to be used in assignments only, not in comparisons... */ 39 40#define YES 1 41#define NO 0 42 | 19 20#include <sys/types.h> 21#include <ctype.h> 22#include <errno.h> 23#include <grp.h> 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> --- 8 unchanged lines hidden (view full) --- 35static char fs[] = ":"; /* field separator */ 36static char sep[] = ", \t"; /* list-element separator */ 37 38 /* Constants to be used in assignments only, not in comparisons... */ 39 40#define YES 1 41#define NO 0 42 |
43static int from_match __P((char *, char *)); 44static int list_match __P((char *, char *, int (*)(char *, char *))); 45static int netgroup_match __P((char *, char *, char *)); 46static int string_match __P((char *, char *)); 47static int user_match __P((char *, char *)); | 43static int from_match __P((const char *, const char *)); 44static int list_match __P((char *, const char *, 45 int (*)(const char *, const char *))); 46static int netgroup_match __P((const char *, const char *, const char *)); 47static int string_match __P((const char *, const char *)); 48static int user_match __P((const char *, const char *)); |
48 49/* login_access - match username/group and host/tty with access control file */ 50 51int 52login_access(user, from) | 49 50/* login_access - match username/group and host/tty with access control file */ 51 52int 53login_access(user, from) |
53char *user; 54char *from; | 54const char *user; 55const char *from; |
55{ 56 FILE *fp; 57 char line[BUFSIZ]; 58 char *perm; /* becomes permission field */ 59 char *users; /* becomes list of login names */ 60 char *froms; /* becomes list of terminals or hosts */ 61 int match = NO; 62 int end; --- 43 unchanged lines hidden (view full) --- 106 syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); 107 } 108 return (match == 0 || (line[0] == '+')); 109} 110 111/* list_match - match an item against a list of tokens with exceptions */ 112 113static int list_match(list, item, match_fn) | 56{ 57 FILE *fp; 58 char line[BUFSIZ]; 59 char *perm; /* becomes permission field */ 60 char *users; /* becomes list of login names */ 61 char *froms; /* becomes list of terminals or hosts */ 62 int match = NO; 63 int end; --- 43 unchanged lines hidden (view full) --- 107 syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); 108 } 109 return (match == 0 || (line[0] == '+')); 110} 111 112/* list_match - match an item against a list of tokens with exceptions */ 113 114static int list_match(list, item, match_fn) |
114char *list; 115char *item; 116int (*match_fn) __P((char *, char *)); | 115char *list; 116const char *item; 117int (*match_fn) __P((const char *, const char *)); |
117{ 118 char *tok; 119 int match = NO; 120 121 /* 122 * Process tokens one at a time. We have exhausted all possible matches 123 * when we reach an "EXCEPT" token or the end of the list. If we do find 124 * a match, look for an "EXCEPT" list and recurse to determine whether --- 15 unchanged lines hidden (view full) --- 140 return (match); 141 } 142 return (NO); 143} 144 145/* netgroup_match - match group against machine or user */ 146 147static int netgroup_match(group, machine, user) | 118{ 119 char *tok; 120 int match = NO; 121 122 /* 123 * Process tokens one at a time. We have exhausted all possible matches 124 * when we reach an "EXCEPT" token or the end of the list. If we do find 125 * a match, look for an "EXCEPT" list and recurse to determine whether --- 15 unchanged lines hidden (view full) --- 141 return (match); 142 } 143 return (NO); 144} 145 146/* netgroup_match - match group against machine or user */ 147 148static int netgroup_match(group, machine, user) |
148char *group __unused; 149char *machine __unused; 150char *user __unused; | 149const char *group __unused; 150const char *machine __unused; 151const char *user __unused; |
151{ 152 syslog(LOG_ERR, "NIS netgroup support not configured"); 153 return 0; 154} 155 156/* user_match - match a username against one token */ 157 158static int user_match(tok, string) | 152{ 153 syslog(LOG_ERR, "NIS netgroup support not configured"); 154 return 0; 155} 156 157/* user_match - match a username against one token */ 158 159static int user_match(tok, string) |
159char *tok; 160char *string; | 160const char *tok; 161const char *string; |
161{ 162 struct group *group; 163 int i; 164 165 /* 166 * If a token has the magic value "ALL" the match always succeeds. 167 * Otherwise, return YES if the token fully matches the username, or if 168 * the token is a group that contains the username. --- 9 unchanged lines hidden (view full) --- 178 return (YES); 179 } 180 return (NO); 181} 182 183/* from_match - match a host or tty against a list of tokens */ 184 185static int from_match(tok, string) | 162{ 163 struct group *group; 164 int i; 165 166 /* 167 * If a token has the magic value "ALL" the match always succeeds. 168 * Otherwise, return YES if the token fully matches the username, or if 169 * the token is a group that contains the username. --- 9 unchanged lines hidden (view full) --- 179 return (YES); 180 } 181 return (NO); 182} 183 184/* from_match - match a host or tty against a list of tokens */ 185 186static int from_match(tok, string) |
186char *tok; 187char *string; | 187const char *tok; 188const char *string; |
188{ 189 int tok_len; 190 int str_len; 191 192 /* 193 * If a token has the magic value "ALL" the match always succeeds. Return 194 * YES if the token fully matches the string. If the token is a domain 195 * name, return YES if it matches the last fields of the string. If the --- 18 unchanged lines hidden (view full) --- 214 return (YES); 215 } 216 return (NO); 217} 218 219/* string_match - match a string against one token */ 220 221static int string_match(tok, string) | 189{ 190 int tok_len; 191 int str_len; 192 193 /* 194 * If a token has the magic value "ALL" the match always succeeds. Return 195 * YES if the token fully matches the string. If the token is a domain 196 * name, return YES if it matches the last fields of the string. If the --- 18 unchanged lines hidden (view full) --- 215 return (YES); 216 } 217 return (NO); 218} 219 220/* string_match - match a string against one token */ 221 222static int string_match(tok, string) |
222char *tok; 223char *string; | 223const char *tok; 224const char *string; |
224{ 225 226 /* 227 * If the token has the magic value "ALL" the match always succeeds. 228 * Otherwise, return YES if the token fully matches the string. 229 */ 230 231 if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ 232 return (YES); 233 } else if (strcasecmp(tok, string) == 0) { /* try exact match */ 234 return (YES); 235 } 236 return (NO); 237} 238#endif /* LOGIN_ACCES */ | 225{ 226 227 /* 228 * If the token has the magic value "ALL" the match always succeeds. 229 * Otherwise, return YES if the token fully matches the string. 230 */ 231 232 if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ 233 return (YES); 234 } else if (strcasecmp(tok, string) == 0) { /* try exact match */ 235 return (YES); 236 } 237 return (NO); 238} 239#endif /* LOGIN_ACCES */ |