login_access.c (126643) | login_access.c (169976) |
---|---|
1 /* 2 * This module implements a simple but effective form of login access 3 * control based on login names and on host (or domain) names, internet 4 * addresses (or network numbers), or on terminal line names in case of 5 * non-networked logins. Diagnostics are reported through syslog(3). 6 * 7 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 8 */ 9 10#if 0 11#ifndef lint 12static char sccsid[] = "%Z% %M% %I% %E% %U%"; 13#endif 14#endif 15 16#include <sys/cdefs.h> | 1 /* 2 * This module implements a simple but effective form of login access 3 * control based on login names and on host (or domain) names, internet 4 * addresses (or network numbers), or on terminal line names in case of 5 * non-networked logins. Diagnostics are reported through syslog(3). 6 * 7 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 8 */ 9 10#if 0 11#ifndef lint 12static char sccsid[] = "%Z% %M% %I% %E% %U%"; 13#endif 14#endif 15 16#include <sys/cdefs.h> |
17__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_login_access/login_access.c 126643 2004-03-05 08:10:19Z markm $"); | 17__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_login_access/login_access.c 169976 2007-05-25 07:50:18Z des $"); |
18 19#include <sys/types.h> 20#include <ctype.h> 21#include <errno.h> 22#include <grp.h> | 18 19#include <sys/types.h> 20#include <ctype.h> 21#include <errno.h> 22#include <grp.h> |
23#include <netdb.h> |
|
23#include <stdio.h> 24#include <stdlib.h> 25#include <string.h> 26#include <syslog.h> 27#include <unistd.h> 28 29#include "pam_login_access.h" 30 --- 107 unchanged lines hidden (view full) --- 138 return (match); 139 } 140 return (NO); 141} 142 143/* netgroup_match - match group against machine or user */ 144 145static int | 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> 27#include <syslog.h> 28#include <unistd.h> 29 30#include "pam_login_access.h" 31 --- 107 unchanged lines hidden (view full) --- 139 return (match); 140 } 141 return (NO); 142} 143 144/* netgroup_match - match group against machine or user */ 145 146static int |
146netgroup_match(const char *group __unused, 147 const char *machine __unused, const char *user __unused) | 147netgroup_match(const char *group, const char *machine, const char *user) |
148{ | 148{ |
149 syslog(LOG_ERR, "NIS netgroup support not configured"); 150 return 0; | 149 char domain[1024]; 150 unsigned int i; 151 152 if (getdomainname(domain, sizeof(domain)) != 0 || *domain == '\0') { 153 syslog(LOG_ERR, "NIS netgroup support disabled: no NIS domain"); 154 return (NO); 155 } 156 157 /* getdomainname() does not reliably terminate the string */ 158 for (i = 0; i < sizeof(domain); ++i) 159 if (domain[i] == '\0') 160 break; 161 if (i == sizeof(domain)) { 162 syslog(LOG_ERR, "NIS netgroup support disabled: invalid NIS domain"); 163 return (NO); 164 } 165 166 if (innetgr(group, machine, user, domain) == 1) 167 return (YES); 168 return (NO); |
151} 152 153/* user_match - match a username against one token */ 154 155static int 156user_match(const char *tok, const char *string) 157{ 158 struct group *group; --- 73 unchanged lines hidden --- | 169} 170 171/* user_match - match a username against one token */ 172 173static int 174user_match(const char *tok, const char *string) 175{ 176 struct group *group; --- 73 unchanged lines hidden --- |