summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2005-09-26 09:56:28 +0000
committerTomas Mraz <tm@t8m.info>2005-09-26 09:56:28 +0000
commita3741192151aaf4b4d26f97fe470c9e7ea34703e (patch)
treef7de8e9a740e59c23275123d6b3b9f7db389e3cc
parent1d12d6d2cd9da861ae21d07e343b817a6ee14a57 (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- Support for NULL tty for pam_access. 2005-09-23 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c (from_match): Support NULL from. (string_match): Support NULL string, add NONE keyword matching it. (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. * modules/pam_access/access.conf: NONE keyword description * modules/pam_access/README: NONE keyword description
-rw-r--r--ChangeLog8
-rw-r--r--modules/pam_access/README4
-rw-r--r--modules/pam_access/access.conf4
-rw-r--r--modules/pam_access/pam_access.c33
4 files changed, 31 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index ebfb7938..2e74e940 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2005-09-23 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_access/pam_access.c (from_match): Support NULL from.
+ (string_match): Support NULL string, add NONE keyword matching it.
+ (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
+ * modules/pam_access/access.conf: NONE keyword description
+ * modules/pam_access/README: NONE keyword description
+
2005-09-22 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
diff --git a/modules/pam_access/README b/modules/pam_access/README
index ddd4725f..c3f81d11 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -28,8 +28,8 @@
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
index cec2be0c..98da5faa 100644
--- a/modules/pam_access/access.conf
+++ b/modules/pam_access/access.conf
@@ -28,8 +28,8 @@
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
-# matches) or LOCAL (matches any string that does not contain a "."
-# character).
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 55b7818d..867cd9a1 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -316,11 +316,13 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
* if it matches the head of the string.
*/
- if (tok[0] == '@') { /* netgroup */
+ if (string != NULL && tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, string, (char *) 0));
- } else if (string_match (tok, string)) /* ALL or exact match */
- return YES;
- else if (tok[0] == '.') { /* domain: match last fields */
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (string == NULL) {
+ return (NO);
+ } else if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(string)) > (tok_len = strlen(tok))
&& strcasecmp(tok, string + str_len - tok_len) == 0)
return (YES);
@@ -371,11 +373,16 @@ string_match (const char *tok, const char *string)
/*
* If the token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the string.
+ * "NONE" token matches NULL string.
*/
if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
return (YES);
- } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ } else if (string != NULL) {
+ if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ } else if (strcasecmp(tok, "NONE") == 0) {
return (YES);
}
return (NO);
@@ -418,19 +425,17 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
|| void_from == NULL) {
D(("PAM_TTY not set, probing stdin"));
from = ttyname(STDIN_FILENO);
- if (from == NULL) {
- pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
- return PAM_ABORT;
- }
- if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
- return PAM_ABORT;
- }
+ if (from != NULL) {
+ if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
+ return PAM_ABORT;
+ }
+ }
}
else
from = void_from;
- if (from[0] == '/') { /* full path */
+ if (from != NULL && from[0] == '/') { /* full path */
from++;
from = strchr(from, '/');
from++;