summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2008-04-17 12:52:25 +0000
committerTomas Mraz <tm@t8m.info>2008-04-17 12:52:25 +0000
commit083ef66c15e2ce9f90bdf6353488a01e1d3d813c (patch)
tree32f22741a5a5e806c564072cb2871046b8b94dd4
parent3165b29623e3498f8e75dba5413c4a662bdcec15 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2008-04-17 Tomas Mraz <t8m@centrum.cz> * modules/pam_access/pam_access.c(myhostname): Removed function. (user_match): Supply hostname of the machine to the netgroup_match(). Use hostname from the loginfo instead of calling myhostname(). (pam_sm_authenticate): Call gethostname() to fill hostname in the loginfo.
-rw-r--r--ChangeLog8
-rw-r--r--NEWS7
-rw-r--r--modules/pam_access/pam_access.c38
3 files changed, 34 insertions, 19 deletions
diff --git a/ChangeLog b/ChangeLog
index 2db1fb69..aaf8737a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-04-17 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_access/pam_access.c(myhostname): Removed function.
+ (user_match): Supply hostname of the machine to the netgroup_match().
+ Use hostname from the loginfo instead of calling myhostname().
+ (pam_sm_authenticate): Call gethostname() to fill hostname in the
+ loginfo.
+
2008-04-16 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
diff --git a/NEWS b/NEWS
index e59710ec..cac26d39 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
Linux-PAM NEWS -- history of user-visible changes.
+* Supply hostname of the machine to netgroup match call in pam_access.
+
+
+Release 1.0.1
+
+* Regression fixed in pam_set_item().
+
Release 1.0.0
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index edb8fb0a..778b68cd 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -98,6 +98,7 @@ struct login_info {
const struct passwd *user;
const char *from;
const char *config_file;
+ const char *hostname;
int debug; /* Print debugging messages. */
int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */
int noaudit; /* Do not audit denials */
@@ -457,19 +458,6 @@ list_match(pam_handle_t *pamh, char *list, char *sptr,
return (NO);
}
-/* myhostname - figure out local machine name */
-
-static char *myhostname(void)
-{
- static char name[MAXHOSTNAMELEN + 1];
-
- if (gethostname(name, MAXHOSTNAMELEN) == 0) {
- name[MAXHOSTNAMELEN] = 0;
- return (name);
- }
- return NULL;
-}
-
/* netgroup_match - match group against machine or user */
static int
@@ -515,15 +503,17 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
*/
if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */
+ if (item->hostname == NULL)
+ return NO;
+ fake_item.from = item->hostname;
*at = 0;
- fake_item.from = myhostname();
- if (fake_item.from == NULL)
- return NO;
return (user_match (pamh, tok, item) &&
from_match (pamh, at + 1, &fake_item));
- } else if (tok[0] == '@') /* netgroup */
- return (netgroup_match (pamh, tok + 1, (char *) 0, string, item->debug));
- else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
+ } else if (tok[0] == '@') { /* netgroup */
+ if (item->hostname == NULL)
+ return NO;
+ return (netgroup_match (pamh, tok + 1, item->hostname, string, item->debug));
+ } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
return (group_match (pamh, tok, string, item->debug));
else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */
return rv;
@@ -787,6 +777,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
const void *void_from=NULL;
const char *from;
struct passwd *user_pw;
+ char hostname[MAXHOSTNAMELEN + 1];
+
/* set username */
@@ -860,6 +852,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
loginfo.from = from;
+ hostname[sizeof(hostname)-1] = '\0';
+ if (gethostname(hostname, sizeof(hostname)-1) == 0)
+ loginfo.hostname = hostname;
+ else {
+ pam_syslog (pamh, LOG_ERR, "gethostname failed: %m");
+ loginfo.hostname = NULL;
+ }
+
if (login_access(pamh, &loginfo)) {
return (PAM_SUCCESS);
} else {