summaryrefslogtreecommitdiff
path: root/modules/pam_access/pam_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_access/pam_access.c')
-rw-r--r--modules/pam_access/pam_access.c37
1 files changed, 30 insertions, 7 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index ba8effe3..e9f0caa3 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -41,11 +41,12 @@
#include <errno.h>
#include <ctype.h>
#include <sys/utsname.h>
-#include <rpcsvc/ypclnt.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/socket.h>
-
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
#ifdef HAVE_LIBAUDIT
#include <libaudit.h>
#endif
@@ -465,13 +466,31 @@ static int
netgroup_match (pam_handle_t *pamh, const char *netgroup,
const char *machine, const char *user, int debug)
{
- char *mydomain = NULL;
int retval;
+ char *mydomain = NULL;
+#ifdef HAVE_YP_GET_DEFAUTL_DOMAIN
yp_get_default_domain(&mydomain);
+#elif defined(HAVE_GETDOMAINNAME)
+ char domainname_res[256];
+ if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+ {
+ if (strcmp (domainname_res, "(none)") == 0)
+ {
+ /* If domainname is not set, some systems will return "(none)" */
+ domainname_res[0] = '\0';
+ }
+ mydomain = domainname_res;
+ }
+#endif
+#ifdef HAVE_INNETGR
retval = innetgr (netgroup, machine, user, mydomain);
+#else
+ retval = 0;
+ pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support");
+#endif
if (debug == YES)
pam_syslog (pamh, LOG_DEBUG,
"netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
@@ -479,7 +498,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
machine ? machine : "NULL",
user ? user : "NULL", mydomain ? mydomain : "NULL");
return retval;
-
}
/* user_match - match a username against one token */
@@ -511,9 +529,14 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
return (user_match (pamh, tok, item) &&
from_match (pamh, at + 1, &fake_item));
} else if (tok[0] == '@') { /* netgroup */
- if (item->hostname == NULL)
- return NO;
- return (netgroup_match (pamh, tok + 1, item->hostname, string, item->debug));
+ const char *hostname = NULL;
+ if (tok[1] == '@') { /* add hostname to netgroup match */
+ if (item->hostname == NULL)
+ return NO;
+ ++tok;
+ hostname = item->hostname;
+ }
+ return (netgroup_match (pamh, tok + 1, hostname, string, item->debug));
} else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
return (group_match (pamh, tok, string, item->debug));
else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */