summaryrefslogtreecommitdiff
path: root/modules/pam_succeed_if/pam_succeed_if.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_succeed_if/pam_succeed_if.c')
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c66
1 files changed, 31 insertions, 35 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index 32a73738..856db0ca 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -68,20 +68,20 @@
* PAM_SERVICE_ERR if the arguments can't be parsed as numbers. */
static int
evaluate_num(const pam_handle_t *pamh, const char *left,
- const char *right, int (*cmp)(int, int))
+ const char *right, int (*cmp)(long long, long long))
{
- long l, r;
+ long long l, r;
char *p;
int ret = PAM_SUCCESS;
errno = 0;
- l = strtol(left, &p, 0);
+ l = strtoll(left, &p, 0);
if ((p == NULL) || (*p != '\0') || errno) {
pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left);
ret = PAM_SERVICE_ERR;
}
- r = strtol(right, &p, 0);
+ r = strtoll(right, &p, 0);
if ((p == NULL) || (*p != '\0') || errno) {
pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right);
ret = PAM_SERVICE_ERR;
@@ -96,32 +96,32 @@ evaluate_num(const pam_handle_t *pamh, const char *left,
/* Simple numeric comparison callbacks. */
static int
-eq(int i, int j)
+eq(long long i, long long j)
{
return i == j;
}
static int
-ne(int i, int j)
+ne(long long i, long long j)
{
return i != j;
}
static int
-lt(int i, int j)
+lt(long long i, long long j)
{
return i < j;
}
static int
-le(int i, int j)
+le(long long i, long long j)
{
return lt(i, j) || eq(i, j);
}
static int
-gt(int i, int j)
+gt(long long i, long long j)
{
return i > j;
}
static int
-ge(int i, int j)
+ge(long long i, long long j)
{
return gt(i, j) || eq(i, j);
}
@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
}
/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
static int
-evaluate_innetgr(const char *host, const char *user, const char *group)
+evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
{
+#ifdef HAVE_INNETGR
if (innetgr(group, host, user, NULL) == 1)
return PAM_SUCCESS;
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
+
return PAM_AUTH_ERR;
}
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
static int
-evaluate_notinnetgr(const char *host, const char *user, const char *group)
+evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
{
+#ifdef HAVE_INNETGR
if (innetgr(group, host, user, NULL) == 0)
return PAM_SUCCESS;
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
return PAM_AUTH_ERR;
}
@@ -298,7 +307,7 @@ evaluate(pam_handle_t *pamh, int debug,
}
if (strcasecmp(left, "rhost") == 0) {
const void *rhost;
- if (pam_get_item(pamh, PAM_SERVICE, &rhost) != PAM_SUCCESS ||
+ if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS ||
rhost == NULL)
rhost = "";
snprintf(buf, sizeof(buf), "%s", (const char *)rhost);
@@ -306,7 +315,7 @@ evaluate(pam_handle_t *pamh, int debug,
}
if (strcasecmp(left, "tty") == 0) {
const void *tty;
- if (pam_get_item(pamh, PAM_SERVICE, &tty) != PAM_SUCCESS ||
+ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS ||
tty == NULL)
tty = "";
snprintf(buf, sizeof(buf), "%s", (const char *)tty);
@@ -387,20 +396,20 @@ evaluate(pam_handle_t *pamh, int debug,
const void *rhost;
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
rhost = NULL;
- return evaluate_innetgr(rhost, user, right);
+ return evaluate_innetgr(pamh, rhost, user, right);
}
/* (Rhost, user) is not in this group. */
if (strcasecmp(qual, "notinnetgr") == 0) {
const void *rhost;
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
rhost = NULL;
- return evaluate_notinnetgr(rhost, user, right);
+ return evaluate_notinnetgr(pamh, rhost, user, right);
}
/* Fail closed. */
return PAM_SERVICE_ERR;
}
-PAM_EXTERN int
+int
pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
@@ -544,46 +553,33 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
return ret;
}
-PAM_EXTERN int
+int
pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
int argc UNUSED, const char **argv UNUSED)
{
return PAM_IGNORE;
}
-PAM_EXTERN int
+int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return pam_sm_authenticate(pamh, flags, argc, argv);
}
-PAM_EXTERN int
+int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return pam_sm_authenticate(pamh, flags, argc, argv);
}
-PAM_EXTERN int
+int
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return pam_sm_authenticate(pamh, flags, argc, argv);
}
-PAM_EXTERN int
+int
pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return pam_sm_authenticate(pamh, flags, argc, argv);
}
-
-/* static module data */
-#ifdef PAM_STATIC
-struct pam_module _pam_succeed_if_modstruct = {
- "pam_succeed_if",
- pam_sm_authenticate,
- pam_sm_setcred,
- pam_sm_acct_mgmt,
- pam_sm_open_session,
- pam_sm_close_session,
- pam_sm_chauthtok
-};
-#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 03:07:55 +0000