From 1d77132df8ba384969554dbc5ec82a943943b4d5 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Mon, 19 Dec 2005 07:31:17 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2005-12-19  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_time/pam_time.c (check_account): Implement
        support for netgroups.

        * modules/pam_time/time.conf: Document usage of netgroups.
---
 modules/pam_time/pam_time.c | 14 ++++++--------
 modules/pam_time/time.conf  |  5 +++--
 2 files changed, 9 insertions(+), 10 deletions(-)

(limited to 'modules/pam_time')

diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index d4aee8a4..b983ef17 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -1,18 +1,11 @@
 /* pam_time module */
 
 /*
- * $Id$
- *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/6/22
  * (File syntax and much other inspiration from the shadow package
  * shadow-960129)
  */
 
-static const char rcsid[] =
-"$Id$;\n"
-"\t\tVersion 0.22 for Linux-PAM\n"
-"Copyright (C) Andrew G. Morgan 1996 <morgan@linux.kernel.org>\n";
-
 #include "config.h"
 
 #include <sys/file.h>
@@ -27,6 +20,7 @@ static const char rcsid[] =
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <netdb.h>
 
 #define PAM_TIME_BUFLEN        1000
 #define FIELD_SEPARATOR        ';'   /* this is new as of .02 */
@@ -522,7 +516,11 @@ check_account(pam_handle_t *pamh, const char *service,
 			  "%s: no user entry #%d", PAM_TIME_CONF, count);
 	       continue;
 	  }
-	  good &= logic_field(pamh, user, buffer, count, is_same);
+	  /* If buffer starts with @, we are using netgroups */
+	  if (buffer[0] == '@')
+	    good &= innetgr (&buffer[1], NULL, user, NULL);
+	  else
+	    good &= logic_field(pamh, user, buffer, count, is_same);
 	  D(("with user: %s", good ? "passes":"fails" ));
 
 	  /* here we get the time field */
diff --git a/modules/pam_time/time.conf b/modules/pam_time/time.conf
index d2062fdb..c7b7989c 100644
--- a/modules/pam_time/time.conf
+++ b/modules/pam_time/time.conf
@@ -20,7 +20,8 @@
 #	is a logic list of terminal names that this rule applies to.
 #
 # users
-#	is a logic list of users to whom this rule applies.
+#	is a logic list of users or a netgroup of users to whom this
+#	rule applies.
 #
 # NB. For these items the simple wildcard '*' may be used only once.
 #
@@ -61,4 +62,4 @@
 
 #
 # End of example file.
-#
\ No newline at end of file
+#
-- 
cgit v1.2.3