View | Details | Raw Unified | Return to bug 89326
Collapse All | Expand All

(-)src/usr.bin/login/login_access.c (-3 / +4 lines)
Lines 20-25 Link Here
20
#include <sys/types.h>
20
#include <sys/types.h>
21
#include <ctype.h>
21
#include <ctype.h>
22
#include <errno.h>
22
#include <errno.h>
23
#include <fnmatch.h>
23
#include <grp.h>
24
#include <grp.h>
24
#include <stdio.h>
25
#include <stdio.h>
25
#include <stdlib.h>
26
#include <stdlib.h>
Lines 175-181 Link Here
175
	return (YES);
176
	return (YES);
176
    } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */
177
    } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */
177
	for (i = 0; group->gr_mem[i]; i++)
178
	for (i = 0; group->gr_mem[i]; i++)
178
	    if (strcasecmp(string, group->gr_mem[i]) == 0)
179
	    if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0)
179
		return (YES);
180
		return (YES);
180
    }
181
    }
181
    return (NO);
182
    return (NO);
Lines 205-211 Link Here
205
	return (YES);
206
	return (YES);
206
    } else if (tok[0] == '.') {			/* domain: match last fields */
207
    } else if (tok[0] == '.') {			/* domain: match last fields */
207
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
208
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
208
	    && strcasecmp(tok, string + str_len - tok_len) == 0)
209
	    && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0)
209
	    return (YES);
210
	    return (YES);
210
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
211
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
211
	if (strchr(string, '.') == 0)
212
	if (strchr(string, '.') == 0)
Lines 231-237 Link Here
231
232
232
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
233
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
233
	return (YES);
234
	return (YES);
234
    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
235
    } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */
235
	return (YES);
236
	return (YES);
236
    }
237
    }
237
    return (NO);
238
    return (NO);
(-)src/usr.bin/login/login.access.5 (+9 lines)
Lines 45-50 Link Here
45
logged-in user.
45
logged-in user.
46
Only groups are matched in which users are explicitly
46
Only groups are matched in which users are explicitly
47
listed: the program does not look at a user's primary group id value.
47
listed: the program does not look at a user's primary group id value.
48
.Pp
49
In names of users, groups, ttys, hosts and domains,
50
the special wildcard characters "*", "?" and "[" can be used,
51
matching patterns according to the rules used by the shell.
52
This is most useful for tty names:
53
The pattern "ttyv?" in the third field matches all virtual
54
terminals, and "ttyd?" matches all serial dial-in lines.
55
.Pp
56
All matches are case-insensitive.
48
.Sh FILES
57
.Sh FILES
49
.Bl -tag -width /etc/login.access -compact
58
.Bl -tag -width /etc/login.access -compact
50
.It Pa /etc/login.access
59
.It Pa /etc/login.access
(-)src/lib/libpam/modules/pam_login_access/login_access.c (-3 / +4 lines)
Lines 19-24 Link Here
19
#include <sys/types.h>
19
#include <sys/types.h>
20
#include <ctype.h>
20
#include <ctype.h>
21
#include <errno.h>
21
#include <errno.h>
22
#include <fnmatch.h>
22
#include <grp.h>
23
#include <grp.h>
23
#include <stdio.h>
24
#include <stdio.h>
24
#include <stdlib.h>
25
#include <stdlib.h>
Lines 170-176 Link Here
170
	return (YES);
171
	return (YES);
171
    } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */
172
    } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */
172
	for (i = 0; group->gr_mem[i]; i++)
173
	for (i = 0; group->gr_mem[i]; i++)
173
	    if (strcasecmp(string, group->gr_mem[i]) == 0)
174
	    if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0)
174
		return (YES);
175
		return (YES);
175
    }
176
    }
176
    return (NO);
177
    return (NO);
Lines 199-205 Link Here
199
	return (YES);
200
	return (YES);
200
    } else if (tok[0] == '.') {			/* domain: match last fields */
201
    } else if (tok[0] == '.') {			/* domain: match last fields */
201
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
202
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
202
	    && strcasecmp(tok, string + str_len - tok_len) == 0)
203
	    && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0)
203
	    return (YES);
204
	    return (YES);
204
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
205
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
205
	if (strchr(string, '.') == 0)
206
	if (strchr(string, '.') == 0)
Lines 224-230 Link Here
224
225
225
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
226
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
226
	return (YES);
227
	return (YES);
227
    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
228
    } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */
228
	return (YES);
229
	return (YES);
229
    }
230
    }
230
    return (NO);
231
    return (NO);
(-)src/lib/libpam/modules/pam_login_access/login.access.5 (+9 lines)
Lines 46-51 Link Here
46
logged-in user.
46
logged-in user.
47
Only groups are matched in which users are explicitly
47
Only groups are matched in which users are explicitly
48
listed: the program does not look at a user's primary group id value.
48
listed: the program does not look at a user's primary group id value.
49
.Pp
50
In names of users, groups, ttys, hosts and domains,
51
the special wildcard characters "*", "?" and "[" can be used,
52
matching patterns according to the rules used by the shell.
53
This is most useful for tty names:
54
The pattern "ttyv?" in the third field matches all virtual
55
terminals, and "ttyd?" matches all serial dial-in lines.
56
.Pp
57
All matches are case-insensitive.
49
.Sh FILES
58
.Sh FILES
50
.Bl -tag -width /etc/login.access -compact
59
.Bl -tag -width /etc/login.access -compact
51
.It Pa /etc/login.access
60
.It Pa /etc/login.access
(-)src/crypto/heimdal/appl/login/login_access.c (-3 / +4 lines)
Lines 24-29 Link Here
24
  */
24
  */
25
25
26
#include "login_locl.h"
26
#include "login_locl.h"
27
#include <fnmatch.h>
27
28
28
RCSID("$Id: login_access.c,v 1.2 2001/06/04 14:09:45 assar Exp $");
29
RCSID("$Id: login_access.c,v 1.2 2001/06/04 14:09:45 assar Exp $");
29
30
Lines 217-223 Link Here
217
	if (item->user->pw_gid == group->gr_gid)
218
	if (item->user->pw_gid == group->gr_gid)
218
	    return (YES);
219
	    return (YES);
219
	for (i = 0; group->gr_mem[i]; i++)
220
	for (i = 0; group->gr_mem[i]; i++)
220
	    if (strcasecmp(string, group->gr_mem[i]) == 0)
221
	    if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0)
221
		return (YES);
222
		return (YES);
222
    }
223
    }
223
    return (NO);
224
    return (NO);
Lines 246-252 Link Here
246
	return (YES);
247
	return (YES);
247
    } else if (tok[0] == '.') {			/* domain: match last fields */
248
    } else if (tok[0] == '.') {			/* domain: match last fields */
248
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
249
	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
249
	    && strcasecmp(tok, string + str_len - tok_len) == 0)
250
	    && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0)
250
	    return (YES);
251
	    return (YES);
251
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
252
    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
252
	if (strchr(string, '.') == 0)
253
	if (strchr(string, '.') == 0)
Lines 270-276 Link Here
270
271
271
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
272
    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
272
	return (YES);
273
	return (YES);
273
    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
274
    } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */
274
	return (YES);
275
	return (YES);
275
    }
276
    }
276
    return (NO);
277
    return (NO);
(-)src/crypto/heimdal/appl/login/login.access.5 (+9 lines)
Lines 44-49 Link Here
44
.Pp
44
.Pp
45
If the string EXCEPT is found in either the user or from list, the
45
If the string EXCEPT is found in either the user or from list, the
46
rest of the list are exceptions to the list before EXCEPT.
46
rest of the list are exceptions to the list before EXCEPT.
47
.Pp
48
In names of users, groups, ttys, hosts and domains,
49
the special wildcard characters "*", "?" and "[" can be used,
50
matching patterns according to the rules used by the shell.
51
This is most useful for tty names:
52
The pattern "ttyv?" in the third field matches all virtual
53
terminals, and "ttyd?" matches all serial dial-in lines.
54
.Pp
55
All matches are case-insensitive.
47
.Sh BUGS
56
.Sh BUGS
48
If there's a user and a group with the same name, there is no way to
57
If there's a user and a group with the same name, there is no way to
49
make the group match if the user also matches.
58
make the group match if the user also matches.

Return to bug 89326