FreeBSD Bugzilla – Attachment 59344 Details for
Bug 89326
[patch] Add pattern matching to login.access(5)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 6.15 KB, created by
Oliver Fromme
on 2005-11-20 20:50:24 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Oliver Fromme
Created:
2005-11-20 20:50:24 UTC
Size:
6.15 KB
patch
obsolete
>--- src/usr.bin/login/login_access.c.orig Fri Mar 22 02:22:49 2002 >+++ src/usr.bin/login/login_access.c Sun Nov 20 21:16:13 2005 >@@ -20,6 +20,7 @@ > #include <sys/types.h> > #include <ctype.h> > #include <errno.h> >+#include <fnmatch.h> > #include <grp.h> > #include <stdio.h> > #include <stdlib.h> >@@ -175,7 +176,7 @@ > return (YES); > } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */ > for (i = 0; group->gr_mem[i]; i++) >- if (strcasecmp(string, group->gr_mem[i]) == 0) >+ if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0) > return (YES); > } > return (NO); >@@ -205,7 +206,7 @@ > return (YES); > } else if (tok[0] == '.') { /* domain: match last fields */ > if ((str_len = strlen(string)) > (tok_len = strlen(tok)) >- && strcasecmp(tok, string + str_len - tok_len) == 0) >+ && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0) > return (YES); > } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ > if (strchr(string, '.') == 0) >@@ -231,7 +232,7 @@ > > if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ > return (YES); >- } else if (strcasecmp(tok, string) == 0) { /* try exact match */ >+ } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */ > return (YES); > } > return (NO); >--- src/usr.bin/login/login.access.5.orig Sat Jul 3 00:22:27 2004 >+++ src/usr.bin/login/login.access.5 Sun Nov 20 21:21:17 2005 >@@ -45,6 +45,15 @@ > logged-in user. > Only groups are matched in which users are explicitly > listed: the program does not look at a user's primary group id value. >+.Pp >+In names of users, groups, ttys, hosts and domains, >+the special wildcard characters "*", "?" and "[" can be used, >+matching patterns according to the rules used by the shell. >+This is most useful for tty names: >+The pattern "ttyv?" in the third field matches all virtual >+terminals, and "ttyd?" matches all serial dial-in lines. >+.Pp >+All matches are case-insensitive. > .Sh FILES > .Bl -tag -width /etc/login.access -compact > .It Pa /etc/login.access >--- src/lib/libpam/modules/pam_login_access/login_access.c.orig Fri Mar 5 09:10:18 2004 >+++ src/lib/libpam/modules/pam_login_access/login_access.c Sun Nov 20 21:17:41 2005 >@@ -19,6 +19,7 @@ > #include <sys/types.h> > #include <ctype.h> > #include <errno.h> >+#include <fnmatch.h> > #include <grp.h> > #include <stdio.h> > #include <stdlib.h> >@@ -170,7 +171,7 @@ > return (YES); > } else if ((group = getgrnam(tok)) != NULL) {/* try group membership */ > for (i = 0; group->gr_mem[i]; i++) >- if (strcasecmp(string, group->gr_mem[i]) == 0) >+ if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0) > return (YES); > } > return (NO); >@@ -199,7 +200,7 @@ > return (YES); > } else if (tok[0] == '.') { /* domain: match last fields */ > if ((str_len = strlen(string)) > (tok_len = strlen(tok)) >- && strcasecmp(tok, string + str_len - tok_len) == 0) >+ && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0) > return (YES); > } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ > if (strchr(string, '.') == 0) >@@ -224,7 +225,7 @@ > > if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ > return (YES); >- } else if (strcasecmp(tok, string) == 0) { /* try exact match */ >+ } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */ > return (YES); > } > return (NO); >--- src/lib/libpam/modules/pam_login_access/login.access.5.orig Sat Jul 3 01:52:17 2004 >+++ src/lib/libpam/modules/pam_login_access/login.access.5 Sun Nov 20 21:21:18 2005 >@@ -46,6 +46,15 @@ > logged-in user. > Only groups are matched in which users are explicitly > listed: the program does not look at a user's primary group id value. >+.Pp >+In names of users, groups, ttys, hosts and domains, >+the special wildcard characters "*", "?" and "[" can be used, >+matching patterns according to the rules used by the shell. >+This is most useful for tty names: >+The pattern "ttyv?" in the third field matches all virtual >+terminals, and "ttyd?" matches all serial dial-in lines. >+.Pp >+All matches are case-insensitive. > .Sh FILES > .Bl -tag -width /etc/login.access -compact > .It Pa /etc/login.access >--- src/crypto/heimdal/appl/login/login_access.c.orig Tue Feb 19 16:46:04 2002 >+++ src/crypto/heimdal/appl/login/login_access.c Sun Nov 20 21:17:39 2005 >@@ -24,6 +24,7 @@ > */ > > #include "login_locl.h" >+#include <fnmatch.h> > > RCSID("$Id: login_access.c,v 1.2 2001/06/04 14:09:45 assar Exp $"); > >@@ -217,7 +218,7 @@ > if (item->user->pw_gid == group->gr_gid) > return (YES); > for (i = 0; group->gr_mem[i]; i++) >- if (strcasecmp(string, group->gr_mem[i]) == 0) >+ if (fnmatch(string, group->gr_mem[i], FNM_CASEFOLD) == 0) > return (YES); > } > return (NO); >@@ -246,7 +247,7 @@ > return (YES); > } else if (tok[0] == '.') { /* domain: match last fields */ > if ((str_len = strlen(string)) > (tok_len = strlen(tok)) >- && strcasecmp(tok, string + str_len - tok_len) == 0) >+ && fnmatch(tok, string + str_len - tok_len, FNM_CASEFOLD) == 0) > return (YES); > } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ > if (strchr(string, '.') == 0) >@@ -270,7 +271,7 @@ > > if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ > return (YES); >- } else if (strcasecmp(tok, string) == 0) { /* try exact match */ >+ } else if (fnmatch(tok, string, FNM_CASEFOLD) == 0) { /* try exact match */ > return (YES); > } > return (NO); >--- src/crypto/heimdal/appl/login/login.access.5.orig Thu Oct 9 21:36:19 2003 >+++ src/crypto/heimdal/appl/login/login.access.5 Sun Nov 20 21:21:15 2005 >@@ -44,6 +44,15 @@ > .Pp > If the string EXCEPT is found in either the user or from list, the > rest of the list are exceptions to the list before EXCEPT. >+.Pp >+In names of users, groups, ttys, hosts and domains, >+the special wildcard characters "*", "?" and "[" can be used, >+matching patterns according to the rules used by the shell. >+This is most useful for tty names: >+The pattern "ttyv?" in the third field matches all virtual >+terminals, and "ttyd?" matches all serial dial-in lines. >+.Pp >+All matches are case-insensitive. > .Sh BUGS > If there's a user and a group with the same name, there is no way to > make the group match if the user also matches.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=59344">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 89326
: 59344