View | Details | Raw Unified | Return to bug 104553
Collapse All | Expand All

(-)src/etc/login.access (-3 / +4 lines)
Lines 24-32 Link Here
24
#
24
#
25
# The EXCEPT operator makes it possible to write very compact rules.
25
# The EXCEPT operator makes it possible to write very compact rules.
26
#
26
#
27
# The group file is searched only when a name does not match that of the
27
# The user's groups are checked against the name(s) in the second field
28
# logged-in user. Only groups are matched in which users are explicitly
28
# only when it/they do not match the user's login name.  Each group the
29
# listed: the program does not look at a user's primary group id value.
29
# user is in, including his or her login group, will be checked until the
30
# first match is found.
30
#
31
#
31
##############################################################################
32
##############################################################################
32
#
33
#
(-)src/lib/libpam/modules/pam_login_access/login.access.5 (-4 / +4 lines)
Lines 41-50 Link Here
41
.Pp
41
.Pp
42
The EXCEPT operator makes it possible to write very compact rules.
42
The EXCEPT operator makes it possible to write very compact rules.
43
.Pp
43
.Pp
44
The group file is searched only when a name does not match that of the
44
The user's groups are checked against the name(s) in the second field 
45
logged-in user.
45
only when it/they do not match the user's login name. 
46
Only groups are matched in which users are explicitly
46
Each group the user is in, including his or her login group, will be 
47
listed: the program does not look at a user's primary group id value.
47
checked until the first match is found.
48
.Sh FILES
48
.Sh FILES
49
.Bl -tag -width /etc/login.access -compact
49
.Bl -tag -width /etc/login.access -compact
50
.It Pa /etc/login.access
50
.It Pa /etc/login.access
(-)src/lib/libpam/modules/pam_login_access/login_access.c (+9 lines)
Lines 20-25 Link Here
20
#include <ctype.h>
20
#include <ctype.h>
21
#include <errno.h>
21
#include <errno.h>
22
#include <grp.h>
22
#include <grp.h>
23
#include <pwd.h>
23
#include <stdio.h>
24
#include <stdio.h>
24
#include <stdlib.h>
25
#include <stdlib.h>
25
#include <string.h>
26
#include <string.h>
Lines 156-161 Link Here
156
user_match(const char *tok, const char *string)
157
user_match(const char *tok, const char *string)
157
{
158
{
158
    struct group *group;
159
    struct group *group;
160
    struct passwd *pw;
159
    int     i;
161
    int     i;
160
162
161
    /*
163
    /*
Lines 172-177 Link Here
172
	for (i = 0; group->gr_mem[i]; i++)
174
	for (i = 0; group->gr_mem[i]; i++)
173
	    if (strcasecmp(string, group->gr_mem[i]) == 0)
175
	    if (strcasecmp(string, group->gr_mem[i]) == 0)
174
		return (YES);
176
		return (YES);
177
    } 
178
    /* Check if the user's login group matches token. */
179
    if ((pw = getpwnam(string)) != NULL) {
180
        group = getgrgid(pw->pw_gid);
181
        if (strcasecmp(tok, group->gr_name) == 0) {
182
            return(YES);
183
        }
175
    }
184
    }
176
    return (NO);
185
    return (NO);
177
}
186
}

Return to bug 104553