FreeBSD Bugzilla – Attachment 71848 Details for
Bug 104553
[patch] [request] Add login group support to login.access(5)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.37 KB, created by
Nick Barkas
on 2006-10-18 23:20:15 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Nick Barkas
Created:
2006-10-18 23:20:15 UTC
Size:
2.37 KB
patch
obsolete
>--- src/etc/login.access.orig Sun Jun 6 04:46:27 2004 >+++ src/etc/login.access Wed Oct 18 14:46:19 2006 >@@ -24,9 +24,10 @@ > # > # The EXCEPT operator makes it possible to write very compact rules. > # >-# The group file is searched only when a name does not match that of the >-# logged-in user. Only groups are matched in which users are explicitly >-# listed: the program does not look at a user's primary group id value. >+# The user's groups are checked against the name(s) in the second field >+# only when it/they do not match the user's login name. Each group the >+# user is in, including his or her login group, will be checked until the >+# first match is found. > # > ############################################################################## > # >--- src/lib/libpam/modules/pam_login_access/login.access.5.orig Mon Sep 25 18:26:25 2006 >+++ src/lib/libpam/modules/pam_login_access/login.access.5 Wed Oct 18 14:27:12 2006 >@@ -41,10 +41,10 @@ > .Pp > The EXCEPT operator makes it possible to write very compact rules. > .Pp >-The group file is searched only when a name does not match that of the >-logged-in user. >-Only groups are matched in which users are explicitly >-listed: the program does not look at a user's primary group id value. >+The user's groups are checked against the name(s) in the second field >+only when it/they do not match the user's login name. >+Each group the user is in, including his or her login group, will be >+checked until the first match is found. > .Sh FILES > .Bl -tag -width /etc/login.access -compact > .It Pa /etc/login.access >--- src/lib/libpam/modules/pam_login_access/login_access.c.orig Wed Oct 18 12:19:37 2006 >+++ src/lib/libpam/modules/pam_login_access/login_access.c Wed Oct 18 14:02:24 2006 >@@ -20,6 +20,7 @@ > #include <ctype.h> > #include <errno.h> > #include <grp.h> >+#include <pwd.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> >@@ -156,6 +157,7 @@ > user_match(const char *tok, const char *string) > { > struct group *group; >+ struct passwd *pw; > int i; > > /* >@@ -172,6 +174,13 @@ > for (i = 0; group->gr_mem[i]; i++) > if (strcasecmp(string, group->gr_mem[i]) == 0) > return (YES); >+ } >+ /* Check if the user's login group matches token. */ >+ if ((pw = getpwnam(string)) != NULL) { >+ group = getgrgid(pw->pw_gid); >+ if (strcasecmp(tok, group->gr_name) == 0) { >+ return(YES); >+ } > } > return (NO); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=71848">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 104553
: 71848