Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/libs/libpam/patches/0007-Check-if-innetgr-is-available-at-compile-time.patch
Yousong Zhou 9f35f2a9e5 libpam: bump to 1.2.0 
- Add configure options --disable-nis, --disable-regenerate-docu
 - 000-OE-libpam-xtests.patch is not relevant in OpenWrt
 - 001-no_nis.patch was dropped because we now --disable-nis
 - 002-no_yywrap.patch was dropped be cause it was fixed in 1.2.0
 - 003-no_doc was dropped because we ignore doc/ with
   --disable-regenreate-docu
 - 004-fix_lib64 was replaced by new 0001-build-use-host_cpu...
 - pam_rhosts will not be built with musl because ruserok{,_af{
   are not available
 - pam_lastlog will not be built with musl because logwtmp is missing

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2015-06-17 21:46:59 +08:00

106 lines
3.9 KiB
Diff
Raw Blame History

From 9e2fa22891a87592c1a04801623fea5be40cb581 Mon Sep 17 00:00:00 2001
From: Yousong Zhou <yszhou4tech@gmail.com>
Date: Wed, 17 Jun 2015 15:33:43 +0800
Subject: [PATCH 7/7] Check if innetgr is available at compile time.
innetgr may not be there so make sure that when innetgr is not present
then we inform about it and not use it.
* modules/pam_group/pam_group.c: ditto
* modules/pam_succeed_if/pam_succeed_if.c: ditto
* modules/pam_time/pam_time.c: ditto
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
---
modules/pam_group/pam_group.c | 4 ++++
modules/pam_succeed_if/pam_succeed_if.c | 17 +++++++++++++----
modules/pam_time/pam_time.c | 4 ++++
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index be5f20f..6a065ca 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -656,7 +656,11 @@ static int check_account(pam_handle_t *pamh, const char *service,
}
/* If buffer starts with @, we are using netgroups */
if (buffer[0] == '@')
+#ifdef HAVE_INNETGR
good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
+#endif
/* otherwise, if the buffer starts with %, it's a UNIX group */
else if (buffer[0] == '%')
good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index aa828fc..c0c68a0 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
}
/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
static int
-evaluate_innetgr(const char *host, const char *user, const char *group)
+evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
{
+#ifdef HAVE_INNETGR
if (innetgr(group, host, user, NULL) == 1)
return PAM_SUCCESS;
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
+
return PAM_AUTH_ERR;
}
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
static int
-evaluate_notinnetgr(const char *host, const char *user, const char *group)
+evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
{
+#ifdef HAVE_INNETGR
if (innetgr(group, host, user, NULL) == 0)
return PAM_SUCCESS;
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
return PAM_AUTH_ERR;
}
@@ -387,14 +396,14 @@ evaluate(pam_handle_t *pamh, int debug,
const void *rhost;
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
rhost = NULL;
- return evaluate_innetgr(rhost, user, right);
+ return evaluate_innetgr(pamh, rhost, user, right);
}
/* (Rhost, user) is not in this group. */
if (strcasecmp(qual, "notinnetgr") == 0) {
const void *rhost;
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
rhost = NULL;
- return evaluate_notinnetgr(rhost, user, right);
+ return evaluate_notinnetgr(pamh, rhost, user, right);
}
/* Fail closed. */
return PAM_SERVICE_ERR;
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index c94737c..0b34a14 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const char *service,
}
/* If buffer starts with @, we are using netgroups */
if (buffer[0] == '@')
+#ifdef HAVE_INNETGR
good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
+#endif
else
good &= logic_field(pamh, user, buffer, count, is_same);
D(("with user: %s", good ? "passes":"fails" ));
--
1.7.10.4
Reference in a new issue View git blame Copy permalink