Lines 231-248
evaluate_notingroup(pam_handle_t *pamh,
Link Here
|
231 |
} |
231 |
} |
232 |
/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ |
232 |
/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ |
233 |
static int |
233 |
static int |
234 |
evaluate_innetgr(const char *host, const char *user, const char *group) |
234 |
evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) |
235 |
{ |
235 |
{ |
|
|
236 |
#ifdef HAVE_INNETGR |
236 |
if (innetgr(group, host, user, NULL) == 1) |
237 |
if (innetgr(group, host, user, NULL) == 1) |
237 |
return PAM_SUCCESS; |
238 |
return PAM_SUCCESS; |
|
|
239 |
#else |
240 |
pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support"); |
241 |
#endif |
242 |
|
238 |
return PAM_AUTH_ERR; |
243 |
return PAM_AUTH_ERR; |
239 |
} |
244 |
} |
240 |
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ |
245 |
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ |
241 |
static int |
246 |
static int |
242 |
evaluate_notinnetgr(const char *host, const char *user, const char *group) |
247 |
evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) |
243 |
{ |
248 |
{ |
|
|
249 |
#ifdef HAVE_INNETGR |
244 |
if (innetgr(group, host, user, NULL) == 0) |
250 |
if (innetgr(group, host, user, NULL) == 0) |
245 |
return PAM_SUCCESS; |
251 |
return PAM_SUCCESS; |
|
|
252 |
#else |
253 |
pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support"); |
254 |
#endif |
246 |
return PAM_AUTH_ERR; |
255 |
return PAM_AUTH_ERR; |
247 |
} |
256 |
} |
248 |
|
257 |
|
Lines 361-374
evaluate(pam_handle_t *pamh, int debug,
Link Here
|
361 |
const void *rhost; |
370 |
const void *rhost; |
362 |
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) |
371 |
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) |
363 |
rhost = NULL; |
372 |
rhost = NULL; |
364 |
return evaluate_innetgr(rhost, user, right); |
373 |
return evaluate_innetgr(pamh, rhost, user, right); |
365 |
} |
374 |
} |
366 |
/* (Rhost, user) is not in this group. */ |
375 |
/* (Rhost, user) is not in this group. */ |
367 |
if (strcasecmp(qual, "notinnetgr") == 0) { |
376 |
if (strcasecmp(qual, "notinnetgr") == 0) { |
368 |
const void *rhost; |
377 |
const void *rhost; |
369 |
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) |
378 |
if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) |
370 |
rhost = NULL; |
379 |
rhost = NULL; |
371 |
return evaluate_notinnetgr(rhost, user, right); |
380 |
return evaluate_notinnetgr(pamh, rhost, user, right); |
372 |
} |
381 |
} |
373 |
/* Fail closed. */ |
382 |
/* Fail closed. */ |
374 |
return PAM_SERVICE_ERR; |
383 |
return PAM_SERVICE_ERR; |