Attachment #348214 for bug #469774

Lines 659-665 static int check_account(pam_handle_t *p Link Here

(-)Linux-PAM-1.1.3/modules/pam_group/pam_group.c (-1 / +5 lines)
659	}	659	}
660	/* If buffer starts with @, we are using netgroups */	660	/* If buffer starts with @, we are using netgroups */
661	if (buffer[0] == '@')	661	if (buffer[0] == '@')
662	good &= innetgr (&buffer[1], NULL, user, NULL);	662	#ifdef HAVE_INNETGR
		663	good &= innetgr (&buffer[1], NULL, user, NULL);
		664	#else
		665	pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
		666	#endif
663	/* otherwise, if the buffer starts with %, it's a UNIX group */	667	/* otherwise, if the buffer starts with %, it's a UNIX group */
664	else if (buffer[0] == '%')	668	else if (buffer[0] == '%')
665	good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);	669	good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);

Lines 555-563 check_account(pam_handle_t *pamh, const Link Here

(-)Linux-PAM-1.1.3/modules/pam_time/pam_time.c (-2 / +6 lines)
555	}	555	}
556	/* If buffer starts with @, we are using netgroups */	556	/* If buffer starts with @, we are using netgroups */
557	if (buffer[0] == '@')	557	if (buffer[0] == '@')
558	good &= innetgr (&buffer[1], NULL, user, NULL);	558	#ifdef HAVE_INNETGR
		559	good &= innetgr (&buffer[1], NULL, user, NULL);
		560	#else
		561	pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
		562	#endif
559	else	563	else
560	good &= logic_field(pamh, user, buffer, count, is_same);	564	good &= logic_field(pamh, user, buffer, count, is_same);
561	D(("with user: %s", good ? "passes":"fails" ));	565	D(("with user: %s", good ? "passes":"fails" ));
562		566
563	/* here we get the time field */	567	/* here we get the time field */

Lines 231-248 evaluate_notingroup(pam_handle_t *pamh, Link Here

(-)Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c (-4 / +13 lines)
231	}	231	}
232	/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */	232	/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
233	static int	233	static int
234	evaluate_innetgr(const char host, const char user, const char *group)	234	evaluate_innetgr(const pam_handle_t* pamh, const char host, const char user, const char *group)
235	{	235	{
		236	#ifdef HAVE_INNETGR
236	if (innetgr(group, host, user, NULL) == 1)	237	if (innetgr(group, host, user, NULL) == 1)
237	return PAM_SUCCESS;	238	return PAM_SUCCESS;
		239	#else
		240	pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
		241	#endif
		242
238	return PAM_AUTH_ERR;	243	return PAM_AUTH_ERR;
239	}	244	}
240	/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */	245	/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
241	static int	246	static int
242	evaluate_notinnetgr(const char host, const char user, const char *group)	247	evaluate_notinnetgr(const pam_handle_t* pamh, const char host, const char user, const char *group)
243	{	248	{
		249	#ifdef HAVE_INNETGR
244	if (innetgr(group, host, user, NULL) == 0)	250	if (innetgr(group, host, user, NULL) == 0)
245	return PAM_SUCCESS;	251	return PAM_SUCCESS;
		252	#else
		253	pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
		254	#endif
246	return PAM_AUTH_ERR;	255	return PAM_AUTH_ERR;
247	}	256	}
248		257
Lines 361-374 evaluate(pam_handle_t *pamh, int debug, Link Here
361	const void *rhost;	370	const void *rhost;
362	if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)	371	if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
363	rhost = NULL;	372	rhost = NULL;
364	return evaluate_innetgr(rhost, user, right);	373	return evaluate_innetgr(pamh, rhost, user, right);
365	}	374	}
366	/* (Rhost, user) is not in this group. */	375	/* (Rhost, user) is not in this group. */
367	if (strcasecmp(qual, "notinnetgr") == 0) {	376	if (strcasecmp(qual, "notinnetgr") == 0) {
368	const void *rhost;	377	const void *rhost;
369	if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)	378	if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
370	rhost = NULL;	379	rhost = NULL;
371	return evaluate_notinnetgr(rhost, user, right);	380	return evaluate_notinnetgr(pamh, rhost, user, right);
372	}	381	}
373	/* Fail closed. */	382	/* Fail closed. */
374	return PAM_SERVICE_ERR;	383	return PAM_SERVICE_ERR;

Return to bug 469774