-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pam_access: Support UID and GID in access.conf #186
base: master
Are you sure you want to change the base?
Conversation
@t8m please take a look ,and let me know if there is any problem. |
|
Could you document the proposed extension in the manual page, please? |
59e12e5
to
b4cd702
Compare
@ldv-alt Thanks for you reply. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the formatting as it is really sloppy. Try to follow the style of the surrounding code.
modules/pam_access/pam_access.c
Outdated
"user_match: tok=%s, item=%s", tok, item->user->pw_name); | ||
|
||
memset(buf,0,BUFSIZ); | ||
//tok is uid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please no C++ style comments.
modules/pam_access/pam_access.c
Outdated
"user_match: tok=%s, item=%s", tok, string); | ||
"user_match: tok=%s, item=%s", tok, item->user->pw_name); | ||
|
||
memset(buf,0,BUFSIZ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please spaces after commas
modules/pam_access/pam_access.c
Outdated
@@ -511,14 +511,26 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, | |||
static int | |||
user_match (pam_handle_t *pamh, char *tok, struct login_info *item) | |||
{ | |||
char *string = item->user->pw_name; | |||
char *string = NULL ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please no space before ;
modules/pam_access/pam_access.c
Outdated
|
||
memset(buf,0,BUFSIZ); | ||
//tok is uid | ||
if(strspn(tok,"0123456789") == strlen(tok)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please space after if and comma
modules/pam_access/pam_access.c
Outdated
sprintf(buf, "%d", item->user->pw_uid); | ||
if(item->debug) | ||
pam_syslog(pamh, LOG_DEBUG, "user_match: tok = %s, uid= %d", tok , item->user->pw_uid); | ||
string = buf ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no space before ;
modules/pam_access/pam_access.c
Outdated
@@ -588,7 +601,16 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr, | |||
memset(grptok, 0, BUFSIZ); | |||
strncpy(grptok, tok + 1, strlen(tok) - 2); | |||
|
|||
if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok)) | |||
if(strspn(grptok, "0123456789") == strlen(grptok)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space after if
modules/pam_access/pam_access.c
Outdated
if(strspn(grptok, "0123456789") == strlen(grptok)) { | ||
grpgid = atoi(grptok); | ||
|
||
if(debug) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space after if
modules/pam_access/pam_access.c
Outdated
|
||
if(debug) | ||
pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); | ||
// tok is GID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No C++ style comments
modules/pam_access/pam_access.c
Outdated
if(debug) | ||
pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); | ||
// tok is GID | ||
if(pam_modutil_user_in_group_nam_gid(pamh,usr,grpgid)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space after if and after commas
modules/pam_access/pam_access.c
Outdated
grpgid = atoi(grptok); | ||
|
||
if(debug) | ||
pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
spaces after commas
@t8m Thanks for your reply! I have revise it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few more formatting nits.
modules/pam_access/access.conf.5.xml
Outdated
@@ -179,6 +179,11 @@ | |||
</para> | |||
<para>-:root:ALL</para> | |||
|
|||
<para> | |||
User with uid <emphasis>1003</emphasis> and group with gid <emphasis>1000</emphasis> should be allowed to get access |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please split this overly long line. Also should it be rather 'An user' and 'a group'?
modules/pam_access/pam_access.c
Outdated
if (item->debug) | ||
pam_syslog(pamh, LOG_DEBUG, "user_match: tok=%s, uid=%d", tok, item->user->pw_uid); | ||
string = buf; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please drop this empty line.
modules/pam_access/pam_access.c
Outdated
/* grptok is GID */ | ||
if (strspn(grptok, "0123456789") == strlen(grptok)) { | ||
grpgid = atoi(grptok); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please drop this empty line.
modules/pam_access/pam_access.c
Outdated
pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid=%d, user=%s", grpgid, usr); | ||
if (pam_modutil_user_in_group_nam_gid(pamh, usr, grpgid)) | ||
return YES; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please drop this empty line.
modules/pam_access/pam_access.c
Outdated
grpgid = atoi(grptok); | ||
|
||
if (debug) | ||
pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid=%d, user=%s", grpgid, usr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please spaces after commas, and after ':'.
@t8m @blueskycs2c it appears that the review comments were addressed. Any reason this feature was not merged? Would be useful functionality. Please let me know if I can help. |
This needs to be rebased to resolve the conflict. I would approve it then. |
pam_access: Support UID and GID in access.conf fix #114.
eg:access.conf
-:ALL EXECPT (1000) 1002 :LOCAL