pam_access: Support UID and GID in access.conf #186
Conversation
|
@t8m please take a look ,and let me know if there is any problem. |
|
|
Could you document the proposed extension in the manual page, please? |
blueskycs2c
force-pushed
the
access-pr
branch
2 times, most recently
from
59e12e5
to
b4cd702
Compare
@ldv-alt Thanks for you reply. |
modules/pam_access/pam_access.c
Outdated
| "user_match: tok=%s, item=%s", tok, item->user->pw_name); | ||
|
|
||
| memset(buf,0,BUFSIZ); | ||
| //tok is uid |
modules/pam_access/pam_access.c
Outdated
| "user_match: tok=%s, item=%s", tok, string); | ||
| "user_match: tok=%s, item=%s", tok, item->user->pw_name); | ||
|
|
||
| memset(buf,0,BUFSIZ); |
modules/pam_access/pam_access.c
Outdated
| @@ -511,14 +511,26 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, | |||
| static int | |||
| user_match (pam_handle_t *pamh, char *tok, struct login_info *item) | |||
| { | |||
| char *string = item->user->pw_name; | |||
| char *string = NULL ; | |||
modules/pam_access/pam_access.c
Outdated
|
|
||
| memset(buf,0,BUFSIZ); | ||
| //tok is uid | ||
| if(strspn(tok,"0123456789") == strlen(tok)) { |
modules/pam_access/pam_access.c
Outdated
| sprintf(buf, "%d", item->user->pw_uid); | ||
| if(item->debug) | ||
| pam_syslog(pamh, LOG_DEBUG, "user_match: tok = %s, uid= %d", tok , item->user->pw_uid); | ||
| string = buf ; |
modules/pam_access/pam_access.c
Outdated
| @@ -588,7 +601,16 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr, | |||
| memset(grptok, 0, BUFSIZ); | |||
| strncpy(grptok, tok + 1, strlen(tok) - 2); | |||
|
|
|||
| if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok)) | |||
| if(strspn(grptok, "0123456789") == strlen(grptok)) { | |||
modules/pam_access/pam_access.c
Outdated
| if(strspn(grptok, "0123456789") == strlen(grptok)) { | ||
| grpgid = atoi(grptok); | ||
|
|
||
| if(debug) |
modules/pam_access/pam_access.c
Outdated
|
|
||
| if(debug) | ||
| pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); | ||
| // tok is GID |
modules/pam_access/pam_access.c
Outdated
| if(debug) | ||
| pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); | ||
| // tok is GID | ||
| if(pam_modutil_user_in_group_nam_gid(pamh,usr,grpgid)) |
modules/pam_access/pam_access.c
Outdated
| grpgid = atoi(grptok); | ||
|
|
||
| if(debug) | ||
| pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid = %d,user= %s",grpgid,usr); |
@t8m Thanks for your reply! I have revise it. |
modules/pam_access/access.conf.5.xml
Outdated
| @@ -179,6 +179,11 @@ | |||
| </para> | |||
| <para>-:root:ALL</para> | |||
|
|
|||
| <para> | |||
| User with uid <emphasis>1003</emphasis> and group with gid <emphasis>1000</emphasis> should be allowed to get access | |||
There was a problem hiding this comment.
Please split this overly long line. Also should it be rather 'An user' and 'a group'?
modules/pam_access/pam_access.c
Outdated
| if (item->debug) | ||
| pam_syslog(pamh, LOG_DEBUG, "user_match: tok=%s, uid=%d", tok, item->user->pw_uid); | ||
| string = buf; | ||
|
|
modules/pam_access/pam_access.c
Outdated
| /* grptok is GID */ | ||
| if (strspn(grptok, "0123456789") == strlen(grptok)) { | ||
| grpgid = atoi(grptok); | ||
|
|
modules/pam_access/pam_access.c
Outdated
| pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid=%d, user=%s", grpgid, usr); | ||
| if (pam_modutil_user_in_group_nam_gid(pamh, usr, grpgid)) | ||
| return YES; | ||
|
|
modules/pam_access/pam_access.c
Outdated
| grpgid = atoi(grptok); | ||
|
|
||
| if (debug) | ||
| pam_syslog(pamh,LOG_DEBUG,"group_match:grpgid=%d, user=%s", grpgid, usr); |
There was a problem hiding this comment.
Please spaces after commas, and after ':'.
|
@t8m @blueskycs2c it appears that the review comments were addressed. Any reason this feature was not merged? Would be useful functionality. Please let me know if I can help. |
|
This needs to be rebased to resolve the conflict. I would approve it then. |
pam_access: Support UID and GID in access.conf fix #114.
eg:access.conf
-:ALL EXECPT (1000) 1002 :LOCAL