[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/pam/FC-5 pam-0.99.4.0-succif-service.patch,NONE,1.1



Author: tmraz

Update of /cvs/dist/rpms/pam/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv9805

Added Files:
	pam-0.99.4.0-succif-service.patch 
Log Message:
* Tue Aug  1 2006 Tomas Mraz <tmraz redhat com> 0.99.5.0-5.fc5
- rebuild for FC5 - ainit back, dropped pam_namespace


pam-0.99.4.0-succif-service.patch:
 pam_succeed_if.8.xml |   27 ++++++++++++++++++++++++++-
 pam_succeed_if.c     |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 1 deletion(-)

--- NEW FILE pam-0.99.4.0-succif-service.patch ---
--- pam/modules/pam_succeed_if/pam_succeed_if.c.service	2006-02-24 20:17:59.000000000 +0100
+++ pam/modules/pam_succeed_if/pam_succeed_if.c	2006-06-29 17:25:25.000000000 +0200
@@ -184,6 +184,27 @@
 {
 	return (fnmatch(right, left, 0) != 0) ? PAM_SUCCESS : PAM_AUTH_ERR;
 }
+/* Check for list match. */
+static int
+evaluate_inlist(const char *left, const char *right)
+{
+	char *p;
+	if ((p=strstr(right, left)) == NULL)
+		return PAM_AUTH_ERR;
+	if (p == right || *(p-1) == ':') { /* ':' is a list separator */
+		p += strlen(left);
+		if (*p == '\0' || *p == ':') {
+		    return PAM_SUCCESS;
+		}
+	}
+	return PAM_AUTH_ERR;
+}
+/* Check for list mismatch. */
+static int
+evaluate_notinlist(const char *left, const char *right)
+{
+	return evaluate_inlist(left, right) != PAM_SUCCESS ? PAM_SUCCESS : PAM_AUTH_ERR;
+}
 /* Return PAM_SUCCESS if the user is in the group. */
 static int
 evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group)
@@ -250,6 +271,13 @@
 		snprintf(buf, sizeof(buf), "%s", pwd->pw_dir);
 		left = buf;
 	}
+	if (strcasecmp(left, "service") == 0) {
+		const void *svc;
+		if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS)
+			svc = "";
+		snprintf(buf, sizeof(buf), "%s", svc);
+		left = buf;
+	}
 	/* If we have no idea what's going on, return an error. */
 	if (left != buf) {
 		pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left);
@@ -305,6 +333,13 @@
 	    (strcasecmp(qual, "noglob") == 0)) {
 		return evaluate_noglob(left, right);
 	}
+	/* Attribute value matches item in list. */
+	if (strcasecmp(qual, "in") == 0) {
+		return evaluate_inlist(left, right);
+	}
+	if (strcasecmp(qual, "notin") == 0) {
+		return evaluate_notinlist(left, right);
+	}
 	/* User is in this group. */
 	if (strcasecmp(qual, "ingroup") == 0) {
 		return evaluate_ingroup(pamh, pwd->pw_name, right);
--- pam/modules/pam_succeed_if/pam_succeed_if.8.xml.service	2006-06-27 10:09:27.000000000 +0200
+++ pam/modules/pam_succeed_if/pam_succeed_if.8.xml	2006-06-29 17:11:50.000000000 +0200
@@ -97,7 +97,8 @@
     <para>
       Available fields are <emphasis>user</emphasis>,
       <emphasis>uid</emphasis>, <emphasis>gid</emphasis>,
-      <emphasis>shell</emphasis> and <emphasis>home</emphasis>:
+      <emphasis>shell</emphasis>, <emphasis>home</emphasis>
+      and <emphasis>service</emphasis>:
     </para>
 
     <variablelist>
@@ -176,6 +177,18 @@
         </listitem>
       </varlistentry>
       <varlistentry>
+        <term><option>field in item:item:...</option></term>
+        <listitem>
+          <para>Field is contained in the list of items separated by colons.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>field notin item:item:...</option></term>
+        <listitem>
+          <para>Field is not contained in the list of items separated by colons.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
         <term><option>user ingroup group</option></term>
         <listitem>
           <para>User is in given group.</para>
@@ -187,6 +200,18 @@
           <para>User is not in given group.</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><option>user innetgr netgroup</option></term>
+        <listitem>
+          <para>(user,host) is in given netgroup.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>user notinnetgr group</option></term>
+        <listitem>
+          <para>(user,host) is not in given netgroup.</para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]