misc/112955: [patch] add netgroup support back to pam_login_access
A. Blake Cooper
blake at cluebie.net
Thu May 24 23:50:03 UTC 2007
>Number: 112955
>Category: misc
>Synopsis: [patch] add netgroup support back to pam_login_access
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 24 23:50:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: A. Blake Cooper
>Release: 6.2
>Organization:
>Environment:
FreeBSD xxx.com 6.2-STABLE FreeBSD 6.2-STABLE #1: Thu Feb 8 16:32:51 EST 2007 fred at xxx.com:/usr/src/sys/amd64/compile/XXX_COM amd64
>Description:
netgroup use in /etc/login.access(pam_login_access) has been broken since 5.0. Support was removed in rev. 1.5 of src/usr.bin/login/Attic/login_access.c . The comments don't directly state the reason for removal and /etc/login.access still lists '@netgroup' as a valid format for NIS netgroups.
>How-To-Repeat:
>Fix:
Attached is a patch that adds the netgroup support to pam_login_access. Based on src/lib/libpam/modules/pam_login_access/login_access.c rev 1.12.
Patch attached with submission follows:
--- /usr/src/lib/libpam/modules/pam_login_access/login_access.c Fri Mar 5 03:10:18 2004
+++ ./pam_login_access/login_access.c Tue Mar 13 00:36:38 2007
@@ -16,6 +16,7 @@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $");
+#include <sys/param.h>
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
@@ -146,8 +147,14 @@
netgroup_match(const char *group __unused,
const char *machine __unused, const char *user __unused)
{
- syslog(LOG_ERR, "NIS netgroup support not configured");
- return 0;
+ char yp_domain[MAXHOSTNAMELEN];
+
+ if (getdomainname(yp_domain, MAXHOSTNAMELEN) || strlen(yp_domain) == 0) {
+ syslog(LOG_ERR, "NIS netgroup support cannot obtain domainname of this machine.");
+ return (NO);
+ }
+
+ return (innetgr(group, machine, user, yp_domain));
}
/* user_match - match a username against one token */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list