Date: Thu, 24 May 2007 23:47:25 GMT From: "A. Blake Cooper"<blake@cluebie.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/112955: [patch] add netgroup support back to pam_login_access Message-ID: <200705242347.l4ONlP3L031238@www.freebsd.org> Resent-Message-ID: <200705242350.l4ONo3E8043462@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 112955 >Category: misc >Synopsis: [patch] add netgroup support back to pam_login_access >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 24 23:50:03 GMT 2007 >Closed-Date: >Last-Modified: >Originator: A. Blake Cooper >Release: 6.2 >Organization: >Environment: FreeBSD xxx.com 6.2-STABLE FreeBSD 6.2-STABLE #1: Thu Feb 8 16:32:51 EST 2007 fred@xxx.com:/usr/src/sys/amd64/compile/XXX_COM amd64 >Description: netgroup use in /etc/login.access(pam_login_access) has been broken since 5.0. Support was removed in rev. 1.5 of src/usr.bin/login/Attic/login_access.c . The comments don't directly state the reason for removal and /etc/login.access still lists '@netgroup' as a valid format for NIS netgroups. >How-To-Repeat: >Fix: Attached is a patch that adds the netgroup support to pam_login_access. Based on src/lib/libpam/modules/pam_login_access/login_access.c rev 1.12. Patch attached with submission follows: --- /usr/src/lib/libpam/modules/pam_login_access/login_access.c Fri Mar 5 03:10:18 2004 +++ ./pam_login_access/login_access.c Tue Mar 13 00:36:38 2007 @@ -16,6 +16,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_login_access/login_access.c,v 1.12 2004/03/05 08:10:18 markm Exp $"); +#include <sys/param.h> #include <sys/types.h> #include <ctype.h> #include <errno.h> @@ -146,8 +147,14 @@ netgroup_match(const char *group __unused, const char *machine __unused, const char *user __unused) { - syslog(LOG_ERR, "NIS netgroup support not configured"); - return 0; + char yp_domain[MAXHOSTNAMELEN]; + + if (getdomainname(yp_domain, MAXHOSTNAMELEN) || strlen(yp_domain) == 0) { + syslog(LOG_ERR, "NIS netgroup support cannot obtain domainname of this machine."); + return (NO); + } + + return (innetgr(group, machine, user, yp_domain)); } /* user_match - match a username against one token */ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705242347.l4ONlP3L031238>