diff options
Diffstat (limited to 'contrib/libpam/modules/pam_group')
| -rw-r--r-- | contrib/libpam/modules/pam_group/Makefile | 113 | ||||
| -rw-r--r-- | contrib/libpam/modules/pam_group/group.conf | 2 | ||||
| -rw-r--r-- | contrib/libpam/modules/pam_group/pam_group.c | 41 |
3 files changed, 25 insertions, 131 deletions
diff --git a/contrib/libpam/modules/pam_group/Makefile b/contrib/libpam/modules/pam_group/Makefile index 5db53ccf1133f..afa888803315a 100644 --- a/contrib/libpam/modules/pam_group/Makefile +++ b/contrib/libpam/modules/pam_group/Makefile @@ -1,114 +1,21 @@ -# -# $Id: Makefile,v 1.6 1997/04/05 06:39:56 morgan Exp morgan $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know # what you are doing!). # -# $Log: Makefile,v $ -# Revision 1.6 1997/04/05 06:39:56 morgan -# fakeroot -# -# Revision 1.5 1997/01/04 20:28:47 morgan -# compile with and without libpwdb -# -# Revision 1.4 1996/11/10 20:13:18 morgan -# cross platform support -# -# Created by Andrew Morgan <morgan@parc.power.net> 1996/6/11 -# - -TITLE=pam_group -CONFD=$(CONFIGED)/security -export CONFD -CONFILE=$(CONFD)/group.conf -export CONFILE - -# -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -LIBOBJS = $(addprefix static/,$(LIBOBJ)) +include ../../Make.Rules -DEFS=-DCONFILE=\"$(CONFILE)\" -ifndef STATIC -ifeq ($(HAVE_PWDBLIB),yes) - DEFS+=-DWANT_PWDB - ELIBS=-lpwdb -endif -endif +TITLE=pam_group +LOCAL_CONFILE=./group.conf +INSTALLED_CONFILE=$(SCONFIGD)/group.conf +DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\" CFLAGS += $(DEFS) -dynamic/%.o : %.c - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -static/%.o : %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - - -ifdef DYNAMIC -LIBSHARED = $(TITLE).so -endif -ifdef STATIC -LIBSTATIC = lib$(TITLE).o -endif - -####################### don't edit below ####################### - -dummy: - @echo "**** This is not a top-level Makefile " - exit - -all: dirs $(LIBSHARED) $(LIBSTATIC) register - -dirs: -ifdef DYNAMIC - $(MKDIR) ./dynamic -endif -ifdef STATIC - $(MKDIR) ./static -endif - -register: -ifdef STATIC - ( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) ) -endif - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) - -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) $(ELIBS) -endif - -ifdef STATIC -$(LIBOBJS): $(LIBSRC) - -$(LIBSTATIC): $(LIBOBJS) - $(LD) -r -o $@ $(LIBOBJS) $(ELIBS) -endif - -install: all -ifdef DYNAMIC - $(MKDIR) $(FAKEROOT)$(SECUREDIR) - $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) -endif - $(MKDIR) $(FAKEROOT)$(SCONFIGED) - bash -f ./install_conf - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so - rm -f $(FAKEROOT)$(CONFILE) - -clean: - rm -f $(LIBOBJD) $(LIBOBJS) core *~ - rm -f ./.ignore_age - -extraclean: clean - rm -f *.a *.o *.so *.bak - -.c.o: - $(CC) $(CFLAGS) -c $< +MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" +MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) +MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age +include ../Simple.Rules diff --git a/contrib/libpam/modules/pam_group/group.conf b/contrib/libpam/modules/pam_group/group.conf index bdd76adbe68fa..e721b9907eea4 100644 --- a/contrib/libpam/modules/pam_group/group.conf +++ b/contrib/libpam/modules/pam_group/group.conf @@ -10,7 +10,7 @@ # *** NOT inherently secure. If a user can create an executable that # *** is setgid a group that they are infrequently given membership # *** of, they can basically obtain group membership any time they -# *** like. Example: games are alowed between the hours of 6pm and 6am +# *** like. Example: games are allowed between the hours of 6pm and 6am # *** user joe logs in at 7pm writes a small C-program toplay.c that # *** invokes their favorite shell, compiles it and does # *** "chgrp games toplay; chmod g+s toplay". They are basically able diff --git a/contrib/libpam/modules/pam_group/pam_group.c b/contrib/libpam/modules/pam_group/pam_group.c index 9e2cf885e9cf2..2d04119ad88ad 100644 --- a/contrib/libpam/modules/pam_group/pam_group.c +++ b/contrib/libpam/modules/pam_group/pam_group.c @@ -1,32 +1,17 @@ /* pam_group module */ /* - * $Id: pam_group.c,v 1.7 1997/02/15 17:31:48 morgan Exp morgan $ + * $Id: pam_group.c,v 1.3 2000/11/26 07:32:39 agmorgan Exp $ * - * Written by Andrew Morgan <morgan@parc.power.net> 1996/7/6 - * - * $Log: pam_group.c,v $ - * Revision 1.7 1997/02/15 17:31:48 morgan - * time parsing more robust - * - * Revision 1.6 1997/01/04 21:57:49 morgan - * fixed warning about setgroups not being defined - * - * Revision 1.5 1997/01/04 20:26:49 morgan - * can be compiled with and without libpwdb. fixed buffer underwriting - * pays attention to PAM_CRED flags(!) - * - * Revision 1.4 1996/12/01 02:54:37 morgan - * mostly debugging now uses D(()) - * - * Revision 1.3 1996/11/10 21:01:22 morgan - * compatability and pam_get_user changes + * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/7/6 */ const static char rcsid[] = -"$Id: pam_group.c,v 1.7 1997/02/15 17:31:48 morgan Exp morgan $;\n" +"$Id: pam_group.c,v 1.3 2000/11/26 07:32:39 agmorgan Exp $;\n" "Version 0.5 for Linux-PAM\n" -"Copyright (c) Andrew G. Morgan 1996 <morgan@parc.power.net>\n"; +"Copyright (c) Andrew G. Morgan 1996 <morgan@linux.kernel.org>\n"; + +#define _BSD_SOURCE #include <sys/file.h> #include <stdio.h> @@ -38,17 +23,16 @@ const static char rcsid[] = #include <syslog.h> #include <string.h> -#define __USE_BSD #include <grp.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#ifdef WANT_PWDB -#include <pwdb/pwdb_public.h> +#ifdef DEFAULT_CONF_FILE +# define PAM_GROUP_CONF DEFAULT_CONF_FILE /* from external define */ +#else +# define PAM_GROUP_CONF "/etc/security/group.conf" #endif - -#define PAM_GROUP_CONF CONFILE /* from external define */ #define PAM_GROUP_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ @@ -137,6 +121,7 @@ static int read_field(int fd, char **buf, int *from, int *to) _log_err("error reading " PAM_GROUP_CONF); return -1; } else if (!i) { + close(fd); fd = -1; /* end of file reached */ } else *to += i; @@ -180,6 +165,8 @@ static int read_field(int fd, char **buf, int *from, int *to) if ((*buf)[i+1] == '\n') { shift_bytes(i + *buf, 2, *to - (i+2)); *to -= 2; + } else { + ++i; /* we don't escape non-newline characters */ } break; case '!': @@ -260,7 +247,7 @@ static int logic_member(const char *string, int *at) default: if (isalpha(c) || c == '*' || isdigit(c) || c == '_' - || c == '-' || c == '.') { + || c == '-' || c == '.' || c == '/') { token = 1; } else if (token) { --to; |