Re: pam_access.so not recognizing host name in access.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26.01.2017 16:40, Josef Moellers wrote:
> Hi,
> The following specification in access.conf does not work as expected:
> -:username:ALL EXCEPT localhost
> The manual page access.conf.5 claims that the third field may contain
> host names, but the code only checks for numerical IP addresses by
> calling inet_pton().
> Is this desired behavior or am I missing something.
> I'm willing to write a patch.

I suspect that "tok" and "string" need to be swapped in the second half
of network_netmask_match():


Index: modules/pam_access/pam_access.c
===================================================================
--- modules/pam_access/pam_access.c.orig
+++ modules/pam_access/pam_access.c
@@ -742,12 +742,12 @@ network_netmask_match (pam_handle_t *pam
        }
     else
        /* NO, then check if it is only an addr */
-       if (isipaddr(tok, NULL, NULL) != YES)
+       if (isipaddr(string, NULL, NULL) != YES)
          {
            return NO;
          }

-    if (isipaddr(string, NULL, NULL) != YES)
+    if (isipaddr(tok, NULL, NULL) != YES)
       {
        /* Assume network/netmask with a name of a host.  */
        struct addrinfo hint;
@@ -759,7 +759,7 @@ network_netmask_match (pam_handle_t *pam
        if (item->gai_rv != 0)
            return NO;
        else if (!item->res &&
-               (item->gai_rv = getaddrinfo (string, NULL, &hint,
&item->res)) != 0)
+               (item->gai_rv = getaddrinfo (tok, NULL, &hint,
&item->res)) != 0)
            return NO;
         else
          {
@@ -775,7 +775,7 @@ network_netmask_match (pam_handle_t *pam
                        : (void *) &((struct sockaddr_in6 *)
runp->ai_addr)->sin6_addr,
                        buf, sizeof (buf));

-               if (are_addresses_equal(buf, tok, netmask_ptr))
+               if (are_addresses_equal(buf, string, netmask_ptr))
                  {
                    return YES;
                  }


Josef

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux