0.76: please submit patches for this section with actual code/doc
patches!
+* pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan),
+ made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan).
* pam_limits: keep well know behaviour of maxlogins default ('*') limit
(Bug 533664 - baggins)
* pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan)
<tag><bf>Maintainer:</bf></tag>
-Author
-
<tag><bf>Management groups provided:</bf></tag>
account
<tag><bf>Recognized arguments:</bf></tag>
-<tt>accessfile=<it>/path/to/file.conf</it></tt>
+<tt>accessfile=<it>/path/to/file.conf</it></tt>;
+<tt>fieldsep=<it>separators</it></tt>
<tag><bf>Description:</bf></tag>
indicate an alternative <em/access/ configuration file to override
the default. This can be useful when different services need different
access lists.
-
+
+<item><tt>fieldsep=<it>separators</it></tt> -
+this option modifies the field separator character that
+<tt/pam_access/ will recognize when parsing the access configuration
+file. For example: <tt>fieldsep=|</tt> will cause the default `:'
+character to be treated as part of a field value and `|' becomes the
+field separator. Doing this is useful in conjuction with a system that
+wants to use pam_access with X based applications, since the
+<tt/PAM_TTY/ item is likely to be of the form "hostname:0" which
+includes a `:' character in its value.
+
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
#
# Format of the login access control table is three fields separated by a
# ":" character:
+#
+# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
+# module, you can change the field separation character to be
+# '|'. This is useful for configurations where you are trying to use
+# pam_access with X applications that provide PAM_TTY values that are
+# the display variable like "host:0".]
#
# permission : users : origins
#
/* Delimiters for fields and for lists of users, ttys or hosts. */
-static const char fs[] = ":"; /* field separator */
+static const char *fs = ":"; /* field separator */
static const char sep[] = ", \t"; /* list-element separator */
/* Constants to be used in assignments only, not in comparisons... */
int i;
for (i=0; i<argc; ++i) {
- if (!strncmp("accessfile=", argv[i], 11)) {
+ if (!strncmp("fieldsep=", argv[i], 9)) {
+
+ /* the admin wants to override the default field separators */
+ fs = argv[i]+9;
+
+ } else if (!strncmp("accessfile=", argv[i], 11)) {
FILE *fp = fopen(11 + argv[i], "r");
if (fp) {
return PAM_ABORT;
}
- if (from==NULL) {
+ if ((from==NULL) || (*from=='\0')) {
/* local login, set tty name */
projects / linux-pam / commitdiff