From: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
Date: Thu, 9 May 2002 12:02:06 +0000 (+0000)
Subject: Relevant BUGIDs: 533664
X-Git-Tag: Linux-PAM-0-76~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e68e9857b9b6b2883a07d939a5ba1dc84147b8e0;p=linux-pam

Relevant BUGIDs: 533664

Purpose of commit: new feature

Commit summary:
---------------
added '%' domain for maxlogins limiting, now '*' and @group have
the old meaning (every) and '%' the new one (all)
---

diff --git a/CHANGELOG b/CHANGELOG
index 4948535b..4d3dbaab 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -55,6 +55,9 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_limits: added '%' domain for maxlogins limiting, now '*' and @group
+  have the old meaning (every) and '%' the new one (all)
+  (Bug 533664 - baggins)
 * pam_limits: put not so interesting log messages under debug arg
   (Bug 533668 - baggins)
 * pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan),
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 71727f51..6837fdef 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -46,6 +46,8 @@
 #define LIMITS_DEF_GROUP    1 /* limit was set by a group entry */
 #define LIMITS_DEF_DEFAULT  2 /* limit was set by an default entry */
 #define LIMITS_DEF_NONE     3 /* this limit was not set yet */
+#define LIMITS_DEF_ALL      4 /* limit was set by an default entry */
+#define LIMITS_DEF_ALLGROUP 5 /* limit was set by a group entry */
 
 static const char *limits_def_names[] = {
        "USER",
@@ -243,12 +245,13 @@ static int check_logins(const char *name, int limit, int ctrl,
             continue;
 	}
         if (!pl->flag_numsyslogins) {
-	    if (((pl->login_limit_def == LIMITS_DEF_USER) ||
-		 (pl->login_limit_def == LIMITS_DEF_DEFAULT))
+	    if (((pl->login_limit_def == LIMITS_DEF_USER)
+	         || (pl->login_limit_def == LIMITS_DEF_GROUP)
+		 || (pl->login_limit_def == LIMITS_DEF_DEFAULT))
 		&& strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) {
                 continue;
 	    }
-	    if ((pl->login_limit_def == LIMITS_DEF_GROUP)
+	    if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP)
 		&& !is_in_group(ut->UT_USER, name)) {
                 continue;
 	    }
@@ -382,7 +385,16 @@ static void process_limit(int source, const char *lim_type,
             } else
                 limit_value = -1;
     }
-    
+
+    /* one more special case when limiting logins */
+    if ((source == LIMITS_DEF_ALL || source == LIMITS_DEF_ALLGROUP)
+		&& (limit_item != LIMIT_LOGIN)) {
+	if (ctrl & PAM_DEBUG_ARG)
+	    _pam_log(LOG_DEBUG,
+			"'%%' domain valid for maxlogins type only");
+	return;
+    }
+
     switch(limit_item) {
         case RLIMIT_CPU:
             limit_value *= 60;
@@ -512,6 +524,17 @@ static int parse_config_file(const char *uname, int ctrl,
                 if (is_in_group(uname, domain+1))
                     process_limit(LIMITS_DEF_GROUP, ltype, item, value, ctrl,
 				  pl);
+            } else if (domain[0]=='%') {
+		    if (ctrl & PAM_DEBUG_ARG) {
+			_pam_log(LOG_DEBUG, "checking if %s is in group %s",
+			 	uname, domain + 1);
+		    }
+		if (strcmp(domain,"%") == 0)
+		    process_limit(LIMITS_DEF_ALL, ltype, item, value, ctrl,
+				  pl);
+		else if (is_in_group(uname, domain+1))
+                    process_limit(LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl,
+				  pl);
             } else if (strcmp(domain, "*") == 0)
                 process_limit(LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
 			      pl);