/******************************************************************************/ /** *Rootuserlogincheck * *@paramcfg_secSesmansecurityconfig *@paramuserusername *@return0ifuserisrootandrootaccessesarenotallowed
*/ staticint
root_login_check(conststruct config_security *cfg_sec, constchar *user)
{ int rv = 0; if (cfg_sec->allow_root)
{
rv = 1;
} else
{ // Check the UID of the user isn't 0 int uid; if (g_getuser_info_by_name(user, &uid, NULL, NULL, NULL, NULL) != 0)
{
LOG(LOG_LEVEL_ERROR, "Can't get UID for user %s", user);
} elseif (0 == uid)
{
LOG(LOG_LEVEL_ERROR, "ROOT login attempted, but root login is disabled");
} else
{
rv = 1;
}
} return rv;
}
/******************************************************************************/ /** *Commonaccesscontrolforgroupchecks *@paramgroupGroupname *@paramparamWheregroupcomesfrom(e.g."TerminalServerUsers") *@paramalways_check_group0ifamissinggroupallowsalogin *@paramuserUsername
* @return != 0 if the access is allowed */
staticint
access_login_allowed_common(constchar *group, constchar *param, int always_check_group, constchar *user)
{ int rv = 0; int gid; int ok;
if (group == NULL || group[0] == '\0')
{ /* Group is not defined. Default access depends on whether
* we must have the group or not */ if (always_check_group)
{
LOG(LOG_LEVEL_ERROR, "%s group is not defined. Access denied for %s",
param, user);
} else
{
LOG(LOG_LEVEL_INFO, "%s group is not defined. Access granted for %s",
param, user);
rv = 1;
}
} elseif (g_getgroup_info(group, &gid) != 0)
{ /* Group is defined but doesn't exist. Default access depends
* on whether we must have the group or not */ if (always_check_group)
{
LOG(LOG_LEVEL_ERROR, "%s group %s doesn't exist. Access denied for %s",
param, group, user);
} else
{
LOG(LOG_LEVEL_INFO, "%s group %s doesn't exist. Access granted for %s",
param, group, user);
rv = 1;
}
} elseif (0 != g_check_user_in_group(user, gid, &ok))
{
LOG(LOG_LEVEL_ERROR, "Error checking %s group %s. " "Access denied for %s", param, group, user);
} elseif (!ok)
{
LOG(LOG_LEVEL_ERROR, "User %s is not in %s group %s. Access denied",
user, param, group);
} else
{
LOG(LOG_LEVEL_INFO, "User %s is in %s group %s. Access granted",
user, param, group);
rv = 1;
}
return rv;
}
/******************************************************************************/ int
access_login_allowed(conststruct config_security *cfg_sec, constchar *user)
{ int rv = 0;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.