static int user_match(char *tok, struct login_info *item) { char *string = item->user->pw_name; struct login_info fake_item; struct group *group; int i; char *at; /* * If a token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the username, if the * token is a group that contains the username, or if the token is the * name of the user's primary group. */ if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ *at = 0; fake_item.from = myhostname(); return (user_match(tok, item) && from_match(at + 1, &fake_item)); } else if (tok[0] == '@') { /* netgroup */ return (netgroup_match(tok + 1, (char *) 0, string)); } else if (string_match(tok, string)) { /* ALL or exact match */ return (YES); } else if ((group = getgrnam(tok))) { /* try group membership */ if (item->user->pw_gid == group->gr_gid) return (YES); for (i = 0; group->gr_mem[i]; i++) if (strcasecmp(string, group->gr_mem[i]) == 0) return (YES); } return (NO); }
static int user_match (pam_handle_t *pamh, char *tok, struct login_info *item) { char *string = item->user->pw_name; struct login_info fake_item; char *at; int rv; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "user_match: tok=%s, item=%s", tok, string); /* * If a token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the username, if the * token is a group that contains the username, or if the token is the * name of the user's primary group. */ /* Try to split on a pattern (@*[^@]+)(@+.*) */ for (at = tok; *at == '@'; ++at); if ((at = strchr(at, '@')) != NULL) { /* split user@host pattern */ if (item->hostname == NULL) return NO; memcpy (&fake_item, item, sizeof(fake_item)); fake_item.from = item->hostname; fake_item.gai_rv = 0; fake_item.res = NULL; fake_item.from_remote_host = 1; /* hostname should be resolvable */ *at = 0; if (!user_match (pamh, tok, item)) return NO; rv = from_match (pamh, at + 1, &fake_item); if (fake_item.gai_rv == 0 && fake_item.res) freeaddrinfo(fake_item.res); return rv; } else if (tok[0] == '@') { /* netgroup */ const char *hostname = NULL; if (tok[1] == '@') { /* add hostname to netgroup match */ if (item->hostname == NULL) return NO; ++tok; hostname = item->hostname; } return (netgroup_match (pamh, tok + 1, hostname, string, item->debug)); } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')') return (group_match (pamh, tok, string, item->debug)); else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */ return rv; else if (item->only_new_group_syntax == NO && pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) /* try group membership */ return YES; return NO; }
/* user_match - match a username against one token */ static bool user_match (const char *tok, const char *string) { struct group *group; #ifdef PRIMARY_GROUP_MATCH struct passwd *userinf; #endif char *at; /* * If a token has the magic value "ALL" the match always succeeds. * Otherwise, return true if the token fully matches the username, or if * the token is a group that contains the username. */ at = strchr (tok + 1, '@'); if (NULL != at) { /* split user@host pattern */ *at = '\0'; return ( user_match (tok, string) && from_match (at + 1, myhostname ())); #if HAVE_INNETGR } else if (tok[0] == '@') { /* netgroup */ return (netgroup_match (tok + 1, (char *) 0, string)); #endif } else if (string_match (tok, string)) { /* ALL or exact match */ return true; /* local, no need for xgetgrnam */ } else if ((group = getgrnam (tok)) != NULL) { /* try group membership */ int i; for (i = 0; NULL != group->gr_mem[i]; i++) { if (strcasecmp (string, group->gr_mem[i]) == 0) { return true; } } #ifdef PRIMARY_GROUP_MATCH /* * If the string is an user whose initial GID matches the token, * accept it. May avoid excessively long lines in /etc/group. * Radu-Adrian Feurdean <*****@*****.**> * * XXX - disabled by default for now. Need to verify that * getpwnam() doesn't have some nasty side effects. --marekm */ /* local, no need for xgetpwnam */ userinf = getpwnam (string); if (NULL != userinf) { if (userinf->pw_gid == group->gr_gid) { return true; } } #endif } return false; }
static int user_match (pam_handle_t *pamh, char *tok, struct login_info *item) { char *string = item->user->pw_name; struct login_info fake_item; char *at; int rv; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "user_match: tok=%s, item=%s", tok, string); /* * If a token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the username, if the * token is a group that contains the username, or if the token is the * name of the user's primary group. */ if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ if (item->hostname == NULL) return NO; fake_item.from = item->hostname; *at = 0; return (user_match (pamh, tok, item) && from_match (pamh, at + 1, &fake_item)); } else if (tok[0] == '@') { /* netgroup */ const char *hostname = NULL; if (tok[1] == '@') { /* add hostname to netgroup match */ if (item->hostname == NULL) return NO; ++tok; hostname = item->hostname; } return (netgroup_match (pamh, tok + 1, hostname, string, item->debug)); } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')') return (group_match (pamh, tok, string, item->debug)); else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */ return rv; else if (item->only_new_group_syntax == NO && pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) /* try group membership */ return YES; return NO; }
soulB::checks_returns soulCH::acl_checks(char *acl) { /* Run checks for ACL if they exist in confile file */ soulB::checks_returns return_value = CONTINUE; if ((db_io->do_exist(users_file,0,acl,NULL)) == TRUE) if(return_value = user_match(acl)) return return_value; if ((db_io->do_exist(ext_file,0,acl,NULL)) == TRUE) if(return_value = extensions_match(acl)) return return_value; if ((db_io->do_exist(key_file,0,acl,NULL)) == TRUE) if(return_value = keyword_match(acl)) return return_value; if ((db_io->do_exist(prob_file,0,acl,NULL)) == TRUE) if(return_value = prob_match(acl)) return return_value; if ((db_io->do_exist(textdom_file,0,acl,NULL)) == TRUE) if(return_value = db_match(acl,DOMAINS)) return return_value; if ((db_io->do_exist(texturl_file,0,acl,NULL)) == TRUE) if(return_value = db_match(acl,URLS)) return return_value; return CONTINUE; }
int match(llist *l) { // Are we within time range? if (start_time == 0 || l->e.sec >= start_time) { if (end_time == 0 || l->e.sec <= end_time) { if (event_id == -1 || event_id == l->e.serial) { // OK - do the heavier checking if (extract_search_items(l)) { return 0; } // perform additional tests for the field if (event_node_list) { const snode *sn; int found=0; slist *sptr = event_node_list; if (l->e.node == NULL) return 0; slist_first(sptr); sn=slist_get_cur(sptr); while (sn && !found) { if (sn->str && (!strcmp(sn->str, l->e.node))) found++; else sn=slist_next(sptr); } if (!found) return 0; } if (user_match(l) == 0) return 0; if (group_match(l) == 0) return 0; if ((event_ppid != -1) && (event_ppid != l->s.ppid)) return 0; if ((event_pid != -1) && (event_pid != l->s.pid)) return 0; if (event_machine != -1 && (event_machine != audit_elf_to_machine(l->s.arch))) return 0; if ((event_syscall != -1) && (event_syscall != l->s.syscall)) return 0; if ((event_session_id != -2) && (event_session_id != l->s.session_id)) return 0; if (event_exit_is_set) { if (l->s.exit_is_set == 0) return 0; if (event_exit != l->s.exit) return 0; } if ((event_success != S_UNSET) && (event_success != l->s.success)) return 0; // event_type requires looking at each item if (event_type != NULL) { int found = 0; const lnode *n; list_first(l); n = list_get_cur(l); do { int_node *in; ilist_first(event_type); in = ilist_get_cur(event_type); do { if (in->num == n->type){ found = 1; break; } } while((in = ilist_next(event_type))); if (found) break; } while ((n = list_next(l))); if (!found) return 0; } // Done all the easy compares, now do the // string searches. if (event_filename) { int found = 0; if (l->s.filename == NULL && l->s.cwd == NULL) return 0; if (l->s.filename) { const snode *sn; slist *sptr = l->s.filename; slist_first(sptr); sn=slist_get_cur(sptr); do { if (sn->str == NULL) return 0; if (strmatch( event_filename, sn->str)) { found = 1; break; } } while ((sn=slist_next(sptr))); if (!found && l->s.cwd == NULL) return 0; } if (l->s.cwd && !found) { /* Check cwd, too */ if (strmatch(event_filename, l->s.cwd) == 0) return 0; } } if (event_hostname) { if (l->s.hostname == NULL) return 0; if (strmatch(event_hostname, l->s.hostname) == 0) return 0; } if (event_terminal) { if (l->s.terminal == NULL) return 0; if (strmatch(event_terminal, l->s.terminal) == 0) return 0; } if (event_exe) { if (l->s.exe == NULL) return 0; if (strmatch(event_exe, l->s.exe) == 0) return 0; } if (event_comm) { if (l->s.comm == NULL) return 0; if (strmatch(event_comm, l->s.comm) == 0) return 0; } if (event_key) { if (l->s.key == NULL) return 0; else { int found = 0; const snode *sn; slist *sptr = l->s.key; slist_first(sptr); sn=slist_get_cur(sptr); do { if (sn->str == NULL) return 0; if (strmatch( event_key, sn->str)) { found = 1; break; } } while ((sn=slist_next(sptr))); if (!found) return 0; } } if (event_vmname) { if (l->s.vmname == NULL) return 0; if (strmatch(event_vmname, l->s.vmname) == 0) return 0; } if (event_uuid) { if (l->s.uuid == NULL) return 0; if (strmatch(event_uuid, l->s.uuid) == 0) return 0; } if (context_match(l) == 0) return 0; return 1; } } } return 0; }