ETCDIR=$(DESTDIR)/etc
# for include files
INCDIR=$(DESTDIR)/include
+# Group that will have "root" access
+ADMIN_GRP=macadmin
# Root of man pages. Subdirectories will be
# ${MANDIR}/man1, ${MANDIR}/man4, and ${MANDIR}/man8.
MANDIR=$(DESTDIR)/man
# dh.h, and bn.h in $CRYPTODIR/include with -lcrypto in
# $CRYPTODIR/lib. NOTE: os x server will complain if you use both
# randnum exchange and DHX.
-CRYPTODIR=/usr/local/ssl
+# CRYPTODIR=/usr/local/ssl
# Location of the DES library and include files. Uncomment this out if
# you want Randnum Exchange and 2-Way Randnum Exchange as allowable
# Location of PAM support library and include files. Uncomment this if
# you want to enable PAM support.
-#PAMDIR=/usr
+PAMDIR=/usr
# Location of cracklib support library and include files. This is used
# in the password changing routines. Uncomment this out if you want to
esac; \
echo "Making $@ for $$ARCH..."; \
cd sys/$$ARCH && ${MAKE} ${MFLAGS} \
+ ADMIN_GRP="${ADMIN_GRP}" \
SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" RESDIR="${RESDIR}"\
ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \
DESTDIR="${DESTDIR}" MANDIR="${MANDIR}" \
${ALL}: FRC
cd $@; ${MAKE} ${MFLAGS} CC="${CC}" \
+ ADMIN_GRP="${ADMIN_GRP}" \
ADDLIBS="${ADDLIBS}" DEFS="${DEFS}" OPTOPTS="${OPTOPTS}" \
SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" RESDIR="${RESDIR}" \
ETCDIR="${ETCDIR}" LIBDIR="${LIBDIR}" INCDIR="${INCDIR}" \
nfsquota.o codepage.o quota.o uam.o afs.o
INCPATH= -I../../include ${AFSINCPATH}
-CFLAGS= ${DEFS} ${AFSDEFS} ${CAPDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME
+CFLAGS= ${DEFS} ${AFSDEFS} ${CAPDEFS} ${OPTOPTS} ${INCPATH} -DAPPLCNAME \
+ -DADMIN_GRP=\"${ADMIN_GRP}\"
+
LIBS = -latalk ${AFSLIBS} ${ADDLIBS} ${TCPWRAPLIBS} ${DB2LIBS} \
${RPCSVCLIB} ${AFPLIBS} ${PAMLIBS} ${LIBSHARED}
LIBDIRS= -L../../libatalk ${AFSLIBDIRS} ${TCPWRAPLIBDIRS} \
char nodename[256];
FILE *fp;
#endif /* CAPDIR */
+#ifdef ADMIN_GRP
+ struct group *grps;
+#endif ADMIN_GRP
if ( pwd->pw_uid == 0 ) { /* don't allow root login */
syslog( LOG_ERR, "login: root login denied!" );
syslog(LOG_ERR, "login: %m");
return AFPERR_BADUAM;
#endif
+#ifdef ADMIN_GRP
+ if ((grps = getgrnam(ADMIN_GRP)) != NULL) {
+ while (*(grps->gr_mem) != NULL) {
+ if (strcmp(pwd->pw_name, *grps->gr_mem) == 0) {
+ syslog(LOG_INFO, "User %s has admin privs, logging in as superuser.",
+ pwd->pw_name);
+ pwd->pw_gid = grps->gr_gid;
+ pwd->pw_uid = 0;
+ strcpy (pwd->pw_name, "root");
+ break;
+ }
+ *(grps->gr_mem)++;
+ }
+ }
+#endif ADMIN_GRP
+
}
if (setegid( pwd->pw_gid ) < 0 || seteuid( pwd->pw_uid ) < 0) {