← Back to branch summary

~ubuntu-branches/ubuntu/natty/cron/natty

« back to all changes in this revision

Viewing changes to misc.c

  • Committer: Bazaar Package Importer
  • Author(s): Scott James Remnant
  • Date: 2006-11-27 13:59:30 UTC
  • Revision ID: james.westby@ubuntu.com-20061127135930-c25unyvgkuxmku23
Tags: 3.0pl1-99ubuntu1
* Merge from debian unstable, remaining changes:
  - remove stop links from rc0 and rc6

Show diffs side-by-side

added added

removed removed

Lines of Context:
misc.c
35
35
#include <errno.h>
36
36
#include <string.h>
37
37
#include <fcntl.h>
 
38
#ifdef WITH_AUDIT
 
39
#include <libaudit.h>
 
40
#endif
38
41
#if defined(SYSLOG)
39
42
# include <syslog.h>
40
43
#endif
430
433
{
431
434
        static int      init = FALSE;
432
435
        static FILE     *allow, *deny;
433
 
 
 
436
        int     isallowed;
 
437
 
 
438
        /* Root cannot be denied execution of cron jobs even if in the
 
439
         * 'DENY_FILE' so we return inmediately */
 
440
        if (strcmp(username, ROOT_USER) == 0)
 
441
                return (TRUE);
 
442
 
 
443
        isallowed = FALSE;
 
444
#if defined(ALLOW_ONLY_ROOT)
 
445
        Debug(DMISC, "only root access is allowed")
 
446
#else
434
447
        if (!init) {
435
448
                init = TRUE;
436
449
#if defined(ALLOW_FILE) && defined(DENY_FILE)
443
456
#endif
444
457
        }
445
458
 
446
 
        if (allow)
447
 
                return (in_file(username, allow));
448
 
        if (deny)
449
 
                return (!in_file(username, deny));
 
459
        if (allow) 
 
460
                isallowed = in_file(username, allow);
 
461
        else
 
462
                isallowed = TRUE; /* Allow access if ALLOW_FILE does not exist */
 
463
        if (deny && !allow)
 
464
                isallowed = !in_file(username, deny);
 
465
#endif
450
466
 
451
 
#if defined(ALLOW_ONLY_ROOT)
452
 
        return (strcmp(username, ROOT_USER) == 0);
453
 
#else
454
 
        return TRUE;
 
467
#ifdef WITH_AUDIT
 
468
       /* Log an audit message if the user is rejected */ 
 
469
       if (isallowed == FALSE) {
 
470
               int audit_fd = audit_open();
 
471
               audit_log_user_message(audit_fd, AUDIT_USER_START, "cron deny",
 
472
                       NULL, NULL, NULL, 0);
 
473
               close(audit_fd);
 
474
       }
455
475
#endif
 
476
        return isallowed;
456
477
}
457
478
 
458
479