summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2009-10-06 12:26:05 +0000
committerTomas Mraz <tm@t8m.info>2009-10-06 12:26:05 +0000
commit12d006be22f7e47cbce75c9891e3cf51ac030711 (patch)
tree4e9fcc7262d5120484b7738151ab24a9738cebf1
parentcc783fa9b252394af6d01799d2eb6db7cca75e3d (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2009-10-06 Tomas Mraz <t8m@centrum.cz> * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just call pam_modutil_user_in_group_nam_nam() instead of reimplementation of group matching.
-rw-r--r--ChangeLog6
-rw-r--r--modules/pam_listfile/pam_listfile.c76
2 files changed, 28 insertions, 54 deletions
diff --git a/ChangeLog b/ChangeLog
index 143fb2e9..f07b2d1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-10-06 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just
+ call pam_modutil_user_in_group_nam_nam() instead of reimplementation
+ of group matching.
+
2009-10-05 Kris Thomsen <lakristho@gmail.com>
* po/da.po: Updated translations.
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index dbd92058..f7ed9a40 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -82,7 +82,6 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* Stuff for "extended" items */
struct passwd *userinfo;
struct group *grpinfo;
- char *itemlist[256]; /* Maximum of 256 items */
apply_type=APPLY_TYPE_NULL;
memset(apply_val,0,sizeof(apply_val));
@@ -265,30 +264,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
if(extitem) {
switch(extitem) {
case EI_GROUP:
- userinfo = pam_modutil_getpwnam(pamh, citemp);
- if (userinfo == NULL) {
- pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
- citemp);
- free(ifname);
- return onerr;
- }
- grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid);
- if (grpinfo == NULL) {
- pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed",
- (int)userinfo->pw_gid);
- free(ifname);
- return onerr;
- }
- itemlist[0] = x_strdup(grpinfo->gr_name);
- setgrent();
- for (i=1; (i < (int)(sizeof(itemlist)/sizeof(itemlist[0])-1)) &&
- (grpinfo = getgrent()); ) {
- if (is_on_list(grpinfo->gr_mem,citemp)) {
- itemlist[i++] = x_strdup(grpinfo->gr_name);
- }
- }
- endgrent();
- itemlist[i] = NULL;
+ /* Just ignore, call pam_modutil_in_group... later */
break;
case EI_SHELL:
/* Assume that we have already gotten PAM_USER in
@@ -352,38 +328,30 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
assert(PAM_SUCCESS == 0);
assert(PAM_AUTH_ERR != 0);
#endif
- if(extitem == EI_GROUP) {
- while((fgets(aline,sizeof(aline),inf) != NULL)
- && retval) {
- if(strlen(aline) == 0)
- continue;
- if(aline[strlen(aline) - 1] == '\n')
- aline[strlen(aline) - 1] = '\0';
- for(i=0;itemlist[i];)
- /* If any of the items match, strcmp() == 0, and we get out
- of this loop */
- retval = (strcmp(aline,itemlist[i++]) && retval);
+ while((fgets(aline,sizeof(aline),inf) != NULL)
+ && retval) {
+ char *a = aline;
+
+ if(strlen(aline) == 0)
+ continue;
+ if(aline[strlen(aline) - 1] == '\n')
+ aline[strlen(aline) - 1] = '\0';
+ if(strlen(aline) == 0)
+ continue;
+ if(aline[strlen(aline) - 1] == '\r')
+ aline[strlen(aline) - 1] = '\0';
+ if(citem == PAM_TTY) {
+ if(strncmp(a, "/dev/", 5) == 0)
+ a += 5;
}
- for(i=0;itemlist[i];)
- free(itemlist[i++]);
- } else {
- while((fgets(aline,sizeof(aline),inf) != NULL)
- && retval) {
- char *a = aline;
- if(strlen(aline) == 0)
- continue;
- if(aline[strlen(aline) - 1] == '\n')
- aline[strlen(aline) - 1] = '\0';
- if(strlen(aline) == 0)
- continue;
- if(aline[strlen(aline) - 1] == '\r')
- aline[strlen(aline) - 1] = '\0';
- if(citem == PAM_TTY)
- if(strncmp(a, "/dev/", 5) == 0)
- a += 5;
- retval = strcmp(a,citemp);
+ if (extitem == EI_GROUP) {
+ retval = !pam_modutil_user_in_group_nam_nam(pamh,
+ citemp, aline);
+ } else {
+ retval = strcmp(a, citemp);
}
}
+
fclose(inf);
free(ifname);
if ((sense && retval) || (!sense && !retval)) {