summaryrefslogtreecommitdiff
path: root/modules/pam_access
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2016-11-01 15:17:54 +0100
committerTomas Mraz <tmraz@fedoraproject.org>2016-11-01 15:17:54 +0100
commit2fc2673d889a15f097acd8ae68fe9d292dea472d (patch)
tree80bd56befed5832272d9f67e63400e5b96a8e401 /modules/pam_access
parentdf673b9b2e174240f4a94388c4d58e5a6334d601 (diff)
pam_access: First check for the (group) match.
The (group) match is performed first to allow for groups containing '@'. * modules/pam_access/pam_access.c (user_match): First check for the (group) match.
Diffstat (limited to 'modules/pam_access')
-rw-r--r--modules/pam_access/pam_access.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 3ac1ad00..d6895788 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -516,7 +516,9 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
/* Try to split on a pattern (@*[^@]+)(@+.*) */
for (at = tok; *at == '@'; ++at);
- if ((at = strchr(at, '@')) != NULL) {
+ if (tok[0] == '(' && tok[strlen(tok) - 1] == ')') {
+ return (group_match (pamh, tok, string, item->debug));
+ } else if ((at = strchr(at, '@')) != NULL) {
/* split user@host pattern */
if (item->hostname == NULL)
return NO;
@@ -541,9 +543,7 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
hostname = item->hostname;
}
return (netgroup_match (pamh, tok + 1, hostname, string, item->debug));
- } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')')
- return (group_match (pamh, tok, string, item->debug));
- else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */
+ } else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */
return rv;
else if (item->only_new_group_syntax == NO &&
pam_modutil_user_in_group_nam_nam (pamh,