1 files changed, 12 insertions, 38 deletions
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index a025ebaf..5eb7b82f 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -44,23 +44,11 @@
 #include <security/pam_ext.h>
 #include "pam_inline.h"
 
-/* checks if a user is on a list of members of the GID 0 group */
-static int is_on_list(char * const *list, const char *member)
-{
-    while (list && *list) {
-        if (strcmp(*list, member) == 0)
-            return 1;
-        list++;
-    }
-    return 0;
-}
-
 /* argument parsing */
 
 #define PAM_DEBUG_ARG       0x0001
-#define PAM_USE_UID_ARG     0x0002
-#define PAM_TRUST_ARG       0x0004
-#define PAM_DENY_ARG        0x0010
+#define PAM_TRUST_ARG       0x0002
+#define PAM_DENY_ARG        0x0004
 #define PAM_ROOT_ONLY_ARG   0x0020
 
 static int
@@ -79,8 +67,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 
           if (!strcmp(*argv,"debug"))
                ctrl |= PAM_DEBUG_ARG;
-          else if (!strcmp(*argv,"use_uid"))
-               ctrl |= PAM_USE_UID_ARG;
+          else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */
           else if (!strcmp(*argv,"trust"))
                ctrl |= PAM_TRUST_ARG;
           else if (!strcmp(*argv,"deny"))
@@ -129,27 +116,14 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
         }
     }
 
-    if (ctrl & PAM_USE_UID_ARG) {
-	tpwd = pam_modutil_getpwuid (pamh, getuid());
-	if (!tpwd) {
-	    if (ctrl & PAM_DEBUG_ARG) {
-                pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-	    }
-	    return PAM_SERVICE_ERR;
-	}
-	fromsu = tpwd->pw_name;
-    } else {
-	fromsu = pam_modutil_getlogin(pamh);
-	if (fromsu) {
-	    tpwd = pam_modutil_getpwnam (pamh, fromsu);
-	}
-	if (!fromsu || !tpwd) {
-	    if (ctrl & PAM_DEBUG_ARG) {
-		pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-	    }
-	    return PAM_SERVICE_ERR;
-	}
+    tpwd = pam_modutil_getpwuid (pamh, getuid());
+    if (tpwd == NULL) {
+        if (ctrl & PAM_DEBUG_ARG) {
+            pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
+        }
+        return PAM_SERVICE_ERR;
     }
+    fromsu = tpwd->pw_name;
 
     /*
      * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu
@@ -163,7 +137,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
 	grp = pam_modutil_getgrnam (pamh, use_group);
     }
 
-    if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) {
+    if (grp == NULL) {
 	if (ctrl & PAM_DEBUG_ARG) {
 	    if (!use_group[0]) {
 		pam_syslog(pamh, LOG_NOTICE, "no members in a GID 0 group");
@@ -188,7 +162,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
      * user has the "wheel" (sic) group as its primary group.
      */
 
-    if (is_on_list(grp->gr_mem, fromsu) || (tpwd->pw_gid == grp->gr_gid)) {
+    if (pam_modutil_user_in_group_uid_gid(pamh, tpwd->pw_uid, grp->gr_gid)) {
 
 	if (ctrl & PAM_DENY_ARG) {
 	    retval = PAM_PERM_DENIED;