diff options
Diffstat (limited to 'modules/pam_wheel/pam_wheel.c')
-rw-r--r-- | modules/pam_wheel/pam_wheel.c | 50 |
1 files changed, 12 insertions, 38 deletions
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index a025ebaf..5eb7b82f 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -44,23 +44,11 @@ #include <security/pam_ext.h> #include "pam_inline.h" -/* checks if a user is on a list of members of the GID 0 group */ -static int is_on_list(char * const *list, const char *member) -{ - while (list && *list) { - if (strcmp(*list, member) == 0) - return 1; - list++; - } - return 0; -} - /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 -#define PAM_USE_UID_ARG 0x0002 -#define PAM_TRUST_ARG 0x0004 -#define PAM_DENY_ARG 0x0010 +#define PAM_TRUST_ARG 0x0002 +#define PAM_DENY_ARG 0x0004 #define PAM_ROOT_ONLY_ARG 0x0020 static int @@ -79,8 +67,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; - else if (!strcmp(*argv,"use_uid")) - ctrl |= PAM_USE_UID_ARG; + else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */ else if (!strcmp(*argv,"trust")) ctrl |= PAM_TRUST_ARG; else if (!strcmp(*argv,"deny")) @@ -129,27 +116,14 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) } } - if (ctrl & PAM_USE_UID_ARG) { - tpwd = pam_modutil_getpwuid (pamh, getuid()); - if (!tpwd) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } - return PAM_SERVICE_ERR; - } - fromsu = tpwd->pw_name; - } else { - fromsu = pam_modutil_getlogin(pamh); - if (fromsu) { - tpwd = pam_modutil_getpwnam (pamh, fromsu); - } - if (!fromsu || !tpwd) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } - return PAM_SERVICE_ERR; - } + tpwd = pam_modutil_getpwuid (pamh, getuid()); + if (tpwd == NULL) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); + } + return PAM_SERVICE_ERR; } + fromsu = tpwd->pw_name; /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu @@ -163,7 +137,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) grp = pam_modutil_getgrnam (pamh, use_group); } - if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) { + if (grp == NULL) { if (ctrl & PAM_DEBUG_ARG) { if (!use_group[0]) { pam_syslog(pamh, LOG_NOTICE, "no members in a GID 0 group"); @@ -188,7 +162,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) * user has the "wheel" (sic) group as its primary group. */ - if (is_on_list(grp->gr_mem, fromsu) || (tpwd->pw_gid == grp->gr_gid)) { + if (pam_modutil_user_in_group_uid_gid(pamh, tpwd->pw_uid, grp->gr_gid)) { if (ctrl & PAM_DENY_ARG) { retval = PAM_PERM_DENIED; |