summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org>2014-09-11 17:16:59 (GMT)
committer Sergey Poznyakoff <gray@gnu.org>2014-09-11 17:16:59 (GMT)
commit05bf037ee1bb67dcb2022f4e1938ece5c4e4581e (patch) (side-by-side diff)
tree2ab15ca7b01c91585ac77317cde3abc3d98ac7f3
parent6e7bbc2eb158ab7f35cc019a77b0c254c74125f1 (diff)
downloadpam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.gz
pam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.bz2
Bugfixes
* pam_ldaphome/pam_ldaphome.c (check_groups): Take into account primary group. * doc/pam_regex.8: Fix escaping.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--doc/pam_regex.82
-rw-r--r--pam_ldaphome/pam_ldaphome.c20
2 files changed, 16 insertions, 6 deletions
diff --git a/doc/pam_regex.8 b/doc/pam_regex.8
index 6033feb..54fd409 100644
--- a/doc/pam_regex.8
+++ b/doc/pam_regex.8
@@ -126,7 +126,7 @@ Convert the user name to lower case and remove anything starting from
the \fB@\fR character:
.PP
.EX
-auth required pam_regex.so extended transform=s/.*/\L&/g;s/@.*//
+auth required pam_regex.so extended transform=s/.*/\\L&/g;s/@.*//
.EE
.SH NOTE
This manpage is a short description of \fBpam_regex\fR. For a detailed
diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c
index a1f467e..6320e87 100644
--- a/pam_ldaphome/pam_ldaphome.c
+++ b/pam_ldaphome/pam_ldaphome.c
@@ -713,17 +713,27 @@ get_pubkeys(LDAP *ld, const char *base, const char *filter, const char *attr)
}
static int
-check_groups(int gc, char **gv, const char *username)
+check_groups(int gc, char **gv, const char *username, gid_t gid)
{
int i;
-
+ struct group *gp;
+ char *pgname;
+
+ gp = getgrgid(gid);
+ pgname = gp ? gray_strdup(gp->gr_name) : NULL;
for (i = 0; i < gc; i++) {
- struct group *gp = getgrnam(gv[i]);
+ if (strcmp(gv[i], pgname) == 0) {
+ free(pgname);
+ return 0;
+ }
+ gp = getgrnam(gv[i]);
if (gp) {
char **p;
for (p = gp->gr_mem; *p; p++)
- if (strcmp(username, *p) == 0)
+ if (strcmp(username, *p) == 0) {
+ free(pgname);
return 0;
+ }
}
}
return 1;
@@ -779,7 +789,7 @@ check_user_groups(pam_handle_t *pamh, struct gray_env *env,
*retval = PAM_AUTH_ERR;
return 1;
}
- rc = check_groups(gc, gv, username);
+ rc = check_groups(gc, gv, username, pw->pw_gid);
argcv_free(gc, gv);
if (rc) {
DEBUG(10, ("ignoring user %s: not in allowed group list",

Return to:

Send suggestions and report system problems to the System administrator.