aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2014-09-11 20:16:59 +0300
committerSergey Poznyakoff <gray@gnu.org>2014-09-11 20:16:59 +0300
commit05bf037ee1bb67dcb2022f4e1938ece5c4e4581e (patch)
tree2ab15ca7b01c91585ac77317cde3abc3d98ac7f3
parent6e7bbc2eb158ab7f35cc019a77b0c254c74125f1 (diff)
downloadpam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.gz
pam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.bz2
Bugfixes
* pam_ldaphome/pam_ldaphome.c (check_groups): Take into account primary group. * doc/pam_regex.8: Fix escaping.
-rw-r--r--doc/pam_regex.82
-rw-r--r--pam_ldaphome/pam_ldaphome.c20
2 files changed, 16 insertions, 6 deletions
diff --git a/doc/pam_regex.8 b/doc/pam_regex.8
index 6033feb..54fd409 100644
--- a/doc/pam_regex.8
+++ b/doc/pam_regex.8
@@ -123,13 +123,13 @@ auth required pam_regex.so sense=deny regex=.*@.*
.EE
.IP \n+[step].
Convert the user name to lower case and remove anything starting from
the \fB@\fR character:
.PP
.EX
-auth required pam_regex.so extended transform=s/.*/\L&/g;s/@.*//
+auth required pam_regex.so extended transform=s/.*/\\L&/g;s/@.*//
.EE
.SH NOTE
This manpage is a short description of \fBpam_regex\fR. For a detailed
discussion, including examples and usage recommendations, refer to the
\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
reader and the tar documentation are properly installed on your
diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c
index a1f467e..6320e87 100644
--- a/pam_ldaphome/pam_ldaphome.c
+++ b/pam_ldaphome/pam_ldaphome.c
@@ -710,23 +710,33 @@ get_pubkeys(LDAP *ld, const char *base, const char *filter, const char *attr)
ldap_msgfree(res);
return ret;
}
static int
-check_groups(int gc, char **gv, const char *username)
+check_groups(int gc, char **gv, const char *username, gid_t gid)
{
int i;
-
+ struct group *gp;
+ char *pgname;
+
+ gp = getgrgid(gid);
+ pgname = gp ? gray_strdup(gp->gr_name) : NULL;
for (i = 0; i < gc; i++) {
- struct group *gp = getgrnam(gv[i]);
+ if (strcmp(gv[i], pgname) == 0) {
+ free(pgname);
+ return 0;
+ }
+ gp = getgrnam(gv[i]);
if (gp) {
char **p;
for (p = gp->gr_mem; *p; p++)
- if (strcmp(username, *p) == 0)
+ if (strcmp(username, *p) == 0) {
+ free(pgname);
return 0;
+ }
}
}
return 1;
}
static int
@@ -776,13 +786,13 @@ check_user_groups(pam_handle_t *pamh, struct gray_env *env,
if (argcv_split(sval, &gc, &gv)) {
_pam_log(LOG_ERR, "cannot split allow-groups: %s",
strerror(errno));
*retval = PAM_AUTH_ERR;
return 1;
}
- rc = check_groups(gc, gv, username);
+ rc = check_groups(gc, gv, username, pw->pw_gid);
argcv_free(gc, gv);
if (rc) {
DEBUG(10, ("ignoring user %s: not in allowed group list",
username, ival));
*retval = PAM_SUCCESS;
return 1;

Return to:

Send suggestions and report system problems to the System administrator.