diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2014-09-11 20:16:59 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2014-09-11 20:16:59 +0300 |
commit | 05bf037ee1bb67dcb2022f4e1938ece5c4e4581e (patch) | |
tree | 2ab15ca7b01c91585ac77317cde3abc3d98ac7f3 | |
parent | 6e7bbc2eb158ab7f35cc019a77b0c254c74125f1 (diff) | |
download | pam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.gz pam-modules-05bf037ee1bb67dcb2022f4e1938ece5c4e4581e.tar.bz2 |
Bugfixes
* pam_ldaphome/pam_ldaphome.c (check_groups): Take into account primary
group.
* doc/pam_regex.8: Fix escaping.
-rw-r--r-- | doc/pam_regex.8 | 2 | ||||
-rw-r--r-- | pam_ldaphome/pam_ldaphome.c | 20 |
2 files changed, 16 insertions, 6 deletions
diff --git a/doc/pam_regex.8 b/doc/pam_regex.8 index 6033feb..54fd409 100644 --- a/doc/pam_regex.8 +++ b/doc/pam_regex.8 @@ -123,13 +123,13 @@ auth required pam_regex.so sense=deny regex=.*@.* .EE .IP \n+[step]. Convert the user name to lower case and remove anything starting from the \fB@\fR character: .PP .EX -auth required pam_regex.so extended transform=s/.*/\L&/g;s/@.*// +auth required pam_regex.so extended transform=s/.*/\\L&/g;s/@.*// .EE .SH NOTE This manpage is a short description of \fBpam_regex\fR. For a detailed discussion, including examples and usage recommendations, refer to the \fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR reader and the tar documentation are properly installed on your diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c index a1f467e..6320e87 100644 --- a/pam_ldaphome/pam_ldaphome.c +++ b/pam_ldaphome/pam_ldaphome.c @@ -710,23 +710,33 @@ get_pubkeys(LDAP *ld, const char *base, const char *filter, const char *attr) ldap_msgfree(res); return ret; } static int -check_groups(int gc, char **gv, const char *username) +check_groups(int gc, char **gv, const char *username, gid_t gid) { int i; - + struct group *gp; + char *pgname; + + gp = getgrgid(gid); + pgname = gp ? gray_strdup(gp->gr_name) : NULL; for (i = 0; i < gc; i++) { - struct group *gp = getgrnam(gv[i]); + if (strcmp(gv[i], pgname) == 0) { + free(pgname); + return 0; + } + gp = getgrnam(gv[i]); if (gp) { char **p; for (p = gp->gr_mem; *p; p++) - if (strcmp(username, *p) == 0) + if (strcmp(username, *p) == 0) { + free(pgname); return 0; + } } } return 1; } static int @@ -776,13 +786,13 @@ check_user_groups(pam_handle_t *pamh, struct gray_env *env, if (argcv_split(sval, &gc, &gv)) { _pam_log(LOG_ERR, "cannot split allow-groups: %s", strerror(errno)); *retval = PAM_AUTH_ERR; return 1; } - rc = check_groups(gc, gv, username); + rc = check_groups(gc, gv, username, pw->pw_gid); argcv_free(gc, gv); if (rc) { DEBUG(10, ("ignoring user %s: not in allowed group list", username, ival)); *retval = PAM_SUCCESS; return 1; |