Bugfixes

* pam_ldaphome/pam_ldaphome.c (check_groups): Take into account primary
group.
* doc/pam_regex.8: Fix escaping.

2 files changed, 15 insertions, 5 deletions

diff --git a/doc/pam_regex.8 b/doc/pam_regex.8
index 6033feb..54fd409 100644
--- a/doc/pam_regex.8
+++ b/doc/pam_regex.8
@@ -126,7 +126,7 @@ Convert the user name to lower case and remove anything starting from
 the \fB@\fR character:
 .PP
 .EX
-auth  required  pam_regex.so extended transform=s/.*/\L&/g;s/@.*// 
+auth  required  pam_regex.so extended transform=s/.*/\\L&/g;s/@.*// 
 .EE
 .SH NOTE
 This manpage is a short description of \fBpam_regex\fR.  For a detailed
diff --git a/pam_ldaphome/pam_ldaphome.c b/pam_ldaphome/pam_ldaphome.c
index a1f467e..6320e87 100644
--- a/pam_ldaphome/pam_ldaphome.c
+++ b/pam_ldaphome/pam_ldaphome.c
@@ -713,19 +713,29 @@ get_pubkeys(LDAP *ld, const char *base, const char *filter, const char *attr)
 }
 
 static int
-check_groups(int gc, char **gv, const char *username)
+check_groups(int gc, char **gv, const char *username, gid_t gid)
 {
 	int i;
+	struct group *gp;
+	char *pgname;
 
+	gp = getgrgid(gid);
+	pgname = gp ? gray_strdup(gp->gr_name) : NULL;
 	for (i = 0; i < gc; i++) {
-		struct group *gp = getgrnam(gv[i]);
+		if (strcmp(gv[i], pgname) == 0) {
+			free(pgname);
+			return 0;
+		}
+		gp = getgrnam(gv[i]);
 		if (gp) {
 			char **p;
 			for (p = gp->gr_mem; *p; p++)
-				if (strcmp(username, *p) == 0)
+				if (strcmp(username, *p) == 0) {
+					free(pgname);
 					return 0;
 				}
 		}
+	}
 	return 1;
 }
 
@@ -779,7 +789,7 @@ check_user_groups(pam_handle_t *pamh, struct gray_env *env,
 			*retval = PAM_AUTH_ERR;
 			return 1;
 		}
-		rc = check_groups(gc, gv, username);
+		rc = check_groups(gc, gv, username, pw->pw_gid);
 		argcv_free(gc, gv);
 		if (rc) {
 			DEBUG(10, ("ignoring user %s: not in allowed group list",