Relevant BUGIDs:

[linux-pam] / modules / pam_listfile / pam_listfile.c

diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index bc677be3677b3debc9bbaa37b7e1e06a375efa8c..0ce3e0b1a755abcb39890d15cf800f5262dbe261 100644 (file)
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -39,6 +39,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
+#include <security/_pam_modutil.h>
 
 /* some syslogging */
 
@@ -64,45 +65,6 @@ static int is_on_list(char * const *list, const char *member)
     return 0;
 }
 
-/* Checks if a user is a member of a group */
-static int is_on_group(const char *user_name, const char *group_name)
-{
-    struct passwd *pwd;
-    struct group *grp, *pgrp;
-    char uname[BUFSIZ], gname[BUFSIZ];
-    
-    if (!strlen(user_name))
-        return 0;
-    if (!strlen(group_name))
-        return 0;
-    bzero(uname, sizeof(uname));
-    strncpy(uname, user_name, sizeof(uname)-1);
-    bzero(gname, sizeof(gname));
-    strncpy(gname, group_name, sizeof(gname)-1);
-        
-    pwd = getpwnam(uname);
-    if (!pwd)
-        return 0;
-
-    /* the info about this group */
-    grp = getgrnam(gname);
-    if (!grp)
-        return 0;
-    
-    /* first check: is a member of the group_name group ? */
-    if (is_on_list(grp->gr_mem, uname))
-        return 1;
-
-    /* next check: user primary group is group_name ? */
-    pgrp = getgrgid(pwd->pw_gid);
-    if (!pgrp)
-        return 0;
-    if (!strcmp(pgrp->gr_name, gname))
-        return 1;
-        
-    return 0;
-}
-
 /* --- authentication management functions (only) --- */
 
 /* Extended Items that are not directly available via pam_get_item() */
@@ -257,7 +219,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar
                    return PAM_IGNORE;
                }
            } else if(apply_type==APPLY_TYPE_GROUP) {
-               if(!is_on_group(user_name,apply_val)) {
+               if(!_pammodutil_user_in_group_nam_nam(pamh,user_name,apply_val)) {
                    /* Not a member of apply= group */
 #ifdef DEBUG
                    _pam_log(LOG_DEBUG,
@@ -295,13 +257,13 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar
     if(extitem) {
        switch(extitem) {
            case EI_GROUP:
-               userinfo = getpwnam(citemp);
+               userinfo = _pammodutil_getpwnam(pamh, citemp);
                if (userinfo == NULL) {
                    _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed",
                             citemp);
                    return onerr;
                }
-               grpinfo = getgrgid(userinfo->pw_gid);
+               grpinfo = _pammodutil_getgrgid(pamh, userinfo->pw_gid);
                if (grpinfo == NULL) {
                    _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getgrgid(%d) failed",
                             (int)userinfo->pw_gid);
@@ -322,7 +284,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar
                /* Assume that we have already gotten PAM_USER in
                   pam_get_item() - a valid assumption since citem
                   gets set to PAM_USER in the extitem switch */
-               userinfo = getpwnam(citemp);
+               userinfo = _pammodutil_getpwnam(pamh, citemp);
                if (userinfo == NULL) {
                    _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed",
                             citemp);