Relevant BUGIDs:

author Tomas Mraz <tm@t8m.info>

Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)

committer Tomas Mraz <tm@t8m.info>

Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)
author Tomas Mraz <tm@t8m.info>
Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)
committer Tomas Mraz <tm@t8m.info>
Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)
diff --git a/ChangeLog b/ChangeLog

index 143fb2e9c319bf053d4e4ca613250e4ae18c8c83..f07b2d1c6b939dc7f7b9c299aaaa806e2b2783a7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-10-06  Tomas Mraz  <t8m@centrum.cz>
+
+       * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just
+       call pam_modutil_user_in_group_nam_nam() instead of reimplementation
+       of group matching.
+
  2009-10-05  Kris Thomsen  <lakristho@gmail.com>
  
         * po/da.po: Updated translations.
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c

index dbd92058e8b2e5619433745f0d7b1a2007479038..f7ed9a40bffba6065e2e3f529a3085908d2d7581 100644 (file)
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -82,7 +82,6 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
      /* Stuff for "extended" items */
      struct passwd *userinfo;
      struct group *grpinfo;
-    char *itemlist[256]; /* Maximum of 256 items */
  
      apply_type=APPLY_TYPE_NULL;
      memset(apply_val,0,sizeof(apply_val));
@@ -265,30 +264,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
      if(extitem) {
         switch(extitem) {
             case EI_GROUP:
-               userinfo = pam_modutil_getpwnam(pamh, citemp);
-               if (userinfo == NULL) {
-                   pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
-                            citemp);
-                   free(ifname);
-                   return onerr;
-               }
-               grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid);
-               if (grpinfo == NULL) {
-                   pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed",
-                            (int)userinfo->pw_gid);
-                   free(ifname);
-                   return onerr;
-               }
-               itemlist[0] = x_strdup(grpinfo->gr_name);
-               setgrent();
-               for (i=1; (i < (int)(sizeof(itemlist)/sizeof(itemlist[0])-1)) &&
-                        (grpinfo = getgrent()); ) {
-                   if (is_on_list(grpinfo->gr_mem,citemp)) {
-                       itemlist[i++] = x_strdup(grpinfo->gr_name);
-                   }
-                }
-               endgrent();
-               itemlist[i] = NULL;
+               /* Just ignore, call pam_modutil_in_group... later */
                 break;
             case EI_SHELL:
                 /* Assume that we have already gotten PAM_USER in
@@ -352,38 +328,30 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
      assert(PAM_SUCCESS == 0);
      assert(PAM_AUTH_ERR != 0);
  #endif
-    if(extitem == EI_GROUP) {
-       while((fgets(aline,sizeof(aline),inf) != NULL)
-             && retval) {
-            if(strlen(aline) == 0)
-               continue;
-           if(aline[strlen(aline) - 1] == '\n')
-               aline[strlen(aline) - 1] = '\0';
-           for(i=0;itemlist[i];)
-               /* If any of the items match, strcmp() == 0, and we get out
-                  of this loop */
-               retval = (strcmp(aline,itemlist[i++]) && retval);
+    while((fgets(aline,sizeof(aline),inf) != NULL)
+         && retval) {
+       char *a = aline;
+
+       if(strlen(aline) == 0)
+           continue;
+       if(aline[strlen(aline) - 1] == '\n')
+           aline[strlen(aline) - 1] = '\0';
+       if(strlen(aline) == 0)
+           continue;
+       if(aline[strlen(aline) - 1] == '\r')
+           aline[strlen(aline) - 1] = '\0';
+       if(citem == PAM_TTY) {
+           if(strncmp(a, "/dev/", 5) == 0)
+               a += 5;
         }
-       for(i=0;itemlist[i];)
-           free(itemlist[i++]);
-    } else {
-       while((fgets(aline,sizeof(aline),inf) != NULL)
-             && retval) {
-            char *a = aline;
-            if(strlen(aline) == 0)
-               continue;
-           if(aline[strlen(aline) - 1] == '\n')
-               aline[strlen(aline) - 1] = '\0';
-            if(strlen(aline) == 0)
-               continue;
-           if(aline[strlen(aline) - 1] == '\r')
-               aline[strlen(aline) - 1] = '\0';
-           if(citem == PAM_TTY)
-               if(strncmp(a, "/dev/", 5) == 0)
-                   a += 5;
-           retval = strcmp(a,citemp);
+       if (extitem == EI_GROUP) {
+           retval = !pam_modutil_user_in_group_nam_nam(pamh,
+               citemp, aline);
+       } else {
+           retval = strcmp(a, citemp);
         }
      }
+
      fclose(inf);
      free(ifname);
      if ((sense && retval) || (!sense && !retval)) {
author	Tomas Mraz <tm@t8m.info>
	Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)
committer	Tomas Mraz <tm@t8m.info>
	Tue, 6 Oct 2009 12:26:05 +0000 (12:26 +0000)
ChangeLog		patch \| blob \| history
modules/pam_listfile/pam_listfile.c		patch \| blob \| history