Relevant BUGIDs: rhbz#495941

Purpose of commit: bugfix

Commit summary:
---------------
2009-04-16  Tomáš Mráz <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user
        parameter. Use user instead of pwd->pw_name in comparsions.
        (pam_sm_authenticate): Pass the original user to evaluate().

diff --git a/ChangeLog b/ChangeLog
index 11489a25ecd9857725754d8f29329d003a01e0e8..d9a99ff69bd81af59f7a860a86868d57ca5135b7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-04-16  Tomáš Mráz <t8m@centrum.cz>
+
+       * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user
+       parameter. Use user instead of pwd->pw_name in comparsions.
+       (pam_sm_authenticate): Pass the original user to evaluate().
+
 2009-04-14  Amitakhya Phukan <aphukan@fedoraproject.org>
 
        * po/as.po: Updated translations.

diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index cf95d38e7615fd53f5f32104da71e0ce4e4635c1..e728d2e1a7a3e4d20823065f72556632aa013b98 100644 (file)
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -250,7 +250,7 @@ evaluate_notinnetgr(const char *host, const char *user, const char *group)
 static int
 evaluate(pam_handle_t *pamh, int debug,
         const char *left, const char *qual, const char *right,
-        struct passwd *pwd)
+        struct passwd *pwd, const char *user)
 {
        char buf[LINE_MAX] = "";
        const char *attribute = left;
@@ -258,7 +258,7 @@ evaluate(pam_handle_t *pamh, int debug,
        if ((strcasecmp(left, "login") == 0) ||
            (strcasecmp(left, "name") == 0) ||
            (strcasecmp(left, "user") == 0)) {
-               snprintf(buf, sizeof(buf), "%s", pwd->pw_name);
+               snprintf(buf, sizeof(buf), "%s", user);
                left = buf;
        }
        if (strcasecmp(left, "uid") == 0) {
@@ -350,25 +350,25 @@ evaluate(pam_handle_t *pamh, int debug,
        }
        /* User is in this group. */
        if (strcasecmp(qual, "ingroup") == 0) {
-               return evaluate_ingroup(pamh, pwd->pw_name, right);
+               return evaluate_ingroup(pamh, user, right);
        }
        /* User is not in this group. */
        if (strcasecmp(qual, "notingroup") == 0) {
-               return evaluate_notingroup(pamh, pwd->pw_name, right);
+               return evaluate_notingroup(pamh, user, right);
        }
        /* (Rhost, user) is in this netgroup. */
        if (strcasecmp(qual, "innetgr") == 0) {
                const void *rhost;
                if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
                        rhost = NULL;
-               return evaluate_innetgr(rhost, pwd->pw_name, right);
+               return evaluate_innetgr(rhost, user, right);
        }
        /* (Rhost, user) is not in this group. */
        if (strcasecmp(qual, "notinnetgr") == 0) {
                const void *rhost;
                if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
                        rhost = NULL;
-               return evaluate_notinnetgr(rhost, pwd->pw_name, right);
+               return evaluate_notinnetgr(rhost, user, right);
        }
        /* Fail closed. */
        return PAM_SERVICE_ERR;
@@ -477,7 +477,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
                        count++;
                        ret = evaluate(pamh, debug,
                                       left, qual, right,
-                                      pwd);
+                                      pwd, user);
                        if (ret != PAM_SUCCESS) {
                                if(!quiet_fail)
                                        pam_syslog(pamh, LOG_INFO,