From: Tomas Mraz <tm@t8m.info>
Date: Thu, 16 Apr 2009 13:54:46 +0000 (+0000)
Subject: Relevant BUGIDs: rhbz#495941
X-Git-Tag: Linux-PAM-1_0_92~4
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=91defb2140f9141d74543f57598410daab8d43a0;p=linux-pam

Relevant BUGIDs: rhbz#495941

Purpose of commit: bugfix

Commit summary:
---------------
2009-04-16  Tomáš Mráz <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user
        parameter. Use user instead of pwd->pw_name in comparsions.
        (pam_sm_authenticate): Pass the original user to evaluate().
---

diff --git a/ChangeLog b/ChangeLog
index 11489a25..d9a99ff6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-04-16  TomÃ¡Å¡ MrÃ¡z <t8m@centrum.cz>
+
+	* modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user
+	parameter. Use user instead of pwd->pw_name in comparsions.
+	(pam_sm_authenticate): Pass the original user to evaluate().
+
 2009-04-14  Amitakhya Phukan <aphukan@fedoraproject.org>
 
 	* po/as.po: Updated translations.
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index cf95d38e..e728d2e1 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -250,7 +250,7 @@ evaluate_notinnetgr(const char *host, const char *user, const char *group)
 static int
 evaluate(pam_handle_t *pamh, int debug,
 	 const char *left, const char *qual, const char *right,
-	 struct passwd *pwd)
+	 struct passwd *pwd, const char *user)
 {
 	char buf[LINE_MAX] = "";
 	const char *attribute = left;
@@ -258,7 +258,7 @@ evaluate(pam_handle_t *pamh, int debug,
 	if ((strcasecmp(left, "login") == 0) ||
 	    (strcasecmp(left, "name") == 0) ||
 	    (strcasecmp(left, "user") == 0)) {
-		snprintf(buf, sizeof(buf), "%s", pwd->pw_name);
+		snprintf(buf, sizeof(buf), "%s", user);
 		left = buf;
 	}
 	if (strcasecmp(left, "uid") == 0) {
@@ -350,25 +350,25 @@ evaluate(pam_handle_t *pamh, int debug,
 	}
 	/* User is in this group. */
 	if (strcasecmp(qual, "ingroup") == 0) {
-		return evaluate_ingroup(pamh, pwd->pw_name, right);
+		return evaluate_ingroup(pamh, user, right);
 	}
 	/* User is not in this group. */
 	if (strcasecmp(qual, "notingroup") == 0) {
-		return evaluate_notingroup(pamh, pwd->pw_name, right);
+		return evaluate_notingroup(pamh, user, right);
 	}
 	/* (Rhost, user) is in this netgroup. */
 	if (strcasecmp(qual, "innetgr") == 0) {
 		const void *rhost;
 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
 			rhost = NULL;
-		return evaluate_innetgr(rhost, pwd->pw_name, right);
+		return evaluate_innetgr(rhost, user, right);
 	}
 	/* (Rhost, user) is not in this group. */
 	if (strcasecmp(qual, "notinnetgr") == 0) {
 		const void *rhost;
 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
 			rhost = NULL;
-		return evaluate_notinnetgr(rhost, pwd->pw_name, right);
+		return evaluate_notinnetgr(rhost, user, right);
 	}
 	/* Fail closed. */
 	return PAM_SERVICE_ERR;
@@ -477,7 +477,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 			count++;
 			ret = evaluate(pamh, debug,
 				       left, qual, right,
-				       pwd);
+				       pwd, user);
 			if (ret != PAM_SUCCESS) {
 				if(!quiet_fail)
 					pam_syslog(pamh, LOG_INFO,