summaryrefslogtreecommitdiffstats
path: root/lib/libpam
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>2001-08-04 09:19:31 +0000
committermarkm <markm@FreeBSD.org>2001-08-04 09:19:31 +0000
commitedba6eee5eb38b18947df183e9a90212979525ed (patch)
treed99a2af32c90855edc83f475555bc19c380bdf8d /lib/libpam
parent7532e4f94389b03b23a5823530e82029e46640c6 (diff)
downloadFreeBSD-src-edba6eee5eb38b18947df183e9a90212979525ed.zip
FreeBSD-src-edba6eee5eb38b18947df183e9a90212979525ed.tar.gz
Fix the bug where this modulke was not checking the priamry GID, only
the GIDS in /etc/group or NIS's group map. Tested by: sheldonh PR: 29349
Diffstat (limited to 'lib/libpam')
-rw-r--r--lib/libpam/modules/pam_wheel/pam_wheel.c35
1 files changed, 11 insertions, 24 deletions
diff --git a/lib/libpam/modules/pam_wheel/pam_wheel.c b/lib/libpam/modules/pam_wheel/pam_wheel.c
index 9535d3e..e5505c8 100644
--- a/lib/libpam/modules/pam_wheel/pam_wheel.c
+++ b/lib/libpam/modules/pam_wheel/pam_wheel.c
@@ -66,23 +66,24 @@ PAM_EXTERN int
pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
{
struct options options;
- struct passwd *pwd, *temppwd;
+ struct passwd *pwd;
struct group *grp;
int retval;
const char *user;
- char *fromsu, *use_group;
+ char *use_group;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
- retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS)
- PAM_RETURN(retval);
-
- pwd = getpwnam(user);
- if (!pwd)
- PAM_RETURN(PAM_USER_UNKNOWN);
+ if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL))
+ pwd = getpwnam(getlogin());
+ else {
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval != PAM_SUCCESS)
+ PAM_RETURN(retval);
+ pwd = getpwnam(user);
+ }
PAM_LOG("Got user: %s", user);
@@ -92,20 +93,6 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
PAM_LOG("Not superuser");
- if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
- temppwd = getpwnam(getlogin());
- if (temppwd == NULL)
- PAM_RETURN(PAM_SERVICE_ERR);
- fromsu = temppwd->pw_name;
- }
- else {
- fromsu = getlogin();
- if (!fromsu)
- PAM_RETURN(PAM_SERVICE_ERR);
- }
-
- PAM_LOG("Got fromsu: %s", fromsu);
-
if (!pam_test_option(&options, PAM_OPT_GROUP, &use_group)) {
if ((grp = getgrnam("wheel")) == NULL)
grp = getgrgid(0);
@@ -122,7 +109,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
PAM_LOG("Got group: %s", grp->gr_name);
- if (in_list(grp->gr_mem, fromsu)) {
+ if (pwd->pw_gid == grp->gr_gid || in_list(grp->gr_mem, pwd->pw_name)) {
if (pam_test_option(&options, PAM_OPT_DENY, NULL))
PAM_RETURN(PAM_PERM_DENIED);
if (pam_test_option(&options, PAM_OPT_TRUST, NULL))
OpenPOWER on IntegriCloud