diff options
author | markm <markm@FreeBSD.org> | 2001-08-04 09:19:31 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-08-04 09:19:31 +0000 |
commit | edba6eee5eb38b18947df183e9a90212979525ed (patch) | |
tree | d99a2af32c90855edc83f475555bc19c380bdf8d /lib/libpam | |
parent | 7532e4f94389b03b23a5823530e82029e46640c6 (diff) | |
download | FreeBSD-src-edba6eee5eb38b18947df183e9a90212979525ed.zip FreeBSD-src-edba6eee5eb38b18947df183e9a90212979525ed.tar.gz |
Fix the bug where this modulke was not checking the priamry GID, only
the GIDS in /etc/group or NIS's group map.
Tested by: sheldonh
PR: 29349
Diffstat (limited to 'lib/libpam')
-rw-r--r-- | lib/libpam/modules/pam_wheel/pam_wheel.c | 35 |
1 files changed, 11 insertions, 24 deletions
diff --git a/lib/libpam/modules/pam_wheel/pam_wheel.c b/lib/libpam/modules/pam_wheel/pam_wheel.c index 9535d3e..e5505c8 100644 --- a/lib/libpam/modules/pam_wheel/pam_wheel.c +++ b/lib/libpam/modules/pam_wheel/pam_wheel.c @@ -66,23 +66,24 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) { struct options options; - struct passwd *pwd, *temppwd; + struct passwd *pwd; struct group *grp; int retval; const char *user; - char *fromsu, *use_group; + char *use_group; pam_std_option(&options, other_options, argc, argv); PAM_LOG("Options processed"); - retval = pam_get_user(pamh, &user, NULL); - if (retval != PAM_SUCCESS) - PAM_RETURN(retval); - - pwd = getpwnam(user); - if (!pwd) - PAM_RETURN(PAM_USER_UNKNOWN); + if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) + pwd = getpwnam(getlogin()); + else { + retval = pam_get_user(pamh, &user, NULL); + if (retval != PAM_SUCCESS) + PAM_RETURN(retval); + pwd = getpwnam(user); + } PAM_LOG("Got user: %s", user); @@ -92,20 +93,6 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) PAM_LOG("Not superuser"); - if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) { - temppwd = getpwnam(getlogin()); - if (temppwd == NULL) - PAM_RETURN(PAM_SERVICE_ERR); - fromsu = temppwd->pw_name; - } - else { - fromsu = getlogin(); - if (!fromsu) - PAM_RETURN(PAM_SERVICE_ERR); - } - - PAM_LOG("Got fromsu: %s", fromsu); - if (!pam_test_option(&options, PAM_OPT_GROUP, &use_group)) { if ((grp = getgrnam("wheel")) == NULL) grp = getgrgid(0); @@ -122,7 +109,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) PAM_LOG("Got group: %s", grp->gr_name); - if (in_list(grp->gr_mem, fromsu)) { + if (pwd->pw_gid == grp->gr_gid || in_list(grp->gr_mem, pwd->pw_name)) { if (pam_test_option(&options, PAM_OPT_DENY, NULL)) PAM_RETURN(PAM_PERM_DENIED); if (pam_test_option(&options, PAM_OPT_TRUST, NULL)) |