diff options
Diffstat (limited to 'modules/pam_listfile/pam_listfile.c')
| -rw-r--r-- | modules/pam_listfile/pam_listfile.c | 48 |
1 files changed, 5 insertions, 43 deletions
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index bc677be3..0ce3e0b1 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -39,6 +39,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -64,45 +65,6 @@ static int is_on_list(char * const *list, const char *member) return 0; } -/* Checks if a user is a member of a group */ -static int is_on_group(const char *user_name, const char *group_name) -{ - struct passwd *pwd; - struct group *grp, *pgrp; - char uname[BUFSIZ], gname[BUFSIZ]; - - if (!strlen(user_name)) - return 0; - if (!strlen(group_name)) - return 0; - bzero(uname, sizeof(uname)); - strncpy(uname, user_name, sizeof(uname)-1); - bzero(gname, sizeof(gname)); - strncpy(gname, group_name, sizeof(gname)-1); - - pwd = getpwnam(uname); - if (!pwd) - return 0; - - /* the info about this group */ - grp = getgrnam(gname); - if (!grp) - return 0; - - /* first check: is a member of the group_name group ? */ - if (is_on_list(grp->gr_mem, uname)) - return 1; - - /* next check: user primary group is group_name ? */ - pgrp = getgrgid(pwd->pw_gid); - if (!pgrp) - return 0; - if (!strcmp(pgrp->gr_name, gname)) - return 1; - - return 0; -} - /* --- authentication management functions (only) --- */ /* Extended Items that are not directly available via pam_get_item() */ @@ -257,7 +219,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar return PAM_IGNORE; } } else if(apply_type==APPLY_TYPE_GROUP) { - if(!is_on_group(user_name,apply_val)) { + if(!_pammodutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { /* Not a member of apply= group */ #ifdef DEBUG _pam_log(LOG_DEBUG, @@ -295,13 +257,13 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar if(extitem) { switch(extitem) { case EI_GROUP: - userinfo = getpwnam(citemp); + userinfo = _pammodutil_getpwnam(pamh, citemp); if (userinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed", citemp); return onerr; } - grpinfo = getgrgid(userinfo->pw_gid); + grpinfo = _pammodutil_getgrgid(pamh, userinfo->pw_gid); if (grpinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getgrgid(%d) failed", (int)userinfo->pw_gid); @@ -322,7 +284,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar /* Assume that we have already gotten PAM_USER in pam_get_item() - a valid assumption since citem gets set to PAM_USER in the extitem switch */ - userinfo = getpwnam(citemp); + userinfo = _pammodutil_getpwnam(pamh, citemp); if (userinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed", citemp); |