[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

bug in mod_auth_pam

There is a bug in mod_auth_pam. The new group checking code iterates over 
the results of group->gr_mem comparing the results to ap_getword_conf(). 
The thing is that the words in the apache config are the group names that 
are allowed, the contents of group->gr_mem are the users that belong to 
the group.

The proper behavior is to iterate over the contents of group->gr_mem and 
compare it to the authenticated username.

This fixes the bug that I reported earlier on not being able to use 
supplementary groups. A patch for the latest version (1.1) is attached.

Will Holcomb
> 	char* name = r->connection->user;
< 		if ((pwent = getpwnam (r->connection->user)) && (grent = getgrgid (pwent->pw_gid)))
> 		if ((pwent = getpwnam (name)) && (grent = getgrgid (pwent->pw_gid)))
< 		if ((grent = getgrnam (word)) && grent->gr_mem)
> 		if ((grent = getgrnam (word)) && (members = grent->gr_mem) != NULL)
< 			members = grent->gr_mem;
< 				if (!strcmp (*members, word))
> 				if (!strcmp (*members, name))

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []