pam_group and user matching

Thorsten Kukuk kukuk at suse.de
Fri Sep 28 14:03:35 UTC 2007


On Fri, Sep 28, Thorsten Kukuk wrote:

> On Fri, Sep 28, Matthieu CASTET wrote:
> 
> > Hi,
> > 
> > 
> > we are trying to use pam_group to add group to some users with PAM 0_99_7_1.
> > 
> > According to the documentation, if I want add the floppy group to the user "us",
> > we need to add to group.conf :
> > "xsh;tty*&!ttyp*;us;Al0000-2400;floppy".
> > 
> > But when we add this line all the "us*" user gets the floppy group.
> 
> I can reproduce that ...
> 
> > Is that the expected behavior ?
> 
> I don't think so.
> 
> > Is there a way to fix that ?
> 
> Yes, look at the code (that's the advantage of open source)
> and submit a patch ;-)

Quick hack (nearly untested):

diff -u -r1.22 pam_group.c
--- modules/pam_group/pam_group.c       16 Jun 2006 06:35:16 -0000      1.22
+++ modules/pam_group/pam_group.c       28 Sep 2007 13:58:42 -0000
@@ -329,6 +329,13 @@
                    return FALSE;
          }
      }
+
+     /* Ok, we know that b is a substring from A and does not contain
+       wildcards, but now the length of both strings must be the same,
+       too. */
+     if (strlen (a) != strlen(b))
+       return FALSE;
+
      return ( !len );
 }
 


-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)




More information about the Pam-list mailing list