support dynamically added users via pam_group
Dynamically added users via pam_group are not listed in groups databases but are still valid.
This commit is contained in:
parent
15be89f89d
commit
992fab50ee
17
src/newgrp.c
17
src/newgrp.c
@ -387,6 +387,7 @@ int main (int argc, char **argv)
|
|||||||
{
|
{
|
||||||
bool initflag = false;
|
bool initflag = false;
|
||||||
int i;
|
int i;
|
||||||
|
bool is_member = false;
|
||||||
bool cflag = false;
|
bool cflag = false;
|
||||||
int err = 0;
|
int err = 0;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
@ -625,6 +626,18 @@ int main (int argc, char **argv)
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SETGROUPS
|
||||||
|
/* when using pam_group, she will not be listed in the groups
|
||||||
|
* database. However getgroups() will return the group. So
|
||||||
|
* if she is listed there already it is ok to grant membership.
|
||||||
|
*/
|
||||||
|
for (i = 0; i < ngroups; i++) {
|
||||||
|
if (grp->gr_gid == grouplist[i]) {
|
||||||
|
is_member = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* HAVE_SETGROUPS */
|
||||||
/*
|
/*
|
||||||
* For splitted groups (due to limitations of NIS), check all
|
* For splitted groups (due to limitations of NIS), check all
|
||||||
* groups of the same GID like the requested group for
|
* groups of the same GID like the requested group for
|
||||||
@ -653,7 +666,9 @@ int main (int argc, char **argv)
|
|||||||
/*
|
/*
|
||||||
* Check if the user is allowed to access this group.
|
* Check if the user is allowed to access this group.
|
||||||
*/
|
*/
|
||||||
check_perms (grp, pwd, group);
|
if (!is_member) {
|
||||||
|
check_perms (grp, pwd, group);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* all successful validations pass through this point. The group id
|
* all successful validations pass through this point. The group id
|
||||||
|
Loading…
Reference in New Issue
Block a user