pool/shadow
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e81ef12b85
shadow/shadow-4.1.5.1-pam_group.patch
Michael Vetter 4cea964109 Accepting request 497707 from home:adamm:branches:Base:System 
- New upstream version 4.5
- Refreshed patches:
  * shadow-login_defs.patch
  * chkname-regex.patch
  * getdef-new-defs.patch
  * useradd-mkdirs.patch
- Upstreamed patches:
  * shadow-4.1.5.1-manfix.patch
  * shadow-4.1.5.1-errmsg.patch
  * shadow-4.1.5.1-backup-mode.patch
  * shadow-4.1.5.1-audit-owner.patch
  * shadow-4.2.1-defs-chroot.patch
  * shadow-4.2.1-merge-group.patch
  * Fix-user-busy-errors-at-userdel.patch
  * useradd-clear-tallylog.patch
- shadow.keyring: update keyring with current maintainer's keyid
  only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
- disable_new_audit_function.patch:
  Disable newer libaudit functionality for older distributions

OBS-URL: https://build.opensuse.org/request/show/497707
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=32
2017-05-23 12:25:13 +00:00

51 lines
1.4 KiB
Diff
Raw Blame History

Date: Thu Apr 6 16:04:17 CEST 2017
Bug: bnc#1031643
Upstream: https://github.com/shadow-maint/shadow/pull/74
dynamically added users via pam_group are not listed in groups
databases but are still valid.
Index: shadow-4.1.5.1/src/newgrp.c
===================================================================
--- shadow-4.1.5.1.orig/src/newgrp.c
+++ shadow-4.1.5.1/src/newgrp.c
@@ -372,6 +372,7 @@ int main (int argc, char **argv)
{
bool initflag = false;
int i;
+ bool is_member = false;
bool cflag = false;
int err = 0;
gid_t gid;
@@ -610,6 +611,18 @@ int main (int argc, char **argv)
goto failure;
}
+#ifdef HAVE_SETGROUPS
+ /* when using pam_group, she will not be listed in the groups
+ * database. However getgroups() will return the group. So
+ * if she is listed there already it is ok to grant membership.
+ */
+ for (i = 0; i < ngroups; i++) {
+ if (grp->gr_gid == grouplist[i]) {
+ is_member = true;
+ break;
+ }
+ }
+#endif /* HAVE_SETGROUPS */
/*
* For splitted groups (due to limitations of NIS), check all
* groups of the same GID like the requested group for
@@ -638,7 +651,9 @@ int main (int argc, char **argv)
/*
* Check if the user is allowed to access this group.
*/
- check_perms (grp, pwd, group);
+ if (!is_member) {
+ check_perms (grp, pwd, group);
+ }
/*
* all successful validations pass through this point. The group id
Reference in New Issue View Git Blame Copy Permalink