fail authentication if user isn't member of *any* require_membership_of specified groups
Andreas Schneider
asn at samba.org
Wed Nov 20 05:13:56 MST 2013
On Thursday 07 November 2013 10:34:14 Noel Power wrote:
> While playing with pam I came across some strange ( or at least strange
> to me ) behaviour. If for example you set
>
> require_membership_of specified=bogus
>
> where bogus ( like it hints is a non existent name or group sid ) then
> you will be happily authenticated. This imho wrong and dangerous as you
> easily might not notice a typo when entering that field, it would be
> better to fail in this case ( and force the administrator to investigate
> ). The attached patch should fix that. Please review
I as strlen() return an integer I prefer strlen(sid_list_buffer) == 0 for
readablity.
Besides that:
Reviewed-by: Andreas Schneider <asn at samba.org>
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list