fail authentication if user isn't member of *any* require_membership_of specified groups

Noel Power nopower at
Wed Nov 20 09:16:10 MST 2013

Hi Andreas,

Thanks for the review(s) :-)
On 20/11/13 12:13, Andreas Schneider wrote:
> On Thursday 07 November 2013 10:34:14 Noel Power wrote:
>> While playing with pam I came across some strange ( or at least strange
>> to me ) behaviour. If for example you set
>>     require_membership_of specified=bogus
>> where bogus ( like it hints is a non existent name or group sid ) then
>> you will be happily authenticated. This imho wrong and dangerous as you
>> easily might not notice a typo when entering that field, it would be
>> better to fail in this case ( and force the administrator to investigate
>> ). The attached patch should fix that. Please review
> I as strlen() return an integer I prefer strlen(sid_list_buffer) == 0 for 
> readablity.
will fix and repost later
> Besides that:
> Reviewed-by: Andreas Schneider <asn at>

thanks again,


More information about the samba-technical mailing list