fail authentication if user isn't member of *any* require_membership_of specified groups
Andreas Schneider
asn at samba.org
Thu Nov 28 08:38:17 MST 2013
On Thursday 21 November 2013 10:56:22 Noel Power wrote:
> On 20/11/13 16:16, Noel Power wrote:
> > Hi Andreas,
> >
> > Thanks for the review(s) :-)
> >
> > On 20/11/13 12:13, Andreas Schneider wrote:
> >> On Thursday 07 November 2013 10:34:14 Noel Power wrote:
> >>> While playing with pam I came across some strange ( or at least strange
> >>> to me ) behaviour. If for example you set
> >>>
> >>> require_membership_of specified=bogus
> >>>
> >>> where bogus ( like it hints is a non existent name or group sid ) then
> >>> you will be happily authenticated. This imho wrong and dangerous as you
> >>> easily might not notice a typo when entering that field, it would be
> >>> better to fail in this case ( and force the administrator to investigate
> >>> ). The attached patch should fix that. Please review
> >>
> >> I as strlen() return an integer I prefer strlen(sid_list_buffer) == 0 for
> >> readablity.
> >
> > will fix and repost later
>
> sorry for the delay attached now,
Reviewed-by: Andreas Schneider <asn at samba.org>
A second reviewer is required.
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list