Bugfix: auth PAM check for membership in primary and supplementary groups
This commit is contained in:
parent
ee687bea18
commit
7c03089601
@ -50,6 +50,7 @@ def is_authenticated(user, password):
|
||||
|
||||
# Check whether the group exists
|
||||
try:
|
||||
# Obtain supplementary groups
|
||||
members = grp.getgrnam(GROUP_MEMBERSHIP).gr_mem
|
||||
except KeyError:
|
||||
log.LOGGER.debug(
|
||||
@ -57,9 +58,18 @@ def is_authenticated(user, password):
|
||||
GROUP_MEMBERSHIP)
|
||||
return False
|
||||
|
||||
# Check whether the user belongs to the required group
|
||||
for member in members:
|
||||
if member == user:
|
||||
# Check whether the user exists
|
||||
try:
|
||||
# Get user primary group
|
||||
primary_group = grp.getgrgid(pwd.getpwnam(user).pw_gid).gr_name
|
||||
except KeyError:
|
||||
log.LOGGER.debug(
|
||||
"The PAM user (%s) doesn't exist" %
|
||||
user)
|
||||
return False
|
||||
|
||||
# Check whether the user belongs to the required group (primary or supplementary)
|
||||
if primary_group == GROUP_MEMBERSHIP or user in members:
|
||||
log.LOGGER.debug(
|
||||
"The PAM user belongs to the required group (%s)" %
|
||||
GROUP_MEMBERSHIP)
|
||||
@ -68,7 +78,6 @@ def is_authenticated(user, password):
|
||||
return True
|
||||
else:
|
||||
log.LOGGER.debug("Wrong PAM password")
|
||||
break
|
||||
else:
|
||||
log.LOGGER.debug(
|
||||
"The PAM user doesn't belong to the required group (%s)" %
|
||||
|
Loading…
Reference in New Issue
Block a user