Merge pull request #68 from shenek/master

PAM fixes

radicale/auth/PAM.py

@@ -36,6 +36,9 @@ GROUP_MEMBERSHIP = config.get("auth", "pam_group_membership")
 def is_authenticated(user, password):
     """Check if ``user``/``password`` couple is valid."""
 
+    if user is None or password is None:
+      return False
+
     # Check whether the user exists in the PAM system
     try:
         pwd.getpwnam(user).pw_uid
@@ -47,6 +50,7 @@ def is_authenticated(user, password):
 
     # Check whether the group exists
     try:
+        # Obtain supplementary groups
         members = grp.getgrnam(GROUP_MEMBERSHIP).gr_mem
     except KeyError:
         log.LOGGER.debug(
@@ -54,9 +58,18 @@ def is_authenticated(user, password):
             GROUP_MEMBERSHIP)
         return False
 
-    # Check whether the user belongs to the required group
+    # Check whether the user exists
-    for member in members:
+    try:
-        if member == user:
+        # Get user primary group
+        primary_group = grp.getgrgid(pwd.getpwnam(user).pw_gid).gr_name
+    except KeyError:
+        log.LOGGER.debug(
+            "The PAM user (%s) doesn't exist" %
+            user)
+        return False
+
+    # Check whether the user belongs to the required group (primary or supplementary)
+    if primary_group == GROUP_MEMBERSHIP or user in members:
         log.LOGGER.debug(
             "The PAM user belongs to the required group (%s)" %
             GROUP_MEMBERSHIP)
@@ -65,7 +78,6 @@ def is_authenticated(user, password):
             return True
         else:
             log.LOGGER.debug("Wrong PAM password")
-            break
     else:
         log.LOGGER.debug(
             "The PAM user doesn't belong to the required group (%s)" %