osaf/libs/core/common/osaf_secutil.c | 13 +++++++------
1 files changed, 7 insertions(+), 6 deletions(-)
In function osaf_user_is_member_of_group user's primary group is not checked.
Current checking only checks the supplementary groups.
Thanks to: Adrian Szwej
diff --git a/osaf/libs/core/common/osaf_secutil.c
b/osaf/libs/core/common/osaf_secutil.c
--- a/osaf/libs/core/common/osaf_secutil.c
+++ b/osaf/libs/core/common/osaf_secutil.c
@@ -238,7 +238,7 @@ bool osaf_user_is_member_of_group(uid_t
return false;
}
- // get user name
+ // get password file entry for user
errno = 0;
struct passwd *client_pwd = getpwuid(uid);
if (client_pwd == NULL) {
@@ -247,17 +247,18 @@ bool osaf_user_is_member_of_group(uid_t
return false;
}
+ // check the primary group of the user
+ if (client_pwd->pw_gid == grp.gr_gid)
+ return true;
+
/* loop list of usernames that are members of the group trying find a
* match with the specified user name */
for (member = grp.gr_mem; *member != NULL; member++) {
if (strcmp(client_pwd->pw_name, *member) == 0)
- break;
+ return true;
}
- if (*member != NULL)
- return true;
- else
- return false;
+ return false;
}
/* used in libraries, do not log. Only trace */
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
