[tickets] [opensaf:tickets] #1070 Access control don't check the primary group

Wed, 24 Sep 2014 07:55:55 -0700 

changeset:   5934:1c41e1ecd5f7
branch:      opensaf-4.5.x
parent:      5932:2505c06b19ca
user:        Hans Feldt <[email protected]>
date:        Wed Sep 24 16:52:25 2014 +0200
summary:     base: add check for user's primary group [#1070]

changeset:   5935:af834c4655e1
tag:         tip
parent:      5933:bb53270bfe18
user:        Hans Feldt <[email protected]>
date:        Wed Sep 24 16:52:25 2014 +0200
summary:     base: add check for user's primary group [#1070]



---

** [tickets:#1070] Access control don't check the primary group**

**Status:** review
**Milestone:** 4.5.0
**Created:** Fri Sep 12, 2014 07:59 PM UTC by Adrian Szwej
**Last Updated:** Tue Sep 23, 2014 05:08 AM UTC
**Owner:** Hans Feldt

Access control does not check the user's primary group.
Current checking only checks the supplementary groups.


    --- a/osaf/libs/core/common/osaf_secutil.c  Fri Sep 12 16:13:42 2014 -0400
    +++ b/osaf/libs/core/common/osaf_secutil.c  Fri Sep 12 19:39:48 2014 +0000
    @@ -246,18 +246,19 @@
                        __FUNCTION__, uid, strerror(errno));
                return false;
        }
    +        
    +        // check the primary group of the user
    +        if (client_pwd->pw_gid == grp.gr_gid)
    +           return true;
 
        /* loop list of usernames that are members of the group trying find a
         * match with the specified user name */
        for (member = grp.gr_mem; *member != NULL; member++) {
                if (strcmp(client_pwd->pw_name, *member) == 0)
    -                   break;
    +                   return true;
        }
 
    -   if (*member != NULL)
    -           return true;
    -   else
    -           return false;
    +   return false;
     }




---

Sent from sourceforge.net because [email protected] is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets

Reply via email to