Hi,
Andrew Beekhof wrote:
> On Thu, Nov 12, 2009 at 4:46 PM, Colin <colin....@gmail.com> wrote:
>> On Thu, Nov 12, 2009 at 3:36 PM, Andrew Beekhof <and...@beekhof.net> wrote:
>>
>> 1) In cib/remote.c, the function check_group_membership() only checks
>> whether the user is explicitly listed as member of the group in
>> /etc/group, but does not accept the user if only the users's primary
>> group in /etc/passwd is set to the correct group (and the explicit,
>> then redundant, membership in /etc/group is missing).
>
> Agreed. Seems to be a PAM thing that I can't do much about though.
I think it should check whether the user's primary group is "haclient"
first, then determine whether he's listed in the group members.
Attached the patch for resolving this.
Thanks,
Yan
--
y...@novell.com
Software Engineer
China Server Team, OPS Engineering
Novell, Inc.
Making IT Work As Oneā¢
# HG changeset patch
# User Yan Gao <y...@novell.com>
# Date 1260775668 -28800
# Node ID 268fb916123d9dfaaf5049cbb34a5d77c642e092
# Parent ab416ebb0734839d6e0e51e7f2fb9dac4832a50f
Low: cib: Check also whether an user's primary group is matched
diff -r ab416ebb0734 -r 268fb916123d cib/remote.c
--- a/cib/remote.c Mon Dec 14 14:46:42 2009 +0800
+++ b/cib/remote.c Mon Dec 14 15:27:48 2009 +0800
@@ -153,10 +153,22 @@
check_group_membership(const char* usr, const char* grp)
{
int index = 0;
+ struct passwd *pwd = NULL;
struct group *group = NULL;
CRM_CHECK(usr != NULL, return FALSE);
CRM_CHECK(grp != NULL, return FALSE);
+
+ pwd = getpwnam(usr);
+ if (pwd == NULL) {
+ crm_err("No user named '%s' exists!", usr);
+ return FALSE;
+ }
+
+ group = getgrgid(pwd->pw_gid);
+ if (group != NULL && crm_str_eq(grp, group->gr_name, TRUE)) {
+ return TRUE;
+ }
group = getgrnam(grp);
if (group == NULL) {
_______________________________________________
Pacemaker mailing list
Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
