From: Adam Majer <amajer@suse.de>
Date: Mon, 22 May 2017 11:42:35 +0000 (+0200)
Subject: support dynamically added users via pam_group
X-Git-Tag: 4.6~25^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F74%2Fhead;p=thirdparty%2Fshadow.git

support dynamically added users via pam_group

Dynamically added users via pam_group are not listed in groups
databases but are still valid.
---

diff --git a/src/newgrp.c b/src/newgrp.c
index b8d3ddc8b..b0fa8d5ae 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -387,6 +387,7 @@ int main (int argc, char **argv)
 {
 	bool initflag = false;
 	int i;
+	bool is_member = false;
 	bool cflag = false;
 	int err = 0;
 	gid_t gid;
@@ -625,6 +626,18 @@ int main (int argc, char **argv)
 		goto failure;
 	}
 
+#ifdef HAVE_SETGROUPS
+	/* when using pam_group, she will not be listed in the groups
+	 * database. However getgroups() will return the group. So
+	 * if she is listed there already it is ok to grant membership.
+	 */
+	for (i = 0; i < ngroups; i++) {
+		if (grp->gr_gid == grouplist[i]) {
+			is_member = true;
+			break;
+		}
+	}
+#endif                          /* HAVE_SETGROUPS */
 	/*
 	 * For splitted groups (due to limitations of NIS), check all 
 	 * groups of the same GID like the requested group for
@@ -653,7 +666,9 @@ int main (int argc, char **argv)
 	/*
 	 * Check if the user is allowed to access this group.
 	 */
-	check_perms (grp, pwd, group);
+	if (!is_member) {
+		check_perms (grp, pwd, group);
+	}
 
 	/*
 	 * all successful validations pass through this point. The group id