import from HEAD:

[freeradius.git] / src / modules / rlm_unix / rlm_unix.c

diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c
index b96bd1d..1db9607 100644 (file)
--- a/src/modules/rlm_unix/rlm_unix.c
+++ b/src/modules/rlm_unix/rlm_unix.c
@@ -37,7 +37,7 @@ static const char rcsid[] = "$Id$";
 
 #include "config.h"
 
-#if HAVE_SHADOW_H
+#ifdef HAVE_SHADOW_H
 #  include     <shadow.h>
 #endif
 
@@ -93,7 +93,7 @@ static CONF_PARSER module_config[] = {
          offsetof(struct unix_instance,usegroup), NULL,     "no" },
        { "cache_reload", PW_TYPE_INTEGER,
          offsetof(struct unix_instance,cache_reload), NULL, "600" },
-       
+
        { NULL, -1, 0, NULL, NULL }             /* end the list */
 };
 
@@ -111,7 +111,7 @@ static struct unix_instance *group_inst;
  * file) or not ("Group=" was bound to the first instance of rlm_unix */
 static int group_inst_explicit;
 
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
 #if defined(M_UNIX)
 static inline const char *get_shadow_name(shadow_pwd_t *spwd) {
        if (spwd == NULL) return NULL;
@@ -168,7 +168,7 @@ static struct group *fgetgrnam(const char *fname, const char *name) {
        return grp;
 }
 
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
 
 static shadow_pwd_t *fgetspnam(const char *fname, const char *name) {
        FILE            *file = fopen(fname, "ro");
@@ -191,14 +191,16 @@ static shadow_pwd_t *fgetspnam(const char *fname, const char *name) {
 /*
  *     The Group = handler.
  */
-static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
-       VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
+static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request,
+                   VALUE_PAIR *check, VALUE_PAIR *check_pairs,
+                   VALUE_PAIR **reply_pairs)
 {
        struct passwd   *pwd;
        struct group    *grp;
        char            **member;
        char            *username;
        int             retval;
+       VALUE_PAIR      *vp;
 
        instance = instance;
        check_pairs = check_pairs;
@@ -209,9 +211,19 @@ static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAI
                return 1;
        }
 
-       username = (char *)request->strvalue;
+       /*
+        *      No user name, doesn't compare.
+        */
+       vp = pairfind(request, PW_STRIPPED_USER_NAME);
+       if (!vp) {
+               vp = pairfind(request, PW_USER_NAME);
+               if (!vp) {
+                       return -1;
+               }
+       }
+       username = (char *)vp->strvalue;
 
-       if (group_inst->cache_passwd &&
+       if (group_inst->cache &&
            (retval = H_groupcmp(group_inst->cache, check, username)) != -2)
                return retval;
 
@@ -262,7 +274,11 @@ static int unix_instantiate(CONF_SECTION *conf, void **instance)
        /*
         *      Allocate room for the instance.
         */
-       inst = *instance = rad_malloc(sizeof(struct unix_instance));
+       inst = *instance = rad_malloc(sizeof(*inst));
+       if (!inst) {
+               return -1;
+       }
+       memset(inst, 0, sizeof(*inst));
 
        /*
         *      Parse the configuration, failing if we can't do so.
@@ -363,7 +379,7 @@ static int unix_authenticate(void *instance, REQUEST *request)
        struct passwd   *pwd;
        const char      *encrypted_pass;
        int             ret;
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
        shadow_pwd_t    *spwd = NULL;
 #endif
 #ifdef OSFC2
@@ -458,7 +474,7 @@ static int unix_authenticate(void *instance, REQUEST *request)
        name = (char *)request->username->strvalue;
        passwd = (char *)request->password->strvalue;
 
-       if (inst->cache_passwd &&
+       if (inst->cache &&
            (ret = H_unix_pass(inst->cache, name, passwd, &request->reply->vps)) != -2)
                return (ret == 0) ? RLM_MODULE_OK : RLM_MODULE_REJECT;
 
@@ -501,7 +517,7 @@ static int unix_authenticate(void *instance, REQUEST *request)
        encrypted_pass = pwd->pw_passwd;
 #endif /* OSFC2 */
 
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
        /*
         *      See if there is a shadow password.
         *
@@ -536,7 +552,7 @@ static int unix_authenticate(void *instance, REQUEST *request)
        }
 #endif
 
-#if HAVE_GETUSERSHELL
+#ifdef HAVE_GETUSERSHELL
        /*
         *      Check /etc/shells for a valid shell. If that file
         *      contains /RADIUSD/ANY/SHELL then any shell will do.
@@ -799,7 +815,7 @@ static int unix_accounting(void *instance, REQUEST *request)
                        return RLM_MODULE_FAIL;
                }
                fclose(fp);
-       } else 
+       } else
                return RLM_MODULE_FAIL;
 
        return RLM_MODULE_OK;