#include "config.h"
-#if HAVE_SHADOW_H
+#ifdef HAVE_SHADOW_H
# include <shadow.h>
#endif
offsetof(struct unix_instance,usegroup), NULL, "no" },
{ "cache_reload", PW_TYPE_INTEGER,
offsetof(struct unix_instance,cache_reload), NULL, "600" },
-
+
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
* file) or not ("Group=" was bound to the first instance of rlm_unix */
static int group_inst_explicit;
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
#if defined(M_UNIX)
static inline const char *get_shadow_name(shadow_pwd_t *spwd) {
if (spwd == NULL) return NULL;
return grp;
}
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
static shadow_pwd_t *fgetspnam(const char *fname, const char *name) {
FILE *file = fopen(fname, "ro");
/*
* The Group = handler.
*/
-static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
- VALUE_PAIR *check_pairs, VALUE_PAIR **reply_pairs)
+static int groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request,
+ VALUE_PAIR *check, VALUE_PAIR *check_pairs,
+ VALUE_PAIR **reply_pairs)
{
struct passwd *pwd;
struct group *grp;
char **member;
char *username;
int retval;
+ VALUE_PAIR *vp;
instance = instance;
check_pairs = check_pairs;
return 1;
}
- username = (char *)request->strvalue;
+ /*
+ * No user name, doesn't compare.
+ */
+ vp = pairfind(request, PW_STRIPPED_USER_NAME);
+ if (!vp) {
+ vp = pairfind(request, PW_USER_NAME);
+ if (!vp) {
+ return -1;
+ }
+ }
+ username = (char *)vp->strvalue;
- if (group_inst->cache_passwd &&
+ if (group_inst->cache &&
(retval = H_groupcmp(group_inst->cache, check, username)) != -2)
return retval;
/*
* Allocate room for the instance.
*/
- inst = *instance = rad_malloc(sizeof(struct unix_instance));
+ inst = *instance = rad_malloc(sizeof(*inst));
+ if (!inst) {
+ return -1;
+ }
+ memset(inst, 0, sizeof(*inst));
/*
* Parse the configuration, failing if we can't do so.
struct passwd *pwd;
const char *encrypted_pass;
int ret;
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
shadow_pwd_t *spwd = NULL;
#endif
#ifdef OSFC2
name = (char *)request->username->strvalue;
passwd = (char *)request->password->strvalue;
- if (inst->cache_passwd &&
+ if (inst->cache &&
(ret = H_unix_pass(inst->cache, name, passwd, &request->reply->vps)) != -2)
return (ret == 0) ? RLM_MODULE_OK : RLM_MODULE_REJECT;
encrypted_pass = pwd->pw_passwd;
#endif /* OSFC2 */
-#if HAVE_GETSPNAM
+#ifdef HAVE_GETSPNAM
/*
* See if there is a shadow password.
*
}
#endif
-#if HAVE_GETUSERSHELL
+#ifdef HAVE_GETUSERSHELL
/*
* Check /etc/shells for a valid shell. If that file
* contains /RADIUSD/ANY/SHELL then any shell will do.
return RLM_MODULE_FAIL;
}
fclose(fp);
- } else
+ } else
return RLM_MODULE_FAIL;
return RLM_MODULE_OK;