- **status**: review --> fixed
- **assigned_to**: Hans Feldt --> nobody
---
** [tickets:#1070] Access control don't check the primary group**
**Status:** fixed
**Milestone:** 4.5.0
**Created:** Fri Sep 12, 2014 07:59 PM UTC by Adrian Szwej
**Last Updated:** Wed Sep 24, 2014 02:55 PM UTC
**Owner:** nobody
Access control does not check the user's primary group.
Current checking only checks the supplementary groups.
--- a/osaf/libs/core/common/osaf_secutil.c Fri Sep 12 16:13:42 2014 -0400
+++ b/osaf/libs/core/common/osaf_secutil.c Fri Sep 12 19:39:48 2014 +0000
@@ -246,18 +246,19 @@
__FUNCTION__, uid, strerror(errno));
return false;
}
+
+ // check the primary group of the user
+ if (client_pwd->pw_gid == grp.gr_gid)
+ return true;
/* loop list of usernames that are members of the group trying find a
* match with the specified user name */
for (member = grp.gr_mem; *member != NULL; member++) {
if (strcmp(client_pwd->pw_name, *member) == 0)
- break;
+ return true;
}
- if (*member != NULL)
- return true;
- else
- return false;
+ return false;
}
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets