Proposed enhancement to rlm_unix

[Steve Langasek]

Hello,

When migrating our servers over to using nss_ldap for its password
backend, I was surprised to find that all of our 'Group'-based
configuration settings had stopped working.  It seems that rlm_unix is
designed for use with custom password/group files, but does not actually
support the system getpwnam() and getgrnam() calls.

The following patch enhances rlm_unix to support using these system
calls in place of fgetpwnam() and fgetgrnam() if no files have been
specified in the module configuration.  This seems in keeping with the
handling in unix_authenticate(), which also looks to getpwnam() if no
password file has been specified.

Cheers,
Steve Langasek
postmodern programmer

Index: src/modules/rlm_unix/rlm_unix.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_unix/rlm_unix.c,v
retrieving revision 1.45
diff -u -w -r1.45 rlm_unix.c
--- src/modules/rlm_unix/rlm_unix.c	2002/02/26 19:22:24	1.45
+++ src/modules/rlm_unix/rlm_unix.c	2002/04/30 19:21:56
@@ -218,10 +218,18 @@
 	    (retval = H_groupcmp(group_inst->cache, check, username)) != -2)
 		return retval;
 
-	if ((pwd = fgetpwnam(group_inst->passwd_file, username)) == NULL)
+	if (group_inst->passwd_file)
+		pwd = fgetpwnam(group_inst->passwd_file, username);
+	else
+		pwd = getpwnam(username);
+	if (pwd == NULL)
 		return -1;
 
-	if ((grp = fgetgrnam(group_inst->group_file, (char *)check->strvalue)) == NULL)
+	if (group_inst->group_file)
+		grp = fgetgrnam(group_inst->passwd_file, (char *)check->strvalue);
+	else
+		grp = getgrnam((char *)check->strvalue);
+	if (grp == NULL)
 		return -1;
 
 	retval = (pwd->pw_gid == grp->gr_gid) ? 0 : -1;