From 5b7ba35ebfd280c931933fedbf98cb7f4a8846f2 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 23 Nov 2020 10:26:07 +0100
Subject: pam_wheel: Use pam_modutil_user_in_group_uid_gid instead of
 reimplementation

The pam_modutil_user_in_group... functions use getgrouplist to check
the membership so they work also in setups with remote services which do
not provide group members in struct group.

Fixes #297

* modules/pam_wheel/pam_wheel.c (perform_check): Call pam_modutil_user_in_group_uid_gid
  to do the group check.
---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index bd4bca65..d6e971c9 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ Release 1.5.1
 * pam_unix: fixed CVE-2020-27780 - authentication bypass when an
             user doesn't exist and root password is blank
 * pam_faillock: added nodelay option to not set pam_fail_delay
+* pam_wheel: use pam_modutil_user_in_group to check for the group membership
+             with getgrouplist where it is available
 
 Release 1.5.0
 * Multiple minor bug fixes, portability fixes, and documentation improvements.
-- 
cgit v1.2.1