Written-by: Tomas Mraz <tmraz@redhat.com>
Reviewed-by: Karel Zak <kzak@redhat.com>

diff -up Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c.in-operator Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c
--- Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c.in-operator	2006-08-31 12:20:39.000000000 +0200
+++ Linux-PAM-0.99.8.1/modules/pam_succeed_if/pam_succeed_if.c	2007-09-19 19:36:22.000000000 +0200
@@ -191,13 +191,19 @@ static int
 evaluate_inlist(const char *left, const char *right)
 {
 	char *p;
-	if ((p=strstr(right, left)) == NULL)
-		return PAM_AUTH_ERR;
-	if (p == right || *(p-1) == ':') { /* ':' is a list separator */
-		p += strlen(left);
-		if (*p == '\0' || *p == ':') {
-		    return PAM_SUCCESS;
+	/* Don't care about left containing ':'. */
+	while ((p=strstr(right, left)) != NULL) {
+		if (p == right || *(p-1) == ':') { /* ':' is a list separator */
+			p += strlen(left);
+			if (*p == '\0' || *p == ':') {
+				return PAM_SUCCESS;
+			}
 		}
+		right = strchr(p, ':');
+		if (right == NULL)
+			break;
+		else
+			++right;
 	}
 	return PAM_AUTH_ERR;
 }