Relevant BUGIDs: 562730, 435990

Purpose of commit: bugfix

Commit summary:
---------------
        * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name.
        * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name. Allow unset tty.
        (logic_member): Allow matching ':' in tty name.
        * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name. Allow unset tty.
        (logic_member): Allow matching ':' in tty name.

        * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
        is not terminal.

5 files changed, 49 insertions, 16 deletions

diff --git a/ChangeLog b/ChangeLog
index 438e67bb..a3f5b643 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2005-11-09  Tomas Mraz <t8m@centrum.cz>
+
+	* modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
+	full path tty name.
+	* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
+	full path tty name. Allow unset tty.
+	(logic_member): Allow matching ':' in tty name.
+	* modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
+	full path tty name. Allow unset tty.
+	(logic_member): Allow matching ':' in tty name.
+
+	* libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
+	is not terminal.
+	
 2005-11-07  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index ded256b2..52d647ab 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -180,7 +180,18 @@ static int read_string(int echo, const char *prompt, char **retstr)
 	    D(("<failed to set alarm>"));
 	    break;
 	} else {
-	    nc = read(STDIN_FILENO, line, INPUTSIZE-1);
+	    if (have_term)
+		nc = read(STDIN_FILENO, line, INPUTSIZE-1);
+	    else                             /* we must read one line only */
+    		for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n';
+		     nc++) {
+		    int rv;
+		    if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) {
+			if (rv < 0)
+			    nc = rv;
+			break;
+		    }
+		}
 	    if (have_term) {
 		(void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before);
 		if (!echo || expired)             /* do we need a newline? */
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 867cd9a1..2d8c92b4 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -435,11 +435,13 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
 	else
 	  from = void_from;
 
-	if (from != NULL && from[0] == '/') { 	/* full path */
-		from++;
-		from = strchr(from, '/');
-		from++;
-        }
+	if (from[0] == '/') {   /* full path */
+	    const char *f;
+	    from++;
+	    if ((f = strchr(from, '/')) != NULL) {
+		from = f + 1;
+	    }
+	}
     }
 
     if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN);
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 4e6aa915..fbe609c7 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -250,7 +250,7 @@ static int logic_member(const char *string, int *at)
 
 	  default:
 	       if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
-		    || c == '-' || c == '.' || c == '/') {
+		    || c == '-' || c == '.' || c == '/' || c == ':') {
 		    token = 1;
 	       } else if (token) {
 		    --to;
@@ -809,8 +809,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
 	D(("PAM_TTY not set, probing stdin"));
 	tty = ttyname(STDIN_FILENO);
 	if (tty == NULL) {
-	    pam_syslog(pamh,LOG_ERR,"couldn't get the tty name");
-	    return PAM_ABORT;
+	    tty = "";
 	}
 	if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
 	    pam_syslog(pamh,LOG_ERR,"couldn't set tty name");
@@ -820,8 +819,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
     else
       tty = (const char *) void_tty;
 
-    if (strncmp("/dev/",tty,5) == 0) {          /* strip leading /dev/ */
-	tty += 5;
+    if (tty[0] == '/') {   /* full path */
+	const char *t;
+        tty++;
+        if ((t = strchr(tty, '/')) != NULL) {
+	    tty = t + 1;
+	}
     }
 
     /* good, now we have the service name, the user and the terminal name */
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index ccbd88bf..d4aee8a4 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -247,7 +247,7 @@ logic_member(const char *string, int *at)
 
 	  default:
 	       if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
-		    || c == '-' || c == '.' || c == '/') {
+		    || c == '-' || c == '.' || c == '/' || c == ':') {
 		    token = 1;
 	       } else if (token) {
 		    --to;
@@ -591,8 +591,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
 	D(("PAM_TTY not set, probing stdin"));
 	tty = ttyname(STDIN_FILENO);
 	if (tty == NULL) {
-	    pam_syslog(pamh, LOG_ERR, "couldn't get the tty name");
-	    return PAM_ABORT;
+	    tty = "";
 	}
 	if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
 	    pam_syslog(pamh, LOG_ERR, "couldn't set tty name");
@@ -602,8 +601,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
     else
       tty = void_tty;
 
-    if (strncmp("/dev/",tty,5) == 0) {          /* strip leading /dev/ */
-	tty += 5;
+    if (tty[0] == '/') {   /* full path */
+        const char *t;
+        tty++;
+        if ((t = strchr(tty, '/')) != NULL) {
+            tty = t + 1;
+        }
     }
 
     /* good, now we have the service name, the user and the terminal name */