summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2020-02-24 18:57:17 +0100
committerTomas Mraz <tmraz@fedoraproject.org>2020-02-24 18:57:17 +0100
commita33d198dd60d34422c706fd85d00b64d43402690 (patch)
tree8846f1f0b97da6635771ad55cfb7815208891b09
parent28189d80695e320c4bf014232e279671182b502e (diff)
pam_group, pam_time: Fix logical error with multiple ! operators
* modules/pam_group/group.conf.5.xml: Document what logic list means. * modules/pam_time/time.conf.5.xml: Likewise. * modules/pam_group/pam_group.c (logic_field): Clear the not operator for the further operations. * modules/pam_time/pam_time.c (logic_field): Likewise.
-rw-r--r--modules/pam_group/group.conf.5.xml6
-rw-r--r--modules/pam_group/pam_group.c1
-rw-r--r--modules/pam_time/pam_time.c1
-rw-r--r--modules/pam_time/time.conf.5.xml6
4 files changed, 14 insertions, 0 deletions
diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml
index fc5370f5..5f3bb793 100644
--- a/modules/pam_group/group.conf.5.xml
+++ b/modules/pam_group/group.conf.5.xml
@@ -58,6 +58,12 @@
</para>
<para>
+ A logic list namely means individual tokens that are optionally prefixed
+ with '!' (logical not) and separated with '&' (logical and) and '|'
+ (logical or).
+ </para>
+
+ <para>
For these items the simple wildcard '*' may be used only once.
With UNIX groups or netgroups no wildcards or logic operators
are allowed.
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 66252c78..2172a0b5 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -298,6 +298,7 @@ logic_field (const pam_handle_t *pamh, const void *me,
return FALSE;
}
next = VAL;
+ not = FALSE;
}
at += l;
}
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index 4863ea4e..85a4d42b 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -328,6 +328,7 @@ logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule,
return FALSE;
}
next = VAL;
+ not = FALSE;
}
at += l;
}
diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml
index 82227ba0..ee2639d2 100644
--- a/modules/pam_time/time.conf.5.xml
+++ b/modules/pam_time/time.conf.5.xml
@@ -65,6 +65,12 @@
</para>
<para>
+ A logic list namely means individual tokens that are optionally prefixed
+ with '!' (logical not) and separated with '&' (logical and) and '|'
+ (logical or).
+ </para>
+
+ <para>
For these items the simple wildcard '*' may be used only once.
With netgroups no wildcards or logic operators are allowed.
</para>