summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2020-05-16 08:00:00 +0000
committerDmitry V. Levin <ldv@altlinux.org>2020-05-16 08:00:00 +0000
commitb52bd25910c9a8a32a49be7627a709a081a3768c (patch)
treec32db20bd3200b8f134d9f64883ea74c853627b7
parentf80ff0161f77abc84ebeee6147931f0924b9a867 (diff)
modules: do not check user name for emptyness before passing it to pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as user names, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check the user name for emptyness before passing it to pam_modutil_getpwnam. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
-rw-r--r--modules/pam_access/pam_access.c3
-rw-r--r--modules/pam_lastlog/pam_lastlog.c2
-rw-r--r--modules/pam_pwhistory/pam_pwhistory.c9
-rw-r--r--modules/pam_shells/pam_shells.c12
-rw-r--r--modules/pam_tally/pam_tally.c10
-rw-r--r--modules/pam_tally2/pam_tally2.c10
-rw-r--r--modules/pam_umask/pam_umask.c6
7 files changed, 12 insertions, 40 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index b0289a3a..8d6cfe7e 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -819,8 +819,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* set username */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS
- || *user == '\0') {
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 3e27b3ed..e244cb71 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -669,7 +669,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* which user? */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index 9b44cd87..cf4fc078 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -139,15 +139,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
if (retval != PAM_SUCCESS)
return retval;
- if (strlen (user) == 0)
- {
- if (options.debug)
- pam_syslog (pamh, LOG_DEBUG,
- "User is not known to system");
-
- return PAM_USER_UNKNOWN;
- }
-
if (flags & PAM_PRELIM_CHECK)
{
if (options.debug)
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 9e15a566..dc8f4878 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -40,18 +40,6 @@ static int perform_check(pam_handle_t *pamh)
return PAM_SERVICE_ERR;
}
- if (userName[0] == '\0') {
-
- /* Don't let them use a NULL username... */
- retval = pam_get_user(pamh,&userName,NULL);
- if (retval != PAM_SUCCESS)
- return PAM_SERVICE_ERR;
-
- /* It could still be NULL the second time. */
- if (userName[0] == '\0')
- return PAM_SERVICE_ERR;
- }
-
pw = pam_modutil_getpwnam(pamh, userName);
if (pw == NULL || pw->pw_shell == NULL) {
return PAM_AUTH_ERR; /* user doesn't exist */
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 08b5ace2..f0a28bba 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -227,6 +227,11 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
#ifdef MAIN
user = cline_user;
+
+ if ( !user ) {
+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
+ return PAM_AUTH_ERR;
+ }
#else
if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "pam_get_user; user?");
@@ -234,11 +239,6 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
}
#endif
- if ( !user || !*user ) {
- pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
- return PAM_AUTH_ERR;
- }
-
if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
opts->ctrl & OPT_AUDIT ?
pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
index 8c171b68..ff90af7d 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -260,17 +260,17 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
#ifdef MAIN
user = cline_user;
+
+ if ( !user ) {
+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
+ return PAM_AUTH_ERR;
+ }
#else
if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
user = NULL;
}
#endif
- if ( !user || !*user ) {
- pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
- return PAM_AUTH_ERR;
- }
-
if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
opts->ctrl & OPT_AUDIT ?
pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index e17d0fc1..3cfe5538 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -205,12 +205,6 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval);
}
- if (name[0] == '\0')
- {
- pam_syslog (pamh, LOG_NOTICE, "bad username [%s]", name);
- return PAM_USER_UNKNOWN;
- }
-
pw = pam_modutil_getpwnam (pamh, name);
if (pw == NULL)
{