diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2003-01-14 05:43:07 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2003-01-14 05:43:07 +0000 |
| commit | 7050b307e9e712471d987e0c5f8dd1cb2260511c (patch) | |
| tree | 5bf06d87cc804cb3255e12d0cb1b47064a2d1755 /modules/pam_unix/support.c | |
| parent | 2b71955aec63541e4b071c12eae9fba76e7085fa (diff) | |
Relevant BUGIDs: 667584 664290
Purpose of commit: bugfix
Commit summary:
---------------
Two bug fixes in one: don't trust getlogin() and sanely lower the
time the password databases are locked in pam_unix.
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 42 |
1 files changed, 10 insertions, 32 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 68f59a92..5d62bfec 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -20,6 +20,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> +#include <security/_pam_modutil.h> #include "md5.h" #include "support.h" @@ -107,36 +108,6 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl return retval; } - /* - * Beacause getlogin() is braindead and sometimes it just - * doesn't work, we reimplement it here. - */ -char *PAM_getlogin(void) -{ - struct utmp *ut, line; - char *curr_tty, *retval; - static char curr_user[sizeof(ut->ut_user) + 4]; - - retval = NULL; - - curr_tty = ttyname(0); - if (curr_tty != NULL) { - D(("PAM_getlogin ttyname: %s", curr_tty)); - curr_tty += 5; - setutent(); - strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); - if ((ut = getutline(&line)) != NULL) { - strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); - curr_user[sizeof(curr_user) - 1] = '\0'; - retval = curr_user; - } - endutent(); - } - D(("PAM_getlogin retval: %s", retval)); - - return retval; -} - /* * set the control flags for the UNIX module. */ @@ -668,10 +639,17 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (new != NULL) { - new->user = x_strdup(name ? name : ""); + const char *login_name; + + login_name = _pammodutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + + new->user = x_strdup(name ? name : ""); new->uid = getuid(); new->euid = geteuid(); - new->name = x_strdup(PAM_getlogin()? PAM_getlogin() : ""); + new->name = x_strdup(login_name); /* any previous failures for this user ? */ pam_get_data(pamh, data_name, (const void **) &old); |