summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2020-03-16 21:02:18 +0000
committerDmitry V. Levin <ldv@altlinux.org>2020-03-19 18:40:16 +0000
commita49bdd6697c51625a52275fe8616bce0d77431c6 (patch)
tree8d3f3f9b5baa5e038b6d2ff0a2e979c332de5730 /modules/pam_unix
parent6de381b638547ca6625c2fa8d6355ad61e452fc7 (diff)
modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
* modules/pam_unix/passverify.c: Include "pam_inline.h". (verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp invocations. * modules/pam_unix/support.c: Include "pam_inline.h". (_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string lengths. * modules/pam_unix/md5_crypt.c: Include "pam_inline.h". (crypt_md5): Use pam_str_skip_prefix_len. squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/md5_crypt.c5
-rw-r--r--modules/pam_unix/passverify.c3
-rw-r--r--modules/pam_unix/support.c14
3 files changed, 14 insertions, 8 deletions
diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c
index 4ab9ec84..94f7b434 100644
--- a/modules/pam_unix/md5_crypt.c
+++ b/modules/pam_unix/md5_crypt.c
@@ -15,6 +15,7 @@
#include <string.h>
#include <stdlib.h>
#include "md5.h"
+#include "pam_inline.h"
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -55,8 +56,8 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt)
return NULL;
/* If it starts with the magic string, then skip that */
- if (!strncmp(sp, magic, strlen(magic)))
- sp += strlen(magic);
+ if ((ep = pam_str_skip_prefix_len(sp, magic, strlen(magic))) != NULL)
+ sp = ep;
/* It stops at the first '$', max 8 chars */
for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 234db341..a571b4f7 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -26,6 +26,7 @@
#endif
#include "pam_cc_compat.h"
+#include "pam_inline.h"
#include "md5.h"
#include "bigcrypt.h"
#include "passverify.h"
@@ -88,7 +89,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
} else if (!p || *hash == '*' || *hash == '!') {
retval = PAM_AUTH_ERR;
} else {
- if (!strncmp(hash, "$1$", 3)) {
+ if (pam_str_skip_prefix(hash, "$1$") != NULL) {
pp = Goodcrypt_md5(p, hash);
if (pp && strcmp(pp, hash) != 0) {
_pam_delete(pp);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index a04211cd..41db1f04 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -29,6 +29,7 @@
#include <security/pam_modutil.h>
#include "pam_cc_compat.h"
+#include "pam_inline.h"
#include "support.h"
#include "passverify.h"
@@ -112,17 +113,20 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
/* now parse the arguments to this module */
for (; argc-- > 0; ++argv) {
+ const char *str = NULL;
D(("pam_unix arg: %s", *argv));
for (j = 0; j < UNIX_CTRLS_; ++j) {
if (unix_args[j].token
- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) {
+ && (str = pam_str_skip_prefix_len(*argv,
+ unix_args[j].token,
+ strlen(unix_args[j].token))) != NULL) {
break;
}
}
- if (j >= UNIX_CTRLS_) {
+ if (str == NULL) {
pam_syslog(pamh, LOG_ERR,
"unrecognized option [%s]", *argv);
} else {
@@ -133,7 +137,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
"option remember not allowed for this module type");
continue;
}
- *remember = strtol(*argv + 9, NULL, 10);
+ *remember = strtol(str, NULL, 10);
if ((*remember == INT_MIN) || (*remember == INT_MAX))
*remember = -1;
if (*remember > 400)
@@ -144,14 +148,14 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
"option minlen not allowed for this module type");
continue;
}
- *pass_min_len = atoi(*argv + 7);
+ *pass_min_len = atoi(str);
} else if (j == UNIX_ALGO_ROUNDS) {
if (rounds == NULL) {
pam_syslog(pamh, LOG_ERR,
"option rounds not allowed for this module type");
continue;
}
- *rounds = strtol(*argv + 7, NULL, 10);
+ *rounds = strtol(str, NULL, 10);
}
ctrl &= unix_args[j].mask; /* for turning things off */