summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2020-05-01 21:44:59 +0000
committerDmitry V. Levin <ldv@altlinux.org>2020-05-22 11:00:00 +0000
commitbe80ddec86c182c22338cb9b526f2fadaf4c1c86 (patch)
tree0b7b6a0781f429cb73d22ee833efe5b08e96767e /modules
parent2e379a5a7f6ccf07dc2da92bff26f459e419a072 (diff)
pam_localuser: refactor pam_sm_authenticate
* modules/pam_localuser/pam_localuser.c (check_user_in_passwd): New function. (pam_sm_authenticate): Use it.
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_localuser/pam_localuser.c119
1 files changed, 63 insertions, 56 deletions
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index a9fbb64e..cb507524 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -2,6 +2,7 @@
* pam_localuser module
*
* Copyright 2001, 2004 Red Hat, Inc.
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -47,52 +48,17 @@
#include <security/pam_ext.h>
#include "pam_inline.h"
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
+static int
+check_user_in_passwd(pam_handle_t *pamh, const char *user_name,
+ const char *file_name)
{
- int i, ret;
+ int rc;
+ size_t user_len;
FILE *fp;
- int debug = 0;
- const char *filename = "/etc/passwd";
char line[BUFSIZ];
- const char* user;
- size_t user_len;
-
- /* process arguments */
- for(i = 0; i < argc; i++) {
- if(strcmp("debug", argv[i]) == 0) {
- debug = 1;
- }
- }
- for(i = 0; i < argc; i++) {
- const char *str;
-
- if (strcmp("debug", argv[i]) == 0) {
- /* Already processed. */
- continue;
- }
- if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) {
- filename = str;
- if(debug) {
- pam_syslog (pamh, LOG_DEBUG,
- "set filename to \"%s\"",
- filename);
- }
- } else {
- pam_syslog(pamh, LOG_ERR, "unrecognized option: %s",
- argv[i]);
- }
- }
-
- /* Obtain the user name. */
- if ((ret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
- return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret;
- }
-
- if ((user_len = strlen(user)) == 0) {
+ /* Validate the user name. */
+ if ((user_len = strlen(user_name)) == 0) {
pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
return PAM_SERVICE_ERR;
}
@@ -102,7 +68,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
return PAM_SERVICE_ERR;
}
- if (strchr(user, ':') != NULL) {
+ if (strchr(user_name, ':') != NULL) {
/*
* "root:x" is not a local user name even if the passwd file
* contains a line starting with "root:x:".
@@ -111,9 +77,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
}
/* Open the passwd file. */
- if ((fp = fopen(filename, "r")) == NULL) {
- pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m",
- filename);
+ if (file_name == NULL) {
+ file_name = "/etc/passwd";
+ }
+ if ((fp = fopen(file_name, "r")) == NULL) {
+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
return PAM_SERVICE_ERR;
}
@@ -122,25 +90,20 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
* the latter is not flexible enough in handling long lines
* in passwd files.
*/
- ret = PAM_PERM_DENIED;
+ rc = PAM_PERM_DENIED;
while (fgets(line, sizeof(line), fp) != NULL) {
size_t line_len;
const char *str;
- if(debug) {
- pam_syslog (pamh, LOG_DEBUG, "checking \"%s\"", line);
- }
-
/*
* Does this line start with the user name
* followed by a colon?
*/
- if (strncmp(user, line, user_len) == 0 &&
+ if (strncmp(user_name, line, user_len) == 0 &&
line[user_len] == ':') {
- ret = PAM_SUCCESS;
+ rc = PAM_SUCCESS;
break;
}
-
/* Has a newline been read? */
line_len = strlen(line);
if (line_len < sizeof(line) - 1 ||
@@ -164,9 +127,53 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
/* Continue with the next line. */
}
- /* okay, we're done */
fclose(fp);
- return ret;
+ return rc;
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ int i;
+ int rc;
+ int debug = 0;
+ const char *file_name = NULL;
+ const char *user_name = NULL;
+
+ /* Process arguments. */
+ for (i = 0; i < argc; ++i) {
+ if (strcmp("debug", argv[i]) == 0) {
+ debug = 1;
+ }
+ }
+ for (i = 0; i < argc; ++i) {
+ const char *str;
+
+ if (strcmp("debug", argv[i]) == 0) {
+ /* Already processed. */
+ continue;
+ }
+ if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) {
+ file_name = str;
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "set filename to %s", file_name);
+ }
+ } else {
+ pam_syslog(pamh, LOG_ERR, "unrecognized option: %s",
+ argv[i]);
+ }
+ }
+
+ /* Obtain the user name. */
+ if ((rc = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, rc));
+ return rc == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rc;
+ }
+
+ return check_user_in_passwd(pamh, user_name, file_name);
}
int