summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c26
-rw-r--r--modules/pam_usertype/pam_usertype.c2
2 files changed, 21 insertions, 7 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index b02b93d2..f33e6097 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -215,34 +215,48 @@ evaluate_notinlist(const char *left, const char *right)
}
/* Return PAM_SUCCESS if the user is in the group. */
static int
-evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group)
+evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *grouplist)
{
char *ptr = NULL;
- const char const *delim = ":";
+ static const char delim[] = ":";
char const *grp = NULL;
+ char *group = strdup(grouplist);
+
+ if (group == NULL)
+ return PAM_BUF_ERR;
grp = strtok_r(group, delim, &ptr);
while(grp != NULL) {
- if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1)
+ if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1) {
+ free(group);
return PAM_SUCCESS;
+ }
grp = strtok_r(NULL, delim, &ptr);
}
+ free(group);
return PAM_AUTH_ERR;
}
/* Return PAM_SUCCESS if the user is NOT in the group. */
static int
-evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
+evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *grouplist)
{
char *ptr = NULL;
- const char const *delim = ":";
+ static const char delim[] = ":";
char const *grp = NULL;
+ char *group = strdup(grouplist);
+
+ if (group == NULL)
+ return PAM_BUF_ERR;
grp = strtok_r(group, delim, &ptr);
while(grp != NULL) {
- if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1)
+ if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1) {
+ free(group);
return PAM_AUTH_ERR;
+ }
grp = strtok_r(NULL, delim, &ptr);
}
+ free(group);
return PAM_SUCCESS;
}
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
index d3629c13..a15599e3 100644
--- a/modules/pam_usertype/pam_usertype.c
+++ b/modules/pam_usertype/pam_usertype.c
@@ -271,7 +271,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
struct pam_usertype_opts opts;
- uid_t uid;
+ uid_t uid = -1;
int ret;
ret = pam_usertype_parse_args(&opts, pamh, argc, argv);