diff options
Diffstat (limited to 'modules/pam_listfile/pam_listfile.c')
| -rw-r--r-- | modules/pam_listfile/pam_listfile.c | 43 |
1 files changed, 17 insertions, 26 deletions
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 5723598e..28fd58fc 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -1,4 +1,6 @@ /* + * pam_listfile module + * * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. July 25, 1996. * log refused access error christopher mccrory <chrismcc@netus.com> 1998/7/11 * @@ -22,22 +24,11 @@ #include <assert.h> #endif -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION - #include <security/pam_modules.h> #include <security/_pam_macros.h> #include <security/pam_modutil.h> #include <security/pam_ext.h> +#include "pam_inline.h" /* --- authentication management functions (only) --- */ @@ -65,14 +56,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, char mybuf[256],myval[256]; struct stat fileinfo; FILE *inf; - char apply_val[256]; + const char *apply_val; int apply_type; /* Stuff for "extended" items */ struct passwd *userinfo; apply_type=APPLY_TYPE_NULL; - memset(apply_val,0,sizeof(apply_val)); + apply_val=""; for(i=0; i < argc; i++) { { @@ -140,13 +131,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, citem = 0; } else if(!strcmp(mybuf,"apply")) { apply_type=APPLY_TYPE_NONE; - memset(apply_val,'\0',sizeof(apply_val)); if (myval[0]=='@') { apply_type=APPLY_TYPE_GROUP; - strncpy(apply_val,myval+1,sizeof(apply_val)-1); + apply_val=myval+1; } else { apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); + apply_val=myval; } } else { free(ifname); @@ -198,7 +188,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int rval; rval=pam_get_user(pamh,&user_name,NULL); - if((rval==PAM_SUCCESS) && user_name && user_name[0]) { + if(rval==PAM_SUCCESS && user_name[0]) { /* Got it ? Valid ? */ if(apply_type==APPLY_TYPE_USER) { if(strcmp(user_name, apply_val)) { @@ -235,16 +225,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } if((citem == PAM_USER) && !citemp) { retval = pam_get_user(pamh,&citemp,NULL); - if (retval != PAM_SUCCESS || !citemp) { + if (retval != PAM_SUCCESS) { free(ifname); return PAM_SERVICE_ERR; } } if((citem == PAM_TTY) && citemp) { /* Normalize the TTY name. */ - if(strncmp(citemp, "/dev/", 5) == 0) { - citemp += 5; - } + const char *str = pam_str_skip_prefix(citemp, "/dev/"); + if (str != NULL) + citemp = str; } if(!citemp || (strlen(citemp) == 0)) { @@ -264,7 +254,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, gets set to PAM_USER in the extitem switch */ userinfo = pam_modutil_getpwnam(pamh, citemp); if (userinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", + pam_syslog(pamh, LOG_NOTICE, "getpwnam(%s) failed", citemp); free(ifname); return onerr; @@ -323,7 +313,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, #endif while((fgets(aline,sizeof(aline),inf) != NULL) && retval) { - char *a = aline; + const char *a = aline; if(strlen(aline) == 0) continue; @@ -334,8 +324,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if(aline[strlen(aline) - 1] == '\r') aline[strlen(aline) - 1] = '\0'; if(citem == PAM_TTY) { - if(strncmp(a, "/dev/", 5) == 0) - a += 5; + const char *str = pam_str_skip_prefix(a, "/dev/"); + if (str != NULL) + a = str; } if (extitem == EI_GROUP) { retval = !pam_modutil_user_in_group_nam_nam(pamh, |