diff options
Diffstat (limited to 'modules/pam_timestamp/pam_timestamp.c')
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index e29ce6e9..30be883c 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -38,9 +38,6 @@ * */ -#define PAM_SM_AUTH -#define PAM_SM_SESSION - #include "config.h" #include <sys/stat.h> @@ -65,12 +62,13 @@ #include <security/_pam_macros.h> #include <security/pam_ext.h> #include <security/pam_modutil.h> +#include "pam_inline.h" /* The default timeout we use is 5 minutes, which matches the sudo default * for the timestamp_timeout parameter. */ #define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60) #define MODULE "pam_timestamp" -#define TIMESTAMPDIR _PATH_VARRUN "/" MODULE +#define TIMESTAMPDIR _PATH_VARRUN MODULE #define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key" /* Various buffers we use need to be at least as large as either PATH_MAX or @@ -151,7 +149,7 @@ check_tty(const char *tty) } /* Pull out the meaningful part of the tty's name. */ if (strchr(tty, '/') != NULL) { - if (strncmp(tty, "/dev/", 5) != 0) { + if (pam_str_skip_prefix(tty, "/dev/") == NULL) { /* Make sure the device node is actually in /dev/, * noted by Michal Zalewski. */ return NULL; @@ -282,8 +280,10 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, } } for (i = 0; i < argc; i++) { - if (strncmp(argv[i], "timestampdir=", 13) == 0) { - tdir = argv[i] + 13; + const char *str; + + if ((str = pam_str_skip_prefix(argv[i], "timestampdir=")) != NULL) { + tdir = str; if (debug) { pam_syslog(pamh, LOG_DEBUG, "storing timestamps in `%s'", @@ -296,10 +296,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, return i; } /* Get the name of the target user. */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - user = NULL; - } - if ((user == NULL) || (strlen(user) == 0)) { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') { return PAM_AUTH_ERR; } if (debug) { @@ -354,7 +351,8 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv, static void verbose_success(pam_handle_t *pamh, long diff) { - pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); + pam_info(pamh, _("Access has been granted" + " (last access was %ld seconds ago)."), diff); } int @@ -376,8 +374,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } } for (i = 0; i < argc; i++) { - if (strncmp(argv[i], "timestamp_timeout=", 18) == 0) { - tmp = strtol(argv[i] + 18, &p, 0); + const char *str; + + if ((str = pam_str_skip_prefix(argv[i], "timestamp_timeout=")) != NULL) { + tmp = strtol(str, &p, 0); if ((p != NULL) && (*p == '\0')) { interval = tmp; if (debug) { @@ -577,10 +577,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * /* Create the directory for the timestamp file if it doesn't already * exist. */ - for (i = 1; path[i] != '\0'; i++) { + for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) { if (path[i] == '/') { /* Attempt to create the directory. */ - strncpy(subdir, path, i); + memcpy(subdir, path, i); subdir[i] = '\0'; if (mkdir(subdir, 0700) == 0) { /* Attempt to set the owner to the superuser. */ @@ -798,8 +798,8 @@ main(int argc, char **argv) /* Check oldest login against timestamp */ if (check_login_time(user, st.st_mtime) != PAM_SUCCESS) { retval = 7; - } else if (!timestamp_good(st.st_mtime, time(NULL), - DEFAULT_TIMESTAMP_TIMEOUT) == PAM_SUCCESS) { + } else if (timestamp_good(st.st_mtime, time(NULL), + DEFAULT_TIMESTAMP_TIMEOUT) != PAM_SUCCESS) { retval = 7; } } else { |