summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_ftp/pam_ftp.c2
-rw-r--r--modules/pam_timestamp/pam_timestamp.c31
-rw-r--r--modules/pam_unix/support.c20
3 files changed, 38 insertions, 15 deletions
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index a124795b..896a1dda 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -79,7 +79,7 @@ static int lookup(const char *name, const char *list, const char **_user)
if (list && *list) {
const char *l;
char *list_copy, *x;
- char *sptr;
+ char *sptr = NULL;
list_copy = x_strdup(list);
x = list_copy;
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index 8a01c6f3..7e6c4b0b 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -194,7 +194,7 @@ timestamp_good(time_t then, time_t now, time_t interval)
}
static int
-check_login_time(const char *ruser, time_t timestamp)
+check_login_time(const char *ruser, time_t timestamp)
{
struct utmp utbuf, *ut;
time_t oldest_login = 0;
@@ -237,14 +237,14 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
if (pwd != NULL) {
ruser = pwd->pw_name;
}
- }
+ }
if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
*ruserbuf = '\0';
return -1;
}
strcpy(ruserbuf, ruser);
return 0;
-}
+}
/* Get the path to the timestamp to use. */
static int
@@ -299,7 +299,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
tty = NULL;
} else {
tty = void_tty;
- }
+ }
if ((tty == NULL) || (strlen(tty) == 0)) {
tty = ttyname(STDIN_FILENO);
if ((tty == NULL) || (strlen(tty) == 0)) {
@@ -413,7 +413,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
int count;
void *mac;
size_t maclen;
- char ruser[BUFLEN];
+ char ruser[BUFLEN];
/* Check that the file is owned by the superuser. */
if ((st.st_uid != 0) || (st.st_gid != 0)) {
@@ -483,7 +483,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
free(mac);
memmove(&then, message + strlen(path) + 1, sizeof(then));
free(message);
-
+
/* Check oldest login against timestamp */
if (get_ruser(pamh, ruser, sizeof(ruser)))
{
@@ -565,7 +565,14 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
subdir[i] = '\0';
if (mkdir(subdir, 0700) == 0) {
/* Attempt to set the owner to the superuser. */
- lchown(subdir, 0, 0);
+ if (lchown(subdir, 0, 0) != 0) {
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "error setting permissions on `%s': %m",
+ subdir);
+ }
+ return PAM_SESSION_ERR;
+ }
} else {
if (errno != EEXIST) {
if (debug) {
@@ -617,7 +624,15 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
}
/* Attempt to set the owner to the superuser. */
- fchown(fd, 0, 0);
+ if (fchown(fd, 0, 0) != 0) {
+ if (debug) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "error setting ownership of `%s': %m",
+ path);
+ }
+ return PAM_SESSION_ERR;
+ }
+
/* Write the timestamp to the file. */
if (write(fd, text, p - text) != p - text) {
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index dda617a0..98283502 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -120,13 +120,13 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
D(("DISALLOW_NULL_AUTHTOK"));
set(UNIX__NONULL, ctrl);
}
-
+
/* Set default rounds for blowfish */
if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) {
*rounds = 5;
set(UNIX_ALGO_ROUNDS, ctrl);
}
-
+
/* Enforce sane "rounds" values */
if (on(UNIX_ALGO_ROUNDS, ctrl)) {
if (on(UNIX_BLOWFISH_PASS, ctrl)) {
@@ -478,10 +478,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
/* if the stored password is NULL */
int rc=0;
if (passwd != NULL) { /* send the password to the child */
- write(fds[1], passwd, strlen(passwd)+1);
+ if (write(fds[1], passwd, strlen(passwd)+1) == -1) {
+ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m");
+ close(fds[1]);
+ retval = PAM_AUTH_ERR;
+ }
passwd = NULL;
- } else {
- write(fds[1], "", 1); /* blank password */
+ } else { /* blank password */
+ if (write(fds[1], "", 1) == -1) {
+ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m");
+ close(fds[1]);
+ retval = PAM_AUTH_ERR;
+ }
}
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
@@ -871,7 +879,7 @@ int _unix_read_password(pam_handle_t * pamh
}
/* ****************************************************************** *
- * Copyright (c) Jan RÍkorajski 1999.
+ * Copyright (c) Jan Rêkorajski 1999.
* Copyright (c) Andrew G. Morgan 1996-8.
* Copyright (c) Alex O. Yuriev, 1996.
* Copyright (c) Cristian Gafton 1996.