From 2d243af6b8ebe579f19ad27d3ab3907ebfe6a77e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 9 Nov 2005 10:17:00 +0000 Subject: Relevant BUGIDs: 562730, 435990 Purpose of commit: bugfix Commit summary: --------------- * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly full path tty name. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin is not terminal. --- ChangeLog | 14 ++++++++++++++ libpam_misc/misc_conv.c | 13 ++++++++++++- modules/pam_access/pam_access.c | 12 +++++++----- modules/pam_group/pam_group.c | 13 ++++++++----- modules/pam_time/pam_time.c | 13 ++++++++----- 5 files changed, 49 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 438e67bb..a3f5b643 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +2005-11-09 Tomas Mraz + + * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. + * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. Allow unset tty. + (logic_member): Allow matching ':' in tty name. + * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly + full path tty name. Allow unset tty. + (logic_member): Allow matching ':' in tty name. + + * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin + is not terminal. + 2005-11-07 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index ded256b2..52d647ab 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -180,7 +180,18 @@ static int read_string(int echo, const char *prompt, char **retstr) D(("")); break; } else { - nc = read(STDIN_FILENO, line, INPUTSIZE-1); + if (have_term) + nc = read(STDIN_FILENO, line, INPUTSIZE-1); + else /* we must read one line only */ + for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n'; + nc++) { + int rv; + if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) { + if (rv < 0) + nc = rv; + break; + } + } if (have_term) { (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); if (!echo || expired) /* do we need a newline? */ diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 867cd9a1..2d8c92b4 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -435,11 +435,13 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, else from = void_from; - if (from != NULL && from[0] == '/') { /* full path */ - from++; - from = strchr(from, '/'); - from++; - } + if (from[0] == '/') { /* full path */ + const char *f; + from++; + if ((f = strchr(from, '/')) != NULL) { + from = f + 1; + } + } } if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN); diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 4e6aa915..fbe609c7 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -250,7 +250,7 @@ static int logic_member(const char *string, int *at) default: if (isalpha(c) || c == '*' || isdigit(c) || c == '_' - || c == '-' || c == '.' || c == '/') { + || c == '-' || c == '.' || c == '/' || c == ':') { token = 1; } else if (token) { --to; @@ -809,8 +809,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, D(("PAM_TTY not set, probing stdin")); tty = ttyname(STDIN_FILENO); if (tty == NULL) { - pam_syslog(pamh,LOG_ERR,"couldn't get the tty name"); - return PAM_ABORT; + tty = ""; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { pam_syslog(pamh,LOG_ERR,"couldn't set tty name"); @@ -820,8 +819,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, else tty = (const char *) void_tty; - if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */ - tty += 5; + if (tty[0] == '/') { /* full path */ + const char *t; + tty++; + if ((t = strchr(tty, '/')) != NULL) { + tty = t + 1; + } } /* good, now we have the service name, the user and the terminal name */ diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index ccbd88bf..d4aee8a4 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -247,7 +247,7 @@ logic_member(const char *string, int *at) default: if (isalpha(c) || c == '*' || isdigit(c) || c == '_' - || c == '-' || c == '.' || c == '/') { + || c == '-' || c == '.' || c == '/' || c == ':') { token = 1; } else if (token) { --to; @@ -591,8 +591,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, D(("PAM_TTY not set, probing stdin")); tty = ttyname(STDIN_FILENO); if (tty == NULL) { - pam_syslog(pamh, LOG_ERR, "couldn't get the tty name"); - return PAM_ABORT; + tty = ""; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "couldn't set tty name"); @@ -602,8 +601,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, else tty = void_tty; - if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */ - tty += 5; + if (tty[0] == '/') { /* full path */ + const char *t; + tty++; + if ((t = strchr(tty, '/')) != NULL) { + tty = t + 1; + } } /* good, now we have the service name, the user and the terminal name */ -- cgit v1.2.3