From a49bdd6697c51625a52275fe8616bce0d77431c6 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 16 Mar 2020 21:02:18 +0000 Subject: modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len * modules/pam_unix/passverify.c: Include "pam_inline.h". (verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp invocations. * modules/pam_unix/support.c: Include "pam_inline.h". (_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string lengths. * modules/pam_unix/md5_crypt.c: Include "pam_inline.h". (crypt_md5): Use pam_str_skip_prefix_len. squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len --- modules/pam_unix/md5_crypt.c | 5 +++-- modules/pam_unix/passverify.c | 3 ++- modules/pam_unix/support.c | 14 +++++++++----- 3 files changed, 14 insertions(+), 8 deletions(-) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c index 4ab9ec84..94f7b434 100644 --- a/modules/pam_unix/md5_crypt.c +++ b/modules/pam_unix/md5_crypt.c @@ -15,6 +15,7 @@ #include #include #include "md5.h" +#include "pam_inline.h" static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; @@ -55,8 +56,8 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt) return NULL; /* If it starts with the magic string, then skip that */ - if (!strncmp(sp, magic, strlen(magic))) - sp += strlen(magic); + if ((ep = pam_str_skip_prefix_len(sp, magic, strlen(magic))) != NULL) + sp = ep; /* It stops at the first '$', max 8 chars */ for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 234db341..a571b4f7 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -26,6 +26,7 @@ #endif #include "pam_cc_compat.h" +#include "pam_inline.h" #include "md5.h" #include "bigcrypt.h" #include "passverify.h" @@ -88,7 +89,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, } else if (!p || *hash == '*' || *hash == '!') { retval = PAM_AUTH_ERR; } else { - if (!strncmp(hash, "$1$", 3)) { + if (pam_str_skip_prefix(hash, "$1$") != NULL) { pp = Goodcrypt_md5(p, hash); if (pp && strcmp(pp, hash) != 0) { _pam_delete(pp); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index a04211cd..41db1f04 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -29,6 +29,7 @@ #include #include "pam_cc_compat.h" +#include "pam_inline.h" #include "support.h" #include "passverify.h" @@ -112,17 +113,20 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { + const char *str = NULL; D(("pam_unix arg: %s", *argv)); for (j = 0; j < UNIX_CTRLS_; ++j) { if (unix_args[j].token - && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { + && (str = pam_str_skip_prefix_len(*argv, + unix_args[j].token, + strlen(unix_args[j].token))) != NULL) { break; } } - if (j >= UNIX_CTRLS_) { + if (str == NULL) { pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", *argv); } else { @@ -133,7 +137,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, "option remember not allowed for this module type"); continue; } - *remember = strtol(*argv + 9, NULL, 10); + *remember = strtol(str, NULL, 10); if ((*remember == INT_MIN) || (*remember == INT_MAX)) *remember = -1; if (*remember > 400) @@ -144,14 +148,14 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember, "option minlen not allowed for this module type"); continue; } - *pass_min_len = atoi(*argv + 7); + *pass_min_len = atoi(str); } else if (j == UNIX_ALGO_ROUNDS) { if (rounds == NULL) { pam_syslog(pamh, LOG_ERR, "option rounds not allowed for this module type"); continue; } - *rounds = strtol(*argv + 7, NULL, 10); + *rounds = strtol(str, NULL, 10); } ctrl &= unix_args[j].mask; /* for turning things off */ -- cgit v1.2.3