From 94f529d4f239362dea6e43a0bd3f6323b429a712 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 9 Oct 2017 17:37:56 +0200 Subject: pam_tty_audit: Fix regression introduced by adding the uid range support. * modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): Fix constification and remove unneeded code carried from pam_limits. (pam_sm_open_session): When multiple enable/disable options are present do not stop after first match. --- modules/pam_tty_audit/pam_tty_audit.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index c76026a0..79e5d511 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -207,7 +207,7 @@ parse_uid_range(pam_handle_t *pamh, const char *s, uid_t *min_uid, uid_t *max_uid) { const char *range = s; - char *pmax; + const char *pmax; char *endptr; enum uid_range rv = UID_RANGE_MM; @@ -215,9 +215,6 @@ parse_uid_range(pam_handle_t *pamh, const char *s, return UID_RANGE_NONE; ++pmax; - if (range[0] == '@' || range[0] == '%') - ++range; - if (range[0] == ':') rv = UID_RANGE_ONE; else { @@ -298,7 +295,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) if (copy == NULL) return PAM_SESSION_ERR; for (tok = strtok_r (copy, ",", &tok_data); - tok != NULL && command == CMD_NONE; + tok != NULL && command != this_command; tok = strtok_r (NULL, ",", &tok_data)) { uid_t min_uid = 0, max_uid = 0; @@ -319,6 +316,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) case UID_RANGE_ONE: if (pwd->pw_uid == max_uid) command = this_command; + break; case UID_RANGE_ERR: break; } -- cgit v1.2.3