diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-01-09 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-13 08:00:00 +0000 |
| commit | 5085af5945bf84d4fed2f08727cfead1a252fa21 (patch) | |
| tree | 3f5034d44c14fb47eb14a9afd4adfa58d70233ce | |
| parent | 1f1dff78cd1e58a26b302d138f75f51061acc12c (diff) | |
| download | pam-5085af5945bf84d4fed2f08727cfead1a252fa21.tar.gz pam-5085af5945bf84d4fed2f08727cfead1a252fa21.tar.bz2 pam-5085af5945bf84d4fed2f08727cfead1a252fa21.zip | |
pam_succeed_if: do not call pam_sm_authenticate
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Rename
to pam_succeed_if, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_succeed_if.
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index c80a60cd..1857eb96 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -445,9 +445,8 @@ evaluate(pam_handle_t *pamh, int debug, return PAM_SERVICE_ERR; } -int -pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) +static int +pam_succeed_if(pam_handle_t *pamh, int argc, const char **argv) { const char *user; struct passwd *pwd = NULL; @@ -587,25 +586,36 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, } int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + return pam_succeed_if(pamh, argc, argv); +} + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_succeed_if(pamh, argc, argv); } int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_succeed_if(pamh, argc, argv); } int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_succeed_if(pamh, argc, argv); } int -pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_succeed_if(pamh, argc, argv); } |