diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-16 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-16 08:00:00 +0000 |
| commit | b52bd25910c9a8a32a49be7627a709a081a3768c (patch) | |
| tree | c32db20bd3200b8f134d9f64883ea74c853627b7 | |
| parent | f80ff0161f77abc84ebeee6147931f0924b9a867 (diff) | |
| download | pam-b52bd25910c9a8a32a49be7627a709a081a3768c.tar.gz pam-b52bd25910c9a8a32a49be7627a709a081a3768c.tar.bz2 pam-b52bd25910c9a8a32a49be7627a709a081a3768c.zip | |
modules: do not check user name for emptyness before passing it to pam_modutil_getpwnam
pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
| -rw-r--r-- | modules/pam_access/pam_access.c | 3 | ||||
| -rw-r--r-- | modules/pam_lastlog/pam_lastlog.c | 2 | ||||
| -rw-r--r-- | modules/pam_pwhistory/pam_pwhistory.c | 9 | ||||
| -rw-r--r-- | modules/pam_shells/pam_shells.c | 12 | ||||
| -rw-r--r-- | modules/pam_tally/pam_tally.c | 10 | ||||
| -rw-r--r-- | modules/pam_tally2/pam_tally2.c | 10 | ||||
| -rw-r--r-- | modules/pam_umask/pam_umask.c | 6 |
7 files changed, 12 insertions, 40 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index b0289a3a..8d6cfe7e 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -819,8 +819,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* set username */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS - || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 3e27b3ed..e244cb71 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -669,7 +669,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* which user? */ - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 9b44cd87..cf4fc078 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -139,15 +139,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (retval != PAM_SUCCESS) return retval; - if (strlen (user) == 0) - { - if (options.debug) - pam_syslog (pamh, LOG_DEBUG, - "User is not known to system"); - - return PAM_USER_UNKNOWN; - } - if (flags & PAM_PRELIM_CHECK) { if (options.debug) diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index 9e15a566..dc8f4878 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -40,18 +40,6 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; } - if (userName[0] == '\0') { - - /* Don't let them use a NULL username... */ - retval = pam_get_user(pamh,&userName,NULL); - if (retval != PAM_SUCCESS) - return PAM_SERVICE_ERR; - - /* It could still be NULL the second time. */ - if (userName[0] == '\0') - return PAM_SERVICE_ERR; - } - pw = pam_modutil_getpwnam(pamh, userName); if (pw == NULL || pw->pw_shell == NULL) { return PAM_AUTH_ERR; /* user doesn't exist */ diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 08b5ace2..f0a28bba 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -227,6 +227,11 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt #ifdef MAIN user = cline_user; + + if ( !user ) { + pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); + return PAM_AUTH_ERR; + } #else if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_get_user; user?"); @@ -234,11 +239,6 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt } #endif - if ( !user || !*user ) { - pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); - return PAM_AUTH_ERR; - } - if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { opts->ctrl & OPT_AUDIT ? pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 8c171b68..ff90af7d 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -260,17 +260,17 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt #ifdef MAIN user = cline_user; + + if ( !user ) { + pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); + return PAM_AUTH_ERR; + } #else if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { user = NULL; } #endif - if ( !user || !*user ) { - pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); - return PAM_AUTH_ERR; - } - if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { opts->ctrl & OPT_AUDIT ? pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index e17d0fc1..3cfe5538 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -205,12 +205,6 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval); } - if (name[0] == '\0') - { - pam_syslog (pamh, LOG_NOTICE, "bad username [%s]", name); - return PAM_USER_UNKNOWN; - } - pw = pam_modutil_getpwnam (pamh, name); if (pw == NULL) { |