diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-01-09 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-13 08:00:00 +0000 |
| commit | 6bd4e4e54c2cdc38ce08436ac786330af72b6207 (patch) | |
| tree | ec7392bc0ce12cfc41327065fabe5e4343095d35 | |
| parent | 5085af5945bf84d4fed2f08727cfead1a252fa21 (diff) | |
| download | pam-6bd4e4e54c2cdc38ce08436ac786330af72b6207.tar.gz pam-6bd4e4e54c2cdc38ce08436ac786330af72b6207.tar.bz2 pam-6bd4e4e54c2cdc38ce08436ac786330af72b6207.zip | |
pam_usertype: do not call pam_sm_authenticate
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_usertype/pam_usertype.c (pam_sm_authenticate): Rename
to pam_usertype, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_usertype.
| -rw-r--r-- | modules/pam_usertype/pam_usertype.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c index a50a5a7c..27380382 100644 --- a/modules/pam_usertype/pam_usertype.c +++ b/modules/pam_usertype/pam_usertype.c @@ -255,9 +255,8 @@ pam_usertype_evaluate(struct pam_usertype_opts *opts, * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if) * - audit: log unknown users to syslog */ -int -pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) +static int +pam_usertype(pam_handle_t *pamh, int argc, const char **argv) { struct pam_usertype_opts opts; uid_t uid = -1; @@ -284,25 +283,36 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, } int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + return pam_usertype(pamh, argc, argv); +} + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_usertype(pamh, argc, argv); } int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_usertype(pamh, argc, argv); } int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_usertype(pamh, argc, argv); } int -pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_usertype(pamh, argc, argv); } |