diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-01-09 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-13 08:00:00 +0000 |
| commit | 49b0b16a3d9781c6d7294b3d04a4d6d57b388c1b (patch) | |
| tree | 8b6436f495e1457a675b74f97030d44f2bcc562a /modules/pam_access | |
| parent | 8750f003e26149cc10fc2a6e88797be673ed1838 (diff) | |
| download | pam-49b0b16a3d9781c6d7294b3d04a4d6d57b388c1b.tar.gz pam-49b0b16a3d9781c6d7294b3d04a4d6d57b388c1b.tar.bz2 pam-49b0b16a3d9781c6d7294b3d04a4d6d57b388c1b.zip | |
pam_access: do not call pam_sm_authenticate
Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.
* modules/pam_access/pam_access.c (pam_sm_authenticate): Rename to
pam_access, add static qualifier, remove "flags" argument.
Update all callers. Add a new pam_sm_authenticate as a thin wrapper
around pam_access.
Diffstat (limited to 'modules/pam_access')
| -rw-r--r-- | modules/pam_access/pam_access.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index f52ab2c3..312e56e0 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -977,9 +977,8 @@ network_netmask_match (pam_handle_t *pamh, /* --- public PAM management functions --- */ -int -pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) +static int +pam_access(pam_handle_t *pamh, int argc, const char **argv) { struct login_info loginfo; const char *user=NULL; @@ -1125,31 +1124,38 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, } int -pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) +{ + return pam_access(pamh, argc, argv); +} + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - return pam_sm_authenticate (pamh, flags, argc, argv); + return pam_access(pamh, argc, argv); } int -pam_sm_open_session(pam_handle_t *pamh, int flags, +pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_access(pamh, argc, argv); } int -pam_sm_close_session(pam_handle_t *pamh, int flags, +pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_access(pamh, argc, argv); } int -pam_sm_chauthtok(pam_handle_t *pamh, int flags, +pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_access(pamh, argc, argv); } /* end of module definition */ |