pam_lastlog: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Rename to
pam_auth, add static qualifier, remove "flags" argument.
Update all callers.  Add a new pam_sm_authenticate as a thin wrapper
around pam_auth.

1 files changed, 10 insertions, 4 deletions

diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index f255b9dd..02828033 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -665,9 +665,8 @@ cleanup:
 }
 
 /* --- authentication (locking out inactive users) functions --- */
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
-		    int argc, const char **argv)
+static int
+pam_auth(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
     int retval, ctrl;
     const char *user = NULL;
@@ -742,10 +741,17 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
 }
 
 int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+		    int argc, const char **argv)
+{
+    return pam_auth(pamh, flags, argc, argv);
+}
+
+int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 		    int argc, const char **argv)
 {
-    return pam_sm_authenticate(pamh, flags, argc, argv);
+    return pam_auth(pamh, flags, argc, argv);
 }
 
 /* --- session management functions --- */