diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 19:05:18 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:26:02 -0800 |
| commit | 2fab298d986f0dec0f655884083c78d4cd0a08ff (patch) | |
| tree | 3fb48879b8a0f0a14518fb6963febe68218e21b0 /modules/pam_listfile/pam_listfile.c | |
| parent | bd01c7eaabdecde8fbf697b17d70e3596aeaf83f (diff) | |
| parent | aa0448336a79d85579464f023ac87675be60abfc (diff) | |
| download | pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.tar.gz pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.tar.bz2 pam-2fab298d986f0dec0f655884083c78d4cd0a08ff.zip | |
merge upstream version 1.1.1
Diffstat (limited to 'modules/pam_listfile/pam_listfile.c')
| -rw-r--r-- | modules/pam_listfile/pam_listfile.c | 106 |
1 files changed, 31 insertions, 75 deletions
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index dbd92058..616d2201 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -18,7 +18,7 @@ #include <pwd.h> #include <grp.h> -#ifdef DEBUG +#ifdef PAM_DEBUG #include <assert.h> #endif @@ -39,17 +39,6 @@ #include <security/pam_modutil.h> #include <security/pam_ext.h> -/* checks if a user is on a list of members */ -static int is_on_list(char * const *list, const char *member) -{ - while (*list) { - if (strcmp(*list, member) == 0) - return 1; - list++; - } - return 0; -} - /* --- authentication management functions (only) --- */ /* Extended Items that are not directly available via pam_get_item() */ @@ -81,8 +70,6 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Stuff for "extended" items */ struct passwd *userinfo; - struct group *grpinfo; - char *itemlist[256]; /* Maximum of 256 items */ apply_type=APPLY_TYPE_NULL; memset(apply_val,0,sizeof(apply_val)); @@ -212,23 +199,23 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if(apply_type==APPLY_TYPE_USER) { if(strcmp(user_name, apply_val)) { /* Does not apply to this user */ -#ifdef DEBUG +#ifdef PAM_DEBUG pam_syslog(pamh,LOG_DEBUG, "don't apply: apply=%s, user=%s", apply_val,user_name); -#endif /* DEBUG */ +#endif /* PAM_DEBUG */ free(ifname); return PAM_IGNORE; } } else if(apply_type==APPLY_TYPE_GROUP) { if(!pam_modutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { /* Not a member of apply= group */ -#ifdef DEBUG +#ifdef PAM_DEBUG pam_syslog(pamh,LOG_DEBUG, "don't apply: %s not a member of group %s", user_name,apply_val); -#endif /* DEBUG */ +#endif /* PAM_DEBUG */ free(ifname); return PAM_IGNORE; } @@ -265,30 +252,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if(extitem) { switch(extitem) { case EI_GROUP: - userinfo = pam_modutil_getpwnam(pamh, citemp); - if (userinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", - citemp); - free(ifname); - return onerr; - } - grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid); - if (grpinfo == NULL) { - pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed", - (int)userinfo->pw_gid); - free(ifname); - return onerr; - } - itemlist[0] = x_strdup(grpinfo->gr_name); - setgrent(); - for (i=1; (i < (int)(sizeof(itemlist)/sizeof(itemlist[0])-1)) && - (grpinfo = getgrent()); ) { - if (is_on_list(grpinfo->gr_mem,citemp)) { - itemlist[i++] = x_strdup(grpinfo->gr_name); - } - } - endgrent(); - itemlist[i] = NULL; + /* Just ignore, call pam_modutil_in_group... later */ break; case EI_SHELL: /* Assume that we have already gotten PAM_USER in @@ -312,7 +276,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return onerr; } } -#ifdef DEBUG +#ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Got file = %s, item = %d, value = %s, sense = %d", @@ -348,46 +312,38 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, retval=PAM_AUTH_ERR; /* This loop assumes that PAM_SUCCESS == 0 and PAM_AUTH_ERR != 0 */ -#ifdef DEBUG +#ifdef PAM_DEBUG assert(PAM_SUCCESS == 0); assert(PAM_AUTH_ERR != 0); #endif - if(extitem == EI_GROUP) { - while((fgets(aline,sizeof(aline),inf) != NULL) - && retval) { - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\n') - aline[strlen(aline) - 1] = '\0'; - for(i=0;itemlist[i];) - /* If any of the items match, strcmp() == 0, and we get out - of this loop */ - retval = (strcmp(aline,itemlist[i++]) && retval); + while((fgets(aline,sizeof(aline),inf) != NULL) + && retval) { + char *a = aline; + + if(strlen(aline) == 0) + continue; + if(aline[strlen(aline) - 1] == '\n') + aline[strlen(aline) - 1] = '\0'; + if(strlen(aline) == 0) + continue; + if(aline[strlen(aline) - 1] == '\r') + aline[strlen(aline) - 1] = '\0'; + if(citem == PAM_TTY) { + if(strncmp(a, "/dev/", 5) == 0) + a += 5; } - for(i=0;itemlist[i];) - free(itemlist[i++]); - } else { - while((fgets(aline,sizeof(aline),inf) != NULL) - && retval) { - char *a = aline; - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\n') - aline[strlen(aline) - 1] = '\0'; - if(strlen(aline) == 0) - continue; - if(aline[strlen(aline) - 1] == '\r') - aline[strlen(aline) - 1] = '\0'; - if(citem == PAM_TTY) - if(strncmp(a, "/dev/", 5) == 0) - a += 5; - retval = strcmp(a,citemp); + if (extitem == EI_GROUP) { + retval = !pam_modutil_user_in_group_nam_nam(pamh, + citemp, aline); + } else { + retval = strcmp(a, citemp); } } + fclose(inf); free(ifname); if ((sense && retval) || (!sense && !retval)) { -#ifdef DEBUG +#ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Returning PAM_SUCCESS, retval = %d", retval); #endif @@ -396,7 +352,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, else { const void *service; const char *user_name; -#ifdef DEBUG +#ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Returning PAM_AUTH_ERR, retval = %d", retval); #endif |