diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-01-08 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-13 08:00:00 +0000 |
| commit | 8750f003e26149cc10fc2a6e88797be673ed1838 (patch) | |
| tree | b44fb8349a6ac270965e70d742180285cf733cff /modules/pam_listfile | |
| parent | 74d724859d4d7ff1119543d77c990a95df96f317 (diff) | |
| download | pam-8750f003e26149cc10fc2a6e88797be673ed1838.tar.gz pam-8750f003e26149cc10fc2a6e88797be673ed1838.tar.bz2 pam-8750f003e26149cc10fc2a6e88797be673ed1838.zip | |
pam_listfile: log all option errors
The parser of module options used to bail out after the first option
error without checking other options. With this change, while the
return code semantics remains unchanged, all option errors are logged.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Log all
option errors.
Diffstat (limited to 'modules/pam_listfile')
| -rw-r--r-- | modules/pam_listfile/pam_listfile.c | 53 |
1 files changed, 38 insertions, 15 deletions
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index bbfb46fd..95a8d59a 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -48,7 +48,13 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; + int retval = -1; + int onerr = PAM_SERVICE_ERR; + int citem = 0; + int extitem = 0; + int sense = -1; + int quiet = 0; + int i; const void *void_citemp; const char *citemp; const char *ifname=NULL; @@ -85,7 +91,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, onerr = PAM_SERVICE_ERR; else { pam_syslog(pamh, LOG_ERR, "Unknown option: %s", argv[i]); - return PAM_SERVICE_ERR; + if (retval == -1) + retval = PAM_SERVICE_ERR; + continue; } } else if ((str = pam_str_skip_prefix(argv[i], "sense=")) != NULL) { if(!strcmp(str,"allow")) @@ -94,7 +102,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, sense=1; else { pam_syslog(pamh, LOG_ERR, "Unknown option: %s", argv[i]); - return onerr; + if (retval == -1) + retval = onerr; + continue; } } else if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) { ifname = str; @@ -128,30 +138,43 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } else { pam_syslog(pamh,LOG_ERR, "Unknown option: %s",argv[i]); - return onerr; + if (retval == -1) + retval = onerr; + continue; } } - if(!citem) { + if (!citem) { pam_syslog(pamh,LOG_ERR, "Unknown item or item not specified"); - return onerr; - } else if(!ifname) { + if (retval == -1) + retval = onerr; + } + + if (!ifname) { pam_syslog(pamh,LOG_ERR, "List filename not specified"); - return onerr; - } else if(sense == 2) { + if (retval == -1) + retval = onerr; + } + + if (sense == -1) { pam_syslog(pamh,LOG_ERR, "Unknown sense or sense not specified"); - return onerr; - } else if( - (apply_type==APPLY_TYPE_NONE) || - ((apply_type!=APPLY_TYPE_NULL) && (*apply_val=='\0')) - ) { + if (retval == -1) + retval = onerr; + } + + if ((apply_type == APPLY_TYPE_NONE) || + ((apply_type != APPLY_TYPE_NULL) && (*apply_val == '\0'))) { pam_syslog(pamh,LOG_ERR, "Invalid usage for apply= parameter"); - return onerr; + if (retval == -1) + retval = onerr; } + if (retval != -1) + return retval; + /* Check if it makes sense to use the apply= parameter */ if (apply_type != APPLY_TYPE_NULL) { if((citem==PAM_USER) || (citem==PAM_RUSER)) { |