pam_localuser: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no guarantee that the function that will be actually called is the one that is provided by the module. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Rename to pam_localuser, add static qualifier, remove "flags" argument. Update all callers. Add a new pam_sm_authenticate as a thin wrapper around pam_localuser.
author: Dmitry V. Levin <ldv@strace.io> 2024-01-09 08:00:00 +0000
committer: Dmitry V. Levin <ldv@strace.io> 2024-01-13 08:00:00 +0000
commit: 66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca (patch)
tree: 0b32d4853d9190d56fb20d971980930c1c937d9f /modules/pam_localuser/pam_localuser.c
parent: 29b17de5c2be0bead7848684d8817d6b71e76c38 (diff)
download: pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.tar.gz
pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.tar.bz2
pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.zip
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index a9f2233c..e47bb00f 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -49,9 +49,8 @@
 #include <security/pam_ext.h>
 #include "pam_inline.h"
 
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
-		    int argc, const char **argv)
+static int
+pam_localuser(pam_handle_t *pamh, int argc, const char **argv)
 {
 	int i;
 	int rc;
@@ -102,25 +101,36 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
 }
 
 int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+		    int argc, const char **argv)
+{
+	return pam_localuser(pamh, argc, argv);
+}
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+		 int argc, const char **argv)
 {
-	return pam_sm_authenticate(pamh, flags, argc, argv);
+	return pam_localuser(pamh, argc, argv);
 }
 
 int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+		    int argc, const char **argv)
 {
-	return pam_sm_authenticate(pamh, flags, argc, argv);
+	return pam_localuser(pamh, argc, argv);
 }
 
 int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
+		     int argc, const char **argv)
 {
-	return pam_sm_authenticate(pamh, flags, argc, argv);
+	return pam_localuser(pamh, argc, argv);
 }
 
 int
-pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED,
+		 int argc, const char **argv)
 {
-	return pam_sm_authenticate(pamh, flags, argc, argv);
+	return pam_localuser(pamh, argc, argv);
 }
author	Dmitry V. Levin <ldv@strace.io>	2024-01-09 08:00:00 +0000
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-13 08:00:00 +0000
commit	66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca (patch)
tree	0b32d4853d9190d56fb20d971980930c1c937d9f /modules/pam_localuser/pam_localuser.c
parent	29b17de5c2be0bead7848684d8817d6b71e76c38 (diff)
download	pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.tar.gz pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.tar.bz2 pam-66106ea2c9c20c1c5c05f919b363ae6ca3e7d5ca.zip