diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:35 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 15:00:33 -0700 |
| commit | 239d9c3181694bda5a0531ac579612c46c3b4e6d (patch) | |
| tree | 43c04725cde922627215f4c32665ea832dd456d1 /modules/pam_shells/pam_shells.c | |
| parent | aa2142277bf5fb4a884c6119180e41258817705b (diff) | |
| parent | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff) | |
| download | pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.tar.gz pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.tar.bz2 pam-239d9c3181694bda5a0531ac579612c46c3b4e6d.zip | |
Merge upstream version 1.4.0
Diffstat (limited to 'modules/pam_shells/pam_shells.c')
| -rw-r--r-- | modules/pam_shells/pam_shells.c | 39 |
1 files changed, 10 insertions, 29 deletions
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index c8acb9e2..dc8f4878 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -1,8 +1,6 @@ -/* pam_shells module */ - -#define SHELL_FILE "/etc/shells" - /* + * pam_shells module + * * by Erik Troan <ewt@redhat.com>, Red Hat Software. * August 5, 1996. * This code shamelessly ripped from the pam_securetty module. @@ -15,30 +13,23 @@ #include <string.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <sys/stat.h> #include <syslog.h> #include <unistd.h> -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include <security/pam_modules.h> #include <security/pam_modutil.h> #include <security/pam_ext.h> +#define SHELL_FILE "/etc/shells" + +#define DEFAULT_SHELL "/bin/sh" + static int perform_check(pam_handle_t *pamh) { int retval = PAM_AUTH_ERR; const char *userName; - char *userShell; + const char *userShell; char shellFileLine[256]; struct stat sb; struct passwd * pw; @@ -49,23 +40,13 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; } - if (!userName || (userName[0] == '\0')) { - - /* Don't let them use a NULL username... */ - retval = pam_get_user(pamh,&userName,NULL); - if (retval != PAM_SUCCESS) - return PAM_SERVICE_ERR; - - /* It could still be NULL the second time. */ - if (!userName || (userName[0] == '\0')) - return PAM_SERVICE_ERR; - } - pw = pam_modutil_getpwnam(pamh, userName); - if (!pw) { + if (pw == NULL || pw->pw_shell == NULL) { return PAM_AUTH_ERR; /* user doesn't exist */ } userShell = pw->pw_shell; + if (userShell[0] == '\0') + userShell = DEFAULT_SHELL; if (stat(SHELL_FILE,&sb)) { pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE); |