diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-06-19 12:15:57 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-06-19 12:15:57 +0000 |
| commit | e80ad6cce5f605b400e24fb3b29f64a0998541a6 (patch) | |
| tree | 6ca64c0aa575f33f2285ae982f6868a66f85f4e9 /modules/pam_succeed_if | |
| parent | e7328c762ad4b2b5b30db8e00955510a139ce744 (diff) | |
| download | pam-e80ad6cce5f605b400e24fb3b29f64a0998541a6.tar.gz pam-e80ad6cce5f605b400e24fb3b29f64a0998541a6.tar.bz2 pam-e80ad6cce5f605b400e24fb3b29f64a0998541a6.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2008-06-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
Detect configuration errors. Fail on incomplete condition.
Diffstat (limited to 'modules/pam_succeed_if')
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8.xml | 2 | ||||
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 79 |
2 files changed, 42 insertions, 39 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index d064e03b..e377ae86 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -249,7 +249,7 @@ <listitem> <para> A service error occured or the arguments can't be - parsed as numbers. + parsed correctly. </para> </listitem> </varlistentry> diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 06cb5d6a..cf95d38e 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -443,10 +443,38 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } /* Walk the argument list. */ - i = count = 0; + count = 0; left = qual = right = NULL; - while (i <= argc) { - if ((left != NULL) && (qual != NULL) && (right != NULL)) { + for (i = 0; i < argc; i++) { + if (strcmp(argv[i], "debug") == 0) { + continue; + } + if (strcmp(argv[i], "use_uid") == 0) { + continue; + } + if (strcmp(argv[i], "quiet") == 0) { + continue; + } + if (strcmp(argv[i], "quiet_fail") == 0) { + continue; + } + if (strcmp(argv[i], "quiet_success") == 0) { + continue; + } + if (left == NULL) { + left = argv[i]; + continue; + } + if (qual == NULL) { + qual = argv[i]; + continue; + } + if (right == NULL) { + right = argv[i]; + if (right == NULL) + continue; + + count++; ret = evaluate(pamh, debug, left, qual, right, pwd); @@ -456,6 +484,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, "requirement \"%s %s %s\" " "not met by user \"%s\"", left, qual, right, user); + left = qual = right = NULL; break; } else @@ -465,43 +494,17 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, "was met by user \"%s\"", left, qual, right, user); left = qual = right = NULL; - } - if ((i < argc) && (strcmp(argv[i], "debug") == 0)) { - i++; - continue; - } - if ((i < argc) && (strcmp(argv[i], "use_uid") == 0)) { - i++; continue; } - if ((i < argc) && (strcmp(argv[i], "quiet") == 0)) { - i++; - continue; - } - if ((i < argc) && (strcmp(argv[i], "quiet_fail") == 0)) { - i++; - continue; - } - if ((i < argc) && (strcmp(argv[i], "quiet_success") == 0)) { - i++; - continue; - } - if ((i < argc) && (left == NULL)) { - left = argv[i++]; - count++; - continue; - } - if ((i < argc) && (qual == NULL)) { - qual = argv[i++]; - count++; - continue; - } - if ((i < argc) && (right == NULL)) { - right = argv[i++]; - count++; - continue; - } - i++; + } + + if (left || qual || right) { + ret = PAM_SERVICE_ERR; + pam_syslog(pamh, LOG_CRIT, + "incomplete condition detected"); + } else if (count == 0) { + pam_syslog(pamh, LOG_INFO, + "no condition detected; module succeeded"); } return ret; |