New upstream version 1.4.0

1 files changed, 18 insertions, 18 deletions

diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index e29ce6e9..30be883c 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -38,9 +38,6 @@
  *
  */
 
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
-
 #include "config.h"
 
 #include <sys/stat.h>
@@ -65,12 +62,13 @@
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
+#include "pam_inline.h"
 
 /* The default timeout we use is 5 minutes, which matches the sudo default
  * for the timestamp_timeout parameter. */
 #define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60)
 #define MODULE "pam_timestamp"
-#define TIMESTAMPDIR _PATH_VARRUN "/" MODULE
+#define TIMESTAMPDIR _PATH_VARRUN MODULE
 #define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key"
 
 /* Various buffers we use need to be at least as large as either PATH_MAX or
@@ -151,7 +149,7 @@ check_tty(const char *tty)
 	}
 	/* Pull out the meaningful part of the tty's name. */
 	if (strchr(tty, '/') != NULL) {
-		if (strncmp(tty, "/dev/", 5) != 0) {
+		if (pam_str_skip_prefix(tty, "/dev/") == NULL) {
 			/* Make sure the device node is actually in /dev/,
 			 * noted by Michal Zalewski. */
 			return NULL;
@@ -282,8 +280,10 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 		}
 	}
 	for (i = 0; i < argc; i++) {
-		if (strncmp(argv[i], "timestampdir=", 13) == 0) {
-			tdir = argv[i] + 13;
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestampdir=")) != NULL) {
+			tdir = str;
 			if (debug) {
 				pam_syslog(pamh, LOG_DEBUG,
 				       "storing timestamps in `%s'",
@@ -296,10 +296,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 		return i;
 	}
 	/* Get the name of the target user. */
-	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
-		user = NULL;
-	}
-	if ((user == NULL) || (strlen(user) == 0)) {
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') {
 		return PAM_AUTH_ERR;
 	}
 	if (debug) {
@@ -354,7 +351,8 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 static void
 verbose_success(pam_handle_t *pamh, long diff)
 {
-	pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff);
+	pam_info(pamh, _("Access has been granted"
+			 " (last access was %ld seconds ago)."), diff);
 }
 
 int
@@ -376,8 +374,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		}
 	}
 	for (i = 0; i < argc; i++) {
-		if (strncmp(argv[i], "timestamp_timeout=", 18) == 0) {
-			tmp = strtol(argv[i] + 18, &p, 0);
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestamp_timeout=")) != NULL) {
+			tmp = strtol(str, &p, 0);
 			if ((p != NULL) && (*p == '\0')) {
 				interval = tmp;
 				if (debug) {
@@ -577,10 +577,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
 
 	/* Create the directory for the timestamp file if it doesn't already
 	 * exist. */
-	for (i = 1; path[i] != '\0'; i++) {
+	for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) {
 		if (path[i] == '/') {
 			/* Attempt to create the directory. */
-			strncpy(subdir, path, i);
+			memcpy(subdir, path, i);
 			subdir[i] = '\0';
 			if (mkdir(subdir, 0700) == 0) {
 				/* Attempt to set the owner to the superuser. */
@@ -798,8 +798,8 @@ main(int argc, char **argv)
 					/* Check oldest login against timestamp */
 					if (check_login_time(user, st.st_mtime) != PAM_SUCCESS) {
 						retval = 7;
-					} else if (!timestamp_good(st.st_mtime, time(NULL),
-							    DEFAULT_TIMESTAMP_TIMEOUT) == PAM_SUCCESS) {
+					} else if (timestamp_good(st.st_mtime, time(NULL),
+							DEFAULT_TIMESTAMP_TIMEOUT) != PAM_SUCCESS) {
 						retval = 7;
 					}
 				} else {