New upstream version 1.4.0

1 files changed, 26 insertions, 99 deletions

diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index ab490645..c9efe245 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -1,4 +1,6 @@
 /*
+ * pam_umask module
+ *
  * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk <kukuk@thkukuk.de>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50,13 +52,11 @@
 #include <sys/resource.h>
 #include <syslog.h>
 
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
-#define BUF_SIZE 4096
 #define LOGIN_DEFS "/etc/login.defs"
 #define LOGIN_CONF "/etc/default/login"
 
@@ -71,107 +71,41 @@ typedef struct options_t options_t;
 static void
 parse_option (const pam_handle_t *pamh, const char *argv, options_t *options)
 {
+  const char *str;
+
   if (argv == NULL || argv[0] == '\0')
     return;
 
   if (strcasecmp (argv, "debug") == 0)
     options->debug = 1;
-  else if (strncasecmp (argv, "umask=", 6) == 0)
-    options->umask = strdup (&argv[6]);
+  else if ((str = pam_str_skip_icase_prefix (argv, "umask=")) != NULL)
+    options->umask = strdup (str);
   else if (strcasecmp (argv, "usergroups") == 0)
     options->usergroups = 1;
+  else if (strcasecmp (argv, "nousergroups") == 0)
+    options->usergroups = 0;
   else if (strcasecmp (argv, "silent") == 0)
     options->silent = 1;
   else
     pam_syslog (pamh, LOG_ERR, "Unknown option: `%s'", argv);
 }
 
-static char *
-search_key (const char *filename)
-{
-  FILE *fp;
-  char *buf = NULL;
-  size_t buflen = 0;
-  char *retval = NULL;
-
-  fp = fopen (filename, "r");
-  if (NULL == fp)
-    return NULL;
-
-  while (!feof (fp))
-    {
-      char *tmp, *cp;
-#if defined(HAVE_GETLINE)
-      ssize_t n = getline (&buf, &buflen, fp);
-#elif defined (HAVE_GETDELIM)
-      ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-#else
-      ssize_t n;
-
-      if (buf == NULL)
-        {
-          buflen = BUF_SIZE;
-          buf = malloc (buflen);
-	  if (buf == NULL) {
-	    fclose (fp);
-	    return NULL;
-	  }
-        }
-      buf[0] = '\0';
-      if (fgets (buf, buflen - 1, fp) == NULL)
-	break;
-      else if (buf != NULL)
-        n = strlen (buf);
-      else
-        n = 0;
-#endif /* HAVE_GETLINE / HAVE_GETDELIM */
-      cp = buf;
-
-      if (n < 1)
-        break;
-
-      tmp = strchr (cp, '#');  /* remove comments */
-      if (tmp)
-        *tmp = '\0';
-      while (isspace ((int)*cp))    /* remove spaces and tabs */
-        ++cp;
-      if (*cp == '\0')        /* ignore empty lines */
-        continue;
-
-      if (cp[strlen (cp) - 1] == '\n')
-        cp[strlen (cp) - 1] = '\0';
-
-      tmp = strsep (&cp, " \t=");
-      if (cp != NULL)
-        while (isspace ((int)*cp) || *cp == '=')
-          ++cp;
-
-      if (strcasecmp (tmp, "UMASK") == 0)
-	{
-	  retval = strdup (cp);
-	  break;
-	}
-    }
-  fclose (fp);
-
-  free (buf);
-
-  return retval;
-}
-
 static int
-get_options (const pam_handle_t *pamh, options_t *options,
+get_options (pam_handle_t *pamh, options_t *options,
 	     int argc, const char **argv)
 {
   memset (options, 0, sizeof (options_t));
+
+  options->usergroups = DEFAULT_USERGROUPS_SETTING;
+
   /* Parse parameters for module */
   for ( ; argc-- > 0; argv++)
     parse_option (pamh, *argv, options);
 
   if (options->umask == NULL)
-    options->umask = search_key (LOGIN_DEFS);
+    options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
   if (options->umask == NULL)
-    options->umask = search_key (LOGIN_CONF);
+    options->umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
 
   return 0;
 }
@@ -218,25 +152,27 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options,
   /* See if the GECOS field contains values for NICE, UMASK or ULIMIT.  */
   for (cp = pw->pw_gecos; cp != NULL; cp = strchr (cp, ','))
     {
+      const char *str;
+
       if (*cp == ',')
 	cp++;
 
-      if (strncasecmp (cp, "umask=", 6) == 0)
-	umask (strtol (cp + 6, NULL, 8) & 0777);
-      else if (strncasecmp (cp, "pri=", 4) == 0)
+      if ((str = pam_str_skip_icase_prefix (cp, "umask=")) != NULL)
+	umask (strtol (str, NULL, 8) & 0777);
+      else if ((str = pam_str_skip_icase_prefix (cp, "pri=")) != NULL)
 	{
 	  errno = 0;
-	  if (nice (strtol (cp + 4, NULL, 10)) == -1 && errno != 0)
+	  if (nice (strtol (str, NULL, 10)) == -1 && errno != 0)
 	    {
 	      if (!options->silent || options->debug)
 		pam_error (pamh, "nice failed: %m\n");
 	      pam_syslog (pamh, LOG_ERR, "nice failed: %m");
 	    }
 	}
-      else if (strncasecmp (cp, "ulimit=", 7) == 0)
+      else if ((str = pam_str_skip_icase_prefix (cp, "ulimit=")) != NULL)
 	{
 	  struct rlimit rlimit_fsize;
-	  rlimit_fsize.rlim_cur = 512L * strtol (cp + 7, NULL, 10);
+	  rlimit_fsize.rlim_cur = 512L * strtol (str, NULL, 10);
 	  rlimit_fsize.rlim_max = rlimit_fsize.rlim_cur;
 	  if (setrlimit (RLIMIT_FSIZE, &rlimit_fsize) == -1)
 	    {
@@ -265,24 +201,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
   /* get the user name. */
   if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS)
     {
-      pam_syslog (pamh, LOG_ERR, "pam_get_user failed: return %d", retval);
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		 pam_strerror(pamh, retval));
       return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval);
     }
 
-  if (name == NULL || name[0] == '\0')
-    {
-      if (name)
-        {
-          pam_syslog (pamh, LOG_ERR, "bad username [%s]", name);
-          return PAM_USER_UNKNOWN;
-        }
-      return PAM_SERVICE_ERR;
-    }
-
   pw = pam_modutil_getpwnam (pamh, name);
   if (pw == NULL)
     {
-      pam_syslog (pamh, LOG_ERR, "account for %s not found", name);
+      pam_syslog (pamh, LOG_NOTICE, "account for %s not found", name);
       return PAM_USER_UNKNOWN;
     }