diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_xauth/pam_xauth.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_xauth/pam_xauth.c')
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 53 |
1 files changed, 28 insertions, 25 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 3339def8..ae731211 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -1,4 +1,6 @@ /* + * pam_xauth module + * * Copyright 2001-2003 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without @@ -50,9 +52,6 @@ #include <stdlib.h> #include <string.h> #include <syslog.h> -#include <unistd.h> - -#define PAM_SM_SESSION #include <security/pam_modules.h> #include <security/_pam_macros.h> @@ -62,9 +61,11 @@ #ifdef WITH_SELINUX #include <selinux/selinux.h> #include <selinux/label.h> -#include <sys/stat.h> #endif +#include "pam_cc_compat.h" +#include "pam_inline.h" + #define DATANAME "pam_xauth_cookie_file" #define XAUTHENV "XAUTHORITY" #define HOMEENV "HOME" @@ -172,14 +173,16 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, /* Convert the varargs list into a regular array of strings. */ va_start(ap, command); args[0] = command; - for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) { + for (j = 1; j < PAM_ARRAY_SIZE(args) - 1; j++) { args[j] = va_arg(ap, const char*); if (args[j] == NULL) { break; } } /* Run the command. */ + DIAG_PUSH_IGNORE_CAST_QUAL; execv(command, (char *const *) args); + DIAG_POP_IGNORE_CAST_QUAL; /* Never reached. */ _exit(1); } @@ -361,17 +364,19 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Parse arguments. We don't understand many, so no sense in breaking * this into a separate function. */ for (i = 0; i < argc; i++) { + const char *str; + if (strcmp(argv[i], "debug") == 0) { debug = 1; continue; } - if (strncmp(argv[i], "xauthpath=", 10) == 0) { - xauth = argv[i] + 10; + if ((str = pam_str_skip_prefix(argv[i], "xauthpath=")) != NULL) { + xauth = str; continue; } - if (strncmp(argv[i], "targetuser=", 11) == 0) { - long l = strtol(argv[i] + 11, &tmp, 10); - if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) { + if ((str = pam_str_skip_prefix(argv[i], "targetuser=")) != NULL) { + long l = strtol(str, &tmp, 10); + if ((*str != '\0') && (*tmp == '\0')) { targetuser = l; } else { pam_syslog(pamh, LOG_WARNING, @@ -380,9 +385,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, } continue; } - if (strncmp(argv[i], "systemuser=", 11) == 0) { - long l = strtol(argv[i] + 11, &tmp, 10); - if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) { + if ((str = pam_str_skip_prefix(argv[i], "systemuser=")) != NULL) { + long l = strtol(str, &tmp, 10); + if ((*str != '\0') && (*tmp == '\0')) { systemuser = l; } else { pam_syslog(pamh, LOG_WARNING, @@ -397,7 +402,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (xauth == NULL) { size_t j; - for (j = 0; j < sizeof(xauthpaths)/sizeof(xauthpaths[0]); j++) { + for (j = 0; j < PAM_ARRAY_SIZE(xauthpaths); j++) { if (access(xauthpaths[j], X_OK) == 0) { xauth = xauthpaths[j]; break; @@ -420,8 +425,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Read the target user's name. */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); retval = PAM_SESSION_ERR; goto cleanup; } @@ -437,7 +441,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, * on the xauthority file we create later on. */ tpwd = pam_modutil_getpwnam(pamh, user); if (tpwd == NULL) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_NOTICE, "error determining target user's UID"); retval = PAM_SESSION_ERR; goto cleanup; @@ -534,8 +538,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Check that we got a cookie. If not, we get creative. */ if (((cookie == NULL) || (strlen(cookie) == 0)) && - ((strncmp(display, "localhost:", 10) == 0) || - (strncmp(display, "localhost/unix:", 15) == 0))) { + (pam_str_skip_prefix(display, "localhost:") != NULL || + pam_str_skip_prefix(display, "localhost/unix:") != NULL)) { char *t, *screen; size_t tlen, slen; /* Free the useless cookie string. */ @@ -766,23 +770,22 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, debug = 1; continue; } - if (strncmp(argv[i], "xauthpath=", 10) == 0) + if (pam_str_skip_prefix(argv[i], "xauthpath=") != NULL) continue; - if (strncmp(argv[i], "systemuser=", 11) == 0) + if (pam_str_skip_prefix(argv[i], "systemuser=") != NULL) continue; - if (strncmp(argv[i], "targetuser=", 11) == 0) + if (pam_str_skip_prefix(argv[i], "targetuser=") != NULL) continue; pam_syslog(pamh, LOG_WARNING, "unrecognized option `%s'", argv[i]); } if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "error determining target user's name"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_SESSION_ERR; } if (!(tpwd = pam_modutil_getpwnam(pamh, user))) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_NOTICE, "error determining target user's UID"); return PAM_SESSION_ERR; } |