pam_sepermit: do not call pam_sm_authenticate

Calling an exported function from the module is unsafe as there is no
guarantee that the function that will be actually called is the one that
is provided by the module.

* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Rename
to pam_sepermit, add static qualifier, remove "flags" argument.
Update all callers.  Add a new pam_sm_authenticate as a thin wrapper
around pam_sepermit.

1 files changed, 12 insertions, 6 deletions

diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index fca74beb..e8e1cf5b 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -371,9 +371,8 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
 		return -1;
 }
 
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
-		    int argc, const char **argv)
+static int
+pam_sepermit(pam_handle_t *pamh, int argc, const char **argv)
 {
 	int i;
 	int rv;
@@ -460,8 +459,15 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
 }
 
 int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
-		     int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+		    int argc, const char **argv)
+{
+	return pam_sepermit(pamh, argc, argv);
+}
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+		 int argc, const char **argv)
 {
-	return pam_sm_authenticate(pamh, flags, argc, argv);
+	return pam_sepermit(pamh, argc, argv);
 }