From 8295f092f6138ced15decc05e094667b0a8488e3 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 9 Jan 2024 08:00:00 +0000 Subject: pam_lastlog: do not call pam_sm_authenticate Calling an exported function from the module is unsafe as there is no guarantee that the function that will be actually called is the one that is provided by the module. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Rename to pam_auth, add static qualifier, remove "flags" argument. Update all callers. Add a new pam_sm_authenticate as a thin wrapper around pam_auth. --- modules/pam_lastlog/pam_lastlog.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'modules/pam_lastlog') diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index f255b9dd..02828033 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -665,9 +665,8 @@ cleanup: } /* --- authentication (locking out inactive users) functions --- */ -int -pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) +static int +pam_auth(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, ctrl; const char *user = NULL; @@ -741,11 +740,18 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SUCCESS; } +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) +{ + return pam_auth(pamh, flags, argc, argv); +} + int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { - return pam_sm_authenticate(pamh, flags, argc, argv); + return pam_auth(pamh, flags, argc, argv); } /* --- session management functions --- */ -- cgit v1.2.3