From a33d198dd60d34422c706fd85d00b64d43402690 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 24 Feb 2020 18:57:17 +0100
Subject: pam_group, pam_time: Fix logical error with multiple ! operators

* modules/pam_group/group.conf.5.xml: Document what logic list means.
* modules/pam_time/time.conf.5.xml: Likewise.
* modules/pam_group/pam_group.c (logic_field): Clear the not operator for the
  further operations.
* modules/pam_time/pam_time.c (logic_field): Likewise.
---
 modules/pam_time/pam_time.c      | 1 +
 modules/pam_time/time.conf.5.xml | 6 ++++++
 2 files changed, 7 insertions(+)

(limited to 'modules/pam_time')

diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index 4863ea4e..85a4d42b 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -328,6 +328,7 @@ logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule,
 		    return FALSE;
 	       }
 	       next = VAL;
+	       not = FALSE;
 	  }
 	  at += l;
      }
diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml
index 82227ba0..ee2639d2 100644
--- a/modules/pam_time/time.conf.5.xml
+++ b/modules/pam_time/time.conf.5.xml
@@ -64,6 +64,12 @@
       rule applies.
     </para>
 
+    <para>
+      A logic list namely means individual tokens that are optionally prefixed
+      with '!' (logical not) and separated with '&' (logical and) and '|'
+      (logical or).
+    </para>
+
     <para>
       For these items the simple wildcard '*' may be used only once.
       With netgroups no wildcards or logic operators are allowed.
-- 
cgit v1.2.3