From 1c3bff246cd5c22565ba6fbec1658852c9f99224 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 10 Jul 2001 20:24:16 +0000 Subject: Relevant BUGIDs: 440107 Purpose of commit: bugfix/cleanup Commit summary: --------------- Removed superfluous use of static variables in md5 and bigcrypt routines, bringing us a step closer to thread-safeness. Eliminated some variable indirection along the way. --- modules/pam_unix/support.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'modules/pam_unix/support.c') diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 69071408..964d1a46 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -570,6 +570,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (!strncmp(salt, "$1$", 3)) { pp = Goodcrypt_md5(p, salt); if (strcmp(pp, salt) != 0) { + _pam_delete(pp); pp = Brokencrypt_md5(p, salt); } } else { @@ -661,7 +662,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (salt) _pam_delete(salt); if (pp) - _pam_overwrite(pp); + _pam_delete(pp); D(("done [%d].", retval)); @@ -682,7 +683,6 @@ int _unix_read_password(pam_handle_t * pamh { int authtok_flag; int retval; - const char *item; char *token; D(("called")); @@ -704,16 +704,14 @@ int _unix_read_password(pam_handle_t * pamh */ if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) { - retval = pam_get_item(pamh, authtok_flag, (const void **) &item); + retval = pam_get_item(pamh, authtok_flag, (const void **) pass); if (retval != PAM_SUCCESS) { /* very strange. */ _log_err(LOG_ALERT, pamh ,"pam_get_item returned error to unix-read-password" ); return retval; - } else if (item != NULL) { /* we have a password! */ - *pass = item; - item = NULL; + } else if (*pass != NULL) { /* we have a password! */ return PAM_SUCCESS; } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ @@ -812,9 +810,10 @@ int _unix_read_password(pam_handle_t * pamh _pam_delete(token); /* clean it up */ if (retval != PAM_SUCCESS || (retval = pam_get_item(pamh, authtok_flag - ,(const void **) &item)) + ,(const void **) pass)) != PAM_SUCCESS) { + *pass = NULL; _log_err(LOG_CRIT, pamh, "error manipulating password"); return retval; @@ -833,13 +832,10 @@ int _unix_read_password(pam_handle_t * pamh _pam_delete(token); return retval; } - item = token; + *pass = token; token = NULL; /* break link to password */ } - *pass = item; - item = NULL; /* break link to password */ - return PAM_SUCCESS; } -- cgit v1.2.3