From b36351dd0137034e79194023c8d687b495e785c4 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 15 Jul 2020 08:00:00 +0000 Subject: pam_unix: use PAM_MAX_RESP_SIZE instead of its alias MAXPASS * modules/pam_unix/passverify.h (MAXPASS): Remove. * modules/pam_unix/passverify.c (read_passwords): Replace MAXPASS with PAM_MAX_RESP_SIZE. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Likewise. * modules/pam_unix/support.c (_unix_verify_password): Likewise. * modules/pam_unix/unix_chkpwd.c (main): Likewise. * modules/pam_unix/unix_update.c (set_password): Likewise. --- modules/pam_unix/unix_update.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/pam_unix/unix_update.c') diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index 6ea7ea51..ae77fe2e 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -38,8 +38,8 @@ set_password(const char *forwho, const char *shadow, const char *remember) { struct passwd *pwd = NULL; int retval; - char pass[MAXPASS + 1]; - char towhat[MAXPASS + 1]; + char pass[PAM_MAX_RESP_SIZE + 1]; + char towhat[PAM_MAX_RESP_SIZE + 1]; int npass = 0; /* we don't care about number format errors because the helper should be called internally only */ @@ -54,7 +54,7 @@ set_password(const char *forwho, const char *shadow, const char *remember) if (npass != 2) { /* is it a valid password? */ if (npass == 1) { helper_log_err(LOG_DEBUG, "no new password supplied"); - memset(pass, '\0', MAXPASS); + memset(pass, '\0', PAM_MAX_RESP_SIZE); } else { helper_log_err(LOG_DEBUG, "no valid passwords supplied"); } @@ -97,8 +97,8 @@ set_password(const char *forwho, const char *shadow, const char *remember) } done: - memset(pass, '\0', MAXPASS); - memset(towhat, '\0', MAXPASS); + memset(pass, '\0', PAM_MAX_RESP_SIZE); + memset(towhat, '\0', PAM_MAX_RESP_SIZE); unlock_pwdf(); -- cgit v1.2.3 From 48f44125fac8873237ade9e94942f82a8e6d6e1d Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Wed, 15 Jul 2020 09:45:12 +0200 Subject: Move read_passwords function from pam_unix to pam_inline.h [ldv: rewrote commit message] * modules/pam_unix/passverify.h (read_passwords): Remove prototype. * modules/pam_unix/passverify.c (read_passwords): Move ... * libpam/include/pam_inline.h: ... here, rename to pam_read_passwords, add static inline qualifiers. Include and . * modules/pam_unix/unix_chkpwd.c: Include "pam_inline.h". (main): Replace read_passwords with pam_read_passwords. * modules/pam_unix/unix_update.c: Include "pam_inline.h". (set_password): Replace read_passwords with pam_read_passwords. --- libpam/include/pam_inline.h | 50 ++++++++++++++++++++++++++++++++++++++++++ modules/pam_unix/passverify.c | 43 ------------------------------------ modules/pam_unix/passverify.h | 2 -- modules/pam_unix/unix_chkpwd.c | 3 ++- modules/pam_unix/unix_update.c | 3 ++- 5 files changed, 54 insertions(+), 47 deletions(-) (limited to 'modules/pam_unix/unix_update.c') diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h index ec05fe43..8040b865 100644 --- a/libpam/include/pam_inline.h +++ b/libpam/include/pam_inline.h @@ -10,6 +10,8 @@ #include "pam_cc_compat.h" #include +#include +#include /* * Evaluates to @@ -64,4 +66,52 @@ pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix #define pam_str_skip_icase_prefix(str_, prefix_) \ pam_str_skip_icase_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_)) +static inline int +pam_read_passwords(int fd, int npass, char **passwords) +{ + /* + * The passwords array must contain npass preallocated + * buffers of length PAM_MAX_RESP_SIZE + 1. + */ + int rbytes = 0; + int offset = 0; + int i = 0; + char *pptr; + while (npass > 0) { + rbytes = read(fd, passwords[i]+offset, PAM_MAX_RESP_SIZE+1-offset); + + if (rbytes < 0) { + if (errno == EINTR) { + continue; + } + break; + } + if (rbytes == 0) { + break; + } + + while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes)) + != NULL) { + rbytes -= pptr - (passwords[i]+offset) + 1; + i++; + offset = 0; + npass--; + if (rbytes > 0) { + if (npass > 0) { + memcpy(passwords[i], pptr+1, rbytes); + } + memset(pptr+1, '\0', rbytes); + } + } + offset += rbytes; + } + + /* clear up */ + if (offset > 0 && npass > 0) { + memset(passwords[i], '\0', offset); + } + + return i; +} + #endif /* PAM_INLINE_H */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index d5cfd269..4ab7bb2c 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1186,49 +1186,6 @@ getuidname(uid_t uid) return username; } -int -read_passwords(int fd, int npass, char **passwords) -{ - /* The passwords array must contain npass preallocated - * buffers of length PAM_MAX_RESP_SIZE + 1 - */ - int rbytes = 0; - int offset = 0; - int i = 0; - char *pptr; - while (npass > 0) { - rbytes = read(fd, passwords[i]+offset, PAM_MAX_RESP_SIZE+1-offset); - - if (rbytes < 0) { - if (errno == EINTR) continue; - break; - } - if (rbytes == 0) - break; - - while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes)) - != NULL) { - rbytes -= pptr - (passwords[i]+offset) + 1; - i++; - offset = 0; - npass--; - if (rbytes > 0) { - if (npass > 0) - memcpy(passwords[i], pptr+1, rbytes); - memset(pptr+1, '\0', rbytes); - } - } - offset += rbytes; - } - - /* clear up */ - if (offset > 0 && npass > 0) { - memset(passwords[i], '\0', offset); - } - - return i; -} - #endif /* ****************************************************************** * * Copyright (c) Jan Rękorajski 1999. diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 47d9d4db..c07037d2 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -48,8 +48,6 @@ setup_signals(void); char * getuidname(uid_t uid); -int -read_passwords(int fd, int npass, char **passwords); #endif #ifdef HELPER_COMPILE diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index c61759a6..15a1c2a8 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -33,6 +33,7 @@ #include #include "passverify.h" +#include "pam_inline.h" static int _check_expiry(const char *uname) { @@ -162,7 +163,7 @@ int main(int argc, char *argv[]) } /* read the password from stdin (a pipe from the pam_unix module) */ - npass = read_passwords(STDIN_FILENO, 1, passwords); + npass = pam_read_passwords(STDIN_FILENO, 1, passwords); if (npass != 1) { /* is it a valid password? */ helper_log_err(LOG_DEBUG, "no password supplied"); diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index ae77fe2e..3559972b 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -32,6 +32,7 @@ #include #include "passverify.h" +#include "pam_inline.h" static int set_password(const char *forwho, const char *shadow, const char *remember) @@ -49,7 +50,7 @@ set_password(const char *forwho, const char *shadow, const char *remember) /* read the password from stdin (a pipe from the pam_unix module) */ - npass = read_passwords(STDIN_FILENO, 2, passwords); + npass = pam_read_passwords(STDIN_FILENO, 2, passwords); if (npass != 2) { /* is it a valid password? */ if (npass == 1) { -- cgit v1.2.3