diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2011-08-31 07:34:59 +0000 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2011-08-31 07:34:59 +0000 |
| commit | 9a1b32df22e491c0d1361804556a5f7b86d7dace (patch) | |
| tree | 0978813ff39c231d16328c2db811887a879e9d69 | |
| parent | fc8faec0f7186283a053f0f70d24c1047eba22fa (diff) | |
| download | pam-modules-9a1b32df22e491c0d1361804556a5f7b86d7dace.tar.gz pam-modules-9a1b32df22e491c0d1361804556a5f7b86d7dace.tar.bz2 | |
Various bugfixes.
* pam_fshadow/pam_fshadow.c (pam_sm_authenticate): Fix
erroneous conditional, which allowed for logins with
arbitrary passwords if `nopasswd' option was given.
* lib/graypam.h (gray_free_transform_expr): New proto.
* lib/transform.c (transform) <has_regex>: New member.
(free_transform,free_segment): New statics.
(gray_free_transform_expr): New function.
* pam_regex/pam_regex.c (pam_sm_authenticate): Free slist and
transform expression.
git-svn-id: file:///svnroot/pam-modules/trunk@116 56984be4-0537-0410-a56c-fcb268c96130
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | lib/graypam.h | 1 | ||||
| -rw-r--r-- | lib/transform.c | 39 | ||||
| -rw-r--r-- | pam_fshadow/pam_fshadow.c | 4 | ||||
| -rw-r--r-- | pam_regex/pam_regex.c | 2 |
5 files changed, 57 insertions, 3 deletions
@@ -1,3 +1,17 @@ +2011-08-31 Sergey Poznyakoff <gray@gnu.org.ua> + + Various bugfixes. + + * pam_fshadow/pam_fshadow.c (pam_sm_authenticate): Fix + erroneous conditional, which allowed for logins with + arbitrary passwords if `nopasswd' option was given. + * lib/graypam.h (gray_free_transform_expr): New proto. + * lib/transform.c (transform) <has_regex>: New member. + (free_transform,free_segment): New statics. + (gray_free_transform_expr): New function. + * pam_regex/pam_regex.c (pam_sm_authenticate): Free slist and + transform expression. + 2011-04-08 Sergey Poznyakoff <gray@gnu.org.ua> Version 1.7 diff --git a/lib/graypam.h b/lib/graypam.h index bbc0ca4..8061a1b 100644 --- a/lib/graypam.h +++ b/lib/graypam.h @@ -130,6 +130,7 @@ void gray_wait_debug(size_t interval, const char *file, size_t line); int gray_transform_name_to_slist (gray_slist_t slist, char *input, char **output); void gray_set_transform_expr (const char *expr); +void gray_free_transform_expr (void); int gray_converse(pam_handle_t *pamh, int nargs, diff --git a/lib/transform.c b/lib/transform.c index 7754bac..c7fd880 100644 --- a/lib/transform.c +++ b/lib/transform.c @@ -62,6 +62,7 @@ struct transform enum transform_type transform_type; unsigned match_number; regex_t regex; + int has_regex; /* Compiled replacement expression */ struct replace_segm *repl_head, *repl_tail; size_t segm_count; /* Number of elements in the above list */ @@ -82,6 +83,22 @@ new_transform () return p; } +static void free_segment (struct replace_segm *segm); + +static void +free_transform (struct transform *tr) +{ + struct replace_segm *segm; + if (tr->has_regex) + regfree (&tr->regex); + for (segm = tr->repl_head; segm; ) + { + struct replace_segm *next = segm->next; + free_segment (segm); + segm = next; + } +} + static struct replace_segm * add_segment (struct transform *tf) { @@ -97,6 +114,14 @@ add_segment (struct transform *tf) } static void +free_segment (struct replace_segm *segm) +{ + if (segm->type == segm_literal) + free (segm->v.literal.ptr); + free (segm); +} + +static void add_literal_segment (struct transform *tf, char *str, char *end) { size_t len = end - str; @@ -212,7 +237,7 @@ parse_transform_expr (const char *expr) regerror (rc, &tf->regex, errbuf, sizeof (errbuf)); gray_raise("Invalid transform expression: %s", errbuf); } - + tf->has_regex = 1; if (str[0] == '^' || str[strlen (str) - 1] == '$') tf->transform_type = transform_first; @@ -353,6 +378,18 @@ gray_set_transform_expr (const char *expr) expr = parse_transform_expr (expr); } +void +gray_free_transform_expr () +{ + while (transform_head) + { + struct transform *next = transform_head; + free_transform (transform_head); + transform_head = next; + } + transform_tail = NULL; +} + /* Run case conversion specified by CASE_CTL on array PTR of SIZE characters. Returns pointer to statically allocated storage. */ static char * diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c index f29df37..111a594 100644 --- a/pam_fshadow/pam_fshadow.c +++ b/pam_fshadow/pam_fshadow.c @@ -438,7 +438,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, if (cntl_flags & CNTL_PASSWD) retval = verify_user_acct(confdir, username, &pwstr); else - retval = 0; + retval = PAM_SUCCESS; if (retval == PAM_SUCCESS) { if (pwstr) { if (strcmp(pwstr, crypt(password, pwstr)) == 0) @@ -446,7 +446,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, else retval = PAM_AUTH_ERR; free(pwstr); - } else if (!(cntl_flags & CNTL_SHADOW)) + } else if (cntl_flags & CNTL_SHADOW) retval = verify_user_pass(confdir, username, password); } diff --git a/pam_regex/pam_regex.c b/pam_regex/pam_regex.c index 21d339b..2095324 100644 --- a/pam_regex/pam_regex.c +++ b/pam_regex/pam_regex.c @@ -134,6 +134,8 @@ pam_sm_authenticate(pam_handle_t *pamh, DEBUG(90,("new name: %s", newname)); MAKE_STR(pamh, newname, name); retval = pam_set_item(pamh, PAM_USER, name); + gray_slist_free(&slist); + gray_free_transform_expr(); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "retval %d", retval); return PAM_AUTHINFO_UNAVAIL; |