diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2012-12-08 16:59:13 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2012-12-08 16:59:13 +0200 |
| commit | b8a5067f0c6a189998bfb8e64982915303495d66 (patch) | |
| tree | 1d911f0d42ed6dc085cf6f7895bebbc8df7e64b6 | |
| parent | d211d9ec0cf708b047a0fb0d4019a16a806bbf4c (diff) | |
| download | pam-modules-b8a5067f0c6a189998bfb8e64982915303495d66.tar.gz pam-modules-b8a5067f0c6a189998bfb8e64982915303495d66.tar.bz2 | |
Make pam_fshadow reentrant.
* pam_fshadow/pam_fshadow.c (_pam_parse): Initialize global
variables, in case pam_fshadow is called twice in the same
stack. Do not register rexp in pam data, this hurts
reentrability.
(pam_sm_authenticate): Free rexp.
| -rw-r--r-- | pam_fshadow/pam_fshadow.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c index bd09458..196acd2 100644 --- a/pam_fshadow/pam_fshadow.c +++ b/pam_fshadow/pam_fshadow.c @@ -80,12 +80,18 @@ struct pam_opt pam_opt[] = { static int _pam_parse(pam_handle_t *pamh, int argc, const char **argv) { int retval = PAM_SUCCESS; + memset(&rexp, 0, sizeof(rexp)); + regex_str = NULL; + regex_flags = REG_EXTENDED; + username_index = 1; + domain_index = 2; + gray_log_init(0, MODULE_NAME, LOG_AUTHPRIV); if (gray_parseopt(pam_opt, argc, argv)) return PAM_AUTHINFO_UNAVAIL; if ((cntl_flags & (CNTL_PASSWD|CNTL_SHADOW)) == 0) { _pam_log(LOG_CRIT, @@ -116,24 +122,14 @@ _pam_parse(pam_handle_t *pamh, int argc, const char **argv) _pam_log(LOG_NOTICE, "invalid regular expression `%s': " "must contain two reference groups", regex_str); regfree(&rexp); retval = PAM_AUTHINFO_UNAVAIL; - } else { + } else cntl_flags |= CNTL_REGEX; - rc = pam_set_data(pamh, "REGEX", &rexp, - gray_cleanup_regex); - - if (rc != PAM_SUCCESS) { - _pam_log(LOG_NOTICE, - "can't keep data [%s]: %s", - "REGEX", - pam_strerror(pamh, rc)); - } - } } return retval; } static int @@ -395,12 +391,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, confdir = sysconfdir; /* Get the username */ retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || !username) { DEBUG(1,("can not get the username")); + if (cntl_flags & CNTL_REGEX) + regfree(&rexp); return PAM_SERVICE_ERR; } if (cntl_flags & CNTL_REGEX) { regmatch_t rmatch[3]; if (regexec(&rexp, username, 3, rmatch, 0) == 0) { @@ -420,14 +418,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, } else { DEBUG(1,("user name `%s' does not match regular " "expression `%s'", username, regex_str)); } + regfree(&rexp); } - /* Get the password */ if (_pam_get_password(pamh, &password, "Password:")) return PAM_SERVICE_ERR; if (retval != PAM_SUCCESS) { |