diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2012-12-08 16:59:13 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2012-12-08 16:59:13 +0200 |
commit | b8a5067f0c6a189998bfb8e64982915303495d66 (patch) | |
tree | 1d911f0d42ed6dc085cf6f7895bebbc8df7e64b6 | |
parent | d211d9ec0cf708b047a0fb0d4019a16a806bbf4c (diff) | |
download | pam-modules-b8a5067f0c6a189998bfb8e64982915303495d66.tar.gz pam-modules-b8a5067f0c6a189998bfb8e64982915303495d66.tar.bz2 |
Make pam_fshadow reentrant.
* pam_fshadow/pam_fshadow.c (_pam_parse): Initialize global
variables, in case pam_fshadow is called twice in the same
stack. Do not register rexp in pam data, this hurts
reentrability.
(pam_sm_authenticate): Free rexp.
-rw-r--r-- | pam_fshadow/pam_fshadow.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/pam_fshadow/pam_fshadow.c b/pam_fshadow/pam_fshadow.c index bd09458..196acd2 100644 --- a/pam_fshadow/pam_fshadow.c +++ b/pam_fshadow/pam_fshadow.c | |||
@@ -83,6 +83,12 @@ _pam_parse(pam_handle_t *pamh, int argc, const char **argv) | |||
83 | { | 83 | { |
84 | int retval = PAM_SUCCESS; | 84 | int retval = PAM_SUCCESS; |
85 | 85 | ||
86 | memset(&rexp, 0, sizeof(rexp)); | ||
87 | regex_str = NULL; | ||
88 | regex_flags = REG_EXTENDED; | ||
89 | username_index = 1; | ||
90 | domain_index = 2; | ||
91 | |||
86 | gray_log_init(0, MODULE_NAME, LOG_AUTHPRIV); | 92 | gray_log_init(0, MODULE_NAME, LOG_AUTHPRIV); |
87 | if (gray_parseopt(pam_opt, argc, argv)) | 93 | if (gray_parseopt(pam_opt, argc, argv)) |
88 | return PAM_AUTHINFO_UNAVAIL; | 94 | return PAM_AUTHINFO_UNAVAIL; |
@@ -119,18 +125,8 @@ _pam_parse(pam_handle_t *pamh, int argc, const char **argv) | |||
119 | regex_str); | 125 | regex_str); |
120 | regfree(&rexp); | 126 | regfree(&rexp); |
121 | retval = PAM_AUTHINFO_UNAVAIL; | 127 | retval = PAM_AUTHINFO_UNAVAIL; |
122 | } else { | 128 | } else |
123 | cntl_flags |= CNTL_REGEX; | 129 | cntl_flags |= CNTL_REGEX; |
124 | rc = pam_set_data(pamh, "REGEX", &rexp, | ||
125 | gray_cleanup_regex); | ||
126 | |||
127 | if (rc != PAM_SUCCESS) { | ||
128 | _pam_log(LOG_NOTICE, | ||
129 | "can't keep data [%s]: %s", | ||
130 | "REGEX", | ||
131 | pam_strerror(pamh, rc)); | ||
132 | } | ||
133 | } | ||
134 | } | 130 | } |
135 | 131 | ||
136 | return retval; | 132 | return retval; |
@@ -398,6 +394,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, | |||
398 | retval = pam_get_user(pamh, &username, NULL); | 394 | retval = pam_get_user(pamh, &username, NULL); |
399 | if (retval != PAM_SUCCESS || !username) { | 395 | if (retval != PAM_SUCCESS || !username) { |
400 | DEBUG(1,("can not get the username")); | 396 | DEBUG(1,("can not get the username")); |
397 | if (cntl_flags & CNTL_REGEX) | ||
398 | regfree(&rexp); | ||
401 | return PAM_SERVICE_ERR; | 399 | return PAM_SERVICE_ERR; |
402 | } | 400 | } |
403 | 401 | ||
@@ -423,8 +421,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, | |||
423 | username, | 421 | username, |
424 | regex_str)); | 422 | regex_str)); |
425 | } | 423 | } |
424 | regfree(&rexp); | ||
426 | } | 425 | } |
427 | |||
428 | 426 | ||
429 | /* Get the password */ | 427 | /* Get the password */ |
430 | if (_pam_get_password(pamh, &password, "Password:")) | 428 | if (_pam_get_password(pamh, &password, "Password:")) |