+2008-11-24 Tomas Mraz <t8m@centrum.cz>
+
+ * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at
+ beginning of type token marks silent module.
+ (_pam_load_module): Add handler_type parameter. Do not log
+ module load error if module is silent.
+ (_pam_add_handler): Pass handler_type to _pam_load_module().
+ * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE.
+ * doc/man/pam.conf-syntax.xml: Document the '-' at beginning
+ of type.
+
+ * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks
+ in error path.
+ * modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous
+ condition.
+ * modules/pam_group/pam_group.c(check_account): Fix leak
+ in error path.
+ * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak
+ in error path.
+ * modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove
+ superfluous condition.
+ * modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate):
+ Remove superfluous conditions.
+ (pam_sm_chauthtok): Fix mistaken && for &.
+ * modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove
+ superfluous condition.
+ All the problems fixed in this commit were found by Steve Grubb.
+
2008-11-20 Tomas Mraz <t8m@centrum.cz>
* modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not
}
if (retval != PAM_SUCCESS) {
+ token1 = _pam_delete(token1);
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh,LOG_DEBUG,"unable to obtain a password");
continue;
if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password");
+ token1 = _pam_delete(token1);
continue;
}
key += strspn(key, " \n\t");
/* skip blanks lines and comments */
- if (!key || key[0] == '#')
+ if (key[0] == '#')
continue;
/* skip over "export " if present so we can be compat with
if (getgroups(no_grps, grps) < 0) {
D(("getgroups call failed"));
no_grps = 0;
- grps = NULL;
+ _pam_drop(grps);
}
#ifdef DEBUG
{
retval = pam_get_item(pamh,citem,&void_citemp);
citemp = void_citemp;
if(retval != PAM_SUCCESS) {
+ free(ifname);
return onerr;
}
if((citem == PAM_USER) && !citemp) {
retval = PAM_AUTH_ERR;
} else {
- if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
+ if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
username, uttyname);
}
}
return PAM_CONV_ERR;
}
- if (resp)
- free(resp);
+ free(resp);
}
*password = pass; /* this *MUST* be free()'d by this module */
retval = PAM_USER_UNKNOWN; /* username was null */
return retval;
}
- else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) {
+ else if (ctrl & PAM_ST_DEBUG) {
pam_syslog(pamh, LOG_DEBUG,
"pam_sm_authenticate: username = %s", username);
}
if (ctrl & PAM_ST_FAIL_1)
return PAM_AUTHTOK_LOCK_BUSY;
- if ( !(ctrl && PAM_ST_EXPIRED)
+ if ( !(ctrl & PAM_ST_EXPIRED)
&& (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
&& (pam_get_data(pamh,"stress_new_pwd", &text)
!= PAM_SUCCESS || strcmp(text,"yes"))) {
retval = PAM_USER_UNKNOWN;
AUTH_RETURN;
}
- if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
+ if (on(UNIX_DEBUG, ctrl))
D(("username [%s] obtained", name));
} else {
D(("trouble reading username"));
projects / linux-pam / commitdiff