From e80ad6cce5f605b400e24fb3b29f64a0998541a6 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Thu, 19 Jun 2008 12:15:57 +0000
Subject: [PATCH] Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2008-06-19 Tomas Mraz <t8m@centrum.cz>
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
Detect configuration errors. Fail on incomplete condition.
---
ChangeLog | 5 ++
modules/pam_succeed_if/pam_succeed_if.8.xml | 2 +-
modules/pam_succeed_if/pam_succeed_if.c | 79 +++++++++++----------
3 files changed, 47 insertions(+), 39 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 068a6cfb..f01c7cec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-06-19 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
+ Detect configuration errors. Fail on incomplete condition.
+
2008-05-20 Tomas Mraz <t8m@centrum.cz>
* configure.in: Work correctly with autoconf-2.62.
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml
index d064e03b..e377ae86 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8.xml
+++ b/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -249,7 +249,7 @@
<listitem>
<para>
A service error occured or the arguments can't be
- parsed as numbers.
+ parsed correctly.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index 06cb5d6a..cf95d38e 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -443,10 +443,38 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
}
/* Walk the argument list. */
- i = count = 0;
+ count = 0;
left = qual = right = NULL;
- while (i <= argc) {
- if ((left != NULL) && (qual != NULL) && (right != NULL)) {
+ for (i = 0; i < argc; i++) {
+ if (strcmp(argv[i], "debug") == 0) {
+ continue;
+ }
+ if (strcmp(argv[i], "use_uid") == 0) {
+ continue;
+ }
+ if (strcmp(argv[i], "quiet") == 0) {
+ continue;
+ }
+ if (strcmp(argv[i], "quiet_fail") == 0) {
+ continue;
+ }
+ if (strcmp(argv[i], "quiet_success") == 0) {
+ continue;
+ }
+ if (left == NULL) {
+ left = argv[i];
+ continue;
+ }
+ if (qual == NULL) {
+ qual = argv[i];
+ continue;
+ }
+ if (right == NULL) {
+ right = argv[i];
+ if (right == NULL)
+ continue;
+
+ count++;
ret = evaluate(pamh, debug,
left, qual, right,
pwd);
@@ -456,6 +484,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
"requirement \"%s %s %s\" "
"not met by user \"%s\"",
left, qual, right, user);
+ left = qual = right = NULL;
break;
}
else
@@ -465,43 +494,17 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
"was met by user \"%s\"",
left, qual, right, user);
left = qual = right = NULL;
- }
- if ((i < argc) && (strcmp(argv[i], "debug") == 0)) {
- i++;
- continue;
- }
- if ((i < argc) && (strcmp(argv[i], "use_uid") == 0)) {
- i++;
continue;
}
- if ((i < argc) && (strcmp(argv[i], "quiet") == 0)) {
- i++;
- continue;
- }
- if ((i < argc) && (strcmp(argv[i], "quiet_fail") == 0)) {
- i++;
- continue;
- }
- if ((i < argc) && (strcmp(argv[i], "quiet_success") == 0)) {
- i++;
- continue;
- }
- if ((i < argc) && (left == NULL)) {
- left = argv[i++];
- count++;
- continue;
- }
- if ((i < argc) && (qual == NULL)) {
- qual = argv[i++];
- count++;
- continue;
- }
- if ((i < argc) && (right == NULL)) {
- right = argv[i++];
- count++;
- continue;
- }
- i++;
+ }
+
+ if (left || qual || right) {
+ ret = PAM_SERVICE_ERR;
+ pam_syslog(pamh, LOG_CRIT,
+ "incomplete condition detected");
+ } else if (count == 0) {
+ pam_syslog(pamh, LOG_INFO,
+ "no condition detected; module succeeded");
}
return ret;
--
2.40.0