pam_tty_audit: Fix regression introduced by adding the uid range support.

* modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): Fix constification and
remove unneeded code carried from pam_limits.
(pam_sm_open_session): When multiple enable/disable options are present do not
stop after first match.

diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index c76026a0dca65a4d1cfe7194424ec3422d354669..79e5d5113e4089a87ed051acda7fd238b580f040 100644 (file)
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -207,7 +207,7 @@ parse_uid_range(pam_handle_t *pamh, const char *s,
                 uid_t *min_uid, uid_t *max_uid)
 {
     const char *range = s;
-    char *pmax;
+    const char *pmax;
     char *endptr;
     enum uid_range rv = UID_RANGE_MM;
 
@@ -215,9 +215,6 @@ parse_uid_range(pam_handle_t *pamh, const char *s,
         return UID_RANGE_NONE;
     ++pmax;
 
-    if (range[0] == '@' || range[0] == '%')
-        ++range;
-
     if (range[0] == ':')
         rv = UID_RANGE_ONE;
     else {
@@ -298,7 +295,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
          if (copy == NULL)
            return PAM_SESSION_ERR;
          for (tok = strtok_r (copy, ",", &tok_data);
-              tok != NULL && command == CMD_NONE;
+              tok != NULL && command != this_command;
               tok = strtok_r (NULL, ",", &tok_data))
            {
              uid_t min_uid = 0, max_uid = 0;
@@ -319,6 +316,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
                case UID_RANGE_ONE:
                    if (pwd->pw_uid == max_uid)
                        command = this_command;
+                   break;
                case UID_RANGE_ERR:
                    break;
                }