d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The words ALL, LOCAL, and EXCEPT have special meaning and are documented

Browse Source 
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.

This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.

Approved by:	des (implicit, blanket)
This commit is contained in:
Cy Schubert 2020-02-18 11:26:52 +00:00
parent 9658b6b3f4
commit f47effabd5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=358065
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/libpam/modules/pam_login_access/login_access.c
View File

@ -125,7 +125,7 @@ list_match(char *list, const char *item,
*/
for (tok = strtok(list, sep); tok != NULL; tok = strtok((char *) 0, sep)) {
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
if (strcmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
break;
if ((match = (*match_fn)(tok, item)) != 0) /* YES */
break;
@ -133,7 +133,7 @@ list_match(char *list, const char *item,
/* Process exceptions to matches. */
if (match != NO) {
while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
while ((tok = strtok((char *) 0, sep)) && strcmp(tok, "EXCEPT"))
/* VOID */ ;
if (tok == NULL || list_match((char *) 0, item, match_fn) == NO)
return (match);
@ -219,7 +219,7 @@ from_match(const char *tok, const char *string)
if ((str_len = strlen(string)) > (tok_len = strlen(tok))
&& strcasecmp(tok, string + str_len - tok_len) == 0)
return (YES);
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
} else if (strcmp(tok, "LOCAL") == 0) { /* local: no dots */
if (strchr(string, '.') == 0)
return (YES);
} else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
@ -240,7 +240,7 @@ string_match(const char *tok, const char *string)
* Otherwise, return YES if the token fully matches the string.
*/
if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
if (strcmp(tok, "ALL") == 0) { /* all: always matches */
return (YES);
} else if (strcasecmp(tok, string) == 0) { /* try exact match */
return (YES);