diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2020-02-18 11:26:52 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2020-02-18 11:26:52 +0000 |
| commit | f47effabd5235973e5e0959da4b013ef03f24338 (patch) | |
| tree | f23525ccbe0792e0959574416355991b13bfb4ca /lib/libpam/modules | |
| parent | 9658b6b3f4f37d543575cebbca9f4ab5d4e77ced (diff) | |
| download | src-f47effabd5235973e5e0959da4b013ef03f24338.tar.gz src-f47effabd5235973e5e0959da4b013ef03f24338.zip | |
The words ALL, LOCAL, and EXCEPT have special meaning and are documented
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.
This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.
Approved by: des (implicit, blanket)
Notes
Notes:
svn path=/head/; revision=358065
Diffstat (limited to 'lib/libpam/modules')
| -rw-r--r-- | lib/libpam/modules/pam_login_access/login_access.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c index 9b6d25798339..059667ab2de2 100644 --- a/lib/libpam/modules/pam_login_access/login_access.c +++ b/lib/libpam/modules/pam_login_access/login_access.c @@ -125,7 +125,7 @@ list_match(char *list, const char *item, */ for (tok = strtok(list, sep); tok != NULL; tok = strtok((char *) 0, sep)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + if (strcmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; if ((match = (*match_fn)(tok, item)) != 0) /* YES */ break; @@ -133,7 +133,7 @@ list_match(char *list, const char *item, /* Process exceptions to matches. */ if (match != NO) { - while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) + while ((tok = strtok((char *) 0, sep)) && strcmp(tok, "EXCEPT")) /* VOID */ ; if (tok == NULL || list_match((char *) 0, item, match_fn) == NO) return (match); @@ -219,7 +219,7 @@ from_match(const char *tok, const char *string) if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); - } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + } else if (strcmp(tok, "LOCAL") == 0) { /* local: no dots */ if (strchr(string, '.') == 0) return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ @@ -240,7 +240,7 @@ string_match(const char *tok, const char *string) * Otherwise, return YES if the token fully matches the string. */ - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + if (strcmp(tok, "ALL") == 0) { /* all: always matches */ return (YES); } else if (strcasecmp(tok, string) == 0) { /* try exact match */ return (YES); |