Date: Tue, 18 Feb 2020 11:26:53 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r358065 - head/lib/libpam/modules/pam_login_access Message-ID: <202002181126.01IBQrVo016237@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Tue Feb 18 11:26:52 2020 New Revision: 358065 URL: https://svnweb.freebsd.org/changeset/base/358065 Log: The words ALL, LOCAL, and EXCEPT have special meaning and are documented as in the login.access(5) man page. However strcasecmp() is used to compare for these special strings. Because of this User accounts and groups with the corresponding lowercase names are misintrepreted to have special whereas they should not. This commit fixes this, conforming to the man page and to how the Linux pam_access(8) handles these special words. Approved by: des (implicit, blanket) Modified: head/lib/libpam/modules/pam_login_access/login_access.c Modified: head/lib/libpam/modules/pam_login_access/login_access.c ============================================================================== --- head/lib/libpam/modules/pam_login_access/login_access.c Tue Feb 18 11:26:49 2020 (r358064) +++ head/lib/libpam/modules/pam_login_access/login_access.c Tue Feb 18 11:26:52 2020 (r358065) @@ -125,7 +125,7 @@ list_match(char *list, const char *item, */ for (tok = strtok(list, sep); tok != NULL; tok = strtok((char *) 0, sep)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + if (strcmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; if ((match = (*match_fn)(tok, item)) != 0) /* YES */ break; @@ -133,7 +133,7 @@ list_match(char *list, const char *item, /* Process exceptions to matches. */ if (match != NO) { - while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) + while ((tok = strtok((char *) 0, sep)) && strcmp(tok, "EXCEPT")) /* VOID */ ; if (tok == NULL || list_match((char *) 0, item, match_fn) == NO) return (match); @@ -219,7 +219,7 @@ from_match(const char *tok, const char *string) if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); - } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + } else if (strcmp(tok, "LOCAL") == 0) { /* local: no dots */ if (strchr(string, '.') == 0) return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ @@ -240,7 +240,7 @@ string_match(const char *tok, const char *string) * Otherwise, return YES if the token fully matches the string. */ - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + if (strcmp(tok, "ALL") == 0) { /* all: always matches */ return (YES); } else if (strcasecmp(tok, string) == 0) { /* try exact match */ return (YES);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002181126.01IBQrVo016237>