3:44 a.m.
* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.
squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
---
modules/pam_unix/md5_crypt.c | 5 +++--
modules/pam_unix/passverify.c | 3 ++-
modules/pam_unix/support.c | 14 +++++++++-----
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c
index 4ab9ec84..df192590 100644
--- a/modules/pam_unix/md5_crypt.c
+++ b/modules/pam_unix/md5_crypt.c
@@ -15,6 +15,7 @@
#include <string.h>
#include <stdlib.h>
#include "md5.h"
+#include "pam_inline.h"
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -55,8 +56,8 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt)
return NULL;
/* If it starts with the magic string, then skip that */
- if (!strncmp(sp, magic, strlen(magic)))
- sp += strlen(magic);
+ if ((ep = pam_str_skip_prefix_len(sp, magic, strlen(magic))))
+ sp = ep;
/* It stops at the first '$', max 8 chars */
for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 65307e11..d05734d3 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -26,6 +26,7 @@
#endif
#include "pam_cc_compat.h"
+#include "pam_inline.h"
#include "md5.h"
#include "bigcrypt.h"
#include "passverify.h"
@@ -88,7 +89,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
} else if (!p || *hash == '*' || *hash == '!') {
retval = PAM_AUTH_ERR;
} else {
- if (!strncmp(hash, "$1$", 3)) {
+ if (pam_str_skip_prefix(hash, "$1$")) {
pp = Goodcrypt_md5(p, hash);
if (pp && strcmp(pp, hash) != 0) {
_pam_delete(pp);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index a04211cd..7e3deee1 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -29,6 +29,7 @@
#include <security/pam_modutil.h>
#include "pam_cc_compat.h"
+#include "pam_inline.h"
#include "support.h"
#include "passverify.h"
@@ -112,17 +113,20 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int
*remember,
/* now parse the arguments to this module */
for (; argc-- > 0; ++argv) {
+ const char *str = NULL;
D(("pam_unix arg: %s", *argv));
for (j = 0; j < UNIX_CTRLS_; ++j) {
if (unix_args[j].token
- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) {
+ && (str = pam_str_skip_prefix_len(*argv,
+ unix_args[j].token,
+ strlen(unix_args[j].token)))) {
break;
}
}
- if (j >= UNIX_CTRLS_) {
+ if (!str) {
pam_syslog(pamh, LOG_ERR,
"unrecognized option [%s]", *argv);
} else {
@@ -133,7 +137,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int
*remember,
"option remember not allowed for this module type");
continue;
}
- *remember = strtol(*argv + 9, NULL, 10);
+ *remember = strtol(str, NULL, 10);
if ((*remember == INT_MIN) || (*remember == INT_MAX))
*remember = -1;
if (*remember > 400)
@@ -144,14 +148,14 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int
*remember,
"option minlen not allowed for this module type");
continue;
}
- *pass_min_len = atoi(*argv + 7);
+ *pass_min_len = atoi(str);
} else if (j == UNIX_ALGO_ROUNDS) {
if (rounds == NULL) {
pam_syslog(pamh, LOG_ERR,
"option rounds not allowed for this module type");
continue;
}
- *rounds = strtol(*argv + 7, NULL, 10);
+ *rounds = strtol(str, NULL, 10);
}
ctrl &= unix_args[j].mask; /* for turning things off */
--
ldv