Date: Thu, 19 Mar 2020 03:29:47 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r359115 - in stable: 11/lib/libpam/modules/pam_login_access 12/lib/libpam/modules/pam_login_access Message-ID: <202003190329.02J3Tljr041536@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Thu Mar 19 03:29:46 2020 New Revision: 359115 URL: https://svnweb.freebsd.org/changeset/base/359115 Log: MFC r358065: The words ALL, LOCAL, and EXCEPT have special meaning and are documented as in the login.access(5) man page. However strcasecmp() is used to compare for these special strings. Because of this User accounts and groups with the corresponding lowercase names are misintrepreted to have special whereas they should not. This commit fixes this, conforming to the man page and to how the Linux pam_access(8) handles these special words. Approved by: des (implicit, blanket) Modified: stable/12/lib/libpam/modules/pam_login_access/login_access.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/lib/libpam/modules/pam_login_access/login_access.c Directory Properties: stable/11/ (props changed) Modified: stable/12/lib/libpam/modules/pam_login_access/login_access.c ============================================================================== --- stable/12/lib/libpam/modules/pam_login_access/login_access.c Thu Mar 19 02:22:08 2020 (r359114) +++ stable/12/lib/libpam/modules/pam_login_access/login_access.c Thu Mar 19 03:29:46 2020 (r359115) @@ -125,7 +125,7 @@ list_match(char *list, const char *item, */ for (tok = strtok(list, sep); tok != NULL; tok = strtok((char *) 0, sep)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + if (strcmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; if ((match = (*match_fn)(tok, item)) != 0) /* YES */ break; @@ -133,7 +133,7 @@ list_match(char *list, const char *item, /* Process exceptions to matches. */ if (match != NO) { - while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) + while ((tok = strtok((char *) 0, sep)) && strcmp(tok, "EXCEPT")) /* VOID */ ; if (tok == NULL || list_match((char *) 0, item, match_fn) == NO) return (match); @@ -219,7 +219,7 @@ from_match(const char *tok, const char *string) if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); - } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + } else if (strcmp(tok, "LOCAL") == 0) { /* local: no dots */ if (strchr(string, '.') == NULL) return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ @@ -240,7 +240,7 @@ string_match(const char *tok, const char *string) * Otherwise, return YES if the token fully matches the string. */ - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + if (strcmp(tok, "ALL") == 0) { /* all: always matches */ return (YES); } else if (strcasecmp(tok, string) == 0) { /* try exact match */ return (YES);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003190329.02J3Tljr041536>