diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/lib/libpam/pam_framework.c | 24 | ||||
| -rw-r--r-- | usr/src/lib/libsecdb/common/chkauthattr.c | 36 |
2 files changed, 31 insertions, 29 deletions
diff --git a/usr/src/lib/libpam/pam_framework.c b/usr/src/lib/libpam/pam_framework.c index e64b5f1e40..8197f7984b 100644 --- a/usr/src/lib/libpam/pam_framework.c +++ b/usr/src/lib/libpam/pam_framework.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1544,6 +1544,7 @@ out: /* * pam_getenvlist - retrieve all environment variables from the PAM handle + * in a NULL terminated array. On error, return NULL. */ char ** pam_getenvlist(pam_handle_t *pamh) @@ -1552,7 +1553,8 @@ pam_getenvlist(pam_handle_t *pamh) char **list = 0; int length = 0; env_list *traverse; - char env_buf[1024]; + char *tenv; + size_t tenv_size; pam_trace(PAM_DEBUG_DEFAULT, "pam_getenvlist(%p)", (void *)pamh); @@ -1568,7 +1570,7 @@ pam_getenvlist(pam_handle_t *pamh) } /* allocate the array we will return to the caller */ - if ((list = (char **)calloc(length + 1, sizeof (char *))) == 0) { + if ((list = (char **)calloc(length + 1, sizeof (char *))) == NULL) { error = PAM_BUF_ERR; goto out; } @@ -1576,19 +1578,19 @@ pam_getenvlist(pam_handle_t *pamh) /* add the variables one by one */ length = 0; traverse = pamh->pam_env; - while (traverse) { - (void) snprintf(env_buf, sizeof (env_buf), "%s=%s", - traverse->name, traverse->value); - if ((list[length] = strdup(env_buf)) == 0) { + while (traverse != NULL) { + tenv_size = strlen(traverse->name) + + strlen(traverse->value) + 2; /* name=val\0 */ + if ((tenv = malloc(tenv_size)) == NULL) { error = PAM_BUF_ERR; goto out; } - length++; + /*LINTED*/ + (void) sprintf(tenv, "%s=%s", traverse->name, traverse->value); + list[length++] = tenv; traverse = traverse->next; } - - /* null terminate the list */ - list[length] = 0; + list[length] = NULL; error = PAM_SUCCESS; out: diff --git a/usr/src/lib/libsecdb/common/chkauthattr.c b/usr/src/lib/libsecdb/common/chkauthattr.c index 5b9a05c1d3..6e41e99723 100644 --- a/usr/src/lib/libsecdb/common/chkauthattr.c +++ b/usr/src/lib/libsecdb/common/chkauthattr.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -50,7 +50,7 @@ chkauthattr(const char *authname, const char *username) int auth_granted = 0; char *auths; char *profiles; - userattr_t *user; + userattr_t *user = NULL; char *chkedprof[MAXPROFS]; int chkedprof_cnt = 0; int i; @@ -58,34 +58,34 @@ chkauthattr(const char *authname, const char *username) if (authname == NULL || username == NULL) return (0); + /* Check against AUTHS_GRANTED and PROFS_GRANTED in policy.conf */ auth_granted = _chk_policy_auth(authname, chkedprof, &chkedprof_cnt); - if (auth_granted) { - return (1); - } + if (auth_granted) + goto exit; + if ((user = getusernam(username)) == NULL) - return (0); + goto exit; + /* Check against authorizations listed in user_attr */ if ((auths = kva_match(user->attr, USERATTR_AUTHS_KW)) != NULL) { - if (_is_authorized(authname, auths)) { - free_userattr(user); - return (1); - } - } - - if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) { - free_userattr(user); - return (0); + auth_granted = _is_authorized(authname, auths); + if (auth_granted) + goto exit; } - auth_granted = _chkprof_for_auth(profiles, authname, - chkedprof, &chkedprof_cnt); + /* Check against authorizations specified by profiles */ + if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) != NULL) + auth_granted = _chkprof_for_auth(profiles, authname, + chkedprof, &chkedprof_cnt); +exit: /* free memory allocated for checked array */ for (i = 0; i < chkedprof_cnt; i++) { free(chkedprof[i]); } - free_userattr(user); + if (user != NULL) + free_userattr(user); return (auth_granted); } |