summaryrefslogtreecommitdiff
path: root/usr/src/lib/libsecdb/common
diff options
context:
space:
mode:
authorjjj <none@none>2007-01-04 06:32:41 -0800
committerjjj <none@none>2007-01-04 06:32:41 -0800
commitace0ce487bf50def2cf7ed0dfe532a37bb784c0b (patch)
treee47e65cb3819d36a5a5f7cb483d270557a954739 /usr/src/lib/libsecdb/common
parentc573a06ee35a7b4e0a32d84e1f038ca5439b5d67 (diff)
downloadillumos-joyent-ace0ce487bf50def2cf7ed0dfe532a37bb784c0b.tar.gz
6493200 memory leak in libsecdb chkauthattr(3SECDB)
6508016 pam_getenvlist truncates variables
Diffstat (limited to 'usr/src/lib/libsecdb/common')
-rw-r--r--usr/src/lib/libsecdb/common/chkauthattr.c36
1 files changed, 18 insertions, 18 deletions
diff --git a/usr/src/lib/libsecdb/common/chkauthattr.c b/usr/src/lib/libsecdb/common/chkauthattr.c
index 5b9a05c1d3..6e41e99723 100644
--- a/usr/src/lib/libsecdb/common/chkauthattr.c
+++ b/usr/src/lib/libsecdb/common/chkauthattr.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -50,7 +50,7 @@ chkauthattr(const char *authname, const char *username)
int auth_granted = 0;
char *auths;
char *profiles;
- userattr_t *user;
+ userattr_t *user = NULL;
char *chkedprof[MAXPROFS];
int chkedprof_cnt = 0;
int i;
@@ -58,34 +58,34 @@ chkauthattr(const char *authname, const char *username)
if (authname == NULL || username == NULL)
return (0);
+ /* Check against AUTHS_GRANTED and PROFS_GRANTED in policy.conf */
auth_granted = _chk_policy_auth(authname, chkedprof, &chkedprof_cnt);
- if (auth_granted) {
- return (1);
- }
+ if (auth_granted)
+ goto exit;
+
if ((user = getusernam(username)) == NULL)
- return (0);
+ goto exit;
+ /* Check against authorizations listed in user_attr */
if ((auths = kva_match(user->attr, USERATTR_AUTHS_KW)) != NULL) {
- if (_is_authorized(authname, auths)) {
- free_userattr(user);
- return (1);
- }
- }
-
- if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
- free_userattr(user);
- return (0);
+ auth_granted = _is_authorized(authname, auths);
+ if (auth_granted)
+ goto exit;
}
- auth_granted = _chkprof_for_auth(profiles, authname,
- chkedprof, &chkedprof_cnt);
+ /* Check against authorizations specified by profiles */
+ if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) != NULL)
+ auth_granted = _chkprof_for_auth(profiles, authname,
+ chkedprof, &chkedprof_cnt);
+exit:
/* free memory allocated for checked array */
for (i = 0; i < chkedprof_cnt; i++) {
free(chkedprof[i]);
}
- free_userattr(user);
+ if (user != NULL)
+ free_userattr(user);
return (auth_granted);
}