Changeset 502 in openpam

Timestamp:

Dec 18, 2011, 1:59:22 PM (9 years ago)

Author:

Dag-Erling Smørgrav

Message:

Use openpam_check_path_owner_perms()

File:

• trunk/lib/openpam_dynamic.c (modified) (3 diffs)

trunk/lib/openpam_dynamic.c

@@ -40 +40 @@
 #endif
 
-#include <sys/types.h>
-#include <sys/stat.h>
-
 #include <dlfcn.h>
 #include <errno.h>
-#include <libgen.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -62 +58 @@
  * OpenPAM internal
  *
- * Verify that a file or directory is owned by either root or the
- * arbitrator and that it is not writable by group or other.
- */
-
-static int
-check_owner_perms(const char *path)
-{
-        struct stat sb;
-
-        if (stat(path, &sb) != 0)
-                return (-1);
-        if ((sb.st_uid != 0 && sb.st_uid != geteuid()) ||
-            (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
-                openpam_log(PAM_LOG_ERROR,
-                    "%s: insecure ownership or permissions", path);
-                errno = EPERM;
-                return (-1);
-        }
-        return (0);
-}
-
-/*
- * OpenPAM internal
- *
  * Perform sanity checks and attempt to load a module
  */
@@ -92 +64 @@
 try_dlopen(const char *modfn)
 {
-        char *moddn;
-        int ok, serrno;
 
-        /*
-         * BSD dirname(3) returns a pointer to a static buffer, while GNU
-         * dirname(3) modifies the input string.  Use a copy of the string
-         * so both cases work.
-         */
-        if ((moddn = strdup(modfn)) == NULL)
+        if (openpam_check_path_owner_perms(modfn) != 0)
                 return (NULL);
-        ok = (check_owner_perms(dirname(moddn)) == 0 &&
-            check_owner_perms(modfn) == 0);
-        serrno = errno;
-        FREE(moddn);
-        errno = serrno;
-        return (ok ? dlopen(modfn, RTLD_NOW) : NULL);
+        return (dlopen(modfn, RTLD_NOW));
 }