From dd498bc7ada7efa5c7f57b5ce6bc2ef8f01e8951 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sun, 18 Dec 2011 13:59:22 +0000 Subject: [PATCH] Use openpam_check_path_owner_perms() git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@502 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- lib/openpam_dynamic.c | 44 ++----------------------------------------- 1 file changed, 2 insertions(+), 42 deletions(-) diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c index 0cf9426..1a05565 100644 --- a/lib/openpam_dynamic.c +++ b/lib/openpam_dynamic.c @@ -39,12 +39,8 @@ # include "config.h" #endif -#include -#include - #include #include -#include #include #include #include @@ -58,30 +54,6 @@ #define RTLD_NOW RTLD_LAZY #endif -/* - * OpenPAM internal - * - * Verify that a file or directory is owned by either root or the - * arbitrator and that it is not writable by group or other. - */ - -static int -check_owner_perms(const char *path) -{ - struct stat sb; - - if (stat(path, &sb) != 0) - return (-1); - if ((sb.st_uid != 0 && sb.st_uid != geteuid()) || - (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { - openpam_log(PAM_LOG_ERROR, - "%s: insecure ownership or permissions", path); - errno = EPERM; - return (-1); - } - return (0); -} - /* * OpenPAM internal * @@ -91,22 +63,10 @@ check_owner_perms(const char *path) static void * try_dlopen(const char *modfn) { - char *moddn; - int ok, serrno; - /* - * BSD dirname(3) returns a pointer to a static buffer, while GNU - * dirname(3) modifies the input string. Use a copy of the string - * so both cases work. - */ - if ((moddn = strdup(modfn)) == NULL) + if (openpam_check_path_owner_perms(modfn) != 0) return (NULL); - ok = (check_owner_perms(dirname(moddn)) == 0 && - check_owner_perms(modfn) == 0); - serrno = errno; - FREE(moddn); - errno = serrno; - return (ok ? dlopen(modfn, RTLD_NOW) : NULL); + return (dlopen(modfn, RTLD_NOW)); } /*