diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2018-04-06 15:47:42 -0700 |
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2018-04-06 15:50:09 -0700 |
| commit | a0d0d2fb1b321d65425951fc70f5c42c2dcfda41 (patch) | |
| tree | fb0ca8a8e458a714979800530c4ed92bceaecf0c | |
| parent | 29a803c3c995b08a79bf14215822ed15f3e3a095 (diff) | |
| download | libpam-radius-auth-a0d0d2fb1b321d65425951fc70f5c42c2dcfda41.tar.gz libpam-radius-auth-a0d0d2fb1b321d65425951fc70f5c42c2dcfda41.zip | |
Fixed problem with 2nd config init, when no servers in config file
Ticket: CM-20454
Reviewed By: nobody
My code to avoid redoing all the config didn't work right when
re-entered with no server listed in the config file. The result
was I'd return an error the first time, and success the 2nd-Nth
times, and then later code would try to dereference the NULL pointer
server list, and segv in login or sshd, etc.
Redid the logic in initialize() to fix that.
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | src/pam_radius_auth.c | 32 |
2 files changed, 17 insertions, 17 deletions
diff --git a/debian/changelog b/debian/changelog index c0adf94..78f2988 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,7 +6,7 @@ libpam-radius-auth (1.5.0-cl3u1) RELEASED; urgency=low Typically this includes the sudo and netedit accounts. All radius logins are added to the netshow group by default. - -- Dave Olson <olson@cumulusnetworks.com> Mon, 02 Apr 2018 23:54:02 -0700 + -- Dave Olson <olson@cumulusnetworks.com> Fri, 06 Apr 2018 15:50:00 -0700 libpam-radius-auth (1.4.1-cl3u3) RELEASED; urgency=low diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index 5bf93ea..c4274fa 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -903,14 +903,13 @@ static int setup_sock(pam_handle_t * pamh, radius_server_t * server, */ static int initialize(pam_handle_t * pamh, radius_conf_t * conf) { - int ret = PAM_SUCCESS, retsetup, nservers = 0; + int parse, retsetup, nservers = 0; + const int rfail = PAM_AUTHINFO_UNAVAIL; radius_server_t *server = NULL; - ret = parse_conffile(pamh, conf); - if (ret == -1) - return ret; - else if (ret == 1) - return PAM_SUCCESS; /* no changes to previous parse */ + parse = parse_conffile(pamh, conf); + if (parse == -1) + return rfail; /* setup the sockets, bind to them, etc. */ for (server = conf->server; server; server = server->next) { @@ -919,19 +918,20 @@ static int initialize(pam_handle_t * pamh, radius_conf_t * conf) nservers++; } - if (!nservers) { - _pam_log(pamh, LOG_ERR, "No valid server found in configuration" - " file %s", conf->conf_file); - ret = PAM_AUTHINFO_UNAVAIL; - } + retsetup = nservers ? PAM_SUCCESS : rfail; - if (conf->server) { - cleaned_up = 0; - pam_set_data(pamh, "rad_conf_cleanup", (void *)conf->server, - cleanup_conf); + if (parse != 1) { /* only on first call */ + if (!nservers) + _pam_log(pamh, LOG_ERR, "No valid server found in" + " configuration file %s", conf->conf_file); + else { + cleaned_up = 0; + pam_set_data(pamh, "rad_conf_cleanup", + (void *)conf->server, cleanup_conf); + } } - return ret; + return retsetup; } /* |