Failed user lookups should not terminate the PAM application (#25)

* Failed user lookups should not terminate the PAM application * Updated version and changelog. Tested changes on Debian 10 with no issues. Co-authored-by: David Cheeseman <[email protected]>
nuvious · Sep 3, 2021 · 051d00e · 051d00e
1 parent 3659e50
commit 051d00e
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,7 @@
  - 1.1.5
    - Makefile improvements by [Prateek Ganguli on github](https://github.com/pganguli). Debug build path now added.
  - 1.1.6
-   - Removal of unnecessary intermediate shell.
+   - Removal of unnecessary intermediate shell. Contribution by [Jürgen Hötzel on github](https://github.com/juergenhoetzel).
    - Debug builds will not redirect output of stderr and stdout to /dev/null by default to support testing/debugging.
-
+ - 1.1.7
+   - Removal of exit statements; replaced with NULL to preven the PAM application exiting. Contribution by [Jürgen Hötzel on github](https://github.com/juergenhoetzel).
diff --git a/src/duress.c b/src/duress.c
@@ -195,8 +195,11 @@ int process_dir(const char *directory, const char *pam_user,
 int execute_duress_scripts(const char *pam_user, const char *pam_pass) {
   int global_duress_run =
       process_dir(GLOBAL_CONFIG_DIR, pam_user, pam_pass, NULL);
-  int local_duress_run =
-      process_dir(get_local_config_dir(pam_user), pam_user, pam_pass, pam_user);
+
+  int local_duress_run = 0;
+  char *local_config_dir = get_local_config_dir(pam_user);
+  if (local_config_dir != NULL)
+    local_duress_run = process_dir(local_config_dir, pam_user, pam_pass, pam_user);
 
   if (global_duress_run || local_duress_run)
     return PAM_SUCCESS;

diff --git a/src/util.c b/src/util.c
@@ -67,20 +67,20 @@ char *get_local_config_dir(const char *user_name)
     if (pwd == NULL)
     {
         syslog(LOG_INFO, "Failed to allocate struct passwd for getpwnam_r.\n");
-        exit(1);
+        return NULL;
     }
     size_t buffer_len = sysconf(_SC_GETPW_R_SIZE_MAX) * sizeof(char);
     char *buffer = malloc(buffer_len);
     if (buffer == NULL)
     {
         syslog(LOG_INFO, "Failed to allocate buffer for getpwnam_r.\n");
-        exit(2);
+        return NULL;
     }
     getpwnam_r(user_name, pwd, buffer, buffer_len, &pwd);
     if (pwd == NULL)
     {
         syslog(LOG_INFO, "getpwnam_r failed to find requested entry.\n");
-        exit(3);
+        return NULL;
     }
 
     free(buffer);

diff --git a/src/version.h b/src/version.h
@@ -3,6 +3,6 @@
 
 #define VERS_MAJOR 1
 #define VERS_MINOR 1
-#define VERS_REVISION 6
+#define VERS_REVISION 7
 
 #endif