diff --git a/ngx_http_auth_pam_module.c b/ngx_http_auth_pam_module.c index 9f03f7b..2b8349a 100644 --- a/ngx_http_auth_pam_module.c +++ b/ngx_http_auth_pam_module.c @@ -237,16 +237,21 @@ ngx_http_auth_pam_handler(ngx_http_request_t *r) /** * create a key value pair from the given key and value string */ -static void set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r, +static ngx_int_t set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r, char *key, char *value) { if (key != NULL && value != NULL) { size_t size = strlen(key) + strlen(value) + 1 * sizeof(char); char *key_value_pair = ngx_palloc(r->pool, size); + if (key_value_pair == NULL) { + return NGX_ERROR; + } sprintf(key_value_pair, "%s=%s", key, value); pam_putenv(pamh, key_value_pair); } + + return NGX_OK; } /** @@ -268,14 +273,21 @@ static char* ngx_strncpy_s(ngx_str_t source, ngx_pool_t *pool) /** * enrich pam environment with request parameters */ -static void add_request_info_to_pam_env(pam_handle_t *pamh, +static ngx_int_t add_request_info_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r) { char *request_info = ngx_strncpy_s(r->request_line, r->pool); char *host_info = ngx_strncpy_s(r->headers_in.host->value, r->pool); - set_to_pam_env(pamh, r, "REQUEST", request_info); - set_to_pam_env(pamh, r, "HOST", host_info); + if (set_to_pam_env(pamh, r, "REQUEST", request_info) != NGX_OK){ + return NGX_ERROR; + } + + if (set_to_pam_env(pamh, r, "HOST", host_info) != NGX_OK){ + return NGX_ERROR; + } + + return NGX_OK; } static ngx_int_t @@ -351,7 +363,12 @@ ngx_http_auth_pam_authenticate(ngx_http_request_t *r, } if (alcf->set_pam_env) { - add_request_info_to_pam_env(pamh, r); + if (add_request_info_to_pam_env(pamh, r) != NGX_OK){ + ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0, + "PAM: Could not add request info to pam env: %s", + pam_strerror(pamh, rc)); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } } /* try to authenticate user, log error on failure */