login: Fix no-pam authorization regression

The list_match function handles EXCEPT entries through recursive
calls. It calls itself with NULL, which was then passed to strtok so
parsing continued at current position.

Replacing strtok with strsep, this means that EXCEPT entries never
match, because strsep(NULL, ...) always returns NULL, i.e. the
code treats everything after EXCEPT as non-existing.

Fix this by passing current list pointer to recursive call.

Fixes: 90afe61003ef (2024-07-04; "lib/, src/: Use strsep(3) instead of strtok(3)")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/src/login_nopam.c b/src/login_nopam.c
index 1a97de5ccf24184a59d9a1836f23d38a9f2e8aa5..de9513554c62d6a00cfc45948dc699b0822748f6 100644 (file)
--- a/src/login_nopam.c
+++ b/src/login_nopam.c
@@ -171,7 +171,7 @@ list_match(char *list, const char *item, bool (*match_fn)(char *, const char*))
                while (   (NULL != (tok = strsep(&list, sep)))
                       && (strcasecmp (tok, "EXCEPT") != 0))
                        /* VOID */ ;
-               if (tok == NULL || !list_match(NULL, item, match_fn)) {
+               if (tok == NULL || !list_match(list, item, match_fn)) {
                        return (match);
                }
        }