From c45b076b1c4d4829d96a16001f7d681fa526574f Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 8 Jan 2025 17:04:07 +0100
Subject: [PATCH] login: Fix no-pam authorization regression

The list_match function handles EXCEPT entries through recursive
calls. It calls itself with NULL, which was then passed to strtok so
parsing continued at current position.

Replacing strtok with strsep, this means that EXCEPT entries never
match, because strsep(NULL, ...) always returns NULL, i.e. the
code treats everything after EXCEPT as non-existing.

Fix this by passing current list pointer to recursive call.

Fixes: 90afe61003ef (2024-07-04; "lib/, src/: Use strsep(3) instead of strtok(3)")
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/login_nopam.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/login_nopam.c b/src/login_nopam.c
index 1a97de5cc..de9513554 100644
--- a/src/login_nopam.c
+++ b/src/login_nopam.c
@@ -171,7 +171,7 @@ list_match(char *list, const char *item, bool (*match_fn)(char *, const char*))
 		while (   (NULL != (tok = strsep(&list, sep)))
 		       && (strcasecmp (tok, "EXCEPT") != 0))
 			/* VOID */ ;
-		if (tok == NULL || !list_match(NULL, item, match_fn)) {
+		if (tok == NULL || !list_match(list, item, match_fn)) {
 			return (match);
 		}
 	}
-- 
2.47.2