Whitespace cleanup + keyword expansion sweep.
Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@16 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
4c413f4604
commit
2a23af0e82
118
bin/su/su.c
118
bin/su/su.c
|
@ -52,63 +52,65 @@ static struct pam_conv pamc;
|
|||
static void
|
||||
usage(void)
|
||||
{
|
||||
fprintf(stderr, "Usage: su [login [args]]\n");
|
||||
exit(1);
|
||||
|
||||
fprintf(stderr, "Usage: su [login [args]]\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static int
|
||||
check(const char *func, int pam_err)
|
||||
{
|
||||
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
|
||||
return pam_err;
|
||||
openlog("su", LOG_CONS, LOG_AUTH);
|
||||
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
|
||||
errx(1, "Sorry.");
|
||||
|
||||
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
|
||||
return pam_err;
|
||||
openlog("su", LOG_CONS, LOG_AUTH);
|
||||
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
|
||||
errx(1, "Sorry.");
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
const char *user, *tty;
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
const char *user, *tty;
|
||||
struct passwd *pwd;
|
||||
int o, status;
|
||||
pid_t pid;
|
||||
int o, status;
|
||||
pid_t pid;
|
||||
|
||||
while ((o = getopt(argc, argv, "h")) != -1)
|
||||
switch (o) {
|
||||
case 'h':
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
while ((o = getopt(argc, argv, "h")) != -1)
|
||||
switch (o) {
|
||||
case 'h':
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
/* initialize PAM */
|
||||
pamc.conv = &openpam_ttyconv;
|
||||
/* initialize PAM */
|
||||
pamc.conv = &openpam_ttyconv;
|
||||
pam_start("su", argc ? *argv : "root", &pamc, &pamh);
|
||||
|
||||
/* set some items */
|
||||
gethostname(hostname, sizeof hostname);
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
|
||||
user = getlogin();
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
|
||||
tty = ttyname(STDERR_FILENO);
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
|
||||
/* set some items */
|
||||
gethostname(hostname, sizeof hostname);
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
|
||||
user = getlogin();
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
|
||||
tty = ttyname(STDERR_FILENO);
|
||||
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
|
||||
|
||||
/* authenticate the applicant */
|
||||
check("pam_authenticate", pam_authenticate(pamh, 0));
|
||||
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
|
||||
PAM_NEW_AUTHTOK_REQD)
|
||||
check("pam_chauthtok",
|
||||
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
|
||||
/* authenticate the applicant */
|
||||
check("pam_authenticate", pam_authenticate(pamh, 0));
|
||||
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
|
||||
PAM_NEW_AUTHTOK_REQD)
|
||||
check("pam_chauthtok",
|
||||
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
|
||||
|
||||
/* establish the requested credentials */
|
||||
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
|
||||
/* establish the requested credentials */
|
||||
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
|
||||
|
||||
/* authentication succeeded; open a session */
|
||||
check("pam_open_session", pam_open_session(pamh, 0));
|
||||
/* authentication succeeded; open a session */
|
||||
check("pam_open_session", pam_open_session(pamh, 0));
|
||||
|
||||
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
|
||||
err(1, "initgroups()");
|
||||
|
@ -117,26 +119,26 @@ main(int argc, char *argv[])
|
|||
|
||||
/* XXX export environment variables */
|
||||
|
||||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
err(1, "fork()");
|
||||
case 0:
|
||||
/* child: start a shell */
|
||||
*argv = pwd->pw_shell;
|
||||
execvp(*argv, argv);
|
||||
err(1, "execvp()");
|
||||
default:
|
||||
/* parent: wait for child to exit */
|
||||
waitpid(pid, &status, 0);
|
||||
if (WIFEXITED(status))
|
||||
status = WEXITSTATUS(status);
|
||||
else
|
||||
status = 1;
|
||||
}
|
||||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
err(1, "fork()");
|
||||
case 0:
|
||||
/* child: start a shell */
|
||||
*argv = pwd->pw_shell;
|
||||
execvp(*argv, argv);
|
||||
err(1, "execvp()");
|
||||
default:
|
||||
/* parent: wait for child to exit */
|
||||
waitpid(pid, &status, 0);
|
||||
if (WIFEXITED(status))
|
||||
status = WEXITSTATUS(status);
|
||||
else
|
||||
status = 1;
|
||||
}
|
||||
|
||||
/* close the session and release PAM resources */
|
||||
check("pam_close_session", pam_close_session(pamh, 0));
|
||||
check("pam_end", pam_end(pamh, 0));
|
||||
/* close the session and release PAM resources */
|
||||
check("pam_close_session", pam_close_session(pamh, 0));
|
||||
check("pam_end", pam_end(pamh, 0));
|
||||
|
||||
exit(status);
|
||||
exit(status);
|
||||
}
|
||||
|
|
|
@ -2,12 +2,12 @@ $Id$
|
|||
|
||||
Errata in XSSO, chapter 5:
|
||||
|
||||
p. 25: the first member of struct pam_response is named "resp", not
|
||||
p. 25: the first member of struct pam_response is named "resp", not
|
||||
"response".
|
||||
|
||||
Errata in XSSO, chapter 6:
|
||||
|
||||
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
|
||||
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
|
||||
sections should be "PAM_NEW_AUTHTOK_REQD".
|
||||
|
||||
p. 32: pam_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
|
||||
|
@ -18,7 +18,7 @@ p. 46: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
|
|||
p. 60: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
|
||||
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
|
||||
|
||||
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
|
||||
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
|
||||
of type size_t, not a size_t *.
|
||||
|
||||
p. 52: PAM_CONV_ERR is listed out of order and with the explanatory
|
||||
|
@ -52,7 +52,7 @@ p. 85: the names of several arguments to pam_sm_set_mapped_username()
|
|||
|
||||
p. 89: the user argument to pam_start() is of type const char *.
|
||||
|
||||
p. 89: the correct definition for struct pam_conv is as follows:
|
||||
p. 89: the correct definition for struct pam_conv is as follows:
|
||||
|
||||
struct pam_conv {
|
||||
int (*conv)(int, struct pam_message **,
|
||||
|
@ -60,7 +60,7 @@ p. 89: the correct definition for struct pam_conv is as follows:
|
|||
void *appdata_ptr;
|
||||
};
|
||||
|
||||
p. 90: the correct definition for struct pam_response is as follows:
|
||||
p. 90: the correct definition for struct pam_response is as follows:
|
||||
|
||||
struct pam_response {
|
||||
char *resp;
|
||||
|
|
|
@ -141,7 +141,7 @@ pam_info(pam_handle_t *_pamh,
|
|||
|
||||
int
|
||||
pam_prompt(pam_handle_t *pamh,
|
||||
char **resp,
|
||||
char **resp,
|
||||
int echo,
|
||||
const char *fmt,
|
||||
...);
|
||||
|
|
|
@ -43,9 +43,9 @@
|
|||
* Control flags
|
||||
*/
|
||||
#define PAM_REQUIRED 1
|
||||
#define PAM_REQUISITE 2
|
||||
#define PAM_REQUISITE 2
|
||||
#define PAM_SUFFICIENT 3
|
||||
#define PAM_OPTIONAL 4
|
||||
#define PAM_OPTIONAL 4
|
||||
#define PAM_NUM_CONTROLFLAGS 5
|
||||
|
||||
/*
|
||||
|
|
|
@ -51,28 +51,28 @@
|
|||
|
||||
int
|
||||
openpam_ttyconv(int n,
|
||||
const struct pam_message **msg,
|
||||
struct pam_response **resp,
|
||||
void *data)
|
||||
const struct pam_message **msg,
|
||||
struct pam_response **resp,
|
||||
void *data)
|
||||
{
|
||||
char buf[PAM_MAX_RESP_SIZE];
|
||||
struct termios tattr;
|
||||
tcflag_t lflag;
|
||||
int fd, err, i;
|
||||
size_t len;
|
||||
char buf[PAM_MAX_RESP_SIZE];
|
||||
struct termios tattr;
|
||||
tcflag_t lflag;
|
||||
int fd, err, i;
|
||||
size_t len;
|
||||
|
||||
data = data;
|
||||
if (n <= 0 || n > PAM_MAX_NUM_MSG)
|
||||
return (PAM_CONV_ERR);
|
||||
if ((*resp = calloc(n, sizeof **resp)) == NULL)
|
||||
return (PAM_BUF_ERR);
|
||||
fd = fileno(stdin);
|
||||
for (i = 0; i < n; ++i) {
|
||||
resp[i]->resp_retcode = 0;
|
||||
resp[i]->resp = NULL;
|
||||
switch (msg[i]->msg_style) {
|
||||
case PAM_PROMPT_ECHO_OFF:
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
data = data;
|
||||
if (n <= 0 || n > PAM_MAX_NUM_MSG)
|
||||
return (PAM_CONV_ERR);
|
||||
if ((*resp = calloc(n, sizeof **resp)) == NULL)
|
||||
return (PAM_BUF_ERR);
|
||||
fd = fileno(stdin);
|
||||
for (i = 0; i < n; ++i) {
|
||||
resp[i]->resp_retcode = 0;
|
||||
resp[i]->resp = NULL;
|
||||
switch (msg[i]->msg_style) {
|
||||
case PAM_PROMPT_ECHO_OFF:
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
||||
if (tcgetattr(fd, &tattr) != 0) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
|
@ -88,44 +88,44 @@ openpam_ttyconv(int n,
|
|||
err = PAM_CONV_ERR;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
fputs(msg[i]->msg, stderr);
|
||||
buf[0] = '\0';
|
||||
fgets(buf, sizeof buf, stdin);
|
||||
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
||||
tattr.c_lflag = lflag;
|
||||
(void)tcsetattr(fd, TCSANOW, &tattr);
|
||||
fputs("\n", stderr);
|
||||
}
|
||||
if (ferror(stdin)) {
|
||||
err = PAM_CONV_ERR;
|
||||
goto fail;
|
||||
}
|
||||
for (len = strlen(buf); len > 0; --len)
|
||||
if (!isspace(buf[len - 1]))
|
||||
break;
|
||||
buf[len] = '\0';
|
||||
if ((resp[i]->resp = strdup(buf)) == NULL) {
|
||||
err = PAM_BUF_ERR;
|
||||
goto fail;
|
||||
}
|
||||
break;
|
||||
case PAM_ERROR_MSG:
|
||||
fputs(msg[i]->msg, stderr);
|
||||
break;
|
||||
case PAM_TEXT_INFO:
|
||||
fputs(msg[i]->msg, stdout);
|
||||
break;
|
||||
default:
|
||||
err = PAM_BUF_ERR;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
fputs(msg[i]->msg, stderr);
|
||||
buf[0] = '\0';
|
||||
fgets(buf, sizeof buf, stdin);
|
||||
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
||||
tattr.c_lflag = lflag;
|
||||
(void)tcsetattr(fd, TCSANOW, &tattr);
|
||||
fputs("\n", stderr);
|
||||
}
|
||||
if (ferror(stdin)) {
|
||||
err = PAM_CONV_ERR;
|
||||
goto fail;
|
||||
}
|
||||
for (len = strlen(buf); len > 0; --len)
|
||||
if (!isspace(buf[len - 1]))
|
||||
break;
|
||||
buf[len] = '\0';
|
||||
if ((resp[i]->resp = strdup(buf)) == NULL) {
|
||||
err = PAM_BUF_ERR;
|
||||
goto fail;
|
||||
}
|
||||
break;
|
||||
case PAM_ERROR_MSG:
|
||||
fputs(msg[i]->msg, stderr);
|
||||
break;
|
||||
case PAM_TEXT_INFO:
|
||||
fputs(msg[i]->msg, stdout);
|
||||
break;
|
||||
default:
|
||||
err = PAM_BUF_ERR;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
return (PAM_SUCCESS);
|
||||
fail:
|
||||
while (i)
|
||||
free(resp[--i]);
|
||||
free(*resp);
|
||||
*resp = NULL;
|
||||
return (err);
|
||||
free(*resp);
|
||||
*resp = NULL;
|
||||
return (err);
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
|
||||
int
|
||||
pam_prompt(pam_handle_t *pamh,
|
||||
char **resp,
|
||||
char **resp,
|
||||
int echo,
|
||||
const char *fmt,
|
||||
...)
|
||||
|
|
|
@ -101,10 +101,10 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
|||
|
||||
static int
|
||||
_pam_add_module(pam_handle_t *pamh,
|
||||
int chain,
|
||||
int flag,
|
||||
const char *modpath,
|
||||
const char *options /* XXX */ __unused)
|
||||
int chain,
|
||||
int flag,
|
||||
const char *modpath,
|
||||
const char *options /* XXX */ __unused)
|
||||
{
|
||||
pam_chain_t *module, *iterator;
|
||||
int i;
|
||||
|
@ -157,7 +157,7 @@ _pam_add_module(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
#define PAM_CONF_STYLE 0
|
||||
#define PAM_D_STYLE 1
|
||||
#define PAM_D_STYLE 1
|
||||
#define MAX_LINE_LEN 1024
|
||||
|
||||
static int
|
||||
|
@ -283,8 +283,8 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
/*
|
||||
* Finally, add the module at the end of the
|
||||
* appropriate chain and bump the counter.
|
||||
* Finally, add the module at the end of the
|
||||
* appropriate chain and bump the counter.
|
||||
*/
|
||||
if ((r = _pam_add_module(pamh, chain, flag, p, q)) !=
|
||||
PAM_SUCCESS)
|
||||
|
@ -316,7 +316,7 @@ static const char *_pam_policy_path[] = {
|
|||
|
||||
static int
|
||||
_pam_configure_service(pam_handle_t *pamh,
|
||||
const char *service)
|
||||
const char *service)
|
||||
{
|
||||
const char **path;
|
||||
char *filename;
|
||||
|
|
Loading…
Reference in New Issue