OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Whitespace cleanup + keyword expansion sweep. 

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@16 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav 2002-02-01 22:20:07 +00:00
parent 4c413f4604
commit 2a23af0e82
21 changed files with 173 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
bin/su/su.c
View File

@ -52,63 +52,65 @@ static struct pam_conv pamc;
static void
usage(void)
{
fprintf(stderr, "Usage: su [login [args]]\n");
exit(1);
fprintf(stderr, "Usage: su [login [args]]\n");
exit(1);
}
static int
check(const char *func, int pam_err)
{
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
return pam_err;
openlog("su", LOG_CONS, LOG_AUTH);
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
errx(1, "Sorry.");
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
return pam_err;
openlog("su", LOG_CONS, LOG_AUTH);
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
errx(1, "Sorry.");
}
int
main(int argc, char *argv[])
{
char hostname[MAXHOSTNAMELEN];
const char *user, *tty;
char hostname[MAXHOSTNAMELEN];
const char *user, *tty;
struct passwd *pwd;
int o, status;
pid_t pid;
int o, status;
pid_t pid;
while ((o = getopt(argc, argv, "h")) != -1)
switch (o) {
case 'h':
default:
usage();
}
while ((o = getopt(argc, argv, "h")) != -1)
switch (o) {
case 'h':
default:
usage();
}
argc -= optind;
argv += optind;
argc -= optind;
argv += optind;
/* initialize PAM */
pamc.conv = &openpam_ttyconv;
/* initialize PAM */
pamc.conv = &openpam_ttyconv;
pam_start("su", argc ? *argv : "root", &pamc, &pamh);
/* set some items */
gethostname(hostname, sizeof hostname);
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
user = getlogin();
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
tty = ttyname(STDERR_FILENO);
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
/* set some items */
gethostname(hostname, sizeof hostname);
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
user = getlogin();
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
tty = ttyname(STDERR_FILENO);
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
/* authenticate the applicant */
check("pam_authenticate", pam_authenticate(pamh, 0));
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
PAM_NEW_AUTHTOK_REQD)
check("pam_chauthtok",
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
/* authenticate the applicant */
check("pam_authenticate", pam_authenticate(pamh, 0));
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
PAM_NEW_AUTHTOK_REQD)
check("pam_chauthtok",
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
/* establish the requested credentials */
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
/* establish the requested credentials */
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
/* authentication succeeded; open a session */
check("pam_open_session", pam_open_session(pamh, 0));
/* authentication succeeded; open a session */
check("pam_open_session", pam_open_session(pamh, 0));
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
err(1, "initgroups()");
@ -117,26 +119,26 @@ main(int argc, char *argv[])
/* XXX export environment variables */
switch ((pid = fork())) {
case -1:
err(1, "fork()");
case 0:
/* child: start a shell */
*argv = pwd->pw_shell;
execvp(*argv, argv);
err(1, "execvp()");
default:
/* parent: wait for child to exit */
waitpid(pid, &status, 0);
if (WIFEXITED(status))
status = WEXITSTATUS(status);
else
status = 1;
}
switch ((pid = fork())) {
case -1:
err(1, "fork()");
case 0:
/* child: start a shell */
*argv = pwd->pw_shell;
execvp(*argv, argv);
err(1, "execvp()");
default:
/* parent: wait for child to exit */
waitpid(pid, &status, 0);
if (WIFEXITED(status))
status = WEXITSTATUS(status);
else
status = 1;
}
/* close the session and release PAM resources */
check("pam_close_session", pam_close_session(pamh, 0));
check("pam_end", pam_end(pamh, 0));
/* close the session and release PAM resources */
check("pam_close_session", pam_close_session(pamh, 0));
check("pam_end", pam_end(pamh, 0));
exit(status);
exit(status);
}

10
doc/xsso_errata.txt
View File

@ -2,12 +2,12 @@ $Id$
Errata in XSSO, chapter 5:
p. 25: the first member of struct pam_response is named "resp", not
p. 25: the first member of struct pam_response is named "resp", not
"response".
Errata in XSSO, chapter 6:
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
sections should be "PAM_NEW_AUTHTOK_REQD".
p. 32: pam_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
@ -18,7 +18,7 @@ p. 46: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
p. 60: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
of type size_t, not a size_t *.
p. 52: PAM_CONV_ERR is listed out of order and with the explanatory
@ -52,7 +52,7 @@ p. 85: the names of several arguments to pam_sm_set_mapped_username()
p. 89: the user argument to pam_start() is of type const char *.
p. 89: the correct definition for struct pam_conv is as follows:
p. 89: the correct definition for struct pam_conv is as follows:
struct pam_conv {
int (*conv)(int, struct pam_message **,
@ -60,7 +60,7 @@ p. 89: the correct definition for struct pam_conv is as follows:
void *appdata_ptr;
};
p. 90: the correct definition for struct pam_response is as follows:
p. 90: the correct definition for struct pam_response is as follows:
struct pam_response {
char *resp;

2
include/security/pam_appl.h
View File

@ -141,7 +141,7 @@ pam_info(pam_handle_t *_pamh,
int
pam_prompt(pam_handle_t *pamh,
char **resp,
char **resp,
int echo,
const char *fmt,
...);

4
lib/openpam_impl.h
View File

@ -43,9 +43,9 @@
* Control flags
*/
#define PAM_REQUIRED 1
#define PAM_REQUISITE 2
#define PAM_REQUISITE 2
#define PAM_SUFFICIENT 3
#define PAM_OPTIONAL 4
#define PAM_OPTIONAL 4
#define PAM_NUM_CONTROLFLAGS 5
/*

114
lib/openpam_ttyconv.c
View File

@ -51,28 +51,28 @@
int
openpam_ttyconv(int n,
const struct pam_message **msg,
struct pam_response **resp,
void *data)
const struct pam_message **msg,
struct pam_response **resp,
void *data)
{
char buf[PAM_MAX_RESP_SIZE];
struct termios tattr;
tcflag_t lflag;
int fd, err, i;
size_t len;
char buf[PAM_MAX_RESP_SIZE];
struct termios tattr;
tcflag_t lflag;
int fd, err, i;
size_t len;
data = data;
if (n <= 0 || n > PAM_MAX_NUM_MSG)
return (PAM_CONV_ERR);
if ((*resp = calloc(n, sizeof **resp)) == NULL)
return (PAM_BUF_ERR);
fd = fileno(stdin);
for (i = 0; i < n; ++i) {
resp[i]->resp_retcode = 0;
resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
case PAM_PROMPT_ECHO_ON:
data = data;
if (n <= 0 || n > PAM_MAX_NUM_MSG)
return (PAM_CONV_ERR);
if ((*resp = calloc(n, sizeof **resp)) == NULL)
return (PAM_BUF_ERR);
fd = fileno(stdin);
for (i = 0; i < n; ++i) {
resp[i]->resp_retcode = 0;
resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
case PAM_PROMPT_ECHO_ON:
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
if (tcgetattr(fd, &tattr) != 0) {
openpam_log(PAM_LOG_ERROR,
@ -88,44 +88,44 @@ openpam_ttyconv(int n,
err = PAM_CONV_ERR;
goto fail;
}
}
fputs(msg[i]->msg, stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
tattr.c_lflag = lflag;
(void)tcsetattr(fd, TCSANOW, &tattr);
fputs("\n", stderr);
}
if (ferror(stdin)) {
err = PAM_CONV_ERR;
goto fail;
}
for (len = strlen(buf); len > 0; --len)
if (!isspace(buf[len - 1]))
break;
buf[len] = '\0';
if ((resp[i]->resp = strdup(buf)) == NULL) {
err = PAM_BUF_ERR;
goto fail;
}
break;
case PAM_ERROR_MSG:
fputs(msg[i]->msg, stderr);
break;
case PAM_TEXT_INFO:
fputs(msg[i]->msg, stdout);
break;
default:
err = PAM_BUF_ERR;
goto fail;
}
}
return (PAM_SUCCESS);
}
fputs(msg[i]->msg, stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
tattr.c_lflag = lflag;
(void)tcsetattr(fd, TCSANOW, &tattr);
fputs("\n", stderr);
}
if (ferror(stdin)) {
err = PAM_CONV_ERR;
goto fail;
}
for (len = strlen(buf); len > 0; --len)
if (!isspace(buf[len - 1]))
break;
buf[len] = '\0';
if ((resp[i]->resp = strdup(buf)) == NULL) {
err = PAM_BUF_ERR;
goto fail;
}
break;
case PAM_ERROR_MSG:
fputs(msg[i]->msg, stderr);
break;
case PAM_TEXT_INFO:
fputs(msg[i]->msg, stdout);
break;
default:
err = PAM_BUF_ERR;
goto fail;
}
}
return (PAM_SUCCESS);
fail:
while (i)
free(resp[--i]);
free(*resp);
*resp = NULL;
return (err);
free(*resp);
*resp = NULL;
return (err);
}

2
lib/pam_prompt.c
View File

@ -48,7 +48,7 @@
int
pam_prompt(pam_handle_t *pamh,
char **resp,
char **resp,
int echo,
const char *fmt,
...)

16
lib/pam_start.c
View File

@ -101,10 +101,10 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
static int
_pam_add_module(pam_handle_t *pamh,
int chain,
int flag,
const char *modpath,
const char *options /* XXX */ __unused)
int chain,
int flag,
const char *modpath,
const char *options /* XXX */ __unused)
{
pam_chain_t *module, *iterator;
int i;
@ -157,7 +157,7 @@ _pam_add_module(pam_handle_t *pamh,
}
#define PAM_CONF_STYLE 0
#define PAM_D_STYLE 1
#define PAM_D_STYLE 1
#define MAX_LINE_LEN 1024
static int
@ -283,8 +283,8 @@ _pam_read_policy_file(pam_handle_t *pamh,
}
/*
* Finally, add the module at the end of the
* appropriate chain and bump the counter.
* Finally, add the module at the end of the
* appropriate chain and bump the counter.
*/
if ((r = _pam_add_module(pamh, chain, flag, p, q)) !=
PAM_SUCCESS)
@ -316,7 +316,7 @@ static const char *_pam_policy_path[] = {
static int
_pam_configure_service(pam_handle_t *pamh,
const char *service)
const char *service)
{
const char **path;
char *filename;