Add support for static linking. Also rename a handful of constants
to reduce the chance of every running into a naming conflict. Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
c5802864c3
commit
4166f73f32
|
@ -55,20 +55,95 @@ void _openpam_log(int _level,
|
|||
const char *_fmt,
|
||||
...);
|
||||
|
||||
#ifdef __GNUC__
|
||||
#if defined(__STDC__) && (__STDC_VERSION__ > 199901L)
|
||||
#define openpam_log(lvl, fmt, ...) \
|
||||
_openpam_log((lvl), __func__, fmt, __VA_ARGS__)
|
||||
#elif defined(__GNUC__)
|
||||
#define openpam_log(lvl, fmt...) \
|
||||
_openpam_log((lvl), __func__, ##fmt)
|
||||
#else
|
||||
#define openpam_log(lvl, fmt, ...) \
|
||||
_openpam_log((lvl), __func__, fmt, __VA_ARGS__)
|
||||
extern openpam_log(int _level, const char *_format, ...);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Generic conversation function
|
||||
*/
|
||||
struct pam_message;
|
||||
struct pam_response;
|
||||
int openpam_ttyconv(int _n,
|
||||
const struct pam_message **_msg,
|
||||
struct pam_response **_resp,
|
||||
void *_data);
|
||||
|
||||
/*
|
||||
* PAM primitives
|
||||
*/
|
||||
enum {
|
||||
PAM_SM_AUTHENTICATE,
|
||||
PAM_SM_SETCRED,
|
||||
PAM_SM_ACCT_MGMT,
|
||||
PAM_SM_OPEN_SESSION,
|
||||
PAM_SM_CLOSE_SESSION,
|
||||
PAM_SM_CHAUTHTOK,
|
||||
/* keep this last */
|
||||
PAM_NUM_PRIMITIVES
|
||||
};
|
||||
|
||||
/*
|
||||
* Dummy service module function
|
||||
*/
|
||||
#define PAM_SM_DUMMY(type) \
|
||||
PAM_EXTERN int \
|
||||
pam_sm_##type(pam_handle_t *pamh, int flags, \
|
||||
int argc, const char *argv[]) \
|
||||
{ \
|
||||
return (PAM_IGNORE); \
|
||||
}
|
||||
|
||||
/*
|
||||
* PAM service module functions match this typedef
|
||||
*/
|
||||
struct pam_handle;
|
||||
typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
|
||||
|
||||
/*
|
||||
* A struct that describes a module.
|
||||
*/
|
||||
typedef struct pam_module pam_module_t;
|
||||
struct pam_module {
|
||||
const char *path;
|
||||
pam_func_t func[PAM_NUM_PRIMITIVES];
|
||||
void *dlh;
|
||||
int refcount;
|
||||
pam_module_t *prev;
|
||||
pam_module_t *next;
|
||||
};
|
||||
|
||||
/*
|
||||
* Infrastructure for static modules using GCC linker sets.
|
||||
* You are not expected to understand this.
|
||||
*/
|
||||
#if defined(__GNUC__) && !defined(__PIC__)
|
||||
#if defined(__FreeBSD__)
|
||||
#define PAM_SOEXT ".so"
|
||||
#else
|
||||
#error Static linking is not supported on your platform
|
||||
#endif
|
||||
/* gcc, static linking */
|
||||
#include <sys/cdefs.h>
|
||||
#include <linker_set.h>
|
||||
#define OPENPAM_STATIC_MODULES
|
||||
#define PAM_EXTERN static
|
||||
#define PAM_MODULE_ENTRY(name) \
|
||||
static struct pam_module _pam_module = { name PAM_SOEXT, { \
|
||||
pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, \
|
||||
pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }, \
|
||||
NULL, 0, NULL, NULL }; \
|
||||
DATA_SET(_openpam_modules, _pam_module)
|
||||
#else
|
||||
/* normal case */
|
||||
#define PAM_EXTERN
|
||||
#define PAM_MODULE_ENTRY(name)
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -39,42 +39,43 @@
|
|||
|
||||
#include <security/pam_types.h>
|
||||
#include <security/pam_constants.h>
|
||||
#include <security/openpam.h>
|
||||
|
||||
/*
|
||||
* XSSO 4.2.2, 6
|
||||
*/
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_acct_mgmt(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_chauthtok(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_close_session(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _args,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_open_session(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *_pamh,
|
||||
int _flags,
|
||||
int _argc,
|
||||
|
@ -84,7 +85,7 @@ pam_sm_setcred(pam_handle_t *_pamh,
|
|||
* Single Sign-On extensions
|
||||
*/
|
||||
#if 0
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate_secondary(pam_handle_t *_pamh,
|
||||
char *_target_username,
|
||||
char *_target_module_type,
|
||||
|
@ -95,7 +96,7 @@ pam_sm_authenticate_secondary(pam_handle_t *_pamh,
|
|||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
|
||||
char *_target_module_username,
|
||||
char *_target_module_type,
|
||||
|
@ -105,7 +106,7 @@ pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
|
|||
int _argc,
|
||||
char *_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_get_mapped_username(pam_handle_t *_pamh,
|
||||
char *_src_username,
|
||||
char *_src_module_type,
|
||||
|
@ -116,7 +117,7 @@ pam_sm_get_mapped_username(pam_handle_t *_pamh,
|
|||
int _argc,
|
||||
const char **_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
|
||||
char *_target_module_username,
|
||||
size_t _target_authtok_len,
|
||||
|
@ -126,7 +127,7 @@ pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
|
|||
int _argc,
|
||||
const char *_argv);
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_set_mapped_username(pam_handle_t *_pamh,
|
||||
char *_target_module_username,
|
||||
char *_target_module_type,
|
||||
|
|
|
@ -55,7 +55,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
int primitive,
|
||||
int flags)
|
||||
{
|
||||
pam_chain_t *module;
|
||||
pam_chain_t *chain;
|
||||
int err, fail, r;
|
||||
|
||||
if (pamh == NULL)
|
||||
|
@ -69,41 +69,41 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
|
||||
/* pick a chain */
|
||||
switch (primitive) {
|
||||
case PAM_AUTHENTICATE:
|
||||
case PAM_SETCRED:
|
||||
module = pamh->chains[PAM_AUTH];
|
||||
case PAM_SM_AUTHENTICATE:
|
||||
case PAM_SM_SETCRED:
|
||||
chain = pamh->chains[PAM_AUTH];
|
||||
break;
|
||||
case PAM_ACCT_MGMT:
|
||||
module = pamh->chains[PAM_ACCOUNT];
|
||||
case PAM_SM_ACCT_MGMT:
|
||||
chain = pamh->chains[PAM_ACCOUNT];
|
||||
break;
|
||||
case PAM_OPEN_SESSION:
|
||||
case PAM_CLOSE_SESSION:
|
||||
module = pamh->chains[PAM_SESSION];
|
||||
case PAM_SM_OPEN_SESSION:
|
||||
case PAM_SM_CLOSE_SESSION:
|
||||
chain = pamh->chains[PAM_SESSION];
|
||||
break;
|
||||
case PAM_CHAUTHTOK:
|
||||
module = pamh->chains[PAM_PASSWORD];
|
||||
case PAM_SM_CHAUTHTOK:
|
||||
chain = pamh->chains[PAM_PASSWORD];
|
||||
break;
|
||||
default:
|
||||
return (PAM_SYSTEM_ERR);
|
||||
}
|
||||
|
||||
/* fail if the chain is empty */
|
||||
if (module == NULL)
|
||||
if (chain == NULL)
|
||||
return (PAM_SYSTEM_ERR);
|
||||
|
||||
/* execute */
|
||||
for (err = fail = 0; module != NULL; module = module->next) {
|
||||
if (module->primitive[primitive] == NULL) {
|
||||
for (err = fail = 0; chain != NULL; chain = chain->next) {
|
||||
if (chain->module->func[primitive] == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "%s: no %s()",
|
||||
module->modpath, _pam_sm_func_name[primitive]);
|
||||
chain->module->path, _pam_sm_func_name[primitive]);
|
||||
r = PAM_SYMBOL_ERR;
|
||||
} else {
|
||||
pamh->current = module;
|
||||
r = (module->primitive[primitive])(pamh, flags,
|
||||
module->optc, (const char **)module->optv);
|
||||
pamh->current = chain;
|
||||
r = (chain->module->func[primitive])(pamh, flags,
|
||||
chain->optc, (const char **)chain->optv);
|
||||
pamh->current = NULL;
|
||||
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
|
||||
module->modpath, _pam_sm_func_name[primitive],
|
||||
chain->module->path, _pam_sm_func_name[primitive],
|
||||
pam_strerror(pamh, r));
|
||||
}
|
||||
|
||||
|
@ -118,8 +118,8 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
* the chain here if a required module has
|
||||
* previously failed. I'm not sure why.
|
||||
*/
|
||||
if (module->flag == PAM_SUFFICIENT &&
|
||||
primitive != PAM_SETCRED)
|
||||
if (chain->flag == PAM_SUFFICIENT &&
|
||||
primitive != PAM_SM_SETCRED)
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -132,7 +132,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
*/
|
||||
if (err == 0)
|
||||
err = r;
|
||||
if (module->flag == PAM_REQUIRED && !fail) {
|
||||
if (chain->flag == PAM_REQUIRED && !fail) {
|
||||
fail = 1;
|
||||
err = r;
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
* If a requisite module fails, terminate the chain
|
||||
* immediately.
|
||||
*/
|
||||
if (module->flag == PAM_REQUISITE) {
|
||||
if (chain->flag == PAM_REQUISITE) {
|
||||
fail = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -164,7 +164,7 @@ _openpam_check_error_code(int primitive, int r)
|
|||
|
||||
/* specific error codes */
|
||||
switch (primitive) {
|
||||
case PAM_AUTHENTICATE:
|
||||
case PAM_SM_AUTHENTICATE:
|
||||
if (r == PAM_AUTH_ERR ||
|
||||
r == PAM_CRED_INSUFFICIENT ||
|
||||
r == PAM_AUTHINFO_UNAVAIL ||
|
||||
|
@ -172,26 +172,26 @@ _openpam_check_error_code(int primitive, int r)
|
|||
r == PAM_MAXTRIES)
|
||||
return;
|
||||
break;
|
||||
case PAM_SETCRED:
|
||||
case PAM_SM_SETCRED:
|
||||
if (r == PAM_CRED_UNAVAIL ||
|
||||
r == PAM_CRED_EXPIRED ||
|
||||
r == PAM_USER_UNKNOWN ||
|
||||
r == PAM_CRED_ERR)
|
||||
return;
|
||||
break;
|
||||
case PAM_ACCT_MGMT:
|
||||
case PAM_SM_ACCT_MGMT:
|
||||
if (r == PAM_USER_UNKNOWN ||
|
||||
r == PAM_AUTH_ERR ||
|
||||
r == PAM_NEW_AUTHTOK_REQD ||
|
||||
r == PAM_ACCT_EXPIRED)
|
||||
return;
|
||||
break;
|
||||
case PAM_OPEN_SESSION:
|
||||
case PAM_CLOSE_SESSION:
|
||||
case PAM_SM_OPEN_SESSION:
|
||||
case PAM_SM_CLOSE_SESSION:
|
||||
if (r == PAM_SESSION_ERR)
|
||||
return;
|
||||
break;
|
||||
case PAM_CHAUTHTOK:
|
||||
case PAM_SM_CHAUTHTOK:
|
||||
if (r == PAM_PERM_DENIED ||
|
||||
r == PAM_AUTHTOK_ERR ||
|
||||
r == PAM_AUTHTOK_RECOVERY_ERR ||
|
||||
|
|
|
@ -39,6 +39,8 @@
|
|||
|
||||
#include <security/openpam.h>
|
||||
|
||||
extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
|
||||
|
||||
/*
|
||||
* Control flags
|
||||
*/
|
||||
|
@ -57,27 +59,13 @@
|
|||
#define PAM_PASSWORD 3
|
||||
#define PAM_NUM_CHAINS 4
|
||||
|
||||
#define PAM_ACCT_MGMT 0
|
||||
#define PAM_AUTHENTICATE 1
|
||||
#define PAM_CHAUTHTOK 2
|
||||
#define PAM_CLOSE_SESSION 3
|
||||
#define PAM_OPEN_SESSION 4
|
||||
#define PAM_SETCRED 5
|
||||
#define PAM_NUM_PRIMITIVES 6
|
||||
|
||||
extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
|
||||
|
||||
typedef int (*pam_func_t)(pam_handle_t *, int, int, const char **);
|
||||
|
||||
typedef struct pam_chain pam_chain_t;
|
||||
struct pam_chain {
|
||||
pam_module_t *module;
|
||||
int flag;
|
||||
char *modpath;
|
||||
int optc;
|
||||
char **optv;
|
||||
pam_chain_t *next;
|
||||
void *dlh;
|
||||
pam_func_t primitive[PAM_NUM_PRIMITIVES];
|
||||
};
|
||||
|
||||
#define PAM_NUM_ITEMS 10
|
||||
|
|
|
@ -42,6 +42,10 @@
|
|||
|
||||
#include "openpam_impl.h"
|
||||
|
||||
#ifdef OPENPAM_STATIC_MODULES
|
||||
SET_DECLARE(_openpam_modules, pam_module_t);
|
||||
#endif
|
||||
|
||||
const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
"pam_sm_acct_mgmt",
|
||||
"pam_sm_authenticate",
|
||||
|
@ -51,18 +55,122 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
|||
"pam_sm_setcred"
|
||||
};
|
||||
|
||||
static void
|
||||
openpam_destroy_module(pam_chain_t *module)
|
||||
static pam_module_t *modules;
|
||||
|
||||
/*
|
||||
* Load a dynamic module, or locate a static one. Keep a list of
|
||||
* previously found modules to speed up the process.
|
||||
*/
|
||||
|
||||
static pam_module_t *
|
||||
openpam_load_module(const char *path)
|
||||
{
|
||||
if (module->dlh != NULL)
|
||||
dlclose(module->dlh);
|
||||
while (module->optc--)
|
||||
free(module->optv[module->optc]);
|
||||
free(module->optv);
|
||||
free(module->modpath);
|
||||
pam_module_t *module;
|
||||
void *dlh;
|
||||
|
||||
/* check cache first */
|
||||
for (module = modules; module != NULL; module = module->next)
|
||||
if (strcmp(module->path, path) == 0)
|
||||
goto found;
|
||||
|
||||
/* nope; try to load */
|
||||
if ((dlh = dlopen(path, RTLD_NOW)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
|
||||
} else {
|
||||
if ((module = calloc(1, sizeof *module)) == NULL)
|
||||
goto buf_err;
|
||||
if ((module->path = strdup(path)) == NULL)
|
||||
goto buf_err;
|
||||
module->dlh = dlh;
|
||||
}
|
||||
openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
|
||||
(module == NULL) ? "no" : "using", path);
|
||||
|
||||
#ifdef OPENPAM_STATIC_MODULES
|
||||
/* look for a static module */
|
||||
if (module == NULL && strchr(path, '/') == NULL) {
|
||||
pam_module_t **modp;
|
||||
|
||||
SET_FOREACH(modp, _openpam_modules) {
|
||||
if (strcmp((*modp)->path, path) == 0) {
|
||||
module = *modp;
|
||||
break;
|
||||
}
|
||||
}
|
||||
openpam_log(PAM_LOG_DEBUG, "%s static %s",
|
||||
(module == NULL) ? "no" : "using", path);
|
||||
}
|
||||
#endif
|
||||
if (module == NULL)
|
||||
return (NULL);
|
||||
module->next = modules;
|
||||
module->prev = NULL;
|
||||
modules = module;
|
||||
found:
|
||||
++module->refcount;
|
||||
return (module);
|
||||
buf_err:
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
dlclose(dlh);
|
||||
free(module);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Release a module.
|
||||
* XXX highly thread-unsafe
|
||||
*/
|
||||
|
||||
static void
|
||||
openpam_release_module(pam_module_t *module)
|
||||
{
|
||||
if (module == NULL)
|
||||
return;
|
||||
--module->refcount;
|
||||
if (module->refcount > 0)
|
||||
/* still in use */
|
||||
return;
|
||||
if (module->refcount < 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "module %s has negative refcount",
|
||||
module->path);
|
||||
module->refcount = 0;
|
||||
}
|
||||
if (module->dlh == NULL)
|
||||
/* static module */
|
||||
return;
|
||||
dlclose(module->dlh);
|
||||
if (module->prev != NULL)
|
||||
module->prev->next = module->next;
|
||||
if (module->next != NULL)
|
||||
module->next->prev = module->prev;
|
||||
free(module);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Destroy a chain, freeing all its links and releasing the modules
|
||||
* they point to.
|
||||
*/
|
||||
|
||||
static void
|
||||
openpam_destroy_chain(pam_chain_t *chain)
|
||||
{
|
||||
if (chain == NULL)
|
||||
return;
|
||||
openpam_destroy_chain(chain->next);
|
||||
chain->next = NULL;
|
||||
while (chain->optc--)
|
||||
free(chain->optv[chain->optc]);
|
||||
free(chain->optv);
|
||||
openpam_release_module(chain->module);
|
||||
free(chain);
|
||||
}
|
||||
|
||||
/*
|
||||
* Add a module to a chain.
|
||||
*/
|
||||
|
||||
int
|
||||
openpam_add_module(pam_handle_t *pamh,
|
||||
int chain,
|
||||
|
@ -71,58 +179,37 @@ openpam_add_module(pam_handle_t *pamh,
|
|||
int optc,
|
||||
const char *optv[])
|
||||
{
|
||||
pam_chain_t *module, *iterator;
|
||||
int i;
|
||||
pam_chain_t *new, *iterator;
|
||||
|
||||
/* fill in configuration data */
|
||||
if ((module = calloc(1, sizeof(*module))) == NULL)
|
||||
if ((new = calloc(1, sizeof(*new))) == NULL)
|
||||
goto buf_err;
|
||||
if ((module->modpath = strdup(modpath)) == NULL)
|
||||
goto buf_err;
|
||||
if ((module->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
|
||||
if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
|
||||
goto buf_err;
|
||||
while (optc--)
|
||||
if ((module->optv[module->optc++] = strdup(*optv++)) == NULL)
|
||||
if ((new->optv[new->optc++] = strdup(*optv++)) == NULL)
|
||||
goto buf_err;
|
||||
module->optv[module->optc] = NULL;
|
||||
module->flag = flag;
|
||||
module->next = NULL;
|
||||
|
||||
/* load module and resolve symbols */
|
||||
/*
|
||||
* Each module is dlopen()'d once for evey time it occurs in
|
||||
* any chain. While the linker is smart enough to not load
|
||||
* the same module more than once, it does waste space in the
|
||||
* form of linker handles and pam_func structs.
|
||||
*
|
||||
* TODO: implement a central module cache and replace the
|
||||
* array of pam_func structs in struct pam_chain with pointers
|
||||
* to the appropriate entry in the module cache.
|
||||
*/
|
||||
if ((module->dlh = dlopen(modpath, RTLD_NOW)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
|
||||
openpam_destroy_module(module);
|
||||
new->optv[new->optc] = NULL;
|
||||
new->flag = flag;
|
||||
if ((new->module = openpam_load_module(modpath)) == NULL) {
|
||||
openpam_destroy_chain(new);
|
||||
return (PAM_OPEN_ERR);
|
||||
}
|
||||
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
|
||||
module->primitive[i] =
|
||||
dlsym(module->dlh, _pam_sm_func_name[i]);
|
||||
|
||||
if ((iterator = pamh->chains[chain]) != NULL) {
|
||||
while (iterator->next != NULL)
|
||||
iterator = iterator->next;
|
||||
iterator->next = module;
|
||||
iterator->next = new;
|
||||
} else {
|
||||
pamh->chains[chain] = module;
|
||||
pamh->chains[chain] = new;
|
||||
}
|
||||
return (PAM_SUCCESS);
|
||||
|
||||
buf_err:
|
||||
openpam_log(PAM_LOG_ERROR, "%m");
|
||||
openpam_destroy_module(module);
|
||||
openpam_destroy_chain(new);
|
||||
return (PAM_BUF_ERR);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Clear the chains and release the modules
|
||||
*/
|
||||
|
@ -130,14 +217,8 @@ openpam_add_module(pam_handle_t *pamh,
|
|||
void
|
||||
openpam_clear_chains(pam_handle_t *pamh)
|
||||
{
|
||||
pam_chain_t *module;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < PAM_NUM_CHAINS; ++i) {
|
||||
while (pamh->chains[i] != NULL) {
|
||||
module = pamh->chains[i];
|
||||
pamh->chains[i] = module->next;
|
||||
openpam_destroy_module(module);
|
||||
}
|
||||
}
|
||||
for (i = 0; i < PAM_NUM_CHAINS; ++i)
|
||||
openpam_destroy_chain(pamh->chains[i]);
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_acct_mgmt(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_ACCT_MGMT, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_AUTHENTICATE, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags));
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_CHAUTHTOK, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_close_session(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_CLOSE_SESSION, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_open_session(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_OPEN_SESSION, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
|
||||
}
|
||||
|
|
|
@ -52,5 +52,5 @@ pam_setcred(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
|
||||
return (openpam_dispatch(pamh, PAM_SETCRED, flags));
|
||||
return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
|
||||
}
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
|
||||
SUBDIR =
|
||||
SUBDIR += pam_deny
|
||||
SUBDIR += pam_dummy
|
||||
SUBDIR += pam_permit
|
||||
|
||||
.include <bsd.subdir.mk>
|
||||
|
|
|
@ -34,9 +34,11 @@
|
|||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <security/pam_modules.h>
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -44,7 +46,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
|||
return (PAM_AUTH_ERR);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -52,7 +54,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
|
|||
return (PAM_PERM_DENIED);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -60,7 +62,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
|||
return (PAM_AUTH_ERR);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_open_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -68,7 +70,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SESSION_ERR);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_close_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -76,10 +78,12 @@ pam_sm_close_session(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SESSION_ERR);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
||||
return (PAM_PERM_DENIED);
|
||||
}
|
||||
|
||||
PAM_MODULE_ENTRY("pam_deny");
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
#-
|
||||
# Copyright (c) 2002 Networks Associates Technologies, Inc.
|
||||
# All rights reserved.
|
||||
#
|
||||
# This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
# NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
# DARPA CHATS research program.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
# 3. The name of the author may not be used to endorse or promote
|
||||
# products derived from this software without specific prior written
|
||||
# permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
LIB = pam_dummy
|
||||
SHLIB_NAME = pam_dummy.so
|
||||
SRCS = pam_dummy.c
|
||||
CFLAGS += -I${.CURDIR}/../../include
|
||||
|
||||
.include <bsd.lib.mk>
|
|
@ -0,0 +1,48 @@
|
|||
/*-
|
||||
* Copyright (c) 2002 Networks Associates Technologies, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
* NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||
* DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <security/pam_modules.h>
|
||||
|
||||
PAM_SM_DUMMY(authenticate);
|
||||
PAM_SM_DUMMY(setcred);
|
||||
PAM_SM_DUMMY(acct_mgmt);
|
||||
PAM_SM_DUMMY(open_session);
|
||||
PAM_SM_DUMMY(close_session);
|
||||
PAM_SM_DUMMY(chauthtok);
|
||||
|
||||
PAM_MODULE_ENTRY("pam_deny");
|
|
@ -34,9 +34,11 @@
|
|||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <security/pam_modules.h>
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -44,7 +46,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -52,7 +54,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -60,7 +62,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_open_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -68,7 +70,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_close_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
@ -76,10 +78,12 @@ pam_sm_close_session(pam_handle_t *pamh, int flags,
|
|||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
int
|
||||
PAM_EXTERN int
|
||||
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
PAM_MODULE_ENTRY("pam_permit");
|
||||
|
|
Loading…
Reference in New Issue