Add support for static linking. Also rename a handful of constants

to reduce the chance of every running into a naming conflict.

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609

include/security/openpam.h

@@ -55,20 +55,95 @@ void _openpam_log(int _level,
 	const char *_fmt,
 	...);
 
-#ifdef __GNUC__
+#if defined(__STDC__) && (__STDC_VERSION__ > 199901L)
+#define openpam_log(lvl, fmt, ...) \
+	_openpam_log((lvl), __func__, fmt, __VA_ARGS__)
+#elif defined(__GNUC__)
 #define openpam_log(lvl, fmt...) \
 	_openpam_log((lvl), __func__, ##fmt)
 #else
-#define openpam_log(lvl, fmt, ...) \
-	_openpam_log((lvl), __func__, fmt, __VA_ARGS__)
+extern openpam_log(int _level, const char *_format, ...);
 #endif
 
 /*
  * Generic conversation function
  */
+struct pam_message;
+struct pam_response;
 int openpam_ttyconv(int _n,
 	const struct pam_message **_msg,
 	struct pam_response **_resp,
 	void *_data);
 
+/*
+ * PAM primitives
+ */
+enum {
+	PAM_SM_AUTHENTICATE,
+	PAM_SM_SETCRED,
+	PAM_SM_ACCT_MGMT,
+	PAM_SM_OPEN_SESSION,
+	PAM_SM_CLOSE_SESSION,
+	PAM_SM_CHAUTHTOK,
+	/* keep this last */
+	PAM_NUM_PRIMITIVES
+};
+
+/*
+ * Dummy service module function
+ */
+#define PAM_SM_DUMMY(type)						\
+PAM_EXTERN int								\
+pam_sm_##type(pam_handle_t *pamh, int flags,				\
+    int argc, const char *argv[])					\
+{									\
+	return (PAM_IGNORE);						\
+}
+
+/*
+ * PAM service module functions match this typedef
+ */
+struct pam_handle;
+typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
+
+/*
+ * A struct that describes a module.
+ */
+typedef struct pam_module pam_module_t;
+struct pam_module {
+	const char	*path;
+	pam_func_t	 func[PAM_NUM_PRIMITIVES];
+	void		*dlh;
+	int		 refcount;
+	pam_module_t	*prev;
+	pam_module_t	*next;
+};
+
+/*
+ * Infrastructure for static modules using GCC linker sets.
+ * You are not expected to understand this.
+ */
+#if defined(__GNUC__) && !defined(__PIC__)
+#if defined(__FreeBSD__)
+#define PAM_SOEXT ".so"
+#else
+#error Static linking is not supported on your platform
+#endif
+/* gcc, static linking */
+#include <sys/cdefs.h>
+#include <linker_set.h>
+#define OPENPAM_STATIC_MODULES
+#define PAM_EXTERN static
+#define PAM_MODULE_ENTRY(name)						\
+static struct pam_module _pam_module = { name PAM_SOEXT, {		\
+    pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt,		\
+    pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok },	\
+    NULL, 0, NULL, NULL };						\
+DATA_SET(_openpam_modules, _pam_module)
+#else
+/* normal case */
+#define PAM_EXTERN
+#define PAM_MODULE_ENTRY(name)
+#endif
+
 #endif

include/security/pam_modules.h

@@ -39,42 +39,43 @@
 
 #include <security/pam_types.h>
 #include <security/pam_constants.h>
+#include <security/openpam.h>
 
 /*
  * XSSO 4.2.2, 6
  */
 
-int
+PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *_pamh,
 	int _flags,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *_pamh,
 	int _flags,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_chauthtok(pam_handle_t *_pamh,
 	int _flags,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_close_session(pam_handle_t *_pamh,
 	int _flags,
 	int _args,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *_pamh,
 	int _flags,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_setcred(pam_handle_t *_pamh,
 	int _flags,
 	int _argc,
@@ -84,7 +85,7 @@ pam_sm_setcred(pam_handle_t *_pamh,
  * Single Sign-On extensions
  */
 #if 0
-int
+PAM_EXTERN int
 pam_sm_authenticate_secondary(pam_handle_t *_pamh,
 	char *_target_username,
 	char *_target_module_type,
@@ -95,7 +96,7 @@ pam_sm_authenticate_secondary(pam_handle_t *_pamh,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
 	char *_target_module_username,
 	char *_target_module_type,
@@ -105,7 +106,7 @@ pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
 	int _argc,
 	char *_argv);
 
-int
+PAM_EXTERN int
 pam_sm_get_mapped_username(pam_handle_t *_pamh,
 	char *_src_username,
 	char *_src_module_type,
@@ -116,7 +117,7 @@ pam_sm_get_mapped_username(pam_handle_t *_pamh,
 	int _argc,
 	const char **_argv);
 
-int
+PAM_EXTERN int
 pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
 	char *_target_module_username,
 	size_t _target_authtok_len,
@@ -126,7 +127,7 @@ pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
 	int _argc,
 	const char *_argv);
 
-int
+PAM_EXTERN int
 pam_sm_set_mapped_username(pam_handle_t *_pamh,
 	char *_target_module_username,
 	char *_target_module_type,

lib/openpam_dispatch.c

@@ -55,7 +55,7 @@ openpam_dispatch(pam_handle_t *pamh,
 	int primitive,
 	int flags)
 {
-	pam_chain_t *module;
+	pam_chain_t *chain;
 	int err, fail, r;
 
 	if (pamh == NULL)
@@ -69,41 +69,41 @@ openpam_dispatch(pam_handle_t *pamh,
 
 	/* pick a chain */
 	switch (primitive) {
-	case PAM_AUTHENTICATE:
-	case PAM_SETCRED:
-		module = pamh->chains[PAM_AUTH];
+	case PAM_SM_AUTHENTICATE:
+	case PAM_SM_SETCRED:
+		chain = pamh->chains[PAM_AUTH];
 		break;
-	case PAM_ACCT_MGMT:
-		module = pamh->chains[PAM_ACCOUNT];
+	case PAM_SM_ACCT_MGMT:
+		chain = pamh->chains[PAM_ACCOUNT];
 		break;
-	case PAM_OPEN_SESSION:
-	case PAM_CLOSE_SESSION:
-		module = pamh->chains[PAM_SESSION];
+	case PAM_SM_OPEN_SESSION:
+	case PAM_SM_CLOSE_SESSION:
+		chain = pamh->chains[PAM_SESSION];
 		break;
-	case PAM_CHAUTHTOK:
-		module = pamh->chains[PAM_PASSWORD];
+	case PAM_SM_CHAUTHTOK:
+		chain = pamh->chains[PAM_PASSWORD];
 		break;
 	default:
 		return (PAM_SYSTEM_ERR);
 	}
 
 	/* fail if the chain is empty */
-	if (module == NULL)
+	if (chain == NULL)
 		return (PAM_SYSTEM_ERR);
 
 	/* execute */
-	for (err = fail = 0; module != NULL; module = module->next) {
-		if (module->primitive[primitive] == NULL) {
+	for (err = fail = 0; chain != NULL; chain = chain->next) {
+		if (chain->module->func[primitive] == NULL) {
 			openpam_log(PAM_LOG_ERROR, "%s: no %s()",
-			    module->modpath, _pam_sm_func_name[primitive]);
+			    chain->module->path, _pam_sm_func_name[primitive]);
 			r = PAM_SYMBOL_ERR;
 		} else {
-			pamh->current = module;
-			r = (module->primitive[primitive])(pamh, flags,
-			    module->optc, (const char **)module->optv);
+			pamh->current = chain;
+			r = (chain->module->func[primitive])(pamh, flags,
+			    chain->optc, (const char **)chain->optv);
 			pamh->current = NULL;
 			openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
-			    module->modpath, _pam_sm_func_name[primitive],
+			    chain->module->path, _pam_sm_func_name[primitive],
 			    pam_strerror(pamh, r));
 		}
 
@@ -118,8 +118,8 @@ openpam_dispatch(pam_handle_t *pamh,
 			 * the chain here if a required module has
 			 * previously failed.  I'm not sure why.
 			 */
-			if (module->flag == PAM_SUFFICIENT &&
-			    primitive != PAM_SETCRED)
+			if (chain->flag == PAM_SUFFICIENT &&
+			    primitive != PAM_SM_SETCRED)
 				break;
 		}
 
@@ -132,7 +132,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		 */
 		if (err == 0)
 			err = r;
-		if (module->flag == PAM_REQUIRED && !fail) {
+		if (chain->flag == PAM_REQUIRED && !fail) {
 			fail = 1;
 			err = r;
 		}
@@ -141,7 +141,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		 * If a requisite module fails, terminate the chain
 		 * immediately.
 		 */
-		if (module->flag == PAM_REQUISITE) {
+		if (chain->flag == PAM_REQUISITE) {
 			fail = 1;
 			break;
 		}
@@ -164,7 +164,7 @@ _openpam_check_error_code(int primitive, int r)
 
 	/* specific error codes */
 	switch (primitive) {
-	case PAM_AUTHENTICATE:
+	case PAM_SM_AUTHENTICATE:
 		if (r == PAM_AUTH_ERR ||
 		    r == PAM_CRED_INSUFFICIENT ||
 		    r == PAM_AUTHINFO_UNAVAIL ||
@@ -172,26 +172,26 @@ _openpam_check_error_code(int primitive, int r)
 		    r == PAM_MAXTRIES)
 			return;
 		break;
-	case PAM_SETCRED:
+	case PAM_SM_SETCRED:
 		if (r == PAM_CRED_UNAVAIL ||
 		    r == PAM_CRED_EXPIRED ||
 		    r == PAM_USER_UNKNOWN ||
 		    r == PAM_CRED_ERR)
 			return;
 		break;
-	case PAM_ACCT_MGMT:
+	case PAM_SM_ACCT_MGMT:
 		if (r == PAM_USER_UNKNOWN ||
 		    r == PAM_AUTH_ERR ||
 		    r == PAM_NEW_AUTHTOK_REQD ||
 		    r == PAM_ACCT_EXPIRED)
 			return;
 		break;
-	case PAM_OPEN_SESSION:
-	case PAM_CLOSE_SESSION:
+	case PAM_SM_OPEN_SESSION:
+	case PAM_SM_CLOSE_SESSION:
 		if (r == PAM_SESSION_ERR)
 			return;
 		break;
-	case PAM_CHAUTHTOK:
+	case PAM_SM_CHAUTHTOK:
 		if (r == PAM_PERM_DENIED ||
 		    r == PAM_AUTHTOK_ERR ||
 		    r == PAM_AUTHTOK_RECOVERY_ERR ||

lib/openpam_impl.h

@@ -39,6 +39,8 @@
 
 #include <security/openpam.h>
 
+extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
+
 /*
  * Control flags
  */
@@ -57,27 +59,13 @@
 #define PAM_PASSWORD		3
 #define PAM_NUM_CHAINS		4
 
-#define PAM_ACCT_MGMT		0
-#define PAM_AUTHENTICATE	1
-#define PAM_CHAUTHTOK		2
-#define PAM_CLOSE_SESSION	3
-#define PAM_OPEN_SESSION	4
-#define PAM_SETCRED		5
-#define PAM_NUM_PRIMITIVES	6
-
-extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
-
-typedef int (*pam_func_t)(pam_handle_t *, int, int, const char **);
-
 typedef struct pam_chain pam_chain_t;
 struct pam_chain {
+	pam_module_t	*module;
 	int		 flag;
-	char		*modpath;
 	int		 optc;
 	char	       **optv;
 	pam_chain_t	*next;
-	void		*dlh;
-	pam_func_t	 primitive[PAM_NUM_PRIMITIVES];
 };
 
 #define PAM_NUM_ITEMS	       10

lib/openpam_load.c

@@ -42,6 +42,10 @@
 
 #include "openpam_impl.h"
 
+#ifdef OPENPAM_STATIC_MODULES
+SET_DECLARE(_openpam_modules, pam_module_t);
+#endif
+
 const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
 	"pam_sm_acct_mgmt",
 	"pam_sm_authenticate",
@@ -51,18 +55,122 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
 	"pam_sm_setcred"
 };
 
-static void
-openpam_destroy_module(pam_chain_t *module)
+static pam_module_t *modules;
+
+/*
+ * Load a dynamic module, or locate a static one.  Keep a list of
+ * previously found modules to speed up the process.
+ */
+
+static pam_module_t *
+openpam_load_module(const char *path)
 {
-	if (module->dlh != NULL)
-		dlclose(module->dlh);
-	while (module->optc--)
-		free(module->optv[module->optc]);
-	free(module->optv);
-	free(module->modpath);
+	pam_module_t *module;
+	void *dlh;
+
+	/* check cache first */
+	for (module = modules; module != NULL; module = module->next)
+		if (strcmp(module->path, path) == 0)
+			goto found;
+
+	/* nope; try to load */
+	if ((dlh = dlopen(path, RTLD_NOW)) == NULL) {
+		openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
+	} else {
+		if ((module = calloc(1, sizeof *module)) == NULL)
+			goto buf_err;
+		if ((module->path = strdup(path)) == NULL)
+			goto buf_err;
+		module->dlh = dlh;
+	}
+	openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
+	    (module == NULL) ? "no" : "using", path);
+
+#ifdef OPENPAM_STATIC_MODULES
+	/* look for a static module */
+	if (module == NULL && strchr(path, '/') == NULL) {
+		pam_module_t **modp;
+		
+		SET_FOREACH(modp, _openpam_modules) {
+			if (strcmp((*modp)->path, path) == 0) {
+				module = *modp;
+				break;
+			}
+		}
+		openpam_log(PAM_LOG_DEBUG, "%s static %s",
+		    (module == NULL) ? "no" : "using", path);
+	}
+#endif
+	if (module == NULL)
+		return (NULL);
+	module->next = modules;
+	module->prev = NULL;
+	modules = module;
+ found:
+	++module->refcount;
+	return (module);
+ buf_err:
+	openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+	dlclose(dlh);
+	free(module);
+	return (NULL);
+}
+
+
+/*
+ * Release a module.
+ * XXX highly thread-unsafe
+ */
+
+static void
+openpam_release_module(pam_module_t *module)
+{
+	if (module == NULL)
+		return;
+	--module->refcount;
+	if (module->refcount > 0)
+		/* still in use */
+		return;
+	if (module->refcount < 0) {
+		openpam_log(PAM_LOG_ERROR, "module %s has negative refcount",
+		    module->path);
+		module->refcount = 0;
+	}
+	if (module->dlh == NULL)
+		/* static module */
+		return;
+	dlclose(module->dlh);
+	if (module->prev != NULL)
+		module->prev->next = module->next;
+	if (module->next != NULL)
+		module->next->prev = module->prev;
 	free(module);
 }
 
+
+/*
+ * Destroy a chain, freeing all its links and releasing the modules
+ * they point to.
+ */
+
+static void
+openpam_destroy_chain(pam_chain_t *chain)
+{
+	if (chain == NULL)
+		return;
+	openpam_destroy_chain(chain->next);
+	chain->next = NULL;
+	while (chain->optc--)
+		free(chain->optv[chain->optc]);
+	free(chain->optv);
+	openpam_release_module(chain->module);
+	free(chain);
+}
+
+/*
+ * Add a module to a chain.
+ */
+
 int
 openpam_add_module(pam_handle_t *pamh,
 	int chain,
@@ -71,58 +179,37 @@ openpam_add_module(pam_handle_t *pamh,
 	int optc,
 	const char *optv[])
 {
-	pam_chain_t *module, *iterator;
-	int i;
+	pam_chain_t *new, *iterator;
 
-	/* fill in configuration data */
-	if ((module = calloc(1, sizeof(*module))) == NULL)
+	if ((new = calloc(1, sizeof(*new))) == NULL)
 		goto buf_err;
-	if ((module->modpath = strdup(modpath)) == NULL)
-		goto buf_err;
-	if ((module->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
+	if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
 		goto buf_err;
 	while (optc--)
-		if ((module->optv[module->optc++] = strdup(*optv++)) == NULL)
+		if ((new->optv[new->optc++] = strdup(*optv++)) == NULL)
 			goto buf_err;
-	module->optv[module->optc] = NULL;
-	module->flag = flag;
-	module->next = NULL;
-
-	/* load module and resolve symbols */
-	/*
-	 * Each module is dlopen()'d once for evey time it occurs in
-	 * any chain.  While the linker is smart enough to not load
-	 * the same module more than once, it does waste space in the
-	 * form of linker handles and pam_func structs.
-	 *
-	 * TODO: implement a central module cache and replace the
-	 * array of pam_func structs in struct pam_chain with pointers
-	 * to the appropriate entry in the module cache.
-	 */
-	if ((module->dlh = dlopen(modpath, RTLD_NOW)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
-		openpam_destroy_module(module);
+	new->optv[new->optc] = NULL;
+	new->flag = flag;
+	if ((new->module = openpam_load_module(modpath)) == NULL) {
+		openpam_destroy_chain(new);
 		return (PAM_OPEN_ERR);
 	}
-	for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
-		module->primitive[i] =
-		    dlsym(module->dlh, _pam_sm_func_name[i]);
-
 	if ((iterator = pamh->chains[chain]) != NULL) {
 		while (iterator->next != NULL)
 			iterator = iterator->next;
-		iterator->next = module;
+		iterator->next = new;
 	} else {
-		pamh->chains[chain] = module;
+		pamh->chains[chain] = new;
 	}
 	return (PAM_SUCCESS);
 
  buf_err:
 	openpam_log(PAM_LOG_ERROR, "%m");
-	openpam_destroy_module(module);
+	openpam_destroy_chain(new);
 	return (PAM_BUF_ERR);
 }
 
+
 /*
  * Clear the chains and release the modules
  */
@@ -130,14 +217,8 @@ openpam_add_module(pam_handle_t *pamh,
 void
 openpam_clear_chains(pam_handle_t *pamh)
 {
-	pam_chain_t *module;
 	int i;
 
-	for (i = 0; i < PAM_NUM_CHAINS; ++i) {
-		while (pamh->chains[i] != NULL) {
-			module = pamh->chains[i];
-			pamh->chains[i] = module->next;
-			openpam_destroy_module(module);
-		}
-	}
+	for (i = 0; i < PAM_NUM_CHAINS; ++i)
+		openpam_destroy_chain(pamh->chains[i]);
 }

lib/pam_acct_mgmt.c

@@ -52,5 +52,5 @@ pam_acct_mgmt(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_ACCT_MGMT, flags));
+	return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
 }

lib/pam_authenticate.c

@@ -52,5 +52,5 @@ pam_authenticate(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_AUTHENTICATE, flags));
+	return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags));
 }

lib/pam_chauthtok.c

@@ -52,5 +52,5 @@ pam_chauthtok(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_CHAUTHTOK, flags));
+	return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
 }

lib/pam_close_session.c

@@ -52,5 +52,5 @@ pam_close_session(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_CLOSE_SESSION, flags));
+	return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
 }

lib/pam_open_session.c

@@ -52,5 +52,5 @@ pam_open_session(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_OPEN_SESSION, flags));
+	return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
 }

lib/pam_setcred.c

@@ -52,5 +52,5 @@ pam_setcred(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (openpam_dispatch(pamh, PAM_SETCRED, flags));
+	return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
 }

modules/Makefile

@@ -36,6 +36,7 @@
 
 SUBDIR		 =
 SUBDIR		+= pam_deny
+SUBDIR		+= pam_dummy
 SUBDIR		+= pam_permit
 
 .include <bsd.subdir.mk>

modules/pam_deny/pam_deny.c

@@ -34,9 +34,11 @@
  * $FreeBSD$
  */
 
+#include <sys/param.h>
+
 #include <security/pam_modules.h>
 
-int
+PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -44,7 +46,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	return (PAM_AUTH_ERR);
 }
 
-int
+PAM_EXTERN int
 pam_sm_setcred(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -52,7 +54,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	return (PAM_PERM_DENIED);
 }
 
-int
+PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -60,7 +62,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 	return (PAM_AUTH_ERR);
 }
 
-int
+PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -68,7 +70,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags,
 	return (PAM_SESSION_ERR);
 }
 
-int
+PAM_EXTERN int
 pam_sm_close_session(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -76,10 +78,12 @@ pam_sm_close_session(pam_handle_t *pamh, int flags,
 	return (PAM_SESSION_ERR);
 }
 
-int
+PAM_EXTERN int
 pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
 
 	return (PAM_PERM_DENIED);
 }
+
+PAM_MODULE_ENTRY("pam_deny");

modules/pam_dummy/Makefile

@@ -0,0 +1,42 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+LIB		 = pam_dummy
+SHLIB_NAME	 = pam_dummy.so
+SRCS		 = pam_dummy.c
+CFLAGS		+= -I${.CURDIR}/../../include
+
+.include <bsd.lib.mk>

modules/pam_dummy/pam_dummy.c

@@ -0,0 +1,48 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_modules.h>
+
+PAM_SM_DUMMY(authenticate);
+PAM_SM_DUMMY(setcred);
+PAM_SM_DUMMY(acct_mgmt);
+PAM_SM_DUMMY(open_session);
+PAM_SM_DUMMY(close_session);
+PAM_SM_DUMMY(chauthtok);
+
+PAM_MODULE_ENTRY("pam_deny");

modules/pam_permit/pam_permit.c

@@ -34,9 +34,11 @@
  * $FreeBSD$
  */
 
+#include <sys/param.h>
+
 #include <security/pam_modules.h>
 
-int
+PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -44,7 +46,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	return (PAM_SUCCESS);
 }
 
-int
+PAM_EXTERN int
 pam_sm_setcred(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -52,7 +54,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	return (PAM_SUCCESS);
 }
 
-int
+PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -60,7 +62,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 	return (PAM_SUCCESS);
 }
 
-int
+PAM_EXTERN int
 pam_sm_open_session(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -68,7 +70,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags,
 	return (PAM_SUCCESS);
 }
 
-int
+PAM_EXTERN int
 pam_sm_close_session(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
@@ -76,10 +78,12 @@ pam_sm_close_session(pam_handle_t *pamh, int flags,
 	return (PAM_SUCCESS);
 }
 
-int
+PAM_EXTERN int
 pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
 
 	return (PAM_SUCCESS);
 }
+
+PAM_MODULE_ENTRY("pam_permit");