Reorganize the headers and centralize the string tables.

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@491 185d5e19-27fe-0310-9dcf-9bff6b9f3609

lib/Makefile.am

@@ -7,6 +7,8 @@ INCLUDES = -I$(top_srcdir)/include
 lib_LTLIBRARIES = libpam.la
 
 noinst_HEADERS = \
+	openpam_constants.h \
+	openpam_debug.h \
 	openpam_impl.h \
 	openpam_strlcmp.h \
 	openpam_strlcpy.h
@@ -14,6 +16,7 @@ noinst_HEADERS = \
 libpam_la_SOURCES = \
 	openpam_borrow_cred.c \
 	openpam_configure.c \
+	openpam_constants.c \
 	openpam_dispatch.c \
 	openpam_dynamic.c \
 	openpam_findenv.c \

lib/openpam_configure.c

@@ -50,21 +50,6 @@
 #include "openpam_impl.h"
 #include "openpam_strlcmp.h"
 
-const char *pam_facility_name[PAM_NUM_FACILITIES] = {
-	[PAM_ACCOUNT]		= "account",
-	[PAM_AUTH]		= "auth",
-	[PAM_PASSWORD]		= "password",
-	[PAM_SESSION]		= "session",
-};
-
-const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
-	[PAM_BINDING]		= "binding",
-	[PAM_OPTIONAL]		= "optional",
-	[PAM_REQUIRED]		= "required",
-	[PAM_REQUISITE]		= "requisite",
-	[PAM_SUFFICIENT]	= "sufficient",
-};
-
 static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t);
 
 /*

lib/openpam_constants.c

@@ -0,0 +1,127 @@
+/*-
+ * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+const char *pam_err_name[PAM_NUM_ERRORS] = {
+	"PAM_SUCCESS",
+	"PAM_OPEN_ERR",
+	"PAM_SYMBOL_ERR",
+	"PAM_SERVICE_ERR",
+	"PAM_SYSTEM_ERR",
+	"PAM_BUF_ERR",
+	"PAM_CONV_ERR",
+	"PAM_PERM_DENIED",
+	"PAM_MAXTRIES",
+	"PAM_AUTH_ERR",
+	"PAM_NEW_AUTHTOK_REQD",
+	"PAM_CRED_INSUFFICIENT",
+	"PAM_AUTHINFO_UNAVAIL",
+	"PAM_USER_UNKNOWN",
+	"PAM_CRED_UNAVAIL",
+	"PAM_CRED_EXPIRED",
+	"PAM_CRED_ERR",
+	"PAM_ACCT_EXPIRED",
+	"PAM_AUTHTOK_EXPIRED",
+	"PAM_SESSION_ERR",
+	"PAM_AUTHTOK_ERR",
+	"PAM_AUTHTOK_RECOVERY_ERR",
+	"PAM_AUTHTOK_LOCK_BUSY",
+	"PAM_AUTHTOK_DISABLE_AGING",
+	"PAM_NO_MODULE_DATA",
+	"PAM_IGNORE",
+	"PAM_ABORT",
+	"PAM_TRY_AGAIN",
+	"PAM_MODULE_UNKNOWN",
+	"PAM_DOMAIN_UNKNOWN"
+};
+
+const char *pam_item_name[PAM_NUM_ITEMS] = {
+	"(NO ITEM)",
+	"PAM_SERVICE",
+	"PAM_USER",
+	"PAM_TTY",
+	"PAM_RHOST",
+	"PAM_CONV",
+	"PAM_AUTHTOK",
+	"PAM_OLDAUTHTOK",
+	"PAM_RUSER",
+	"PAM_USER_PROMPT",
+	"PAM_REPOSITORY",
+	"PAM_AUTHTOK_PROMPT",
+	"PAM_OLDAUTHTOK_PROMPT",
+	"PAM_HOST",
+};
+
+const char *pam_facility_name[PAM_NUM_FACILITIES] = {
+	[PAM_ACCOUNT]		= "account",
+	[PAM_AUTH]		= "auth",
+	[PAM_PASSWORD]		= "password",
+	[PAM_SESSION]		= "session",
+};
+
+const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
+	[PAM_BINDING]		= "binding",
+	[PAM_OPTIONAL]		= "optional",
+	[PAM_REQUIRED]		= "required",
+	[PAM_REQUISITE]		= "requisite",
+	[PAM_SUFFICIENT]	= "sufficient",
+};
+
+const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
+	"pam_authenticate",
+	"pam_setcred",
+	"pam_acct_mgmt",
+	"pam_open_session",
+	"pam_close_session",
+	"pam_chauthtok"
+};
+
+const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
+	"pam_sm_authenticate",
+	"pam_sm_setcred",
+	"pam_sm_acct_mgmt",
+	"pam_sm_open_session",
+	"pam_sm_close_session",
+	"pam_sm_chauthtok"
+};

lib/openpam_constants.h

@@ -0,0 +1,40 @@
+/*-
+ * Copyright (c) 2011 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer
+ *    in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef OPENPAM_CONSTANTS_INCLUDED
+#define OPENPAM_CONSTANTS_INCLUDED
+
+extern const char *pam_err_name[PAM_NUM_ERRORS];
+extern const char *pam_item_name[PAM_NUM_ITEMS];
+extern const char *pam_facility_name[PAM_NUM_FACILITIES];
+extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS];
+extern const char *pam_func_name[PAM_NUM_PRIMITIVES];
+extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES];
+
+#endif

lib/openpam_debug.h

@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef OPENPAM_DEBUG_INCLUDED
+#define OPENPAM_DEBUG_INCLUDED
+
+#ifdef OPENPAM_DEBUG
+#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
+#define ENTERI(i) do { \
+	int i_ = (i); \
+	if (i_ > 0 && i_ < PAM_NUM_ITEMS) \
+		openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \
+} while (0)
+#define ENTERN(n) do { \
+	int n_ = (n); \
+	openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \
+} while (0)
+#define ENTERS(s) do { \
+	const char *s_ = (s); \
+	if (s_ == NULL) \
+		openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \
+} while (0)
+#define	RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
+#define RETURNC(c) do { \
+	int c_ = (c); \
+	if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \
+		openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \
+	return (c_); \
+} while (0)
+#define	RETURNN(n) do { \
+	int n_ = (n); \
+	openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \
+	return (n_); \
+} while (0)
+#define	RETURNP(p) do { \
+	const void *p_ = (p); \
+	if (p_ == NULL) \
+		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \
+	return (p_); \
+} while (0)
+#define	RETURNS(s) do { \
+	const char *s_ = (s); \
+	if (s_ == NULL) \
+		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \
+	return (s_); \
+} while (0)
+#else
+#define ENTER()
+#define ENTERI(i)
+#define ENTERN(n)
+#define ENTERS(s)
+#define RETURNV() return
+#define RETURNC(c) return (c)
+#define RETURNN(n) return (n)
+#define RETURNP(p) return (p)
+#define RETURNS(s) return (s)
+#endif
+
+#endif

lib/openpam_impl.h

@@ -40,11 +40,6 @@
 
 #include <security/openpam.h>
 
-extern const char *pam_func_name[PAM_NUM_PRIMITIVES];
-extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES];
-extern const char *pam_err_name[PAM_NUM_ERRORS];
-extern const char *pam_item_name[PAM_NUM_ITEMS];
-
 extern int openpam_debug;
 
 /*
@@ -71,6 +66,9 @@ typedef enum {
 	PAM_NUM_FACILITIES
 } pam_facility_t;
 
+/*
+ * Module chains
+ */
 typedef struct pam_chain pam_chain_t;
 struct pam_chain {
 	pam_module_t	*module;
@@ -80,6 +78,21 @@ struct pam_chain {
 	pam_chain_t	*next;
 };
 
+/*
+ * Service policies
+ */
+#if defined(OPENPAM_EMBEDDED)
+typedef struct pam_policy pam_policy_t;
+struct pam_policy {
+	const char	*service;
+	pam_chain_t	*chains[PAM_NUM_FACILITIES];
+};
+extern pam_policy_t *pam_embedded_policies[];
+#endif
+
+/*
+ * Module-specific data
+ */
 typedef struct pam_data pam_data_t;
 struct pam_data {
 	char		*name;
@@ -88,6 +101,9 @@ struct pam_data {
 	pam_data_t	*next;
 };
 
+/*
+ * PAM context
+ */
 struct pam_handle {
 	char		*service;
 
@@ -107,6 +123,9 @@ struct pam_handle {
 };
 
 #ifdef NGROUPS_MAX
+/*
+ * Saved credentials
+ */
 #define PAM_SAVED_CRED "pam_saved_cred"
 struct pam_saved_cred {
 	uid_t	 euid;
@@ -116,8 +135,14 @@ struct pam_saved_cred {
 };
 #endif
 
+/*
+ * Default policy
+ */
 #define PAM_OTHER	"other"
 
+/*
+ * Internal functions
+ */
 int		 openpam_configure(pam_handle_t *, const char *);
 int		 openpam_dispatch(pam_handle_t *, int, int);
 int		 openpam_findenv(pam_handle_t *, const char *, size_t);
@@ -131,66 +156,7 @@ pam_module_t	*openpam_dynamic(const char *);
 
 #define	FREE(p) do { free((p)); (p) = NULL; } while (0)
 
-#ifdef OPENPAM_DEBUG
-#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
-#define ENTERI(i) do { \
-	int i_ = (i); \
-	if (i_ > 0 && i_ < PAM_NUM_ITEMS) \
-		openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \
-	else \
-		openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \
-} while (0)
-#define ENTERN(n) do { \
-	int n_ = (n); \
-	openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \
-} while (0)
-#define ENTERS(s) do { \
-	const char *s_ = (s); \
-	if (s_ == NULL) \
-		openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
-	else \
-		openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \
-} while (0)
-#define	RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
-#define RETURNC(c) do { \
-	int c_ = (c); \
-	if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \
-		openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \
-	else \
-		openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \
-	return (c_); \
-} while (0)
-#define	RETURNN(n) do { \
-	int n_ = (n); \
-	openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \
-	return (n_); \
-} while (0)
-#define	RETURNP(p) do { \
-	const void *p_ = (p); \
-	if (p_ == NULL) \
-		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
-	else \
-		openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \
-	return (p_); \
-} while (0)
-#define	RETURNS(s) do { \
-	const char *s_ = (s); \
-	if (s_ == NULL) \
-		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
-	else \
-		openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \
-	return (s_); \
-} while (0)
-#else
-#define ENTER()
-#define ENTERI(i)
-#define ENTERN(n)
-#define ENTERS(s)
-#define RETURNV() return
-#define RETURNC(c) return (c)
-#define RETURNN(n) return (n)
-#define RETURNP(p) return (p)
-#define RETURNS(s) return (s)
-#endif
+#include "openpam_constants.h"
+#include "openpam_debug.h"
 
 #endif

lib/openpam_load.c

@@ -47,24 +47,6 @@
 
 #include "openpam_impl.h"
 
-const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_authenticate",
-	"pam_setcred",
-	"pam_acct_mgmt",
-	"pam_open_session",
-	"pam_close_session",
-	"pam_chauthtok"
-};
-
-const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_sm_authenticate",
-	"pam_sm_setcred",
-	"pam_sm_acct_mgmt",
-	"pam_sm_open_session",
-	"pam_sm_close_session",
-	"pam_sm_chauthtok"
-};
-
 /*
  * Locate a matching dynamic or static module.
  */

lib/pam_get_item.c

@@ -45,23 +45,6 @@
 
 #include "openpam_impl.h"
 
-const char *pam_item_name[PAM_NUM_ITEMS] = {
-	"(NO ITEM)",
-	"PAM_SERVICE",
-	"PAM_USER",
-	"PAM_TTY",
-	"PAM_RHOST",
-	"PAM_CONV",
-	"PAM_AUTHTOK",
-	"PAM_OLDAUTHTOK",
-	"PAM_RUSER",
-	"PAM_USER_PROMPT",
-	"PAM_REPOSITORY",
-	"PAM_AUTHTOK_PROMPT",
-	"PAM_OLDAUTHTOK_PROMPT",
-	"PAM_HOST",
-};
-
 /*
  * XSSO 4.2.1
  * XSSO 6 page 46

lib/pam_strerror.c

@@ -45,39 +45,6 @@
 
 #include "openpam_impl.h"
 
-const char *pam_err_name[PAM_NUM_ERRORS] = {
-	"PAM_SUCCESS",
-	"PAM_OPEN_ERR",
-	"PAM_SYMBOL_ERR",
-	"PAM_SERVICE_ERR",
-	"PAM_SYSTEM_ERR",
-	"PAM_BUF_ERR",
-	"PAM_CONV_ERR",
-	"PAM_PERM_DENIED",
-	"PAM_MAXTRIES",
-	"PAM_AUTH_ERR",
-	"PAM_NEW_AUTHTOK_REQD",
-	"PAM_CRED_INSUFFICIENT",
-	"PAM_AUTHINFO_UNAVAIL",
-	"PAM_USER_UNKNOWN",
-	"PAM_CRED_UNAVAIL",
-	"PAM_CRED_EXPIRED",
-	"PAM_CRED_ERR",
-	"PAM_ACCT_EXPIRED",
-	"PAM_AUTHTOK_EXPIRED",
-	"PAM_SESSION_ERR",
-	"PAM_AUTHTOK_ERR",
-	"PAM_AUTHTOK_RECOVERY_ERR",
-	"PAM_AUTHTOK_LOCK_BUSY",
-	"PAM_AUTHTOK_DISABLE_AGING",
-	"PAM_NO_MODULE_DATA",
-	"PAM_IGNORE",
-	"PAM_ABORT",
-	"PAM_TRY_AGAIN",
-	"PAM_MODULE_UNKNOWN",
-	"PAM_DOMAIN_UNKNOWN"
-};
-
 /*
  * XSSO 4.2.1
  * XSSO 6 page 92