From 6a92548403e3e90c8c71e6f4498cc4b39a61749e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sat, 12 Nov 2011 00:12:32 +0000 Subject: [PATCH] Reorganize the headers and centralize the string tables. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@491 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- lib/Makefile.am | 3 + lib/openpam_configure.c | 15 ----- lib/openpam_constants.c | 127 ++++++++++++++++++++++++++++++++++++++++ lib/openpam_constants.h | 40 +++++++++++++ lib/openpam_debug.h | 103 ++++++++++++++++++++++++++++++++ lib/openpam_impl.h | 98 ++++++++++--------------------- lib/openpam_load.c | 18 ------ lib/pam_get_item.c | 17 ------ lib/pam_strerror.c | 33 ----------- 9 files changed, 305 insertions(+), 149 deletions(-) create mode 100644 lib/openpam_constants.c create mode 100644 lib/openpam_constants.h create mode 100644 lib/openpam_debug.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 54e45ae..8fe4ce0 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -7,6 +7,8 @@ INCLUDES = -I$(top_srcdir)/include lib_LTLIBRARIES = libpam.la noinst_HEADERS = \ + openpam_constants.h \ + openpam_debug.h \ openpam_impl.h \ openpam_strlcmp.h \ openpam_strlcpy.h @@ -14,6 +16,7 @@ noinst_HEADERS = \ libpam_la_SOURCES = \ openpam_borrow_cred.c \ openpam_configure.c \ + openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ openpam_findenv.c \ diff --git a/lib/openpam_configure.c b/lib/openpam_configure.c index c2dd8b4..d2b3c57 100644 --- a/lib/openpam_configure.c +++ b/lib/openpam_configure.c @@ -50,21 +50,6 @@ #include "openpam_impl.h" #include "openpam_strlcmp.h" -const char *pam_facility_name[PAM_NUM_FACILITIES] = { - [PAM_ACCOUNT] = "account", - [PAM_AUTH] = "auth", - [PAM_PASSWORD] = "password", - [PAM_SESSION] = "session", -}; - -const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { - [PAM_BINDING] = "binding", - [PAM_OPTIONAL] = "optional", - [PAM_REQUIRED] = "required", - [PAM_REQUISITE] = "requisite", - [PAM_SUFFICIENT] = "sufficient", -}; - static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); /* diff --git a/lib/openpam_constants.c b/lib/openpam_constants.c new file mode 100644 index 0000000..56d0bfc --- /dev/null +++ b/lib/openpam_constants.c @@ -0,0 +1,127 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "openpam_impl.h" + +const char *pam_err_name[PAM_NUM_ERRORS] = { + "PAM_SUCCESS", + "PAM_OPEN_ERR", + "PAM_SYMBOL_ERR", + "PAM_SERVICE_ERR", + "PAM_SYSTEM_ERR", + "PAM_BUF_ERR", + "PAM_CONV_ERR", + "PAM_PERM_DENIED", + "PAM_MAXTRIES", + "PAM_AUTH_ERR", + "PAM_NEW_AUTHTOK_REQD", + "PAM_CRED_INSUFFICIENT", + "PAM_AUTHINFO_UNAVAIL", + "PAM_USER_UNKNOWN", + "PAM_CRED_UNAVAIL", + "PAM_CRED_EXPIRED", + "PAM_CRED_ERR", + "PAM_ACCT_EXPIRED", + "PAM_AUTHTOK_EXPIRED", + "PAM_SESSION_ERR", + "PAM_AUTHTOK_ERR", + "PAM_AUTHTOK_RECOVERY_ERR", + "PAM_AUTHTOK_LOCK_BUSY", + "PAM_AUTHTOK_DISABLE_AGING", + "PAM_NO_MODULE_DATA", + "PAM_IGNORE", + "PAM_ABORT", + "PAM_TRY_AGAIN", + "PAM_MODULE_UNKNOWN", + "PAM_DOMAIN_UNKNOWN" +}; + +const char *pam_item_name[PAM_NUM_ITEMS] = { + "(NO ITEM)", + "PAM_SERVICE", + "PAM_USER", + "PAM_TTY", + "PAM_RHOST", + "PAM_CONV", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", + "PAM_RUSER", + "PAM_USER_PROMPT", + "PAM_REPOSITORY", + "PAM_AUTHTOK_PROMPT", + "PAM_OLDAUTHTOK_PROMPT", + "PAM_HOST", +}; + +const char *pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +const char *pam_func_name[PAM_NUM_PRIMITIVES] = { + "pam_authenticate", + "pam_setcred", + "pam_acct_mgmt", + "pam_open_session", + "pam_close_session", + "pam_chauthtok" +}; + +const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_authenticate", + "pam_sm_setcred", + "pam_sm_acct_mgmt", + "pam_sm_open_session", + "pam_sm_close_session", + "pam_sm_chauthtok" +}; diff --git a/lib/openpam_constants.h b/lib/openpam_constants.h new file mode 100644 index 0000000..427c6f7 --- /dev/null +++ b/lib/openpam_constants.h @@ -0,0 +1,40 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef OPENPAM_CONSTANTS_INCLUDED +#define OPENPAM_CONSTANTS_INCLUDED + +extern const char *pam_err_name[PAM_NUM_ERRORS]; +extern const char *pam_item_name[PAM_NUM_ITEMS]; +extern const char *pam_facility_name[PAM_NUM_FACILITIES]; +extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS]; +extern const char *pam_func_name[PAM_NUM_PRIMITIVES]; +extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES]; + +#endif diff --git a/lib/openpam_debug.h b/lib/openpam_debug.h new file mode 100644 index 0000000..7492283 --- /dev/null +++ b/lib/openpam_debug.h @@ -0,0 +1,103 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef OPENPAM_DEBUG_INCLUDED +#define OPENPAM_DEBUG_INCLUDED + +#ifdef OPENPAM_DEBUG +#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTERI(i) do { \ + int i_ = (i); \ + if (i_ > 0 && i_ < PAM_NUM_ITEMS) \ + openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \ +} while (0) +#define ENTERN(n) do { \ + int n_ = (n); \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \ +} while (0) +#define ENTERS(s) do { \ + const char *s_ = (s); \ + if (s_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define RETURNC(c) do { \ + int c_ = (c); \ + if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \ + openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \ + return (c_); \ +} while (0) +#define RETURNN(n) do { \ + int n_ = (n); \ + openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \ + return (n_); \ +} while (0) +#define RETURNP(p) do { \ + const void *p_ = (p); \ + if (p_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \ + return (p_); \ +} while (0) +#define RETURNS(s) do { \ + const char *s_ = (s); \ + if (s_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \ + return (s_); \ +} while (0) +#else +#define ENTER() +#define ENTERI(i) +#define ENTERN(n) +#define ENTERS(s) +#define RETURNV() return +#define RETURNC(c) return (c) +#define RETURNN(n) return (n) +#define RETURNP(p) return (p) +#define RETURNS(s) return (s) +#endif + +#endif diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h index 5af8524..698658d 100644 --- a/lib/openpam_impl.h +++ b/lib/openpam_impl.h @@ -40,11 +40,6 @@ #include -extern const char *pam_func_name[PAM_NUM_PRIMITIVES]; -extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES]; -extern const char *pam_err_name[PAM_NUM_ERRORS]; -extern const char *pam_item_name[PAM_NUM_ITEMS]; - extern int openpam_debug; /* @@ -71,6 +66,9 @@ typedef enum { PAM_NUM_FACILITIES } pam_facility_t; +/* + * Module chains + */ typedef struct pam_chain pam_chain_t; struct pam_chain { pam_module_t *module; @@ -80,6 +78,21 @@ struct pam_chain { pam_chain_t *next; }; +/* + * Service policies + */ +#if defined(OPENPAM_EMBEDDED) +typedef struct pam_policy pam_policy_t; +struct pam_policy { + const char *service; + pam_chain_t *chains[PAM_NUM_FACILITIES]; +}; +extern pam_policy_t *pam_embedded_policies[]; +#endif + +/* + * Module-specific data + */ typedef struct pam_data pam_data_t; struct pam_data { char *name; @@ -88,6 +101,9 @@ struct pam_data { pam_data_t *next; }; +/* + * PAM context + */ struct pam_handle { char *service; @@ -107,6 +123,9 @@ struct pam_handle { }; #ifdef NGROUPS_MAX +/* + * Saved credentials + */ #define PAM_SAVED_CRED "pam_saved_cred" struct pam_saved_cred { uid_t euid; @@ -116,8 +135,14 @@ struct pam_saved_cred { }; #endif +/* + * Default policy + */ #define PAM_OTHER "other" +/* + * Internal functions + */ int openpam_configure(pam_handle_t *, const char *); int openpam_dispatch(pam_handle_t *, int, int); int openpam_findenv(pam_handle_t *, const char *, size_t); @@ -131,66 +156,7 @@ pam_module_t *openpam_dynamic(const char *); #define FREE(p) do { free((p)); (p) = NULL; } while (0) -#ifdef OPENPAM_DEBUG -#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") -#define ENTERI(i) do { \ - int i_ = (i); \ - if (i_ > 0 && i_ < PAM_NUM_ITEMS) \ - openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \ - else \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \ -} while (0) -#define ENTERN(n) do { \ - int n_ = (n); \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \ -} while (0) -#define ENTERS(s) do { \ - const char *s_ = (s); \ - if (s_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \ -} while (0) -#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") -#define RETURNC(c) do { \ - int c_ = (c); \ - if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \ - openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \ - return (c_); \ -} while (0) -#define RETURNN(n) do { \ - int n_ = (n); \ - openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \ - return (n_); \ -} while (0) -#define RETURNP(p) do { \ - const void *p_ = (p); \ - if (p_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \ - return (p_); \ -} while (0) -#define RETURNS(s) do { \ - const char *s_ = (s); \ - if (s_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \ - return (s_); \ -} while (0) -#else -#define ENTER() -#define ENTERI(i) -#define ENTERN(n) -#define ENTERS(s) -#define RETURNV() return -#define RETURNC(c) return (c) -#define RETURNN(n) return (n) -#define RETURNP(p) return (p) -#define RETURNS(s) return (s) -#endif +#include "openpam_constants.h" +#include "openpam_debug.h" #endif diff --git a/lib/openpam_load.c b/lib/openpam_load.c index f2e078f..0f1f137 100644 --- a/lib/openpam_load.c +++ b/lib/openpam_load.c @@ -47,24 +47,6 @@ #include "openpam_impl.h" -const char *pam_func_name[PAM_NUM_PRIMITIVES] = { - "pam_authenticate", - "pam_setcred", - "pam_acct_mgmt", - "pam_open_session", - "pam_close_session", - "pam_chauthtok" -}; - -const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = { - "pam_sm_authenticate", - "pam_sm_setcred", - "pam_sm_acct_mgmt", - "pam_sm_open_session", - "pam_sm_close_session", - "pam_sm_chauthtok" -}; - /* * Locate a matching dynamic or static module. */ diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c index 8c942fb..31e3d42 100644 --- a/lib/pam_get_item.c +++ b/lib/pam_get_item.c @@ -45,23 +45,6 @@ #include "openpam_impl.h" -const char *pam_item_name[PAM_NUM_ITEMS] = { - "(NO ITEM)", - "PAM_SERVICE", - "PAM_USER", - "PAM_TTY", - "PAM_RHOST", - "PAM_CONV", - "PAM_AUTHTOK", - "PAM_OLDAUTHTOK", - "PAM_RUSER", - "PAM_USER_PROMPT", - "PAM_REPOSITORY", - "PAM_AUTHTOK_PROMPT", - "PAM_OLDAUTHTOK_PROMPT", - "PAM_HOST", -}; - /* * XSSO 4.2.1 * XSSO 6 page 46 diff --git a/lib/pam_strerror.c b/lib/pam_strerror.c index 6976ff4..41b0466 100644 --- a/lib/pam_strerror.c +++ b/lib/pam_strerror.c @@ -45,39 +45,6 @@ #include "openpam_impl.h" -const char *pam_err_name[PAM_NUM_ERRORS] = { - "PAM_SUCCESS", - "PAM_OPEN_ERR", - "PAM_SYMBOL_ERR", - "PAM_SERVICE_ERR", - "PAM_SYSTEM_ERR", - "PAM_BUF_ERR", - "PAM_CONV_ERR", - "PAM_PERM_DENIED", - "PAM_MAXTRIES", - "PAM_AUTH_ERR", - "PAM_NEW_AUTHTOK_REQD", - "PAM_CRED_INSUFFICIENT", - "PAM_AUTHINFO_UNAVAIL", - "PAM_USER_UNKNOWN", - "PAM_CRED_UNAVAIL", - "PAM_CRED_EXPIRED", - "PAM_CRED_ERR", - "PAM_ACCT_EXPIRED", - "PAM_AUTHTOK_EXPIRED", - "PAM_SESSION_ERR", - "PAM_AUTHTOK_ERR", - "PAM_AUTHTOK_RECOVERY_ERR", - "PAM_AUTHTOK_LOCK_BUSY", - "PAM_AUTHTOK_DISABLE_AGING", - "PAM_NO_MODULE_DATA", - "PAM_IGNORE", - "PAM_ABORT", - "PAM_TRY_AGAIN", - "PAM_MODULE_UNKNOWN", - "PAM_DOMAIN_UNKNOWN" -}; - /* * XSSO 4.2.1 * XSSO 6 page 92