OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implement the "binding" control flag (from Solaris 9) 

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@161 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav 2002-06-30 22:41:59 +00:00
parent d185910864
commit a9b8bb1e92
4 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/security/pam_constants.h
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $P4: //depot/projects/openpam/include/security/pam_constants.h#15 $ * $P4: //depot/projects/openpam/include/security/pam_constants.h#16 $
*/ */
#ifndef _PAM_CONSTANTS_H_INCLUDED #ifndef _PAM_CONSTANTS_H_INCLUDED

4
lib/openpam_configure.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $P4: //depot/projects/openpam/lib/openpam_configure.c#4 $ * $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $
*/ */
#include <ctype.h> #include <ctype.h>
@ -150,6 +150,8 @@ openpam_read_policy_file(pam_chain_t *policy[],
flag = PAM_SUFFICIENT; flag = PAM_SUFFICIENT;
} else if (strcmp(p, "optional") == 0) { } else if (strcmp(p, "optional") == 0) {
flag = PAM_OPTIONAL; flag = PAM_OPTIONAL;
} else if (strcmp(p, "binding") == 0) {
flag = PAM_BINDING;
} else { } else {
openpam_log(PAM_LOG_ERROR, openpam_log(PAM_LOG_ERROR,
"%s: invalid control flag on line %d: '%s'", "%s: invalid control flag on line %d: '%s'",

10
lib/openpam_dispatch.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#16 $ * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $
*/ */
#include <sys/param.h> #include <sys/param.h>
@ -109,13 +109,14 @@ openpam_dispatch(pam_handle_t *pamh,
if (r == PAM_IGNORE) if (r == PAM_IGNORE)
continue; continue;
if (r == PAM_SUCCESS || r == PAM_NEW_AUTHTOK_REQD) { if (r == PAM_SUCCESS) {
/* /*
* For pam_setcred() and pam_chauthtok() with the * For pam_setcred() and pam_chauthtok() with the
* PAM_PRELIM_CHECK flag, treat "sufficient" as * PAM_PRELIM_CHECK flag, treat "sufficient" as
* "optional". * "optional".
*/ */
if (chain->flag == PAM_SUFFICIENT && !fail && if ((chain->flag == PAM_SUFFICIENT ||
chain->flag == PAM_BINDING) && !fail &&
primitive != PAM_SM_SETCRED && primitive != PAM_SM_SETCRED &&
!(primitive == PAM_SM_CHAUTHTOK && !(primitive == PAM_SM_CHAUTHTOK &&
(flags & PAM_PRELIM_CHECK))) (flags & PAM_PRELIM_CHECK)))
@ -132,7 +133,8 @@ openpam_dispatch(pam_handle_t *pamh,
*/ */
if (err == 0) if (err == 0)
err = r; err = r;
if (chain->flag == PAM_REQUIRED && !fail) { if ((chain->flag == PAM_REQUIRED ||
chain->flag == PAM_BINDING) && !fail) {
openpam_log(PAM_LOG_DEBUG, "required module failed"); openpam_log(PAM_LOG_DEBUG, "required module failed");
fail = 1; fail = 1;
err = r; err = r;

5
lib/openpam_impl.h
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $P4: //depot/projects/openpam/lib/openpam_impl.h#15 $ * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
*/ */
#ifndef _OPENPAM_IMPL_H_INCLUDED #ifndef _OPENPAM_IMPL_H_INCLUDED
@ -48,7 +48,8 @@ extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
#define PAM_REQUISITE 2 #define PAM_REQUISITE 2
#define PAM_SUFFICIENT 3 #define PAM_SUFFICIENT 3
#define PAM_OPTIONAL 4 #define PAM_OPTIONAL 4
#define PAM_NUM_CONTROLFLAGS 5 #define PAM_BINDING 5
#define PAM_NUM_CONTROLFLAGS 6
/* /*
* Chains * Chains