Compare commits
304 Commits
openpam-20
...
main
Author | SHA1 | Date |
---|---|---|
Dag-Erling Smørgrav | d61017e615 | |
Dag-Erling Smørgrav | 41eb8b9f02 | |
Dag-Erling Smørgrav | 7da86c0c62 | |
Dag-Erling Smørgrav | 4b2e3c92df | |
Dag-Erling Smørgrav | cc0d61260e | |
Dag-Erling Smørgrav | f1871a7d9f | |
Dag-Erling Smørgrav | eed614622f | |
Dag-Erling Smørgrav | 29e80880cc | |
Dag-Erling Smørgrav | 64edbc294d | |
Dag-Erling Smørgrav | 1d9c829c40 | |
Dag-Erling Smørgrav | ef5e67748c | |
Dag-Erling Smørgrav | 05bd3febc0 | |
Dag-Erling Smørgrav | a967883b9c | |
Dag-Erling Smørgrav | e0e3406a78 | |
Dag-Erling Smørgrav | 6bf8cb1753 | |
Dag-Erling Smørgrav | bb68996306 | |
Dag-Erling Smørgrav | 9bdf428c5a | |
Dag-Erling Smørgrav | 1dce53245b | |
Dag-Erling Smørgrav | 251dac8e4a | |
Dag-Erling Smørgrav | a501f2af85 | |
Dag-Erling Smørgrav | 9cd25f7e7d | |
Dag-Erling Smørgrav | d061313188 | |
Dag-Erling Smørgrav | eefae6d5ef | |
Dag-Erling Smørgrav | 919a1250d4 | |
Dag-Erling Smørgrav | ddb34ad671 | |
Dag-Erling Smørgrav | 4876ee459d | |
Dag-Erling Smørgrav | 105d392c57 | |
Dag-Erling Smørgrav | 29c7f93598 | |
Dag-Erling Smørgrav | 0f7f351a10 | |
Dag-Erling Smørgrav | c87aee7c52 | |
Dag-Erling Smørgrav | 07daaf4bb2 | |
Dag-Erling Smørgrav | 3ebfd11150 | |
Dag-Erling Smørgrav | e7f32a97b0 | |
Dag-Erling Smørgrav | 812256e9d1 | |
Dag-Erling Smørgrav | 25bcbd2652 | |
Dag-Erling Smørgrav | a823b423ca | |
Dag-Erling Smørgrav | 890bea99e0 | |
Dag-Erling Smørgrav | 05afeb7a29 | |
Dag-Erling Smørgrav | f5a12fb24e | |
Dag-Erling Smørgrav | d9e44d146f | |
Dag-Erling Smørgrav | 2f340d61b5 | |
Dag-Erling Smørgrav | 82935b7d7a | |
Dag-Erling Smørgrav | 1e09705bd7 | |
Dag-Erling Smørgrav | c5a320988e | |
Dag-Erling Smørgrav | e936857588 | |
Dag-Erling Smørgrav | a18c87672e | |
Dag-Erling Smørgrav | 23cdf95099 | |
Dag-Erling Smørgrav | 3112c53799 | |
Dag-Erling Smørgrav | adb7175c42 | |
Dag-Erling Smørgrav | c75883564d | |
Dag-Erling Smørgrav | 3699596d18 | |
Dag-Erling Smørgrav | da26321ba8 | |
Dag-Erling Smørgrav | 26fbccde77 | |
Dag-Erling Smørgrav | b6605f9267 | |
Dag-Erling Smørgrav | aa6768d765 | |
Dag-Erling Smørgrav | c371da364c | |
Dag-Erling Smørgrav | 4a77e993a9 | |
Dag-Erling Smørgrav | d040ae3d29 | |
Dag-Erling Smørgrav | b1895baa2d | |
Dag-Erling Smørgrav | ddfa63ca38 | |
Dag-Erling Smørgrav | 41a50e0c57 | |
Dag-Erling Smørgrav | 9ff1a454ce | |
Dag-Erling Smørgrav | 310b5ee125 | |
Dag-Erling Smørgrav | a38c5db91b | |
Dag-Erling Smørgrav | f82c90afb6 | |
Dag-Erling Smørgrav | 4e92aa7e24 | |
Dag-Erling Smørgrav | 5b83650c3d | |
Dag-Erling Smørgrav | e89fab019e | |
Dag-Erling Smørgrav | d4aad88c97 | |
Dag-Erling Smørgrav | 17c3fff539 | |
Dag-Erling Smørgrav | f78c2be225 | |
Dag-Erling Smørgrav | b3cd4386fa | |
Dag-Erling Smørgrav | d30df17f67 | |
Dag-Erling Smørgrav | b149f4beed | |
Dag-Erling Smørgrav | 4a9cae719e | |
Dag-Erling Smørgrav | 75781c2e7c | |
Dag-Erling Smørgrav | 37b1f12e58 | |
Dag-Erling Smørgrav | 4ee61ea341 | |
Dag-Erling Smørgrav | a1e8de164e | |
Dag-Erling Smørgrav | 38c6ca93b2 | |
Dag-Erling Smørgrav | d84d7367fe | |
Dag-Erling Smørgrav | 653950434c | |
Dag-Erling Smørgrav | bf92462945 | |
Dag-Erling Smørgrav | 34ef29ccf8 | |
Dag-Erling Smørgrav | 737e1bef50 | |
Dag-Erling Smørgrav | a1f83b0b30 | |
Dag-Erling Smørgrav | ce014fab92 | |
Dag-Erling Smørgrav | 563ac2d4bb | |
Dag-Erling Smørgrav | 8a2e3ce9b6 | |
Dag-Erling Smørgrav | 00fb76245a | |
Dag-Erling Smørgrav | 1cffa76b4f | |
Dag-Erling Smørgrav | cec8549503 | |
Dag-Erling Smørgrav | e959d8c160 | |
Dag-Erling Smørgrav | 2f686b73cb | |
Dag-Erling Smørgrav | c7a5aa489f | |
Dag-Erling Smørgrav | e84c236ee9 | |
Dag-Erling Smørgrav | 8988b9122e | |
Dag-Erling Smørgrav | da2c1e7120 | |
Dag-Erling Smørgrav | 753721df82 | |
Dag-Erling Smørgrav | d130c0ec09 | |
Dag-Erling Smørgrav | fc5eeb8fd9 | |
Dag-Erling Smørgrav | f3fda3d07a | |
Dag-Erling Smørgrav | 4b2bc748fd | |
Dag-Erling Smørgrav | 273bae0b16 | |
Dag-Erling Smørgrav | 16ae1d5b87 | |
Dag-Erling Smørgrav | 1e3740645e | |
Dag-Erling Smørgrav | ac54af0d69 | |
Dag-Erling Smørgrav | 385dfb33cb | |
Dag-Erling Smørgrav | 37baf24e77 | |
Dag-Erling Smørgrav | 7ce556ed8d | |
Dag-Erling Smørgrav | e6dc9378f7 | |
Dag-Erling Smørgrav | e956efb61f | |
Dag-Erling Smørgrav | 9c55e81bbb | |
Dag-Erling Smørgrav | e5b05552fc | |
Dag-Erling Smørgrav | ce08052f96 | |
Dag-Erling Smørgrav | 2c148271ae | |
Dag-Erling Smørgrav | 623d9e7b2f | |
Dag-Erling Smørgrav | 561cd87dbe | |
Dag-Erling Smørgrav | 8ad7aa9039 | |
Dag-Erling Smørgrav | 37ff7929a0 | |
Dag-Erling Smørgrav | 5c8ea43402 | |
Dag-Erling Smørgrav | b94f9e7ce7 | |
Dag-Erling Smørgrav | 6846134790 | |
Dag-Erling Smørgrav | 1450290a72 | |
Dag-Erling Smørgrav | 95a55b95cf | |
Dag-Erling Smørgrav | 2ae3b8b727 | |
Dag-Erling Smørgrav | 547794d58e | |
Dag-Erling Smørgrav | 69b1a97268 | |
Dag-Erling Smørgrav | 131aba915f | |
Dag-Erling Smørgrav | 548c44573c | |
Dag-Erling Smørgrav | 05630b94be | |
Dag-Erling Smørgrav | 57429ccc0e | |
Dag-Erling Smørgrav | 7dbd5c38b7 | |
Dag-Erling Smørgrav | 1efe822057 | |
Dag-Erling Smørgrav | b61b6f9c74 | |
Dag-Erling Smørgrav | e58f05403e | |
Dag-Erling Smørgrav | 4614107c94 | |
Dag-Erling Smørgrav | f7e8328354 | |
Dag-Erling Smørgrav | 14d31b83e8 | |
Dag-Erling Smørgrav | a4ff6191f7 | |
Dag-Erling Smørgrav | 925436a04f | |
Dag-Erling Smørgrav | 078ac6bb4a | |
Dag-Erling Smørgrav | 6722d714f5 | |
Dag-Erling Smørgrav | 38622bad18 | |
Dag-Erling Smørgrav | ebdefa45ca | |
Dag-Erling Smørgrav | 7914208b2d | |
Dag-Erling Smørgrav | 9853f0d8d5 | |
Dag-Erling Smørgrav | 6243755aa2 | |
Dag-Erling Smørgrav | 5d59548018 | |
Dag-Erling Smørgrav | 6c087dd523 | |
Dag-Erling Smørgrav | 2efb7c4b01 | |
Dag-Erling Smørgrav | 75a6073d2c | |
Dag-Erling Smørgrav | d60017fe80 | |
Dag-Erling Smørgrav | 183cc6d511 | |
Dag-Erling Smørgrav | c5265319ff | |
Dag-Erling Smørgrav | 01809a1b48 | |
Dag-Erling Smørgrav | 17144e7a5f | |
Dag-Erling Smørgrav | 4645bc1762 | |
Dag-Erling Smørgrav | 576e1e6b1c | |
Dag-Erling Smørgrav | 56f7cf21f5 | |
Dag-Erling Smørgrav | 03207fcd61 | |
Dag-Erling Smørgrav | 3dab19018f | |
Dag-Erling Smørgrav | 9f84c11072 | |
Dag-Erling Smørgrav | 46df1b1050 | |
Dag-Erling Smørgrav | 5fadc4abb8 | |
Dag-Erling Smørgrav | c7457cff15 | |
Dag-Erling Smørgrav | 58921adbab | |
Dag-Erling Smørgrav | 9e9207fd5d | |
Dag-Erling Smørgrav | 3d0d4da447 | |
Dag-Erling Smørgrav | aec3988b2f | |
Dag-Erling Smørgrav | 59313f56a4 | |
Dag-Erling Smørgrav | e8cd86aade | |
Dag-Erling Smørgrav | 11a8c730d2 | |
Dag-Erling Smørgrav | 9c592d628c | |
Dag-Erling Smørgrav | aa338bce81 | |
Dag-Erling Smørgrav | df95e0530d | |
Dag-Erling Smørgrav | d68deb210c | |
Dag-Erling Smørgrav | d9f3164b53 | |
Dag-Erling Smørgrav | e2375b0d73 | |
Dag-Erling Smørgrav | 7b4ce30d8e | |
Dag-Erling Smørgrav | cf0612ac98 | |
Dag-Erling Smørgrav | 914a5b3708 | |
Dag-Erling Smørgrav | 4dbe28d092 | |
Dag-Erling Smørgrav | 2e6439e932 | |
Dag-Erling Smørgrav | 8568521d18 | |
Dag-Erling Smørgrav | 3bc114befa | |
Dag-Erling Smørgrav | 7eacdef3fd | |
Dag-Erling Smørgrav | d4f3382050 | |
Dag-Erling Smørgrav | ac8841d2bd | |
Dag-Erling Smørgrav | 0446934acb | |
Dag-Erling Smørgrav | 2cc13d4b85 | |
Dag-Erling Smørgrav | e565eb6258 | |
Dag-Erling Smørgrav | 3b992508b8 | |
Dag-Erling Smørgrav | 01d54c2924 | |
Dag-Erling Smørgrav | df82cbb560 | |
Dag-Erling Smørgrav | d216fb463e | |
Dag-Erling Smørgrav | 95539e42cf | |
Dag-Erling Smørgrav | 84543123ea | |
Dag-Erling Smørgrav | 3b1c7851e6 | |
Dag-Erling Smørgrav | 56dd3d8d03 | |
Dag-Erling Smørgrav | 10e70f48b8 | |
Dag-Erling Smørgrav | f69d77aaed | |
Dag-Erling Smørgrav | 1b1f9c46e4 | |
Dag-Erling Smørgrav | bcafac75c2 | |
Dag-Erling Smørgrav | 1f9f093691 | |
Dag-Erling Smørgrav | 6b2927cfc5 | |
Dag-Erling Smørgrav | fa62c8c348 | |
Dag-Erling Smørgrav | 4264bfb000 | |
Dag-Erling Smørgrav | 90715a13d4 | |
Dag-Erling Smørgrav | a03bbedb50 | |
Dag-Erling Smørgrav | b9ec47c689 | |
Dag-Erling Smørgrav | 0c4d5add5f | |
Dag-Erling Smørgrav | d34ad5ab09 | |
Dag-Erling Smørgrav | efa93c4a5f | |
Dag-Erling Smørgrav | a02762c066 | |
Dag-Erling Smørgrav | b8ec0155ab | |
Dag-Erling Smørgrav | d3f359e2df | |
Dag-Erling Smørgrav | 929ddb1bc3 | |
Dag-Erling Smørgrav | 0c34187244 | |
Dag-Erling Smørgrav | 880bd5c2d4 | |
Dag-Erling Smørgrav | fe081dbbfc | |
Dag-Erling Smørgrav | dfe04a59e4 | |
Dag-Erling Smørgrav | 88a91c2d02 | |
Dag-Erling Smørgrav | 066e2b91ff | |
Dag-Erling Smørgrav | b578b6a715 | |
Dag-Erling Smørgrav | efe4bec74a | |
Dag-Erling Smørgrav | 5847a34802 | |
Dag-Erling Smørgrav | c9387115d9 | |
Dag-Erling Smørgrav | c05b6dd046 | |
Dag-Erling Smørgrav | 93d104bfd6 | |
Dag-Erling Smørgrav | 3a53d5117b | |
Dag-Erling Smørgrav | 6950b99458 | |
Dag-Erling Smørgrav | 3ab09a4f26 | |
Dag-Erling Smørgrav | a43b9256fc | |
Dag-Erling Smørgrav | 70d5d18643 | |
Dag-Erling Smørgrav | 2fc7038ca4 | |
Dag-Erling Smørgrav | 9f0aba7d25 | |
Dag-Erling Smørgrav | 9f6bdd74f4 | |
Dag-Erling Smørgrav | 7da9af6602 | |
Dag-Erling Smørgrav | f3f8ccc9c3 | |
Dag-Erling Smørgrav | 496bd4632b | |
Dag-Erling Smørgrav | 2be62b5732 | |
Dag-Erling Smørgrav | c1df418c6f | |
Dag-Erling Smørgrav | 422a3ccd39 | |
Dag-Erling Smørgrav | 794601a544 | |
Dag-Erling Smørgrav | 4f9b0f6342 | |
Dag-Erling Smørgrav | d4ab77b35c | |
Dag-Erling Smørgrav | 30f65f8a44 | |
Dag-Erling Smørgrav | bcebdf0ea8 | |
Dag-Erling Smørgrav | 32d5e093bd | |
Dag-Erling Smørgrav | 3353ad06ce | |
Dag-Erling Smørgrav | 2dd5f46e84 | |
Dag-Erling Smørgrav | 0f25be4e42 | |
Dag-Erling Smørgrav | b501509854 | |
Dag-Erling Smørgrav | 567ecaa2af | |
Dag-Erling Smørgrav | 2b8f7a6154 | |
Dag-Erling Smørgrav | fe2e691204 | |
Dag-Erling Smørgrav | 785bc19867 | |
Dag-Erling Smørgrav | 429089e868 | |
Dag-Erling Smørgrav | 26d543d484 | |
Dag-Erling Smørgrav | efe65a2cab | |
Dag-Erling Smørgrav | 7bcd5bb700 | |
Dag-Erling Smørgrav | 93a9982d45 | |
Dag-Erling Smørgrav | 0ba869e872 | |
Dag-Erling Smørgrav | a810f26399 | |
Dag-Erling Smørgrav | 7ab83ce826 | |
Dag-Erling Smørgrav | e6ad0c668c | |
Dag-Erling Smørgrav | 0da2f07cfb | |
Dag-Erling Smørgrav | f6205baa20 | |
Dag-Erling Smørgrav | d3b7a7843e | |
Dag-Erling Smørgrav | a9a5497d3f | |
Dag-Erling Smørgrav | 374a1769ca | |
Dag-Erling Smørgrav | bbcd45ace7 | |
Dag-Erling Smørgrav | e39d0abb85 | |
Dag-Erling Smørgrav | 2fe7fdd088 | |
Dag-Erling Smørgrav | a263be7c26 | |
Dag-Erling Smørgrav | a9c6523c52 | |
Dag-Erling Smørgrav | 9187daa2ac | |
Dag-Erling Smørgrav | 2ec4f668a9 | |
Dag-Erling Smørgrav | a1ee57dd24 | |
Dag-Erling Smørgrav | f8a727ec0c | |
Dag-Erling Smørgrav | 75420a1e07 | |
Dag-Erling Smørgrav | 54d9167cea | |
Dag-Erling Smørgrav | b21442245a | |
Dag-Erling Smørgrav | 1a070e2544 | |
Dag-Erling Smørgrav | 08f35bc290 | |
Dag-Erling Smørgrav | ff9ea1145d | |
Dag-Erling Smørgrav | 16a29af819 | |
Dag-Erling Smørgrav | 92d483a21a | |
Dag-Erling Smørgrav | 16e805fc4c | |
Dag-Erling Smørgrav | 3d15ee7552 | |
Dag-Erling Smørgrav | a37ffba3b8 | |
Dag-Erling Smørgrav | 772c94fdee | |
Dag-Erling Smørgrav | 2546d3cf58 | |
Dag-Erling Smørgrav | 4978bcf862 | |
Dag-Erling Smørgrav | 515667a9c5 | |
Dag-Erling Smørgrav | f70250359e | |
Dag-Erling Smørgrav | e15ecfaa9c | |
Dag-Erling Smørgrav | 35310aef5b | |
Dag-Erling Smørgrav | 9914cc8c45 | |
Dag-Erling Smørgrav | 2b555bb3d3 | |
Dag-Erling Smørgrav | 709f28793c | |
Dag-Erling Smørgrav | c0a7737a9b | |
Dag-Erling Smørgrav | 0869153c0b |
|
@ -0,0 +1,30 @@
|
|||
/aclocal.m4
|
||||
/autom4te.cache
|
||||
/compile
|
||||
/config.guess
|
||||
/config.h.in
|
||||
/config.h
|
||||
/config.log
|
||||
/config.status
|
||||
/config.sub
|
||||
/configure
|
||||
/cov
|
||||
/depcomp
|
||||
/install-sh
|
||||
/libtool
|
||||
/ltmain.sh
|
||||
/missing
|
||||
/stamp-h1
|
||||
/test-driver
|
||||
*~
|
||||
.deps
|
||||
.libs
|
||||
*.a
|
||||
*.la
|
||||
*.lo
|
||||
*.log
|
||||
*.o
|
||||
*.pc
|
||||
*.profraw
|
||||
Makefile
|
||||
Makefile.in
|
16
CREDITS
16
CREDITS
|
@ -1,4 +1,6 @@
|
|||
|
||||
_Ἀπόδοτε οὖν τὰ Καίσαρος Καίσαρι καὶ τὰ τοῦ Θεοῦ τῷ Θεῷ_
|
||||
|
||||
The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS
|
||||
and Network Associates Laboratories, the Security Research Division of
|
||||
Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
|
@ -13,21 +15,28 @@ directly or indirectly, with patches, criticism, suggestions, or
|
|||
ideas:
|
||||
|
||||
Andrew Morgan <morgan@transmeta.com>
|
||||
Ankita Pal <pal.ankita.ankita@gmail.com>
|
||||
Baptiste Daroussin <bapt@freebsd.org>
|
||||
Brian Fundakowski Feldman <green@freebsd.org>
|
||||
Brooks Davis <brooks@freebsd.org>
|
||||
Christos Zoulas <christos@netbsd.org>
|
||||
Daniel Richard G. <skunk@iskunk.org>
|
||||
Darren J. Moffat <darren.moffat@sun.com>
|
||||
Dimitry Andric <dim@freebsd.org>
|
||||
Dmitry V. Levin <ldv@altlinux.org>
|
||||
Don Lewis <truckman@freebsd.org>
|
||||
Emmanuel Dreyfus <manu@netbsd.org>
|
||||
Eric Melville <eric@freebsd.org>
|
||||
Espen Grøndahl <espegro@usit.uio.no>
|
||||
Gary Winiger <gary.winiger@sun.com>
|
||||
Gavin Atkinson <gavin@freebsd.org>
|
||||
Gleb Smirnoff <glebius@freebsd.org>
|
||||
Hubert Feyrer <hubert@feyrer.de>
|
||||
Jason Evans <jasone@freebsd.org>
|
||||
Joe Marcus Clarke <marcus@freebsd.org>
|
||||
Juli Mallett <jmallett@freebsd.org>
|
||||
Jörg Sonnenberger <joerg@britannica.bec.de>
|
||||
Juli Mallett <jmallett@freebsd.org>
|
||||
Larry Baird <lab@gta.com>
|
||||
Maëlle Lesage <lesage.maelle@gmail.com>
|
||||
Mark Murray <markm@freebsd.org>
|
||||
Matthias Drochner <drochner@netbsd.org>
|
||||
|
@ -35,12 +44,13 @@ ideas:
|
|||
Mikhail Teterin <mi@aldan.algebra.com>
|
||||
Mikko Työläjärvi <mbsd@pacbell.net>
|
||||
Nick Hibma <nick@van-laarhoven.org>
|
||||
Patrick Bihan-Faou <patrick-fbsd@mindstep.com>
|
||||
Robert Morris <rtm@lcs.mit.edu>
|
||||
Robert Watson <rwatson@freebsd.org>
|
||||
Ruslan Ermilov <ru@freebsd.org>
|
||||
Sebastian Krahmer <sebastian.krahmer@gmail.com>
|
||||
Solar Designer <solar@openwall.com>
|
||||
Takanori Saneto <sanewo@ba2.so-net.ne.jp>
|
||||
Tim Creech <tcreech@tcreech.com>
|
||||
Wojciech A. Koszek <wkoszek@freebsd.org>
|
||||
Yar Tikhiy <yar@freebsd.org>
|
||||
|
||||
$Id$
|
||||
|
|
109
HISTORY
109
HISTORY
|
@ -1,3 +1,108 @@
|
|||
OpenPAM Ximenia 2023-06-27
|
||||
|
||||
- BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
|
||||
expect scripts.
|
||||
|
||||
- BUGFIX: In openpam_set_option(3), when removing an option, properly
|
||||
decrement the option count.
|
||||
|
||||
- BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
|
||||
template.
|
||||
============================================================================
|
||||
OpenPAM Tabebuia 2019-02-24
|
||||
|
||||
- BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
|
||||
OpenPAM Radula.
|
||||
|
||||
- ENHANCE: Add unit tests for pam_{get,put,set}env(3).
|
||||
============================================================================
|
||||
OpenPAM Resedacea 2017-04-30
|
||||
|
||||
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
|
||||
OpenPAM Radula, as it breaks common error-handling constructs.
|
||||
|
||||
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
|
||||
dispatcher when the required service function could not be found.
|
||||
|
||||
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
|
||||
NULL in API functions that have a NULL check.
|
||||
|
||||
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
|
||||
PAM_BAD_CONSTANT error codes for situations where we previously
|
||||
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
|
||||
had been passed to an API function.
|
||||
|
||||
- ENHANCE: Improve the RETURN VALUES section in API man pages,
|
||||
especially for functions that cannot fail, which were incorrectly
|
||||
documented as returning -1 on failure.
|
||||
============================================================================
|
||||
OpenPAM Radula 2017-02-19
|
||||
|
||||
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
|
||||
pam_get_user(3) from using application-provided custom prompts.
|
||||
|
||||
- BUGFIX: Plug a memory leak in pam_set_item(3).
|
||||
|
||||
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
|
||||
|
||||
- BUGFIX: In openpam_readword(3), support line continuations within
|
||||
whitespace.
|
||||
|
||||
- ENHANCE: Add a feature flag to control fallback to "other" policy.
|
||||
|
||||
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
|
||||
code specified in the module options.
|
||||
|
||||
- ENHANCE: More and better unit tests.
|
||||
============================================================================
|
||||
OpenPAM Ourouparia 2014-09-12
|
||||
|
||||
- ENHANCE: When executing a chain, require at least one service
|
||||
function to succeed. This mitigates fail-open scenarios caused by
|
||||
misconfigurations or missing modules.
|
||||
|
||||
- ENHANCE: Make sure to overwrite buffers which may have contained an
|
||||
authentication token when they're no longer needed.
|
||||
|
||||
- BUGFIX: Under certain circumstances, specifying a non-existent
|
||||
module (or misspelling the name of a module) in a policy could
|
||||
result in a fail-open scenario. (CVE-2014-3879)
|
||||
|
||||
- FEATURE: Add a search path for modules. This was implemented in
|
||||
Nummularia but inadvertently left out of the release notes.
|
||||
|
||||
- BUGFIX: The is_upper() predicate only accepted the letter A as an
|
||||
upper-case character instead of the entire A-Z range. As a result,
|
||||
service and module names containing upper-case letters other than A
|
||||
would be rejected.
|
||||
============================================================================
|
||||
OpenPAM Nummularia 2013-09-07
|
||||
|
||||
- ENHANCE: Rewrite the dynamic loader to improve readability and
|
||||
reliability. Modules can now be listed without the ".so" suffix in
|
||||
the policy file; OpenPAM will automatically add it, just like it
|
||||
will automatically add the version number if required.
|
||||
|
||||
- ENHANCE: Allow openpam_straddch(3) to be called without a character
|
||||
so it can be used to preallocate a string.
|
||||
|
||||
- ENHANCE: Improve portability by adding simple asprintf(3) and
|
||||
vasprintf(3) implementations for platforms that don't have them.
|
||||
|
||||
- ENHANCE: Move the libpam sources into a separate subdirectory.
|
||||
|
||||
- ENHANCE: Substantial documentation improvements.
|
||||
|
||||
- BUGFIX: When openpam_readword(3) encountered an opening quote, it
|
||||
would set the first byte in the buffer to '\0', discarding all
|
||||
existing text and, unless the buffer was empty to begin with, all
|
||||
subsequent text as well. This went unnoticed because none of the
|
||||
unit tests for quoted strings had any text preceding the opening
|
||||
quote.
|
||||
|
||||
- BUGFIX: make --with-modules-dir work the way it was meant to work
|
||||
(but never did).
|
||||
============================================================================
|
||||
OpenPAM Micrampelis 2012-05-26
|
||||
|
||||
- FEATURE: Add an openpam_readword(3) function which reads the next
|
||||
|
@ -70,7 +175,7 @@ OpenPAM Lycopsida 2011-12-18
|
|||
module before loading it.
|
||||
|
||||
- ENHANCE: added / improved input validation in many cases, including
|
||||
the policy file and some function arguments.
|
||||
the policy file and some function arguments. (CVE-2011-4122)
|
||||
============================================================================
|
||||
OpenPAM Hydrangea 2007-12-21
|
||||
|
||||
|
@ -400,5 +505,3 @@ Fixed a number of bugs in the previous release, including:
|
|||
OpenPAM Calamite 2002-02-09
|
||||
|
||||
First (beta) release.
|
||||
============================================================================
|
||||
$Id$
|
||||
|
|
4
LICENSE
4
LICENSE
|
@ -1,6 +1,6 @@
|
|||
|
||||
Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
Copyright (c) 2004-2012 Dag-Erling Smørgrav
|
||||
Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
All rights reserved.
|
||||
|
||||
This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,5 +31,3 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
$Id$
|
||||
|
|
33
Makefile.am
33
Makefile.am
|
@ -1,8 +1,6 @@
|
|||
# $Id$
|
||||
|
||||
ACLOCAL_AMFLAGS = -I m4
|
||||
|
||||
SUBDIRS = lib bin modules include
|
||||
SUBDIRS = misc include lib bin modules
|
||||
|
||||
if WITH_DOC
|
||||
SUBDIRS += doc
|
||||
|
@ -19,3 +17,32 @@ EXTRA_DIST = \
|
|||
RELNOTES \
|
||||
autogen.sh \
|
||||
misc/gendoc.pl
|
||||
|
||||
if WITH_CODE_COVERAGE
|
||||
covdir = @abs_top_builddir@/cov
|
||||
coverage: coverage-clean all coverage-prepare coverage-run coverage-report
|
||||
coverage-clean:
|
||||
-rm -rf "${covdir}"
|
||||
coverage-prepare:
|
||||
mkdir "${covdir}"
|
||||
if CLANG_CODE_COVERAGE
|
||||
profdata = ${covdir}/@PACKAGE@.profdata
|
||||
# hardcoding libpam.so here is horrible, need to find a better solution
|
||||
coverage-run:
|
||||
LLVM_PROFILE_FILE="${covdir}/@PACKAGE@.%p.raw" \
|
||||
${MAKE} -C "@abs_top_builddir@" check
|
||||
coverage-report:
|
||||
llvm-profdata@clang_ver@ merge \
|
||||
--sparse "${covdir}/@PACKAGE@".*.raw -o "${profdata}"
|
||||
llvm-cov@clang_ver@ show \
|
||||
--format=html --tab-size=8 \
|
||||
--output-dir="${covdir}" \
|
||||
--instr-profile="${profdata}" \
|
||||
--object "@abs_top_builddir@/lib/libpam/.libs/libpam.so"
|
||||
@echo "coverage report: file://${covdir}/index.html"
|
||||
endif
|
||||
else
|
||||
coverage:
|
||||
echo "code coverage is not enabled." >&2
|
||||
false
|
||||
endif
|
||||
|
|
17
README
17
README
|
@ -7,21 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
|
|||
Solaris, at the expense of XSSO conformance and Linux-PAM
|
||||
compatibility.
|
||||
|
||||
These are some of OpenPAM's features:
|
||||
|
||||
- Implements the complete PAM API as described in the original PAM
|
||||
paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
|
||||
except for mappings and secondary authentication. Also
|
||||
implements some extensions found in Solaris 9.
|
||||
|
||||
- Extends the API with several useful and time-saving functions.
|
||||
|
||||
- Performs strict checking of return values from service modules.
|
||||
|
||||
- Reads configuration from /etc/pam.d/, /etc/pam.conf,
|
||||
/usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
|
||||
this will be made configurable in a future release.
|
||||
|
||||
Please direct bug reports and inquiries to <des@des.no>.
|
||||
|
||||
$Id$
|
||||
|
|
34
RELNOTES
34
RELNOTES
|
@ -1,27 +1,21 @@
|
|||
|
||||
Release notes for OpenPAM Micrampelis
|
||||
=====================================
|
||||
Release notes for OpenPAM Ximenia
|
||||
=================================
|
||||
|
||||
This release corresponds to the code used in FreeBSD HEAD as of the
|
||||
release date, and is also expected to work on almost any POSIX-like
|
||||
platform that has GNU autotools, GNU make and the GNU compiler suite
|
||||
installed.
|
||||
OpenPAM is developed primarily on FreeBSD, but is expected to work on
|
||||
almost any POSIX-like platform that has GNU autotools, GNU make and
|
||||
the GNU compiler suite installed.
|
||||
|
||||
The library itself is complete. Documentation exists in the form of
|
||||
man pages for the library functions. These man pages are generated by
|
||||
a Perl script from specially marked-up comments in the source files
|
||||
themselves, which minimizes the chance that any of them should be out
|
||||
of date.
|
||||
The OpenPAM distribution consists of the following components:
|
||||
|
||||
The distribution also includes three sample modules (pam_deny,
|
||||
pam_permit and pam_unix) and a sample application (su). These are not
|
||||
intended for actual use, but rather to serve as examples for module or
|
||||
application developers. It also includes a command-line application
|
||||
(pamtest) which can be used to test policies and modules.
|
||||
- The PAM library itself, with complete API documentation.
|
||||
|
||||
Unit tests for limited portions of the library can be found in the t
|
||||
subdirectory.
|
||||
- Sample modules (pam_permit, pam_deny and pam_unix) and a sample
|
||||
application (su) which demonstrate how to use the PAM library.
|
||||
|
||||
- A test application (pamtest) which can be used to test policies and
|
||||
modules.
|
||||
|
||||
- Unit tests for limited portions of the library.
|
||||
|
||||
Please direct bug reports and inquiries to <des@des.no>.
|
||||
|
||||
$Id$
|
||||
|
|
16
TODO
16
TODO
|
@ -1,13 +1,9 @@
|
|||
Before the next release:
|
||||
- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
|
||||
documentation are slightly incorrect, OpenPAM's pam_unix(8) is
|
||||
incorrect, all FreeBSD modules are broken)
|
||||
|
||||
- Complete the transition from PAM_LOG_DEBUG to PAM_LOG_LIBDEBUG.
|
||||
- Add loop detection to openpam_load_chain().
|
||||
|
||||
Whenever:
|
||||
- Complete unit tests for openpam_dispatch().
|
||||
|
||||
- Implement mechanism to enable / disable optional features. Use it
|
||||
to disable strict error checking so pamtest and unit tests can do
|
||||
things that we don't allow in production.
|
||||
|
||||
- Rewrite the module-loading code.
|
||||
|
||||
$Id$
|
||||
- Stop using PAM_SYMBOL_ERR incorrectly.
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
set -ex
|
||||
|
||||
|
@ -15,7 +12,8 @@ export CONFIG_SHELL=/bin/sh
|
|||
--with-pam-unix \
|
||||
--with-pamtest \
|
||||
--with-su \
|
||||
--with-modules-dir=/usr/lib \
|
||||
--enable-debug \
|
||||
--enable-developer-warnings \
|
||||
--enable-werror \
|
||||
--enable-code-coverage \
|
||||
"$@"
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
aclocal
|
||||
libtoolize --copy --force
|
||||
aclocal -I m4
|
||||
autoheader
|
||||
automake -a -c --foreign
|
||||
automake --add-missing --copy --foreign
|
||||
autoconf
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = openpam_dump_policy
|
||||
|
||||
if WITH_PAMTEST
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/openpam_dump_policy
|
|
@ -1,7 +1,9 @@
|
|||
# $Id$
|
||||
|
||||
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/libpam
|
||||
|
||||
noinst_PROGRAMS = openpam_dump_policy
|
||||
openpam_dump_policy_SOURCES = openpam_dump_policy.c
|
||||
openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
openpam_dump_policy_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -43,6 +40,7 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_asprintf.h"
|
||||
|
||||
static char *
|
||||
openpam_chain_name(const char *service, pam_facility_t fclt)
|
||||
|
@ -64,7 +62,7 @@ openpam_facility_index_name(pam_facility_t fclt)
|
|||
if (asprintf(&name, "PAM_%s", facility) == -1)
|
||||
return (NULL);
|
||||
for (p = name + 4; *p; ++p)
|
||||
*p = toupper(*p);
|
||||
*p = toupper((unsigned char)*p);
|
||||
return (name);
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/pamtest
|
|
@ -1,9 +1,11 @@
|
|||
# $Id$
|
||||
|
||||
INCLUDES = -I$(top_srcdir)/include
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
||||
bin_PROGRAMS = pamtest
|
||||
pamtest_SOURCES = pamtest.c
|
||||
pamtest_LDADD = $(top_builddir)/lib/libpam.la
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
pamtest_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
pamtest_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
||||
dist_man1_MANS = pamtest.1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,19 +26,18 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd April 14, 2012
|
||||
.Dd July 11, 2013
|
||||
.Dt PAMTEST 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm pamtest
|
||||
.Nd PAM policy tester
|
||||
.Sh SYNOPSYS
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl dkMPsv
|
||||
.Op Fl H Ar rhost
|
||||
.Op Fl h Ar host
|
||||
.Op Fl T Ar timeout
|
||||
.Op Fl t Ar tty
|
||||
.Op Fl U Ar ruser
|
||||
.Op Fl u Ar user
|
||||
|
@ -136,6 +135,9 @@ flag when calling the
|
|||
and
|
||||
.Xr pam_close_session 3
|
||||
primitives.
|
||||
.It Fl T Ar timeout
|
||||
Set the conversation timeout (in seconds) for
|
||||
.Xr openpam_ttyconv 3 .
|
||||
.It Fl t Ar tty
|
||||
Specify the name of the tty.
|
||||
The default is to use the result of calling
|
||||
|
@ -164,7 +166,7 @@ pamtest -v system auth account change setcred open close unsetcred
|
|||
The
|
||||
.Nm
|
||||
utility and this manual page were written by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
.Sh BUGS
|
||||
The
|
||||
.Nm
|
||||
|
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -35,6 +32,7 @@
|
|||
#endif
|
||||
|
||||
#include <err.h>
|
||||
#include <limits.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
@ -116,6 +114,7 @@ pt_authenticate(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_authenticate()");
|
||||
if ((pame = pam_authenticate(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_authenticate()");
|
||||
return (pame);
|
||||
|
@ -130,6 +129,7 @@ pt_acct_mgmt(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_acct_mgmt()");
|
||||
if ((pame = pam_acct_mgmt(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_acct_mgmt()");
|
||||
return (pame);
|
||||
|
@ -144,6 +144,7 @@ pt_chauthtok(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_chauthtok()");
|
||||
if ((pame = pam_chauthtok(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_chauthtok()");
|
||||
return (pame);
|
||||
|
@ -158,6 +159,7 @@ pt_setcred(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_setcred()");
|
||||
if ((pame = pam_setcred(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_setcred()");
|
||||
return (pame);
|
||||
|
@ -172,6 +174,7 @@ pt_open_session(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_open_session()");
|
||||
if ((pame = pam_open_session(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_open_session()");
|
||||
return (pame);
|
||||
|
@ -186,6 +189,7 @@ pt_close_session(int flags)
|
|||
int pame;
|
||||
|
||||
flags |= silent;
|
||||
pt_verbose("pam_close_session()");
|
||||
if ((pame = pam_close_session(pamh, flags)) != PAM_SUCCESS)
|
||||
pt_error(pame, "pam_close_session()");
|
||||
return (pame);
|
||||
|
@ -269,6 +273,24 @@ usage(void)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle an option that takes an int argument and can be used only once
|
||||
*/
|
||||
static void
|
||||
opt_num_once(int opt, long *num, const char *arg)
|
||||
{
|
||||
char *end;
|
||||
long l;
|
||||
|
||||
l = strtol(arg, &end, 0);
|
||||
if (end == optarg || *end != '\0') {
|
||||
fprintf(stderr,
|
||||
"The -%c option expects a numeric argument\n", opt);
|
||||
usage();
|
||||
}
|
||||
*num = l;
|
||||
}
|
||||
|
||||
/*
|
||||
* Handle an option that takes a string argument and can be used only once
|
||||
*/
|
||||
|
@ -296,11 +318,12 @@ main(int argc, char *argv[])
|
|||
const char *user = NULL;
|
||||
const char *service = NULL;
|
||||
const char *tty = NULL;
|
||||
long timeout = 0;
|
||||
int keepatit = 0;
|
||||
int pame;
|
||||
int opt;
|
||||
|
||||
while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1)
|
||||
while ((opt = getopt(argc, argv, "dH:h:kMPsT:t:U:u:v")) != -1)
|
||||
switch (opt) {
|
||||
case 'd':
|
||||
openpam_debug++;
|
||||
|
@ -325,6 +348,15 @@ main(int argc, char *argv[])
|
|||
case 's':
|
||||
silent = PAM_SILENT;
|
||||
break;
|
||||
case 'T':
|
||||
opt_num_once(opt, &timeout, optarg);
|
||||
if (timeout < 0 || timeout > INT_MAX) {
|
||||
fprintf(stderr,
|
||||
"Invalid conversation timeout\n");
|
||||
usage();
|
||||
}
|
||||
openpam_ttyconv_timeout = (int)timeout;
|
||||
break;
|
||||
case 't':
|
||||
opt_str_once(opt, &tty, optarg);
|
||||
break;
|
||||
|
@ -352,6 +384,8 @@ main(int argc, char *argv[])
|
|||
++argv;
|
||||
|
||||
/* defaults */
|
||||
if (service == NULL)
|
||||
service = "pamtest";
|
||||
if (rhost == NULL) {
|
||||
if (gethostname(hostname, sizeof(hostname)) == -1)
|
||||
err(1, "gethostname()");
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/su
|
|
@ -1,9 +1,11 @@
|
|||
# $Id$
|
||||
|
||||
INCLUDES = -I$(top_srcdir)/include
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
||||
bin_PROGRAMS = su
|
||||
su_SOURCES = su.c
|
||||
su_LDADD = $(top_builddir)/lib/libpam.la
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
su_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
su_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
||||
dist_man1_MANS = su.1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,15 +26,13 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd November 2, 2011
|
||||
.Dt SU 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm su
|
||||
.Nd switch user identity
|
||||
.Sh SYNOPSYS
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Ar login Op Ar ...
|
||||
.Sh DESCRIPTION
|
||||
|
@ -62,4 +60,4 @@ and should not be used in production systems.
|
|||
The
|
||||
.Nm
|
||||
utility and this manual page were written by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
102
configure.ac
102
configure.ac
|
@ -1,27 +1,29 @@
|
|||
dnl $Id$
|
||||
|
||||
AC_PREREQ([2.62])
|
||||
AC_REVISION([$Id$])
|
||||
AC_INIT([OpenPAM], [trunk], [des@des.no])
|
||||
AC_CONFIG_SRCDIR([lib/pam_start.c])
|
||||
AC_PREREQ([2.69])
|
||||
AC_INIT([OpenPAM], [trunk], [des@des.no], [openpam], [https://openpam.org/])
|
||||
AC_CONFIG_SRCDIR([lib/libpam/pam_start.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AM_INIT_AUTOMAKE([foreign])
|
||||
AM_CONFIG_HEADER([config.h])
|
||||
|
||||
# C compiler and features
|
||||
AC_LANG(C)
|
||||
AC_PROG_CC
|
||||
AC_PROG_CC([clang gcc cc])
|
||||
AC_PROG_CC_STDC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_CXX([clang++ g++ c++])
|
||||
AC_GNU_SOURCE
|
||||
AC_C_CONST
|
||||
AC_C_RESTRICT
|
||||
AC_C_VOLATILE
|
||||
AX_COMPILER_VENDOR
|
||||
|
||||
# libtool
|
||||
LT_PREREQ([2.2.6])
|
||||
LT_INIT([disable-static dlopen])
|
||||
|
||||
# pkg-config
|
||||
AX_PROG_PKG_CONFIG
|
||||
|
||||
# other programs
|
||||
AC_PROG_INSTALL
|
||||
|
||||
|
@ -31,31 +33,29 @@ AC_DEFINE_UNQUOTED(LIB_MAJ, $LIB_MAJ, [OpenPAM library major number])
|
|||
|
||||
AC_ARG_ENABLE([debug],
|
||||
AC_HELP_STRING([--enable-debug],
|
||||
[turn debugging on by default]),
|
||||
AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging on by default]))
|
||||
[turn debugging macros on]),
|
||||
AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging macros on]))
|
||||
|
||||
AC_ARG_ENABLE([unversioned-modules],
|
||||
AC_HELP_STRING([--disable-unversioned-modules],
|
||||
[support loading of unversioned modules]),
|
||||
[support loading of unversioned modules]),
|
||||
[AS_IF([test x"$enableval" = x"no"], [
|
||||
AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
|
||||
1,
|
||||
[Whether loading unversioned modules support is disabled])
|
||||
AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
|
||||
1,
|
||||
[Whether loading unversioned modules support is disabled])
|
||||
])])
|
||||
|
||||
AC_ARG_WITH([modules-dir],
|
||||
AC_HELP_STRING([--with-modules-dir=DIR],
|
||||
[OpenPAM modules directory]),
|
||||
[OpenPAM modules directory]),
|
||||
[AS_IF([test x"$withval" != x"no"], [
|
||||
OPENPAM_MODULES_DIR="$withval"
|
||||
], [
|
||||
OPENPAM_MODULES_DIR="$libdir"
|
||||
])],
|
||||
[OPENPAM_MODULES_DIR="$libdir"])
|
||||
AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
|
||||
"${OPENPAM_MODULES_DIR%/}/",
|
||||
[OpenPAM modules directory])
|
||||
OPENPAM_MODULES_DIR="$withval"
|
||||
AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
|
||||
"${OPENPAM_MODULES_DIR%/}",
|
||||
[OpenPAM modules directory])
|
||||
])])
|
||||
AC_SUBST(OPENPAM_MODULES_DIR)
|
||||
AM_CONDITIONAL([CUSTOM_MODULES_DIR], [test x"$OPENPAM_MODULES_DIR" != x""])
|
||||
|
||||
AC_ARG_WITH([doc],
|
||||
AC_HELP_STRING([--without-doc], [do not build documentation]),
|
||||
|
@ -64,26 +64,36 @@ AC_ARG_WITH([doc],
|
|||
AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" = x"yes"])
|
||||
|
||||
AC_ARG_WITH([pam-unix],
|
||||
AC_HELP_STRING([--with-pam-unix], [compile sample pam_unix(8) implementation]),
|
||||
AC_HELP_STRING([--with-pam-unix], [build sample pam_unix(8) module]),
|
||||
[],
|
||||
[with_pam_unix=no])
|
||||
AM_CONDITIONAL([WITH_PAM_UNIX], [test x"$with_pam_unix" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(pamtest,
|
||||
AC_HELP_STRING([--with-pamtest], [compile test application]),
|
||||
AC_HELP_STRING([--with-pamtest], [build test application]),
|
||||
[],
|
||||
[with_pamtest=no])
|
||||
AM_CONDITIONAL([WITH_PAMTEST], [test x"$with_pamtest" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(su,
|
||||
AC_HELP_STRING([--with-su], [compile sample su(1) implementation]),
|
||||
AC_HELP_STRING([--with-su], [build sample su(1) implementation]),
|
||||
[],
|
||||
[with_su=no])
|
||||
AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(system-libpam,
|
||||
AC_HELP_STRING([--with-system-libpam], [use system libpam]),
|
||||
[],
|
||||
[with_system_libpam=no])
|
||||
AM_CONDITIONAL([WITH_SYSTEM_LIBPAM], [test x"$with_system_libpam" = x"yes"])
|
||||
|
||||
AC_CHECK_HEADERS([crypt.h])
|
||||
|
||||
AC_CHECK_FUNCS([fdlopen fpurge strlcat strlcmp strlcpy])
|
||||
AC_CHECK_FUNCS([asprintf vasprintf])
|
||||
AC_CHECK_FUNCS([dlfunc fdlopen])
|
||||
AC_CHECK_FUNCS([fpurge])
|
||||
AC_CHECK_FUNCS([setlogmask])
|
||||
AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset])
|
||||
|
||||
saved_LIBS="${LIBS}"
|
||||
LIBS=""
|
||||
|
@ -94,14 +104,19 @@ AC_SUBST(DL_LIBS)
|
|||
|
||||
saved_LIBS="${LIBS}"
|
||||
LIBS=""
|
||||
AC_CHECK_LIB([crypt], [crypt])
|
||||
CRYPT_LIBS="${LIBS}"
|
||||
AC_CHECK_LIB([pam], [pam_start])
|
||||
SYSTEM_LIBPAM="${LIBS}"
|
||||
LIBS="${saved_LIBS}"
|
||||
AC_SUBST(CRYPT_LIBS)
|
||||
AC_SUBST(SYSTEM_LIBPAM)
|
||||
|
||||
AX_PKG_CONFIG_CHECK([cryb-test],
|
||||
[AC_MSG_NOTICE([Cryb test framework found, unit tests enabled.])],
|
||||
[AC_MSG_WARN([Cryb test framework not found, unit tests disabled.])])
|
||||
AM_CONDITIONAL([WITH_TEST], [test x"$CRYB_TEST_LIBS" != x""])
|
||||
|
||||
AC_ARG_ENABLE([developer-warnings],
|
||||
AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -Wall -Wextra"])
|
||||
[CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"])
|
||||
AC_ARG_ENABLE([debugging-symbols],
|
||||
AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
|
||||
|
@ -109,6 +124,27 @@ AC_ARG_ENABLE([werror],
|
|||
AS_HELP_STRING([--enable-werror], [use -Werror (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -Werror"])
|
||||
|
||||
AC_ARG_ENABLE([code-coverage],
|
||||
AS_HELP_STRING([--enable-code-coverage],
|
||||
[enable code coverage]))
|
||||
AS_IF([test x"$enable_code_coverage" = x"yes"], [
|
||||
AM_COND_IF([WITH_TEST], [
|
||||
AS_IF([test x"$ax_cv_c_compiler_vendor" = x"clang"], [
|
||||
CFLAGS="${CFLAGS} -fprofile-instr-generate -fcoverage-mapping"
|
||||
clang_code_coverage="yes"
|
||||
AC_SUBST([clang_ver], [${CC#clang}])
|
||||
], [
|
||||
AC_MSG_ERROR([code coverage is only supported with clang])
|
||||
])
|
||||
AC_DEFINE([WITH_CODE_COVERAGE], [1], [Define to 1 if code coverage is enabled])
|
||||
AC_MSG_NOTICE([code coverage enabled])
|
||||
], [
|
||||
AC_MSG_ERROR([code coverage requires unit tests])
|
||||
])
|
||||
])
|
||||
AM_CONDITIONAL([WITH_CODE_COVERAGE], [test x"$enable_code_coverage" = x"yes"])
|
||||
AM_CONDITIONAL([CLANG_CODE_COVERAGE], [test x"$clang_code_coverage" = x"yes"])
|
||||
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
bin/Makefile
|
||||
|
@ -117,14 +153,18 @@ AC_CONFIG_FILES([
|
|||
bin/su/Makefile
|
||||
doc/Makefile
|
||||
doc/man/Makefile
|
||||
freebsd/Makefile
|
||||
include/Makefile
|
||||
include/security/Makefile
|
||||
lib/Makefile
|
||||
lib/libpam/Makefile
|
||||
misc/Makefile
|
||||
modules/Makefile
|
||||
modules/pam_deny/Makefile
|
||||
modules/pam_permit/Makefile
|
||||
modules/pam_return/Makefile
|
||||
modules/pam_unix/Makefile
|
||||
t/Makefile
|
||||
])
|
||||
AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
|
||||
AC_CONFIG_FILES([misc/coverity.sh],[chmod +x misc/coverity.sh])
|
||||
AC_OUTPUT
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = man
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
/*.3
|
||||
!/pam_conv.3
|
|
@ -1,9 +1,7 @@
|
|||
# $Id$
|
||||
|
||||
NULL =
|
||||
|
||||
# Standard PAM API
|
||||
PMAN = \
|
||||
PAM_MAN = \
|
||||
pam_acct_mgmt.3 \
|
||||
pam_authenticate.3 \
|
||||
pam_chauthtok.3 \
|
||||
|
@ -24,7 +22,7 @@ PMAN = \
|
|||
$(NULL)
|
||||
|
||||
# Standard module API
|
||||
MMAN = \
|
||||
MOD_MAN = \
|
||||
pam_sm_acct_mgmt.3 \
|
||||
pam_sm_authenticate.3 \
|
||||
pam_sm_chauthtok.3 \
|
||||
|
@ -34,7 +32,7 @@ MMAN = \
|
|||
$(NULL)
|
||||
|
||||
# OpenPAM extensions
|
||||
OMAN = \
|
||||
OPENPAM_MAN = \
|
||||
openpam_borrow_cred.3 \
|
||||
openpam_free_data.3 \
|
||||
openpam_free_envlist.3 \
|
||||
|
@ -63,27 +61,35 @@ OMAN = \
|
|||
|
||||
EXTRA_DIST = openpam.man pam.man
|
||||
|
||||
ALLCMAN = $(PMAN) $(MMAN) $(OMAN)
|
||||
if !WITH_SYSTEM_LIBPAM
|
||||
PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN)
|
||||
PAMXMAN = openpam.3 pam.3
|
||||
endif
|
||||
|
||||
dist_man3_MANS = $(ALLCMAN) openpam.3 pam.3 pam_conv.3
|
||||
ALLCMAN = $(PAMCMAN)
|
||||
GENMAN = $(ALLCMAN) $(PAMXMAN)
|
||||
|
||||
dist_man3_MANS = $(GENMAN) pam_conv.3
|
||||
|
||||
dist_man5_MANS = pam.conf.5
|
||||
|
||||
CLEANFILES = $(ALLCMAN) openpam.3 pam.3
|
||||
CLEANFILES = $(GENMAN)
|
||||
|
||||
GENDOC = $(top_srcdir)/misc/gendoc.pl
|
||||
|
||||
LIBSRCDIR = $(top_srcdir)/lib
|
||||
LIBPAMSRCDIR = $(top_srcdir)/lib/libpam
|
||||
|
||||
VPATH = $(LIBSRCDIR) $(srcdir)
|
||||
VPATH = $(LIBPAMSRCDIR) $(srcdir)
|
||||
|
||||
SUFFIXES = .3
|
||||
|
||||
.c.3: $(GENDOC)
|
||||
perl -w $(GENDOC) $<
|
||||
perl -w $(GENDOC) $< || rm $@
|
||||
|
||||
openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
|
||||
perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
|
||||
openpam.3: $(OPENPAM_MAN) $(GENDOC) $(srcdir)/openpam.man
|
||||
perl -w $(GENDOC) -o $(OPENPAM_MAN) <$(srcdir)/openpam.man || rm $@
|
||||
|
||||
pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
|
||||
perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man
|
||||
pam.3: $(PAM_MAN) $(GENDOC) $(srcdir)/pam.man
|
||||
perl -w $(GENDOC) -p $(PAM_MAN) <$(srcdir)/pam.man || rm $@
|
||||
|
||||
$(GENMAN): $(GENDOC)
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Sh DESCRIPTION
|
||||
These functions are OpenPAM extensions to the PAM API.
|
||||
Those named
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2005-2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2005-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,9 +26,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd November 3, 2011
|
||||
.Dd March 17, 2013
|
||||
.Dt PAM.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -65,15 +63,16 @@ Entries in
|
|||
policy files are of the same form, but are prefixed by an additional
|
||||
field specifying the name of the service they apply to.
|
||||
.Pp
|
||||
In both types of policy files, blank lines are ignored, as is anything
|
||||
to the right of a
|
||||
In both cases, blank lines and comments introduced by a
|
||||
.Ql #
|
||||
sign.
|
||||
sign are ignored, and the normal shell quoting rules apply.
|
||||
The precise details of how the file is tokenized are described in
|
||||
.Xr openpam_readword 3 .
|
||||
.Pp
|
||||
The
|
||||
.Ar facility
|
||||
field specifies the facility the entry applies to, and is one of:
|
||||
.Bl -tag -width ".Cm password"
|
||||
.Bl -tag -width 12n
|
||||
.It Cm auth
|
||||
Authentication functions
|
||||
.Po
|
||||
|
@ -99,7 +98,7 @@ The
|
|||
field determines how the result returned by the module affects the
|
||||
flow of control through (and the final result of) the rest of the
|
||||
chain, and is one of:
|
||||
.Bl -tag -width ".Cm sufficient"
|
||||
.Bl -tag -width 12n
|
||||
.It Cm required
|
||||
If this module succeeds, the result of the chain will be success
|
||||
unless a later module fails.
|
||||
|
@ -141,16 +140,18 @@ phase of
|
|||
.Pp
|
||||
The
|
||||
.Ar module-path
|
||||
field specifies the name, or optionally the full path, of the module
|
||||
to call.
|
||||
field specifies the name or full path of the module to call.
|
||||
If only the name is specified, the PAM library will search for it in
|
||||
the following locations:
|
||||
.Bl -enum
|
||||
.It
|
||||
.Pa /usr/lib
|
||||
.It
|
||||
.Pa /usr/local/lib
|
||||
.El
|
||||
.Pp
|
||||
The remaining fields are passed as arguments to the module if and when
|
||||
it is invoked.
|
||||
As a special case, if an argument is of the form ``name=value'' and
|
||||
the right-hand side is surrounded by single or double quotes, any
|
||||
whitespace between the quote characters will be considered part of the
|
||||
same argument rather than a separator between this argument and the
|
||||
next.
|
||||
The remaining fields, if any, are passed unmodified to the module if
|
||||
and when it is invoked.
|
||||
.Pp
|
||||
The
|
||||
.Cm include
|
||||
|
@ -161,6 +162,37 @@ This allows one to define system-wide policies which are then included
|
|||
into service-specific policies.
|
||||
The system-wide policy can then be modified without having to also
|
||||
modify each and every service-specific policy.
|
||||
.Pp
|
||||
.Bf -symbolic
|
||||
Take care not to introduce loops when using
|
||||
.Cm include
|
||||
rules, as there is currently no loop detection in place.
|
||||
.Ef
|
||||
.Sh MODULE OPTIONS
|
||||
Some PAM library functions may alter their behavior when called by a
|
||||
service module if certain module options were specified, regardless of
|
||||
whether the module itself accords them any importance.
|
||||
One such option is
|
||||
.Cm debug ,
|
||||
which causes the dispatcher to enable debugging messages before
|
||||
calling each service function, and disable them afterwards (unless
|
||||
they were already enabled).
|
||||
Other special options include:
|
||||
.Bl -tag -width 12n
|
||||
.It Cm authtok_prompt Ns = Ns Ar prompt , Cm oldauthtok_prompt Ns = Ns Ar prompt , Cm user_prompt Ns = Ns Ar prompt
|
||||
These options can be used to override the prompts used by
|
||||
.Xr pam_get_authtok 3
|
||||
and
|
||||
.Xr pam_get_user 3 .
|
||||
.It Cm echo_pass
|
||||
This option controls whether
|
||||
.Xr pam_get_authtok 3
|
||||
will allow the user to see what they are typing.
|
||||
.It Cm try_first_pass , Cm use_first_pass
|
||||
These options control
|
||||
.Xr pam_get_authtok 3 Ns 's
|
||||
use of cached authentication tokens.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr pam 3
|
||||
.Sh STANDARDS
|
||||
|
@ -178,4 +210,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
|
|||
as part of the DARPA CHATS research program.
|
||||
.Pp
|
||||
The OpenPAM library is maintained by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Sh DESCRIPTION
|
||||
The Pluggable Authentication Modules (PAM) library abstracts a number
|
||||
of common authentication-related operations and provides a framework
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -32,8 +32,6 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd June 16, 2005
|
||||
.Dt PAM_CONV 3
|
||||
.Os
|
||||
|
@ -76,7 +74,7 @@ item.
|
|||
.Pp
|
||||
The conversation function's first argument specifies the number of
|
||||
messages (up to
|
||||
.Dv PAM_NUM_MSG )
|
||||
.Dv PAM_MAX_NUM_MSG )
|
||||
to process.
|
||||
The second argument is a pointer to an array of pointers to
|
||||
.Vt pam_message
|
||||
|
@ -183,4 +181,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
|
|||
as part of the DARPA CHATS research program.
|
||||
.Pp
|
||||
The OpenPAM library is maintained by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
$Id$
|
||||
|
||||
Errata in XSSO, chapter 5:
|
||||
|
||||
p. 25: the first member of struct pam_response is named "resp", not
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
!/Makefile.in
|
||||
/work
|
|
@ -0,0 +1,33 @@
|
|||
# $FreeBSD: portlint$
|
||||
|
||||
PORTNAME= @PACKAGE_TARNAME@
|
||||
PORTVERSION= @PACKAGE_VERSION@
|
||||
CATEGORIES= security devel
|
||||
MASTER_SITES= #
|
||||
DISTFILES= #
|
||||
|
||||
MAINTAINER= @PACKAGE_BUGREPORT@
|
||||
COMMENT= BSD-licensed implementation of Pluggable Authentication Modules
|
||||
|
||||
LICENSE= BSD3CLAUSE
|
||||
|
||||
USES= gmake libtool pkgconfig
|
||||
USE_LDCONFIG= yes
|
||||
GNU_CONFIGURE= yes
|
||||
INSTALL_TARGET= install-strip
|
||||
TEST_TARGET= check
|
||||
|
||||
DESCR= ${WRKDIR}/pkg-descr
|
||||
|
||||
do-extract:
|
||||
(cd @abs_top_srcdir@ && \
|
||||
${GMAKE} distdir && ${MV} ${PKGNAME} ${WRKDIR})
|
||||
(${CAT} ${WRKSRC}/README && ${ECHO} && \
|
||||
${ECHO} "WWW: @PACKAGE_URL@") >${DESCR}
|
||||
|
||||
post-stage:
|
||||
(cd ${STAGEDIR} && \
|
||||
${FIND} -s . -type f -or -type l | cut -c 2- | \
|
||||
${SED} -E '/\/man\//s/([0-9])$$/\1.gz/') >>${TMPPLIST}
|
||||
|
||||
.include <bsd.port.mk>
|
|
@ -1,3 +1 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = security
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
# $Id$
|
||||
securitydir = $(includedir)/security
|
||||
|
||||
openpamdir = $(includedir)/security
|
||||
|
||||
openpam_HEADERS = \
|
||||
security_HEADERS = \
|
||||
openpam.h \
|
||||
openpam_attr.h \
|
||||
openpam_version.h \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_OPENPAM_H_INCLUDED
|
||||
|
@ -186,6 +184,7 @@ enum {
|
|||
OPENPAM_VERIFY_POLICY_FILE,
|
||||
OPENPAM_RESTRICT_MODULE_NAME,
|
||||
OPENPAM_VERIFY_MODULE_FILE,
|
||||
OPENPAM_FALLBACK_TO_OTHER,
|
||||
OPENPAM_NUM_FEATURES
|
||||
};
|
||||
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
/*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_ATTRIBUTES_H_INCLUDED
|
||||
#define SECURITY_PAM_ATTRIBUTES_H_INCLUDED
|
||||
#ifndef SECURITY_OPENPAM_ATTR_H_INCLUDED
|
||||
#define SECURITY_OPENPAM_ATTR_H_INCLUDED
|
||||
|
||||
/* GCC attributes */
|
||||
#if defined(__GNUC__) && defined(__GNUC_MINOR__) && !defined(__STRICT_ANSI__)
|
||||
|
@ -25,4 +21,10 @@
|
|||
# define OPENPAM_NONNULL(params)
|
||||
#endif
|
||||
|
||||
#endif /* !SECURITY_PAM_ATTRIBUTES_H_INCLUDED */
|
||||
#if OPENPAM_GNUC_PREREQ(2,7)
|
||||
# define OPENPAM_UNUSED(var) var __attribute__((__unused__))
|
||||
#else
|
||||
# define OPENPAM_UNUSED(var) var
|
||||
#endif
|
||||
|
||||
#endif /* !SECURITY_OPENPAM_ATTR_H_INCLUDED */
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,15 +31,13 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
|
||||
#define SECURITY_OPENPAM_VERSION_H_INCLUDED
|
||||
|
||||
#define OPENPAM
|
||||
#define OPENPAM_VERSION 20120526
|
||||
#define OPENPAM_RELEASE "Micrampelis"
|
||||
#define OPENPAM_VERSION 20230627
|
||||
#define OPENPAM_RELEASE "Ximenia"
|
||||
|
||||
#endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_APPL_H_INCLUDED
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_CONSTANTS_H_INCLUDED
|
||||
|
@ -78,6 +76,10 @@ enum {
|
|||
PAM_TRY_AGAIN = 27,
|
||||
PAM_MODULE_UNKNOWN = 28,
|
||||
PAM_DOMAIN_UNKNOWN = 29,
|
||||
PAM_BAD_HANDLE = 30, /* OpenPAM extension */
|
||||
PAM_BAD_ITEM = 31, /* OpenPAM extension */
|
||||
PAM_BAD_FEATURE = 32, /* OpenPAM extension */
|
||||
PAM_BAD_CONSTANT = 33, /* OpenPAM extension */
|
||||
PAM_NUM_ERRORS /* OpenPAM extension */
|
||||
};
|
||||
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_MODULES_H_INCLUDED
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_TYPES_H_INCLUDED
|
||||
|
|
|
@ -1,92 +1,5 @@
|
|||
# $Id$
|
||||
SUBDIRS =
|
||||
|
||||
NULL =
|
||||
|
||||
INCLUDES = -I$(top_srcdir)/include
|
||||
|
||||
lib_LTLIBRARIES = libpam.la
|
||||
|
||||
noinst_HEADERS = \
|
||||
openpam_constants.h \
|
||||
openpam_ctype.h \
|
||||
openpam_debug.h \
|
||||
openpam_features.h \
|
||||
openpam_impl.h \
|
||||
openpam_strlcat.h \
|
||||
openpam_strlcmp.h \
|
||||
openpam_strlcpy.h
|
||||
|
||||
libpam_la_SOURCES = \
|
||||
openpam_borrow_cred.c \
|
||||
openpam_check_owner_perms.c \
|
||||
openpam_configure.c \
|
||||
openpam_constants.c \
|
||||
openpam_dispatch.c \
|
||||
openpam_dynamic.c \
|
||||
openpam_features.c \
|
||||
openpam_findenv.c \
|
||||
openpam_free_data.c \
|
||||
openpam_free_envlist.c \
|
||||
openpam_get_feature.c \
|
||||
openpam_get_option.c \
|
||||
openpam_load.c \
|
||||
openpam_log.c \
|
||||
openpam_nullconv.c \
|
||||
openpam_readline.c \
|
||||
openpam_readlinev.c \
|
||||
openpam_readword.c \
|
||||
openpam_restore_cred.c \
|
||||
openpam_set_option.c \
|
||||
openpam_set_feature.c \
|
||||
openpam_static.c \
|
||||
openpam_straddch.c \
|
||||
openpam_subst.c \
|
||||
openpam_ttyconv.c \
|
||||
pam_acct_mgmt.c \
|
||||
pam_authenticate.c \
|
||||
pam_chauthtok.c \
|
||||
pam_close_session.c \
|
||||
pam_end.c \
|
||||
pam_error.c \
|
||||
pam_get_authtok.c \
|
||||
pam_get_data.c \
|
||||
pam_get_item.c \
|
||||
pam_get_user.c \
|
||||
pam_getenv.c \
|
||||
pam_getenvlist.c \
|
||||
pam_info.c \
|
||||
pam_open_session.c \
|
||||
pam_prompt.c \
|
||||
pam_putenv.c \
|
||||
pam_set_data.c \
|
||||
pam_set_item.c \
|
||||
pam_setcred.c \
|
||||
pam_setenv.c \
|
||||
pam_start.c \
|
||||
pam_strerror.c \
|
||||
pam_verror.c \
|
||||
pam_vinfo.c \
|
||||
pam_vprompt.c \
|
||||
$(NULL)
|
||||
|
||||
libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
|
||||
libpam_la_LIBADD = @DL_LIBS@
|
||||
|
||||
EXTRA_DIST = \
|
||||
pam_authenticate_secondary.c \
|
||||
pam_get_mapped_authtok.c \
|
||||
pam_get_mapped_username.c \
|
||||
pam_set_mapped_authtok.c \
|
||||
pam_set_mapped_username.c \
|
||||
\
|
||||
pam_sm_acct_mgmt.c \
|
||||
pam_sm_authenticate.c \
|
||||
pam_sm_authenticate_secondary.c \
|
||||
pam_sm_chauthtok.c \
|
||||
pam_sm_close_session.c \
|
||||
pam_sm_get_mapped_authtok.c \
|
||||
pam_sm_get_mapped_username.c \
|
||||
pam_sm_open_session.c \
|
||||
pam_sm_set_mapped_authtok.c \
|
||||
pam_sm_set_mapped_username.c \
|
||||
pam_sm_setcred.c
|
||||
if !WITH_SYSTEM_LIBPAM
|
||||
SUBDIRS += libpam
|
||||
endif
|
||||
|
|
|
@ -0,0 +1,100 @@
|
|||
NULL =
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
||||
lib_LTLIBRARIES = libpam.la
|
||||
|
||||
noinst_HEADERS = \
|
||||
openpam_asprintf.h \
|
||||
openpam_constants.h \
|
||||
openpam_cred.h \
|
||||
openpam_ctype.h \
|
||||
openpam_debug.h \
|
||||
openpam_dlfunc.h \
|
||||
openpam_features.h \
|
||||
openpam_impl.h \
|
||||
openpam_strlcat.h \
|
||||
openpam_strlcmp.h \
|
||||
openpam_strlcpy.h \
|
||||
openpam_strlset.h \
|
||||
openpam_vasprintf.h
|
||||
|
||||
libpam_la_SOURCES = \
|
||||
openpam_asprintf.c \
|
||||
openpam_borrow_cred.c \
|
||||
openpam_check_owner_perms.c \
|
||||
openpam_configure.c \
|
||||
openpam_constants.c \
|
||||
openpam_dispatch.c \
|
||||
openpam_dynamic.c \
|
||||
openpam_features.c \
|
||||
openpam_findenv.c \
|
||||
openpam_free_data.c \
|
||||
openpam_free_envlist.c \
|
||||
openpam_get_feature.c \
|
||||
openpam_get_option.c \
|
||||
openpam_load.c \
|
||||
openpam_log.c \
|
||||
openpam_nullconv.c \
|
||||
openpam_readline.c \
|
||||
openpam_readlinev.c \
|
||||
openpam_readword.c \
|
||||
openpam_restore_cred.c \
|
||||
openpam_set_option.c \
|
||||
openpam_set_feature.c \
|
||||
openpam_static.c \
|
||||
openpam_straddch.c \
|
||||
openpam_strlcat.c \
|
||||
openpam_strlcpy.c \
|
||||
openpam_strlset.c \
|
||||
openpam_subst.c \
|
||||
openpam_vasprintf.c \
|
||||
openpam_ttyconv.c \
|
||||
pam_acct_mgmt.c \
|
||||
pam_authenticate.c \
|
||||
pam_chauthtok.c \
|
||||
pam_close_session.c \
|
||||
pam_end.c \
|
||||
pam_error.c \
|
||||
pam_get_authtok.c \
|
||||
pam_get_data.c \
|
||||
pam_get_item.c \
|
||||
pam_get_user.c \
|
||||
pam_getenv.c \
|
||||
pam_getenvlist.c \
|
||||
pam_info.c \
|
||||
pam_open_session.c \
|
||||
pam_prompt.c \
|
||||
pam_putenv.c \
|
||||
pam_set_data.c \
|
||||
pam_set_item.c \
|
||||
pam_setcred.c \
|
||||
pam_setenv.c \
|
||||
pam_start.c \
|
||||
pam_strerror.c \
|
||||
pam_verror.c \
|
||||
pam_vinfo.c \
|
||||
pam_vprompt.c \
|
||||
$(NULL)
|
||||
|
||||
libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
|
||||
libpam_la_LIBADD = $(DL_LIBS)
|
||||
|
||||
EXTRA_DIST = \
|
||||
pam_authenticate_secondary.c \
|
||||
pam_get_mapped_authtok.c \
|
||||
pam_get_mapped_username.c \
|
||||
pam_set_mapped_authtok.c \
|
||||
pam_set_mapped_username.c \
|
||||
\
|
||||
pam_sm_acct_mgmt.c \
|
||||
pam_sm_authenticate.c \
|
||||
pam_sm_authenticate_secondary.c \
|
||||
pam_sm_chauthtok.c \
|
||||
pam_sm_close_session.c \
|
||||
pam_sm_get_mapped_authtok.c \
|
||||
pam_sm_get_mapped_username.c \
|
||||
pam_sm_open_session.c \
|
||||
pam_sm_set_mapped_authtok.c \
|
||||
pam_sm_set_mapped_username.c \
|
||||
pam_sm_setcred.c
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,35 +25,31 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef T_H_INCLUDED
|
||||
#define T_H_INCLUDED
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <security/openpam_attr.h>
|
||||
#ifndef HAVE_ASPRINTF
|
||||
|
||||
struct t_test {
|
||||
int (*func)(void);
|
||||
const char *desc;
|
||||
};
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#define T_FUNC(n, d) \
|
||||
static int t_ ## n ## _func(void); \
|
||||
static const struct t_test t_ ## n = \
|
||||
{ t_ ## n ## _func, d }; \
|
||||
static int t_ ## n ## _func(void)
|
||||
#include "openpam_asprintf.h"
|
||||
#include "openpam_vasprintf.h"
|
||||
|
||||
#define T(n) \
|
||||
&t_ ## n
|
||||
/* like sprintf(3), but allocates memory for the result. */
|
||||
int
|
||||
openpam_asprintf(char **str, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int ret;
|
||||
|
||||
extern const char *t_progname;
|
||||
|
||||
const struct t_test **t_prepare(int, char **);
|
||||
void t_cleanup(void);
|
||||
|
||||
void t_verbose(const char *, ...)
|
||||
OPENPAM_FORMAT((__printf__, 1, 2));
|
||||
va_start(ap, fmt);
|
||||
ret = vasprintf(str, fmt, ap);
|
||||
va_end(ap);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -0,0 +1,39 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_ASPRINTF_H_INCLUDED
|
||||
#define OPENPAM_ASPRINTF_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_ASPRINTF
|
||||
int openpam_asprintf(char **, const char *, ...);
|
||||
#undef asprintf
|
||||
#define asprintf(arg, ...) openpam_asprintf(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -50,6 +48,7 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_cred.h"
|
||||
|
||||
/*
|
||||
* OpenPAM extension
|
||||
|
@ -68,12 +67,12 @@ openpam_borrow_cred(pam_handle_t *pamh,
|
|||
ENTERI(pwd->pw_uid);
|
||||
r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp);
|
||||
if (r == PAM_SUCCESS && scredp != NULL) {
|
||||
openpam_log(PAM_LOG_DEBUG,
|
||||
openpam_log(PAM_LOG_LIBDEBUG,
|
||||
"already operating under borrowed credentials");
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
}
|
||||
if (geteuid() != 0 && geteuid() != pwd->pw_uid) {
|
||||
openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d",
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "called with non-zero euid: %d",
|
||||
(int)geteuid());
|
||||
RETURNC(PAM_PERM_DENIED);
|
||||
}
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -41,7 +39,6 @@
|
|||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
@ -194,6 +191,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid facility",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (facility != fclt && facility != PAM_FACILITY_ANY) {
|
||||
|
@ -209,18 +207,28 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid service name",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (wordv[i] != NULL) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): garbage at end of line",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
ret = openpam_load_chain(pamh, servicename, fclt);
|
||||
FREEV(wordc, wordv);
|
||||
if (ret < 0)
|
||||
if (ret < 0) {
|
||||
/*
|
||||
* Bogus errno, but this ensures that the
|
||||
* outer loop does not just ignore the
|
||||
* error and keep searching.
|
||||
*/
|
||||
if (errno == ENOENT)
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -230,6 +238,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid control flag",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
@ -239,6 +248,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid module name",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
@ -248,8 +258,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
this->flag = ctlf;
|
||||
|
||||
/* load module */
|
||||
if ((this->module = openpam_load_module(modulename)) == NULL)
|
||||
if ((this->module = openpam_load_module(modulename)) == NULL) {
|
||||
if (errno == ENOENT)
|
||||
errno = ENOEXEC;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/*
|
||||
* The remaining items in wordv are the module's
|
||||
|
@ -282,7 +295,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
* The loop ended because openpam_readword() returned NULL, which
|
||||
* can happen for four different reasons: an I/O error (ferror(f)
|
||||
* is true), a memory allocation failure (ferror(f) is false,
|
||||
* errno is non-zero)
|
||||
* feof(f) is false, errno is non-zero), the file ended with an
|
||||
* unterminated quote or backslash escape (ferror(f) is false,
|
||||
* feof(f) is true, errno is non-zero), or the end of the file was
|
||||
* reached without error (ferror(f) is false, feof(f) is true,
|
||||
* errno is zero).
|
||||
*/
|
||||
if (ferror(f) || errno != 0)
|
||||
goto syserr;
|
||||
|
@ -308,14 +325,6 @@ fail:
|
|||
return (-1);
|
||||
}
|
||||
|
||||
static const char *openpam_policy_path[] = {
|
||||
"/etc/pam.d/",
|
||||
"/etc/pam.conf",
|
||||
"/usr/local/etc/pam.d/",
|
||||
"/usr/local/etc/pam.conf",
|
||||
NULL
|
||||
};
|
||||
|
||||
/*
|
||||
* Read the specified chains from the specified file.
|
||||
*
|
||||
|
@ -399,6 +408,10 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
for (path = openpam_policy_path; *path != NULL; ++path) {
|
||||
/* construct filename */
|
||||
len = strlcpy(filename, *path, sizeof filename);
|
||||
if (len >= sizeof filename) {
|
||||
errno = ENAMETOOLONG;
|
||||
RETURNN(-1);
|
||||
}
|
||||
if (filename[len - 1] == '/') {
|
||||
len = strlcat(filename, service, sizeof filename);
|
||||
if (len >= sizeof filename) {
|
||||
|
@ -411,6 +424,9 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
}
|
||||
ret = openpam_load_file(pamh, service, facility,
|
||||
filename, style);
|
||||
/* success */
|
||||
if (ret > 0)
|
||||
RETURNN(ret);
|
||||
/* the file exists, but an error occurred */
|
||||
if (ret == -1 && errno != ENOENT)
|
||||
RETURNN(ret);
|
||||
|
@ -420,7 +436,8 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
/* no hit */
|
||||
RETURNN(0);
|
||||
errno = ENOENT;
|
||||
RETURNN(-1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -441,13 +458,17 @@ openpam_configure(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR, "invalid service name");
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
}
|
||||
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
|
||||
goto load_err;
|
||||
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
|
||||
if (errno != ENOENT)
|
||||
goto load_err;
|
||||
}
|
||||
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
||||
if (pamh->chains[fclt] != NULL)
|
||||
continue;
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
}
|
||||
}
|
||||
RETURNC(PAM_SUCCESS);
|
||||
load_err:
|
|
@ -0,0 +1,183 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
* Network Associates Laboratories, the Security Research Division of
|
||||
* Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
* ("CBOSS"), as part of the DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
|
||||
const char *pam_err_name[PAM_NUM_ERRORS] = {
|
||||
[PAM_SUCCESS] = "PAM_SUCCESS",
|
||||
[PAM_OPEN_ERR] = "PAM_OPEN_ERR",
|
||||
[PAM_SYMBOL_ERR] = "PAM_SYMBOL_ERR",
|
||||
[PAM_SERVICE_ERR] = "PAM_SERVICE_ERR",
|
||||
[PAM_SYSTEM_ERR] = "PAM_SYSTEM_ERR",
|
||||
[PAM_BUF_ERR] = "PAM_BUF_ERR",
|
||||
[PAM_CONV_ERR] = "PAM_CONV_ERR",
|
||||
[PAM_PERM_DENIED] = "PAM_PERM_DENIED",
|
||||
[PAM_MAXTRIES] = "PAM_MAXTRIES",
|
||||
[PAM_AUTH_ERR] = "PAM_AUTH_ERR",
|
||||
[PAM_NEW_AUTHTOK_REQD] = "PAM_NEW_AUTHTOK_REQD",
|
||||
[PAM_CRED_INSUFFICIENT] = "PAM_CRED_INSUFFICIENT",
|
||||
[PAM_AUTHINFO_UNAVAIL] = "PAM_AUTHINFO_UNAVAIL",
|
||||
[PAM_USER_UNKNOWN] = "PAM_USER_UNKNOWN",
|
||||
[PAM_CRED_UNAVAIL] = "PAM_CRED_UNAVAIL",
|
||||
[PAM_CRED_EXPIRED] = "PAM_CRED_EXPIRED",
|
||||
[PAM_CRED_ERR] = "PAM_CRED_ERR",
|
||||
[PAM_ACCT_EXPIRED] = "PAM_ACCT_EXPIRED",
|
||||
[PAM_AUTHTOK_EXPIRED] = "PAM_AUTHTOK_EXPIRED",
|
||||
[PAM_SESSION_ERR] = "PAM_SESSION_ERR",
|
||||
[PAM_AUTHTOK_ERR] = "PAM_AUTHTOK_ERR",
|
||||
[PAM_AUTHTOK_RECOVERY_ERR] = "PAM_AUTHTOK_RECOVERY_ERR",
|
||||
[PAM_AUTHTOK_LOCK_BUSY] = "PAM_AUTHTOK_LOCK_BUSY",
|
||||
[PAM_AUTHTOK_DISABLE_AGING] = "PAM_AUTHTOK_DISABLE_AGING",
|
||||
[PAM_NO_MODULE_DATA] = "PAM_NO_MODULE_DATA",
|
||||
[PAM_IGNORE] = "PAM_IGNORE",
|
||||
[PAM_ABORT] = "PAM_ABORT",
|
||||
[PAM_TRY_AGAIN] = "PAM_TRY_AGAIN",
|
||||
[PAM_MODULE_UNKNOWN] = "PAM_MODULE_UNKNOWN",
|
||||
[PAM_DOMAIN_UNKNOWN] = "PAM_DOMAIN_UNKNOWN",
|
||||
[PAM_BAD_HANDLE] = "PAM_BAD_HANDLE",
|
||||
[PAM_BAD_ITEM] = "PAM_BAD_ITEM",
|
||||
[PAM_BAD_FEATURE] = "PAM_BAD_FEATURE",
|
||||
[PAM_BAD_CONSTANT] = "PAM_BAD_CONSTANT",
|
||||
};
|
||||
|
||||
const char *pam_err_text[PAM_NUM_ERRORS] = {
|
||||
[PAM_SUCCESS] = "Success",
|
||||
[PAM_OPEN_ERR] = "Failed to load module",
|
||||
[PAM_SYMBOL_ERR] = "Invalid symbol",
|
||||
[PAM_SERVICE_ERR] = "Error in service module",
|
||||
[PAM_SYSTEM_ERR] = "System error",
|
||||
[PAM_BUF_ERR] = "Memory buffer error",
|
||||
[PAM_CONV_ERR] = "Conversation failure",
|
||||
[PAM_PERM_DENIED] = "Permission denied",
|
||||
[PAM_MAXTRIES] = "Maximum number of tries exceeded",
|
||||
[PAM_AUTH_ERR] = "Authentication error",
|
||||
[PAM_NEW_AUTHTOK_REQD] = "New authentication token required",
|
||||
[PAM_CRED_INSUFFICIENT] = "Insufficient credentials",
|
||||
[PAM_AUTHINFO_UNAVAIL] = "Authentication information is unavailable",
|
||||
[PAM_USER_UNKNOWN] = "Unknown user",
|
||||
[PAM_CRED_UNAVAIL] = "Failed to retrieve user credentials",
|
||||
[PAM_CRED_EXPIRED] = "User credentials have expired",
|
||||
[PAM_CRED_ERR] = "Failed to set user credentials",
|
||||
[PAM_ACCT_EXPIRED] = "User account has expired",
|
||||
[PAM_AUTHTOK_EXPIRED] = "Password has expired",
|
||||
[PAM_SESSION_ERR] = "Session failure",
|
||||
[PAM_AUTHTOK_ERR] = "Authentication token failure",
|
||||
[PAM_AUTHTOK_RECOVERY_ERR] = "Failed to recover old authentication token",
|
||||
[PAM_AUTHTOK_LOCK_BUSY] = "Authentication token lock busy",
|
||||
[PAM_AUTHTOK_DISABLE_AGING] = "Authentication token aging disabled",
|
||||
[PAM_NO_MODULE_DATA] = "Module data not found",
|
||||
[PAM_IGNORE] = "Ignore this module",
|
||||
[PAM_ABORT] = "General failure",
|
||||
[PAM_TRY_AGAIN] = "Try again",
|
||||
[PAM_MODULE_UNKNOWN] = "Unknown module type",
|
||||
[PAM_DOMAIN_UNKNOWN] = "Unknown authentication domain",
|
||||
[PAM_BAD_HANDLE] = "Invalid PAM handle",
|
||||
[PAM_BAD_ITEM] = "Unrecognized or restricted item",
|
||||
[PAM_BAD_FEATURE] = "Unrecognized or restricted feature",
|
||||
[PAM_BAD_CONSTANT] = "Invalid constant",
|
||||
};
|
||||
|
||||
const char *pam_item_name[PAM_NUM_ITEMS] = {
|
||||
[PAM_SERVICE] = "PAM_SERVICE",
|
||||
[PAM_USER] = "PAM_USER",
|
||||
[PAM_TTY] = "PAM_TTY",
|
||||
[PAM_RHOST] = "PAM_RHOST",
|
||||
[PAM_CONV] = "PAM_CONV",
|
||||
[PAM_AUTHTOK] = "PAM_AUTHTOK",
|
||||
[PAM_OLDAUTHTOK] = "PAM_OLDAUTHTOK",
|
||||
[PAM_RUSER] = "PAM_RUSER",
|
||||
[PAM_USER_PROMPT] = "PAM_USER_PROMPT",
|
||||
[PAM_REPOSITORY] = "PAM_REPOSITORY",
|
||||
[PAM_AUTHTOK_PROMPT] = "PAM_AUTHTOK_PROMPT",
|
||||
[PAM_OLDAUTHTOK_PROMPT] = "PAM_OLDAUTHTOK_PROMPT",
|
||||
[PAM_HOST] = "PAM_HOST",
|
||||
};
|
||||
|
||||
const char *pam_facility_name[PAM_NUM_FACILITIES] = {
|
||||
[PAM_ACCOUNT] = "account",
|
||||
[PAM_AUTH] = "auth",
|
||||
[PAM_PASSWORD] = "password",
|
||||
[PAM_SESSION] = "session",
|
||||
};
|
||||
|
||||
const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
|
||||
[PAM_BINDING] = "binding",
|
||||
[PAM_OPTIONAL] = "optional",
|
||||
[PAM_REQUIRED] = "required",
|
||||
[PAM_REQUISITE] = "requisite",
|
||||
[PAM_SUFFICIENT] = "sufficient",
|
||||
};
|
||||
|
||||
const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
[PAM_SM_AUTHENTICATE] = "pam_authenticate",
|
||||
[PAM_SM_SETCRED] = "pam_setcred",
|
||||
[PAM_SM_ACCT_MGMT] = "pam_acct_mgmt",
|
||||
[PAM_SM_OPEN_SESSION] = "pam_open_session",
|
||||
[PAM_SM_CLOSE_SESSION] = "pam_close_session",
|
||||
[PAM_SM_CHAUTHTOK] = "pam_chauthtok"
|
||||
};
|
||||
|
||||
const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
[PAM_SM_AUTHENTICATE] = "pam_sm_authenticate",
|
||||
[PAM_SM_SETCRED] = "pam_sm_setcred",
|
||||
[PAM_SM_ACCT_MGMT] = "pam_sm_acct_mgmt",
|
||||
[PAM_SM_OPEN_SESSION] = "pam_sm_open_session",
|
||||
[PAM_SM_CLOSE_SESSION] = "pam_sm_close_session",
|
||||
[PAM_SM_CHAUTHTOK] = "pam_sm_chauthtok"
|
||||
};
|
||||
|
||||
const char *openpam_policy_path[] = {
|
||||
"/etc/pam.d/",
|
||||
"/etc/pam.conf",
|
||||
"/usr/local/etc/pam.d/",
|
||||
"/usr/local/etc/pam.conf",
|
||||
NULL
|
||||
};
|
||||
|
||||
const char *openpam_module_path[] = {
|
||||
#ifdef OPENPAM_MODULES_DIRECTORY
|
||||
OPENPAM_MODULES_DIRECTORY,
|
||||
#else
|
||||
"/usr/lib",
|
||||
"/usr/local/lib",
|
||||
#endif
|
||||
NULL
|
||||
};
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,18 +25,20 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_CONSTANTS_H_INCLUDED
|
||||
#define OPENPAM_CONSTANTS_H_INCLUDED
|
||||
|
||||
extern const char *pam_err_name[PAM_NUM_ERRORS];
|
||||
extern const char *pam_err_text[PAM_NUM_ERRORS];
|
||||
extern const char *pam_item_name[PAM_NUM_ITEMS];
|
||||
extern const char *pam_facility_name[PAM_NUM_FACILITIES];
|
||||
extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS];
|
||||
extern const char *pam_func_name[PAM_NUM_PRIMITIVES];
|
||||
extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES];
|
||||
|
||||
extern const char *openpam_policy_path[];
|
||||
extern const char *openpam_module_path[];
|
||||
|
||||
#endif
|
|
@ -31,97 +31,20 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#ifndef OPENPAM_CRED_H_INCLUDED
|
||||
#define OPENPAM_CRED_H_INCLUDED
|
||||
|
||||
/*
|
||||
* Saved credentials
|
||||
*/
|
||||
#define PAM_SAVED_CRED "pam_saved_cred"
|
||||
struct pam_saved_cred {
|
||||
uid_t euid;
|
||||
gid_t egid;
|
||||
gid_t groups[NGROUPS_MAX];
|
||||
int ngroups;
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
|
||||
const char *pam_err_name[PAM_NUM_ERRORS] = {
|
||||
"PAM_SUCCESS",
|
||||
"PAM_OPEN_ERR",
|
||||
"PAM_SYMBOL_ERR",
|
||||
"PAM_SERVICE_ERR",
|
||||
"PAM_SYSTEM_ERR",
|
||||
"PAM_BUF_ERR",
|
||||
"PAM_CONV_ERR",
|
||||
"PAM_PERM_DENIED",
|
||||
"PAM_MAXTRIES",
|
||||
"PAM_AUTH_ERR",
|
||||
"PAM_NEW_AUTHTOK_REQD",
|
||||
"PAM_CRED_INSUFFICIENT",
|
||||
"PAM_AUTHINFO_UNAVAIL",
|
||||
"PAM_USER_UNKNOWN",
|
||||
"PAM_CRED_UNAVAIL",
|
||||
"PAM_CRED_EXPIRED",
|
||||
"PAM_CRED_ERR",
|
||||
"PAM_ACCT_EXPIRED",
|
||||
"PAM_AUTHTOK_EXPIRED",
|
||||
"PAM_SESSION_ERR",
|
||||
"PAM_AUTHTOK_ERR",
|
||||
"PAM_AUTHTOK_RECOVERY_ERR",
|
||||
"PAM_AUTHTOK_LOCK_BUSY",
|
||||
"PAM_AUTHTOK_DISABLE_AGING",
|
||||
"PAM_NO_MODULE_DATA",
|
||||
"PAM_IGNORE",
|
||||
"PAM_ABORT",
|
||||
"PAM_TRY_AGAIN",
|
||||
"PAM_MODULE_UNKNOWN",
|
||||
"PAM_DOMAIN_UNKNOWN"
|
||||
};
|
||||
|
||||
const char *pam_item_name[PAM_NUM_ITEMS] = {
|
||||
"(NO ITEM)",
|
||||
"PAM_SERVICE",
|
||||
"PAM_USER",
|
||||
"PAM_TTY",
|
||||
"PAM_RHOST",
|
||||
"PAM_CONV",
|
||||
"PAM_AUTHTOK",
|
||||
"PAM_OLDAUTHTOK",
|
||||
"PAM_RUSER",
|
||||
"PAM_USER_PROMPT",
|
||||
"PAM_REPOSITORY",
|
||||
"PAM_AUTHTOK_PROMPT",
|
||||
"PAM_OLDAUTHTOK_PROMPT",
|
||||
"PAM_HOST",
|
||||
};
|
||||
|
||||
const char *pam_facility_name[PAM_NUM_FACILITIES] = {
|
||||
[PAM_ACCOUNT] = "account",
|
||||
[PAM_AUTH] = "auth",
|
||||
[PAM_PASSWORD] = "password",
|
||||
[PAM_SESSION] = "session",
|
||||
};
|
||||
|
||||
const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
|
||||
[PAM_BINDING] = "binding",
|
||||
[PAM_OPTIONAL] = "optional",
|
||||
[PAM_REQUIRED] = "required",
|
||||
[PAM_REQUISITE] = "requisite",
|
||||
[PAM_SUFFICIENT] = "sufficient",
|
||||
};
|
||||
|
||||
const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
"pam_authenticate",
|
||||
"pam_setcred",
|
||||
"pam_acct_mgmt",
|
||||
"pam_open_session",
|
||||
"pam_close_session",
|
||||
"pam_chauthtok"
|
||||
};
|
||||
|
||||
const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
"pam_sm_authenticate",
|
||||
"pam_sm_setcred",
|
||||
"pam_sm_acct_mgmt",
|
||||
"pam_sm_open_session",
|
||||
"pam_sm_close_session",
|
||||
"pam_sm_chauthtok"
|
||||
};
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,13 +25,43 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_CTYPE_H_INCLUDED
|
||||
#define OPENPAM_CTYPE_H_INCLUDED
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a digit.
|
||||
*/
|
||||
#define is_digit(ch) \
|
||||
(ch >= '0' && ch <= '9')
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a hex digit.
|
||||
*/
|
||||
#define is_xdigit(ch) \
|
||||
((ch >= '0' && ch <= '9') || \
|
||||
(ch >= 'a' && ch <= 'f') || \
|
||||
(ch >= 'A' && ch <= 'F'))
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is an uppercase letter.
|
||||
*/
|
||||
#define is_upper(ch) \
|
||||
(ch >= 'A' && ch <= 'Z')
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a lowercase letter.
|
||||
*/
|
||||
#define is_lower(ch) \
|
||||
(ch >= 'a' && ch <= 'z')
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a letter.
|
||||
*/
|
||||
#define is_letter(ch) \
|
||||
(is_upper(ch) || is_lower(ch))
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a linear whitespace character.
|
||||
* For the purposes of this macro, the definition of linear whitespace is
|
||||
|
@ -60,9 +89,7 @@
|
|||
* of ASCII.
|
||||
*/
|
||||
#define is_pfcs(ch) \
|
||||
((ch >= '0' && ch <= '9') || \
|
||||
(ch >= 'A' && ch <= 'Z') || \
|
||||
(ch >= 'a' && ch <= 'z') || \
|
||||
(is_digit(ch) || is_letter(ch) || \
|
||||
ch == '.' || ch == '_' || ch == '-')
|
||||
|
||||
#endif
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_DEBUG_H_INCLUDED
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -41,6 +39,8 @@
|
|||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
|
@ -63,12 +63,10 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
pam_chain_t *chain;
|
||||
int err, fail, r;
|
||||
int err, fail, nsuccess, r;
|
||||
int debug;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
|
||||
/* prevent recursion */
|
||||
if (pamh->current != NULL) {
|
||||
|
@ -101,23 +99,25 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
/* execute */
|
||||
for (err = fail = 0; chain != NULL; chain = chain->next) {
|
||||
err = PAM_SUCCESS;
|
||||
fail = nsuccess = 0;
|
||||
for (; chain != NULL; chain = chain->next) {
|
||||
if (chain->module->func[primitive] == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "%s: no %s()",
|
||||
chain->module->path, pam_sm_func_name[primitive]);
|
||||
r = PAM_SYSTEM_ERR;
|
||||
r = PAM_SYMBOL_ERR;
|
||||
} else {
|
||||
pamh->primitive = primitive;
|
||||
pamh->current = chain;
|
||||
debug = (openpam_get_option(pamh, "debug") != NULL);
|
||||
if (debug)
|
||||
++openpam_debug;
|
||||
openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
|
||||
pam_sm_func_name[primitive], chain->module->path);
|
||||
r = (chain->module->func[primitive])(pamh, flags,
|
||||
chain->optc, (const char **)chain->optv);
|
||||
chain->optc, (const char **)(intptr_t)chain->optv);
|
||||
pamh->current = NULL;
|
||||
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
|
||||
chain->module->path, pam_sm_func_name[primitive],
|
||||
pam_strerror(pamh, r));
|
||||
if (debug)
|
||||
|
@ -127,6 +127,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
if (r == PAM_IGNORE)
|
||||
continue;
|
||||
if (r == PAM_SUCCESS) {
|
||||
++nsuccess;
|
||||
/*
|
||||
* For pam_setcred() and pam_chauthtok() with the
|
||||
* PAM_PRELIM_CHECK flag, treat "sufficient" as
|
||||
|
@ -148,11 +149,11 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
* fail. If a required module fails, record the
|
||||
* return code from the first required module to fail.
|
||||
*/
|
||||
if (err == 0)
|
||||
if (err == PAM_SUCCESS)
|
||||
err = r;
|
||||
if ((chain->flag == PAM_REQUIRED ||
|
||||
chain->flag == PAM_BINDING) && !fail) {
|
||||
openpam_log(PAM_LOG_DEBUG, "required module failed");
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "required module failed");
|
||||
fail = 1;
|
||||
err = r;
|
||||
}
|
||||
|
@ -162,7 +163,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
* immediately.
|
||||
*/
|
||||
if (chain->flag == PAM_REQUISITE) {
|
||||
openpam_log(PAM_LOG_DEBUG, "requisite module failed");
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "requisite module failed");
|
||||
fail = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -170,6 +171,18 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
|
||||
if (!fail && err != PAM_NEW_AUTHTOK_REQD)
|
||||
err = PAM_SUCCESS;
|
||||
|
||||
/*
|
||||
* Require the chain to be non-empty, and at least one module
|
||||
* in the chain to be successful, so that we don't fail open.
|
||||
*/
|
||||
if (err == PAM_SUCCESS && nsuccess < 1) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"all modules were unsuccessful for %s()",
|
||||
pam_sm_func_name[primitive]);
|
||||
err = PAM_SYSTEM_ERR;
|
||||
}
|
||||
|
||||
RETURNC(err);
|
||||
}
|
||||
|
||||
|
@ -179,6 +192,7 @@ openpam_check_error_code(int primitive, int r)
|
|||
{
|
||||
/* common error codes */
|
||||
if (r == PAM_SUCCESS ||
|
||||
r == PAM_SYSTEM_ERR ||
|
||||
r == PAM_SERVICE_ERR ||
|
||||
r == PAM_BUF_ERR ||
|
||||
r == PAM_CONV_ERR ||
|
|
@ -0,0 +1,44 @@
|
|||
/*-
|
||||
* Copyright (c) 2013 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_DLFCN_H_INCLUDED
|
||||
#define OPENPAM_DLFCN_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_DLFUNC
|
||||
typedef void (*dlfunc_t)();
|
||||
|
||||
static inline dlfunc_t
|
||||
dlfunc(void *handle, const char *symbol)
|
||||
{
|
||||
|
||||
return ((dlfunc_t)dlsym(handle, symbol));
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -31,17 +31,17 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <dlfcn.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -50,6 +50,9 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_asprintf.h"
|
||||
#include "openpam_ctype.h"
|
||||
#include "openpam_dlfunc.h"
|
||||
|
||||
#ifndef RTLD_NOW
|
||||
#define RTLD_NOW RTLD_LAZY
|
||||
|
@ -68,8 +71,12 @@ try_dlopen(const char *modfn)
|
|||
void *dlh;
|
||||
int fd;
|
||||
|
||||
if ((fd = open(modfn, O_RDONLY)) < 0)
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "dlopen(%s)", modfn);
|
||||
if ((fd = open(modfn, O_RDONLY)) < 0) {
|
||||
if (errno != ENOENT)
|
||||
openpam_log(PAM_LOG_ERROR, "%s: %m", modfn);
|
||||
return (NULL);
|
||||
}
|
||||
if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
|
||||
openpam_check_desc_owner_perms(modfn, fd) != 0) {
|
||||
close(fd);
|
||||
|
@ -91,6 +98,7 @@ try_dlopen(const char *modfn)
|
|||
int check_module_file;
|
||||
void *dlh;
|
||||
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "dlopen(%s)", modfn);
|
||||
openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE,
|
||||
&check_module_file);
|
||||
if (check_module_file &&
|
||||
|
@ -106,80 +114,144 @@ try_dlopen(const char *modfn)
|
|||
#endif
|
||||
|
||||
/*
|
||||
* OpenPAM internal
|
||||
*
|
||||
* Locate a dynamically linked module
|
||||
* Try to load a module from the suggested location.
|
||||
*/
|
||||
|
||||
pam_module_t *
|
||||
openpam_dynamic(const char *path)
|
||||
static pam_module_t *
|
||||
try_module(const char *modpath)
|
||||
{
|
||||
const pam_module_t *dlmodule;
|
||||
pam_module_t *module;
|
||||
const char *prefix;
|
||||
char *vpath;
|
||||
void *dlh;
|
||||
int i, serrno;
|
||||
|
||||
dlh = NULL;
|
||||
|
||||
/* Prepend the standard prefix if not an absolute pathname. */
|
||||
if (path[0] != '/')
|
||||
prefix = OPENPAM_MODULES_DIR;
|
||||
else
|
||||
prefix = "";
|
||||
|
||||
/* try versioned module first, then unversioned module */
|
||||
if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
|
||||
if ((module = calloc(1, sizeof *module)) == NULL ||
|
||||
(module->path = strdup(modpath)) == NULL ||
|
||||
(module->dlh = try_dlopen(modpath)) == NULL)
|
||||
goto err;
|
||||
if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) {
|
||||
*strrchr(vpath, '.') = '\0';
|
||||
dlh = try_dlopen(vpath);
|
||||
}
|
||||
if (dlh == NULL)
|
||||
goto err;
|
||||
if ((module = calloc(1, sizeof *module)) == NULL)
|
||||
goto buf_err;
|
||||
if ((module->path = strdup(path)) == NULL)
|
||||
goto buf_err;
|
||||
module->dlh = dlh;
|
||||
dlmodule = dlsym(dlh, "_pam_module");
|
||||
dlmodule = dlsym(module->dlh, "_pam_module");
|
||||
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
|
||||
if (dlmodule) {
|
||||
module->func[i] = dlmodule->func[i];
|
||||
} else {
|
||||
module->func[i] =
|
||||
(pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
|
||||
module->func[i] = (pam_func_t)dlfunc(module->dlh,
|
||||
pam_sm_func_name[i]);
|
||||
/*
|
||||
* This openpam_log() call is a major source of
|
||||
* log spam, and the cases that matter are caught
|
||||
* and logged in openpam_dispatch(). This would
|
||||
* be less problematic if dlerror() returned an
|
||||
* error code so we could log an error only when
|
||||
* dlsym() failed for a reason other than "no such
|
||||
* symbol".
|
||||
* dlfunc() failed for a reason other than "no
|
||||
* such symbol".
|
||||
*/
|
||||
#if 0
|
||||
if (module->func[i] == NULL)
|
||||
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
|
||||
path, pam_sm_func_name[i], dlerror());
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
|
||||
modpath, pam_sm_func_name[i], dlerror());
|
||||
#endif
|
||||
}
|
||||
}
|
||||
FREE(vpath);
|
||||
return (module);
|
||||
buf_err:
|
||||
serrno = errno;
|
||||
if (dlh != NULL)
|
||||
dlclose(dlh);
|
||||
FREE(module);
|
||||
errno = serrno;
|
||||
err:
|
||||
serrno = errno;
|
||||
if (errno != 0)
|
||||
openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);
|
||||
FREE(vpath);
|
||||
if (module != NULL) {
|
||||
if (module->dlh != NULL)
|
||||
dlclose(module->dlh);
|
||||
if (module->path != NULL)
|
||||
FREE(module->path);
|
||||
FREE(module);
|
||||
}
|
||||
errno = serrno;
|
||||
if (serrno != 0 && serrno != ENOENT)
|
||||
openpam_log(PAM_LOG_ERROR, "%s: %m", modpath);
|
||||
errno = serrno;
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* OpenPAM internal
|
||||
*
|
||||
* Locate a dynamically linked module
|
||||
*/
|
||||
|
||||
pam_module_t *
|
||||
openpam_dynamic(const char *modname)
|
||||
{
|
||||
pam_module_t *module;
|
||||
char modpath[PATH_MAX];
|
||||
const char **path, *p;
|
||||
int has_so, has_ver;
|
||||
int dot, len;
|
||||
|
||||
/*
|
||||
* Simple case: module name contains path separator(s)
|
||||
*/
|
||||
if (strchr(modname, '/') != NULL) {
|
||||
/*
|
||||
* Absolute paths are not allowed if RESTRICT_MODULE_NAME
|
||||
* is in effect (default off). Relative paths are never
|
||||
* allowed.
|
||||
*/
|
||||
if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME) ||
|
||||
modname[0] != '/') {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"invalid module name: %s", modname);
|
||||
return (NULL);
|
||||
}
|
||||
return (try_module(modname));
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for .so and version sufixes
|
||||
*/
|
||||
p = strchr(modname, '\0');
|
||||
has_ver = has_so = 0;
|
||||
while (is_digit(*p))
|
||||
--p;
|
||||
if (*p == '.' && *++p != '\0') {
|
||||
/* found a numeric suffix */
|
||||
has_ver = 1;
|
||||
/* assume that .so is either present or unneeded */
|
||||
has_so = 1;
|
||||
} else if (*p == '\0' && p >= modname + sizeof PAM_SOEXT &&
|
||||
strcmp(p - sizeof PAM_SOEXT + 1, PAM_SOEXT) == 0) {
|
||||
/* found .so suffix */
|
||||
has_so = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Complicated case: search for the module in the usual places.
|
||||
*/
|
||||
for (path = openpam_module_path; *path != NULL; ++path) {
|
||||
/*
|
||||
* Assemble the full path, including the version suffix. Take
|
||||
* note of where the suffix begins so we can cut it off later.
|
||||
*/
|
||||
if (has_ver)
|
||||
len = snprintf(modpath, sizeof modpath, "%s/%s%n",
|
||||
*path, modname, &dot);
|
||||
else if (has_so)
|
||||
len = snprintf(modpath, sizeof modpath, "%s/%s%n.%d",
|
||||
*path, modname, &dot, LIB_MAJ);
|
||||
else
|
||||
len = snprintf(modpath, sizeof modpath, "%s/%s%s%n.%d",
|
||||
*path, modname, PAM_SOEXT, &dot, LIB_MAJ);
|
||||
/* check for overflow */
|
||||
if (len < 0 || (unsigned int)len >= sizeof modpath) {
|
||||
errno = ENOENT;
|
||||
continue;
|
||||
}
|
||||
/* try the versioned path */
|
||||
if ((module = try_module(modpath)) != NULL)
|
||||
return (module);
|
||||
if (errno == ENOENT && modpath[dot] != '\0') {
|
||||
/* no luck, try the unversioned path */
|
||||
modpath[dot] = '\0';
|
||||
if ((module = try_module(modpath)) != NULL)
|
||||
return (module);
|
||||
}
|
||||
}
|
||||
|
||||
/* :( */
|
||||
return (NULL);
|
||||
}
|
||||
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -66,4 +63,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
|
|||
"Verify ownership and permissions of module files",
|
||||
1
|
||||
),
|
||||
STRUCT_OPENPAM_FEATURE(
|
||||
FALLBACK_TO_OTHER,
|
||||
"Fall back to \"other\" policy for empty chains",
|
||||
1
|
||||
),
|
||||
};
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_FEATURES_H_INCLUDED
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,14 +31,13 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
@ -59,12 +58,11 @@ openpam_findenv(pam_handle_t *pamh,
|
|||
int i;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNN(-1);
|
||||
for (i = 0; i < pamh->env_count; ++i)
|
||||
if (strncmp(pamh->env[i], name, len) == 0 &&
|
||||
pamh->env[i][len] == '=')
|
||||
RETURNN(i);
|
||||
errno = ENOENT;
|
||||
RETURNN(-1);
|
||||
}
|
||||
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -24,8 +23,6 @@
|
|||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -51,7 +48,7 @@ openpam_get_feature(int feature, int *onoff)
|
|||
|
||||
ENTERF(feature);
|
||||
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_FEATURE);
|
||||
*onoff = openpam_features[feature].onoff;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
|
@ -59,7 +56,7 @@ openpam_get_feature(int feature, int *onoff)
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_FEATURE
|
||||
*/
|
||||
|
||||
/**
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_IMPL_H_INCLUDED
|
||||
|
@ -122,19 +120,6 @@ struct pam_handle {
|
|||
int env_size;
|
||||
};
|
||||
|
||||
#ifdef NGROUPS_MAX
|
||||
/*
|
||||
* Saved credentials
|
||||
*/
|
||||
#define PAM_SAVED_CRED "pam_saved_cred"
|
||||
struct pam_saved_cred {
|
||||
uid_t euid;
|
||||
gid_t egid;
|
||||
gid_t groups[NGROUPS_MAX];
|
||||
int ngroups;
|
||||
};
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Default policy
|
||||
*/
|
||||
|
@ -143,19 +128,28 @@ struct pam_saved_cred {
|
|||
/*
|
||||
* Internal functions
|
||||
*/
|
||||
int openpam_configure(pam_handle_t *, const char *);
|
||||
int openpam_dispatch(pam_handle_t *, int, int);
|
||||
int openpam_findenv(pam_handle_t *, const char *, size_t);
|
||||
pam_module_t *openpam_load_module(const char *);
|
||||
void openpam_clear_chains(pam_chain_t **);
|
||||
int openpam_configure(pam_handle_t *, const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_dispatch(pam_handle_t *, int, int)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_findenv(pam_handle_t *, const char *, size_t)
|
||||
OPENPAM_NONNULL((1,2));
|
||||
pam_module_t *openpam_load_module(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
void openpam_clear_chains(pam_chain_t **)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
int openpam_check_desc_owner_perms(const char *, int);
|
||||
int openpam_check_path_owner_perms(const char *);
|
||||
int openpam_check_desc_owner_perms(const char *, int)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_check_path_owner_perms(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
#ifdef OPENPAM_STATIC_MODULES
|
||||
pam_module_t *openpam_static(const char *);
|
||||
pam_module_t *openpam_static(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
#endif
|
||||
pam_module_t *openpam_dynamic(const char *);
|
||||
pam_module_t *openpam_dynamic(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
#define FREE(p) \
|
||||
do { \
|
||||
|
@ -165,11 +159,11 @@ pam_module_t *openpam_dynamic(const char *);
|
|||
|
||||
#define FREEV(c, v) \
|
||||
do { \
|
||||
while (c) { \
|
||||
--(c); \
|
||||
FREE((v)[(c)]); \
|
||||
if ((v) != NULL) { \
|
||||
while ((c)-- > 0) \
|
||||
FREE((v)[(c)]); \
|
||||
FREE(v); \
|
||||
} \
|
||||
FREE(v); \
|
||||
} while (0)
|
||||
|
||||
#include "openpam_constants.h"
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2013 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -52,24 +50,24 @@
|
|||
*/
|
||||
|
||||
pam_module_t *
|
||||
openpam_load_module(const char *path)
|
||||
openpam_load_module(const char *modulename)
|
||||
{
|
||||
pam_module_t *module;
|
||||
|
||||
module = openpam_dynamic(path);
|
||||
module = openpam_dynamic(modulename);
|
||||
openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
|
||||
(module == NULL) ? "no" : "using", path);
|
||||
(module == NULL) ? "no" : "using", modulename);
|
||||
|
||||
#ifdef OPENPAM_STATIC_MODULES
|
||||
/* look for a static module */
|
||||
if (module == NULL && strchr(path, '/') == NULL) {
|
||||
module = openpam_static(path);
|
||||
if (module == NULL && strchr(modulename, '/') == NULL) {
|
||||
module = openpam_static(modulename);
|
||||
openpam_log(PAM_LOG_DEBUG, "%s static %s",
|
||||
(module == NULL) ? "no" : "using", path);
|
||||
(module == NULL) ? "no" : "using", modulename);
|
||||
}
|
||||
#endif
|
||||
if (module == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "no %s found", path);
|
||||
openpam_log(PAM_LOG_ERROR, "no %s found", modulename);
|
||||
return (NULL);
|
||||
}
|
||||
return (module);
|
||||
|
@ -84,6 +82,7 @@ openpam_load_module(const char *path)
|
|||
static void
|
||||
openpam_release_module(pam_module_t *module)
|
||||
{
|
||||
|
||||
if (module == NULL)
|
||||
return;
|
||||
if (module->dlh == NULL)
|
||||
|
@ -104,6 +103,7 @@ openpam_release_module(pam_module_t *module)
|
|||
static void
|
||||
openpam_destroy_chain(pam_chain_t *chain)
|
||||
{
|
||||
|
||||
if (chain == NULL)
|
||||
return;
|
||||
openpam_destroy_chain(chain->next);
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -48,12 +46,9 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_asprintf.h"
|
||||
|
||||
#ifdef OPENPAM_DEBUG
|
||||
int openpam_debug = 1;
|
||||
#else
|
||||
int openpam_debug = 0;
|
||||
#endif
|
||||
|
||||
#if !defined(openpam_log)
|
||||
|
||||
|
@ -68,6 +63,7 @@ openpam_log(int level, const char *fmt, ...)
|
|||
{
|
||||
va_list ap;
|
||||
int priority;
|
||||
int serrno;
|
||||
|
||||
switch (level) {
|
||||
case PAM_LOG_LIBDEBUG:
|
||||
|
@ -87,9 +83,11 @@ openpam_log(int level, const char *fmt, ...)
|
|||
priority = LOG_ERR;
|
||||
break;
|
||||
}
|
||||
serrno = errno;
|
||||
va_start(ap, fmt);
|
||||
vsyslog(priority, fmt, ap);
|
||||
va_end(ap);
|
||||
errno = serrno;
|
||||
}
|
||||
|
||||
#else
|
||||
|
@ -120,8 +118,8 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
|
|||
priority = LOG_ERR;
|
||||
break;
|
||||
}
|
||||
va_start(ap, fmt);
|
||||
serrno = errno;
|
||||
va_start(ap, fmt);
|
||||
if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
|
||||
errno = serrno;
|
||||
vsyslog(priority, format, ap);
|
||||
|
@ -131,6 +129,7 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
|
|||
vsyslog(priority, fmt, ap);
|
||||
}
|
||||
va_end(ap);
|
||||
errno = serrno;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -167,4 +166,6 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
|
|||
*
|
||||
* The remaining arguments are a =printf format string and the
|
||||
* corresponding arguments.
|
||||
*
|
||||
* The =openpam_log function does not modify the value of :errno.
|
||||
*/
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -31,15 +31,12 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
|
@ -62,11 +59,9 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
|
|||
size_t len, size;
|
||||
int ch;
|
||||
|
||||
if ((line = malloc(size = MIN_LINE_LENGTH)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
line = NULL;
|
||||
if (openpam_straddch(&line, &size, &len, 0) != 0)
|
||||
return (NULL);
|
||||
}
|
||||
len = 0;
|
||||
for (;;) {
|
||||
ch = fgetc(f);
|
||||
/* strip comment */
|
||||
|
@ -103,7 +98,6 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
|
|||
goto fail;
|
||||
if (lenp != NULL)
|
||||
*lenp = len;
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", line);
|
||||
return (line);
|
||||
fail:
|
||||
FREE(line);
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2016 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +57,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
wordvsize = MIN_WORDV_SIZE;
|
||||
wordvlen = 0;
|
||||
if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (NULL);
|
||||
}
|
||||
|
@ -71,7 +67,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
wordvsize *= 2;
|
||||
tmp = realloc(wordv, wordvsize * sizeof *wordv);
|
||||
if (tmp == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
break;
|
||||
}
|
||||
|
@ -80,6 +75,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
/* insert our word */
|
||||
wordv[wordvlen++] = word;
|
||||
wordv[wordvlen] = NULL;
|
||||
word = NULL;
|
||||
}
|
||||
if (errno != 0) {
|
||||
/* I/O error or out of memory */
|
||||
|
@ -87,6 +83,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
while (wordvlen--)
|
||||
free(wordv[wordvlen]);
|
||||
free(wordv);
|
||||
free(word);
|
||||
errno = serrno;
|
||||
return (NULL);
|
||||
}
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -56,18 +53,35 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
{
|
||||
char *word;
|
||||
size_t size, len;
|
||||
int ch, comment, escape, quote;
|
||||
int ch, escape, quote;
|
||||
int serrno;
|
||||
|
||||
errno = 0;
|
||||
|
||||
/* skip initial whitespace */
|
||||
comment = 0;
|
||||
while ((ch = getc(f)) != EOF && ch != '\n') {
|
||||
if (ch == '#')
|
||||
comment = 1;
|
||||
if (!is_lws(ch) && !comment)
|
||||
escape = quote = 0;
|
||||
while ((ch = getc(f)) != EOF) {
|
||||
if (ch == '\n') {
|
||||
/* either EOL or line continuation */
|
||||
if (!escape)
|
||||
break;
|
||||
if (lineno != NULL)
|
||||
++*lineno;
|
||||
escape = 0;
|
||||
} else if (escape) {
|
||||
/* escaped something else */
|
||||
break;
|
||||
} else if (ch == '#') {
|
||||
/* comment: until EOL, no continuation */
|
||||
while ((ch = getc(f)) != EOF)
|
||||
if (ch == '\n')
|
||||
break;
|
||||
break;
|
||||
} else if (ch == '\\') {
|
||||
escape = 1;
|
||||
} else if (!is_ws(ch)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ch == EOF)
|
||||
return (NULL);
|
||||
|
@ -77,7 +91,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
|
||||
word = NULL;
|
||||
size = len = 0;
|
||||
escape = quote = 0;
|
||||
while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
|
||||
if (ch == '\\' && !escape && quote != '\'') {
|
||||
/* escape next character */
|
||||
|
@ -86,17 +99,12 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
/* begin quote */
|
||||
quote = ch;
|
||||
/* edge case: empty quoted string */
|
||||
if (word == NULL && (word = malloc(1)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
if (openpam_straddch(&word, &size, &len, 0) != 0)
|
||||
return (NULL);
|
||||
}
|
||||
*word = '\0';
|
||||
size = 1;
|
||||
} else if (ch == quote && !escape) {
|
||||
/* end quote */
|
||||
quote = 0;
|
||||
} else if (ch == '\n' && escape && quote != '\'') {
|
||||
} else if (ch == '\n' && escape) {
|
||||
/* line continuation */
|
||||
escape = 0;
|
||||
} else {
|
||||
|
@ -124,7 +132,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
}
|
||||
if (ch == EOF && (escape || quote)) {
|
||||
/* Missing escaped character or closing quote. */
|
||||
openpam_log(PAM_LOG_ERROR, "unexpected end of file");
|
||||
free(word);
|
||||
errno = EINVAL;
|
||||
return (NULL);
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -50,6 +48,7 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_cred.h"
|
||||
|
||||
/*
|
||||
* OpenPAM extension
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -51,7 +48,7 @@ openpam_set_feature(int feature, int onoff)
|
|||
|
||||
ENTERF(feature);
|
||||
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_FEATURE);
|
||||
openpam_features[feature].onoff = onoff;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
|
@ -59,7 +56,7 @@ openpam_set_feature(int feature, int onoff)
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_FEATURE
|
||||
*/
|
||||
|
||||
/**
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -48,6 +46,7 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_asprintf.h"
|
||||
|
||||
/*
|
||||
* OpenPAM extension
|
||||
|
@ -84,6 +83,7 @@ openpam_set_option(pam_handle_t *pamh,
|
|||
for (free(cur->optv[i]); i < cur->optc; ++i)
|
||||
cur->optv[i] = cur->optv[i + 1];
|
||||
cur->optv[i] = NULL;
|
||||
--cur->optc;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0)
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -59,26 +56,26 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
|
|||
/* initial allocation */
|
||||
tmpsize = MIN_STR_SIZE;
|
||||
if ((tmpstr = malloc(tmpsize)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
*str = tmpstr;
|
||||
*size = tmpsize;
|
||||
*len = 0;
|
||||
} else if (*len + 1 >= *size) {
|
||||
} else if (ch != 0 && *len + 1 >= *size) {
|
||||
/* additional space required */
|
||||
tmpsize = *size * 2;
|
||||
if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "realloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
*size = tmpsize;
|
||||
*str = tmpstr;
|
||||
}
|
||||
(*str)[*len] = ch;
|
||||
++*len;
|
||||
if (ch != 0) {
|
||||
(*str)[*len] = ch;
|
||||
++*len;
|
||||
}
|
||||
(*str)[*len] = '\0';
|
||||
return (0);
|
||||
}
|
||||
|
@ -95,6 +92,11 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
|
|||
* The =size and =len argument point to variables used to hold the size
|
||||
* of the buffer and the length of the string it contains, respectively.
|
||||
*
|
||||
* The final argument, =ch, is the character that should be appended to
|
||||
* the string. If =ch is 0, nothing is appended, but a new buffer is
|
||||
* still allocated if =str is NULL. This can be used to "bootstrap" the
|
||||
* string.
|
||||
*
|
||||
* If a new buffer is allocated or an existing buffer is reallocated to
|
||||
* make room for the additional character, =str and =size are updated
|
||||
* accordingly.
|
||||
|
@ -103,7 +105,7 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
|
|||
* NUL-terminated.
|
||||
*
|
||||
* If the =openpam_straddch function is successful, it increments the
|
||||
* integer variable pointed to by =len and returns 0.
|
||||
* integer variable pointed to by =len (unless =ch was 0) and returns 0.
|
||||
* Otherwise, it leaves the variables pointed to by =str, =size and =len
|
||||
* unmodified, sets :errno to =ENOMEM and returns -1.
|
||||
*
|
|
@ -0,0 +1,56 @@
|
|||
/*-
|
||||
* Copyright (c) 2011-2012 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCAT
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#include "openpam_strlcat.h"
|
||||
|
||||
/* like strcat(3), but always NUL-terminates; returns strlen(src) */
|
||||
size_t
|
||||
openpam_strlcat(char *dst, const char *src, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
for (len = 0; *dst && size > 1; ++len, --size)
|
||||
dst++;
|
||||
for (; *src && size > 1; ++len, --size)
|
||||
*dst++ = *src++;
|
||||
*dst = '\0';
|
||||
while (*src)
|
||||
++len, ++src;
|
||||
return (len);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,29 +25,15 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCAT_H_INCLUDED
|
||||
#define OPENPAM_STRLCAT_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_STRLCAT
|
||||
/* like strcat(3), but always NUL-terminates; returns strlen(src) */
|
||||
static size_t
|
||||
strlcat(char *dst, const char *src, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
for (len = 0; *dst && size > 1; ++len, --size)
|
||||
dst++;
|
||||
for (; *src && size > 1; ++len, --size)
|
||||
*dst++ = *src++;
|
||||
*dst = '\0';
|
||||
while (*src)
|
||||
++len, ++src;
|
||||
return (len);
|
||||
}
|
||||
size_t openpam_strlcat(char *, const char *, size_t);
|
||||
#undef strlcat
|
||||
#define strlcat(arg, ...) openpam_strlcat(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCMP_H_INCLUDED
|
|
@ -0,0 +1,54 @@
|
|||
/*-
|
||||
* Copyright (c) 2011-2012 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCPY
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#include "openpam_strlcpy.h"
|
||||
|
||||
/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
|
||||
size_t
|
||||
openpam_strlcpy(char *dst, const char *src, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
for (len = 0; *src && size > 1; ++len, --size)
|
||||
*dst++ = *src++;
|
||||
*dst = '\0';
|
||||
while (*src)
|
||||
++len, ++src;
|
||||
return (len);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -6,8 +6,7 @@
|
|||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,27 +25,15 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCPY_H_INCLUDED
|
||||
#define OPENPAM_STRLCPY_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_STRLCPY
|
||||
/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
|
||||
static size_t
|
||||
strlcpy(char *dst, const char *src, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
for (len = 0; *src && size > 1; ++len, --size)
|
||||
*dst++ = *src++;
|
||||
*dst = '\0';
|
||||
while (*src)
|
||||
++len, ++src;
|
||||
return (len);
|
||||
}
|
||||
size_t openpam_strlcpy(char *, const char *, size_t);
|
||||
#undef strlcpy
|
||||
#define strlcpy(arg, ...) openpam_strlcpy(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,56 @@
|
|||
/*-
|
||||
* Copyright (c) 2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLSET
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
/*
|
||||
* like memset(3), but stops at the first NUL byte and NUL-terminates the
|
||||
* result. Returns the number of bytes that were written, not including
|
||||
* the terminating NUL.
|
||||
*/
|
||||
size_t
|
||||
openpam_strlset(char *str, int ch, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
for (len = 0; *str && size > 1; ++len, --size)
|
||||
*str++ = ch;
|
||||
*str = '\0';
|
||||
return (++len);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -0,0 +1,39 @@
|
|||
/*-
|
||||
* Copyright (c) 2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLSET_H_INCLUDED
|
||||
#define OPENPAM_STRLSET_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_STRLSET
|
||||
size_t openpam_strlset(char *, int, size_t);
|
||||
#undef strlset
|
||||
#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,13 +1,12 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer
|
||||
* in this position and unchanged.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
|
@ -26,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -107,7 +104,8 @@ openpam_subst(const pam_handle_t *pamh,
|
|||
subst_char('%');
|
||||
subst_char(*template);
|
||||
}
|
||||
++template;
|
||||
if (*template)
|
||||
++template;
|
||||
} else {
|
||||
subst_char(*template++);
|
||||
}
|
|
@ -0,0 +1,400 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
* Network Associates Laboratories, the Security Research Division of
|
||||
* Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
|
||||
* ("CBOSS"), as part of the DARPA CHATS research program.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/poll.h>
|
||||
#include <sys/time.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <termios.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
int openpam_ttyconv_timeout = 0;
|
||||
|
||||
static volatile sig_atomic_t caught_signal;
|
||||
|
||||
/*
|
||||
* Handle incoming signals during tty conversation
|
||||
*/
|
||||
static void
|
||||
catch_signal(int signo)
|
||||
{
|
||||
|
||||
switch (signo) {
|
||||
case SIGINT:
|
||||
case SIGQUIT:
|
||||
case SIGTERM:
|
||||
caught_signal = signo;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Accept a response from the user on a tty
|
||||
*/
|
||||
static int
|
||||
prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
|
||||
{
|
||||
struct sigaction action;
|
||||
struct sigaction saction_sigint, saction_sigquit, saction_sigterm;
|
||||
struct termios tcattr;
|
||||
struct timeval now, target, remaining;
|
||||
int remaining_ms;
|
||||
tcflag_t slflag;
|
||||
struct pollfd pfd;
|
||||
int serrno;
|
||||
int pos, ret;
|
||||
char ch;
|
||||
|
||||
/* turn echo off if requested */
|
||||
slflag = 0; /* prevent bogus uninitialized variable warning */
|
||||
if (!echo) {
|
||||
if (tcgetattr(ifd, &tcattr) != 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m");
|
||||
return (-1);
|
||||
}
|
||||
slflag = tcattr.c_lflag;
|
||||
tcattr.c_lflag &= ~ECHO;
|
||||
if (tcsetattr(ifd, TCSAFLUSH, &tcattr) != 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m");
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/* write prompt */
|
||||
if (write(ofd, message, strlen(message)) < 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "write(): %m");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* install signal handlers */
|
||||
caught_signal = 0;
|
||||
action.sa_handler = &catch_signal;
|
||||
action.sa_flags = 0;
|
||||
sigfillset(&action.sa_mask);
|
||||
sigaction(SIGINT, &action, &saction_sigint);
|
||||
sigaction(SIGQUIT, &action, &saction_sigquit);
|
||||
sigaction(SIGTERM, &action, &saction_sigterm);
|
||||
|
||||
/* compute timeout */
|
||||
if (openpam_ttyconv_timeout > 0) {
|
||||
(void)gettimeofday(&now, NULL);
|
||||
remaining.tv_sec = openpam_ttyconv_timeout;
|
||||
remaining.tv_usec = 0;
|
||||
timeradd(&now, &remaining, &target);
|
||||
} else {
|
||||
/* prevent bogus uninitialized variable warning */
|
||||
now.tv_sec = now.tv_usec = 0;
|
||||
remaining.tv_sec = remaining.tv_usec = 0;
|
||||
target.tv_sec = target.tv_usec = 0;
|
||||
}
|
||||
|
||||
/* input loop */
|
||||
pos = 0;
|
||||
ret = -1;
|
||||
serrno = 0;
|
||||
while (!caught_signal) {
|
||||
pfd.fd = ifd;
|
||||
pfd.events = POLLIN;
|
||||
pfd.revents = 0;
|
||||
if (openpam_ttyconv_timeout > 0) {
|
||||
gettimeofday(&now, NULL);
|
||||
if (timercmp(&now, &target, >))
|
||||
break;
|
||||
timersub(&target, &now, &remaining);
|
||||
remaining_ms = remaining.tv_sec * 1000 +
|
||||
remaining.tv_usec / 1000;
|
||||
} else {
|
||||
remaining_ms = -1;
|
||||
}
|
||||
if ((ret = poll(&pfd, 1, remaining_ms)) < 0) {
|
||||
serrno = errno;
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
openpam_log(PAM_LOG_ERROR, "poll(): %m");
|
||||
break;
|
||||
} else if (ret == 0) {
|
||||
/* timeout */
|
||||
write(ofd, " timed out", 10);
|
||||
openpam_log(PAM_LOG_NOTICE, "timed out");
|
||||
break;
|
||||
}
|
||||
if ((ret = read(ifd, &ch, 1)) < 0) {
|
||||
serrno = errno;
|
||||
openpam_log(PAM_LOG_ERROR, "read(): %m");
|
||||
break;
|
||||
} else if (ret == 0 || ch == '\n') {
|
||||
response[pos] = '\0';
|
||||
ret = pos;
|
||||
break;
|
||||
}
|
||||
if (pos + 1 < PAM_MAX_RESP_SIZE)
|
||||
response[pos++] = ch;
|
||||
/* overflow is discarded */
|
||||
}
|
||||
|
||||
/* restore tty state */
|
||||
if (!echo) {
|
||||
tcattr.c_lflag = slflag;
|
||||
if (tcsetattr(ifd, 0, &tcattr) != 0) {
|
||||
/* treat as non-fatal, since we have our answer */
|
||||
openpam_log(PAM_LOG_NOTICE, "tcsetattr(): %m");
|
||||
}
|
||||
}
|
||||
|
||||
/* restore signal handlers and re-post caught signal*/
|
||||
sigaction(SIGINT, &saction_sigint, NULL);
|
||||
sigaction(SIGQUIT, &saction_sigquit, NULL);
|
||||
sigaction(SIGTERM, &saction_sigterm, NULL);
|
||||
if (caught_signal != 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "caught signal %d",
|
||||
(int)caught_signal);
|
||||
raise((int)caught_signal);
|
||||
/* if raise() had no effect... */
|
||||
serrno = EINTR;
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
/* done */
|
||||
write(ofd, "\n", 1);
|
||||
errno = serrno;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Accept a response from the user on a non-tty stdin.
|
||||
*/
|
||||
static int
|
||||
prompt_notty(const char *message, char *response)
|
||||
{
|
||||
struct timeval now, target, remaining;
|
||||
int remaining_ms;
|
||||
struct pollfd pfd;
|
||||
int ch, pos, ret;
|
||||
|
||||
/* show prompt */
|
||||
fputs(message, stdout);
|
||||
fflush(stdout);
|
||||
|
||||
/* compute timeout */
|
||||
if (openpam_ttyconv_timeout > 0) {
|
||||
(void)gettimeofday(&now, NULL);
|
||||
remaining.tv_sec = openpam_ttyconv_timeout;
|
||||
remaining.tv_usec = 0;
|
||||
timeradd(&now, &remaining, &target);
|
||||
} else {
|
||||
/* prevent bogus uninitialized variable warning */
|
||||
now.tv_sec = now.tv_usec = 0;
|
||||
remaining.tv_sec = remaining.tv_usec = 0;
|
||||
target.tv_sec = target.tv_usec = 0;
|
||||
}
|
||||
|
||||
/* input loop */
|
||||
pos = 0;
|
||||
for (;;) {
|
||||
pfd.fd = STDIN_FILENO;
|
||||
pfd.events = POLLIN;
|
||||
pfd.revents = 0;
|
||||
if (openpam_ttyconv_timeout > 0) {
|
||||
gettimeofday(&now, NULL);
|
||||
if (timercmp(&now, &target, >))
|
||||
break;
|
||||
timersub(&target, &now, &remaining);
|
||||
remaining_ms = remaining.tv_sec * 1000 +
|
||||
remaining.tv_usec / 1000;
|
||||
} else {
|
||||
remaining_ms = -1;
|
||||
}
|
||||
if ((ret = poll(&pfd, 1, remaining_ms)) < 0) {
|
||||
/* interrupt is ok, everything else -> bail */
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
perror("\nopenpam_ttyconv");
|
||||
return (-1);
|
||||
} else if (ret == 0) {
|
||||
/* timeout */
|
||||
break;
|
||||
} else {
|
||||
/* input */
|
||||
if ((ch = getchar()) == EOF && ferror(stdin)) {
|
||||
perror("\nopenpam_ttyconv");
|
||||
return (-1);
|
||||
}
|
||||
if (ch == EOF || ch == '\n') {
|
||||
response[pos] = '\0';
|
||||
return (pos);
|
||||
}
|
||||
if (pos + 1 < PAM_MAX_RESP_SIZE)
|
||||
response[pos++] = ch;
|
||||
/* overflow is discarded */
|
||||
}
|
||||
}
|
||||
fputs("\nopenpam_ttyconv: timeout\n", stderr);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine whether stdin is a tty; if not, try to open the tty; in
|
||||
* either case, call the appropriate method.
|
||||
*/
|
||||
static int
|
||||
prompt(const char *message, char *response, int echo)
|
||||
{
|
||||
int ifd, ofd, ret;
|
||||
|
||||
if (isatty(STDIN_FILENO)) {
|
||||
fflush(stdout);
|
||||
#ifdef HAVE_FPURGE
|
||||
fpurge(stdin);
|
||||
#endif
|
||||
ifd = STDIN_FILENO;
|
||||
ofd = STDOUT_FILENO;
|
||||
} else {
|
||||
if ((ifd = open("/dev/tty", O_RDWR)) < 0)
|
||||
/* no way to prevent echo */
|
||||
return (prompt_notty(message, response));
|
||||
ofd = ifd;
|
||||
}
|
||||
ret = prompt_tty(ifd, ofd, message, response, echo);
|
||||
if (ifd != STDIN_FILENO)
|
||||
close(ifd);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* OpenPAM extension
|
||||
*
|
||||
* Simple tty-based conversation function
|
||||
*/
|
||||
|
||||
int
|
||||
openpam_ttyconv(int n,
|
||||
const struct pam_message **msg,
|
||||
struct pam_response **resp,
|
||||
void *data)
|
||||
{
|
||||
char respbuf[PAM_MAX_RESP_SIZE];
|
||||
struct pam_response *aresp;
|
||||
int i;
|
||||
|
||||
ENTER();
|
||||
(void)data;
|
||||
if (n <= 0 || n > PAM_MAX_NUM_MSG)
|
||||
RETURNC(PAM_CONV_ERR);
|
||||
if ((aresp = calloc(n, sizeof *aresp)) == NULL)
|
||||
RETURNC(PAM_BUF_ERR);
|
||||
for (i = 0; i < n; ++i) {
|
||||
aresp[i].resp_retcode = 0;
|
||||
aresp[i].resp = NULL;
|
||||
switch (msg[i]->msg_style) {
|
||||
case PAM_PROMPT_ECHO_OFF:
|
||||
if (prompt(msg[i]->msg, respbuf, 0) < 0 ||
|
||||
(aresp[i].resp = strdup(respbuf)) == NULL)
|
||||
goto fail;
|
||||
break;
|
||||
case PAM_PROMPT_ECHO_ON:
|
||||
if (prompt(msg[i]->msg, respbuf, 1) < 0 ||
|
||||
(aresp[i].resp = strdup(respbuf)) == NULL)
|
||||
goto fail;
|
||||
break;
|
||||
case PAM_ERROR_MSG:
|
||||
fputs(msg[i]->msg, stderr);
|
||||
if (strlen(msg[i]->msg) > 0 &&
|
||||
msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
|
||||
fputc('\n', stderr);
|
||||
break;
|
||||
case PAM_TEXT_INFO:
|
||||
fputs(msg[i]->msg, stdout);
|
||||
if (strlen(msg[i]->msg) > 0 &&
|
||||
msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
|
||||
fputc('\n', stdout);
|
||||
break;
|
||||
default:
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
*resp = aresp;
|
||||
memset(respbuf, 0, sizeof respbuf);
|
||||
RETURNC(PAM_SUCCESS);
|
||||
fail:
|
||||
for (i = 0; i < n; ++i) {
|
||||
if (aresp[i].resp != NULL) {
|
||||
strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(aresp[i].resp);
|
||||
}
|
||||
}
|
||||
memset(aresp, 0, n * sizeof *aresp);
|
||||
FREE(aresp);
|
||||
*resp = NULL;
|
||||
memset(respbuf, 0, sizeof respbuf);
|
||||
RETURNC(PAM_CONV_ERR);
|
||||
}
|
||||
|
||||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_BUF_ERR
|
||||
* PAM_CONV_ERR
|
||||
*/
|
||||
|
||||
/**
|
||||
* The =openpam_ttyconv function is a standard conversation function
|
||||
* suitable for use on TTY devices.
|
||||
* It should be adequate for the needs of most text-based interactive
|
||||
* programs.
|
||||
*
|
||||
* The =openpam_ttyconv function allows the application to specify a
|
||||
* timeout for user input by setting the global integer variable
|
||||
* :openpam_ttyconv_timeout to the length of the timeout in seconds.
|
||||
*
|
||||
* >openpam_nullconv
|
||||
* >pam_prompt
|
||||
* >pam_vprompt
|
||||
*/
|
|
@ -0,0 +1,58 @@
|
|||
/*-
|
||||
* Copyright (c) 2011-2012 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_VASPRINTF
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "openpam_vasprintf.h"
|
||||
|
||||
/* like vsprintf(3), but allocates memory for the result. */
|
||||
int
|
||||
openpam_vasprintf(char **str, const char *fmt, va_list ap)
|
||||
{
|
||||
va_list apcopy;
|
||||
int len, ret;
|
||||
|
||||
va_copy(apcopy, ap);
|
||||
len = vsnprintf(NULL, 0, fmt, ap);
|
||||
if ((*str = malloc(len + 1)) == NULL)
|
||||
return (-1);
|
||||
ret = vsnprintf(*str, len + 1, fmt, apcopy);
|
||||
va_end(apcopy);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -0,0 +1,39 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_VASPRINTF_H_INCLUDED
|
||||
#define OPENPAM_VASPRINTF_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_VASPRINTF
|
||||
int openpam_vasprintf(char **, const char *, va_list);
|
||||
#undef vasprintf
|
||||
#define vasprintf(arg, ...) openpam_vasprintf(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags);
|
||||
pam_set_item(pamh, PAM_AUTHTOK, NULL);
|
||||
RETURNC(r);
|
||||
|
@ -72,7 +70,7 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_authenticate
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -92,5 +90,5 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
* Fail if the user's authentication token is null.
|
||||
*
|
||||
* If any other bits are set, =pam_authenticate will return
|
||||
* =PAM_SYMBOL_ERR.
|
||||
* =PAM_BAD_CONSTANT.
|
||||
*/
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
|
||||
flags | PAM_PRELIM_CHECK);
|
||||
if (r == PAM_SUCCESS)
|
||||
|
@ -77,7 +75,7 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_chauthtok
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -93,5 +91,5 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
* =PAM_CHANGE_EXPIRED_AUTHTOK:
|
||||
* Change only those authentication tokens that have expired.
|
||||
*
|
||||
* If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
|
||||
* If any other bits are set, =pam_chauthtok will return =PAM_BAD_CONSTANT.
|
||||
*/
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_close_session(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags);
|
||||
RETURNC(r);
|
||||
}
|
||||
|
@ -71,7 +69,7 @@ pam_close_session(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_close_session
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -85,5 +83,5 @@ pam_close_session(pam_handle_t *pamh,
|
|||
* Do not emit any messages.
|
||||
*
|
||||
* If any other bits are set, =pam_close_session will return
|
||||
* =PAM_SYMBOL_ERR.
|
||||
* =PAM_BAD_CONSTANT.
|
||||
*/
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -61,7 +59,7 @@ pam_end(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
RETURNC(PAM_BAD_HANDLE);
|
||||
|
||||
/* clear module data */
|
||||
while ((dp = pamh->module_data) != NULL) {
|
||||
|
@ -94,7 +92,7 @@ pam_end(pam_handle_t *pamh,
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_BAD_HANDLE
|
||||
*/
|
||||
|
||||
/**
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -48,6 +46,7 @@
|
|||
#include <security/openpam.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
static const char authtok_prompt[] = "Password:";
|
||||
static const char authtok_prompt_remote[] = "Password for %u@%h:";
|
||||
|
@ -75,8 +74,6 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
int pitem, r, style, twice;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL || authtok == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
*authtok = NULL;
|
||||
twice = 0;
|
||||
switch (item) {
|
||||
|
@ -105,7 +102,7 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
twice = 0;
|
||||
break;
|
||||
default:
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
}
|
||||
if (openpam_get_option(pamh, "try_first_pass") ||
|
||||
openpam_get_option(pamh, "use_first_pass")) {
|
||||
|
@ -113,17 +110,19 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
if (r == PAM_SUCCESS && prevauthtok != NULL) {
|
||||
*authtok = prevauthtok;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
else if (openpam_get_option(pamh, "use_first_pass"))
|
||||
} else if (openpam_get_option(pamh, "use_first_pass")) {
|
||||
RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
|
||||
}
|
||||
}
|
||||
/* pam policy overrides the module's choice */
|
||||
if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
|
||||
prompt = promptp;
|
||||
/* no prompt provided, see if there is one tucked away somewhere */
|
||||
if (prompt == NULL)
|
||||
if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
|
||||
if (prompt == NULL) {
|
||||
r = pam_get_item(pamh, pitem, &promptp);
|
||||
if (r == PAM_SUCCESS && promptp != NULL)
|
||||
prompt = promptp;
|
||||
}
|
||||
/* fall back to hardcoded default */
|
||||
if (prompt == NULL)
|
||||
prompt = default_prompt;
|
||||
|
@ -140,16 +139,21 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
if (twice) {
|
||||
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
|
||||
if (r != PAM_SUCCESS) {
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
RETURNC(r);
|
||||
}
|
||||
if (strcmp(resp, resp2) != 0)
|
||||
if (strcmp(resp, resp2) != 0) {
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
}
|
||||
strlset(resp2, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp2);
|
||||
}
|
||||
if (resp == NULL)
|
||||
RETURNC(PAM_TRY_AGAIN);
|
||||
r = pam_set_item(pamh, item, resp);
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
if (r != PAM_SUCCESS)
|
||||
RETURNC(r);
|
||||
|
@ -164,14 +168,17 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
* =pam_prompt
|
||||
* =pam_set_item
|
||||
* !PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
* PAM_TRY_AGAIN
|
||||
*/
|
||||
|
||||
/**
|
||||
* The =pam_get_authtok function returns the cached authentication token,
|
||||
* or prompts the user if no token is currently cached.
|
||||
* The =pam_get_authtok function either prompts the user for an
|
||||
* authentication token or retrieves a cached authentication token,
|
||||
* depending on circumstances.
|
||||
* Either way, a pointer to the authentication token is stored in the
|
||||
* location pointed to by the =authtok argument.
|
||||
* location pointed to by the =authtok argument, and the corresponding PAM
|
||||
* item is updated.
|
||||
*
|
||||
* The =item argument must have one of the following values:
|
||||
*
|
||||
|
@ -186,20 +193,47 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
* If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item,
|
||||
* as appropriate, will be used.
|
||||
* If that item is also =NULL, a hardcoded default prompt will be used.
|
||||
* Either way, the prompt is expanded using =openpam_subst before it is
|
||||
* passed to the conversation function.
|
||||
*
|
||||
* If =pam_get_authtok is called from a module and the ;authtok_prompt /
|
||||
* ;oldauthtok_prompt option is set in the policy file, the value of that
|
||||
* option takes precedence over both the =prompt argument and the
|
||||
* =PAM_AUTHTOK_PROMPT / =PAM_OLDAUTHTOK_PROMPT item.
|
||||
* Additionally, when =pam_get_authtok is called from a service module,
|
||||
* the prompt may be affected by module options as described below.
|
||||
* The prompt is then expanded using =openpam_subst before it is passed to
|
||||
* the conversation function.
|
||||
*
|
||||
* If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
|
||||
* item, =pam_get_authtok will ask the user to confirm the new token by
|
||||
* retyping it.
|
||||
* If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN.
|
||||
*
|
||||
* MODULE OPTIONS
|
||||
*
|
||||
* When called by a service module, =pam_get_authtok will recognize the
|
||||
* following module options:
|
||||
*
|
||||
* ;authtok_prompt:
|
||||
* Prompt to use when =item is set to =PAM_AUTHTOK.
|
||||
* This option overrides both the =prompt argument and the
|
||||
* =PAM_AUTHTOK_PROMPT item.
|
||||
* ;echo_pass:
|
||||
* If the application's conversation function allows it, this
|
||||
* lets the user see what they are typing.
|
||||
* This should only be used for non-reusable authentication
|
||||
* tokens.
|
||||
* ;oldauthtok_prompt:
|
||||
* Prompt to use when =item is set to =PAM_OLDAUTHTOK.
|
||||
* This option overrides both the =prompt argument and the
|
||||
* =PAM_OLDAUTHTOK_PROMPT item.
|
||||
* ;try_first_pass:
|
||||
* If the requested item is non-null, return it without
|
||||
* prompting the user.
|
||||
* Typically, the service module will verify the token, and
|
||||
* if it does not match, clear the item before calling
|
||||
* =pam_get_authtok a second time.
|
||||
* ;use_first_pass:
|
||||
* Do not prompt the user at all; just return the cached
|
||||
* value, or =PAM_AUTH_ERR if there is none.
|
||||
*
|
||||
* >pam_conv
|
||||
* >pam_get_item
|
||||
* >pam_get_user
|
||||
* >openpam_get_option
|
||||
* >openpam_subst
|
||||
*/
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,8 +58,6 @@ pam_get_data(const pam_handle_t *pamh,
|
|||
pam_data_t *dp;
|
||||
|
||||
ENTERS(module_data_name);
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
|
||||
if (strcmp(dp->name, module_data_name) == 0) {
|
||||
*data = (void *)dp->data;
|
||||
|
@ -74,7 +70,6 @@ pam_get_data(const pam_handle_t *pamh,
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_NO_MODULE_DATA
|
||||
*/
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -59,8 +57,6 @@ pam_get_item(const pam_handle_t *pamh,
|
|||
{
|
||||
|
||||
ENTERI(item_type);
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
switch (item_type) {
|
||||
case PAM_SERVICE:
|
||||
case PAM_USER:
|
||||
|
@ -78,15 +74,14 @@ pam_get_item(const pam_handle_t *pamh,
|
|||
*item = pamh->item[item_type];
|
||||
RETURNC(PAM_SUCCESS);
|
||||
default:
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_ITEM);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_BAD_ITEM
|
||||
*/
|
||||
|
||||
/**
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue