Compare commits
203 commits
openpam-20
...
main
Author | SHA1 | Date | |
---|---|---|---|
d61017e615 | |||
41eb8b9f02 | |||
7da86c0c62 | |||
4b2e3c92df | |||
cc0d61260e | |||
f1871a7d9f | |||
eed614622f | |||
29e80880cc | |||
64edbc294d | |||
1d9c829c40 | |||
ef5e67748c | |||
05bd3febc0 | |||
a967883b9c | |||
e0e3406a78 | |||
6bf8cb1753 | |||
bb68996306 | |||
9bdf428c5a | |||
1dce53245b | |||
251dac8e4a | |||
a501f2af85 | |||
9cd25f7e7d | |||
d061313188 | |||
eefae6d5ef | |||
919a1250d4 | |||
ddb34ad671 | |||
4876ee459d | |||
105d392c57 | |||
29c7f93598 | |||
0f7f351a10 | |||
c87aee7c52 | |||
07daaf4bb2 | |||
3ebfd11150 | |||
e7f32a97b0 | |||
812256e9d1 | |||
25bcbd2652 | |||
a823b423ca | |||
890bea99e0 | |||
05afeb7a29 | |||
f5a12fb24e | |||
d9e44d146f | |||
2f340d61b5 | |||
82935b7d7a | |||
1e09705bd7 | |||
c5a320988e | |||
e936857588 | |||
a18c87672e | |||
23cdf95099 | |||
3112c53799 | |||
adb7175c42 | |||
c75883564d | |||
3699596d18 | |||
da26321ba8 | |||
26fbccde77 | |||
b6605f9267 | |||
aa6768d765 | |||
c371da364c | |||
4a77e993a9 | |||
d040ae3d29 | |||
b1895baa2d | |||
ddfa63ca38 | |||
41a50e0c57 | |||
9ff1a454ce | |||
310b5ee125 | |||
a38c5db91b | |||
f82c90afb6 | |||
4e92aa7e24 | |||
5b83650c3d | |||
e89fab019e | |||
d4aad88c97 | |||
17c3fff539 | |||
f78c2be225 | |||
b3cd4386fa | |||
d30df17f67 | |||
b149f4beed | |||
4a9cae719e | |||
75781c2e7c | |||
37b1f12e58 | |||
4ee61ea341 | |||
a1e8de164e | |||
38c6ca93b2 | |||
d84d7367fe | |||
653950434c | |||
bf92462945 | |||
34ef29ccf8 | |||
737e1bef50 | |||
a1f83b0b30 | |||
ce014fab92 | |||
563ac2d4bb | |||
8a2e3ce9b6 | |||
00fb76245a | |||
1cffa76b4f | |||
cec8549503 | |||
e959d8c160 | |||
2f686b73cb | |||
c7a5aa489f | |||
e84c236ee9 | |||
8988b9122e | |||
da2c1e7120 | |||
753721df82 | |||
d130c0ec09 | |||
fc5eeb8fd9 | |||
f3fda3d07a | |||
4b2bc748fd | |||
273bae0b16 | |||
16ae1d5b87 | |||
1e3740645e | |||
ac54af0d69 | |||
385dfb33cb | |||
37baf24e77 | |||
7ce556ed8d | |||
e6dc9378f7 | |||
e956efb61f | |||
9c55e81bbb | |||
e5b05552fc | |||
ce08052f96 | |||
2c148271ae | |||
623d9e7b2f | |||
561cd87dbe | |||
8ad7aa9039 | |||
37ff7929a0 | |||
5c8ea43402 | |||
b94f9e7ce7 | |||
6846134790 | |||
1450290a72 | |||
95a55b95cf | |||
2ae3b8b727 | |||
547794d58e | |||
69b1a97268 | |||
131aba915f | |||
548c44573c | |||
05630b94be | |||
57429ccc0e | |||
7dbd5c38b7 | |||
1efe822057 | |||
b61b6f9c74 | |||
e58f05403e | |||
4614107c94 | |||
f7e8328354 | |||
14d31b83e8 | |||
a4ff6191f7 | |||
925436a04f | |||
078ac6bb4a | |||
6722d714f5 | |||
38622bad18 | |||
ebdefa45ca | |||
7914208b2d | |||
9853f0d8d5 | |||
6243755aa2 | |||
5d59548018 | |||
6c087dd523 | |||
2efb7c4b01 | |||
75a6073d2c | |||
d60017fe80 | |||
183cc6d511 | |||
c5265319ff | |||
01809a1b48 | |||
17144e7a5f | |||
4645bc1762 | |||
576e1e6b1c | |||
56f7cf21f5 | |||
03207fcd61 | |||
3dab19018f | |||
9f84c11072 | |||
46df1b1050 | |||
5fadc4abb8 | |||
c7457cff15 | |||
58921adbab | |||
9e9207fd5d | |||
3d0d4da447 | |||
aec3988b2f | |||
59313f56a4 | |||
e8cd86aade | |||
11a8c730d2 | |||
9c592d628c | |||
aa338bce81 | |||
df95e0530d | |||
d68deb210c | |||
d9f3164b53 | |||
e2375b0d73 | |||
7b4ce30d8e | |||
cf0612ac98 | |||
914a5b3708 | |||
4dbe28d092 | |||
2e6439e932 | |||
8568521d18 | |||
3bc114befa | |||
7eacdef3fd | |||
d4f3382050 | |||
ac8841d2bd | |||
0446934acb | |||
2cc13d4b85 | |||
e565eb6258 | |||
3b992508b8 | |||
01d54c2924 | |||
df82cbb560 | |||
d216fb463e | |||
95539e42cf | |||
84543123ea | |||
3b1c7851e6 | |||
56dd3d8d03 | |||
10e70f48b8 | |||
f69d77aaed | |||
1b1f9c46e4 |
30
.gitignore
vendored
Normal file
30
.gitignore
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
/aclocal.m4
|
||||
/autom4te.cache
|
||||
/compile
|
||||
/config.guess
|
||||
/config.h.in
|
||||
/config.h
|
||||
/config.log
|
||||
/config.status
|
||||
/config.sub
|
||||
/configure
|
||||
/cov
|
||||
/depcomp
|
||||
/install-sh
|
||||
/libtool
|
||||
/ltmain.sh
|
||||
/missing
|
||||
/stamp-h1
|
||||
/test-driver
|
||||
*~
|
||||
.deps
|
||||
.libs
|
||||
*.a
|
||||
*.la
|
||||
*.lo
|
||||
*.log
|
||||
*.o
|
||||
*.pc
|
||||
*.profraw
|
||||
Makefile
|
||||
Makefile.in
|
14
CREDITS
14
CREDITS
|
@ -15,23 +15,28 @@ directly or indirectly, with patches, criticism, suggestions, or
|
|||
ideas:
|
||||
|
||||
Andrew Morgan <morgan@transmeta.com>
|
||||
Ankita Pal <pal.ankita.ankita@gmail.com>
|
||||
Baptiste Daroussin <bapt@freebsd.org>
|
||||
Brian Fundakowski Feldman <green@freebsd.org>
|
||||
Brooks Davis <brooks@freebsd.org>
|
||||
Christos Zoulas <christos@netbsd.org>
|
||||
Daniel Richard G. <skunk@iskunk.org>
|
||||
Darren J. Moffat <darren.moffat@sun.com>
|
||||
Dimitry Andric <dim@freebsd.org>
|
||||
Dmitry V. Levin <ldv@altlinux.org>
|
||||
Don Lewis <truckman@freebsd.org>
|
||||
Emmanuel Dreyfus <manu@netbsd.org>
|
||||
Eric Melville <eric@freebsd.org>
|
||||
Espen Grøndahl <espegro@usit.uio.no>
|
||||
Gary Winiger <gary.winiger@sun.com>
|
||||
Gavin Atkinson <gavin@freebsd.org>
|
||||
Gleb Smirnoff <glebius@freebsd.org>
|
||||
Hubert Feyrer <hubert@feyrer.de>
|
||||
Jason Evans <jasone@freebsd.org>
|
||||
Joe Marcus Clarke <marcus@freebsd.org>
|
||||
Juli Mallett <jmallett@freebsd.org>
|
||||
Ankita Pal <pal.ankita.ankita@gmail.com>
|
||||
Jörg Sonnenberger <joerg@britannica.bec.de>
|
||||
Juli Mallett <jmallett@freebsd.org>
|
||||
Larry Baird <lab@gta.com>
|
||||
Maëlle Lesage <lesage.maelle@gmail.com>
|
||||
Mark Murray <markm@freebsd.org>
|
||||
Matthias Drochner <drochner@netbsd.org>
|
||||
|
@ -39,12 +44,13 @@ ideas:
|
|||
Mikhail Teterin <mi@aldan.algebra.com>
|
||||
Mikko Työläjärvi <mbsd@pacbell.net>
|
||||
Nick Hibma <nick@van-laarhoven.org>
|
||||
Patrick Bihan-Faou <patrick-fbsd@mindstep.com>
|
||||
Robert Morris <rtm@lcs.mit.edu>
|
||||
Robert Watson <rwatson@freebsd.org>
|
||||
Ruslan Ermilov <ru@freebsd.org>
|
||||
Sebastian Krahmer <sebastian.krahmer@gmail.com>
|
||||
Solar Designer <solar@openwall.com>
|
||||
Takanori Saneto <sanewo@ba2.so-net.ne.jp>
|
||||
Tim Creech <tcreech@tcreech.com>
|
||||
Wojciech A. Koszek <wkoszek@freebsd.org>
|
||||
Yar Tikhiy <yar@freebsd.org>
|
||||
|
||||
$Id$
|
||||
|
|
82
HISTORY
82
HISTORY
|
@ -1,3 +1,81 @@
|
|||
OpenPAM Ximenia 2023-06-27
|
||||
|
||||
- BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
|
||||
expect scripts.
|
||||
|
||||
- BUGFIX: In openpam_set_option(3), when removing an option, properly
|
||||
decrement the option count.
|
||||
|
||||
- BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
|
||||
template.
|
||||
============================================================================
|
||||
OpenPAM Tabebuia 2019-02-24
|
||||
|
||||
- BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
|
||||
OpenPAM Radula.
|
||||
|
||||
- ENHANCE: Add unit tests for pam_{get,put,set}env(3).
|
||||
============================================================================
|
||||
OpenPAM Resedacea 2017-04-30
|
||||
|
||||
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
|
||||
OpenPAM Radula, as it breaks common error-handling constructs.
|
||||
|
||||
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
|
||||
dispatcher when the required service function could not be found.
|
||||
|
||||
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
|
||||
NULL in API functions that have a NULL check.
|
||||
|
||||
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
|
||||
PAM_BAD_CONSTANT error codes for situations where we previously
|
||||
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
|
||||
had been passed to an API function.
|
||||
|
||||
- ENHANCE: Improve the RETURN VALUES section in API man pages,
|
||||
especially for functions that cannot fail, which were incorrectly
|
||||
documented as returning -1 on failure.
|
||||
============================================================================
|
||||
OpenPAM Radula 2017-02-19
|
||||
|
||||
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
|
||||
pam_get_user(3) from using application-provided custom prompts.
|
||||
|
||||
- BUGFIX: Plug a memory leak in pam_set_item(3).
|
||||
|
||||
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
|
||||
|
||||
- BUGFIX: In openpam_readword(3), support line continuations within
|
||||
whitespace.
|
||||
|
||||
- ENHANCE: Add a feature flag to control fallback to "other" policy.
|
||||
|
||||
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
|
||||
code specified in the module options.
|
||||
|
||||
- ENHANCE: More and better unit tests.
|
||||
============================================================================
|
||||
OpenPAM Ourouparia 2014-09-12
|
||||
|
||||
- ENHANCE: When executing a chain, require at least one service
|
||||
function to succeed. This mitigates fail-open scenarios caused by
|
||||
misconfigurations or missing modules.
|
||||
|
||||
- ENHANCE: Make sure to overwrite buffers which may have contained an
|
||||
authentication token when they're no longer needed.
|
||||
|
||||
- BUGFIX: Under certain circumstances, specifying a non-existent
|
||||
module (or misspelling the name of a module) in a policy could
|
||||
result in a fail-open scenario. (CVE-2014-3879)
|
||||
|
||||
- FEATURE: Add a search path for modules. This was implemented in
|
||||
Nummularia but inadvertently left out of the release notes.
|
||||
|
||||
- BUGFIX: The is_upper() predicate only accepted the letter A as an
|
||||
upper-case character instead of the entire A-Z range. As a result,
|
||||
service and module names containing upper-case letters other than A
|
||||
would be rejected.
|
||||
============================================================================
|
||||
OpenPAM Nummularia 2013-09-07
|
||||
|
||||
- ENHANCE: Rewrite the dynamic loader to improve readability and
|
||||
|
@ -97,7 +175,7 @@ OpenPAM Lycopsida 2011-12-18
|
|||
module before loading it.
|
||||
|
||||
- ENHANCE: added / improved input validation in many cases, including
|
||||
the policy file and some function arguments.
|
||||
the policy file and some function arguments. (CVE-2011-4122)
|
||||
============================================================================
|
||||
OpenPAM Hydrangea 2007-12-21
|
||||
|
||||
|
@ -427,5 +505,3 @@ Fixed a number of bugs in the previous release, including:
|
|||
OpenPAM Calamite 2002-02-09
|
||||
|
||||
First (beta) release.
|
||||
============================================================================
|
||||
$Id$
|
||||
|
|
4
LICENSE
4
LICENSE
|
@ -1,6 +1,6 @@
|
|||
|
||||
Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
Copyright (c) 2004-2012 Dag-Erling Smørgrav
|
||||
Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
All rights reserved.
|
||||
|
||||
This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,5 +31,3 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
$Id$
|
||||
|
|
33
Makefile.am
33
Makefile.am
|
@ -1,8 +1,6 @@
|
|||
# $Id$
|
||||
|
||||
ACLOCAL_AMFLAGS = -I m4
|
||||
|
||||
SUBDIRS = lib bin modules include
|
||||
SUBDIRS = misc include lib bin modules
|
||||
|
||||
if WITH_DOC
|
||||
SUBDIRS += doc
|
||||
|
@ -19,3 +17,32 @@ EXTRA_DIST = \
|
|||
RELNOTES \
|
||||
autogen.sh \
|
||||
misc/gendoc.pl
|
||||
|
||||
if WITH_CODE_COVERAGE
|
||||
covdir = @abs_top_builddir@/cov
|
||||
coverage: coverage-clean all coverage-prepare coverage-run coverage-report
|
||||
coverage-clean:
|
||||
-rm -rf "${covdir}"
|
||||
coverage-prepare:
|
||||
mkdir "${covdir}"
|
||||
if CLANG_CODE_COVERAGE
|
||||
profdata = ${covdir}/@PACKAGE@.profdata
|
||||
# hardcoding libpam.so here is horrible, need to find a better solution
|
||||
coverage-run:
|
||||
LLVM_PROFILE_FILE="${covdir}/@PACKAGE@.%p.raw" \
|
||||
${MAKE} -C "@abs_top_builddir@" check
|
||||
coverage-report:
|
||||
llvm-profdata@clang_ver@ merge \
|
||||
--sparse "${covdir}/@PACKAGE@".*.raw -o "${profdata}"
|
||||
llvm-cov@clang_ver@ show \
|
||||
--format=html --tab-size=8 \
|
||||
--output-dir="${covdir}" \
|
||||
--instr-profile="${profdata}" \
|
||||
--object "@abs_top_builddir@/lib/libpam/.libs/libpam.so"
|
||||
@echo "coverage report: file://${covdir}/index.html"
|
||||
endif
|
||||
else
|
||||
coverage:
|
||||
echo "code coverage is not enabled." >&2
|
||||
false
|
||||
endif
|
||||
|
|
17
README
17
README
|
@ -7,21 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
|
|||
Solaris, at the expense of XSSO conformance and Linux-PAM
|
||||
compatibility.
|
||||
|
||||
These are some of OpenPAM's features:
|
||||
|
||||
- Implements the complete PAM API as described in the original PAM
|
||||
paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
|
||||
except for mappings and secondary authentication. Also
|
||||
implements some extensions found in Solaris 9.
|
||||
|
||||
- Extends the API with several useful and time-saving functions.
|
||||
|
||||
- Performs strict checking of return values from service modules.
|
||||
|
||||
- Reads configuration from /etc/pam.d/, /etc/pam.conf,
|
||||
/usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
|
||||
this will be made configurable in a future release.
|
||||
|
||||
Please direct bug reports and inquiries to <des@des.no>.
|
||||
|
||||
$Id$
|
||||
|
|
19
RELNOTES
19
RELNOTES
|
@ -1,24 +1,21 @@
|
|||
|
||||
Release notes for OpenPAM Nummularia
|
||||
====================================
|
||||
Release notes for OpenPAM Ximenia
|
||||
=================================
|
||||
|
||||
This release corresponds to the code used in FreeBSD HEAD as of the
|
||||
release date, and is also expected to work on almost any POSIX-like
|
||||
platform that has GNU autotools, GNU make and the GNU compiler suite
|
||||
installed.
|
||||
OpenPAM is developed primarily on FreeBSD, but is expected to work on
|
||||
almost any POSIX-like platform that has GNU autotools, GNU make and
|
||||
the GNU compiler suite installed.
|
||||
|
||||
The distribution consists of the following components:
|
||||
The OpenPAM distribution consists of the following components:
|
||||
|
||||
- The PAM library itself, with complete API documentation.
|
||||
|
||||
- Sample modules (pam_permit, pam_deny and pam_unix) and a sample
|
||||
application (su) which demonstrate how to use PAM.
|
||||
application (su) which demonstrate how to use the PAM library.
|
||||
|
||||
- A test application (pamtest) which can be used to test policies and
|
||||
modules.
|
||||
|
||||
- Unit tests for limited portions of the libraries.
|
||||
- Unit tests for limited portions of the library.
|
||||
|
||||
Please direct bug reports and inquiries to <des@des.no>.
|
||||
|
||||
$Id$
|
||||
|
|
20
TODO
20
TODO
|
@ -1,17 +1,9 @@
|
|||
Before the next release:
|
||||
- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
|
||||
documentation are slightly incorrect, OpenPAM's pam_unix(8) is
|
||||
incorrect, all FreeBSD modules are broken)
|
||||
|
||||
- Rewrite openpam_ttyconv(3).
|
||||
- mostly done, needs review.
|
||||
- Add loop detection to openpam_load_chain().
|
||||
|
||||
- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
|
||||
documentation are slightly incorrect, OpenPAM's pam_unix(8) is
|
||||
incorrect, all FreeBSD modules are broken)
|
||||
- Complete unit tests for openpam_dispatch().
|
||||
|
||||
- Add loop detection to openpam_load_chain().
|
||||
|
||||
- Look into the possibility of implementing a version of (or a
|
||||
wrapper for) openpam_log() which respects the PAM_SILENT flag and
|
||||
the no_warn module option. This would eliminate the need for
|
||||
FreeBSD's _pam_verbose_error().
|
||||
|
||||
$Id$
|
||||
- Stop using PAM_SYMBOL_ERR incorrectly.
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
set -ex
|
||||
|
||||
|
@ -18,4 +15,5 @@ export CONFIG_SHELL=/bin/sh
|
|||
--enable-debug \
|
||||
--enable-developer-warnings \
|
||||
--enable-werror \
|
||||
--enable-code-coverage \
|
||||
"$@"
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
aclocal -I m4
|
||||
libtoolize --copy --force
|
||||
aclocal -I m4
|
||||
autoheader
|
||||
automake -a -c --foreign
|
||||
automake --add-missing --copy --foreign
|
||||
autoconf
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = openpam_dump_policy
|
||||
|
||||
if WITH_PAMTEST
|
||||
|
|
1
bin/openpam_dump_policy/.gitignore
vendored
Normal file
1
bin/openpam_dump_policy/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
/openpam_dump_policy
|
|
@ -1,7 +1,9 @@
|
|||
# $Id$
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/libpam
|
||||
|
||||
noinst_PROGRAMS = openpam_dump_policy
|
||||
openpam_dump_policy_SOURCES = openpam_dump_policy.c
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
openpam_dump_policy_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -64,7 +62,7 @@ openpam_facility_index_name(pam_facility_t fclt)
|
|||
if (asprintf(&name, "PAM_%s", facility) == -1)
|
||||
return (NULL);
|
||||
for (p = name + 4; *p; ++p)
|
||||
*p = toupper(*p);
|
||||
*p = toupper((unsigned char)*p);
|
||||
return (name);
|
||||
}
|
||||
|
||||
|
|
1
bin/pamtest/.gitignore
vendored
Normal file
1
bin/pamtest/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
/pamtest
|
|
@ -1,9 +1,11 @@
|
|||
# $Id$
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
||||
bin_PROGRAMS = pamtest
|
||||
pamtest_SOURCES = pamtest.c
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
pamtest_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
pamtest_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
||||
dist_man1_MANS = pamtest.1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,15 +26,13 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd September 7, 2013
|
||||
.Dd July 11, 2013
|
||||
.Dt PAMTEST 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm pamtest
|
||||
.Nd PAM policy tester
|
||||
.Sh SYNOPSYS
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl dkMPsv
|
||||
.Op Fl H Ar rhost
|
||||
|
@ -168,7 +166,7 @@ pamtest -v system auth account change setcred open close unsetcred
|
|||
The
|
||||
.Nm
|
||||
utility and this manual page were written by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
.Sh BUGS
|
||||
The
|
||||
.Nm
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
1
bin/su/.gitignore
vendored
Normal file
1
bin/su/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
/su
|
|
@ -1,9 +1,11 @@
|
|||
# $Id$
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
||||
bin_PROGRAMS = su
|
||||
su_SOURCES = su.c
|
||||
if WITH_SYSTEM_LIBPAM
|
||||
su_LDADD = $(SYSTEM_LIBPAM)
|
||||
else
|
||||
su_LDADD = $(top_builddir)/lib/libpam/libpam.la
|
||||
endif
|
||||
|
||||
dist_man1_MANS = su.1
|
||||
|
|
10
bin/su/su.1
10
bin/su/su.1
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,15 +26,13 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd September 7, 2013
|
||||
.Dd November 2, 2011
|
||||
.Dt SU 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm su
|
||||
.Nd switch user identity
|
||||
.Sh SYNOPSYS
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Ar login Op Ar ...
|
||||
.Sh DESCRIPTION
|
||||
|
@ -62,4 +60,4 @@ and should not be used in production systems.
|
|||
The
|
||||
.Nm
|
||||
utility and this manual page were written by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
93
configure.ac
93
configure.ac
|
@ -1,8 +1,5 @@
|
|||
dnl $Id$
|
||||
|
||||
AC_PREREQ([2.62])
|
||||
AC_REVISION([$Id$])
|
||||
AC_INIT([OpenPAM], [20130907], [des@des.no], [openpam], [http://www.openpam.org/])
|
||||
AC_PREREQ([2.69])
|
||||
AC_INIT([OpenPAM], [trunk], [des@des.no], [openpam], [https://openpam.org/])
|
||||
AC_CONFIG_SRCDIR([lib/libpam/pam_start.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AM_INIT_AUTOMAKE([foreign])
|
||||
|
@ -10,18 +7,23 @@ AM_CONFIG_HEADER([config.h])
|
|||
|
||||
# C compiler and features
|
||||
AC_LANG(C)
|
||||
AC_PROG_CC
|
||||
AC_PROG_CC([clang gcc cc])
|
||||
AC_PROG_CC_STDC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_CXX([clang++ g++ c++])
|
||||
AC_GNU_SOURCE
|
||||
AC_C_CONST
|
||||
AC_C_RESTRICT
|
||||
AC_C_VOLATILE
|
||||
AX_COMPILER_VENDOR
|
||||
|
||||
# libtool
|
||||
LT_PREREQ([2.2.6])
|
||||
LT_INIT([disable-static dlopen])
|
||||
|
||||
# pkg-config
|
||||
AX_PROG_PKG_CONFIG
|
||||
|
||||
# other programs
|
||||
AC_PROG_INSTALL
|
||||
|
||||
|
@ -31,26 +33,26 @@ AC_DEFINE_UNQUOTED(LIB_MAJ, $LIB_MAJ, [OpenPAM library major number])
|
|||
|
||||
AC_ARG_ENABLE([debug],
|
||||
AC_HELP_STRING([--enable-debug],
|
||||
[turn debugging macros on]),
|
||||
[turn debugging macros on]),
|
||||
AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging macros on]))
|
||||
|
||||
AC_ARG_ENABLE([unversioned-modules],
|
||||
AC_HELP_STRING([--disable-unversioned-modules],
|
||||
[support loading of unversioned modules]),
|
||||
[support loading of unversioned modules]),
|
||||
[AS_IF([test x"$enableval" = x"no"], [
|
||||
AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
|
||||
1,
|
||||
[Whether loading unversioned modules support is disabled])
|
||||
AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
|
||||
1,
|
||||
[Whether loading unversioned modules support is disabled])
|
||||
])])
|
||||
|
||||
AC_ARG_WITH([modules-dir],
|
||||
AC_HELP_STRING([--with-modules-dir=DIR],
|
||||
[OpenPAM modules directory]),
|
||||
[OpenPAM modules directory]),
|
||||
[AS_IF([test x"$withval" != x"no"], [
|
||||
OPENPAM_MODULES_DIR="$withval"
|
||||
AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
|
||||
"${OPENPAM_MODULES_DIR%/}",
|
||||
[OpenPAM modules directory])
|
||||
OPENPAM_MODULES_DIR="$withval"
|
||||
AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
|
||||
"${OPENPAM_MODULES_DIR%/}",
|
||||
[OpenPAM modules directory])
|
||||
])])
|
||||
AC_SUBST(OPENPAM_MODULES_DIR)
|
||||
AM_CONDITIONAL([CUSTOM_MODULES_DIR], [test x"$OPENPAM_MODULES_DIR" != x""])
|
||||
|
@ -62,30 +64,36 @@ AC_ARG_WITH([doc],
|
|||
AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" = x"yes"])
|
||||
|
||||
AC_ARG_WITH([pam-unix],
|
||||
AC_HELP_STRING([--with-pam-unix], [compile sample pam_unix(8) module]),
|
||||
AC_HELP_STRING([--with-pam-unix], [build sample pam_unix(8) module]),
|
||||
[],
|
||||
[with_pam_unix=no])
|
||||
AM_CONDITIONAL([WITH_PAM_UNIX], [test x"$with_pam_unix" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(pamtest,
|
||||
AC_HELP_STRING([--with-pamtest], [compile test application]),
|
||||
AC_HELP_STRING([--with-pamtest], [build test application]),
|
||||
[],
|
||||
[with_pamtest=no])
|
||||
AM_CONDITIONAL([WITH_PAMTEST], [test x"$with_pamtest" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(su,
|
||||
AC_HELP_STRING([--with-su], [compile sample su(1) implementation]),
|
||||
AC_HELP_STRING([--with-su], [build sample su(1) implementation]),
|
||||
[],
|
||||
[with_su=no])
|
||||
AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
|
||||
|
||||
AC_ARG_WITH(system-libpam,
|
||||
AC_HELP_STRING([--with-system-libpam], [use system libpam]),
|
||||
[],
|
||||
[with_system_libpam=no])
|
||||
AM_CONDITIONAL([WITH_SYSTEM_LIBPAM], [test x"$with_system_libpam" = x"yes"])
|
||||
|
||||
AC_CHECK_HEADERS([crypt.h])
|
||||
|
||||
AC_CHECK_FUNCS([asprintf vasprintf])
|
||||
AC_CHECK_FUNCS([dlfunc fdlopen])
|
||||
AC_CHECK_FUNCS([fpurge])
|
||||
AC_CHECK_FUNCS([setlogmask])
|
||||
AC_CHECK_FUNCS([strlcat strlcmp strlcpy])
|
||||
AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset])
|
||||
|
||||
saved_LIBS="${LIBS}"
|
||||
LIBS=""
|
||||
|
@ -96,21 +104,19 @@ AC_SUBST(DL_LIBS)
|
|||
|
||||
saved_LIBS="${LIBS}"
|
||||
LIBS=""
|
||||
AC_CHECK_LIB([crypt], [crypt])
|
||||
CRYPT_LIBS="${LIBS}"
|
||||
AC_CHECK_LIB([pam], [pam_start])
|
||||
SYSTEM_LIBPAM="${LIBS}"
|
||||
LIBS="${saved_LIBS}"
|
||||
AC_SUBST(CRYPT_LIBS)
|
||||
AC_SUBST(SYSTEM_LIBPAM)
|
||||
|
||||
saved_LIBS="${LIBS}"
|
||||
LIBS=""
|
||||
AC_CHECK_LIB([crypto], [HMAC_CTX_init])
|
||||
CRYPTO_LIBS="${LIBS}"
|
||||
LIBS="${saved_LIBS}"
|
||||
AC_SUBST(CRYPTO_LIBS)
|
||||
AX_PKG_CONFIG_CHECK([cryb-test],
|
||||
[AC_MSG_NOTICE([Cryb test framework found, unit tests enabled.])],
|
||||
[AC_MSG_WARN([Cryb test framework not found, unit tests disabled.])])
|
||||
AM_CONDITIONAL([WITH_TEST], [test x"$CRYB_TEST_LIBS" != x""])
|
||||
|
||||
AC_ARG_ENABLE([developer-warnings],
|
||||
AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -Wall -Wextra"])
|
||||
[CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"])
|
||||
AC_ARG_ENABLE([debugging-symbols],
|
||||
AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
|
||||
|
@ -118,6 +124,27 @@ AC_ARG_ENABLE([werror],
|
|||
AS_HELP_STRING([--enable-werror], [use -Werror (default is NO)]),
|
||||
[CFLAGS="${CFLAGS} -Werror"])
|
||||
|
||||
AC_ARG_ENABLE([code-coverage],
|
||||
AS_HELP_STRING([--enable-code-coverage],
|
||||
[enable code coverage]))
|
||||
AS_IF([test x"$enable_code_coverage" = x"yes"], [
|
||||
AM_COND_IF([WITH_TEST], [
|
||||
AS_IF([test x"$ax_cv_c_compiler_vendor" = x"clang"], [
|
||||
CFLAGS="${CFLAGS} -fprofile-instr-generate -fcoverage-mapping"
|
||||
clang_code_coverage="yes"
|
||||
AC_SUBST([clang_ver], [${CC#clang}])
|
||||
], [
|
||||
AC_MSG_ERROR([code coverage is only supported with clang])
|
||||
])
|
||||
AC_DEFINE([WITH_CODE_COVERAGE], [1], [Define to 1 if code coverage is enabled])
|
||||
AC_MSG_NOTICE([code coverage enabled])
|
||||
], [
|
||||
AC_MSG_ERROR([code coverage requires unit tests])
|
||||
])
|
||||
])
|
||||
AM_CONDITIONAL([WITH_CODE_COVERAGE], [test x"$enable_code_coverage" = x"yes"])
|
||||
AM_CONDITIONAL([CLANG_CODE_COVERAGE], [test x"$clang_code_coverage" = x"yes"])
|
||||
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
bin/Makefile
|
||||
|
@ -126,16 +153,18 @@ AC_CONFIG_FILES([
|
|||
bin/su/Makefile
|
||||
doc/Makefile
|
||||
doc/man/Makefile
|
||||
freebsd/Makefile
|
||||
include/Makefile
|
||||
include/security/Makefile
|
||||
lib/Makefile
|
||||
lib/libpam/Makefile
|
||||
misc/Makefile
|
||||
modules/Makefile
|
||||
modules/pam_deny/Makefile
|
||||
modules/pam_permit/Makefile
|
||||
modules/pam_return/Makefile
|
||||
modules/pam_unix/Makefile
|
||||
t/Makefile
|
||||
])
|
||||
AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
|
||||
AC_CONFIG_FILES([mkpkgng],[chmod +x mkpkgng])
|
||||
AC_CONFIG_FILES([misc/coverity.sh],[chmod +x misc/coverity.sh])
|
||||
AC_OUTPUT
|
||||
|
|
|
@ -1,3 +1 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = man
|
||||
|
|
2
doc/man/.gitignore
vendored
Normal file
2
doc/man/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
/*.3
|
||||
!/pam_conv.3
|
|
@ -1,9 +1,7 @@
|
|||
# $Id$
|
||||
|
||||
NULL =
|
||||
|
||||
# Standard PAM API
|
||||
PMAN = \
|
||||
PAM_MAN = \
|
||||
pam_acct_mgmt.3 \
|
||||
pam_authenticate.3 \
|
||||
pam_chauthtok.3 \
|
||||
|
@ -24,7 +22,7 @@ PMAN = \
|
|||
$(NULL)
|
||||
|
||||
# Standard module API
|
||||
MMAN = \
|
||||
MOD_MAN = \
|
||||
pam_sm_acct_mgmt.3 \
|
||||
pam_sm_authenticate.3 \
|
||||
pam_sm_chauthtok.3 \
|
||||
|
@ -34,7 +32,7 @@ MMAN = \
|
|||
$(NULL)
|
||||
|
||||
# OpenPAM extensions
|
||||
OMAN = \
|
||||
OPENPAM_MAN = \
|
||||
openpam_borrow_cred.3 \
|
||||
openpam_free_data.3 \
|
||||
openpam_free_envlist.3 \
|
||||
|
@ -63,8 +61,13 @@ OMAN = \
|
|||
|
||||
EXTRA_DIST = openpam.man pam.man
|
||||
|
||||
ALLCMAN = $(PMAN) $(MMAN) $(OMAN)
|
||||
GENMAN = $(ALLCMAN) openpam.3 pam.3
|
||||
if !WITH_SYSTEM_LIBPAM
|
||||
PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN)
|
||||
PAMXMAN = openpam.3 pam.3
|
||||
endif
|
||||
|
||||
ALLCMAN = $(PAMCMAN)
|
||||
GENMAN = $(ALLCMAN) $(PAMXMAN)
|
||||
|
||||
dist_man3_MANS = $(GENMAN) pam_conv.3
|
||||
|
||||
|
@ -74,9 +77,9 @@ CLEANFILES = $(GENMAN)
|
|||
|
||||
GENDOC = $(top_srcdir)/misc/gendoc.pl
|
||||
|
||||
LIBSRCDIR = $(top_srcdir)/lib/libpam
|
||||
LIBPAMSRCDIR = $(top_srcdir)/lib/libpam
|
||||
|
||||
VPATH = $(LIBSRCDIR) $(srcdir)
|
||||
VPATH = $(LIBPAMSRCDIR) $(srcdir)
|
||||
|
||||
SUFFIXES = .3
|
||||
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Sh DESCRIPTION
|
||||
These functions are OpenPAM extensions to the PAM API.
|
||||
Those named
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2005-2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2005-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,9 +26,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd September 7, 2013
|
||||
.Dd March 17, 2013
|
||||
.Dt PAM.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -212,4 +210,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
|
|||
as part of the DARPA CHATS research program.
|
||||
.Pp
|
||||
The OpenPAM library is maintained by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Sh DESCRIPTION
|
||||
The Pluggable Authentication Modules (PAM) library abstracts a number
|
||||
of common authentication-related operations and provides a framework
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.\"-
|
||||
.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
.\" Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -32,9 +32,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id$
|
||||
.\"
|
||||
.Dd September 7, 2013
|
||||
.Dd June 16, 2005
|
||||
.Dt PAM_CONV 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -76,7 +74,7 @@ item.
|
|||
.Pp
|
||||
The conversation function's first argument specifies the number of
|
||||
messages (up to
|
||||
.Dv PAM_NUM_MSG )
|
||||
.Dv PAM_MAX_NUM_MSG )
|
||||
to process.
|
||||
The second argument is a pointer to an array of pointers to
|
||||
.Vt pam_message
|
||||
|
@ -183,4 +181,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
|
|||
as part of the DARPA CHATS research program.
|
||||
.Pp
|
||||
The OpenPAM library is maintained by
|
||||
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
|
||||
.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
$Id$
|
||||
|
||||
Errata in XSSO, chapter 5:
|
||||
|
||||
p. 25: the first member of struct pam_response is named "resp", not
|
||||
|
|
2
freebsd/.gitignore
vendored
Normal file
2
freebsd/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
!/Makefile.in
|
||||
/work
|
33
freebsd/Makefile.in
Normal file
33
freebsd/Makefile.in
Normal file
|
@ -0,0 +1,33 @@
|
|||
# $FreeBSD: portlint$
|
||||
|
||||
PORTNAME= @PACKAGE_TARNAME@
|
||||
PORTVERSION= @PACKAGE_VERSION@
|
||||
CATEGORIES= security devel
|
||||
MASTER_SITES= #
|
||||
DISTFILES= #
|
||||
|
||||
MAINTAINER= @PACKAGE_BUGREPORT@
|
||||
COMMENT= BSD-licensed implementation of Pluggable Authentication Modules
|
||||
|
||||
LICENSE= BSD3CLAUSE
|
||||
|
||||
USES= gmake libtool pkgconfig
|
||||
USE_LDCONFIG= yes
|
||||
GNU_CONFIGURE= yes
|
||||
INSTALL_TARGET= install-strip
|
||||
TEST_TARGET= check
|
||||
|
||||
DESCR= ${WRKDIR}/pkg-descr
|
||||
|
||||
do-extract:
|
||||
(cd @abs_top_srcdir@ && \
|
||||
${GMAKE} distdir && ${MV} ${PKGNAME} ${WRKDIR})
|
||||
(${CAT} ${WRKSRC}/README && ${ECHO} && \
|
||||
${ECHO} "WWW: @PACKAGE_URL@") >${DESCR}
|
||||
|
||||
post-stage:
|
||||
(cd ${STAGEDIR} && \
|
||||
${FIND} -s . -type f -or -type l | cut -c 2- | \
|
||||
${SED} -E '/\/man\//s/([0-9])$$/\1.gz/') >>${TMPPLIST}
|
||||
|
||||
.include <bsd.port.mk>
|
|
@ -1,3 +1 @@
|
|||
# $Id$
|
||||
|
||||
SUBDIRS = security
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# $Id$
|
||||
|
||||
securitydir = $(includedir)/security
|
||||
|
||||
security_HEADERS = \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_OPENPAM_H_INCLUDED
|
||||
|
@ -186,6 +184,7 @@ enum {
|
|||
OPENPAM_VERIFY_POLICY_FILE,
|
||||
OPENPAM_RESTRICT_MODULE_NAME,
|
||||
OPENPAM_VERIFY_MODULE_FILE,
|
||||
OPENPAM_FALLBACK_TO_OTHER,
|
||||
OPENPAM_NUM_FEATURES
|
||||
};
|
||||
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
/*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_OPENPAM_ATTR_H_INCLUDED
|
||||
#define SECURITY_OPENPAM_ATTR_H_INCLUDED
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,15 +31,13 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
|
||||
#define SECURITY_OPENPAM_VERSION_H_INCLUDED
|
||||
|
||||
#define OPENPAM
|
||||
#define OPENPAM_VERSION 20130907
|
||||
#define OPENPAM_RELEASE "Nummularia"
|
||||
#define OPENPAM_VERSION 20230627
|
||||
#define OPENPAM_RELEASE "Ximenia"
|
||||
|
||||
#endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_APPL_H_INCLUDED
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_CONSTANTS_H_INCLUDED
|
||||
|
@ -78,6 +76,10 @@ enum {
|
|||
PAM_TRY_AGAIN = 27,
|
||||
PAM_MODULE_UNKNOWN = 28,
|
||||
PAM_DOMAIN_UNKNOWN = 29,
|
||||
PAM_BAD_HANDLE = 30, /* OpenPAM extension */
|
||||
PAM_BAD_ITEM = 31, /* OpenPAM extension */
|
||||
PAM_BAD_FEATURE = 32, /* OpenPAM extension */
|
||||
PAM_BAD_CONSTANT = 33, /* OpenPAM extension */
|
||||
PAM_NUM_ERRORS /* OpenPAM extension */
|
||||
};
|
||||
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_MODULES_H_INCLUDED
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef SECURITY_PAM_TYPES_H_INCLUDED
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# $Id$
|
||||
SUBDIRS =
|
||||
|
||||
SUBDIRS = libpam
|
||||
if !WITH_SYSTEM_LIBPAM
|
||||
SUBDIRS += libpam
|
||||
endif
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# $Id$
|
||||
|
||||
NULL =
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/include
|
||||
|
@ -18,6 +16,7 @@ noinst_HEADERS = \
|
|||
openpam_strlcat.h \
|
||||
openpam_strlcmp.h \
|
||||
openpam_strlcpy.h \
|
||||
openpam_strlset.h \
|
||||
openpam_vasprintf.h
|
||||
|
||||
libpam_la_SOURCES = \
|
||||
|
@ -44,9 +43,10 @@ libpam_la_SOURCES = \
|
|||
openpam_set_option.c \
|
||||
openpam_set_feature.c \
|
||||
openpam_static.c \
|
||||
openpam_straddch.c \
|
||||
openpam_strlcat.c \
|
||||
openpam_strlcpy.c \
|
||||
openpam_straddch.c \
|
||||
openpam_strlset.c \
|
||||
openpam_subst.c \
|
||||
openpam_vasprintf.c \
|
||||
openpam_ttyconv.c \
|
||||
|
@ -77,8 +77,8 @@ libpam_la_SOURCES = \
|
|||
pam_vprompt.c \
|
||||
$(NULL)
|
||||
|
||||
libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
|
||||
libpam_la_LIBADD = @DL_LIBS@
|
||||
libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
|
||||
libpam_la_LIBADD = $(DL_LIBS)
|
||||
|
||||
EXTRA_DIST = \
|
||||
pam_authenticate_secondary.c \
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_ASPRINTF_H_INCLUDED
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -193,6 +191,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid facility",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (facility != fclt && facility != PAM_FACILITY_ANY) {
|
||||
|
@ -208,18 +207,28 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid service name",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (wordv[i] != NULL) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): garbage at end of line",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
ret = openpam_load_chain(pamh, servicename, fclt);
|
||||
FREEV(wordc, wordv);
|
||||
if (ret < 0)
|
||||
if (ret < 0) {
|
||||
/*
|
||||
* Bogus errno, but this ensures that the
|
||||
* outer loop does not just ignore the
|
||||
* error and keep searching.
|
||||
*/
|
||||
if (errno == ENOENT)
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -229,6 +238,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid control flag",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
@ -238,6 +248,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid module name",
|
||||
filename, lineno);
|
||||
errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
@ -247,8 +258,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
this->flag = ctlf;
|
||||
|
||||
/* load module */
|
||||
if ((this->module = openpam_load_module(modulename)) == NULL)
|
||||
if ((this->module = openpam_load_module(modulename)) == NULL) {
|
||||
if (errno == ENOENT)
|
||||
errno = ENOEXEC;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/*
|
||||
* The remaining items in wordv are the module's
|
||||
|
@ -281,7 +295,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
|||
* The loop ended because openpam_readword() returned NULL, which
|
||||
* can happen for four different reasons: an I/O error (ferror(f)
|
||||
* is true), a memory allocation failure (ferror(f) is false,
|
||||
* errno is non-zero)
|
||||
* feof(f) is false, errno is non-zero), the file ended with an
|
||||
* unterminated quote or backslash escape (ferror(f) is false,
|
||||
* feof(f) is true, errno is non-zero), or the end of the file was
|
||||
* reached without error (ferror(f) is false, feof(f) is true,
|
||||
* errno is zero).
|
||||
*/
|
||||
if (ferror(f) || errno != 0)
|
||||
goto syserr;
|
||||
|
@ -390,6 +408,10 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
for (path = openpam_policy_path; *path != NULL; ++path) {
|
||||
/* construct filename */
|
||||
len = strlcpy(filename, *path, sizeof filename);
|
||||
if (len >= sizeof filename) {
|
||||
errno = ENAMETOOLONG;
|
||||
RETURNN(-1);
|
||||
}
|
||||
if (filename[len - 1] == '/') {
|
||||
len = strlcat(filename, service, sizeof filename);
|
||||
if (len >= sizeof filename) {
|
||||
|
@ -402,6 +424,9 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
}
|
||||
ret = openpam_load_file(pamh, service, facility,
|
||||
filename, style);
|
||||
/* success */
|
||||
if (ret > 0)
|
||||
RETURNN(ret);
|
||||
/* the file exists, but an error occurred */
|
||||
if (ret == -1 && errno != ENOENT)
|
||||
RETURNN(ret);
|
||||
|
@ -411,7 +436,8 @@ openpam_load_chain(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
/* no hit */
|
||||
RETURNN(0);
|
||||
errno = ENOENT;
|
||||
RETURNN(-1);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -432,13 +458,17 @@ openpam_configure(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_ERROR, "invalid service name");
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
}
|
||||
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
|
||||
goto load_err;
|
||||
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
|
||||
if (errno != ENOENT)
|
||||
goto load_err;
|
||||
}
|
||||
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
||||
if (pamh->chains[fclt] != NULL)
|
||||
continue;
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
|
||||
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
|
||||
goto load_err;
|
||||
}
|
||||
}
|
||||
RETURNC(PAM_SUCCESS);
|
||||
load_err:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -44,86 +42,126 @@
|
|||
#include "openpam_impl.h"
|
||||
|
||||
const char *pam_err_name[PAM_NUM_ERRORS] = {
|
||||
"PAM_SUCCESS",
|
||||
"PAM_OPEN_ERR",
|
||||
"PAM_SYMBOL_ERR",
|
||||
"PAM_SERVICE_ERR",
|
||||
"PAM_SYSTEM_ERR",
|
||||
"PAM_BUF_ERR",
|
||||
"PAM_CONV_ERR",
|
||||
"PAM_PERM_DENIED",
|
||||
"PAM_MAXTRIES",
|
||||
"PAM_AUTH_ERR",
|
||||
"PAM_NEW_AUTHTOK_REQD",
|
||||
"PAM_CRED_INSUFFICIENT",
|
||||
"PAM_AUTHINFO_UNAVAIL",
|
||||
"PAM_USER_UNKNOWN",
|
||||
"PAM_CRED_UNAVAIL",
|
||||
"PAM_CRED_EXPIRED",
|
||||
"PAM_CRED_ERR",
|
||||
"PAM_ACCT_EXPIRED",
|
||||
"PAM_AUTHTOK_EXPIRED",
|
||||
"PAM_SESSION_ERR",
|
||||
"PAM_AUTHTOK_ERR",
|
||||
"PAM_AUTHTOK_RECOVERY_ERR",
|
||||
"PAM_AUTHTOK_LOCK_BUSY",
|
||||
"PAM_AUTHTOK_DISABLE_AGING",
|
||||
"PAM_NO_MODULE_DATA",
|
||||
"PAM_IGNORE",
|
||||
"PAM_ABORT",
|
||||
"PAM_TRY_AGAIN",
|
||||
"PAM_MODULE_UNKNOWN",
|
||||
"PAM_DOMAIN_UNKNOWN"
|
||||
[PAM_SUCCESS] = "PAM_SUCCESS",
|
||||
[PAM_OPEN_ERR] = "PAM_OPEN_ERR",
|
||||
[PAM_SYMBOL_ERR] = "PAM_SYMBOL_ERR",
|
||||
[PAM_SERVICE_ERR] = "PAM_SERVICE_ERR",
|
||||
[PAM_SYSTEM_ERR] = "PAM_SYSTEM_ERR",
|
||||
[PAM_BUF_ERR] = "PAM_BUF_ERR",
|
||||
[PAM_CONV_ERR] = "PAM_CONV_ERR",
|
||||
[PAM_PERM_DENIED] = "PAM_PERM_DENIED",
|
||||
[PAM_MAXTRIES] = "PAM_MAXTRIES",
|
||||
[PAM_AUTH_ERR] = "PAM_AUTH_ERR",
|
||||
[PAM_NEW_AUTHTOK_REQD] = "PAM_NEW_AUTHTOK_REQD",
|
||||
[PAM_CRED_INSUFFICIENT] = "PAM_CRED_INSUFFICIENT",
|
||||
[PAM_AUTHINFO_UNAVAIL] = "PAM_AUTHINFO_UNAVAIL",
|
||||
[PAM_USER_UNKNOWN] = "PAM_USER_UNKNOWN",
|
||||
[PAM_CRED_UNAVAIL] = "PAM_CRED_UNAVAIL",
|
||||
[PAM_CRED_EXPIRED] = "PAM_CRED_EXPIRED",
|
||||
[PAM_CRED_ERR] = "PAM_CRED_ERR",
|
||||
[PAM_ACCT_EXPIRED] = "PAM_ACCT_EXPIRED",
|
||||
[PAM_AUTHTOK_EXPIRED] = "PAM_AUTHTOK_EXPIRED",
|
||||
[PAM_SESSION_ERR] = "PAM_SESSION_ERR",
|
||||
[PAM_AUTHTOK_ERR] = "PAM_AUTHTOK_ERR",
|
||||
[PAM_AUTHTOK_RECOVERY_ERR] = "PAM_AUTHTOK_RECOVERY_ERR",
|
||||
[PAM_AUTHTOK_LOCK_BUSY] = "PAM_AUTHTOK_LOCK_BUSY",
|
||||
[PAM_AUTHTOK_DISABLE_AGING] = "PAM_AUTHTOK_DISABLE_AGING",
|
||||
[PAM_NO_MODULE_DATA] = "PAM_NO_MODULE_DATA",
|
||||
[PAM_IGNORE] = "PAM_IGNORE",
|
||||
[PAM_ABORT] = "PAM_ABORT",
|
||||
[PAM_TRY_AGAIN] = "PAM_TRY_AGAIN",
|
||||
[PAM_MODULE_UNKNOWN] = "PAM_MODULE_UNKNOWN",
|
||||
[PAM_DOMAIN_UNKNOWN] = "PAM_DOMAIN_UNKNOWN",
|
||||
[PAM_BAD_HANDLE] = "PAM_BAD_HANDLE",
|
||||
[PAM_BAD_ITEM] = "PAM_BAD_ITEM",
|
||||
[PAM_BAD_FEATURE] = "PAM_BAD_FEATURE",
|
||||
[PAM_BAD_CONSTANT] = "PAM_BAD_CONSTANT",
|
||||
};
|
||||
|
||||
const char *pam_err_text[PAM_NUM_ERRORS] = {
|
||||
[PAM_SUCCESS] = "Success",
|
||||
[PAM_OPEN_ERR] = "Failed to load module",
|
||||
[PAM_SYMBOL_ERR] = "Invalid symbol",
|
||||
[PAM_SERVICE_ERR] = "Error in service module",
|
||||
[PAM_SYSTEM_ERR] = "System error",
|
||||
[PAM_BUF_ERR] = "Memory buffer error",
|
||||
[PAM_CONV_ERR] = "Conversation failure",
|
||||
[PAM_PERM_DENIED] = "Permission denied",
|
||||
[PAM_MAXTRIES] = "Maximum number of tries exceeded",
|
||||
[PAM_AUTH_ERR] = "Authentication error",
|
||||
[PAM_NEW_AUTHTOK_REQD] = "New authentication token required",
|
||||
[PAM_CRED_INSUFFICIENT] = "Insufficient credentials",
|
||||
[PAM_AUTHINFO_UNAVAIL] = "Authentication information is unavailable",
|
||||
[PAM_USER_UNKNOWN] = "Unknown user",
|
||||
[PAM_CRED_UNAVAIL] = "Failed to retrieve user credentials",
|
||||
[PAM_CRED_EXPIRED] = "User credentials have expired",
|
||||
[PAM_CRED_ERR] = "Failed to set user credentials",
|
||||
[PAM_ACCT_EXPIRED] = "User account has expired",
|
||||
[PAM_AUTHTOK_EXPIRED] = "Password has expired",
|
||||
[PAM_SESSION_ERR] = "Session failure",
|
||||
[PAM_AUTHTOK_ERR] = "Authentication token failure",
|
||||
[PAM_AUTHTOK_RECOVERY_ERR] = "Failed to recover old authentication token",
|
||||
[PAM_AUTHTOK_LOCK_BUSY] = "Authentication token lock busy",
|
||||
[PAM_AUTHTOK_DISABLE_AGING] = "Authentication token aging disabled",
|
||||
[PAM_NO_MODULE_DATA] = "Module data not found",
|
||||
[PAM_IGNORE] = "Ignore this module",
|
||||
[PAM_ABORT] = "General failure",
|
||||
[PAM_TRY_AGAIN] = "Try again",
|
||||
[PAM_MODULE_UNKNOWN] = "Unknown module type",
|
||||
[PAM_DOMAIN_UNKNOWN] = "Unknown authentication domain",
|
||||
[PAM_BAD_HANDLE] = "Invalid PAM handle",
|
||||
[PAM_BAD_ITEM] = "Unrecognized or restricted item",
|
||||
[PAM_BAD_FEATURE] = "Unrecognized or restricted feature",
|
||||
[PAM_BAD_CONSTANT] = "Invalid constant",
|
||||
};
|
||||
|
||||
const char *pam_item_name[PAM_NUM_ITEMS] = {
|
||||
"(NO ITEM)",
|
||||
"PAM_SERVICE",
|
||||
"PAM_USER",
|
||||
"PAM_TTY",
|
||||
"PAM_RHOST",
|
||||
"PAM_CONV",
|
||||
"PAM_AUTHTOK",
|
||||
"PAM_OLDAUTHTOK",
|
||||
"PAM_RUSER",
|
||||
"PAM_USER_PROMPT",
|
||||
"PAM_REPOSITORY",
|
||||
"PAM_AUTHTOK_PROMPT",
|
||||
"PAM_OLDAUTHTOK_PROMPT",
|
||||
"PAM_HOST",
|
||||
[PAM_SERVICE] = "PAM_SERVICE",
|
||||
[PAM_USER] = "PAM_USER",
|
||||
[PAM_TTY] = "PAM_TTY",
|
||||
[PAM_RHOST] = "PAM_RHOST",
|
||||
[PAM_CONV] = "PAM_CONV",
|
||||
[PAM_AUTHTOK] = "PAM_AUTHTOK",
|
||||
[PAM_OLDAUTHTOK] = "PAM_OLDAUTHTOK",
|
||||
[PAM_RUSER] = "PAM_RUSER",
|
||||
[PAM_USER_PROMPT] = "PAM_USER_PROMPT",
|
||||
[PAM_REPOSITORY] = "PAM_REPOSITORY",
|
||||
[PAM_AUTHTOK_PROMPT] = "PAM_AUTHTOK_PROMPT",
|
||||
[PAM_OLDAUTHTOK_PROMPT] = "PAM_OLDAUTHTOK_PROMPT",
|
||||
[PAM_HOST] = "PAM_HOST",
|
||||
};
|
||||
|
||||
const char *pam_facility_name[PAM_NUM_FACILITIES] = {
|
||||
[PAM_ACCOUNT] = "account",
|
||||
[PAM_AUTH] = "auth",
|
||||
[PAM_PASSWORD] = "password",
|
||||
[PAM_SESSION] = "session",
|
||||
[PAM_ACCOUNT] = "account",
|
||||
[PAM_AUTH] = "auth",
|
||||
[PAM_PASSWORD] = "password",
|
||||
[PAM_SESSION] = "session",
|
||||
};
|
||||
|
||||
const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
|
||||
[PAM_BINDING] = "binding",
|
||||
[PAM_OPTIONAL] = "optional",
|
||||
[PAM_REQUIRED] = "required",
|
||||
[PAM_REQUISITE] = "requisite",
|
||||
[PAM_SUFFICIENT] = "sufficient",
|
||||
[PAM_BINDING] = "binding",
|
||||
[PAM_OPTIONAL] = "optional",
|
||||
[PAM_REQUIRED] = "required",
|
||||
[PAM_REQUISITE] = "requisite",
|
||||
[PAM_SUFFICIENT] = "sufficient",
|
||||
};
|
||||
|
||||
const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
"pam_authenticate",
|
||||
"pam_setcred",
|
||||
"pam_acct_mgmt",
|
||||
"pam_open_session",
|
||||
"pam_close_session",
|
||||
"pam_chauthtok"
|
||||
[PAM_SM_AUTHENTICATE] = "pam_authenticate",
|
||||
[PAM_SM_SETCRED] = "pam_setcred",
|
||||
[PAM_SM_ACCT_MGMT] = "pam_acct_mgmt",
|
||||
[PAM_SM_OPEN_SESSION] = "pam_open_session",
|
||||
[PAM_SM_CLOSE_SESSION] = "pam_close_session",
|
||||
[PAM_SM_CHAUTHTOK] = "pam_chauthtok"
|
||||
};
|
||||
|
||||
const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
||||
"pam_sm_authenticate",
|
||||
"pam_sm_setcred",
|
||||
"pam_sm_acct_mgmt",
|
||||
"pam_sm_open_session",
|
||||
"pam_sm_close_session",
|
||||
"pam_sm_chauthtok"
|
||||
[PAM_SM_AUTHENTICATE] = "pam_sm_authenticate",
|
||||
[PAM_SM_SETCRED] = "pam_sm_setcred",
|
||||
[PAM_SM_ACCT_MGMT] = "pam_sm_acct_mgmt",
|
||||
[PAM_SM_OPEN_SESSION] = "pam_sm_open_session",
|
||||
[PAM_SM_CLOSE_SESSION] = "pam_sm_close_session",
|
||||
[PAM_SM_CHAUTHTOK] = "pam_sm_chauthtok"
|
||||
};
|
||||
|
||||
const char *openpam_policy_path[] = {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,14 +25,13 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_CONSTANTS_H_INCLUDED
|
||||
#define OPENPAM_CONSTANTS_H_INCLUDED
|
||||
|
||||
extern const char *pam_err_name[PAM_NUM_ERRORS];
|
||||
extern const char *pam_err_text[PAM_NUM_ERRORS];
|
||||
extern const char *pam_item_name[PAM_NUM_ITEMS];
|
||||
extern const char *pam_facility_name[PAM_NUM_FACILITIES];
|
||||
extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS];
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_CRED_H_INCLUDED
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_CTYPE_H_INCLUDED
|
||||
|
@ -38,11 +36,19 @@
|
|||
#define is_digit(ch) \
|
||||
(ch >= '0' && ch <= '9')
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a hex digit.
|
||||
*/
|
||||
#define is_xdigit(ch) \
|
||||
((ch >= '0' && ch <= '9') || \
|
||||
(ch >= 'a' && ch <= 'f') || \
|
||||
(ch >= 'A' && ch <= 'F'))
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is an uppercase letter.
|
||||
*/
|
||||
#define is_upper(ch) \
|
||||
(ch >= 'A' && ch <= 'A')
|
||||
(ch >= 'A' && ch <= 'Z')
|
||||
|
||||
/*
|
||||
* Evaluates to non-zero if the argument is a lowercase letter.
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_DEBUG_H_INCLUDED
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -41,6 +39,8 @@
|
|||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
|
@ -63,12 +63,10 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
int flags)
|
||||
{
|
||||
pam_chain_t *chain;
|
||||
int err, fail, r;
|
||||
int err, fail, nsuccess, r;
|
||||
int debug;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
|
||||
/* prevent recursion */
|
||||
if (pamh->current != NULL) {
|
||||
|
@ -101,11 +99,13 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
}
|
||||
|
||||
/* execute */
|
||||
for (err = fail = 0; chain != NULL; chain = chain->next) {
|
||||
err = PAM_SUCCESS;
|
||||
fail = nsuccess = 0;
|
||||
for (; chain != NULL; chain = chain->next) {
|
||||
if (chain->module->func[primitive] == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "%s: no %s()",
|
||||
chain->module->path, pam_sm_func_name[primitive]);
|
||||
r = PAM_SYSTEM_ERR;
|
||||
r = PAM_SYMBOL_ERR;
|
||||
} else {
|
||||
pamh->primitive = primitive;
|
||||
pamh->current = chain;
|
||||
|
@ -115,7 +115,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
|
||||
pam_sm_func_name[primitive], chain->module->path);
|
||||
r = (chain->module->func[primitive])(pamh, flags,
|
||||
chain->optc, (const char **)chain->optv);
|
||||
chain->optc, (const char **)(intptr_t)chain->optv);
|
||||
pamh->current = NULL;
|
||||
openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
|
||||
chain->module->path, pam_sm_func_name[primitive],
|
||||
|
@ -127,6 +127,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
if (r == PAM_IGNORE)
|
||||
continue;
|
||||
if (r == PAM_SUCCESS) {
|
||||
++nsuccess;
|
||||
/*
|
||||
* For pam_setcred() and pam_chauthtok() with the
|
||||
* PAM_PRELIM_CHECK flag, treat "sufficient" as
|
||||
|
@ -148,7 +149,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
* fail. If a required module fails, record the
|
||||
* return code from the first required module to fail.
|
||||
*/
|
||||
if (err == 0)
|
||||
if (err == PAM_SUCCESS)
|
||||
err = r;
|
||||
if ((chain->flag == PAM_REQUIRED ||
|
||||
chain->flag == PAM_BINDING) && !fail) {
|
||||
|
@ -170,6 +171,18 @@ openpam_dispatch(pam_handle_t *pamh,
|
|||
|
||||
if (!fail && err != PAM_NEW_AUTHTOK_REQD)
|
||||
err = PAM_SUCCESS;
|
||||
|
||||
/*
|
||||
* Require the chain to be non-empty, and at least one module
|
||||
* in the chain to be successful, so that we don't fail open.
|
||||
*/
|
||||
if (err == PAM_SUCCESS && nsuccess < 1) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"all modules were unsuccessful for %s()",
|
||||
pam_sm_func_name[primitive]);
|
||||
err = PAM_SYSTEM_ERR;
|
||||
}
|
||||
|
||||
RETURNC(err);
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,9 @@
|
|||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
|
@ -22,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_DLFCN_H_INCLUDED
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2015 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -65,4 +63,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
|
|||
"Verify ownership and permissions of module files",
|
||||
1
|
||||
),
|
||||
STRUCT_OPENPAM_FEATURE(
|
||||
FALLBACK_TO_OTHER,
|
||||
"Fall back to \"other\" policy for empty chains",
|
||||
1
|
||||
),
|
||||
};
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_FEATURES_H_INCLUDED
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,14 +31,13 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <security/pam_appl.h>
|
||||
|
@ -59,12 +58,11 @@ openpam_findenv(pam_handle_t *pamh,
|
|||
int i;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNN(-1);
|
||||
for (i = 0; i < pamh->env_count; ++i)
|
||||
if (strncmp(pamh->env[i], name, len) == 0 &&
|
||||
pamh->env[i][len] == '=')
|
||||
RETURNN(i);
|
||||
errno = ENOENT;
|
||||
RETURNN(-1);
|
||||
}
|
||||
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -23,8 +23,6 @@
|
|||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -50,7 +48,7 @@ openpam_get_feature(int feature, int *onoff)
|
|||
|
||||
ENTERF(feature);
|
||||
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_FEATURE);
|
||||
*onoff = openpam_features[feature].onoff;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
|
@ -58,7 +56,7 @@ openpam_get_feature(int feature, int *onoff)
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_FEATURE
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_IMPL_H_INCLUDED
|
||||
|
@ -130,19 +128,28 @@ struct pam_handle {
|
|||
/*
|
||||
* Internal functions
|
||||
*/
|
||||
int openpam_configure(pam_handle_t *, const char *);
|
||||
int openpam_dispatch(pam_handle_t *, int, int);
|
||||
int openpam_findenv(pam_handle_t *, const char *, size_t);
|
||||
pam_module_t *openpam_load_module(const char *);
|
||||
void openpam_clear_chains(pam_chain_t **);
|
||||
int openpam_configure(pam_handle_t *, const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_dispatch(pam_handle_t *, int, int)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_findenv(pam_handle_t *, const char *, size_t)
|
||||
OPENPAM_NONNULL((1,2));
|
||||
pam_module_t *openpam_load_module(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
void openpam_clear_chains(pam_chain_t **)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
int openpam_check_desc_owner_perms(const char *, int);
|
||||
int openpam_check_path_owner_perms(const char *);
|
||||
int openpam_check_desc_owner_perms(const char *, int)
|
||||
OPENPAM_NONNULL((1));
|
||||
int openpam_check_path_owner_perms(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
#ifdef OPENPAM_STATIC_MODULES
|
||||
pam_module_t *openpam_static(const char *);
|
||||
pam_module_t *openpam_static(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
#endif
|
||||
pam_module_t *openpam_dynamic(const char *);
|
||||
pam_module_t *openpam_dynamic(const char *)
|
||||
OPENPAM_NONNULL((1));
|
||||
|
||||
#define FREE(p) \
|
||||
do { \
|
||||
|
@ -152,11 +159,11 @@ pam_module_t *openpam_dynamic(const char *);
|
|||
|
||||
#define FREEV(c, v) \
|
||||
do { \
|
||||
while (c) { \
|
||||
--(c); \
|
||||
FREE((v)[(c)]); \
|
||||
if ((v) != NULL) { \
|
||||
while ((c)-- > 0) \
|
||||
FREE((v)[(c)]); \
|
||||
FREE(v); \
|
||||
} \
|
||||
FREE(v); \
|
||||
} while (0)
|
||||
|
||||
#include "openpam_constants.h"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2013 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -84,6 +82,7 @@ openpam_load_module(const char *modulename)
|
|||
static void
|
||||
openpam_release_module(pam_module_t *module)
|
||||
{
|
||||
|
||||
if (module == NULL)
|
||||
return;
|
||||
if (module->dlh == NULL)
|
||||
|
@ -104,6 +103,7 @@ openpam_release_module(pam_module_t *module)
|
|||
static void
|
||||
openpam_destroy_chain(pam_chain_t *chain)
|
||||
{
|
||||
|
||||
if (chain == NULL)
|
||||
return;
|
||||
openpam_destroy_chain(chain->next);
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2016 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -59,7 +57,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
wordvsize = MIN_WORDV_SIZE;
|
||||
wordvlen = 0;
|
||||
if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (NULL);
|
||||
}
|
||||
|
@ -70,7 +67,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
wordvsize *= 2;
|
||||
tmp = realloc(wordv, wordvsize * sizeof *wordv);
|
||||
if (tmp == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
break;
|
||||
}
|
||||
|
@ -79,6 +75,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
/* insert our word */
|
||||
wordv[wordvlen++] = word;
|
||||
wordv[wordvlen] = NULL;
|
||||
word = NULL;
|
||||
}
|
||||
if (errno != 0) {
|
||||
/* I/O error or out of memory */
|
||||
|
@ -86,6 +83,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
|
|||
while (wordvlen--)
|
||||
free(wordv[wordvlen]);
|
||||
free(wordv);
|
||||
free(word);
|
||||
errno = serrno;
|
||||
return (NULL);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -55,18 +53,35 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
{
|
||||
char *word;
|
||||
size_t size, len;
|
||||
int ch, comment, escape, quote;
|
||||
int ch, escape, quote;
|
||||
int serrno;
|
||||
|
||||
errno = 0;
|
||||
|
||||
/* skip initial whitespace */
|
||||
comment = 0;
|
||||
while ((ch = getc(f)) != EOF && ch != '\n') {
|
||||
if (ch == '#')
|
||||
comment = 1;
|
||||
if (!is_lws(ch) && !comment)
|
||||
escape = quote = 0;
|
||||
while ((ch = getc(f)) != EOF) {
|
||||
if (ch == '\n') {
|
||||
/* either EOL or line continuation */
|
||||
if (!escape)
|
||||
break;
|
||||
if (lineno != NULL)
|
||||
++*lineno;
|
||||
escape = 0;
|
||||
} else if (escape) {
|
||||
/* escaped something else */
|
||||
break;
|
||||
} else if (ch == '#') {
|
||||
/* comment: until EOL, no continuation */
|
||||
while ((ch = getc(f)) != EOF)
|
||||
if (ch == '\n')
|
||||
break;
|
||||
break;
|
||||
} else if (ch == '\\') {
|
||||
escape = 1;
|
||||
} else if (!is_ws(ch)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ch == EOF)
|
||||
return (NULL);
|
||||
|
@ -76,7 +91,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
|
||||
word = NULL;
|
||||
size = len = 0;
|
||||
escape = quote = 0;
|
||||
while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
|
||||
if (ch == '\\' && !escape && quote != '\'') {
|
||||
/* escape next character */
|
||||
|
@ -90,7 +104,7 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
} else if (ch == quote && !escape) {
|
||||
/* end quote */
|
||||
quote = 0;
|
||||
} else if (ch == '\n' && escape && quote != '\'') {
|
||||
} else if (ch == '\n' && escape) {
|
||||
/* line continuation */
|
||||
escape = 0;
|
||||
} else {
|
||||
|
@ -118,7 +132,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
|
|||
}
|
||||
if (ch == EOF && (escape || quote)) {
|
||||
/* Missing escaped character or closing quote. */
|
||||
openpam_log(PAM_LOG_ERROR, "unexpected end of file");
|
||||
free(word);
|
||||
errno = EINVAL;
|
||||
return (NULL);
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2012-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -50,7 +48,7 @@ openpam_set_feature(int feature, int onoff)
|
|||
|
||||
ENTERF(feature);
|
||||
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_FEATURE);
|
||||
openpam_features[feature].onoff = onoff;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
|
@ -58,7 +56,7 @@ openpam_set_feature(int feature, int onoff)
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_FEATURE
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -85,6 +83,7 @@ openpam_set_option(pam_handle_t *pamh,
|
|||
for (free(cur->optv[i]); i < cur->optc; ++i)
|
||||
cur->optv[i] = cur->optv[i + 1];
|
||||
cur->optv[i] = NULL;
|
||||
--cur->optc;
|
||||
RETURNC(PAM_SUCCESS);
|
||||
}
|
||||
if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0)
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -58,7 +56,6 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
|
|||
/* initial allocation */
|
||||
tmpsize = MIN_STR_SIZE;
|
||||
if ((tmpstr = malloc(tmpsize)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
|
@ -69,7 +66,6 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
|
|||
/* additional space required */
|
||||
tmpsize = *size * 2;
|
||||
if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
|
||||
openpam_log(PAM_LOG_ERROR, "realloc(): %m");
|
||||
errno = ENOMEM;
|
||||
return (-1);
|
||||
}
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCAT_H_INCLUDED
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCMP_H_INCLUDED
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLCPY_H_INCLUDED
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2012 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,59 +25,32 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef T_H_INCLUDED
|
||||
#define T_H_INCLUDED
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <security/openpam_attr.h>
|
||||
#ifndef HAVE_STRLSET
|
||||
|
||||
struct t_test {
|
||||
int (*func)(void *);
|
||||
const char *desc;
|
||||
void *arg;
|
||||
};
|
||||
#include <stddef.h>
|
||||
|
||||
#define T_FUNC(n, d) \
|
||||
static int t_ ## n ## _func(void *); \
|
||||
static const struct t_test t_ ## n = \
|
||||
{ t_ ## n ## _func, d, NULL }; \
|
||||
static int t_ ## n ## _func(OPENPAM_UNUSED(void *arg))
|
||||
|
||||
#define T_FUNC_ARG(n, d, a) \
|
||||
static int t_ ## n ## _func(void *); \
|
||||
static const struct t_test t_ ## n = \
|
||||
{ t_ ## n ## _func, d, a }; \
|
||||
static int t_ ## n ## _func(void *arg)
|
||||
|
||||
#define T(n) \
|
||||
&t_ ## n
|
||||
|
||||
extern const char *t_progname;
|
||||
|
||||
const struct t_test **t_prepare(int, char **);
|
||||
void t_cleanup(void);
|
||||
|
||||
void t_verbose(const char *, ...)
|
||||
OPENPAM_FORMAT((__printf__, 1, 2));
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
/*
|
||||
* Convenience functions for temp files
|
||||
* like memset(3), but stops at the first NUL byte and NUL-terminates the
|
||||
* result. Returns the number of bytes that were written, not including
|
||||
* the terminating NUL.
|
||||
*/
|
||||
struct t_file {
|
||||
char *name;
|
||||
FILE *file;
|
||||
struct t_file *prev, *next;
|
||||
};
|
||||
size_t
|
||||
openpam_strlset(char *str, int ch, size_t size)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
struct t_file *t_fopen(const char *);
|
||||
int t_fprintf(struct t_file *, const char *, ...);
|
||||
int t_ferror(struct t_file *);
|
||||
int t_feof(struct t_file *);
|
||||
void t_frewind(struct t_file *);
|
||||
void t_fclose(struct t_file *);
|
||||
void t_fcloseall(void);
|
||||
for (len = 0; *str && size > 1; ++len, --size)
|
||||
*str++ = ch;
|
||||
*str = '\0';
|
||||
return (++len);
|
||||
}
|
||||
|
||||
#endif
|
39
lib/libpam/openpam_strlset.h
Normal file
39
lib/libpam/openpam_strlset.h
Normal file
|
@ -0,0 +1,39 @@
|
|||
/*-
|
||||
* Copyright (c) 2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the author may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_STRLSET_H_INCLUDED
|
||||
#define OPENPAM_STRLSET_H_INCLUDED
|
||||
|
||||
#ifndef HAVE_STRLSET
|
||||
size_t openpam_strlset(char *, int, size_t);
|
||||
#undef strlset
|
||||
#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__)
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright (c) 2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2011-2023 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -106,7 +104,8 @@ openpam_subst(const pam_handle_t *pamh,
|
|||
subst_char('%');
|
||||
subst_char(*template);
|
||||
}
|
||||
++template;
|
||||
if (*template)
|
||||
++template;
|
||||
} else {
|
||||
subst_char(*template++);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -55,10 +53,11 @@
|
|||
#include <security/pam_appl.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
int openpam_ttyconv_timeout = 0;
|
||||
|
||||
volatile sig_atomic_t caught_signal;
|
||||
static volatile sig_atomic_t caught_signal;
|
||||
|
||||
/*
|
||||
* Handle incoming signals during tty conversation
|
||||
|
@ -93,12 +92,6 @@ prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
|
|||
int pos, ret;
|
||||
char ch;
|
||||
|
||||
/* write prompt */
|
||||
if (write(ofd, message, strlen(message)) < 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "write(): %m");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* turn echo off if requested */
|
||||
slflag = 0; /* prevent bogus uninitialized variable warning */
|
||||
if (!echo) {
|
||||
|
@ -114,6 +107,12 @@ prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
|
|||
}
|
||||
}
|
||||
|
||||
/* write prompt */
|
||||
if (write(ofd, message, strlen(message)) < 0) {
|
||||
openpam_log(PAM_LOG_ERROR, "write(): %m");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* install signal handlers */
|
||||
caught_signal = 0;
|
||||
action.sa_handler = &catch_signal;
|
||||
|
@ -366,7 +365,7 @@ openpam_ttyconv(int n,
|
|||
fail:
|
||||
for (i = 0; i < n; ++i) {
|
||||
if (aresp[i].resp != NULL) {
|
||||
memset(aresp[i].resp, 0, strlen(aresp[i].resp));
|
||||
strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(aresp[i].resp);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -25,8 +25,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef OPENPAM_VASPRINTF_H_INCLUDED
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags);
|
||||
pam_set_item(pamh, PAM_AUTHTOK, NULL);
|
||||
RETURNC(r);
|
||||
|
@ -72,7 +70,7 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_authenticate
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -92,5 +90,5 @@ pam_authenticate(pam_handle_t *pamh,
|
|||
* Fail if the user's authentication token is null.
|
||||
*
|
||||
* If any other bits are set, =pam_authenticate will return
|
||||
* =PAM_SYMBOL_ERR.
|
||||
* =PAM_BAD_CONSTANT.
|
||||
*/
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
|
||||
flags | PAM_PRELIM_CHECK);
|
||||
if (r == PAM_SUCCESS)
|
||||
|
@ -77,7 +75,7 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_chauthtok
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -93,5 +91,5 @@ pam_chauthtok(pam_handle_t *pamh,
|
|||
* =PAM_CHANGE_EXPIRED_AUTHTOK:
|
||||
* Change only those authentication tokens that have expired.
|
||||
*
|
||||
* If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
|
||||
* If any other bits are set, =pam_chauthtok will return =PAM_BAD_CONSTANT.
|
||||
*/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,7 +58,7 @@ pam_close_session(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (flags & ~(PAM_SILENT))
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags);
|
||||
RETURNC(r);
|
||||
}
|
||||
|
@ -71,7 +69,7 @@ pam_close_session(pam_handle_t *pamh,
|
|||
* =openpam_dispatch
|
||||
* =pam_sm_close_session
|
||||
* !PAM_IGNORE
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
*/
|
||||
|
||||
/**
|
||||
|
@ -85,5 +83,5 @@ pam_close_session(pam_handle_t *pamh,
|
|||
* Do not emit any messages.
|
||||
*
|
||||
* If any other bits are set, =pam_close_session will return
|
||||
* =PAM_SYMBOL_ERR.
|
||||
* =PAM_BAD_CONSTANT.
|
||||
*/
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -61,7 +59,7 @@ pam_end(pam_handle_t *pamh,
|
|||
|
||||
ENTER();
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
RETURNC(PAM_BAD_HANDLE);
|
||||
|
||||
/* clear module data */
|
||||
while ((dp = pamh->module_data) != NULL) {
|
||||
|
@ -94,7 +92,7 @@ pam_end(pam_handle_t *pamh,
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_BAD_HANDLE
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -48,6 +46,7 @@
|
|||
#include <security/openpam.h>
|
||||
|
||||
#include "openpam_impl.h"
|
||||
#include "openpam_strlset.h"
|
||||
|
||||
static const char authtok_prompt[] = "Password:";
|
||||
static const char authtok_prompt_remote[] = "Password for %u@%h:";
|
||||
|
@ -75,8 +74,6 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
int pitem, r, style, twice;
|
||||
|
||||
ENTER();
|
||||
if (pamh == NULL || authtok == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
*authtok = NULL;
|
||||
twice = 0;
|
||||
switch (item) {
|
||||
|
@ -105,7 +102,7 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
twice = 0;
|
||||
break;
|
||||
default:
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_CONSTANT);
|
||||
}
|
||||
if (openpam_get_option(pamh, "try_first_pass") ||
|
||||
openpam_get_option(pamh, "use_first_pass")) {
|
||||
|
@ -121,9 +118,11 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
|
||||
prompt = promptp;
|
||||
/* no prompt provided, see if there is one tucked away somewhere */
|
||||
if (prompt == NULL)
|
||||
if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
|
||||
if (prompt == NULL) {
|
||||
r = pam_get_item(pamh, pitem, &promptp);
|
||||
if (r == PAM_SUCCESS && promptp != NULL)
|
||||
prompt = promptp;
|
||||
}
|
||||
/* fall back to hardcoded default */
|
||||
if (prompt == NULL)
|
||||
prompt = default_prompt;
|
||||
|
@ -140,16 +139,21 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
if (twice) {
|
||||
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
|
||||
if (r != PAM_SUCCESS) {
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
RETURNC(r);
|
||||
}
|
||||
if (strcmp(resp, resp2) != 0)
|
||||
if (strcmp(resp, resp2) != 0) {
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
}
|
||||
strlset(resp2, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp2);
|
||||
}
|
||||
if (resp == NULL)
|
||||
RETURNC(PAM_TRY_AGAIN);
|
||||
r = pam_set_item(pamh, item, resp);
|
||||
strlset(resp, 0, PAM_MAX_RESP_SIZE);
|
||||
FREE(resp);
|
||||
if (r != PAM_SUCCESS)
|
||||
RETURNC(r);
|
||||
|
@ -164,6 +168,7 @@ pam_get_authtok(pam_handle_t *pamh,
|
|||
* =pam_prompt
|
||||
* =pam_set_item
|
||||
* !PAM_SYMBOL_ERR
|
||||
* PAM_BAD_CONSTANT
|
||||
* PAM_TRY_AGAIN
|
||||
*/
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -60,8 +58,6 @@ pam_get_data(const pam_handle_t *pamh,
|
|||
pam_data_t *dp;
|
||||
|
||||
ENTERS(module_data_name);
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
|
||||
if (strcmp(dp->name, module_data_name) == 0) {
|
||||
*data = (void *)dp->data;
|
||||
|
@ -74,7 +70,6 @@ pam_get_data(const pam_handle_t *pamh,
|
|||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_NO_MODULE_DATA
|
||||
*/
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*-
|
||||
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
|
||||
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
|
||||
* Copyright (c) 2004-2017 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -59,8 +57,6 @@ pam_get_item(const pam_handle_t *pamh,
|
|||
{
|
||||
|
||||
ENTERI(item_type);
|
||||
if (pamh == NULL)
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
switch (item_type) {
|
||||
case PAM_SERVICE:
|
||||
case PAM_USER:
|
||||
|
@ -78,15 +74,14 @@ pam_get_item(const pam_handle_t *pamh,
|
|||
*item = pamh->item[item_type];
|
||||
RETURNC(PAM_SUCCESS);
|
||||
default:
|
||||
RETURNC(PAM_SYMBOL_ERR);
|
||||
RETURNC(PAM_BAD_ITEM);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Error codes:
|
||||
*
|
||||
* PAM_SYMBOL_ERR
|
||||
* PAM_SYSTEM_ERR
|
||||
* PAM_BAD_ITEM
|
||||
*/
|
||||
|
||||
/**
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue