d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenPAM Cineraria.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2002-04-14 18:28:22 +00:00
parent 8d38dc9dca
commit 183bda3791
54 changed files with 608 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
contrib/openpam/HISTORY
View File

@ -1,4 +1,18 @@
============================================================================
OpenPAM Cineraria 2002-04-14
- ENHANCE: Improved documentation.
- ENHANCE: Adopt the same preprocessor tricks that were used in
FreeBSD's version of Linux-PAM to simplify static linking without
requiring dummy primitives.
- ENHANCE: move the policy-loading code out of pam_start.c.
- BUGFIX: Fix typo in one of the versions of the openpam_log macro.
- ENHANCE: Add versioning macros.
============================================================================
OpenPAM Cinchona 2002-04-08
- ENHANCE: Improved documentation for several API functions.
@ -114,4 +128,4 @@ OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#8 $
$P4: //depot/projects/openpam/HISTORY#9 $

4
contrib/openpam/MANIFEST
View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/openpam/MANIFEST#6 $
# $P4: //depot/projects/openpam/MANIFEST#7 $
#
CREDITS
HISTORY
@ -54,12 +54,14 @@ doc/man/pam_verror.3
doc/man/pam_vinfo.3
doc/man/pam_vprompt.3
include/security/openpam.h
include/security/openpam_version.h
include/security/pam_appl.h
include/security/pam_constants.h
include/security/pam_modules.h
include/security/pam_types.h
lib/Makefile
lib/openpam_borrow_cred.c
lib/openpam_configure.c
lib/openpam_dispatch.c
lib/openpam_dynamic.c
lib/openpam_findenv.c

15
contrib/openpam/RELNOTES
View File

@ -1,14 +1,12 @@
Release notes for OpenPAM Cinchona
==================================
This is a beta release.
Release notes for OpenPAM Cineraria
===================================
The library itself is complete. Documentation exists in the form of
man pages for the library functions, though a few pages are still
incomplete.
This release is incorporated into FreeBSD-CURRENT as of 2002-04-08.
This release is incorporated into FreeBSD-CURRENT as of 2002-04-14.
It has also been successfully built on NetBSD, and should build with
minimal or no changes on OpenBSD. It has not been tested on any other
OS.
@ -17,9 +15,4 @@ Known issues:
- The documentation is still incomplete.
- It should be possible to create incomplete modules without
recourse to placeholders or elaborate preprocessor tricks. This
is made difficult by the requirement that it should be possible to
link modules statically.
$P4: //depot/projects/openpam/RELNOTES#8 $
$P4: //depot/projects/openpam/RELNOTES#9 $

4
contrib/openpam/doc/man/openpam_borrow_cred.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_borrow_cred.3#1 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_borrow_cred.3#2 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_BORROW_CRED 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_free_data.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_free_data.3#1 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_free_data.3#2 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_FREE_DATA 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_get_option.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_get_option.3#5 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_get_option.3#6 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_log.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_log.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_log.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_LOG 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_restore_cred.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_restore_cred.3#1 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_restore_cred.3#2 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_RESTORE_CRED 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_set_option.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_set_option.3#5 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_set_option.3#6 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/openpam_ttyconv.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/openpam_ttyconv.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/openpam_ttyconv.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam.3#12 $
.\" $P4: //depot/projects/openpam/doc/man/pam.3#13 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM 3
.Os
.Sh NAME

25
contrib/openpam/doc/man/pam_acct_mgmt.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_acct_mgmt.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_acct_mgmt.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME
@ -46,7 +46,25 @@
.Ft int
.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
No description available.
The
.Nm
function verifies and enforces account restrictions
after the user has been authenticated.
.Pp
The
.Va flags
argument is the binary or of zero or more of the following
values:
.Bl -tag -width 18n
.It Dv PAM_SILENT
Do not emit any messages.
.It Dv PAM_DISALLOW_NULL_AUTHTOK
Fail if the user's authentication token is null.
.El
If any other bits are set,
.Xr pam_authenticate 3
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
@ -75,6 +93,7 @@ Unknown user.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_authenticate 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs

22
contrib/openpam/doc/man/pam_authenticate.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_authenticate.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_authenticate.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME
@ -65,12 +65,16 @@ The
.Va flags
argument is the binary or of zero or more of the following
values:
.Pp
.Bd -literal
=PAM_SILENT
Do not emit any messages.
=PAM_DISALLOW_NULL_AUTHTOK
Fail if the user's authentication token is null.
.Bl -tag -width 18n
.It Dv PAM_SILENT
Do not emit any messages.
.It Dv PAM_DISALLOW_NULL_AUTHTOK
Fail if the user's authentication token is null.
.El
If any other bits are set,
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
@ -94,6 +98,8 @@ Maximum number of tries exceeded.
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN

20
contrib/openpam/doc/man/pam_chauthtok.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_chauthtok.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_chauthtok.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME
@ -57,12 +57,16 @@ The
.Va flags
argument is the binary or of zero or more of the following
values:
.Pp
.Bd -literal
=PAM_SILENT
Do not emit any messages.
=PAM_CHANGE_EXPIRED_AUTHTOK
Change only those authentication tokens that have expired.
.Bl -tag -width 18n
.It Dv PAM_SILENT
Do not emit any messages.
.It Dv PAM_CHANGE_EXPIRED_AUTHTOK
Change only those authentication tokens that have expired.
.El
If any other bits are set,
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm

26
contrib/openpam/doc/man/pam_close_session.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_close_session.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_close_session.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME
@ -46,7 +46,24 @@
.Ft int
.Fn pam_close_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
No description available.
The
.Nm
function tears down the user session previously
set up by
.Xr pam_open_session 3 .
.Pp
The
.Va flags
argument is the binary or of zero or more of the following
values:
.Bl -tag -width 18n
.It Dv PAM_SILENT
Do not emit any messages.
.El
If any other bits are set,
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
@ -64,11 +81,14 @@ Permission denied.
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_open_session 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs

4
contrib/openpam/doc/man/pam_end.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_end.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_end.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_END 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_error.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_error.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_error.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_ERROR 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_get_authtok.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_get_authtok.3#11 $
.\" $P4: //depot/projects/openpam/doc/man/pam_get_authtok.3#12 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_get_data.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_get_data.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_get_data.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GET_DATA 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_get_item.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_get_item.3#11 $
.\" $P4: //depot/projects/openpam/doc/man/pam_get_item.3#12 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_get_user.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_get_user.3#11 $
.\" $P4: //depot/projects/openpam/doc/man/pam_get_user.3#12 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GET_USER 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_getenv.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_getenv.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_getenv.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GETENV 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_getenvlist.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_getenvlist.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_getenvlist.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_info.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_info.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_info.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_INFO 3
.Os
.Sh NAME

26
contrib/openpam/doc/man/pam_open_session.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_open_session.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_open_session.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME
@ -46,7 +46,24 @@
.Ft int
.Fn pam_open_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
No description available.
The
.Nm
sets up a user session for a previously
authenticated user. The session should later be torn down by a call to
.Xr pam_close_session 3 .
.Pp
The
.Va flags
argument is the binary or of zero or more of the following
values:
.Bl -tag -width 18n
.It Dv PAM_SILENT
Do not emit any messages.
.El
If any other bits are set,
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
@ -64,11 +81,14 @@ Permission denied.
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_close_session 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs

4
contrib/openpam/doc/man/pam_prompt.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_prompt.3#11 $
.\" $P4: //depot/projects/openpam/doc/man/pam_prompt.3#12 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_PROMPT 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_putenv.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_putenv.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_putenv.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_PUTENV 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_set_data.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_set_data.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_set_data.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SET_DATA 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_set_item.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_set_item.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_set_item.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME

29
contrib/openpam/doc/man/pam_setcred.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_setcred.3#11 $
.\" $P4: //depot/projects/openpam/doc/man/pam_setcred.3#12 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SETCRED 3
.Os
.Sh NAME
@ -49,18 +49,29 @@
The
.Nm
function manages the application's credentials.
The operation to perform is specified by the
.Pp
The
.Va flags
argument:
argument is the binary or of zero or more of the following
values:
.Bl -tag -width 18n
.It PAM_ESTABLISH_CRED
.It Dv PAM_SILENT
Do not emit any messages.
.It Dv PAM_ESTABLISH_CRED
Establish the credentials of the target user.
.It PAM_DELETE_CRED
.It Dv PAM_DELETE_CRED
Revoke all established credentials.
.It PAM_REINITIALIZE_CRED
.It Dv PAM_REINITIALIZE_CRED
Fully reinitialise credentials.
.It PAM_REFRESH_CRED
.It Dv PAM_REFRESH_CRED
Refresh credentials.
.El
The latter four are mutually exclusive.
.Pp
If any other bits are set,
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
@ -82,6 +93,8 @@ Failed to retrieve user credentials.
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN

4
contrib/openpam/doc/man/pam_setenv.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_setenv.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_setenv.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SETENV 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_acct_mgmt.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_acct_mgmt.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_acct_mgmt.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_authenticate.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_authenticate.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_authenticate.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_chauthtok.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_chauthtok.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_chauthtok.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_close_session.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_close_session.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_close_session.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_open_session.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_open_session.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_open_session.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_sm_setcred.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_setcred.3#6 $
.\" $P4: //depot/projects/openpam/doc/man/pam_sm_setcred.3#7 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_start.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_start.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_start.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_START 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_strerror.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_strerror.3#10 $
.\" $P4: //depot/projects/openpam/doc/man/pam_strerror.3#11 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_STRERROR 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_verror.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_verror.3#8 $
.\" $P4: //depot/projects/openpam/doc/man/pam_verror.3#9 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_VERROR 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_vinfo.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_vinfo.3#8 $
.\" $P4: //depot/projects/openpam/doc/man/pam_vinfo.3#9 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_VINFO 3
.Os
.Sh NAME

4
contrib/openpam/doc/man/pam_vprompt.3
View File

@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_vprompt.3#8 $
.\" $P4: //depot/projects/openpam/doc/man/pam_vprompt.3#9 $
.\"
.Dd April 8, 2002
.Dd April 14, 2002
.Dt PAM_VPROMPT 3
.Os
.Sh NAME

44
contrib/openpam/include/security/openpam_version.h Normal file
View File

@ -0,0 +1,44 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/openpam_version.h#2 $
*/
#ifndef _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM
#define _OPENPAM_VERSION 20020414
#define _OPENPAM_RELEASE "Cineraria"
#endif

4
contrib/openpam/include/security/pam_constants.h
View File

@ -31,12 +31,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_constants.h#13 $
* $P4: //depot/projects/openpam/include/security/pam_constants.h#14 $
*/
#ifndef _PAM_CONSTANTS_H_INCLUDED
#define _PAM_CONSTANTS_H_INCLUDED
#include <security/openpam_version.h>
#ifdef __cplusplus
extern "C" {
#endif

3
contrib/openpam/lib/Makefile
View File

@ -31,7 +31,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/lib/Makefile#13 $
# $P4: //depot/projects/openpam/lib/Makefile#14 $
#
LIB = pam
@ -45,6 +45,7 @@ CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR}
SRCS =
SRCS += openpam_borrow_cred.c
SRCS += openpam_configure.c
SRCS += openpam_dispatch.c
SRCS += openpam_dynamic.c
SRCS += openpam_findenv.c

264
contrib/openpam/lib/openpam_configure.c Normal file
View File

@ -0,0 +1,264 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_configure.c#1 $
*/
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define PAM_CONF_STYLE 0
#define PAM_D_STYLE 1
#define MAX_LINE_LEN 1024
#define MAX_OPTIONS 256
static int
openpam_read_policy_file(pam_handle_t *pamh,
const char *service,
const char *filename,
int style)
{
char buf[MAX_LINE_LEN], *p, *q;
const char *optv[MAX_OPTIONS + 1];
int ch, chain, flag, line, optc, n, r;
size_t len;
FILE *f;
n = 0;
if ((f = fopen(filename, "r")) == NULL) {
openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
"%s: %m", filename);
return (0);
}
openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
service, filename);
for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
if ((len = strlen(buf)) == 0)
continue;
/* check for overflow */
if (buf[--len] != '\n' && !feof(f)) {
openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
filename, line);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
while ((ch = fgetc(f)) != EOF)
if (ch == '\n')
break;
continue;
}
/* strip comments and trailing whitespace */
if ((p = strchr(buf, '#')) != NULL)
len = p - buf ? p - buf - 1 : p - buf;
while (len > 0 && isspace(buf[len - 1]))
--len;
if (len == 0)
continue;
buf[len] = '\0';
p = q = buf;
/* check service name */
if (style == PAM_CONF_STYLE) {
for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (*q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, service) != 0)
continue;
openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
filename, line, service);
}
/* get module type */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "auth") == 0) {
chain = PAM_AUTH;
} else if (strcmp(p, "account") == 0) {
chain = PAM_ACCOUNT;
} else if (strcmp(p, "session") == 0) {
chain = PAM_SESSION;
} else if (strcmp(p, "password") == 0) {
chain = PAM_PASSWORD;
} else {
openpam_log(PAM_LOG_ERROR,
"%s: invalid module type on line %d: '%s'",
filename, line, p);
continue;
}
/* get control flag */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "required") == 0) {
flag = PAM_REQUIRED;
} else if (strcmp(p, "requisite") == 0) {
flag = PAM_REQUISITE;
} else if (strcmp(p, "sufficient") == 0) {
flag = PAM_SUFFICIENT;
} else if (strcmp(p, "optional") == 0) {
flag = PAM_OPTIONAL;
} else {
openpam_log(PAM_LOG_ERROR,
"%s: invalid control flag on line %d: '%s'",
filename, line, p);
continue;
}
/* get module name */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p)
goto syntax_error;
/* get options */
for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
*q++ = '\0';
while (isspace(*q))
++q;
optv[optc] = q;
while (*q != '\0' && !isspace(*q))
++q;
}
optv[optc] = NULL;
if (*q != '\0') {
*q = '\0';
openpam_log(PAM_LOG_ERROR,
"%s: too many options on line %d",
filename, line);
}
/*
* Finally, add the module at the end of the
* appropriate chain and bump the counter.
*/
r = openpam_add_module(pamh, chain, flag, p, optc, optv);
if (r != PAM_SUCCESS)
return (-r);
++n;
continue;
syntax_error:
openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
filename, line);
openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
filename, line, q);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
}
if (ferror(f))
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
fclose(f);
return (n);
}
static const char *openpam_policy_path[] = {
"/etc/pam.d/",
"/etc/pam.conf",
"/usr/local/etc/pam.d/",
NULL
};
/*
* OpenPAM internal
*
* Configure a service
*/
int
openpam_configure(pam_handle_t *pamh,
const char *service)
{
const char **path;
char *filename;
size_t len;
int r;
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
filename = malloc(len + strlen(service) + 1);
if (filename == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
return (PAM_BUF_ERR);
}
strcpy(filename, *path);
strcat(filename, service);
r = openpam_read_policy_file(pamh,
service, filename, PAM_D_STYLE);
free(filename);
} else {
r = openpam_read_policy_file(pamh,
service, *path, PAM_CONF_STYLE);
}
if (r < 0)
return (-r);
if (r > 0)
return (PAM_SUCCESS);
}
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*
* Error codes:
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/

3
contrib/openpam/lib/openpam_impl.h
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_impl.h#12 $
* $P4: //depot/projects/openpam/lib/openpam_impl.h#13 $
*/
#ifndef _OPENPAM_IMPL_H_INCLUDED
@ -105,6 +105,7 @@ struct pam_saved_cred {
#define PAM_OTHER "other"
int openpam_configure(pam_handle_t *, const char *);
int openpam_dispatch(pam_handle_t *, int, int);
int openpam_findenv(pam_handle_t *, const char *, size_t);
int openpam_add_module(pam_handle_t *, int, int,

18
contrib/openpam/lib/pam_acct_mgmt.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#7 $
* $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#8 $
*/
#include <sys/param.h>
@ -62,3 +62,19 @@ pam_acct_mgmt(pam_handle_t *pamh,
* =pam_sm_acct_mgmt
* !PAM_IGNORE
*/
/**
* The =pam_acct_mgmt function verifies and enforces account restrictions
* after the user has been authenticated.
*
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT:
* Do not emit any messages.
* =PAM_DISALLOW_NULL_AUTHTOK:
* Fail if the user's authentication token is null.
*
* If any other bits are set, =pam_authenticate will return
* =PAM_SYMBOL_ERR.
*/

10
contrib/openpam/lib/pam_authenticate.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_authenticate.c#9 $
* $P4: //depot/projects/openpam/lib/pam_authenticate.c#10 $
*/
#include <sys/param.h>
@ -66,6 +66,7 @@ pam_authenticate(pam_handle_t *pamh,
* =openpam_dispatch
* =pam_sm_authenticate
* !PAM_IGNORE
* PAM_SYMBOL_ERR
*/
/**
@ -79,8 +80,11 @@ pam_authenticate(pam_handle_t *pamh,
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT
* =PAM_SILENT:
* Do not emit any messages.
* =PAM_DISALLOW_NULL_AUTHTOK
* =PAM_DISALLOW_NULL_AUTHTOK:
* Fail if the user's authentication token is null.
*
* If any other bits are set, =pam_authenticate will return
* =PAM_SYMBOL_ERR.
*/

8
contrib/openpam/lib/pam_chauthtok.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_chauthtok.c#10 $
* $P4: //depot/projects/openpam/lib/pam_chauthtok.c#11 $
*/
#include <sys/param.h>
@ -82,8 +82,10 @@ pam_chauthtok(pam_handle_t *pamh,
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT
* =PAM_SILENT:
* Do not emit any messages.
* =PAM_CHANGE_EXPIRED_AUTHTOK
* =PAM_CHANGE_EXPIRED_AUTHTOK:
* Change only those authentication tokens that have expired.
*
* If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
*/

19
contrib/openpam/lib/pam_close_session.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_close_session.c#7 $
* $P4: //depot/projects/openpam/lib/pam_close_session.c#8 $
*/
#include <sys/param.h>
@ -52,6 +52,8 @@ pam_close_session(pam_handle_t *pamh,
int flags)
{
if (flags & ~(PAM_SILENT))
return (PAM_SYMBOL_ERR);
return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
}
@ -61,4 +63,19 @@ pam_close_session(pam_handle_t *pamh,
* =openpam_dispatch
* =pam_sm_close_session
* !PAM_IGNORE
* PAM_SYMBOL_ERR
*/
/**
* The =pam_close_session function tears down the user session previously
* set up by =pam_open_session.
*
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT:
* Do not emit any messages.
*
* If any other bits are set, =pam_close_session will return
* =PAM_SYMBOL_ERR.
*/

20
contrib/openpam/lib/pam_open_session.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_open_session.c#7 $
* $P4: //depot/projects/openpam/lib/pam_open_session.c#8 $
*/
#include <sys/param.h>
@ -52,6 +52,8 @@ pam_open_session(pam_handle_t *pamh,
int flags)
{
if (flags & ~(PAM_SILENT))
return (PAM_SYMBOL_ERR);
return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
}
@ -61,4 +63,20 @@ pam_open_session(pam_handle_t *pamh,
* =openpam_dispatch
* =pam_sm_open_session
* !PAM_IGNORE
* PAM_SYMBOL_ERR
*/
/**
* The =pam_open_session sets up a user session for a previously
* authenticated user. The session should later be torn down by a call to
* =pam_close_session.
*
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT:
* Do not emit any messages.
*
* If any other bits are set, =pam_open_session will return
* =PAM_SYMBOL_ERR.
*/

25
contrib/openpam/lib/pam_setcred.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_setcred.c#8 $
* $P4: //depot/projects/openpam/lib/pam_setcred.c#9 $
*/
#include <sys/param.h>
@ -52,6 +52,10 @@ pam_setcred(pam_handle_t *pamh,
int flags)
{
if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED|
PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED))
return (PAM_SYMBOL_ERR);
/* XXX enforce exclusivity */
return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
}
@ -61,18 +65,27 @@ pam_setcred(pam_handle_t *pamh,
* =openpam_dispatch
* =pam_sm_setcred
* !PAM_IGNORE
* PAM_SYMBOL_ERR
*/
/**
* The =pam_setcred function manages the application's credentials.
* The operation to perform is specified by the =flags argument:
*
* PAM_ESTABLISH_CRED:
* The =flags argument is the binary or of zero or more of the following
* values:
*
* =PAM_SILENT:
* Do not emit any messages.
* =PAM_ESTABLISH_CRED:
* Establish the credentials of the target user.
* PAM_DELETE_CRED:
* =PAM_DELETE_CRED:
* Revoke all established credentials.
* PAM_REINITIALIZE_CRED:
* =PAM_REINITIALIZE_CRED:
* Fully reinitialise credentials.
* PAM_REFRESH_CRED:
* =PAM_REFRESH_CRED:
* Refresh credentials.
*
* The latter four are mutually exclusive.
*
* If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR.
*/

221
contrib/openpam/lib/pam_start.c
View File

@ -31,21 +31,15 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_start.c#12 $
* $P4: //depot/projects/openpam/lib/pam_start.c#13 $
*/
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
static int _pam_configure_service(pam_handle_t *pamh, const char *service);
/*
* XSSO 4.2.1
* XSSO 6 page 89
@ -71,9 +65,9 @@ pam_start(const char *service,
if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)
goto fail;
if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS &&
r != PAM_BUF_ERR)
r = _pam_configure_service(ph, PAM_OTHER);
r = openpam_configure(ph, service);
if (r != PAM_SUCCESS && r != PAM_BUF_ERR)
r = openpam_configure(ph, PAM_OTHER);
if (r != PAM_SUCCESS)
goto fail;
@ -86,217 +80,12 @@ pam_start(const char *service,
return (r);
}
#define PAM_CONF_STYLE 0
#define PAM_D_STYLE 1
#define MAX_LINE_LEN 1024
#define MAX_OPTIONS 256
static int
_pam_read_policy_file(pam_handle_t *pamh,
const char *service,
const char *filename,
int style)
{
char buf[MAX_LINE_LEN], *p, *q;
const char *optv[MAX_OPTIONS + 1];
int ch, chain, flag, line, optc, n, r;
size_t len;
FILE *f;
n = 0;
if ((f = fopen(filename, "r")) == NULL) {
openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
"%s: %m", filename);
return (0);
}
openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
service, filename);
for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
if ((len = strlen(buf)) == 0)
continue;
/* check for overflow */
if (buf[--len] != '\n' && !feof(f)) {
openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
filename, line);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
while ((ch = fgetc(f)) != EOF)
if (ch == '\n')
break;
continue;
}
/* strip comments and trailing whitespace */
if ((p = strchr(buf, '#')) != NULL)
len = p - buf ? p - buf - 1 : p - buf;
while (len > 0 && isspace(buf[len - 1]))
--len;
if (len == 0)
continue;
buf[len] = '\0';
p = q = buf;
/* check service name */
if (style == PAM_CONF_STYLE) {
for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (*q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, service) != 0)
continue;
openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
filename, line, service);
}
/* get module type */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "auth") == 0) {
chain = PAM_AUTH;
} else if (strcmp(p, "account") == 0) {
chain = PAM_ACCOUNT;
} else if (strcmp(p, "session") == 0) {
chain = PAM_SESSION;
} else if (strcmp(p, "password") == 0) {
chain = PAM_PASSWORD;
} else {
openpam_log(PAM_LOG_ERROR,
"%s: invalid module type on line %d: '%s'",
filename, line, p);
continue;
}
/* get control flag */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "required") == 0) {
flag = PAM_REQUIRED;
} else if (strcmp(p, "requisite") == 0) {
flag = PAM_REQUISITE;
} else if (strcmp(p, "sufficient") == 0) {
flag = PAM_SUFFICIENT;
} else if (strcmp(p, "optional") == 0) {
flag = PAM_OPTIONAL;
} else {
openpam_log(PAM_LOG_ERROR,
"%s: invalid control flag on line %d: '%s'",
filename, line, p);
continue;
}
/* get module name */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p)
goto syntax_error;
/* get options */
for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
*q++ = '\0';
while (isspace(*q))
++q;
optv[optc] = q;
while (*q != '\0' && !isspace(*q))
++q;
}
optv[optc] = NULL;
if (*q != '\0') {
*q = '\0';
openpam_log(PAM_LOG_ERROR,
"%s: too many options on line %d",
filename, line);
}
/*
* Finally, add the module at the end of the
* appropriate chain and bump the counter.
*/
r = openpam_add_module(pamh, chain, flag, p, optc, optv);
if (r != PAM_SUCCESS)
return (-r);
++n;
continue;
syntax_error:
openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
filename, line);
openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
filename, line, q);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
}
if (ferror(f))
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
fclose(f);
return (n);
}
static const char *_pam_policy_path[] = {
"/etc/pam.d/",
"/etc/pam.conf",
"/usr/local/etc/pam.d/",
NULL
};
static int
_pam_configure_service(pam_handle_t *pamh,
const char *service)
{
const char **path;
char *filename;
size_t len;
int r;
for (path = _pam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
filename = malloc(len + strlen(service) + 1);
if (filename == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
return (PAM_BUF_ERR);
}
strcpy(filename, *path);
strcat(filename, service);
r = _pam_read_policy_file(pamh,
service, filename, PAM_D_STYLE);
free(filename);
} else {
r = _pam_read_policy_file(pamh,
service, *path, PAM_CONF_STYLE);
}
if (r < 0)
return (-r);
if (r > 0)
return (PAM_SUCCESS);
}
return (PAM_SYSTEM_ERR);
}
/*
* Error codes:
*
* =openpam_configure
* =pam_set_item
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/