Vendor import of OpenPAM Digitalis.

This commit is contained in:
Dag-Erling Smørgrav 2003-06-01 12:54:03 +00:00
parent 4cb68ea5f3
commit 31c521e9ea
128 changed files with 1051 additions and 660 deletions

View File

@ -14,15 +14,17 @@ or indirectly, with patches, criticism, suggestions, or ideas:
Andrew Morgan <morgan@transmeta.com>
Brian Fundakowski Feldman <green@freebsd.org>
Darren J. Moffat <Darren.Moffat@sun.com>
Dmitry V. Levin <ldv@altlinux.org>
Eric Melville <eric@freebsd.org>
Gary Winiger <Gary.Winiger@sun.com>
Joe Marcus Clarke <marcus@marcuscom.com>
Juli Mallett <jmallett@freebsd.org>
Mark Murray <markm@freebsd.org>
Mike Petullo <mike@flyn.org>
Mikko Työläjärvi <mbsd@pacbell.net>
Robert Watson <rwatson@freebsd.org>
Ruslan Ermilov <ru@freebsd.org>
Solar Designer <solar@openwall.com>
Takanori Saneto <sanewo@ba2.so-net.ne.jp>
$P4: //depot/projects/openpam/CREDITS#6 $
$P4: //depot/projects/openpam/CREDITS#8 $

View File

@ -1,3 +1,22 @@
OpenPAM Digitalis 2003-06-01
- ENHANCE: Completely rewrite the configuration parser and add
support for the "include" control flag.
- ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
- ENHANCE: Lots of additional paranoia.
- BUGFIX: The sample su(1) application dropped privileges before
forking instead of after.
- ENHANCE: Document openpam_log(3).
- ENHANCE: Other minor documentation fixes.
Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
assistance with this release.
============================================================================
OpenPAM Dianthus 2003-05-02
- BUGFIX: Initialize some potentially uninitialized variables.
@ -223,4 +242,4 @@ OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#18 $
$P4: //depot/projects/openpam/HISTORY#19 $

View File

@ -1,5 +1,5 @@
Copyright (c) 2002 Networks Associates Technology, Inc.
Copyright (c) 2002-2003 Networks Associates Technology, Inc.
All rights reserved.
This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,4 +31,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
$P4: //depot/projects/openpam/LICENSE#5 $
$P4: //depot/projects/openpam/LICENSE#6 $

View File

@ -1,5 +1,5 @@
#
# $P4: //depot/projects/openpam/MANIFEST#13 $
# $P4: //depot/projects/openpam/MANIFEST#16 $
#
CREDITS
HISTORY
@ -7,9 +7,11 @@ INSTALL
LICENSE
MANIFEST
Makefile
Makefile.inc
README
RELNOTES
bin/Makefile
bin/Makefile.inc
bin/su/Makefile
bin/su/su.c
doc/Makefile
@ -21,6 +23,7 @@ doc/man/openpam_free_data.3
doc/man/openpam_get_option.3
doc/man/openpam_log.3
doc/man/openpam_nullconv.3
doc/man/openpam_readline.3
doc/man/openpam_restore_cred.3
doc/man/openpam_set_option.3
doc/man/openpam_ttyconv.3
@ -76,6 +79,7 @@ lib/openpam_impl.h
lib/openpam_load.c
lib/openpam_log.c
lib/openpam_nullconv.c
lib/openpam_readline.c
lib/openpam_restore_cred.c
lib/openpam_set_option.c
lib/openpam_static.c

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS
@ -32,7 +32,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/Makefile#7 $
# $P4: //depot/projects/openpam/Makefile#8 $
#
SUBDIR =

View File

@ -0,0 +1,8 @@
# $P4: //depot/projects/openpam/Makefile.inc#2 $
DESTDIR ?= /usr
BINDIR = /bin
LIBDIR = /lib
SHLIB_MAJOR = 2
SHLIB_MINOR = 0

View File

@ -1,13 +1,18 @@
Release notes for OpenPAM Dianthus
==================================
Release notes for OpenPAM Digitalis
===================================
This is a maintenance release incorporating a number of minor patches
accumulated since the previous release.
This release incorporates several major changes and improvements and
should be considered BETA QUALITY.
This release corresponds to the code used in FreeBSD-CURRENT as of the
release date. It may or may not build on other platforms; previous
releases have been built on NetBSD and (with partial success) MacOS X.
release date. It is also known to build cleanly on NetBSD 1.6,
OpenBSD 3.1, and a number of glibc-based Linux platforms (with BSD
make installed). It may or may not build on other platforms; you will
need a BSD-compatible make(1) (NetBSD's make(1) is easy to port to
most POSIX platforms). Previous versions were successfully built on
MacOS X 10.1, but there seem to be issues with the heavily modified
version of GCC 3.1 that ships with MacOS X 10.2.
The library itself is complete. Documentation exists in the form of
man pages for the library functions. These man pages are generated by
@ -26,4 +31,4 @@ proper credit for your contribution.
Please direct bug reports and inquiries to des@freebsd.org.
$P4: //depot/projects/openpam/RELNOTES#15 $
$P4: //depot/projects/openpam/RELNOTES#18 $

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS
@ -32,7 +32,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/bin/Makefile#6 $
# $P4: //depot/projects/openpam/bin/Makefile#7 $
#
SUBDIR =

View File

@ -0,0 +1,3 @@
# $P4: //depot/projects/openpam/bin/Makefile.inc#1 $
.include "../Makefile.inc"

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS
@ -32,13 +32,13 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/bin/su/Makefile#5 $
# $P4: //depot/projects/openpam/bin/su/Makefile#8 $
#
PROG = su
WARNS ?= 4
CFLAGS += -I${.CURDIR}/../../include
DPADD = ${.OBJDIR}/../../lib/libpam.so
DPADD = ${.OBJDIR}/../../lib/libpam.a
LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam
NOMAN = YES

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,13 +31,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/bin/su/su.c#8 $
* $P4: //depot/projects/openpam/bin/su/su.c#12 $
*/
#include <sys/param.h>
#include <sys/wait.h>
#include <err.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@ -81,9 +82,17 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
if (argc > 0) {
user = *argv;
--argc;
++argv;
} else {
user = "root";
}
/* initialize PAM */
pamc.conv = &openpam_ttyconv;
pam_start("su", argc ? *argv : "root", &pamc, &pamh);
pam_start("su", user, &pamc, &pamh);
/* set some items */
gethostname(hostname, sizeof(hostname));
@ -117,20 +126,6 @@ main(int argc, char *argv[])
if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user)) == NULL)
goto pamerr;
/* set uid and groups */
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
warn("initgroups()");
goto err;
}
if (setgid(pwd->pw_gid) == -1) {
warn("setgid()");
goto err;
}
if (setuid(pwd->pw_uid) == -1) {
warn("setuid()");
goto err;
}
/* export PAM environment */
if ((pam_envlist = pam_getenvlist(pamh)) != NULL) {
for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) {
@ -154,7 +149,21 @@ main(int argc, char *argv[])
warn("fork()");
goto err;
case 0:
/* child: start a shell */
/* child: give up privs and start a shell */
/* set uid and groups */
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
warn("initgroups()");
_exit(1);
}
if (setgid(pwd->pw_gid) == -1) {
warn("setgid()");
_exit(1);
}
if (setuid(pwd->pw_uid) == -1) {
warn("setuid()");
_exit(1);
}
execve(*args, args, environ);
warn("execve()");
_exit(1);
@ -170,9 +179,7 @@ main(int argc, char *argv[])
}
pamerr:
pam_end(pamh, pam_err);
fprintf(stderr, "Sorry\n");
exit(1);
err:
pam_end(pamh, pam_err);
exit(1);

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS
@ -32,7 +32,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/doc/Makefile#4 $
# $P4: //depot/projects/openpam/doc/Makefile#5 $
#
SUBDIR =

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS
@ -32,7 +32,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/doc/man/Makefile#11 $
# $P4: //depot/projects/openpam/doc/man/Makefile#13 $
#
GENDOC = ${.CURDIR}/../../misc/gendoc.pl
@ -73,6 +73,7 @@ OMAN += openpam_free_data.3
OMAN += openpam_get_option.3
OMAN += openpam_log.3
OMAN += openpam_nullconv.3
OMAN += openpam_readline.3
OMAN += openpam_restore_cred.3
OMAN += openpam_set_option.3
OMAN += openpam_ttyconv.3

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM 3
.Os
.Sh NAME
@ -42,6 +42,7 @@
.Nm openpam_get_option ,
.Nm openpam_log ,
.Nm openpam_nullconv ,
.Nm openpam_readline ,
.Nm openpam_restore_cred ,
.Nm openpam_set_option ,
.Nm openpam_ttyconv ,
@ -68,6 +69,8 @@
.Fn openpam_log "int level" "const char *fmt" "..."
.Ft int
.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Ft char *
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
.Ft int
.Fn openpam_restore_cred "pam_handle_t *pamh"
.Ft int
@ -108,6 +111,7 @@ standardization.
.Xr openpam_get_option 3 ,
.Xr openpam_log 3 ,
.Xr openpam_nullconv 3 ,
.Xr openpam_readline 3 ,
.Xr openpam_restore_cred 3 ,
.Xr openpam_set_option 3 ,
.Xr openpam_ttyconv 3 ,

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_BORROW_CRED 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_FREE_DATA 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME
@ -54,6 +54,7 @@ function returns the value of the specified
option in the context of the currently executing service module, or
.Dv NULL
if the option is not set or no module is currently executing.
.Pp
.Sh RETURN VALUES
The
.Nm
@ -61,6 +62,7 @@ function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr openpam_set_option 3 ,
.Xr pam 3
.Sh STANDARDS
The

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,12 +33,12 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_LOG 3
.Os
.Sh NAME
.Nm openpam_log
.Nd it). Do the next best thing
.Nd log a message through syslog
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
@ -48,9 +48,56 @@
.Ft void
.Fn openpam_log "int level" "const char *fmt" "..."
.Sh DESCRIPTION
No description available.
The
.Nm
function logs messages using
.Xr syslog 3 .
It is primarily
intended for internal use by the library and modules.
.Pp
The
.Va level
argument indicates the importance of the message. The
following levels are defined:
.Bl -tag -width 18n
.It Dv PAM_LOG_DEBUG
Debugging messages. These messages are normally not
logged unless the global integer variable
.Va _openpam_debug
is set to a non-zero value, in which case they are logged
with a
.Xr syslog 3
priority of
.Dv LOG_DEBUG .
.It Dv PAM_LOG_VERBOSE
Information about the progress of the authentication
process, or other non-essential messages. These messages
are logged with a
.Xr syslog 3
priority of
.Dv LOG_INFO .
.It Dv PAM_LOG_NOTICE
Messages relating to non-fatal errors. These messages are
logged with a
.Xr syslog 3
priority of
.Dv LOG_NOTICE .
.It Dv PAM_LOG_ERROR
Messages relating to serious errors. These messages are
logged with a
.Xr syslog 3
priority of
.Dv LOG_ERR .
.El
.Pp
The remaining arguments are a
.Xr printf 3
format string and the
corresponding arguments.
.Sh SEE ALSO
.Xr pam 3
.Xr pam 3 ,
.Xr printf 3 ,
.Xr syslog 3
.Sh STANDARDS
The
.Nm

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_NULLCONV 3
.Os
.Sh NAME
@ -79,6 +79,7 @@ Conversation failure.
.Sh SEE ALSO
.Xr openpam_ttyconv 3 ,
.Xr pam 3 ,
.Xr pam_authenticate 3 ,
.Xr pam_chauthtok 3 ,
.Xr pam_prompt 3 ,
.Xr pam_set_item 3 ,

View File

@ -0,0 +1,107 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4$
.\"
.Dd June 1, 2003
.Dt OPENPAM_READLINE 3
.Os
.Sh NAME
.Nm openpam_readline
.Nd read a line from a file
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In security/pam_appl.h
.In security/openpam.h
.Ft char *
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
.Sh DESCRIPTION
The
.Nm
function reads a line from a file, and returns it
in a NUL-terminated buffer allocated with
.Xr malloc 3 .
.Pp
The
.Nm
function performs a certain amount of processing
on the data it reads.
Comments (introduced by a hash sign) are stripped, as is leading and
trailing whitespace.
Any amount of linear whitespace is collapsed to a single space.
Blank lines are ignored.
If a line ends in a backslash, the backslash is stripped and the next
line is appended.
.Pp
If
.Va lineno
is not
.Dv NULL ,
the integer variable it points to is
incremented every time a newline character is read.
.Pp
If
.Va lenp
is not
.Dv NULL ,
the length of the line (not including the
terminating NUL character) is stored in the variable it points to.
.Pp
The caller is responsible for releasing the returned buffer by passing
it to
.Xr free 3 .
.Sh RETURN VALUES
The
.Nm
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr free 3 ,
.Xr malloc 3 ,
.Xr pam 3
.Sh STANDARDS
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and Network Associates Laboratories, the Security
Research Division of Network Associates, Inc. under DARPA/SPAWAR
contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_RESTORE_CRED 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME
@ -52,6 +52,7 @@ The
.Nm
function sets the specified option in the
context of the currently executing service module.
.Pp
.Sh RETURN VALUES
The
.Nm
@ -63,6 +64,7 @@ Memory buffer error.
System error.
.El
.Sh SEE ALSO
.Xr openpam_get_option 3 ,
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME
@ -57,7 +57,7 @@ of most text-based interactive programs.
The
.Nm
function allows the application to specify a
timeout for user input by setting the global variable
timeout for user input by setting the global integer variable
.Va openpam_ttyconv_timeout
to the length of the timeout in seconds.
.Pp

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME
@ -64,7 +64,7 @@ Fail if the user's authentication token is null.
.El
.Pp
If any other bits are set,
.Xr pam_authenticate 3
.Nm
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
@ -95,7 +95,6 @@ Unknown user.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_authenticate 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#2 $
.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#3 $
.\"
.Dd May 27, 2002
.Dt PAM_CONV 3

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_END 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_ERROR 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GET_DATA 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GET_USER 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GETENV 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_INFO 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_PROMPT 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_PUTENV 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SET_DATA 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SETCRED 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SETENV 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_START 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_STRERROR 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_VERROR 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_VINFO 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd May 2, 2003
.Dd June 1, 2003
.Dt PAM_VPROMPT 3
.Os
.Sh NAME

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/openpam.h#21 $
* $P4: //depot/projects/openpam/include/security/openpam.h#24 $
*/
#ifndef _SECURITY_OPENPAM_H_INCLUDED
@ -118,6 +118,18 @@ pam_vprompt(pam_handle_t *_pamh,
const char *_fmt,
va_list _ap);
/*
* Read cooked lines.
* Checking for FOPEN_MAX is a fairly reliable way to detect the presence
* of <stdio.h>
*/
#ifdef FOPEN_MAX
char *
openpam_readline(FILE *_f,
int *_lineno,
size_t *_lenp);
#endif
/*
* Log levels
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,14 +31,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/openpam_version.h#7 $
* $P4: //depot/projects/openpam/include/security/openpam_version.h#9 $
*/
#ifndef _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM
#define _OPENPAM_VERSION 20030502
#define _OPENPAM_RELEASE "Dianthus"
#define _OPENPAM_VERSION 20030601
#define _OPENPAM_RELEASE "Digitalis"
#endif

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_appl.h#11 $
* $P4: //depot/projects/openpam/include/security/pam_appl.h#13 $
*/
#ifndef _PAM_APPL_H_INCLUDED

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_constants.h#20 $
* $P4: //depot/projects/openpam/include/security/pam_constants.h#22 $
*/
#ifndef _PAM_CONSTANTS_H_INCLUDED

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_modules.h#8 $
* $P4: //depot/projects/openpam/include/security/pam_modules.h#9 $
*/
#ifndef _PAM_MODULES_H_INCLUDED

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_types.h#9 $
* $P4: //depot/projects/openpam/include/security/pam_types.h#11 $
*/
#ifndef _PAM_TYPES_H_INCLUDED

View File

@ -1,5 +1,5 @@
#-
# Copyright (c) 2002 Networks Associates Technology, Inc.
# Copyright (c) 2002-2003 Networks Associates Technology, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,18 +31,21 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $P4: //depot/projects/openpam/lib/Makefile#16 $
# $P4: //depot/projects/openpam/lib/Makefile#21 $
#
LIB = pam
SHLIB_MAJOR = 2
SHLIB_MINOR = 0
WARNS ?= 4
NO_WERROR = yes
CFLAGS += -I${.CURDIR}/../include
CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR}
OSNAME != uname -s
.if ${OSNAME} == "Linux"
LDADD += -ldl
.endif
SRCS =
SRCS += openpam_borrow_cred.c
SRCS += openpam_configure.c
@ -54,6 +57,7 @@ SRCS += openpam_get_option.c
SRCS += openpam_load.c
SRCS += openpam_log.c
SRCS += openpam_nullconv.c
SRCS += openpam_readline.c
SRCS += openpam_restore_cred.c
SRCS += openpam_set_option.c
SRCS += openpam_static.c

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,11 +31,12 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#4 $
* $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#9 $
*/
#include <sys/param.h>
#include <grp.h>
#include <pwd.h>
#include <stdlib.h>
#include <unistd.h>
@ -75,20 +76,20 @@ openpam_borrow_cred(pam_handle_t *pamh,
scred->euid = geteuid();
scred->egid = getegid();
r = getgroups(NGROUPS_MAX, scred->groups);
if (r == -1) {
free(scred);
if (r < 0) {
FREE(scred);
RETURNC(PAM_SYSTEM_ERR);
}
scred->ngroups = r;
r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data);
if (r != PAM_SUCCESS) {
free(scred);
FREE(scred);
RETURNC(r);
}
if (geteuid() == pwd->pw_uid)
RETURNC(PAM_SUCCESS);
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 ||
setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) {
if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 ||
setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) {
openpam_restore_cred(pamh);
RETURNC(PAM_SYSTEM_ERR);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_configure.c#6 $
* $P4: //depot/projects/openpam/lib/openpam_configure.c#10 $
*/
#include <ctype.h>
@ -44,169 +44,223 @@
#include "openpam_impl.h"
#define PAM_CONF_STYLE 0
#define PAM_D_STYLE 1
#define MAX_LINE_LEN 1024
#define MAX_OPTIONS 256
const char *_pam_facility_name[PAM_NUM_FACILITIES] = {
[PAM_ACCOUNT] = "account",
[PAM_AUTH] = "auth",
[PAM_PASSWORD] = "password",
[PAM_SESSION] = "session",
};
const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
[PAM_BINDING] = "binding",
[PAM_OPTIONAL] = "optional",
[PAM_REQUIRED] = "required",
[PAM_REQUISITE] = "requisite",
[PAM_SUFFICIENT] = "sufficient",
};
static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t);
/*
* Matches a word against the first one in a string.
* Returns non-zero if they match.
*/
static int
openpam_read_policy_file(pam_chain_t *policy[],
const char *service,
const char *filename,
int style)
match_word(const char *str, const char *word)
{
char buf[MAX_LINE_LEN], *p, *q;
const char *optv[MAX_OPTIONS + 1];
int ch, chain, flag, line, optc, n, r;
size_t len;
FILE *f;
n = 0;
while (*str && tolower(*str) == tolower(*word))
++str, ++word;
return (*str == ' ' && *word == '\0');
}
/*
* Return a pointer to the next word (or the final NUL) in a string.
*/
static const char *
next_word(const char *str)
{
/* skip current word */
while (*str && *str != ' ')
++str;
/* skip whitespace */
while (*str == ' ')
++str;
return (str);
}
/*
* Return a malloc()ed copy of the first word in a string.
*/
static char *
dup_word(const char *str)
{
const char *end;
char *word;
for (end = str; *end && *end != ' '; ++end)
/* nothing */ ;
if (asprintf(&word, "%.*s", (int)(end - str), str) < 0)
return (NULL);
return (word);
}
/*
* Return the length of the first word in a string.
*/
static int
wordlen(const char *str)
{
int i;
for (i = 0; str[i] && str[i] != ' '; ++i)
/* nothing */ ;
return (i);
}
typedef enum { pam_conf_style, pam_d_style } openpam_style_t;
/*
* Extracts given chains from a policy file.
*/
static int
openpam_read_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility,
const char *filename,
openpam_style_t style)
{
pam_chain_t *this, **next;
const char *p, *q;
int count, i, lineno, ret;
pam_facility_t fclt;
pam_control_t ctlf;
char *line, *name;
FILE *f;
if ((f = fopen(filename, "r")) == NULL) {
openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
"%s: %m", filename);
return (0);
}
openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
service, filename);
this = NULL;
count = lineno = 0;
while ((line = openpam_readline(f, &lineno, NULL)) != NULL) {
p = line;
for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
if ((len = strlen(buf)) == 0)
continue;
/* check for overflow */
if (buf[--len] != '\n' && !feof(f)) {
openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
filename, line);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
while ((ch = fgetc(f)) != EOF)
if (ch == '\n')
break;
continue;
}
/* strip comments and trailing whitespace */
if ((p = strchr(buf, '#')) != NULL)
len = p - buf ? p - buf - 1 : p - buf;
while (len > 0 && isspace(buf[len - 1]))
--len;
if (len == 0)
continue;
buf[len] = '\0';
p = q = buf;
/* check service name */
if (style == PAM_CONF_STYLE) {
for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (*q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, service) != 0)
/* match service name */
if (style == pam_conf_style) {
if (!match_word(p, service)) {
FREE(line);
continue;
openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
filename, line, service);
}
p = next_word(p);
}
/* match facility name */
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt)
if (match_word(p, _pam_facility_name[fclt]))
break;
if (fclt == PAM_NUM_FACILITIES) {
openpam_log(PAM_LOG_NOTICE,
"%s(%d): invalid facility '%.*s' (ignored)",
filename, lineno, wordlen(p), p);
goto fail;
}
if (facility != fclt && facility != PAM_FACILITY_ANY) {
FREE(line);
continue;
}
p = next_word(p);
/* get module type */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "auth") == 0) {
chain = PAM_AUTH;
} else if (strcmp(p, "account") == 0) {
chain = PAM_ACCOUNT;
} else if (strcmp(p, "session") == 0) {
chain = PAM_SESSION;
} else if (strcmp(p, "password") == 0) {
chain = PAM_PASSWORD;
} else {
openpam_log(PAM_LOG_ERROR,
"%s: invalid module type on line %d: '%s'",
filename, line, p);
/* include other chain */
if (match_word(p, "include")) {
p = next_word(p);
if (*next_word(p) != '\0')
openpam_log(PAM_LOG_NOTICE,
"%s(%d): garbage at end of 'include' line",
filename, lineno);
if ((name = dup_word(p)) == NULL)
goto syserr;
ret = openpam_load_chain(pamh, name, fclt);
fprintf(stderr, "include %s returned %d\n", name, ret);
FREE(name);
if (ret < 0)
goto fail;
count += ret;
FREE(line);
continue;
}
/* get control flag */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p || *q == '\0')
goto syntax_error;
*q++ = '\0';
if (strcmp(p, "required") == 0) {
flag = PAM_REQUIRED;
} else if (strcmp(p, "requisite") == 0) {
flag = PAM_REQUISITE;
} else if (strcmp(p, "sufficient") == 0) {
flag = PAM_SUFFICIENT;
} else if (strcmp(p, "optional") == 0) {
flag = PAM_OPTIONAL;
} else if (strcmp(p, "binding") == 0) {
flag = PAM_BINDING;
} else {
/* allocate new entry */
if ((this = calloc(1, sizeof *this)) == NULL)
goto syserr;
/* control flag */
for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf)
if (match_word(p, _pam_control_flag_name[ctlf]))
break;
if (ctlf == PAM_NUM_CONTROL_FLAGS) {
openpam_log(PAM_LOG_ERROR,
"%s: invalid control flag on line %d: '%s'",
filename, line, p);
continue;
"%s(%d): invalid control flag '%.*s'",
filename, lineno, wordlen(p), p);
goto fail;
}
this->flag = ctlf;
/* get module name */
for (p = q; isspace(*p); ++p)
/* nothing */;
for (q = p; *q != '\0' && !isspace(*q); ++q)
/* nothing */;
if (q == p)
goto syntax_error;
/* get options */
for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
*q++ = '\0';
while (isspace(*q))
++q;
optv[optc] = q;
while (*q != '\0' && !isspace(*q))
++q;
}
optv[optc] = NULL;
if (*q != '\0') {
*q = '\0';
/* module name */
p = next_word(p);
if (*p == '\0') {
openpam_log(PAM_LOG_ERROR,
"%s: too many options on line %d",
filename, line);
"%s(%d): missing module name",
filename, lineno);
goto fail;
}
if ((name = dup_word(p)) == NULL)
goto syserr;
this->module = openpam_load_module(name);
FREE(name);
if (this->module == NULL)
goto fail;
/* module options */
p = q = next_word(p);
while (*q != '\0') {
++this->optc;
q = next_word(q);
}
this->optv = calloc(this->optc + 1, sizeof(char *));
if (this->optv == NULL)
goto syserr;
for (i = 0; i < this->optc; ++i) {
if ((this->optv[i] = dup_word(p)) == NULL)
goto syserr;
p = next_word(p);
}
/*
* Finally, add the module at the end of the
* appropriate chain and bump the counter.
*/
r = openpam_add_module(policy, chain, flag, p, optc, optv);
if (r != PAM_SUCCESS)
return (-r);
++n;
continue;
syntax_error:
openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
filename, line);
openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
filename, line, q);
openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
filename, line);
/* hook it up */
for (next = &pamh->chains[fclt]; *next != NULL;
next = &(*next)->next)
/* nothing */ ;
*next = this;
this = NULL;
++count;
/* next please... */
FREE(line);
}
if (ferror(f))
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
if (!feof(f))
goto syserr;
fclose(f);
return (n);
return (count);
syserr:
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
fail:
FREE(this);
FREE(line);
fclose(f);
return (-1);
}
static const char *openpam_policy_path[] = {
@ -217,9 +271,14 @@ static const char *openpam_policy_path[] = {
NULL
};
/*
* Locates the policy file for a given service and reads the given chains
* from it.
*/
static int
openpam_load_policy(pam_chain_t *policy[],
const char *service)
openpam_load_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility)
{
const char **path;
char *filename;
@ -229,24 +288,20 @@ openpam_load_policy(pam_chain_t *policy[],
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
filename = malloc(len + strlen(service) + 1);
if (filename == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
if (asprintf(&filename, "%s%s", *path, service) < 0) {
openpam_log(PAM_LOG_ERROR, "asprintf(): %m");
return (-PAM_BUF_ERR);
}
strcpy(filename, *path);
strcat(filename, service);
r = openpam_read_policy_file(policy,
service, filename, PAM_D_STYLE);
free(filename);
r = openpam_read_chain(pamh, service, facility,
filename, pam_d_style);
FREE(filename);
} else {
r = openpam_read_policy_file(policy,
service, *path, PAM_CONF_STYLE);
r = openpam_read_chain(pamh, service, facility,
*path, pam_conf_style);
}
if (r != 0)
return (r);
}
return (0);
}
@ -260,34 +315,21 @@ int
openpam_configure(pam_handle_t *pamh,
const char *service)
{
pam_chain_t *other[PAM_NUM_CHAINS] = { 0 };
int i, n, r;
pam_facility_t fclt;
/* try own configuration first */
r = openpam_load_policy(pamh->chains, service);
if (r < 0)
return (-r);
for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
if (pamh->chains[i] != NULL)
++n;
}
if (n == PAM_NUM_CHAINS)
return (PAM_SUCCESS);
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
goto load_err;
/* fill in the blanks with "other" */
openpam_load_policy(other, PAM_OTHER);
if (r < 0)
return (-r);
for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
if (pamh->chains[i] == NULL) {
pamh->chains[i] = other[i];
other[i] = NULL;
}
if (pamh->chains[i] != NULL)
++n;
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
if (pamh->chains[fclt] != NULL)
continue;
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
goto load_err;
}
openpam_clear_chains(other);
return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR);
return (PAM_SUCCESS);
load_err:
openpam_clear_chains(pamh->chains);
return (PAM_SYSTEM_ERR);
}
/*
@ -295,5 +337,4 @@ openpam_configure(pam_handle_t *pamh,
*
* Error codes:
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#21 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_dynamic.c#7 $
* $P4: //depot/projects/openpam/lib/openpam_dynamic.c#13 $
*/
#include <dlfcn.h>
@ -43,6 +43,10 @@
#include "openpam_impl.h"
#ifndef RTLD_NOW
#define RTLD_NOW RTLD_LAZY
#endif
/*
* OpenPAM internal
*
@ -62,18 +66,18 @@ openpam_dynamic(const char *path)
goto buf_err;
/* try versioned module first, then unversioned module */
if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) == -1)
if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) < 0)
goto buf_err;
if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror());
*strrchr(vpath, '.') = '\0';
if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror());
free(module);
FREE(module);
return (NULL);
}
}
free(vpath);
FREE(vpath);
if ((module->path = strdup(path)) == NULL)
goto buf_err;
module->dlh = dlh;
@ -88,7 +92,7 @@ openpam_dynamic(const char *path)
openpam_log(PAM_LOG_ERROR, "%m");
if (dlh != NULL)
dlclose(dlh);
free(module);
FREE(module);
return (NULL);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_findenv.c#10 $
* $P4: //depot/projects/openpam/lib/openpam_findenv.c#12 $
*/
#include <string.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_free_data.c#3 $
* $P4: //depot/projects/openpam/lib/openpam_free_data.c#5 $
*/
#include <stdlib.h>
@ -54,7 +54,7 @@ openpam_free_data(pam_handle_t *pamh, void *data, int status)
ENTER();
(void)pamh;
(void)status;
free(data);
FREE(data);
RETURNV();
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_get_option.c#6 $
* $P4: //depot/projects/openpam/lib/openpam_get_option.c#10 $
*/
#include <sys/param.h>
@ -73,12 +73,10 @@ openpam_get_option(pam_handle_t *pamh,
RETURNS(NULL);
}
/*
* NOLIST
*/
/**
* The =openpam_get_option function returns the value of the specified
* option in the context of the currently executing service module, or
* =NULL if the option is not set or no module is currently executing.
*
* >openpam_set_option
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2001 Networks Associates Technology, Inc.
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $
* $P4: //depot/projects/openpam/lib/openpam_impl.h#27 $
*/
#ifndef _OPENPAM_IMPL_H_INCLUDED
@ -49,21 +49,26 @@ extern int _openpam_debug;
/*
* Control flags
*/
#define PAM_REQUIRED 1
#define PAM_REQUISITE 2
#define PAM_SUFFICIENT 3
#define PAM_OPTIONAL 4
#define PAM_BINDING 5
#define PAM_NUM_CONTROLFLAGS 6
typedef enum {
PAM_BINDING,
PAM_REQUIRED,
PAM_REQUISITE,
PAM_SUFFICIENT,
PAM_OPTIONAL,
PAM_NUM_CONTROL_FLAGS
} pam_control_t;
/*
* Chains
* Facilities
*/
#define PAM_AUTH 0
#define PAM_ACCOUNT 1
#define PAM_SESSION 2
#define PAM_PASSWORD 3
#define PAM_NUM_CHAINS 4
typedef enum {
PAM_FACILITY_ANY = -1,
PAM_AUTH = 0,
PAM_ACCOUNT,
PAM_SESSION,
PAM_PASSWORD,
PAM_NUM_FACILITIES
} pam_facility_t;
typedef struct pam_chain pam_chain_t;
struct pam_chain {
@ -86,7 +91,7 @@ struct pam_handle {
char *service;
/* chains */
pam_chain_t *chains[PAM_NUM_CHAINS];
pam_chain_t *chains[PAM_NUM_FACILITIES];
pam_chain_t *current;
int primitive;
@ -112,17 +117,18 @@ struct pam_saved_cred {
#define PAM_OTHER "other"
int openpam_configure(pam_handle_t *, const char *);
int openpam_dispatch(pam_handle_t *, int, int);
int openpam_findenv(pam_handle_t *, const char *, size_t);
int openpam_add_module(pam_chain_t **, int, int,
const char *, int, const char **);
void openpam_clear_chains(pam_chain_t **);
int openpam_configure(pam_handle_t *, const char *);
int openpam_dispatch(pam_handle_t *, int, int);
int openpam_findenv(pam_handle_t *, const char *, size_t);
pam_module_t *openpam_load_module(const char *);
void openpam_clear_chains(pam_chain_t **);
#ifdef OPENPAM_STATIC_MODULES
pam_module_t *openpam_static(const char *);
pam_module_t *openpam_static(const char *);
#endif
pam_module_t *openpam_dynamic(const char *);
pam_module_t *openpam_dynamic(const char *);
#define FREE(p) do { free((p)); (p) = NULL; } while (0)
#ifdef DEBUG
#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
@ -131,16 +137,16 @@ pam_module_t *openpam_dynamic(const char *);
openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \
} while (0);
} while (0)
#define ENTERN(n) do { \
openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \
} while (0);
} while (0)
#define ENTERS(s) do { \
if ((s) == NULL) \
openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \
} while (0);
} while (0)
#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
#define RETURNC(c) do { \
if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_load.c#15 $
* $P4: //depot/projects/openpam/lib/openpam_load.c#19 $
*/
#include <dlfcn.h>
@ -67,7 +67,7 @@ static pam_module_t *modules;
* found modules to speed up the process.
*/
static pam_module_t *
pam_module_t *
openpam_load_module(const char *path)
{
pam_module_t *module;
@ -136,8 +136,8 @@ openpam_release_module(pam_module_t *module)
if (module == modules)
modules = module->next;
openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path);
free(module->path);
free(module);
FREE(module->path);
FREE(module);
}
@ -154,52 +154,10 @@ openpam_destroy_chain(pam_chain_t *chain)
openpam_destroy_chain(chain->next);
chain->next = NULL;
while (chain->optc--)
free(chain->optv[chain->optc]);
free(chain->optv);
FREE(chain->optv[chain->optc]);
FREE(chain->optv);
openpam_release_module(chain->module);
free(chain);
}
/*
* Add a module to a chain.
*/
int
openpam_add_module(pam_chain_t *policy[],
int chain,
int flag,
const char *modpath,
int optc,
const char *optv[])
{
pam_chain_t *new, *iterator;
if ((new = calloc(1, sizeof *new)) == NULL)
goto buf_err;
if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
goto buf_err;
while (optc--)
if ((new->optv[new->optc++] = strdup(*optv++)) == NULL)
goto buf_err;
new->optv[new->optc] = NULL;
new->flag = flag;
if ((new->module = openpam_load_module(modpath)) == NULL) {
openpam_destroy_chain(new);
return (PAM_OPEN_ERR);
}
if ((iterator = policy[chain]) != NULL) {
while (iterator->next != NULL)
iterator = iterator->next;
iterator->next = new;
} else {
policy[chain] = new;
}
return (PAM_SUCCESS);
buf_err:
openpam_log(PAM_LOG_ERROR, "%m");
openpam_destroy_chain(new);
return (PAM_BUF_ERR);
FREE(chain);
}
@ -212,7 +170,7 @@ openpam_clear_chains(pam_chain_t *policy[])
{
int i;
for (i = 0; i < PAM_NUM_CHAINS; ++i)
for (i = 0; i < PAM_NUM_FACILITIES; ++i)
openpam_destroy_chain(policy[i]);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_log.c#18 $
* $P4: //depot/projects/openpam/lib/openpam_log.c#23 $
*/
#include <ctype.h>
@ -47,57 +47,12 @@
int _openpam_debug = 0;
#if defined(openpam_log)
#if !defined(openpam_log)
/*
* OpenPAM extension
*
* Log a message through syslog(3)
*/
void
_openpam_log(int level, const char *func, const char *fmt, ...)
{
va_list ap;
char *format;
int len, priority;
switch (level) {
case PAM_LOG_DEBUG:
if (!_openpam_debug)
return;
priority = LOG_DEBUG;
break;
case PAM_LOG_VERBOSE:
priority = LOG_INFO;
break;
case PAM_LOG_NOTICE:
priority = LOG_NOTICE;
break;
case PAM_LOG_ERROR:
default:
priority = LOG_ERR;
break;
}
va_start(ap, fmt);
for (len = strlen(fmt); len > 0 && isspace(fmt[len]); len--)
/* nothing */;
if ((format = malloc(strlen(func) + len + 16)) != NULL) {
sprintf(format, "in %s(): %.*s\n", func, len, fmt);
vsyslog(priority, format, ap);
free(format);
} else {
vsyslog(priority, fmt, ap);
}
va_end(ap);
}
#else
/*
* If openpam_log isn't defined as a macro, we're on a platform that
* doesn't support varadic macros (or it does but we aren't aware of
* it). Do the next best thing.
* Log a message through syslog
*/
void
@ -128,8 +83,67 @@ openpam_log(int level, const char *fmt, ...)
va_end(ap);
}
#else
void
_openpam_log(int level, const char *func, const char *fmt, ...)
{
va_list ap;
char *format;
int priority;
switch (level) {
case PAM_LOG_DEBUG:
if (!_openpam_debug)
return;
priority = LOG_DEBUG;
break;
case PAM_LOG_VERBOSE:
priority = LOG_INFO;
break;
case PAM_LOG_NOTICE:
priority = LOG_NOTICE;
break;
case PAM_LOG_ERROR:
default:
priority = LOG_ERR;
break;
}
va_start(ap, fmt);
if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
vsyslog(priority, format, ap);
FREE(format);
} else {
vsyslog(priority, fmt, ap);
}
va_end(ap);
}
#endif
/*
* NOLIST
/**
* The =openpam_log function logs messages using =syslog. It is primarily
* intended for internal use by the library and modules.
*
* The =level argument indicates the importance of the message. The
* following levels are defined:
*
* =PAM_LOG_DEBUG:
* Debugging messages. These messages are normally not
* logged unless the global integer variable :_openpam_debug
* is set to a non-zero value, in which case they are logged
* with a =syslog priority of =LOG_DEBUG.
* =PAM_LOG_VERBOSE:
* Information about the progress of the authentication
* process, or other non-essential messages. These messages
* are logged with a =syslog priority of =LOG_INFO.
* =PAM_LOG_NOTICE:
* Messages relating to non-fatal errors. These messages are
* logged with a =syslog priority of =LOG_NOTICE.
* =PAM_LOG_ERROR:
* Messages relating to serious errors. These messages are
* logged with a =syslog priority of =LOG_ERR.
*
* The remaining arguments are a =printf format string and the
* corresponding arguments.
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_nullconv.c#4 $
* $P4: //depot/projects/openpam/lib/openpam_nullconv.c#6 $
*/
#include <sys/types.h>
@ -62,8 +62,6 @@ openpam_nullconv(int n,
}
/*
* NOLIST
*
* Error codes:
*
* PAM_CONV_ERR

View File

@ -0,0 +1,154 @@
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* Network Associates Laboratories, the Security Research Division of
* Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
* ("CBOSS"), as part of the DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_readline.c#2 $
*/
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define MIN_LINE_LENGTH 128
/*
* OpenPAM extension
*
* Read a line from a file.
*/
char *
openpam_readline(FILE *f, int *lineno, size_t *lenp)
{
char *line;
size_t len, size;
int ch;
if ((line = malloc(MIN_LINE_LENGTH)) == NULL)
return (NULL);
size = MIN_LINE_LENGTH;
len = 0;
#define line_putch(ch) do { \
if (len >= size - 1) { \
char *tmp = realloc(line, size *= 2); \
if (tmp == NULL) \
goto fail; \
line = tmp; \
} \
line[len++] = ch; \
line[len] = '\0'; \
} while (0)
for (;;) {
ch = fgetc(f);
/* strip comment */
if (ch == '#') {
do {
ch = fgetc(f);
} while (ch != EOF && ch != '\n');
}
/* eof */
if (ch == EOF) {
/* remove trailing whitespace */
while (len > 0 && isspace(line[len - 1]))
--len;
line[len] = '\0';
if (len == 0)
goto fail;
break;
}
/* eol */
if (ch == '\n') {
if (lineno != NULL)
++*lineno;
/* remove trailing whitespace */
while (len > 0 && isspace(line[len - 1]))
--len;
line[len] = '\0';
/* skip blank lines */
if (len == 0)
continue;
/* continuation */
if (line[len - 1] == '\\') {
line[--len] = '\0';
/* fall through to whitespace case */
} else {
break;
}
}
/* whitespace */
if (isspace(ch)) {
/* ignore leading whitespace */
/* collapse linear whitespace */
if (len > 0 && line[len - 1] != ' ')
line_putch(' ');
continue;
}
/* anything else */
line_putch(ch);
}
if (lenp != NULL)
*lenp = len;
return (line);
fail:
FREE(line);
return (NULL);
}
/**
* The =openpam_readline function reads a line from a file, and returns it
* in a NUL-terminated buffer allocated with =malloc.
*
* The =openpam_readline function performs a certain amount of processing
* on the data it reads.
* Comments (introduced by a hash sign) are stripped, as is leading and
* trailing whitespace.
* Any amount of linear whitespace is collapsed to a single space.
* Blank lines are ignored.
* If a line ends in a backslash, the backslash is stripped and the next
* line is appended.
*
* If =lineno is not =NULL, the integer variable it points to is
* incremented every time a newline character is read.
*
* If =lenp is not =NULL, the length of the line (not including the
* terminating NUL character) is stored in the variable it points to.
*
* The caller is responsible for releasing the returned buffer by passing
* it to =free.
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,11 +31,12 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#4 $
* $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#8 $
*/
#include <sys/param.h>
#include <grp.h>
#include <pwd.h>
#include <stdlib.h>
#include <unistd.h>
@ -63,9 +64,9 @@ openpam_restore_cred(pam_handle_t *pamh)
if (scred == NULL)
RETURNC(PAM_SYSTEM_ERR);
if (scred->euid != geteuid()) {
if (seteuid(scred->euid) == -1 ||
setgroups(scred->ngroups, scred->groups) == -1 ||
setegid(scred->egid) == -1)
if (seteuid(scred->euid) < 0 ||
setgroups(scred->ngroups, scred->groups) < 0 ||
setegid(scred->egid) < 0)
RETURNC(PAM_SYSTEM_ERR);
}
pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL);

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_set_option.c#7 $
* $P4: //depot/projects/openpam/lib/openpam_set_option.c#13 $
*/
#include <sys/param.h>
@ -82,14 +82,13 @@ openpam_set_option(pam_handle_t *pamh,
cur->optv[i] = NULL;
RETURNC(PAM_SUCCESS);
}
if ((opt = malloc(len + strlen(value) + 2)) == NULL)
if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0)
RETURNC(PAM_BUF_ERR);
sprintf(opt, "%.*s=%s", (int)len, option, value);
if (i == cur->optc) {
/* add */
optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2));
if (optv == NULL) {
free(opt);
FREE(opt);
RETURNC(PAM_BUF_ERR);
}
optv[i] = opt;
@ -98,15 +97,13 @@ openpam_set_option(pam_handle_t *pamh,
++cur->optc;
} else {
/* replace */
free(cur->optv[i]);
FREE(cur->optv[i]);
cur->optv[i] = opt;
}
RETURNC(PAM_SUCCESS);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SYSTEM_ERR
@ -116,4 +113,6 @@ openpam_set_option(pam_handle_t *pamh,
/**
* The =openpam_set_option function sets the specified option in the
* context of the currently executing service module.
*
* >openpam_get_option
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_static.c#5 $
* $P4: //depot/projects/openpam/lib/openpam_static.c#6 $
*/
#include <string.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#15 $
* $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $
*/
#include <sys/types.h>
@ -179,15 +179,12 @@ openpam_ttyconv(int n,
RETURNC(PAM_SUCCESS);
fail:
while (i)
free(resp[--i]);
free(*resp);
*resp = NULL;
FREE(resp[--i]);
FREE(*resp);
RETURNC(PAM_CONV_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SYSTEM_ERR
@ -201,7 +198,7 @@ openpam_ttyconv(int n,
* of most text-based interactive programs.
*
* The =openpam_ttyconv function allows the application to specify a
* timeout for user input by setting the global variable
* timeout for user input by setting the global integer variable
* :openpam_ttyconv_timeout to the length of the timeout in seconds.
*
* >openpam_nullconv

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#11 $
* $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#14 $
*/
#include <sys/param.h>
@ -78,6 +78,6 @@ pam_acct_mgmt(pam_handle_t *pamh,
* =PAM_DISALLOW_NULL_AUTHTOK:
* Fail if the user's authentication token is null.
*
* If any other bits are set, =pam_authenticate will return
* If any other bits are set, =pam_acct_mgmt will return
* =PAM_SYMBOL_ERR.
*/

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_authenticate.c#13 $
* $P4: //depot/projects/openpam/lib/pam_authenticate.c#15 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#7 $
* $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#8 $
*/
#include <security/pam_appl.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_chauthtok.c#14 $
* $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_close_session.c#11 $
* $P4: //depot/projects/openpam/lib/pam_close_session.c#13 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_end.c#11 $
* $P4: //depot/projects/openpam/lib/pam_end.c#13 $
*/
#include <stdlib.h>
@ -63,14 +63,14 @@ pam_end(pam_handle_t *pamh,
if (dp->cleanup)
(dp->cleanup)(pamh, dp->data, status);
pamh->module_data = dp->next;
free(dp->name);
free(dp);
FREE(dp->name);
FREE(dp);
}
/* clear environment */
while (pamh->env_count)
free(pamh->env[--pamh->env_count]);
free(pamh->env);
FREE(pamh->env[--pamh->env_count]);
FREE(pamh->env);
/* clear chains */
openpam_clear_chains(pamh->chains);
@ -79,7 +79,7 @@ pam_end(pam_handle_t *pamh,
for (i = 0; i < PAM_NUM_ITEMS; ++i)
pam_set_item(pamh, i, NULL);
free(pamh);
FREE(pamh);
RETURNC(PAM_SUCCESS);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_error.c#8 $
* $P4: //depot/projects/openpam/lib/pam_error.c#10 $
*/
#include <stdarg.h>
@ -41,6 +41,8 @@
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
@ -59,7 +61,7 @@ pam_error(pam_handle_t *pamh,
va_start(ap, fmt);
r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap);
va_end(ap);
free(rsp); /* ignore response */
FREE(rsp); /* ignore response */
return (r);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_authtok.c#21 $
* $P4: //depot/projects/openpam/lib/pam_get_authtok.c#25 $
*/
#include <sys/param.h>
@ -109,19 +109,17 @@ pam_get_authtok(pam_handle_t *pamh,
if (twice) {
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
if (r != PAM_SUCCESS) {
free(resp);
FREE(resp);
RETURNC(r);
}
if (strcmp(resp, resp2) != 0) {
free(resp);
resp = NULL;
}
free(resp2);
if (strcmp(resp, resp2) != 0)
FREE(resp);
FREE(resp2);
}
if (resp == NULL)
RETURNC(PAM_TRY_AGAIN);
r = pam_set_item(pamh, item, resp);
free(resp);
FREE(resp);
if (r != PAM_SUCCESS)
RETURNC(r);
r = pam_get_item(pamh, item, (const void **)authtok);

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_data.c#10 $
* $P4: //depot/projects/openpam/lib/pam_get_data.c#12 $
*/
#include <string.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_item.c#15 $
* $P4: //depot/projects/openpam/lib/pam_get_item.c#17 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#7 $
* $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#8 $
*/
#include <security/pam_appl.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#7 $
* $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#8 $
*/
#include <security/pam_appl.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_user.c#14 $
* $P4: //depot/projects/openpam/lib/pam_get_user.c#17 $
*/
#include <sys/param.h>
@ -75,7 +75,7 @@ pam_get_user(pam_handle_t *pamh,
if (r != PAM_SUCCESS)
RETURNC(r);
r = pam_set_item(pamh, PAM_USER, resp);
free(resp);
FREE(resp);
if (r != PAM_SUCCESS)
RETURNC(r);
r = pam_get_item(pamh, PAM_USER, (const void **)user);

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $
* $P4: //depot/projects/openpam/lib/pam_getenv.c#16 $
*/
#include <stdlib.h>
@ -60,7 +60,7 @@ pam_getenv(pam_handle_t *pamh,
RETURNS(NULL);
if (name == NULL || strchr(name, '=') != NULL)
RETURNS(NULL);
if ((i = openpam_findenv(pamh, name, strlen(name))) == -1)
if ((i = openpam_findenv(pamh, name, strlen(name))) < 0)
RETURNS(NULL);
for (str = pamh->env[i]; *str != '\0'; ++str) {
if (*str == '=') {

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_getenvlist.c#10 $
* $P4: //depot/projects/openpam/lib/pam_getenvlist.c#12 $
*/
#include <stdlib.h>
@ -66,8 +66,8 @@ pam_getenvlist(pam_handle_t *pamh)
for (i = 0; i < pamh->env_count; ++i) {
if ((envlist[i] = strdup(pamh->env[i])) == NULL) {
while (i)
free(envlist[--i]);
free(envlist);
FREE(envlist[--i]);
FREE(envlist);
openpam_log(PAM_LOG_ERROR, "%s",
pam_strerror(pamh, PAM_BUF_ERR));
RETURNP(NULL);

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_info.c#7 $
* $P4: //depot/projects/openpam/lib/pam_info.c#9 $
*/
#include <stdarg.h>
@ -41,6 +41,8 @@
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
@ -59,7 +61,7 @@ pam_info(pam_handle_t *pamh,
va_start(ap, fmt);
r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap);
va_end(ap);
free(rsp); /* ignore response */
FREE(rsp); /* ignore response */
return (r);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_open_session.c#11 $
* $P4: //depot/projects/openpam/lib/pam_open_session.c#13 $
*/
#include <sys/param.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_prompt.c#8 $
* $P4: //depot/projects/openpam/lib/pam_prompt.c#9 $
*/
#include <sys/types.h>

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_putenv.c#9 $
* $P4: //depot/projects/openpam/lib/pam_putenv.c#12 $
*/
#include <stdlib.h>
@ -64,10 +64,10 @@ pam_putenv(pam_handle_t *pamh,
RETURNC(PAM_SYSTEM_ERR);
/* see if the variable is already in the environment */
if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) {
if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) {
if ((p = strdup(namevalue)) == NULL)
RETURNC(PAM_BUF_ERR);
free(pamh->env[i]);
FREE(pamh->env[i]);
pamh->env[i] = p;
RETURNC(PAM_SUCCESS);
}

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_set_data.c#12 $
* $P4: //depot/projects/openpam/lib/pam_set_data.c#15 $
*/
#include <stdlib.h>
@ -73,7 +73,7 @@ pam_set_data(pam_handle_t *pamh,
if ((dp = malloc(sizeof *dp)) == NULL)
RETURNC(PAM_BUF_ERR);
if ((dp->name = strdup(module_data_name)) == NULL) {
free(dp);
FREE(dp);
RETURNC(PAM_BUF_ERR);
}
dp->data = data;

View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_set_item.c#18 $
* $P4: //depot/projects/openpam/lib/pam_set_item.c#21 $
*/
#include <sys/param.h>
@ -90,7 +90,7 @@ pam_set_item(pam_handle_t *pamh,
}
if (*slot != NULL) {
memset(*slot, 0xd0, osize);
free(*slot);
FREE(*slot);
}
if (item != NULL) {
if ((tmp = malloc(nsize)) == NULL)

Some files were not shown because too many files have changed in this diff Show More