Vendor import of OpenPAM Dianthus.

This commit is contained in:
Dag-Erling Smørgrav 2003-05-02 15:08:06 +00:00
parent 63303d4131
commit 4cb68ea5f3
51 changed files with 106 additions and 77 deletions

@ -1,3 +1,20 @@
OpenPAM Dianthus 2003-05-02
- BUGFIX: Initialize some potentially uninitialized variables.
- BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
- BUGFIX: In pam_getenv(), return a pointer to the stored variable
instead of a freshly allocated copy.
- ENHANCE: Detect recursion in openpam_borrow_cred()
- ENHANCE: Make borrowing one's own credentials a no-op.
- ENHANCE: Further improve debugging support.
- ENHANCE: Clean up some variable names.
============================================================================
OpenPAM Daffodil 2003-01-06
- ENHANCE: Document dependency on <sys/types.h> (for size_t)
@ -206,4 +223,4 @@ OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$P4: //depot/projects/openpam/HISTORY#17 $
$P4: //depot/projects/openpam/HISTORY#18 $

@ -22,6 +22,6 @@ These are some of OpenPAM's features:
/usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
this will be made configurable in a future release.
Please direct bug reports and inquiries to openpam@thinksec.com.
Please direct bug reports and inquiries to des@freebsd.org.
$P4: //depot/projects/openpam/README#4 $
$P4: //depot/projects/openpam/README#5 $

@ -1,16 +1,13 @@
Release notes for OpenPAM Daffodil
Release notes for OpenPAM Dianthus
==================================
This is a bugfix release. The previous release, Cyclamen, was rushed
out without sufficient testing, and contained a number of small but
serious errors.
This is a maintenance release incorporating a number of minor patches
accumulated since the previous release.
This release corresponds to the code used in FreeBSD-CURRENT as of the
release date. It has also been successfully built on NetBSD 1.6, and
should build with minimal or no changes on OpenBSD. Work is underway
to port OpenPAM to MacOS 10.2. It has not been tested on any other
operating system.
release date. It may or may not build on other platforms; previous
releases have been built on NetBSD and (with partial success) MacOS X.
The library itself is complete. Documentation exists in the form of
man pages for the library functions. These man pages are generated by
@ -27,4 +24,6 @@ NOTE: to the person who sent me MacOS patches in July 2002: I have
lost your name and email address. Please contact me so I can give you
proper credit for your contribution.
$P4: //depot/projects/openpam/RELNOTES#14 $
Please direct bug reports and inquiries to des@freebsd.org.
$P4: //depot/projects/openpam/RELNOTES#15 $

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_BORROW_CRED 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_FREE_DATA 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_LOG 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_NULLCONV 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_RESTORE_CRED 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM 3
.Os
.Sh NAME
@ -75,7 +75,7 @@
.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
.Ft int
.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
.Ft char *
.Ft const char *
.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
.Ft char **
.Fn pam_getenvlist "pam_handle_t *pamh"

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_END 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_ERROR 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GET_DATA 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GET_USER 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GETENV 3
.Os
.Sh NAME
@ -44,7 +44,7 @@
.Sh SYNOPSIS
.In sys/types.h
.In security/pam_appl.h
.Ft char *
.Ft const char *
.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
.Sh DESCRIPTION
The

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_INFO 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_PROMPT 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_PUTENV 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SET_DATA 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SETCRED 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SETENV 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_START 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_STRERROR 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_VERROR 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_VINFO 3
.Os
.Sh NAME

@ -33,7 +33,7 @@
.\"
.\" $P4$
.\"
.Dd January 6, 2003
.Dd May 2, 2003
.Dt PAM_VPROMPT 3
.Os
.Sh NAME

@ -31,14 +31,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/openpam_version.h#6 $
* $P4: //depot/projects/openpam/include/security/openpam_version.h#7 $
*/
#ifndef _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM_VERSION_H_INCLUDED
#define _OPENPAM
#define _OPENPAM_VERSION 20020630
#define _OPENPAM_RELEASE "Citronella"
#define _OPENPAM_VERSION 20030502
#define _OPENPAM_RELEASE "Dianthus"
#endif

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_appl.h#10 $
* $P4: //depot/projects/openpam/include/security/pam_appl.h#11 $
*/
#ifndef _PAM_APPL_H_INCLUDED
@ -83,7 +83,7 @@ pam_get_user(pam_handle_t *_pamh,
const char **_user,
const char *_prompt);
char *
const char *
pam_getenv(pam_handle_t *_pamh,
const char *_name);

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/include/security/pam_constants.h#19 $
* $P4: //depot/projects/openpam/include/security/pam_constants.h#20 $
*/
#ifndef _PAM_CONSTANTS_H_INCLUDED
@ -97,7 +97,8 @@ enum {
* XSSO 5.4
*/
enum {
PAM_SILENT = 0x80000000,
/* some compilers promote 0x8000000 to long */
PAM_SILENT = (-0x7fffffff - 1),
PAM_DISALLOW_NULL_AUTHTOK = 0x1,
PAM_ESTABLISH_CRED = 0x1,
PAM_DELETE_CRED = 0x2,

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#18 $
* $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $
*/
#include <sys/param.h>
@ -59,6 +59,9 @@ openpam_dispatch(pam_handle_t *pamh,
{
pam_chain_t *chain;
int err, fail, r;
#ifdef DEBUG
int debug;
#endif
ENTER();
if (pamh == NULL)
@ -96,8 +99,6 @@ openpam_dispatch(pam_handle_t *pamh,
/* execute */
for (err = fail = 0; chain != NULL; chain = chain->next) {
openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
_pam_sm_func_name[primitive], chain->module->path);
if (chain->module->func[primitive] == NULL) {
openpam_log(PAM_LOG_ERROR, "%s: no %s()",
chain->module->path, _pam_sm_func_name[primitive]);
@ -105,12 +106,23 @@ openpam_dispatch(pam_handle_t *pamh,
} else {
pamh->primitive = primitive;
pamh->current = chain;
#ifdef DEBUG
debug = (openpam_get_option(pamh, "debug") != NULL);
if (debug)
++_openpam_debug;
openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
_pam_sm_func_name[primitive], chain->module->path);
#endif
r = (chain->module->func[primitive])(pamh, flags,
chain->optc, (const char **)chain->optv);
pamh->current = NULL;
#ifdef DEBUG
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
chain->module->path, _pam_sm_func_name[primitive],
pam_strerror(pamh, r));
if (debug)
--_openpam_debug;
#endif
}
if (r == PAM_IGNORE)

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_impl.h#20 $
* $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $
*/
#ifndef _OPENPAM_IMPL_H_INCLUDED
@ -44,6 +44,8 @@ extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
extern const char *_pam_err_name[PAM_NUM_ERRORS];
extern const char *_pam_item_name[PAM_NUM_ITEMS];
extern int _openpam_debug;
/*
* Control flags
*/

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_log.c#17 $
* $P4: //depot/projects/openpam/lib/openpam_log.c#18 $
*/
#include <ctype.h>
@ -45,6 +45,8 @@
#include "openpam_impl.h"
int _openpam_debug = 0;
#if defined(openpam_log)
/*
@ -62,12 +64,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
switch (level) {
case PAM_LOG_DEBUG:
#ifndef DEBUG
return;
#else
if (!_openpam_debug)
return;
priority = LOG_DEBUG;
break;
#endif
case PAM_LOG_VERBOSE:
priority = LOG_INFO;
break;
@ -108,12 +108,10 @@ openpam_log(int level, const char *fmt, ...)
switch (level) {
case PAM_LOG_DEBUG:
#ifndef DEBUG
return;
#else
if (!_openpam_debug)
return;
priority = LOG_DEBUG;
break;
#endif
case PAM_LOG_VERBOSE:
priority = LOG_INFO;
break;

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_getenv.c#12 $
* $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $
*/
#include <stdlib.h>
@ -48,7 +48,7 @@
* Retrieve the value of a PAM environment variable
*/
char *
const char *
pam_getenv(pam_handle_t *pamh,
const char *name)
{