d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove all instances of pam_std_option()

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2003-05-31 16:55:07 +00:00
parent 56824e138d
commit 545aa47101
5 changed files with 58 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
lib/libpam/modules/pam_krb5/pam_krb5.c
View File

@ -71,6 +71,7 @@ __FBSDID("$FreeBSD$");
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
#include <security/openpam.h>
#define COMPAT_HEIMDAL
/* #define COMPAT_MIT */
@ -84,29 +85,17 @@ static void compat_free_data_contents(krb5_context, krb5_data *);
#define PASSWORD_PROMPT "Password:"
#define NEW_PASSWORD_PROMPT "New Password:"
enum {
PAM_OPT_AUTH_AS_SELF = PAM_OPT_STD_MAX,
PAM_OPT_CCACHE,
PAM_OPT_FORWARDABLE,
PAM_OPT_NO_CCACHE,
PAM_OPT_REUSE_CCACHE
};
static struct opttab other_options[] = {
{ "auth_as_self", PAM_OPT_AUTH_AS_SELF },
{ "ccache", PAM_OPT_CCACHE },
{ "forwardable", PAM_OPT_FORWARDABLE },
{ "no_ccache", PAM_OPT_NO_CCACHE },
{ "reuse_ccache", PAM_OPT_REUSE_CCACHE },
{ NULL, 0 }
};
#define PAM_OPT_CCACHE "ccache"
#define PAM_OPT_FORWARDABLE "forwardable"
#define PAM_OPT_NO_CCACHE "no_ccache"
#define PAM_OPT_REUSE_CCACHE "reuse_ccache"
/*
* authentication management
*/
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
krb5_context pam_context;
@ -114,16 +103,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
krb5_principal princ;
krb5_ccache ccache;
krb5_get_init_creds_opt opts;
struct options options;
struct passwd *pwd;
int retval;
const char *sourceuser, *user, *pass, *service;
char *principal, *princ_name, *ccache_name, luser[32], *srvdup;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
retval = pam_get_user(pamh, &user, USER_PROMPT);
if (retval != PAM_SUCCESS)
return (retval);
@ -153,7 +137,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
krb5_get_init_creds_opt_init(&opts);
if (pam_test_option(&options, PAM_OPT_FORWARDABLE, NULL))
if (openpam_get_option(pamh, PAM_OPT_FORWARDABLE))
krb5_get_init_creds_opt_set_forwardable(&opts, 1);
PAM_LOG("Credentials initialised");
@ -168,7 +152,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Done krb5_cc_register()");
/* Get principal name */
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL))
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
asprintf(&principal, "%s/%s", sourceuser, user);
else
principal = strdup(user);
@ -288,7 +272,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
goto cleanup;
}
krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup,
pam_test_option(&options, PAM_OPT_FORWARDABLE, NULL));
openpam_get_option(pamh, PAM_OPT_FORWARDABLE) ? 1 : 0);
free(srvdup);
if (krbret == -1) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
@ -348,7 +332,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
@ -357,19 +341,14 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
krb5_creds creds;
krb5_ccache ccache_temp, ccache_perm;
krb5_cc_cursor cursor;
struct options options;
struct passwd *pwd = NULL;
int retval;
char *user;
char *cache_name, *cache_env_name, *p, *q;
const char *cache_name, *q, *user;
char *cache_name_buf = NULL, *p;
uid_t euid;
gid_t egid;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
if (flags & PAM_DELETE_CRED)
return (PAM_SUCCESS);
@ -440,10 +419,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Done setegid() & seteuid()");
/* Get the cache name */
cache_name = NULL;
pam_test_option(&options, PAM_OPT_CCACHE, &cache_name);
if (cache_name == NULL)
asprintf(&cache_name, "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
cache_name = openpam_get_option(pamh, PAM_OPT_CCACHE);
if (cache_name == NULL) {
asprintf(&cache_name_buf, "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
cache_name = cache_name_buf;
}
p = calloc(PATH_MAX + 16, sizeof(char));
q = cache_name;
@ -559,17 +539,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Cache closed");
cache_env_name = malloc(strlen(cache_name) + 12);
if (!cache_env_name) {
PAM_LOG("Error malloc(): failure");
krb5_cc_destroy(pam_context, ccache_perm);
retval = PAM_BUF_ERR;
goto cleanup2;
}
sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name);
if ((retval = pam_putenv(pamh, cache_env_name)) != 0) {
PAM_LOG("Error pam_putenv(): %s", pam_strerror(pamh, retval));
retval = pam_setenv(pamh, "KRB5CCNAME", cache_name, 1);
if (retval != PAM_SUCCESS) {
PAM_LOG("Error pam_setenv(): %s", pam_strerror(pamh, retval));
krb5_cc_destroy(pam_context, ccache_perm);
retval = PAM_SERVICE_ERR;
goto cleanup2;
@ -589,6 +561,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Done seteuid() & setegid()");
if (cache_name_buf != NULL)
free(cache_name_buf);
return (retval);
}
@ -597,20 +572,15 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
*/
PAM_EXTERN int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
krb5_context pam_context;
krb5_ccache ccache;
krb5_principal princ;
struct options options;
int retval;
const char *user, *ccache_name;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
retval = pam_get_item(pamh, PAM_USER, (const void **)&user);
if (retval != PAM_SUCCESS)
return (retval);
@ -673,7 +643,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
*/
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
krb5_context pam_context;
@ -681,15 +651,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
krb5_principal princ;
krb5_get_init_creds_opt opts;
krb5_data result_code_string, result_string;
struct options options;
int result_code, retval;
const char *user, *pass;
char *princ_name, *passdup;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
if (!(flags & PAM_UPDATE_AUTHTOK))
return (PAM_AUTHTOK_ERR);

22
lib/libpam/modules/pam_opie/pam_opie.c
View File

@ -52,23 +52,13 @@ __FBSDID("$FreeBSD$");
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
enum {
PAM_OPT_AUTH_AS_SELF = PAM_OPT_STD_MAX,
PAM_OPT_NO_FAKE_PROMPTS
};
static struct opttab other_options[] = {
{ "auth_as_self", PAM_OPT_AUTH_AS_SELF },
{ "no_fake_prompts", PAM_OPT_NO_FAKE_PROMPTS },
{ NULL, 0 }
};
#define PAM_OPT_NO_FAKE_PROMPTS "no_fake_prompts"
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
struct opie opie;
struct options options;
struct passwd *pwd;
int retval, i;
const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
@ -77,12 +67,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
char *response;
int style;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
user = NULL;
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
if ((pwd = getpwnam(getlogin())) == NULL)
return (PAM_AUTH_ERR);
user = pwd->pw_name;
@ -108,7 +94,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
*/
/* XXX generates a const warning because of incorrect prototype */
if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
pam_test_option(&options, PAM_OPT_NO_FAKE_PROMPTS, NULL))
openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
return (PAM_AUTH_ERR);
/*

33
lib/libpam/modules/pam_radius/pam_radius.c
View File

@ -51,18 +51,9 @@ __FBSDID("$FreeBSD$");
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
enum {
PAM_OPT_CONF = PAM_OPT_STD_MAX,
PAM_OPT_TEMPLATE_USER,
PAM_OPT_NAS_ID
};
static struct opttab other_options[] = {
{ "conf", PAM_OPT_CONF },
{ "template_user", PAM_OPT_TEMPLATE_USER },
{ "nas_id", PAM_OPT_NAS_ID },
{ NULL, 0 }
};
#define PAM_OPT_CONF "conf"
#define PAM_OPT_TEMPLATE_USER "template_user"
#define PAM_OPT_NAS_ID "nas_id"
#define MAX_CHALLENGE_MSGS 10
#define PASSWORD_PROMPT "RADIUS Password:"
@ -218,25 +209,17 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user)
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
struct options options;
struct rad_handle *radh;
const char *user, *tmpuser, *pass;
char *conf_file, *template_user, *nas_id;
const char *conf_file, *template_user, *nas_id;
int retval;
int e;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
conf_file = NULL;
pam_test_option(&options, PAM_OPT_CONF, &conf_file);
template_user = NULL;
pam_test_option(&options, PAM_OPT_TEMPLATE_USER, &template_user);
nas_id = NULL;
pam_test_option(&options, PAM_OPT_NAS_ID, &nas_id);
conf_file = openpam_get_option(pamh, PAM_OPT_CONF);
template_user = openpam_get_option(pamh, PAM_OPT_TEMPLATE_USER);
nas_id = openpam_get_option(pamh, PAM_OPT_NAS_ID);
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS)

36
lib/libpam/modules/pam_tacplus/pam_tacplus.c
View File

@ -52,16 +52,8 @@ __FBSDID("$FreeBSD$");
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
enum {
PAM_OPT_CONF = PAM_OPT_STD_MAX,
PAM_OPT_TEMPLATE_USER
};
static struct opttab other_options[] = {
{ "conf", PAM_OPT_CONF },
{ "template_user", PAM_OPT_TEMPLATE_USER },
{ NULL, 0 }
};
#define PAM_OPT_CONF "conf"
#define PAM_OPT_TEMPLATE_USER "template_user"
typedef int (*set_func)(struct tac_handle *, const char *);
@ -115,22 +107,14 @@ set_msg(struct tac_handle *tach, const char *msg)
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
struct options options;
int retval;
struct tac_handle *tach;
char *conf_file;
char *template_user;
const char *conf_file, *template_user;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
conf_file = NULL;
pam_test_option(&options, PAM_OPT_CONF, &conf_file);
template_user = NULL;
pam_test_option(&options, PAM_OPT_TEMPLATE_USER, &template_user);
conf_file = openpam_get_option(pamh, PAM_OPT_CONF);
template_user = openpam_get_option(pamh, PAM_OPT_TEMPLATE_USER);
tach = tac_open();
if (tach == NULL) {
@ -184,8 +168,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
return (PAM_AUTHINFO_UNAVAIL);
}
status = TAC_AUTHEN_STATUS(sflags);
if (!TAC_AUTHEN_NOECHO(sflags))
pam_set_option(&options, PAM_OPT_ECHO_PASS);
openpam_set_option(pamh, PAM_OPT_ECHO_PASS,
TAC_AUTHEN_NOECHO(sflags) ? NULL : "");
switch (status) {
case TAC_AUTHEN_STATUS_PASS:
@ -245,8 +229,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
if ((srvr_msg = get_msg(tach)) == NULL)
return (PAM_SERVICE_ERR);
retval = pam_prompt(pamh,
pam_test_option(&options, PAM_OPT_ECHO_PASS, NULL)
? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF,
openpam_get_option(pamh, PAM_OPT_ECHO_PASS) ?
PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF,
&data_msg, "%s", *srvr_msg ? srvr_msg : "Data:");
free(srvr_msg);
if (retval != PAM_SUCCESS) {

49
lib/libpam/modules/pam_unix/pam_unix.c
View File

@ -74,20 +74,8 @@ static void makesalt(char []);
static char password_hash[] = PASSWORD_HASH;
enum {
PAM_OPT_AUTH_AS_SELF = PAM_OPT_STD_MAX,
PAM_OPT_NULLOK,
PAM_OPT_LOCAL_PASS,
PAM_OPT_NIS_PASS
};
static struct opttab other_options[] = {
{ "auth_as_self", PAM_OPT_AUTH_AS_SELF },
{ "nullok", PAM_OPT_NULLOK },
{ "local_pass", PAM_OPT_LOCAL_PASS },
{ "nis_pass", PAM_OPT_NIS_PASS },
{ NULL, 0 }
};
#define PAM_OPT_LOCAL_PASS "local_pass"
#define PAM_OPT_NIS_PASS "nis_pass"
char *tempname = NULL;
@ -96,19 +84,14 @@ char *tempname = NULL;
*/
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
login_cap_t *lc;
struct options options;
struct passwd *pwd;
int retval;
const char *pass, *user, *realpw, *prompt;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
pwd = getpwnam(getlogin());
} else {
retval = pam_get_user(pamh, &user, NULL);
@ -124,7 +107,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
realpw = pwd->pw_passwd;
if (realpw[0] == '\0') {
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
pam_test_option(&options, PAM_OPT_NULLOK, NULL))
openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_SUCCESS);
realpw = "*";
}
@ -160,10 +143,9 @@ pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
*/
PAM_EXTERN int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
struct addrinfo hints, *res;
struct options options;
struct passwd *pwd;
struct timeval tp;
login_cap_t *lc;
@ -172,10 +154,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
const char *rhost, *tty, *user;
char rhostip[MAXHOSTNAMELEN] = "";
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS)
return (retval);
@ -279,13 +257,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
*/
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
int argc __unused, const char *argv[] __unused)
{
#ifdef YP
struct ypclnt *ypclnt;
const char *yp_domain, *yp_server;
#endif
struct options options;
char salt[SALTSIZE + 1];
login_cap_t * lc;
struct passwd *pwd, *old_pwd;
@ -293,11 +270,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
char *encrypted;
int pfd, tfd, retval;
pam_std_option(&options, other_options, argc, argv);
PAM_LOG("Options processed");
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL))
if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF))
pwd = getpwnam(getlogin());
else {
retval = pam_get_user(pamh, &user, NULL);
@ -321,7 +294,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
if (pwd->pw_passwd[0] == '\0'
&& pam_test_option(&options, PAM_OPT_NULLOK, NULL)) {
&& openpam_get_option(pamh, PAM_OPT_NULLOK)) {
/*
* No password case. XXX Are we giving too much away
* by not prompting for a password?
@ -338,7 +311,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
/* always encrypt first */
encrypted = crypt(old_pass, pwd->pw_passwd);
if (old_pass[0] == '\0' &&
!pam_test_option(&options, PAM_OPT_NULLOK, NULL))
!openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_PERM_DENIED);
if (strcmp(encrypted, pwd->pw_passwd) != 0)
return (PAM_PERM_DENIED);
@ -367,7 +340,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
if (getuid() != 0 && new_pass[0] == '\0' &&
!pam_test_option(&options, PAM_OPT_NULLOK, NULL))
!openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_PERM_DENIED);
if ((old_pwd = pw_dup(pwd)) == NULL)