diff options
author | des <des@FreeBSD.org> | 2014-09-15 13:40:09 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-09-15 13:40:09 +0000 |
commit | ec657b1011e13ad7b3fd90dcd70012551683cad0 (patch) | |
tree | fb19e946266073d4ddbc34082d343b683171badf /contrib/openpam/lib | |
parent | ebd8a253bb50d17048c8bbdcc4d20b61c1fa75b5 (diff) | |
parent | af5b91d2306bc5ec4c34b50ecb1817ec1441df49 (diff) | |
download | FreeBSD-src-ec657b1011e13ad7b3fd90dcd70012551683cad0.zip FreeBSD-src-ec657b1011e13ad7b3fd90dcd70012551683cad0.tar.gz |
Upgrade to OpenPAM Ourouparia.
Diffstat (limited to 'contrib/openpam/lib')
-rw-r--r-- | contrib/openpam/lib/Makefile.am | 2 | ||||
-rw-r--r-- | contrib/openpam/lib/Makefile.in | 5 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/Makefile.am | 6 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/Makefile.in | 20 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_configure.c | 2 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_ctype.h | 2 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_dispatch.c | 25 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_strlset.c | 58 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_strlset.h | 41 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/openpam_ttyconv.c | 5 | ||||
-rw-r--r-- | contrib/openpam/lib/libpam/pam_get_authtok.c | 10 |
11 files changed, 148 insertions, 28 deletions
diff --git a/contrib/openpam/lib/Makefile.am b/contrib/openpam/lib/Makefile.am index 4cd38c2..9f2d21d 100644 --- a/contrib/openpam/lib/Makefile.am +++ b/contrib/openpam/lib/Makefile.am @@ -1,3 +1,3 @@ -# $Id: Makefile.am 255376 2013-09-07 19:43:39Z des $ +# $Id: Makefile.am 714 2013-08-19 15:30:21Z des $ SUBDIRS = libpam diff --git a/contrib/openpam/lib/Makefile.in b/contrib/openpam/lib/Makefile.in index 3ea0f71..198e909 100644 --- a/contrib/openpam/lib/Makefile.in +++ b/contrib/openpam/lib/Makefile.in @@ -82,10 +82,7 @@ host_triplet = @host@ subdir = lib DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/contrib/openpam/lib/libpam/Makefile.am b/contrib/openpam/lib/libpam/Makefile.am index 99c37f0..a7781d6 100644 --- a/contrib/openpam/lib/libpam/Makefile.am +++ b/contrib/openpam/lib/libpam/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $ +# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $ NULL = @@ -18,6 +18,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -44,9 +45,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ diff --git a/contrib/openpam/lib/libpam/Makefile.in b/contrib/openpam/lib/libpam/Makefile.in index b84d479..f297116 100644 --- a/contrib/openpam/lib/libpam/Makefile.in +++ b/contrib/openpam/lib/libpam/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $ +# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $ VPATH = @srcdir@ @@ -85,10 +85,7 @@ subdir = lib/libpam DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp $(noinst_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -135,10 +132,10 @@ am_libpam_la_OBJECTS = openpam_asprintf.lo openpam_borrow_cred.lo \ openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \ openpam_readword.lo openpam_restore_cred.lo \ openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \ - openpam_strlcat.lo openpam_strlcpy.lo openpam_straddch.lo \ - openpam_subst.lo openpam_vasprintf.lo openpam_ttyconv.lo \ - pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \ - pam_close_session.lo pam_end.lo pam_error.lo \ + openpam_straddch.lo openpam_strlcat.lo openpam_strlcpy.lo \ + openpam_strlset.lo openpam_subst.lo openpam_vasprintf.lo \ + openpam_ttyconv.lo pam_acct_mgmt.lo pam_authenticate.lo \ + pam_chauthtok.lo pam_close_session.lo pam_end.lo pam_error.lo \ pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \ pam_get_user.lo pam_getenv.lo pam_getenvlist.lo pam_info.lo \ pam_open_session.lo pam_prompt.lo pam_putenv.lo \ @@ -349,6 +346,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -375,9 +373,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ @@ -534,6 +533,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcat.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlset.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_vasprintf.Plo@am__quote@ diff --git a/contrib/openpam/lib/libpam/openpam_configure.c b/contrib/openpam/lib/libpam/openpam_configure.c index 4e3de57..5a4ca62 100644 --- a/contrib/openpam/lib/libpam/openpam_configure.c +++ b/contrib/openpam/lib/libpam/openpam_configure.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_configure.c 667 2013-03-17 14:24:00Z des $ + * $Id: openpam_configure.c 796 2014-06-03 21:30:08Z des $ */ #ifdef HAVE_CONFIG_H diff --git a/contrib/openpam/lib/libpam/openpam_ctype.h b/contrib/openpam/lib/libpam/openpam_ctype.h index 3801622..d99d34b 100644 --- a/contrib/openpam/lib/libpam/openpam_ctype.h +++ b/contrib/openpam/lib/libpam/openpam_ctype.h @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ctype.h 666 2013-03-17 14:22:17Z des $ + * $Id: openpam_ctype.h 763 2014-02-26 16:29:16Z des $ */ #ifndef OPENPAM_CTYPE_H_INCLUDED diff --git a/contrib/openpam/lib/libpam/openpam_dispatch.c b/contrib/openpam/lib/libpam/openpam_dispatch.c index 0dcc732..5fa068f 100644 --- a/contrib/openpam/lib/libpam/openpam_dispatch.c +++ b/contrib/openpam/lib/libpam/openpam_dispatch.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dispatch.c 649 2013-03-05 17:58:33Z des $ + * $Id: openpam_dispatch.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -63,7 +63,7 @@ openpam_dispatch(pam_handle_t *pamh, int flags) { pam_chain_t *chain; - int err, fail, r; + int err, fail, nsuccess, r; int debug; ENTER(); @@ -101,7 +101,9 @@ openpam_dispatch(pam_handle_t *pamh, } /* execute */ - for (err = fail = 0; chain != NULL; chain = chain->next) { + err = PAM_SUCCESS; + fail = nsuccess = 0; + for (; chain != NULL; chain = chain->next) { if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", chain->module->path, pam_sm_func_name[primitive]); @@ -126,7 +128,8 @@ openpam_dispatch(pam_handle_t *pamh, if (r == PAM_IGNORE) continue; - if (r == PAM_SUCCESS) { + if (r == PAM_SUCCESS) { + ++nsuccess; /* * For pam_setcred() and pam_chauthtok() with the * PAM_PRELIM_CHECK flag, treat "sufficient" as @@ -148,7 +151,7 @@ openpam_dispatch(pam_handle_t *pamh, * fail. If a required module fails, record the * return code from the first required module to fail. */ - if (err == 0) + if (err == PAM_SUCCESS) err = r; if ((chain->flag == PAM_REQUIRED || chain->flag == PAM_BINDING) && !fail) { @@ -170,6 +173,18 @@ openpam_dispatch(pam_handle_t *pamh, if (!fail && err != PAM_NEW_AUTHTOK_REQD) err = PAM_SUCCESS; + + /* + * Require the chain to be non-empty, and at least one module + * in the chain to be successful, so that we don't fail open. + */ + if (err == PAM_SUCCESS && nsuccess < 1) { + openpam_log(PAM_LOG_ERROR, + "all modules were unsuccessful for %s()", + pam_sm_func_name[primitive]); + err = PAM_SYSTEM_ERR; + } + RETURNC(err); } diff --git a/contrib/openpam/lib/libpam/openpam_strlset.c b/contrib/openpam/lib/libpam/openpam_strlset.c new file mode 100644 index 0000000..2f4c4fa --- /dev/null +++ b/contrib/openpam/lib/libpam/openpam_strlset.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2011-2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlset.c 807 2014-09-09 09:41:32Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE_STRLSET + +#include <stddef.h> + +#include "openpam_strlset.h" + +/* + * like memset(3), but stops at the first NUL byte and NUL-terminates the + * result. Returns the number of bytes that were written, not including + * the terminating NUL. + */ +size_t +openpam_strlset(char *str, int ch, size_t size) +{ + size_t len; + + for (len = 0; *str && size > 1; ++len, --size) + *str++ = ch; + *str = '\0'; + return (++len); +} + +#endif diff --git a/contrib/openpam/lib/libpam/openpam_strlset.h b/contrib/openpam/lib/libpam/openpam_strlset.h new file mode 100644 index 0000000..4bb0bb6 --- /dev/null +++ b/contrib/openpam/lib/libpam/openpam_strlset.h @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlset.h 807 2014-09-09 09:41:32Z des $ + */ + +#ifndef OPENPAM_STRLSET_H_INCLUDED +#define OPENPAM_STRLSET_H_INCLUDED + +#ifndef HAVE_STRLSET +size_t openpam_strlset(char *, int, size_t); +#undef strlset +#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__) +#endif + +#endif diff --git a/contrib/openpam/lib/libpam/openpam_ttyconv.c b/contrib/openpam/lib/libpam/openpam_ttyconv.c index 01e6181..d21320c 100644 --- a/contrib/openpam/lib/libpam/openpam_ttyconv.c +++ b/contrib/openpam/lib/libpam/openpam_ttyconv.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ttyconv.c 688 2013-07-11 16:40:08Z des $ + * $Id: openpam_ttyconv.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -55,6 +55,7 @@ #include <security/pam_appl.h> #include "openpam_impl.h" +#include "openpam_strlset.h" int openpam_ttyconv_timeout = 0; @@ -366,7 +367,7 @@ openpam_ttyconv(int n, fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { - memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE); FREE(aresp[i].resp); } } diff --git a/contrib/openpam/lib/libpam/pam_get_authtok.c b/contrib/openpam/lib/libpam/pam_get_authtok.c index a062934..36382f5 100644 --- a/contrib/openpam/lib/libpam/pam_get_authtok.c +++ b/contrib/openpam/lib/libpam/pam_get_authtok.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_authtok.c 670 2013-03-17 19:26:07Z des $ + * $Id: pam_get_authtok.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -48,6 +48,7 @@ #include <security/openpam.h> #include "openpam_impl.h" +#include "openpam_strlset.h" static const char authtok_prompt[] = "Password:"; static const char authtok_prompt_remote[] = "Password for %u@%h:"; @@ -140,16 +141,21 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) + if (strcmp(resp, resp2) != 0) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); + } + strlset(resp2, 0, PAM_MAX_RESP_SIZE); FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); |