Vendor import of OpenPAM Cinnamon.

author: des <des@FreeBSD.org> 2002-05-02 04:40:21 +0000
committer: des <des@FreeBSD.org> 2002-05-02 04:40:21 +0000
commit: 3b59856f3caaa1695d9f61c64e1e9bf5b514801f (patch)
tree: d685fd4c57fa5b797068077fcf6533dc5403b3c2 /contrib/openpam/lib
parent: e99a5d43c066b603715b7a752f75cb37038acdaf (diff)
download: FreeBSD-src-3b59856f3caaa1695d9f61c64e1e9bf5b514801f.zip
FreeBSD-src-3b59856f3caaa1695d9f61c64e1e9bf5b514801f.tar.gz
9 files changed, 138 insertions, 39 deletions
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile
index eb7f242..8549d8e 100644
--- a/contrib/openpam/lib/Makefile
+++ b/contrib/openpam/lib/Makefile
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/lib/Makefile#14 $
+# $P4: //depot/projects/openpam/lib/Makefile#15 $
 #
 
 LIB		 = pam
@@ -53,6 +53,7 @@ SRCS		+= openpam_free_data.c
 SRCS		+= openpam_get_option.c
 SRCS		+= openpam_load.c
 SRCS		+= openpam_log.c
+SRCS		+= openpam_nullconv.c
 SRCS		+= openpam_restore_cred.c
 SRCS		+= openpam_set_option.c
 SRCS		+= openpam_static.c
diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c
index 8c12e10..a66f823 100644
--- a/contrib/openpam/lib/openpam_configure.c
+++ b/contrib/openpam/lib/openpam_configure.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_configure.c#1 $
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#2 $
  */
 
 #include <ctype.h>
@@ -50,7 +50,7 @@
 #define MAX_OPTIONS	256
 
 static int
-openpam_read_policy_file(pam_handle_t *pamh,
+openpam_read_policy_file(pam_chain_t *policy[],
 	const char *service,
 	const char *filename,
 	int style)
@@ -186,7 +186,7 @@ openpam_read_policy_file(pam_handle_t *pamh,
 		 * Finally, add the module at the end of the
 		 * appropriate chain and bump the counter.
 		 */
-		r = openpam_add_module(pamh, chain, flag, p, optc, optv);
+		r = openpam_add_module(policy, chain, flag, p, optc, optv);
 		if (r != PAM_SUCCESS)
 			return (-r);
 		++n;
@@ -214,14 +214,8 @@ static const char *openpam_policy_path[] = {
 	NULL
 };
 
-/*
- * OpenPAM internal
- *
- * Configure a service
- */
-
-int
-openpam_configure(pam_handle_t *pamh,
+static int
+openpam_load_policy(pam_chain_t *policy[],
 	const char *service)
 {
 	const char **path;
@@ -235,24 +229,62 @@ openpam_configure(pam_handle_t *pamh,
 			filename = malloc(len + strlen(service) + 1);
 			if (filename == NULL) {
 				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-				return (PAM_BUF_ERR);
+				return (-PAM_BUF_ERR);
 			}
 			strcpy(filename, *path);
 			strcat(filename, service);
-			r = openpam_read_policy_file(pamh,
+			r = openpam_read_policy_file(policy,
 			    service, filename, PAM_D_STYLE);
 			free(filename);
 		} else {
-			r = openpam_read_policy_file(pamh,
+			r = openpam_read_policy_file(policy,
 			    service, *path, PAM_CONF_STYLE);
 		}
-		if (r < 0)
-			return (-r);
-		if (r > 0)
-			return (PAM_SUCCESS);
+		if (r != 0)
+			return (r);
 	}
 
-	return (PAM_SYSTEM_ERR);
+	return (0);
+}
+
+/*
+ * OpenPAM internal
+ *
+ * Configure a service
+ */
+
+int
+openpam_configure(pam_handle_t *pamh,
+	const char *service)
+{
+	pam_chain_t *other[PAM_NUM_CHAINS];
+	int i, n, r;
+
+	/* try own configuration first */
+	r = openpam_load_policy(pamh->chains, service);
+	if (r < 0)
+		return (-r);
+	for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
+		if (pamh->chains[i] != NULL)
+			++n;
+	}
+	if (n == PAM_NUM_CHAINS)
+		return (PAM_SUCCESS);
+
+	/* fill in the blanks with "other" */
+	openpam_load_policy(other, PAM_OTHER);
+	if (r < 0)
+		return (-r);
+	for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
+		if (pamh->chains[i] == NULL) {
+			pamh->chains[i] = other[i];
+			other[i] = NULL;
+		}
+		if (pamh->chains[i] != NULL)
+			++n;
+	}
+	openpam_clear_chains(other);
+	return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR);
 }
 
 /*
diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c
index d7e05b8..e012a49 100644
--- a/contrib/openpam/lib/openpam_dynamic.c
+++ b/contrib/openpam/lib/openpam_dynamic.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#4 $
+ * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#5 $
  */
 
 #include <dlfcn.h>
@@ -80,7 +80,7 @@ openpam_dynamic(const char *path)
 		module->func[i] = dlsym(dlh, _pam_sm_func_name[i]);
 		if (module->func[i] == NULL)
 			openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
-			    vpath, _pam_sm_func_name[i], dlerror());
+			    path, _pam_sm_func_name[i], dlerror());
 	}
 	return (module);
  buf_err:
diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h
index 1fc0184..446af16 100644
--- a/contrib/openpam/lib/openpam_impl.h
+++ b/contrib/openpam/lib/openpam_impl.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#13 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#14 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -108,9 +108,9 @@ struct pam_saved_cred {
 int		openpam_configure(pam_handle_t *, const char *);
 int		openpam_dispatch(pam_handle_t *, int, int);
 int		openpam_findenv(pam_handle_t *, const char *, size_t);
-int		openpam_add_module(pam_handle_t *, int, int,
+int		openpam_add_module(pam_chain_t **, int, int,
 				   const char *, int, const char **);
-void		openpam_clear_chains(pam_handle_t *);
+void		openpam_clear_chains(pam_chain_t **);
 
 #ifdef OPENPAM_STATIC_MODULES
 pam_module_t   *openpam_static(const char *);
diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c
index 2b88087..abbc491 100644
--- a/contrib/openpam/lib/openpam_load.c
+++ b/contrib/openpam/lib/openpam_load.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_load.c#12 $
+ * $P4: //depot/projects/openpam/lib/openpam_load.c#13 $
  */
 
 #include <dlfcn.h>
@@ -156,7 +156,7 @@ openpam_destroy_chain(pam_chain_t *chain)
  */
 
 int
-openpam_add_module(pam_handle_t *pamh,
+openpam_add_module(pam_chain_t *policy[],
 	int chain,
 	int flag,
 	const char *modpath,
@@ -178,12 +178,12 @@ openpam_add_module(pam_handle_t *pamh,
 		openpam_destroy_chain(new);
 		return (PAM_OPEN_ERR);
 	}
-	if ((iterator = pamh->chains[chain]) != NULL) {
+	if ((iterator = policy[chain]) != NULL) {
 		while (iterator->next != NULL)
 			iterator = iterator->next;
 		iterator->next = new;
 	} else {
-		pamh->chains[chain] = new;
+		policy[chain] = new;
 	}
 	return (PAM_SUCCESS);
 
@@ -199,12 +199,12 @@ openpam_add_module(pam_handle_t *pamh,
  */
 
 void
-openpam_clear_chains(pam_handle_t *pamh)
+openpam_clear_chains(pam_chain_t *policy[])
 {
 	int i;
 
 	for (i = 0; i < PAM_NUM_CHAINS; ++i)
-		openpam_destroy_chain(pamh->chains[i]);
+		openpam_destroy_chain(policy[i]);
 }
 
 /*
diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c
new file mode 100644
index 0000000..6534c11
--- /dev/null
+++ b/contrib/openpam/lib/openpam_nullconv.c
@@ -0,0 +1,68 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#1 $
+ */
+
+#include <sys/types.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Null conversation function
+ */
+
+int
+openpam_nullconv(int n,
+	 const struct pam_message **msg,
+	 struct pam_response **resp,
+	 void *data)
+{
+
+	(void)n;
+	(void)msg;
+	(void)resp;
+	(void)data;
+	return (PAM_CONV_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_CONV_ERR
+ */
diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c
index 21d5a1a..8fb9c29 100644
--- a/contrib/openpam/lib/pam_end.c
+++ b/contrib/openpam/lib/pam_end.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_end.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_end.c#9 $
  */
 
 #include <stdlib.h>
@@ -72,7 +72,7 @@ pam_end(pam_handle_t *pamh,
 	free(pamh->env);
 
 	/* clear chains */
-	openpam_clear_chains(pamh);
+	openpam_clear_chains(pamh->chains);
 
 	/* clear items */
 	for (i = 0; i < PAM_NUM_ITEMS; ++i)
diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c
index 5719d69..8a447c3 100644
--- a/contrib/openpam/lib/pam_get_authtok.c
+++ b/contrib/openpam/lib/pam_get_authtok.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#16 $
+ * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#17 $
  */
 
 #include <sys/param.h>
@@ -145,10 +145,10 @@ pam_get_authtok(pam_handle_t *pamh,
  *
  * The =item argument must have one of the following values:
  *
- *	=PAM_AUTHTOK
+ *	=PAM_AUTHTOK:
  *		Returns the current authentication token, or the new token
  *		when changing authentication tokens.
- *	=PAM_OLDAUTHTOK
+ *	=PAM_OLDAUTHTOK:
  *		Returns the previous authentication token when changing
  *		authentication tokens.
  *
diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c
index 49976b4..c1b301d 100644
--- a/contrib/openpam/lib/pam_start.c
+++ b/contrib/openpam/lib/pam_start.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_start.c#13 $
+ * $P4: //depot/projects/openpam/lib/pam_start.c#14 $
  */
 
 #include <stdlib.h>
@@ -66,8 +66,6 @@ pam_start(const char *service,
 		goto fail;
 
 	r = openpam_configure(ph, service);
-	if (r != PAM_SUCCESS && r != PAM_BUF_ERR)
-		r = openpam_configure(ph, PAM_OTHER);
 	if (r != PAM_SUCCESS)
 		goto fail;
author	des <des@FreeBSD.org>	2002-05-02 04:40:21 +0000
committer	des <des@FreeBSD.org>	2002-05-02 04:40:21 +0000
commit	3b59856f3caaa1695d9f61c64e1e9bf5b514801f (patch)
tree	d685fd4c57fa5b797068077fcf6533dc5403b3c2 /contrib/openpam/lib
parent	e99a5d43c066b603715b7a752f75cb37038acdaf (diff)
download	FreeBSD-src-3b59856f3caaa1695d9f61c64e1e9bf5b514801f.zip FreeBSD-src-3b59856f3caaa1695d9f61c64e1e9bf5b514801f.tar.gz