diff options
| author | des <des@FreeBSD.org> | 2003-06-01 12:54:03 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2003-06-01 12:54:03 +0000 |
| commit | 3409f2d5db068fa23d2344776412b86150352336 (patch) | |
| tree | 6198c196f6c160a3b6c1800a13a74dbaf48a8cb8 /contrib | |
| parent | 1b2b5956a02e1d56168e372dc96807d70b3ca363 (diff) | |
| download | FreeBSD-src-3409f2d5db068fa23d2344776412b86150352336.zip FreeBSD-src-3409f2d5db068fa23d2344776412b86150352336.tar.gz | |
Vendor import of OpenPAM Digitalis.
Diffstat (limited to 'contrib')
128 files changed, 1022 insertions, 631 deletions
diff --git a/contrib/openpam/CREDITS b/contrib/openpam/CREDITS index 43f0559..b794299 100644 --- a/contrib/openpam/CREDITS +++ b/contrib/openpam/CREDITS @@ -14,15 +14,17 @@ or indirectly, with patches, criticism, suggestions, or ideas: Andrew Morgan <morgan@transmeta.com> Brian Fundakowski Feldman <green@freebsd.org> Darren J. Moffat <Darren.Moffat@sun.com> + Dmitry V. Levin <ldv@altlinux.org> Eric Melville <eric@freebsd.org> Gary Winiger <Gary.Winiger@sun.com> Joe Marcus Clarke <marcus@marcuscom.com> Juli Mallett <jmallett@freebsd.org> Mark Murray <markm@freebsd.org> + Mike Petullo <mike@flyn.org> Mikko Työläjärvi <mbsd@pacbell.net> Robert Watson <rwatson@freebsd.org> Ruslan Ermilov <ru@freebsd.org> Solar Designer <solar@openwall.com> Takanori Saneto <sanewo@ba2.so-net.ne.jp> -$P4: //depot/projects/openpam/CREDITS#6 $ +$P4: //depot/projects/openpam/CREDITS#8 $ diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY index 119e072..c1db7e7 100644 --- a/contrib/openpam/HISTORY +++ b/contrib/openpam/HISTORY @@ -1,3 +1,22 @@ +OpenPAM Digitalis 2003-06-01 + + - ENHANCE: Completely rewrite the configuration parser and add + support for the "include" control flag. + + - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. + + - ENHANCE: Lots of additional paranoia. + + - BUGFIX: The sample su(1) application dropped privileges before + forking instead of after. + + - ENHANCE: Document openpam_log(3). + + - ENHANCE: Other minor documentation fixes. + +Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable +assistance with this release. +============================================================================ OpenPAM Dianthus 2003-05-02 - BUGFIX: Initialize some potentially uninitialized variables. @@ -223,4 +242,4 @@ OpenPAM Calamite 2002-02-09 First (beta) release. ============================================================================ -$P4: //depot/projects/openpam/HISTORY#18 $ +$P4: //depot/projects/openpam/HISTORY#19 $ diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE index cb4a292..19a9687 100644 --- a/contrib/openpam/LICENSE +++ b/contrib/openpam/LICENSE @@ -1,5 +1,5 @@ -Copyright (c) 2002 Networks Associates Technology, Inc. +Copyright (c) 2002-2003 Networks Associates Technology, Inc. All rights reserved. This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,4 +31,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$P4: //depot/projects/openpam/LICENSE#5 $ +$P4: //depot/projects/openpam/LICENSE#6 $ diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST index 79ac0b2..dcfd0d2 100644 --- a/contrib/openpam/MANIFEST +++ b/contrib/openpam/MANIFEST @@ -1,5 +1,5 @@ # -# $P4: //depot/projects/openpam/MANIFEST#13 $ +# $P4: //depot/projects/openpam/MANIFEST#16 $ # CREDITS HISTORY @@ -7,9 +7,11 @@ INSTALL LICENSE MANIFEST Makefile +Makefile.inc README RELNOTES bin/Makefile +bin/Makefile.inc bin/su/Makefile bin/su/su.c doc/Makefile @@ -21,6 +23,7 @@ doc/man/openpam_free_data.3 doc/man/openpam_get_option.3 doc/man/openpam_log.3 doc/man/openpam_nullconv.3 +doc/man/openpam_readline.3 doc/man/openpam_restore_cred.3 doc/man/openpam_set_option.3 doc/man/openpam_ttyconv.3 @@ -76,6 +79,7 @@ lib/openpam_impl.h lib/openpam_load.c lib/openpam_log.c lib/openpam_nullconv.c +lib/openpam_readline.c lib/openpam_restore_cred.c lib/openpam_set_option.c lib/openpam_static.c diff --git a/contrib/openpam/Makefile b/contrib/openpam/Makefile index bba174d..1e29452 100644 --- a/contrib/openpam/Makefile +++ b/contrib/openpam/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/Makefile#7 $ +# $P4: //depot/projects/openpam/Makefile#8 $ # SUBDIR = diff --git a/contrib/openpam/Makefile.inc b/contrib/openpam/Makefile.inc new file mode 100644 index 0000000..3b95c59 --- /dev/null +++ b/contrib/openpam/Makefile.inc @@ -0,0 +1,8 @@ +# $P4: //depot/projects/openpam/Makefile.inc#2 $ + +DESTDIR ?= /usr +BINDIR = /bin +LIBDIR = /lib + +SHLIB_MAJOR = 2 +SHLIB_MINOR = 0 diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES index 0235313..a2eedcd 100644 --- a/contrib/openpam/RELNOTES +++ b/contrib/openpam/RELNOTES @@ -1,13 +1,18 @@ - Release notes for OpenPAM Dianthus - ================================== + Release notes for OpenPAM Digitalis + =================================== -This is a maintenance release incorporating a number of minor patches -accumulated since the previous release. +This release incorporates several major changes and improvements and +should be considered BETA QUALITY. This release corresponds to the code used in FreeBSD-CURRENT as of the -release date. It may or may not build on other platforms; previous -releases have been built on NetBSD and (with partial success) MacOS X. +release date. It is also known to build cleanly on NetBSD 1.6, +OpenBSD 3.1, and a number of glibc-based Linux platforms (with BSD +make installed). It may or may not build on other platforms; you will +need a BSD-compatible make(1) (NetBSD's make(1) is easy to port to +most POSIX platforms). Previous versions were successfully built on +MacOS X 10.1, but there seem to be issues with the heavily modified +version of GCC 3.1 that ships with MacOS X 10.2. The library itself is complete. Documentation exists in the form of man pages for the library functions. These man pages are generated by @@ -26,4 +31,4 @@ proper credit for your contribution. Please direct bug reports and inquiries to des@freebsd.org. -$P4: //depot/projects/openpam/RELNOTES#15 $ +$P4: //depot/projects/openpam/RELNOTES#18 $ diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile index 57cc1be..75bb5ad 100644 --- a/contrib/openpam/bin/Makefile +++ b/contrib/openpam/bin/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/Makefile#6 $ +# $P4: //depot/projects/openpam/bin/Makefile#7 $ # SUBDIR = diff --git a/contrib/openpam/bin/Makefile.inc b/contrib/openpam/bin/Makefile.inc new file mode 100644 index 0000000..a368da3 --- /dev/null +++ b/contrib/openpam/bin/Makefile.inc @@ -0,0 +1,3 @@ +# $P4: //depot/projects/openpam/bin/Makefile.inc#1 $ + +.include "../Makefile.inc" diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile index c37e880..17a78a8 100644 --- a/contrib/openpam/bin/su/Makefile +++ b/contrib/openpam/bin/su/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,13 +32,13 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/su/Makefile#5 $ +# $P4: //depot/projects/openpam/bin/su/Makefile#8 $ # PROG = su WARNS ?= 4 CFLAGS += -I${.CURDIR}/../../include -DPADD = ${.OBJDIR}/../../lib/libpam.so +DPADD = ${.OBJDIR}/../../lib/libpam.a LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam NOMAN = YES diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c index 0c8c45d..345d601 100644 --- a/contrib/openpam/bin/su/su.c +++ b/contrib/openpam/bin/su/su.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,13 +31,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/bin/su/su.c#8 $ + * $P4: //depot/projects/openpam/bin/su/su.c#12 $ */ #include <sys/param.h> #include <sys/wait.h> #include <err.h> +#include <grp.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -81,9 +82,17 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + if (argc > 0) { + user = *argv; + --argc; + ++argv; + } else { + user = "root"; + } + /* initialize PAM */ pamc.conv = &openpam_ttyconv; - pam_start("su", argc ? *argv : "root", &pamc, &pamh); + pam_start("su", user, &pamc, &pamh); /* set some items */ gethostname(hostname, sizeof(hostname)); @@ -117,20 +126,6 @@ main(int argc, char *argv[]) if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user)) == NULL) goto pamerr; - /* set uid and groups */ - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { - warn("initgroups()"); - goto err; - } - if (setgid(pwd->pw_gid) == -1) { - warn("setgid()"); - goto err; - } - if (setuid(pwd->pw_uid) == -1) { - warn("setuid()"); - goto err; - } - /* export PAM environment */ if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) { @@ -154,7 +149,21 @@ main(int argc, char *argv[]) warn("fork()"); goto err; case 0: - /* child: start a shell */ + /* child: give up privs and start a shell */ + + /* set uid and groups */ + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { + warn("initgroups()"); + _exit(1); + } + if (setgid(pwd->pw_gid) == -1) { + warn("setgid()"); + _exit(1); + } + if (setuid(pwd->pw_uid) == -1) { + warn("setuid()"); + _exit(1); + } execve(*args, args, environ); warn("execve()"); _exit(1); @@ -170,9 +179,7 @@ main(int argc, char *argv[]) } pamerr: - pam_end(pamh, pam_err); fprintf(stderr, "Sorry\n"); - exit(1); err: pam_end(pamh, pam_err); exit(1); diff --git a/contrib/openpam/doc/Makefile b/contrib/openpam/doc/Makefile index 02ad7af..18ff33e 100644 --- a/contrib/openpam/doc/Makefile +++ b/contrib/openpam/doc/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/doc/Makefile#4 $ +# $P4: //depot/projects/openpam/doc/Makefile#5 $ # SUBDIR = diff --git a/contrib/openpam/doc/man/Makefile b/contrib/openpam/doc/man/Makefile index 4d8b394..32c9e46 100644 --- a/contrib/openpam/doc/man/Makefile +++ b/contrib/openpam/doc/man/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/doc/man/Makefile#11 $ +# $P4: //depot/projects/openpam/doc/man/Makefile#13 $ # GENDOC = ${.CURDIR}/../../misc/gendoc.pl @@ -73,6 +73,7 @@ OMAN += openpam_free_data.3 OMAN += openpam_get_option.3 OMAN += openpam_log.3 OMAN += openpam_nullconv.3 +OMAN += openpam_readline.3 OMAN += openpam_restore_cred.3 OMAN += openpam_set_option.3 OMAN += openpam_ttyconv.3 diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3 index 705218f..8bb9a47 100644 --- a/contrib/openpam/doc/man/openpam.3 +++ b/contrib/openpam/doc/man/openpam.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM 3 .Os .Sh NAME @@ -42,6 +42,7 @@ .Nm openpam_get_option , .Nm openpam_log , .Nm openpam_nullconv , +.Nm openpam_readline , .Nm openpam_restore_cred , .Nm openpam_set_option , .Nm openpam_ttyconv , @@ -68,6 +69,8 @@ .Fn openpam_log "int level" "const char *fmt" "..." .Ft int .Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft char * +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" .Ft int .Fn openpam_restore_cred "pam_handle_t *pamh" .Ft int @@ -108,6 +111,7 @@ standardization. .Xr openpam_get_option 3 , .Xr openpam_log 3 , .Xr openpam_nullconv 3 , +.Xr openpam_readline 3 , .Xr openpam_restore_cred 3 , .Xr openpam_set_option 3 , .Xr openpam_ttyconv 3 , diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3 index be643b2..338c383 100644 --- a/contrib/openpam/doc/man/openpam_borrow_cred.3 +++ b/contrib/openpam/doc/man/openpam_borrow_cred.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_BORROW_CRED 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3 index 902b20c..196247d 100644 --- a/contrib/openpam/doc/man/openpam_free_data.3 +++ b/contrib/openpam/doc/man/openpam_free_data.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_FREE_DATA 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3 index 31f5e9e..1e0afdc 100644 --- a/contrib/openpam/doc/man/openpam_get_option.3 +++ b/contrib/openpam/doc/man/openpam_get_option.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_GET_OPTION 3 .Os .Sh NAME @@ -54,6 +54,7 @@ function returns the value of the specified option in the context of the currently executing service module, or .Dv NULL if the option is not set or no module is currently executing. +.Pp .Sh RETURN VALUES The .Nm @@ -61,6 +62,7 @@ function returns .Dv NULL on failure. .Sh SEE ALSO +.Xr openpam_set_option 3 , .Xr pam 3 .Sh STANDARDS The diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3 index 78edf2f..f6e2c59 100644 --- a/contrib/openpam/doc/man/openpam_log.3 +++ b/contrib/openpam/doc/man/openpam_log.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,12 +33,12 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_LOG 3 .Os .Sh NAME .Nm openpam_log -.Nd it). Do the next best thing +.Nd log a message through syslog .Sh LIBRARY .Lb libpam .Sh SYNOPSIS @@ -48,9 +48,56 @@ .Ft void .Fn openpam_log "int level" "const char *fmt" "..." .Sh DESCRIPTION -No description available. +The +.Nm +function logs messages using +.Xr syslog 3 . +It is primarily +intended for internal use by the library and modules. +.Pp +The +.Va level +argument indicates the importance of the message. The +following levels are defined: +.Bl -tag -width 18n +.It Dv PAM_LOG_DEBUG +Debugging messages. These messages are normally not +logged unless the global integer variable +.Va _openpam_debug +is set to a non-zero value, in which case they are logged +with a +.Xr syslog 3 +priority of +.Dv LOG_DEBUG . +.It Dv PAM_LOG_VERBOSE +Information about the progress of the authentication +process, or other non-essential messages. These messages +are logged with a +.Xr syslog 3 +priority of +.Dv LOG_INFO . +.It Dv PAM_LOG_NOTICE +Messages relating to non-fatal errors. These messages are +logged with a +.Xr syslog 3 +priority of +.Dv LOG_NOTICE . +.It Dv PAM_LOG_ERROR +Messages relating to serious errors. These messages are +logged with a +.Xr syslog 3 +priority of +.Dv LOG_ERR . +.El +.Pp +The remaining arguments are a +.Xr printf 3 +format string and the +corresponding arguments. .Sh SEE ALSO -.Xr pam 3 +.Xr pam 3 , +.Xr printf 3 , +.Xr syslog 3 .Sh STANDARDS The .Nm diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3 index 7c1886a..21b967f 100644 --- a/contrib/openpam/doc/man/openpam_nullconv.3 +++ b/contrib/openpam/doc/man/openpam_nullconv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_NULLCONV 3 .Os .Sh NAME @@ -79,6 +79,7 @@ Conversation failure. .Sh SEE ALSO .Xr openpam_ttyconv 3 , .Xr pam 3 , +.Xr pam_authenticate 3 , .Xr pam_chauthtok 3 , .Xr pam_prompt 3 , .Xr pam_set_item 3 , diff --git a/contrib/openpam/doc/man/openpam_readline.3 b/contrib/openpam/doc/man/openpam_readline.3 new file mode 100644 index 0000000..d57d8a1 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readline.3 @@ -0,0 +1,107 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 1, 2003 +.Dt OPENPAM_READLINE 3 +.Os +.Sh NAME +.Nm openpam_readline +.Nd read a line from a file +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft char * +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Sh DESCRIPTION +The +.Nm +function reads a line from a file, and returns it +in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +The +.Nm +function performs a certain amount of processing +on the data it reads. +Comments (introduced by a hash sign) are stripped, as is leading and +trailing whitespace. +Any amount of linear whitespace is collapsed to a single space. +Blank lines are ignored. +If a line ends in a backslash, the backslash is stripped and the next +line is appended. +.Pp +If +.Va lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +.Pp +If +.Va lenp +is not +.Dv NULL , +the length of the line (not including the +terminating NUL character) is stored in the variable it points to. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and Network Associates Laboratories, the Security +Research Division of Network Associates, Inc. under DARPA/SPAWAR +contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3 index 0f0b3a6..50a0a44 100644 --- a/contrib/openpam/doc/man/openpam_restore_cred.3 +++ b/contrib/openpam/doc/man/openpam_restore_cred.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_RESTORE_CRED 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3 index 8c57f85..da2914b 100644 --- a/contrib/openpam/doc/man/openpam_set_option.3 +++ b/contrib/openpam/doc/man/openpam_set_option.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_SET_OPTION 3 .Os .Sh NAME @@ -52,6 +52,7 @@ The .Nm function sets the specified option in the context of the currently executing service module. +.Pp .Sh RETURN VALUES The .Nm @@ -63,6 +64,7 @@ Memory buffer error. System error. .El .Sh SEE ALSO +.Xr openpam_get_option 3 , .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3 index 02031ff..aed6c93 100644 --- a/contrib/openpam/doc/man/openpam_ttyconv.3 +++ b/contrib/openpam/doc/man/openpam_ttyconv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_TTYCONV 3 .Os .Sh NAME @@ -57,7 +57,7 @@ of most text-based interactive programs. The .Nm function allows the application to specify a -timeout for user input by setting the global variable +timeout for user input by setting the global integer variable .Va openpam_ttyconv_timeout to the length of the timeout in seconds. .Pp diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 index cf706bc..51c7e2e 100644 --- a/contrib/openpam/doc/man/pam.3 +++ b/contrib/openpam/doc/man/pam.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 index 4737b0b..b82894f 100644 --- a/contrib/openpam/doc/man/pam_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_ACCT_MGMT 3 .Os .Sh NAME @@ -64,7 +64,7 @@ Fail if the user's authentication token is null. .El .Pp If any other bits are set, -.Xr pam_authenticate 3 +.Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES @@ -95,7 +95,6 @@ Unknown user. .El .Sh SEE ALSO .Xr pam 3 , -.Xr pam_authenticate 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 index b76fc9d..89768af 100644 --- a/contrib/openpam/doc/man/pam_authenticate.3 +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_AUTHENTICATE 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 index 9fa59dd..0856fa0 100644 --- a/contrib/openpam/doc/man/pam_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_CHAUTHTOK 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 index 6309725..94e0720 100644 --- a/contrib/openpam/doc/man/pam_close_session.3 +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_CLOSE_SESSION 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3 index 00dc572..cd19cbc 100644 --- a/contrib/openpam/doc/man/pam_conv.3 +++ b/contrib/openpam/doc/man/pam_conv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#2 $ +.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#3 $ .\" .Dd May 27, 2002 .Dt PAM_CONV 3 diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 index f999811..d4bebc8 100644 --- a/contrib/openpam/doc/man/pam_end.3 +++ b/contrib/openpam/doc/man/pam_end.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_END 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 index 48bcb99..583cd7a 100644 --- a/contrib/openpam/doc/man/pam_error.3 +++ b/contrib/openpam/doc/man/pam_error.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_ERROR 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 index 29764d1..515b6d0 100644 --- a/contrib/openpam/doc/man/pam_get_authtok.3 +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_AUTHTOK 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 index ec6f66a..0e8eadd 100644 --- a/contrib/openpam/doc/man/pam_get_data.3 +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_DATA 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 index 9e0c9a5..560603f 100644 --- a/contrib/openpam/doc/man/pam_get_item.3 +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_ITEM 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 index 0f9beeb..756c1af 100644 --- a/contrib/openpam/doc/man/pam_get_user.3 +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_USER 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 index 50fa64d..a0daa18 100644 --- a/contrib/openpam/doc/man/pam_getenv.3 +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GETENV 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 index cb79078..cd013e4 100644 --- a/contrib/openpam/doc/man/pam_getenvlist.3 +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GETENVLIST 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 index 60c7799..e6cffe0 100644 --- a/contrib/openpam/doc/man/pam_info.3 +++ b/contrib/openpam/doc/man/pam_info.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_INFO 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 index ee34859..d00c9d2 100644 --- a/contrib/openpam/doc/man/pam_open_session.3 +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_OPEN_SESSION 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 index be2abf4..9787306 100644 --- a/contrib/openpam/doc/man/pam_prompt.3 +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_PROMPT 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 index db571cd..544371d 100644 --- a/contrib/openpam/doc/man/pam_putenv.3 +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_PUTENV 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 index 61a2c78..600cd7e 100644 --- a/contrib/openpam/doc/man/pam_set_data.3 +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SET_DATA 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 index 895a6a8..b37d9b9 100644 --- a/contrib/openpam/doc/man/pam_set_item.3 +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SET_ITEM 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 index 3ce4dee..81277b5 100644 --- a/contrib/openpam/doc/man/pam_setcred.3 +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SETCRED 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 index d06173d..bc51afa 100644 --- a/contrib/openpam/doc/man/pam_setenv.3 +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SETENV 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 index c8cdce2..9d8c805 100644 --- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_ACCT_MGMT 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3 index 5c2ce19..e29b354 100644 --- a/contrib/openpam/doc/man/pam_sm_authenticate.3 +++ b/contrib/openpam/doc/man/pam_sm_authenticate.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_AUTHENTICATE 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3 index 9ac8f4a..44702b1 100644 --- a/contrib/openpam/doc/man/pam_sm_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_CHAUTHTOK 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3 index 9645c4c..99fd187 100644 --- a/contrib/openpam/doc/man/pam_sm_close_session.3 +++ b/contrib/openpam/doc/man/pam_sm_close_session.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_CLOSE_SESSION 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3 index aa72614..cef70e5 100644 --- a/contrib/openpam/doc/man/pam_sm_open_session.3 +++ b/contrib/openpam/doc/man/pam_sm_open_session.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_OPEN_SESSION 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3 index 428a5aa..5e297a3 100644 --- a/contrib/openpam/doc/man/pam_sm_setcred.3 +++ b/contrib/openpam/doc/man/pam_sm_setcred.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_SETCRED 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 index f86b798..369d74d 100644 --- a/contrib/openpam/doc/man/pam_start.3 +++ b/contrib/openpam/doc/man/pam_start.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_START 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 index 22deadf..53998af 100644 --- a/contrib/openpam/doc/man/pam_strerror.3 +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_STRERROR 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 index 82ab71d..419589b 100644 --- a/contrib/openpam/doc/man/pam_verror.3 +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VERROR 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 index 8bd819e..e80225c 100644 --- a/contrib/openpam/doc/man/pam_vinfo.3 +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VINFO 3 .Os .Sh NAME diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 index 57794a1..7e90fba 100644 --- a/contrib/openpam/doc/man/pam_vprompt.3 +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -1,5 +1,5 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -33,7 +33,7 @@ .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VPROMPT 3 .Os .Sh NAME diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h index 57dab04..3a0a6f9 100644 --- a/contrib/openpam/include/security/openpam.h +++ b/contrib/openpam/include/security/openpam.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/openpam.h#21 $ + * $P4: //depot/projects/openpam/include/security/openpam.h#24 $ */ #ifndef _SECURITY_OPENPAM_H_INCLUDED @@ -119,6 +119,18 @@ pam_vprompt(pam_handle_t *_pamh, va_list _ap); /* + * Read cooked lines. + * Checking for FOPEN_MAX is a fairly reliable way to detect the presence + * of <stdio.h> + */ +#ifdef FOPEN_MAX +char * +openpam_readline(FILE *_f, + int *_lineno, + size_t *_lenp); +#endif + +/* * Log levels */ enum { diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h index 8afc646..7646070 100644 --- a/contrib/openpam/include/security/openpam_version.h +++ b/contrib/openpam/include/security/openpam_version.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,14 +31,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/openpam_version.h#7 $ + * $P4: //depot/projects/openpam/include/security/openpam_version.h#9 $ */ #ifndef _OPENPAM_VERSION_H_INCLUDED #define _OPENPAM_VERSION_H_INCLUDED #define _OPENPAM -#define _OPENPAM_VERSION 20030502 -#define _OPENPAM_RELEASE "Dianthus" +#define _OPENPAM_VERSION 20030601 +#define _OPENPAM_RELEASE "Digitalis" #endif diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h index 4492244..5f91c64 100644 --- a/contrib/openpam/include/security/pam_appl.h +++ b/contrib/openpam/include/security/pam_appl.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_appl.h#11 $ + * $P4: //depot/projects/openpam/include/security/pam_appl.h#13 $ */ #ifndef _PAM_APPL_H_INCLUDED diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h index c6c4ed3..f3f8d30 100644 --- a/contrib/openpam/include/security/pam_constants.h +++ b/contrib/openpam/include/security/pam_constants.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_constants.h#20 $ + * $P4: //depot/projects/openpam/include/security/pam_constants.h#22 $ */ #ifndef _PAM_CONSTANTS_H_INCLUDED diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h index 02beab2..821b03d 100644 --- a/contrib/openpam/include/security/pam_modules.h +++ b/contrib/openpam/include/security/pam_modules.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_modules.h#8 $ + * $P4: //depot/projects/openpam/include/security/pam_modules.h#9 $ */ #ifndef _PAM_MODULES_H_INCLUDED diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h index bbea5c8..d2d83b3 100644 --- a/contrib/openpam/include/security/pam_types.h +++ b/contrib/openpam/include/security/pam_types.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_types.h#9 $ + * $P4: //depot/projects/openpam/include/security/pam_types.h#11 $ */ #ifndef _PAM_TYPES_H_INCLUDED diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile index 95aa856..da3aecd 100644 --- a/contrib/openpam/lib/Makefile +++ b/contrib/openpam/lib/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,18 +31,21 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/lib/Makefile#16 $ +# $P4: //depot/projects/openpam/lib/Makefile#21 $ # LIB = pam -SHLIB_MAJOR = 2 -SHLIB_MINOR = 0 WARNS ?= 4 NO_WERROR = yes CFLAGS += -I${.CURDIR}/../include CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR} +OSNAME != uname -s +.if ${OSNAME} == "Linux" +LDADD += -ldl +.endif + SRCS = SRCS += openpam_borrow_cred.c SRCS += openpam_configure.c @@ -54,6 +57,7 @@ SRCS += openpam_get_option.c SRCS += openpam_load.c SRCS += openpam_log.c SRCS += openpam_nullconv.c +SRCS += openpam_readline.c SRCS += openpam_restore_cred.c SRCS += openpam_set_option.c SRCS += openpam_static.c diff --git a/contrib/openpam/lib/openpam_borrow_cred.c b/contrib/openpam/lib/openpam_borrow_cred.c index 8a8c458..dfd25c2 100644 --- a/contrib/openpam/lib/openpam_borrow_cred.c +++ b/contrib/openpam/lib/openpam_borrow_cred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,11 +31,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#9 $ */ #include <sys/param.h> +#include <grp.h> #include <pwd.h> #include <stdlib.h> #include <unistd.h> @@ -75,20 +76,20 @@ openpam_borrow_cred(pam_handle_t *pamh, scred->euid = geteuid(); scred->egid = getegid(); r = getgroups(NGROUPS_MAX, scred->groups); - if (r == -1) { - free(scred); + if (r < 0) { + FREE(scred); RETURNC(PAM_SYSTEM_ERR); } scred->ngroups = r; r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); if (r != PAM_SUCCESS) { - free(scred); + FREE(scred); RETURNC(r); } if (geteuid() == pwd->pw_uid) RETURNC(PAM_SUCCESS); - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 || - setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) { + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { openpam_restore_cred(pamh); RETURNC(PAM_SYSTEM_ERR); } diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c index 65844de..e542fe6 100644 --- a/contrib/openpam/lib/openpam_configure.c +++ b/contrib/openpam/lib/openpam_configure.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_configure.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_configure.c#10 $ */ #include <ctype.h> @@ -44,169 +44,223 @@ #include "openpam_impl.h" -#define PAM_CONF_STYLE 0 -#define PAM_D_STYLE 1 -#define MAX_LINE_LEN 1024 -#define MAX_OPTIONS 256 +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ static int -openpam_read_policy_file(pam_chain_t *policy[], +openpam_read_chain(pam_handle_t *pamh, const char *service, + pam_facility_t facility, const char *filename, - int style) + openpam_style_t style) { - char buf[MAX_LINE_LEN], *p, *q; - const char *optv[MAX_OPTIONS + 1]; - int ch, chain, flag, line, optc, n, r; - size_t len; + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; FILE *f; - n = 0; - if ((f = fopen(filename, "r")) == NULL) { openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, "%s: %m", filename); return (0); } - openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", - service, filename); + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; - for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { - if ((len = strlen(buf)) == 0) - continue; + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } - /* check for overflow */ - if (buf[--len] != '\n' && !feof(f)) { - openpam_log(PAM_LOG_ERROR, "%s: line %d too long", - filename, line); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - while ((ch = fgetc(f)) != EOF) - if (ch == '\n') - break; + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); continue; } + p = next_word(p); - /* strip comments and trailing whitespace */ - if ((p = strchr(buf, '#')) != NULL) - len = p - buf ? p - buf - 1 : p - buf; - while (len > 0 && isspace(buf[len - 1])) - --len; - if (len == 0) + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + fprintf(stderr, "include %s returned %d\n", name, ret); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); continue; - buf[len] = '\0'; - p = q = buf; - - /* check service name */ - if (style == PAM_CONF_STYLE) { - for (q = p = buf; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (*q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, service) != 0) - continue; - openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'", - filename, line, service); } + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; - /* get module type */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "auth") == 0) { - chain = PAM_AUTH; - } else if (strcmp(p, "account") == 0) { - chain = PAM_ACCOUNT; - } else if (strcmp(p, "session") == 0) { - chain = PAM_SESSION; - } else if (strcmp(p, "password") == 0) { - chain = PAM_PASSWORD; - } else { + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { openpam_log(PAM_LOG_ERROR, - "%s: invalid module type on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; } + this->flag = ctlf; - /* get control flag */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "required") == 0) { - flag = PAM_REQUIRED; - } else if (strcmp(p, "requisite") == 0) { - flag = PAM_REQUISITE; - } else if (strcmp(p, "sufficient") == 0) { - flag = PAM_SUFFICIENT; - } else if (strcmp(p, "optional") == 0) { - flag = PAM_OPTIONAL; - } else if (strcmp(p, "binding") == 0) { - flag = PAM_BINDING; - } else { + /* module name */ + p = next_word(p); + if (*p == '\0') { openpam_log(PAM_LOG_ERROR, - "%s: invalid control flag on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): missing module name", + filename, lineno); + goto fail; } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; - /* get module name */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p) - goto syntax_error; - - /* get options */ - for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) { - *q++ = '\0'; - while (isspace(*q)) - ++q; - optv[optc] = q; - while (*q != '\0' && !isspace(*q)) - ++q; + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); } - optv[optc] = NULL; - if (*q != '\0') { - *q = '\0'; - openpam_log(PAM_LOG_ERROR, - "%s: too many options on line %d", - filename, line); + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); } - /* - * Finally, add the module at the end of the - * appropriate chain and bump the counter. - */ - r = openpam_add_module(policy, chain, flag, p, optc, optv); - if (r != PAM_SUCCESS) - return (-r); - ++n; - continue; - syntax_error: - openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d", - filename, line); - openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]", - filename, line, q); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - } - - if (ferror(f)) - openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; fclose(f); - return (n); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); } static const char *openpam_policy_path[] = { @@ -217,9 +271,14 @@ static const char *openpam_policy_path[] = { NULL }; +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ static int -openpam_load_policy(pam_chain_t *policy[], - const char *service) +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) { const char **path; char *filename; @@ -229,24 +288,20 @@ openpam_load_policy(pam_chain_t *policy[], for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { - filename = malloc(len + strlen(service) + 1); - if (filename == NULL) { - openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); return (-PAM_BUF_ERR); } - strcpy(filename, *path); - strcat(filename, service); - r = openpam_read_policy_file(policy, - service, filename, PAM_D_STYLE); - free(filename); + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); } else { - r = openpam_read_policy_file(policy, - service, *path, PAM_CONF_STYLE); + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); } if (r != 0) return (r); } - return (0); } @@ -260,34 +315,21 @@ int openpam_configure(pam_handle_t *pamh, const char *service) { - pam_chain_t *other[PAM_NUM_CHAINS] = { 0 }; - int i, n, r; - - /* try own configuration first */ - r = openpam_load_policy(pamh->chains, service); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] != NULL) - ++n; - } - if (n == PAM_NUM_CHAINS) - return (PAM_SUCCESS); - - /* fill in the blanks with "other" */ - openpam_load_policy(other, PAM_OTHER); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] == NULL) { - pamh->chains[i] = other[i]; - other[i] = NULL; - } - if (pamh->chains[i] != NULL) - ++n; + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; } - openpam_clear_chains(other); - return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR); + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); } /* @@ -295,5 +337,4 @@ openpam_configure(pam_handle_t *pamh, * * Error codes: * PAM_SYSTEM_ERR - * PAM_BUF_ERR */ diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c index 29f9138..d36b2bd 100644 --- a/contrib/openpam/lib/openpam_dispatch.c +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $ + * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#21 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c index db5fe48..6f00c86 100644 --- a/contrib/openpam/lib/openpam_dynamic.c +++ b/contrib/openpam/lib/openpam_dynamic.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#13 $ */ #include <dlfcn.h> @@ -43,6 +43,10 @@ #include "openpam_impl.h" +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + /* * OpenPAM internal * @@ -62,18 +66,18 @@ openpam_dynamic(const char *path) goto buf_err; /* try versioned module first, then unversioned module */ - if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) == -1) + if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) < 0) goto buf_err; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); *strrchr(vpath, '.') = '\0'; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); - free(module); + FREE(module); return (NULL); } } - free(vpath); + FREE(vpath); if ((module->path = strdup(path)) == NULL) goto buf_err; module->dlh = dlh; @@ -88,7 +92,7 @@ openpam_dynamic(const char *path) openpam_log(PAM_LOG_ERROR, "%m"); if (dlh != NULL) dlclose(dlh); - free(module); + FREE(module); return (NULL); } diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c index 63d81dd..f6ddf61 100644 --- a/contrib/openpam/lib/openpam_findenv.c +++ b/contrib/openpam/lib/openpam_findenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_findenv.c#10 $ + * $P4: //depot/projects/openpam/lib/openpam_findenv.c#12 $ */ #include <string.h> diff --git a/contrib/openpam/lib/openpam_free_data.c b/contrib/openpam/lib/openpam_free_data.c index 03766b9..48b11be 100644 --- a/contrib/openpam/lib/openpam_free_data.c +++ b/contrib/openpam/lib/openpam_free_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_free_data.c#3 $ + * $P4: //depot/projects/openpam/lib/openpam_free_data.c#5 $ */ #include <stdlib.h> @@ -54,7 +54,7 @@ openpam_free_data(pam_handle_t *pamh, void *data, int status) ENTER(); (void)pamh; (void)status; - free(data); + FREE(data); RETURNV(); } diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c index 90020d2..bfdd856 100644 --- a/contrib/openpam/lib/openpam_get_option.c +++ b/contrib/openpam/lib/openpam_get_option.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_get_option.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_get_option.c#10 $ */ #include <sys/param.h> @@ -73,12 +73,10 @@ openpam_get_option(pam_handle_t *pamh, RETURNS(NULL); } -/* - * NOLIST - */ - /** * The =openpam_get_option function returns the value of the specified * option in the context of the currently executing service module, or * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option */ diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h index 8921cfa..3786ad2 100644 --- a/contrib/openpam/lib/openpam_impl.h +++ b/contrib/openpam/lib/openpam_impl.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $ + * $P4: //depot/projects/openpam/lib/openpam_impl.h#27 $ */ #ifndef _OPENPAM_IMPL_H_INCLUDED @@ -49,21 +49,26 @@ extern int _openpam_debug; /* * Control flags */ -#define PAM_REQUIRED 1 -#define PAM_REQUISITE 2 -#define PAM_SUFFICIENT 3 -#define PAM_OPTIONAL 4 -#define PAM_BINDING 5 -#define PAM_NUM_CONTROLFLAGS 6 +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; /* - * Chains + * Facilities */ -#define PAM_AUTH 0 -#define PAM_ACCOUNT 1 -#define PAM_SESSION 2 -#define PAM_PASSWORD 3 -#define PAM_NUM_CHAINS 4 +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; typedef struct pam_chain pam_chain_t; struct pam_chain { @@ -86,7 +91,7 @@ struct pam_handle { char *service; /* chains */ - pam_chain_t *chains[PAM_NUM_CHAINS]; + pam_chain_t *chains[PAM_NUM_FACILITIES]; pam_chain_t *current; int primitive; @@ -112,17 +117,18 @@ struct pam_saved_cred { #define PAM_OTHER "other" -int openpam_configure(pam_handle_t *, const char *); -int openpam_dispatch(pam_handle_t *, int, int); -int openpam_findenv(pam_handle_t *, const char *, size_t); -int openpam_add_module(pam_chain_t **, int, int, - const char *, int, const char **); -void openpam_clear_chains(pam_chain_t **); +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); #ifdef OPENPAM_STATIC_MODULES -pam_module_t *openpam_static(const char *); +pam_module_t *openpam_static(const char *); #endif -pam_module_t *openpam_dynamic(const char *); +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) #ifdef DEBUG #define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") @@ -131,16 +137,16 @@ pam_module_t *openpam_dynamic(const char *); openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \ -} while (0); +} while (0) #define ENTERN(n) do { \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \ -} while (0); +} while (0) #define ENTERS(s) do { \ if ((s) == NULL) \ openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \ -} while (0); +} while (0) #define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") #define RETURNC(c) do { \ if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \ diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c index ef68309..a1057f3 100644 --- a/contrib/openpam/lib/openpam_load.c +++ b/contrib/openpam/lib/openpam_load.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_load.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_load.c#19 $ */ #include <dlfcn.h> @@ -67,7 +67,7 @@ static pam_module_t *modules; * found modules to speed up the process. */ -static pam_module_t * +pam_module_t * openpam_load_module(const char *path) { pam_module_t *module; @@ -136,8 +136,8 @@ openpam_release_module(pam_module_t *module) if (module == modules) modules = module->next; openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); - free(module->path); - free(module); + FREE(module->path); + FREE(module); } @@ -154,52 +154,10 @@ openpam_destroy_chain(pam_chain_t *chain) openpam_destroy_chain(chain->next); chain->next = NULL; while (chain->optc--) - free(chain->optv[chain->optc]); - free(chain->optv); + FREE(chain->optv[chain->optc]); + FREE(chain->optv); openpam_release_module(chain->module); - free(chain); -} - -/* - * Add a module to a chain. - */ - -int -openpam_add_module(pam_chain_t *policy[], - int chain, - int flag, - const char *modpath, - int optc, - const char *optv[]) -{ - pam_chain_t *new, *iterator; - - if ((new = calloc(1, sizeof *new)) == NULL) - goto buf_err; - if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL) - goto buf_err; - while (optc--) - if ((new->optv[new->optc++] = strdup(*optv++)) == NULL) - goto buf_err; - new->optv[new->optc] = NULL; - new->flag = flag; - if ((new->module = openpam_load_module(modpath)) == NULL) { - openpam_destroy_chain(new); - return (PAM_OPEN_ERR); - } - if ((iterator = policy[chain]) != NULL) { - while (iterator->next != NULL) - iterator = iterator->next; - iterator->next = new; - } else { - policy[chain] = new; - } - return (PAM_SUCCESS); - - buf_err: - openpam_log(PAM_LOG_ERROR, "%m"); - openpam_destroy_chain(new); - return (PAM_BUF_ERR); + FREE(chain); } @@ -212,7 +170,7 @@ openpam_clear_chains(pam_chain_t *policy[]) { int i; - for (i = 0; i < PAM_NUM_CHAINS; ++i) + for (i = 0; i < PAM_NUM_FACILITIES; ++i) openpam_destroy_chain(policy[i]); } diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c index 0758580..d03ec25 100644 --- a/contrib/openpam/lib/openpam_log.c +++ b/contrib/openpam/lib/openpam_log.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_log.c#18 $ + * $P4: //depot/projects/openpam/lib/openpam_log.c#23 $ */ #include <ctype.h> @@ -47,20 +47,19 @@ int _openpam_debug = 0; -#if defined(openpam_log) +#if !defined(openpam_log) /* * OpenPAM extension * - * Log a message through syslog(3) + * Log a message through syslog */ void -_openpam_log(int level, const char *func, const char *fmt, ...) +openpam_log(int level, const char *fmt, ...) { va_list ap; - char *format; - int len, priority; + int priority; switch (level) { case PAM_LOG_DEBUG: @@ -80,30 +79,17 @@ _openpam_log(int level, const char *func, const char *fmt, ...) break; } va_start(ap, fmt); - for (len = strlen(fmt); len > 0 && isspace(fmt[len]); len--) - /* nothing */; - if ((format = malloc(strlen(func) + len + 16)) != NULL) { - sprintf(format, "in %s(): %.*s\n", func, len, fmt); - vsyslog(priority, format, ap); - free(format); - } else { - vsyslog(priority, fmt, ap); - } + vsyslog(priority, fmt, ap); va_end(ap); } #else -/* - * If openpam_log isn't defined as a macro, we're on a platform that - * doesn't support varadic macros (or it does but we aren't aware of - * it). Do the next best thing. - */ - void -openpam_log(int level, const char *fmt, ...) +_openpam_log(int level, const char *func, const char *fmt, ...) { va_list ap; + char *format; int priority; switch (level) { @@ -124,12 +110,40 @@ openpam_log(int level, const char *fmt, ...) break; } va_start(ap, fmt); - vsyslog(priority, fmt, ap); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } va_end(ap); } #endif -/* - * NOLIST +/** + * The =openpam_log function logs messages using =syslog. It is primarily + * intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. The + * following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. These messages are normally not + * logged unless the global integer variable :_openpam_debug + * is set to a non-zero value, in which case they are logged + * with a =syslog priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. These messages + * are logged with a =syslog priority of =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. These messages are + * logged with a =syslog priority of =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. These messages are + * logged with a =syslog priority of =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. */ diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c index 94a9936..99ca9cd 100644 --- a/contrib/openpam/lib/openpam_nullconv.c +++ b/contrib/openpam/lib/openpam_nullconv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#6 $ */ #include <sys/types.h> @@ -62,8 +62,6 @@ openpam_nullconv(int n, } /* - * NOLIST - * * Error codes: * * PAM_CONV_ERR diff --git a/contrib/openpam/lib/openpam_readline.c b/contrib/openpam/lib/openpam_readline.c new file mode 100644 index 0000000..31428bf --- /dev/null +++ b/contrib/openpam/lib/openpam_readline.c @@ -0,0 +1,154 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_readline.c#2 $ + */ + +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/contrib/openpam/lib/openpam_restore_cred.c b/contrib/openpam/lib/openpam_restore_cred.c index d18f78f..afa468a 100644 --- a/contrib/openpam/lib/openpam_restore_cred.c +++ b/contrib/openpam/lib/openpam_restore_cred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,11 +31,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#8 $ */ #include <sys/param.h> +#include <grp.h> #include <pwd.h> #include <stdlib.h> #include <unistd.h> @@ -63,9 +64,9 @@ openpam_restore_cred(pam_handle_t *pamh) if (scred == NULL) RETURNC(PAM_SYSTEM_ERR); if (scred->euid != geteuid()) { - if (seteuid(scred->euid) == -1 || - setgroups(scred->ngroups, scred->groups) == -1 || - setegid(scred->egid) == -1) + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) RETURNC(PAM_SYSTEM_ERR); } pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c index d981398..a955d2b 100644 --- a/contrib/openpam/lib/openpam_set_option.c +++ b/contrib/openpam/lib/openpam_set_option.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_set_option.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_set_option.c#13 $ */ #include <sys/param.h> @@ -82,14 +82,13 @@ openpam_set_option(pam_handle_t *pamh, cur->optv[i] = NULL; RETURNC(PAM_SUCCESS); } - if ((opt = malloc(len + strlen(value) + 2)) == NULL) + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(opt, "%.*s=%s", (int)len, option, value); if (i == cur->optc) { /* add */ optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); if (optv == NULL) { - free(opt); + FREE(opt); RETURNC(PAM_BUF_ERR); } optv[i] = opt; @@ -98,15 +97,13 @@ openpam_set_option(pam_handle_t *pamh, ++cur->optc; } else { /* replace */ - free(cur->optv[i]); + FREE(cur->optv[i]); cur->optv[i] = opt; } RETURNC(PAM_SUCCESS); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR @@ -116,4 +113,6 @@ openpam_set_option(pam_handle_t *pamh, /** * The =openpam_set_option function sets the specified option in the * context of the currently executing service module. + * + * >openpam_get_option */ diff --git a/contrib/openpam/lib/openpam_static.c b/contrib/openpam/lib/openpam_static.c index 59ec255..1346c8b 100644 --- a/contrib/openpam/lib/openpam_static.c +++ b/contrib/openpam/lib/openpam_static.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_static.c#5 $ + * $P4: //depot/projects/openpam/lib/openpam_static.c#6 $ */ #include <string.h> diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c index 828f359..64deba9 100644 --- a/contrib/openpam/lib/openpam_ttyconv.c +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $ */ #include <sys/types.h> @@ -179,15 +179,12 @@ openpam_ttyconv(int n, RETURNC(PAM_SUCCESS); fail: while (i) - free(resp[--i]); - free(*resp); - *resp = NULL; + FREE(resp[--i]); + FREE(*resp); RETURNC(PAM_CONV_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR @@ -201,7 +198,7 @@ openpam_ttyconv(int n, * of most text-based interactive programs. * * The =openpam_ttyconv function allows the application to specify a - * timeout for user input by setting the global variable + * timeout for user input by setting the global integer variable * :openpam_ttyconv_timeout to the length of the timeout in seconds. * * >openpam_nullconv diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c index 6dbd29a..d5bdbfb 100644 --- a/contrib/openpam/lib/pam_acct_mgmt.c +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#14 $ */ #include <sys/param.h> @@ -78,6 +78,6 @@ pam_acct_mgmt(pam_handle_t *pamh, * =PAM_DISALLOW_NULL_AUTHTOK: * Fail if the user's authentication token is null. * - * If any other bits are set, =pam_authenticate will return + * If any other bits are set, =pam_acct_mgmt will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c index 6d319b9..a37e32b 100644 --- a/contrib/openpam/lib/pam_authenticate.c +++ b/contrib/openpam/lib/pam_authenticate.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#15 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c index b266f19..09e9839 100644 --- a/contrib/openpam/lib/pam_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c index 74f2af3..224e8f2 100644 --- a/contrib/openpam/lib/pam_chauthtok.c +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c index 5fd14ad..ee4945f 100644 --- a/contrib/openpam/lib/pam_close_session.c +++ b/contrib/openpam/lib/pam_close_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_close_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_close_session.c#13 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c index 5fb1fb6..e1762c6 100644 --- a/contrib/openpam/lib/pam_end.c +++ b/contrib/openpam/lib/pam_end.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_end.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_end.c#13 $ */ #include <stdlib.h> @@ -63,14 +63,14 @@ pam_end(pam_handle_t *pamh, if (dp->cleanup) (dp->cleanup)(pamh, dp->data, status); pamh->module_data = dp->next; - free(dp->name); - free(dp); + FREE(dp->name); + FREE(dp); } /* clear environment */ while (pamh->env_count) - free(pamh->env[--pamh->env_count]); - free(pamh->env); + FREE(pamh->env[--pamh->env_count]); + FREE(pamh->env); /* clear chains */ openpam_clear_chains(pamh->chains); @@ -79,7 +79,7 @@ pam_end(pam_handle_t *pamh, for (i = 0; i < PAM_NUM_ITEMS; ++i) pam_set_item(pamh, i, NULL); - free(pamh); + FREE(pamh); RETURNC(PAM_SUCCESS); } diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c index 4aac633..a2708bf 100644 --- a/contrib/openpam/lib/pam_error.c +++ b/contrib/openpam/lib/pam_error.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_error.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_error.c#10 $ */ #include <stdarg.h> @@ -41,6 +41,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -59,7 +61,7 @@ pam_error(pam_handle_t *pamh, va_start(ap, fmt); r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c index c1ecb3c..fba1e76 100644 --- a/contrib/openpam/lib/pam_get_authtok.c +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#21 $ + * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#25 $ */ #include <sys/param.h> @@ -109,19 +109,17 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { - free(resp); + FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) { - free(resp); - resp = NULL; - } - free(resp2); + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, item, (const void **)authtok); diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c index 63de926..9fcb33a 100644 --- a/contrib/openpam/lib/pam_get_data.c +++ b/contrib/openpam/lib/pam_get_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_data.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_get_data.c#12 $ */ #include <string.h> diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c index fa63d3e..16b20ed 100644 --- a/contrib/openpam/lib/pam_get_item.c +++ b/contrib/openpam/lib/pam_get_item.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_item.c#15 $ + * $P4: //depot/projects/openpam/lib/pam_get_item.c#17 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c index e42954f..7a5b3b1 100644 --- a/contrib/openpam/lib/pam_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c index dc63aa0..cec8a25 100644 --- a/contrib/openpam/lib/pam_get_mapped_username.c +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c index 5681c53..3c30f5f 100644 --- a/contrib/openpam/lib/pam_get_user.c +++ b/contrib/openpam/lib/pam_get_user.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_user.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_get_user.c#17 $ */ #include <sys/param.h> @@ -75,7 +75,7 @@ pam_get_user(pam_handle_t *pamh, if (r != PAM_SUCCESS) RETURNC(r); r = pam_set_item(pamh, PAM_USER, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, PAM_USER, (const void **)user); diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c index 098e1ef..4faafdc 100644 --- a/contrib/openpam/lib/pam_getenv.c +++ b/contrib/openpam/lib/pam_getenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_getenv.c#16 $ */ #include <stdlib.h> @@ -60,7 +60,7 @@ pam_getenv(pam_handle_t *pamh, RETURNS(NULL); if (name == NULL || strchr(name, '=') != NULL) RETURNS(NULL); - if ((i = openpam_findenv(pamh, name, strlen(name))) == -1) + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) RETURNS(NULL); for (str = pamh->env[i]; *str != '\0'; ++str) { if (*str == '=') { diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c index 7c63bce..2ba1bdf 100644 --- a/contrib/openpam/lib/pam_getenvlist.c +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#12 $ */ #include <stdlib.h> @@ -66,8 +66,8 @@ pam_getenvlist(pam_handle_t *pamh) for (i = 0; i < pamh->env_count; ++i) { if ((envlist[i] = strdup(pamh->env[i])) == NULL) { while (i) - free(envlist[--i]); - free(envlist); + FREE(envlist[--i]); + FREE(envlist); openpam_log(PAM_LOG_ERROR, "%s", pam_strerror(pamh, PAM_BUF_ERR)); RETURNP(NULL); diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c index 6102e84..7d3ab94 100644 --- a/contrib/openpam/lib/pam_info.c +++ b/contrib/openpam/lib/pam_info.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_info.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_info.c#9 $ */ #include <stdarg.h> @@ -41,6 +41,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -59,7 +61,7 @@ pam_info(pam_handle_t *pamh, va_start(ap, fmt); r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c index 02c9444..1db7a48 100644 --- a/contrib/openpam/lib/pam_open_session.c +++ b/contrib/openpam/lib/pam_open_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_open_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_open_session.c#13 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c index 6f63c16..61355d4 100644 --- a/contrib/openpam/lib/pam_prompt.c +++ b/contrib/openpam/lib/pam_prompt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_prompt.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_prompt.c#9 $ */ #include <sys/types.h> diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c index d3c220f..41530e6 100644 --- a/contrib/openpam/lib/pam_putenv.c +++ b/contrib/openpam/lib/pam_putenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_putenv.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_putenv.c#12 $ */ #include <stdlib.h> @@ -64,10 +64,10 @@ pam_putenv(pam_handle_t *pamh, RETURNC(PAM_SYSTEM_ERR); /* see if the variable is already in the environment */ - if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) { + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { if ((p = strdup(namevalue)) == NULL) RETURNC(PAM_BUF_ERR); - free(pamh->env[i]); + FREE(pamh->env[i]); pamh->env[i] = p; RETURNC(PAM_SUCCESS); } diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c index 5428bb1..a17ea0f 100644 --- a/contrib/openpam/lib/pam_set_data.c +++ b/contrib/openpam/lib/pam_set_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_data.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_set_data.c#15 $ */ #include <stdlib.h> @@ -73,7 +73,7 @@ pam_set_data(pam_handle_t *pamh, if ((dp = malloc(sizeof *dp)) == NULL) RETURNC(PAM_BUF_ERR); if ((dp->name = strdup(module_data_name)) == NULL) { - free(dp); + FREE(dp); RETURNC(PAM_BUF_ERR); } dp->data = data; diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c index aba99fb..5b6efa6 100644 --- a/contrib/openpam/lib/pam_set_item.c +++ b/contrib/openpam/lib/pam_set_item.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_item.c#18 $ + * $P4: //depot/projects/openpam/lib/pam_set_item.c#21 $ */ #include <sys/param.h> @@ -90,7 +90,7 @@ pam_set_item(pam_handle_t *pamh, } if (*slot != NULL) { memset(*slot, 0xd0, osize); - free(*slot); + FREE(*slot); } if (item != NULL) { if ((tmp = malloc(nsize)) == NULL) diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c index 5ea3aa0..0b59d5e 100644 --- a/contrib/openpam/lib/pam_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c index 51394ac..41f0a06 100644 --- a/contrib/openpam/lib/pam_set_mapped_username.c +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c index b895e6a..625a07c 100644 --- a/contrib/openpam/lib/pam_setcred.c +++ b/contrib/openpam/lib/pam_setcred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setcred.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_setcred.c#14 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c index f516a1b..1c16039 100644 --- a/contrib/openpam/lib/pam_setenv.c +++ b/contrib/openpam/lib/pam_setenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setenv.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_setenv.c#12 $ */ #include <stdlib.h> @@ -67,15 +67,14 @@ pam_setenv(pam_handle_t *pamh, RETURNC(PAM_SYSTEM_ERR); /* is it already there? */ - if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1) + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) RETURNC(PAM_SUCCESS); /* set it... */ - if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL) + if (asprintf(&env, "%s=%s", name, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(env, "%s=%s", name, value); r = pam_putenv(pamh, env); - free(env); + FREE(env); RETURNC(r); } diff --git a/contrib/openpam/lib/pam_sm_acct_mgmt.c b/contrib/openpam/lib/pam_sm_acct_mgmt.c index 8351fca..e5d65c2 100644 --- a/contrib/openpam/lib/pam_sm_acct_mgmt.c +++ b/contrib/openpam/lib/pam_sm_acct_mgmt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_authenticate.c b/contrib/openpam/lib/pam_sm_authenticate.c index 50cceef..25446b2 100644 --- a/contrib/openpam/lib/pam_sm_authenticate.c +++ b/contrib/openpam/lib/pam_sm_authenticate.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_authenticate(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_authenticate_secondary.c b/contrib/openpam/lib/pam_sm_authenticate_secondary.c index b25e028..b163baa 100644 --- a/contrib/openpam/lib/pam_sm_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_sm_authenticate_secondary.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_chauthtok.c b/contrib/openpam/lib/pam_sm_chauthtok.c index b4ede72..dc53be9 100644 --- a/contrib/openpam/lib/pam_sm_chauthtok.c +++ b/contrib/openpam/lib/pam_sm_chauthtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#8 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_close_session.c b/contrib/openpam/lib/pam_sm_close_session.c index e27274f..428ac65 100644 --- a/contrib/openpam/lib/pam_sm_close_session.c +++ b/contrib/openpam/lib/pam_sm_close_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_close_session(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c index 2f35e54..38f7c66 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_get_mapped_username.c b/contrib/openpam/lib/pam_sm_get_mapped_username.c index 1956acf..c00a7de 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_open_session.c b/contrib/openpam/lib/pam_sm_open_session.c index 161344f..5404039 100644 --- a/contrib/openpam/lib/pam_sm_open_session.c +++ b/contrib/openpam/lib/pam_sm_open_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_open_session(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c index a875e1a..d16c265 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_set_mapped_username.c b/contrib/openpam/lib/pam_sm_set_mapped_username.c index 8c0774d..54bed91 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_setcred.c b/contrib/openpam/lib/pam_sm_setcred.c index 90e571c..919256d 100644 --- a/contrib/openpam/lib/pam_sm_setcred.c +++ b/contrib/openpam/lib/pam_sm_setcred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#7 $ */ #include <sys/param.h> @@ -59,8 +59,6 @@ pam_sm_setcred(pam_handle_t *pamh, /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c index c43b192..e180fe8 100644 --- a/contrib/openpam/lib/pam_start.c +++ b/contrib/openpam/lib/pam_start.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_start.c#17 $ + * $P4: //depot/projects/openpam/lib/pam_start.c#18 $ */ #include <stdlib.h> diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c index 2e87513..c4eb1eb 100644 --- a/contrib/openpam/lib/pam_strerror.c +++ b/contrib/openpam/lib/pam_strerror.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_strerror.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_strerror.c#12 $ */ #include <stdio.h> diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c index cfb6e0f..292cadf 100644 --- a/contrib/openpam/lib/pam_verror.c +++ b/contrib/openpam/lib/pam_verror.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_verror.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_verror.c#8 $ */ #include <stdarg.h> @@ -40,6 +40,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -55,7 +57,7 @@ pam_verror(pam_handle_t *pamh, int r; r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c index 0c57ec5..3d02c0a 100644 --- a/contrib/openpam/lib/pam_vinfo.c +++ b/contrib/openpam/lib/pam_vinfo.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vinfo.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_vinfo.c#8 $ */ #include <stdarg.h> @@ -40,6 +40,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -55,7 +57,7 @@ pam_vinfo(pam_handle_t *pamh, int r; r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c index 83262c4..ef6ca24 100644 --- a/contrib/openpam/lib/pam_vprompt.c +++ b/contrib/openpam/lib/pam_vprompt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vprompt.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_vprompt.c#12 $ */ #include <stdarg.h> @@ -77,7 +77,7 @@ pam_vprompt(pam_handle_t *pamh, rsp = NULL; r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); *resp = rsp == NULL ? NULL : rsp->resp; - free(rsp); + FREE(rsp); RETURNC(r); } diff --git a/contrib/openpam/misc/gendoc.pl b/contrib/openpam/misc/gendoc.pl index 3d29f0e..945c224 100644 --- a/contrib/openpam/misc/gendoc.pl +++ b/contrib/openpam/misc/gendoc.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -w #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/misc/gendoc.pl#19 $ +# $P4: //depot/projects/openpam/misc/gendoc.pl#25 $ # use strict; @@ -42,7 +42,7 @@ use POSIX qw(strftime); use vars qw($COPYRIGHT $TODAY %FUNCTIONS %PAMERR); $COPYRIGHT = ".\\\"- -.\\\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\\\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\\\" All rights reserved. .\\\" .\\\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -235,7 +235,7 @@ sub parse_source($) { s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs; s/\s*:([a-z_]+)\b\s*/\n.Va $1\n/gs; s/\s*;([a-z_]+)\b\s*/\n.Dv $1\n/gs; - if (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/gs) { + while (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/s) { ++$xref{"$1 3"}; } s/\s*\"(?=\w)/\n.Do\n/gs; @@ -274,10 +274,6 @@ sub parse_source($) { }; if ($source =~ m/^ \* NODOC\s*$/m) { $FUNCTIONS{$func}->{'nodoc'} = 1; - $FUNCTIONS{$func}->{'nolist'} = 1; - } - if ($source =~ m/^ \* NOLIST\s*$/m) { - $FUNCTIONS{$func}->{'nolist'} = 1; } if ($source !~ m/^ \* XSSO \d/m) { $FUNCTIONS{$func}->{'openpam'} = 1; @@ -498,7 +494,7 @@ sub gensummary($) { while (<STDIN>) { if (m/^\.Xr (\S+)\s*(\d)\s*$/) { $xref{$1} = $2; - } + } print FILE $_; } @@ -518,14 +514,14 @@ The following return codes are defined by print FILE ".Xr openpam 3\n" if ($page eq 'pam'); foreach $func (keys(%FUNCTIONS)) { - $xref{$func} = 3; + $xref{$func} = 3; } my @refs = sort(keys(%xref)); while ($_ = shift(@refs)) { print FILE ".Xr $_ $xref{$_}"; - print FILE " ," + print FILE " ," if (@refs); - print FILE "\n"; + print FILE "\n"; } print FILE ".Sh STANDARDS .Rs diff --git a/contrib/openpam/modules/Makefile b/contrib/openpam/modules/Makefile index 9b17f2f..0818653 100644 --- a/contrib/openpam/modules/Makefile +++ b/contrib/openpam/modules/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/Makefile#8 $ +# $P4: //depot/projects/openpam/modules/Makefile#9 $ # SUBDIR = diff --git a/contrib/openpam/modules/pam_deny/Makefile b/contrib/openpam/modules/pam_deny/Makefile index 502fc8b..98a7ce3 100644 --- a/contrib/openpam/modules/pam_deny/Makefile +++ b/contrib/openpam/modules/pam_deny/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#5 $ +# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#6 $ # LIB = pam_deny diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c index 1f83ca5..0c79618 100644 --- a/contrib/openpam/modules/pam_deny/pam_deny.c +++ b/contrib/openpam/modules/pam_deny/pam_deny.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#7 $ + * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#8 $ */ #include <sys/param.h> diff --git a/contrib/openpam/modules/pam_permit/Makefile b/contrib/openpam/modules/pam_permit/Makefile index 08038c4..b443a6c 100644 --- a/contrib/openpam/modules/pam_permit/Makefile +++ b/contrib/openpam/modules/pam_permit/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#5 $ +# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#6 $ # LIB = pam_permit diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c index 2a974e7..33c7093 100644 --- a/contrib/openpam/modules/pam_permit/pam_permit.c +++ b/contrib/openpam/modules/pam_permit/pam_permit.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#7 $ + * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#8 $ */ #include <sys/param.h> diff --git a/contrib/openpam/modules/pam_unix/Makefile b/contrib/openpam/modules/pam_unix/Makefile index 0352b32..2e4be46 100644 --- a/contrib/openpam/modules/pam_unix/Makefile +++ b/contrib/openpam/modules/pam_unix/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_unix/Makefile#2 $ +# $P4: //depot/projects/openpam/modules/pam_unix/Makefile#3 $ # LIB = pam_unix diff --git a/contrib/openpam/modules/pam_unix/pam_unix.c b/contrib/openpam/modules/pam_unix/pam_unix.c index ddcd81b..2283915 100644 --- a/contrib/openpam/modules/pam_unix/pam_unix.c +++ b/contrib/openpam/modules/pam_unix/pam_unix.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $ + * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#5 $ */ #include <sys/param.h> @@ -42,6 +42,10 @@ #include <string.h> #include <unistd.h> +#ifdef __GLIBC__ +#include <crypt.h> +#endif + #include <security/pam_modules.h> #include <security/pam_appl.h> |
