summaryrefslogtreecommitdiffstats
path: root/contrib/libpam
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/libpam')
-rw-r--r--contrib/libpam/libpam/pam_dispatch.c73
1 files changed, 11 insertions, 62 deletions
diff --git a/contrib/libpam/libpam/pam_dispatch.c b/contrib/libpam/libpam/pam_dispatch.c
index ffb50f5..d9b3de0 100644
--- a/contrib/libpam/libpam/pam_dispatch.c
+++ b/contrib/libpam/libpam/pam_dispatch.c
@@ -4,6 +4,8 @@
* Copyright (c) 1998 Andrew G. Morgan <morgan@kernel.org>
*
* $Id: pam_dispatch.c,v 1.3 2001/02/05 06:50:41 agmorgan Exp $
+ *
+ * $FreeBSD$
*/
#include <stdlib.h>
@@ -28,7 +30,7 @@
*/
static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
- _pam_boolean resumed, int use_cached_chain)
+ _pam_boolean resumed, int ignore_sufficient)
{
int depth, impression, status, skip_depth;
@@ -99,46 +101,18 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
return retval;
}
- if (use_cached_chain) {
- /* a former stack execution has frozen the chain */
- cached_retval = *(h->cached_retval_p);
- } else {
- /* this stack execution is defining the frozen chain */
- cached_retval = h->cached_retval = retval;
- }
-
/* verify that the return value is a valid one */
- if ((cached_retval < PAM_SUCCESS)
- || (cached_retval >= _PAM_RETURN_VALUES)) {
+ if ((retval < PAM_SUCCESS) || (retval >= _PAM_RETURN_VALUES)) {
retval = PAM_MUST_FAIL_CODE;
action = _PAM_ACTION_BAD;
} else {
- /* We treat the current retval with some respect. It may
- (for example, in the case of setcred) have a value that
- needs to be propagated to the user. We want to use the
- cached_retval to determine the modules to be executed
- in the stacked chain, but we want to treat each
- non-ignored module in the cached chain as now being
- 'required'. We only need to treat the,
- _PAM_ACTION_IGNORE, _PAM_ACTION_IS_JUMP and
- _PAM_ACTION_RESET actions specially. */
-
- action = h->actions[cached_retval];
+ action = h->actions[retval];
}
- D((stderr,
- "use_cached_chain=%d action=%d cached_retval=%d retval=%d\n",
- use_cached_chain, action, cached_retval, retval));
-
/* decide what to do */
switch (action) {
case _PAM_ACTION_RESET:
- /* if (use_cached_chain) {
- XXX - we need to consider the use_cached_chain case
- do we want to trash accumulated info here..?
- } */
-
impression = _PAM_UNDEF;
status = PAM_MUST_FAIL_CODE;
break;
@@ -146,16 +120,13 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
case _PAM_ACTION_OK:
case _PAM_ACTION_DONE:
- /* XXX - should we maintain cached_status and status in
- the case of use_cached_chain? The same with BAD&DIE
- below */
-
if ( impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) {
impression = _PAM_POSITIVE;
status = retval;
}
- if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) {
+ if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE
+ && !ignore_sufficient ) {
goto decision_made;
}
break;
@@ -179,11 +150,6 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
break;
case _PAM_ACTION_IGNORE:
- /* if (use_cached_chain) {
- XXX - when evaluating a cached
- chain, do we still want to ignore the module's
- return value?
- } */
break;
/* if we get here, we expect action is a positive number --
@@ -192,19 +158,6 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
default:
if ( _PAM_ACTION_IS_JUMP(action) ) {
- /* If we are evaluating a cached chain, we treat this
- module as required (aka _PAM_ACTION_OK) as well as
- executing the jump. */
-
- if (use_cached_chain) {
- if (impression == _PAM_UNDEF
- || (impression == _PAM_POSITIVE
- && status == PAM_SUCCESS) ) {
- impression = _PAM_POSITIVE;
- status = retval;
- }
- }
-
/* this means that we need to skip #action stacked modules */
do {
h = h->next;
@@ -245,7 +198,7 @@ decision_made: /* by getting here we have made a decision */
int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
{
struct handler *h = NULL;
- int retval, use_cached_chain;
+ int retval, ignore_sufficient;
_pam_boolean resumed;
IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR);
@@ -262,7 +215,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
return retval;
}
- use_cached_chain = 0; /* default to setting h->cached_retval */
+ ignore_sufficient = 0; /* default to setting h->cached_retval */
switch (choice) {
case PAM_AUTHENTICATE:
@@ -270,7 +223,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
break;
case PAM_SETCRED:
h = pamh->handlers.conf.setcred;
- use_cached_chain = 1;
+ ignore_sufficient = 1;
break;
case PAM_ACCOUNT:
h = pamh->handlers.conf.acct_mgmt;
@@ -280,13 +233,9 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
break;
case PAM_CLOSE_SESSION:
h = pamh->handlers.conf.close_session;
- use_cached_chain = 1;
break;
case PAM_CHAUTHTOK:
h = pamh->handlers.conf.chauthtok;
- if (flags & PAM_UPDATE_AUTHTOK) {
- use_cached_chain = 1;
- }
break;
default:
_pam_system_log(LOG_ERR, "undefined fn choice; %d", choice);
@@ -333,7 +282,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
__PAM_TO_MODULE(pamh);
/* call the list of module functions */
- retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain);
+ retval = _pam_dispatch_aux(pamh, flags, h, resumed, ignore_sufficient);
resumed = PAM_FALSE;
__PAM_TO_APP(pamh);
OpenPOWER on IntegriCloud