diff options
Diffstat (limited to 'contrib/openpam/lib')
58 files changed, 626 insertions, 458 deletions
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile index 95aa856..da3aecd 100644 --- a/contrib/openpam/lib/Makefile +++ b/contrib/openpam/lib/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,18 +31,21 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/lib/Makefile#16 $ +# $P4: //depot/projects/openpam/lib/Makefile#21 $ # LIB = pam -SHLIB_MAJOR = 2 -SHLIB_MINOR = 0 WARNS ?= 4 NO_WERROR = yes CFLAGS += -I${.CURDIR}/../include CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR} +OSNAME != uname -s +.if ${OSNAME} == "Linux" +LDADD += -ldl +.endif + SRCS = SRCS += openpam_borrow_cred.c SRCS += openpam_configure.c @@ -54,6 +57,7 @@ SRCS += openpam_get_option.c SRCS += openpam_load.c SRCS += openpam_log.c SRCS += openpam_nullconv.c +SRCS += openpam_readline.c SRCS += openpam_restore_cred.c SRCS += openpam_set_option.c SRCS += openpam_static.c diff --git a/contrib/openpam/lib/openpam_borrow_cred.c b/contrib/openpam/lib/openpam_borrow_cred.c index 8a8c458..dfd25c2 100644 --- a/contrib/openpam/lib/openpam_borrow_cred.c +++ b/contrib/openpam/lib/openpam_borrow_cred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,11 +31,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#9 $ */ #include <sys/param.h> +#include <grp.h> #include <pwd.h> #include <stdlib.h> #include <unistd.h> @@ -75,20 +76,20 @@ openpam_borrow_cred(pam_handle_t *pamh, scred->euid = geteuid(); scred->egid = getegid(); r = getgroups(NGROUPS_MAX, scred->groups); - if (r == -1) { - free(scred); + if (r < 0) { + FREE(scred); RETURNC(PAM_SYSTEM_ERR); } scred->ngroups = r; r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); if (r != PAM_SUCCESS) { - free(scred); + FREE(scred); RETURNC(r); } if (geteuid() == pwd->pw_uid) RETURNC(PAM_SUCCESS); - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 || - setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) { + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { openpam_restore_cred(pamh); RETURNC(PAM_SYSTEM_ERR); } diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c index 65844de..e542fe6 100644 --- a/contrib/openpam/lib/openpam_configure.c +++ b/contrib/openpam/lib/openpam_configure.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_configure.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_configure.c#10 $ */ #include <ctype.h> @@ -44,169 +44,223 @@ #include "openpam_impl.h" -#define PAM_CONF_STYLE 0 -#define PAM_D_STYLE 1 -#define MAX_LINE_LEN 1024 -#define MAX_OPTIONS 256 +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ static int -openpam_read_policy_file(pam_chain_t *policy[], +openpam_read_chain(pam_handle_t *pamh, const char *service, + pam_facility_t facility, const char *filename, - int style) + openpam_style_t style) { - char buf[MAX_LINE_LEN], *p, *q; - const char *optv[MAX_OPTIONS + 1]; - int ch, chain, flag, line, optc, n, r; - size_t len; + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; FILE *f; - n = 0; - if ((f = fopen(filename, "r")) == NULL) { openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, "%s: %m", filename); return (0); } - openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", - service, filename); + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; - for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { - if ((len = strlen(buf)) == 0) - continue; + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } - /* check for overflow */ - if (buf[--len] != '\n' && !feof(f)) { - openpam_log(PAM_LOG_ERROR, "%s: line %d too long", - filename, line); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - while ((ch = fgetc(f)) != EOF) - if (ch == '\n') - break; + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); continue; } + p = next_word(p); - /* strip comments and trailing whitespace */ - if ((p = strchr(buf, '#')) != NULL) - len = p - buf ? p - buf - 1 : p - buf; - while (len > 0 && isspace(buf[len - 1])) - --len; - if (len == 0) + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + fprintf(stderr, "include %s returned %d\n", name, ret); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); continue; - buf[len] = '\0'; - p = q = buf; - - /* check service name */ - if (style == PAM_CONF_STYLE) { - for (q = p = buf; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (*q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, service) != 0) - continue; - openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'", - filename, line, service); } + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; - /* get module type */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "auth") == 0) { - chain = PAM_AUTH; - } else if (strcmp(p, "account") == 0) { - chain = PAM_ACCOUNT; - } else if (strcmp(p, "session") == 0) { - chain = PAM_SESSION; - } else if (strcmp(p, "password") == 0) { - chain = PAM_PASSWORD; - } else { + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { openpam_log(PAM_LOG_ERROR, - "%s: invalid module type on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; } + this->flag = ctlf; - /* get control flag */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "required") == 0) { - flag = PAM_REQUIRED; - } else if (strcmp(p, "requisite") == 0) { - flag = PAM_REQUISITE; - } else if (strcmp(p, "sufficient") == 0) { - flag = PAM_SUFFICIENT; - } else if (strcmp(p, "optional") == 0) { - flag = PAM_OPTIONAL; - } else if (strcmp(p, "binding") == 0) { - flag = PAM_BINDING; - } else { + /* module name */ + p = next_word(p); + if (*p == '\0') { openpam_log(PAM_LOG_ERROR, - "%s: invalid control flag on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): missing module name", + filename, lineno); + goto fail; } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; - /* get module name */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p) - goto syntax_error; - - /* get options */ - for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) { - *q++ = '\0'; - while (isspace(*q)) - ++q; - optv[optc] = q; - while (*q != '\0' && !isspace(*q)) - ++q; + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); } - optv[optc] = NULL; - if (*q != '\0') { - *q = '\0'; - openpam_log(PAM_LOG_ERROR, - "%s: too many options on line %d", - filename, line); + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); } - /* - * Finally, add the module at the end of the - * appropriate chain and bump the counter. - */ - r = openpam_add_module(policy, chain, flag, p, optc, optv); - if (r != PAM_SUCCESS) - return (-r); - ++n; - continue; - syntax_error: - openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d", - filename, line); - openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]", - filename, line, q); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - } - - if (ferror(f)) - openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; fclose(f); - return (n); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); } static const char *openpam_policy_path[] = { @@ -217,9 +271,14 @@ static const char *openpam_policy_path[] = { NULL }; +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ static int -openpam_load_policy(pam_chain_t *policy[], - const char *service) +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) { const char **path; char *filename; @@ -229,24 +288,20 @@ openpam_load_policy(pam_chain_t *policy[], for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { - filename = malloc(len + strlen(service) + 1); - if (filename == NULL) { - openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); return (-PAM_BUF_ERR); } - strcpy(filename, *path); - strcat(filename, service); - r = openpam_read_policy_file(policy, - service, filename, PAM_D_STYLE); - free(filename); + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); } else { - r = openpam_read_policy_file(policy, - service, *path, PAM_CONF_STYLE); + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); } if (r != 0) return (r); } - return (0); } @@ -260,34 +315,21 @@ int openpam_configure(pam_handle_t *pamh, const char *service) { - pam_chain_t *other[PAM_NUM_CHAINS] = { 0 }; - int i, n, r; - - /* try own configuration first */ - r = openpam_load_policy(pamh->chains, service); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] != NULL) - ++n; - } - if (n == PAM_NUM_CHAINS) - return (PAM_SUCCESS); - - /* fill in the blanks with "other" */ - openpam_load_policy(other, PAM_OTHER); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] == NULL) { - pamh->chains[i] = other[i]; - other[i] = NULL; - } - if (pamh->chains[i] != NULL) - ++n; + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; } - openpam_clear_chains(other); - return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR); + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); } /* @@ -295,5 +337,4 @@ openpam_configure(pam_handle_t *pamh, * * Error codes: * PAM_SYSTEM_ERR - * PAM_BUF_ERR */ diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c index 29f9138..d36b2bd 100644 --- a/contrib/openpam/lib/openpam_dispatch.c +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $ + * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#21 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c index db5fe48..6f00c86 100644 --- a/contrib/openpam/lib/openpam_dynamic.c +++ b/contrib/openpam/lib/openpam_dynamic.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#13 $ */ #include <dlfcn.h> @@ -43,6 +43,10 @@ #include "openpam_impl.h" +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + /* * OpenPAM internal * @@ -62,18 +66,18 @@ openpam_dynamic(const char *path) goto buf_err; /* try versioned module first, then unversioned module */ - if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) == -1) + if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) < 0) goto buf_err; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); *strrchr(vpath, '.') = '\0'; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); - free(module); + FREE(module); return (NULL); } } - free(vpath); + FREE(vpath); if ((module->path = strdup(path)) == NULL) goto buf_err; module->dlh = dlh; @@ -88,7 +92,7 @@ openpam_dynamic(const char *path) openpam_log(PAM_LOG_ERROR, "%m"); if (dlh != NULL) dlclose(dlh); - free(module); + FREE(module); return (NULL); } diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c index 63d81dd..f6ddf61 100644 --- a/contrib/openpam/lib/openpam_findenv.c +++ b/contrib/openpam/lib/openpam_findenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_findenv.c#10 $ + * $P4: //depot/projects/openpam/lib/openpam_findenv.c#12 $ */ #include <string.h> diff --git a/contrib/openpam/lib/openpam_free_data.c b/contrib/openpam/lib/openpam_free_data.c index 03766b9..48b11be 100644 --- a/contrib/openpam/lib/openpam_free_data.c +++ b/contrib/openpam/lib/openpam_free_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_free_data.c#3 $ + * $P4: //depot/projects/openpam/lib/openpam_free_data.c#5 $ */ #include <stdlib.h> @@ -54,7 +54,7 @@ openpam_free_data(pam_handle_t *pamh, void *data, int status) ENTER(); (void)pamh; (void)status; - free(data); + FREE(data); RETURNV(); } diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c index 90020d2..bfdd856 100644 --- a/contrib/openpam/lib/openpam_get_option.c +++ b/contrib/openpam/lib/openpam_get_option.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_get_option.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_get_option.c#10 $ */ #include <sys/param.h> @@ -73,12 +73,10 @@ openpam_get_option(pam_handle_t *pamh, RETURNS(NULL); } -/* - * NOLIST - */ - /** * The =openpam_get_option function returns the value of the specified * option in the context of the currently executing service module, or * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option */ diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h index 8921cfa..3786ad2 100644 --- a/contrib/openpam/lib/openpam_impl.h +++ b/contrib/openpam/lib/openpam_impl.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $ + * $P4: //depot/projects/openpam/lib/openpam_impl.h#27 $ */ #ifndef _OPENPAM_IMPL_H_INCLUDED @@ -49,21 +49,26 @@ extern int _openpam_debug; /* * Control flags */ -#define PAM_REQUIRED 1 -#define PAM_REQUISITE 2 -#define PAM_SUFFICIENT 3 -#define PAM_OPTIONAL 4 -#define PAM_BINDING 5 -#define PAM_NUM_CONTROLFLAGS 6 +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; /* - * Chains + * Facilities */ -#define PAM_AUTH 0 -#define PAM_ACCOUNT 1 -#define PAM_SESSION 2 -#define PAM_PASSWORD 3 -#define PAM_NUM_CHAINS 4 +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; typedef struct pam_chain pam_chain_t; struct pam_chain { @@ -86,7 +91,7 @@ struct pam_handle { char *service; /* chains */ - pam_chain_t *chains[PAM_NUM_CHAINS]; + pam_chain_t *chains[PAM_NUM_FACILITIES]; pam_chain_t *current; int primitive; @@ -112,17 +117,18 @@ struct pam_saved_cred { #define PAM_OTHER "other" -int openpam_configure(pam_handle_t *, const char *); -int openpam_dispatch(pam_handle_t *, int, int); -int openpam_findenv(pam_handle_t *, const char *, size_t); -int openpam_add_module(pam_chain_t **, int, int, - const char *, int, const char **); -void openpam_clear_chains(pam_chain_t **); +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); #ifdef OPENPAM_STATIC_MODULES -pam_module_t *openpam_static(const char *); +pam_module_t *openpam_static(const char *); #endif -pam_module_t *openpam_dynamic(const char *); +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) #ifdef DEBUG #define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") @@ -131,16 +137,16 @@ pam_module_t *openpam_dynamic(const char *); openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \ -} while (0); +} while (0) #define ENTERN(n) do { \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \ -} while (0); +} while (0) #define ENTERS(s) do { \ if ((s) == NULL) \ openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \ -} while (0); +} while (0) #define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") #define RETURNC(c) do { \ if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \ diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c index ef68309..a1057f3 100644 --- a/contrib/openpam/lib/openpam_load.c +++ b/contrib/openpam/lib/openpam_load.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_load.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_load.c#19 $ */ #include <dlfcn.h> @@ -67,7 +67,7 @@ static pam_module_t *modules; * found modules to speed up the process. */ -static pam_module_t * +pam_module_t * openpam_load_module(const char *path) { pam_module_t *module; @@ -136,8 +136,8 @@ openpam_release_module(pam_module_t *module) if (module == modules) modules = module->next; openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); - free(module->path); - free(module); + FREE(module->path); + FREE(module); } @@ -154,52 +154,10 @@ openpam_destroy_chain(pam_chain_t *chain) openpam_destroy_chain(chain->next); chain->next = NULL; while (chain->optc--) - free(chain->optv[chain->optc]); - free(chain->optv); + FREE(chain->optv[chain->optc]); + FREE(chain->optv); openpam_release_module(chain->module); - free(chain); -} - -/* - * Add a module to a chain. - */ - -int -openpam_add_module(pam_chain_t *policy[], - int chain, - int flag, - const char *modpath, - int optc, - const char *optv[]) -{ - pam_chain_t *new, *iterator; - - if ((new = calloc(1, sizeof *new)) == NULL) - goto buf_err; - if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL) - goto buf_err; - while (optc--) - if ((new->optv[new->optc++] = strdup(*optv++)) == NULL) - goto buf_err; - new->optv[new->optc] = NULL; - new->flag = flag; - if ((new->module = openpam_load_module(modpath)) == NULL) { - openpam_destroy_chain(new); - return (PAM_OPEN_ERR); - } - if ((iterator = policy[chain]) != NULL) { - while (iterator->next != NULL) - iterator = iterator->next; - iterator->next = new; - } else { - policy[chain] = new; - } - return (PAM_SUCCESS); - - buf_err: - openpam_log(PAM_LOG_ERROR, "%m"); - openpam_destroy_chain(new); - return (PAM_BUF_ERR); + FREE(chain); } @@ -212,7 +170,7 @@ openpam_clear_chains(pam_chain_t *policy[]) { int i; - for (i = 0; i < PAM_NUM_CHAINS; ++i) + for (i = 0; i < PAM_NUM_FACILITIES; ++i) openpam_destroy_chain(policy[i]); } diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c index 0758580..d03ec25 100644 --- a/contrib/openpam/lib/openpam_log.c +++ b/contrib/openpam/lib/openpam_log.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_log.c#18 $ + * $P4: //depot/projects/openpam/lib/openpam_log.c#23 $ */ #include <ctype.h> @@ -47,20 +47,19 @@ int _openpam_debug = 0; -#if defined(openpam_log) +#if !defined(openpam_log) /* * OpenPAM extension * - * Log a message through syslog(3) + * Log a message through syslog */ void -_openpam_log(int level, const char *func, const char *fmt, ...) +openpam_log(int level, const char *fmt, ...) { va_list ap; - char *format; - int len, priority; + int priority; switch (level) { case PAM_LOG_DEBUG: @@ -80,30 +79,17 @@ _openpam_log(int level, const char *func, const char *fmt, ...) break; } va_start(ap, fmt); - for (len = strlen(fmt); len > 0 && isspace(fmt[len]); len--) - /* nothing */; - if ((format = malloc(strlen(func) + len + 16)) != NULL) { - sprintf(format, "in %s(): %.*s\n", func, len, fmt); - vsyslog(priority, format, ap); - free(format); - } else { - vsyslog(priority, fmt, ap); - } + vsyslog(priority, fmt, ap); va_end(ap); } #else -/* - * If openpam_log isn't defined as a macro, we're on a platform that - * doesn't support varadic macros (or it does but we aren't aware of - * it). Do the next best thing. - */ - void -openpam_log(int level, const char *fmt, ...) +_openpam_log(int level, const char *func, const char *fmt, ...) { va_list ap; + char *format; int priority; switch (level) { @@ -124,12 +110,40 @@ openpam_log(int level, const char *fmt, ...) break; } va_start(ap, fmt); - vsyslog(priority, fmt, ap); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } va_end(ap); } #endif -/* - * NOLIST +/** + * The =openpam_log function logs messages using =syslog. It is primarily + * intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. The + * following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. These messages are normally not + * logged unless the global integer variable :_openpam_debug + * is set to a non-zero value, in which case they are logged + * with a =syslog priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. These messages + * are logged with a =syslog priority of =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. These messages are + * logged with a =syslog priority of =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. These messages are + * logged with a =syslog priority of =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. */ diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c index 94a9936..99ca9cd 100644 --- a/contrib/openpam/lib/openpam_nullconv.c +++ b/contrib/openpam/lib/openpam_nullconv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#6 $ */ #include <sys/types.h> @@ -62,8 +62,6 @@ openpam_nullconv(int n, } /* - * NOLIST - * * Error codes: * * PAM_CONV_ERR diff --git a/contrib/openpam/lib/openpam_readline.c b/contrib/openpam/lib/openpam_readline.c new file mode 100644 index 0000000..31428bf --- /dev/null +++ b/contrib/openpam/lib/openpam_readline.c @@ -0,0 +1,154 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_readline.c#2 $ + */ + +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/contrib/openpam/lib/openpam_restore_cred.c b/contrib/openpam/lib/openpam_restore_cred.c index d18f78f..afa468a 100644 --- a/contrib/openpam/lib/openpam_restore_cred.c +++ b/contrib/openpam/lib/openpam_restore_cred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,11 +31,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#8 $ */ #include <sys/param.h> +#include <grp.h> #include <pwd.h> #include <stdlib.h> #include <unistd.h> @@ -63,9 +64,9 @@ openpam_restore_cred(pam_handle_t *pamh) if (scred == NULL) RETURNC(PAM_SYSTEM_ERR); if (scred->euid != geteuid()) { - if (seteuid(scred->euid) == -1 || - setgroups(scred->ngroups, scred->groups) == -1 || - setegid(scred->egid) == -1) + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) RETURNC(PAM_SYSTEM_ERR); } pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c index d981398..a955d2b 100644 --- a/contrib/openpam/lib/openpam_set_option.c +++ b/contrib/openpam/lib/openpam_set_option.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_set_option.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_set_option.c#13 $ */ #include <sys/param.h> @@ -82,14 +82,13 @@ openpam_set_option(pam_handle_t *pamh, cur->optv[i] = NULL; RETURNC(PAM_SUCCESS); } - if ((opt = malloc(len + strlen(value) + 2)) == NULL) + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(opt, "%.*s=%s", (int)len, option, value); if (i == cur->optc) { /* add */ optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); if (optv == NULL) { - free(opt); + FREE(opt); RETURNC(PAM_BUF_ERR); } optv[i] = opt; @@ -98,15 +97,13 @@ openpam_set_option(pam_handle_t *pamh, ++cur->optc; } else { /* replace */ - free(cur->optv[i]); + FREE(cur->optv[i]); cur->optv[i] = opt; } RETURNC(PAM_SUCCESS); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR @@ -116,4 +113,6 @@ openpam_set_option(pam_handle_t *pamh, /** * The =openpam_set_option function sets the specified option in the * context of the currently executing service module. + * + * >openpam_get_option */ diff --git a/contrib/openpam/lib/openpam_static.c b/contrib/openpam/lib/openpam_static.c index 59ec255..1346c8b 100644 --- a/contrib/openpam/lib/openpam_static.c +++ b/contrib/openpam/lib/openpam_static.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_static.c#5 $ + * $P4: //depot/projects/openpam/lib/openpam_static.c#6 $ */ #include <string.h> diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c index 828f359..64deba9 100644 --- a/contrib/openpam/lib/openpam_ttyconv.c +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $ */ #include <sys/types.h> @@ -179,15 +179,12 @@ openpam_ttyconv(int n, RETURNC(PAM_SUCCESS); fail: while (i) - free(resp[--i]); - free(*resp); - *resp = NULL; + FREE(resp[--i]); + FREE(*resp); RETURNC(PAM_CONV_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR @@ -201,7 +198,7 @@ openpam_ttyconv(int n, * of most text-based interactive programs. * * The =openpam_ttyconv function allows the application to specify a - * timeout for user input by setting the global variable + * timeout for user input by setting the global integer variable * :openpam_ttyconv_timeout to the length of the timeout in seconds. * * >openpam_nullconv diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c index 6dbd29a..d5bdbfb 100644 --- a/contrib/openpam/lib/pam_acct_mgmt.c +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#14 $ */ #include <sys/param.h> @@ -78,6 +78,6 @@ pam_acct_mgmt(pam_handle_t *pamh, * =PAM_DISALLOW_NULL_AUTHTOK: * Fail if the user's authentication token is null. * - * If any other bits are set, =pam_authenticate will return + * If any other bits are set, =pam_acct_mgmt will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c index 6d319b9..a37e32b 100644 --- a/contrib/openpam/lib/pam_authenticate.c +++ b/contrib/openpam/lib/pam_authenticate.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#15 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c index b266f19..09e9839 100644 --- a/contrib/openpam/lib/pam_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c index 74f2af3..224e8f2 100644 --- a/contrib/openpam/lib/pam_chauthtok.c +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c index 5fd14ad..ee4945f 100644 --- a/contrib/openpam/lib/pam_close_session.c +++ b/contrib/openpam/lib/pam_close_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_close_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_close_session.c#13 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c index 5fb1fb6..e1762c6 100644 --- a/contrib/openpam/lib/pam_end.c +++ b/contrib/openpam/lib/pam_end.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_end.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_end.c#13 $ */ #include <stdlib.h> @@ -63,14 +63,14 @@ pam_end(pam_handle_t *pamh, if (dp->cleanup) (dp->cleanup)(pamh, dp->data, status); pamh->module_data = dp->next; - free(dp->name); - free(dp); + FREE(dp->name); + FREE(dp); } /* clear environment */ while (pamh->env_count) - free(pamh->env[--pamh->env_count]); - free(pamh->env); + FREE(pamh->env[--pamh->env_count]); + FREE(pamh->env); /* clear chains */ openpam_clear_chains(pamh->chains); @@ -79,7 +79,7 @@ pam_end(pam_handle_t *pamh, for (i = 0; i < PAM_NUM_ITEMS; ++i) pam_set_item(pamh, i, NULL); - free(pamh); + FREE(pamh); RETURNC(PAM_SUCCESS); } diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c index 4aac633..a2708bf 100644 --- a/contrib/openpam/lib/pam_error.c +++ b/contrib/openpam/lib/pam_error.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_error.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_error.c#10 $ */ #include <stdarg.h> @@ -41,6 +41,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -59,7 +61,7 @@ pam_error(pam_handle_t *pamh, va_start(ap, fmt); r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c index c1ecb3c..fba1e76 100644 --- a/contrib/openpam/lib/pam_get_authtok.c +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#21 $ + * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#25 $ */ #include <sys/param.h> @@ -109,19 +109,17 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { - free(resp); + FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) { - free(resp); - resp = NULL; - } - free(resp2); + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, item, (const void **)authtok); diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c index 63de926..9fcb33a 100644 --- a/contrib/openpam/lib/pam_get_data.c +++ b/contrib/openpam/lib/pam_get_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_data.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_get_data.c#12 $ */ #include <string.h> diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c index fa63d3e..16b20ed 100644 --- a/contrib/openpam/lib/pam_get_item.c +++ b/contrib/openpam/lib/pam_get_item.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_item.c#15 $ + * $P4: //depot/projects/openpam/lib/pam_get_item.c#17 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c index e42954f..7a5b3b1 100644 --- a/contrib/openpam/lib/pam_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c index dc63aa0..cec8a25 100644 --- a/contrib/openpam/lib/pam_get_mapped_username.c +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c index 5681c53..3c30f5f 100644 --- a/contrib/openpam/lib/pam_get_user.c +++ b/contrib/openpam/lib/pam_get_user.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_user.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_get_user.c#17 $ */ #include <sys/param.h> @@ -75,7 +75,7 @@ pam_get_user(pam_handle_t *pamh, if (r != PAM_SUCCESS) RETURNC(r); r = pam_set_item(pamh, PAM_USER, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, PAM_USER, (const void **)user); diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c index 098e1ef..4faafdc 100644 --- a/contrib/openpam/lib/pam_getenv.c +++ b/contrib/openpam/lib/pam_getenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_getenv.c#16 $ */ #include <stdlib.h> @@ -60,7 +60,7 @@ pam_getenv(pam_handle_t *pamh, RETURNS(NULL); if (name == NULL || strchr(name, '=') != NULL) RETURNS(NULL); - if ((i = openpam_findenv(pamh, name, strlen(name))) == -1) + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) RETURNS(NULL); for (str = pamh->env[i]; *str != '\0'; ++str) { if (*str == '=') { diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c index 7c63bce..2ba1bdf 100644 --- a/contrib/openpam/lib/pam_getenvlist.c +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#12 $ */ #include <stdlib.h> @@ -66,8 +66,8 @@ pam_getenvlist(pam_handle_t *pamh) for (i = 0; i < pamh->env_count; ++i) { if ((envlist[i] = strdup(pamh->env[i])) == NULL) { while (i) - free(envlist[--i]); - free(envlist); + FREE(envlist[--i]); + FREE(envlist); openpam_log(PAM_LOG_ERROR, "%s", pam_strerror(pamh, PAM_BUF_ERR)); RETURNP(NULL); diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c index 6102e84..7d3ab94 100644 --- a/contrib/openpam/lib/pam_info.c +++ b/contrib/openpam/lib/pam_info.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_info.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_info.c#9 $ */ #include <stdarg.h> @@ -41,6 +41,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -59,7 +61,7 @@ pam_info(pam_handle_t *pamh, va_start(ap, fmt); r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c index 02c9444..1db7a48 100644 --- a/contrib/openpam/lib/pam_open_session.c +++ b/contrib/openpam/lib/pam_open_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_open_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_open_session.c#13 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c index 6f63c16..61355d4 100644 --- a/contrib/openpam/lib/pam_prompt.c +++ b/contrib/openpam/lib/pam_prompt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_prompt.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_prompt.c#9 $ */ #include <sys/types.h> diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c index d3c220f..41530e6 100644 --- a/contrib/openpam/lib/pam_putenv.c +++ b/contrib/openpam/lib/pam_putenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_putenv.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_putenv.c#12 $ */ #include <stdlib.h> @@ -64,10 +64,10 @@ pam_putenv(pam_handle_t *pamh, RETURNC(PAM_SYSTEM_ERR); /* see if the variable is already in the environment */ - if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) { + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { if ((p = strdup(namevalue)) == NULL) RETURNC(PAM_BUF_ERR); - free(pamh->env[i]); + FREE(pamh->env[i]); pamh->env[i] = p; RETURNC(PAM_SUCCESS); } diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c index 5428bb1..a17ea0f 100644 --- a/contrib/openpam/lib/pam_set_data.c +++ b/contrib/openpam/lib/pam_set_data.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_data.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_set_data.c#15 $ */ #include <stdlib.h> @@ -73,7 +73,7 @@ pam_set_data(pam_handle_t *pamh, if ((dp = malloc(sizeof *dp)) == NULL) RETURNC(PAM_BUF_ERR); if ((dp->name = strdup(module_data_name)) == NULL) { - free(dp); + FREE(dp); RETURNC(PAM_BUF_ERR); } dp->data = data; diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c index aba99fb..5b6efa6 100644 --- a/contrib/openpam/lib/pam_set_item.c +++ b/contrib/openpam/lib/pam_set_item.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_item.c#18 $ + * $P4: //depot/projects/openpam/lib/pam_set_item.c#21 $ */ #include <sys/param.h> @@ -90,7 +90,7 @@ pam_set_item(pam_handle_t *pamh, } if (*slot != NULL) { memset(*slot, 0xd0, osize); - free(*slot); + FREE(*slot); } if (item != NULL) { if ((tmp = malloc(nsize)) == NULL) diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c index 5ea3aa0..0b59d5e 100644 --- a/contrib/openpam/lib/pam_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c index 51394ac..41f0a06 100644 --- a/contrib/openpam/lib/pam_set_mapped_username.c +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#8 $ */ #include <security/pam_appl.h> diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c index b895e6a..625a07c 100644 --- a/contrib/openpam/lib/pam_setcred.c +++ b/contrib/openpam/lib/pam_setcred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setcred.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_setcred.c#14 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c index f516a1b..1c16039 100644 --- a/contrib/openpam/lib/pam_setenv.c +++ b/contrib/openpam/lib/pam_setenv.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setenv.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_setenv.c#12 $ */ #include <stdlib.h> @@ -67,15 +67,14 @@ pam_setenv(pam_handle_t *pamh, RETURNC(PAM_SYSTEM_ERR); /* is it already there? */ - if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1) + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) RETURNC(PAM_SUCCESS); /* set it... */ - if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL) + if (asprintf(&env, "%s=%s", name, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(env, "%s=%s", name, value); r = pam_putenv(pamh, env); - free(env); + FREE(env); RETURNC(r); } diff --git a/contrib/openpam/lib/pam_sm_acct_mgmt.c b/contrib/openpam/lib/pam_sm_acct_mgmt.c index 8351fca..e5d65c2 100644 --- a/contrib/openpam/lib/pam_sm_acct_mgmt.c +++ b/contrib/openpam/lib/pam_sm_acct_mgmt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_authenticate.c b/contrib/openpam/lib/pam_sm_authenticate.c index 50cceef..25446b2 100644 --- a/contrib/openpam/lib/pam_sm_authenticate.c +++ b/contrib/openpam/lib/pam_sm_authenticate.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_authenticate(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_authenticate_secondary.c b/contrib/openpam/lib/pam_sm_authenticate_secondary.c index b25e028..b163baa 100644 --- a/contrib/openpam/lib/pam_sm_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_sm_authenticate_secondary.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_chauthtok.c b/contrib/openpam/lib/pam_sm_chauthtok.c index b4ede72..dc53be9 100644 --- a/contrib/openpam/lib/pam_sm_chauthtok.c +++ b/contrib/openpam/lib/pam_sm_chauthtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#8 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_close_session.c b/contrib/openpam/lib/pam_sm_close_session.c index e27274f..428ac65 100644 --- a/contrib/openpam/lib/pam_sm_close_session.c +++ b/contrib/openpam/lib/pam_sm_close_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_close_session(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c index 2f35e54..38f7c66 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_get_mapped_username.c b/contrib/openpam/lib/pam_sm_get_mapped_username.c index 1956acf..c00a7de 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_open_session.c b/contrib/openpam/lib/pam_sm_open_session.c index 161344f..5404039 100644 --- a/contrib/openpam/lib/pam_sm_open_session.c +++ b/contrib/openpam/lib/pam_sm_open_session.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#7 $ */ #include <sys/param.h> @@ -58,8 +58,6 @@ pam_sm_open_session(pam_handle_t *pamh, } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c index a875e1a..d16c265 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_set_mapped_username.c b/contrib/openpam/lib/pam_sm_set_mapped_username.c index 8c0774d..54bed91 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_username.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#6 $ */ #include <sys/param.h> diff --git a/contrib/openpam/lib/pam_sm_setcred.c b/contrib/openpam/lib/pam_sm_setcred.c index 90e571c..919256d 100644 --- a/contrib/openpam/lib/pam_sm_setcred.c +++ b/contrib/openpam/lib/pam_sm_setcred.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#7 $ */ #include <sys/param.h> @@ -59,8 +59,6 @@ pam_sm_setcred(pam_handle_t *pamh, /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c index c43b192..e180fe8 100644 --- a/contrib/openpam/lib/pam_start.c +++ b/contrib/openpam/lib/pam_start.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_start.c#17 $ + * $P4: //depot/projects/openpam/lib/pam_start.c#18 $ */ #include <stdlib.h> diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c index 2e87513..c4eb1eb 100644 --- a/contrib/openpam/lib/pam_strerror.c +++ b/contrib/openpam/lib/pam_strerror.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_strerror.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_strerror.c#12 $ */ #include <stdio.h> diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c index cfb6e0f..292cadf 100644 --- a/contrib/openpam/lib/pam_verror.c +++ b/contrib/openpam/lib/pam_verror.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_verror.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_verror.c#8 $ */ #include <stdarg.h> @@ -40,6 +40,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -55,7 +57,7 @@ pam_verror(pam_handle_t *pamh, int r; r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c index 0c57ec5..3d02c0a 100644 --- a/contrib/openpam/lib/pam_vinfo.c +++ b/contrib/openpam/lib/pam_vinfo.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vinfo.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_vinfo.c#8 $ */ #include <stdarg.h> @@ -40,6 +40,8 @@ #include <security/pam_appl.h> #include <security/openpam.h> +#include "openpam_impl.h" + /* * OpenPAM extension * @@ -55,7 +57,7 @@ pam_vinfo(pam_handle_t *pamh, int r; r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c index 83262c4..ef6ca24 100644 --- a/contrib/openpam/lib/pam_vprompt.c +++ b/contrib/openpam/lib/pam_vprompt.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vprompt.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_vprompt.c#12 $ */ #include <stdarg.h> @@ -77,7 +77,7 @@ pam_vprompt(pam_handle_t *pamh, rsp = NULL; r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); *resp = rsp == NULL ? NULL : rsp->resp; - free(rsp); + FREE(rsp); RETURNC(r); } |
