diff options
Diffstat (limited to 'lib/openpam_dynamic.c')
-rw-r--r-- | lib/openpam_dynamic.c | 59 |
1 files changed, 41 insertions, 18 deletions
diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c index 084408e..d44174f 100644 --- a/lib/openpam_dynamic.c +++ b/lib/openpam_dynamic.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,13 +32,19 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dynamic.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_dynamic.c 502 2011-12-18 13:59:22Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include <dlfcn.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include <security/pam_appl.h> @@ -51,21 +57,35 @@ /* * OpenPAM internal * + * Perform sanity checks and attempt to load a module + */ + +static void * +try_dlopen(const char *modfn) +{ + + if (openpam_check_path_owner_perms(modfn) != 0) + return (NULL); + return (dlopen(modfn, RTLD_NOW)); +} + +/* + * OpenPAM internal + * * Locate a dynamically linked module */ pam_module_t * openpam_dynamic(const char *path) { + const pam_module_t *dlmodule; pam_module_t *module; const char *prefix; char *vpath; void *dlh; - int i; + int i, serrno; dlh = NULL; - if ((module = calloc(1, sizeof *module)) == NULL) - goto buf_err; /* Prepend the standard prefix if not an absolute pathname. */ if (path[0] != '/') @@ -75,33 +95,36 @@ openpam_dynamic(const char *path) /* try versioned module first, then unversioned module */ if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0) - goto buf_err; - if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { - openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + goto err; + if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) { *strrchr(vpath, '.') = '\0'; - if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { - openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); - FREE(vpath); - FREE(module); - return (NULL); - } + dlh = try_dlopen(vpath); } + serrno = errno; FREE(vpath); + errno = serrno; + if (dlh == NULL) + goto err; + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; if ((module->path = strdup(path)) == NULL) goto buf_err; module->dlh = dlh; + dlmodule = dlsym(dlh, "_pam_module"); for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { - module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); + module->func[i] = dlmodule ? dlmodule->func[i] : + (pam_func_t)dlsym(dlh, pam_sm_func_name[i]); if (module->func[i] == NULL) openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", - path, _pam_sm_func_name[i], dlerror()); + path, pam_sm_func_name[i], dlerror()); } return (module); - buf_err: - openpam_log(PAM_LOG_ERROR, "%m"); +buf_err: if (dlh != NULL) dlclose(dlh); FREE(module); +err: + openpam_log(PAM_LOG_ERROR, "%m"); return (NULL); } |