From 646ea20decc87530f871e5c56e96980c93fcf391 Mon Sep 17 00:00:00 2001 From: des Date: Sat, 13 Dec 2008 22:45:22 +0000 Subject: Flatten and clean up. --- lib/Makefile.am | 76 +++ lib/Makefile.in | 892 ++++++++++++++++++++++++++++++++++++ lib/openpam_borrow_cred.c | 121 +++++ lib/openpam_configure.c | 340 ++++++++++++++ lib/openpam_dispatch.c | 240 ++++++++++ lib/openpam_dynamic.c | 110 +++++ lib/openpam_findenv.c | 69 +++ lib/openpam_free_data.c | 72 +++ lib/openpam_free_envlist.c | 66 +++ lib/openpam_get_option.c | 83 ++++ lib/openpam_impl.h | 200 ++++++++ lib/openpam_load.c | 153 +++++++ lib/openpam_log.c | 158 +++++++ lib/openpam_nullconv.c | 86 ++++ lib/openpam_readline.c | 155 +++++++ lib/openpam_restore_cred.c | 94 ++++ lib/openpam_set_option.c | 119 +++++ lib/openpam_static.c | 70 +++ lib/openpam_ttyconv.c | 248 ++++++++++ lib/pam_acct_mgmt.c | 84 ++++ lib/pam_authenticate.c | 92 ++++ lib/pam_authenticate_secondary.c | 63 +++ lib/pam_chauthtok.c | 93 ++++ lib/pam_close_session.c | 85 ++++ lib/pam_end.c | 102 +++++ lib/pam_error.c | 85 ++++ lib/pam_get_authtok.c | 171 +++++++ lib/pam_get_data.c | 86 ++++ lib/pam_get_item.c | 142 ++++++ lib/pam_get_mapped_authtok.c | 62 +++ lib/pam_get_mapped_username.c | 63 +++ lib/pam_get_user.c | 113 +++++ lib/pam_getenv.c | 83 ++++ lib/pam_getenvlist.c | 106 +++++ lib/pam_info.c | 85 ++++ lib/pam_open_session.c | 86 ++++ lib/pam_prompt.c | 90 ++++ lib/pam_putenv.c | 108 +++++ lib/pam_set_data.c | 104 +++++ lib/pam_set_item.c | 120 +++++ lib/pam_set_mapped_authtok.c | 62 +++ lib/pam_set_mapped_username.c | 63 +++ lib/pam_setcred.c | 95 ++++ lib/pam_setenv.c | 98 ++++ lib/pam_sm_acct_mgmt.c | 81 ++++ lib/pam_sm_authenticate.c | 82 ++++ lib/pam_sm_authenticate_secondary.c | 68 +++ lib/pam_sm_chauthtok.c | 83 ++++ lib/pam_sm_close_session.c | 78 ++++ lib/pam_sm_get_mapped_authtok.c | 67 +++ lib/pam_sm_get_mapped_username.c | 68 +++ lib/pam_sm_open_session.c | 78 ++++ lib/pam_sm_set_mapped_authtok.c | 67 +++ lib/pam_sm_set_mapped_username.c | 65 +++ lib/pam_sm_setcred.c | 82 ++++ lib/pam_start.c | 108 +++++ lib/pam_strerror.c | 164 +++++++ lib/pam_verror.c | 80 ++++ lib/pam_vinfo.c | 80 ++++ lib/pam_vprompt.c | 129 ++++++ 60 files changed, 7073 insertions(+) create mode 100644 lib/Makefile.am create mode 100644 lib/Makefile.in create mode 100644 lib/openpam_borrow_cred.c create mode 100644 lib/openpam_configure.c create mode 100644 lib/openpam_dispatch.c create mode 100644 lib/openpam_dynamic.c create mode 100644 lib/openpam_findenv.c create mode 100644 lib/openpam_free_data.c create mode 100644 lib/openpam_free_envlist.c create mode 100644 lib/openpam_get_option.c create mode 100644 lib/openpam_impl.h create mode 100644 lib/openpam_load.c create mode 100644 lib/openpam_log.c create mode 100644 lib/openpam_nullconv.c create mode 100644 lib/openpam_readline.c create mode 100644 lib/openpam_restore_cred.c create mode 100644 lib/openpam_set_option.c create mode 100644 lib/openpam_static.c create mode 100644 lib/openpam_ttyconv.c create mode 100644 lib/pam_acct_mgmt.c create mode 100644 lib/pam_authenticate.c create mode 100644 lib/pam_authenticate_secondary.c create mode 100644 lib/pam_chauthtok.c create mode 100644 lib/pam_close_session.c create mode 100644 lib/pam_end.c create mode 100644 lib/pam_error.c create mode 100644 lib/pam_get_authtok.c create mode 100644 lib/pam_get_data.c create mode 100644 lib/pam_get_item.c create mode 100644 lib/pam_get_mapped_authtok.c create mode 100644 lib/pam_get_mapped_username.c create mode 100644 lib/pam_get_user.c create mode 100644 lib/pam_getenv.c create mode 100644 lib/pam_getenvlist.c create mode 100644 lib/pam_info.c create mode 100644 lib/pam_open_session.c create mode 100644 lib/pam_prompt.c create mode 100644 lib/pam_putenv.c create mode 100644 lib/pam_set_data.c create mode 100644 lib/pam_set_item.c create mode 100644 lib/pam_set_mapped_authtok.c create mode 100644 lib/pam_set_mapped_username.c create mode 100644 lib/pam_setcred.c create mode 100644 lib/pam_setenv.c create mode 100644 lib/pam_sm_acct_mgmt.c create mode 100644 lib/pam_sm_authenticate.c create mode 100644 lib/pam_sm_authenticate_secondary.c create mode 100644 lib/pam_sm_chauthtok.c create mode 100644 lib/pam_sm_close_session.c create mode 100644 lib/pam_sm_get_mapped_authtok.c create mode 100644 lib/pam_sm_get_mapped_username.c create mode 100644 lib/pam_sm_open_session.c create mode 100644 lib/pam_sm_set_mapped_authtok.c create mode 100644 lib/pam_sm_set_mapped_username.c create mode 100644 lib/pam_sm_setcred.c create mode 100644 lib/pam_start.c create mode 100644 lib/pam_strerror.c create mode 100644 lib/pam_verror.c create mode 100644 lib/pam_vinfo.c create mode 100644 lib/pam_vprompt.c (limited to 'lib') diff --git a/lib/Makefile.am b/lib/Makefile.am new file mode 100644 index 0000000..c748079 --- /dev/null +++ b/lib/Makefile.am @@ -0,0 +1,76 @@ +# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ + +NULL = + +INCLUDES = -I$(top_srcdir)/include + +lib_LTLIBRARIES = libpam.la + +noinst_HEADERS = openpam_impl.h + +libpam_la_SOURCES = \ + openpam_borrow_cred.c \ + openpam_configure.c \ + openpam_dispatch.c \ + openpam_dynamic.c \ + openpam_findenv.c \ + openpam_free_data.c \ + openpam_free_envlist.c \ + openpam_get_option.c \ + openpam_load.c \ + openpam_log.c \ + openpam_nullconv.c \ + openpam_readline.c \ + openpam_restore_cred.c \ + openpam_set_option.c \ + openpam_static.c \ + openpam_ttyconv.c \ + pam_acct_mgmt.c \ + pam_authenticate.c \ + pam_chauthtok.c \ + pam_close_session.c \ + pam_end.c \ + pam_error.c \ + pam_get_authtok.c \ + pam_get_data.c \ + pam_get_item.c \ + pam_get_user.c \ + pam_getenv.c \ + pam_getenvlist.c \ + pam_info.c \ + pam_open_session.c \ + pam_prompt.c \ + pam_putenv.c \ + pam_set_data.c \ + pam_set_item.c \ + pam_setcred.c \ + pam_setenv.c \ + pam_start.c \ + pam_strerror.c \ + pam_verror.c \ + pam_vinfo.c \ + pam_vprompt.c \ + $(NULL) + +libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' + +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ + +EXTRA_DIST = \ + pam_authenticate_secondary.c \ + pam_get_mapped_authtok.c \ + pam_get_mapped_username.c \ + pam_set_mapped_authtok.c \ + pam_set_mapped_username.c \ + \ + pam_sm_acct_mgmt.c \ + pam_sm_authenticate.c \ + pam_sm_authenticate_secondary.c \ + pam_sm_chauthtok.c \ + pam_sm_close_session.c \ + pam_sm_get_mapped_authtok.c \ + pam_sm_get_mapped_username.c \ + pam_sm_open_session.c \ + pam_sm_set_mapped_authtok.c \ + pam_sm_set_mapped_username.c \ + pam_sm_setcred.c diff --git a/lib/Makefile.in b/lib/Makefile.in new file mode 100644 index 0000000..f1ab0ad --- /dev/null +++ b/lib/Makefile.in @@ -0,0 +1,892 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ + + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = lib +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(libdir)" +libLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(lib_LTLIBRARIES) +libpam_la_LIBADD = +am__objects_1 = +am_libpam_la_OBJECTS = libpam_la-openpam_borrow_cred.lo \ + libpam_la-openpam_configure.lo libpam_la-openpam_dispatch.lo \ + libpam_la-openpam_dynamic.lo libpam_la-openpam_findenv.lo \ + libpam_la-openpam_free_data.lo \ + libpam_la-openpam_free_envlist.lo \ + libpam_la-openpam_get_option.lo libpam_la-openpam_load.lo \ + libpam_la-openpam_log.lo libpam_la-openpam_nullconv.lo \ + libpam_la-openpam_readline.lo \ + libpam_la-openpam_restore_cred.lo \ + libpam_la-openpam_set_option.lo libpam_la-openpam_static.lo \ + libpam_la-openpam_ttyconv.lo libpam_la-pam_acct_mgmt.lo \ + libpam_la-pam_authenticate.lo libpam_la-pam_chauthtok.lo \ + libpam_la-pam_close_session.lo libpam_la-pam_end.lo \ + libpam_la-pam_error.lo libpam_la-pam_get_authtok.lo \ + libpam_la-pam_get_data.lo libpam_la-pam_get_item.lo \ + libpam_la-pam_get_user.lo libpam_la-pam_getenv.lo \ + libpam_la-pam_getenvlist.lo libpam_la-pam_info.lo \ + libpam_la-pam_open_session.lo libpam_la-pam_prompt.lo \ + libpam_la-pam_putenv.lo libpam_la-pam_set_data.lo \ + libpam_la-pam_set_item.lo libpam_la-pam_setcred.lo \ + libpam_la-pam_setenv.lo libpam_la-pam_start.lo \ + libpam_la-pam_strerror.lo libpam_la-pam_verror.lo \ + libpam_la-pam_vinfo.lo libpam_la-pam_vprompt.lo \ + $(am__objects_1) +libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SOURCES = $(libpam_la_SOURCES) +DIST_SOURCES = $(libpam_la_SOURCES) +HEADERS = $(noinst_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DL_LIBS = @DL_LIBS@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +WITH_DOC_FALSE = @WITH_DOC_FALSE@ +WITH_DOC_TRUE = @WITH_DOC_TRUE@ +WITH_PAM_UNIX_FALSE = @WITH_PAM_UNIX_FALSE@ +WITH_PAM_UNIX_TRUE = @WITH_PAM_UNIX_TRUE@ +WITH_SU_FALSE = @WITH_SU_FALSE@ +WITH_SU_TRUE = @WITH_SU_TRUE@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +NULL = +INCLUDES = -I$(top_srcdir)/include +lib_LTLIBRARIES = libpam.la +noinst_HEADERS = openpam_impl.h +libpam_la_SOURCES = \ + openpam_borrow_cred.c \ + openpam_configure.c \ + openpam_dispatch.c \ + openpam_dynamic.c \ + openpam_findenv.c \ + openpam_free_data.c \ + openpam_free_envlist.c \ + openpam_get_option.c \ + openpam_load.c \ + openpam_log.c \ + openpam_nullconv.c \ + openpam_readline.c \ + openpam_restore_cred.c \ + openpam_set_option.c \ + openpam_static.c \ + openpam_ttyconv.c \ + pam_acct_mgmt.c \ + pam_authenticate.c \ + pam_chauthtok.c \ + pam_close_session.c \ + pam_end.c \ + pam_error.c \ + pam_get_authtok.c \ + pam_get_data.c \ + pam_get_item.c \ + pam_get_user.c \ + pam_getenv.c \ + pam_getenvlist.c \ + pam_info.c \ + pam_open_session.c \ + pam_prompt.c \ + pam_putenv.c \ + pam_set_data.c \ + pam_set_item.c \ + pam_setcred.c \ + pam_setenv.c \ + pam_start.c \ + pam_strerror.c \ + pam_verror.c \ + pam_vinfo.c \ + pam_vprompt.c \ + $(NULL) + +libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ +EXTRA_DIST = \ + pam_authenticate_secondary.c \ + pam_get_mapped_authtok.c \ + pam_get_mapped_username.c \ + pam_set_mapped_authtok.c \ + pam_set_mapped_username.c \ + \ + pam_sm_acct_mgmt.c \ + pam_sm_authenticate.c \ + pam_sm_authenticate_secondary.c \ + pam_sm_chauthtok.c \ + pam_sm_close_session.c \ + pam_sm_get_mapped_authtok.c \ + pam_sm_get_mapped_username.c \ + pam_sm_open_session.c \ + pam_sm_set_mapped_authtok.c \ + pam_sm_set_mapped_username.c \ + pam_sm_setcred.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + else :; fi; \ + done + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ + $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libpam_la_LDFLAGS) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_configure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dispatch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dynamic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_findenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_envlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_get_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_load.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_nullconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_readline.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_restore_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_set_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_static.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_ttyconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_authenticate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_chauthtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_close_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_end.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_authtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_user.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenvlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_open_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_prompt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_putenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setcred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_start.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_strerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_verror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vprompt.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libpam_la-openpam_borrow_cred.lo: openpam_borrow_cred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_borrow_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_borrow_cred.c' object='libpam_la-openpam_borrow_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c + +libpam_la-openpam_configure.lo: openpam_configure.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_configure.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_configure.Tpo" -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo" "$(DEPDIR)/libpam_la-openpam_configure.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_configure.c' object='libpam_la-openpam_configure.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c + +libpam_la-openpam_dispatch.lo: openpam_dispatch.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dispatch.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" "$(DEPDIR)/libpam_la-openpam_dispatch.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dispatch.c' object='libpam_la-openpam_dispatch.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c + +libpam_la-openpam_dynamic.lo: openpam_dynamic.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dynamic.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" "$(DEPDIR)/libpam_la-openpam_dynamic.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dynamic.c' object='libpam_la-openpam_dynamic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c + +libpam_la-openpam_findenv.lo: openpam_findenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_findenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" "$(DEPDIR)/libpam_la-openpam_findenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_findenv.c' object='libpam_la-openpam_findenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c + +libpam_la-openpam_free_data.lo: openpam_free_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" "$(DEPDIR)/libpam_la-openpam_free_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_data.c' object='libpam_la-openpam_free_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c + +libpam_la-openpam_free_envlist.lo: openpam_free_envlist.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_envlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" "$(DEPDIR)/libpam_la-openpam_free_envlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_envlist.c' object='libpam_la-openpam_free_envlist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c + +libpam_la-openpam_get_option.lo: openpam_get_option.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_get_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" "$(DEPDIR)/libpam_la-openpam_get_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_get_option.c' object='libpam_la-openpam_get_option.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c + +libpam_la-openpam_load.lo: openpam_load.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_load.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_load.Tpo" -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_load.Tpo" "$(DEPDIR)/libpam_la-openpam_load.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_load.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_load.c' object='libpam_la-openpam_load.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c + +libpam_la-openpam_log.lo: openpam_log.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_log.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_log.Tpo" -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_log.Tpo" "$(DEPDIR)/libpam_la-openpam_log.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_log.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_log.c' object='libpam_la-openpam_log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c + +libpam_la-openpam_nullconv.lo: openpam_nullconv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_nullconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" "$(DEPDIR)/libpam_la-openpam_nullconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_nullconv.c' object='libpam_la-openpam_nullconv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c + +libpam_la-openpam_readline.lo: openpam_readline.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_readline.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_readline.Tpo" -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo" "$(DEPDIR)/libpam_la-openpam_readline.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_readline.c' object='libpam_la-openpam_readline.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c + +libpam_la-openpam_restore_cred.lo: openpam_restore_cred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_restore_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_restore_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_restore_cred.c' object='libpam_la-openpam_restore_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c + +libpam_la-openpam_set_option.lo: openpam_set_option.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_set_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" "$(DEPDIR)/libpam_la-openpam_set_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_set_option.c' object='libpam_la-openpam_set_option.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c + +libpam_la-openpam_static.lo: openpam_static.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_static.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_static.Tpo" -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_static.Tpo" "$(DEPDIR)/libpam_la-openpam_static.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_static.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_static.c' object='libpam_la-openpam_static.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c + +libpam_la-openpam_ttyconv.lo: openpam_ttyconv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_ttyconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" "$(DEPDIR)/libpam_la-openpam_ttyconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_ttyconv.c' object='libpam_la-openpam_ttyconv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c + +libpam_la-pam_acct_mgmt.lo: pam_acct_mgmt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_acct_mgmt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" "$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_acct_mgmt.c' object='libpam_la-pam_acct_mgmt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c + +libpam_la-pam_authenticate.lo: pam_authenticate.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_authenticate.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" "$(DEPDIR)/libpam_la-pam_authenticate.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_authenticate.c' object='libpam_la-pam_authenticate.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c + +libpam_la-pam_chauthtok.lo: pam_chauthtok.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_chauthtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" "$(DEPDIR)/libpam_la-pam_chauthtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_chauthtok.c' object='libpam_la-pam_chauthtok.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c + +libpam_la-pam_close_session.lo: pam_close_session.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_close_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_close_session.Tpo" -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo" "$(DEPDIR)/libpam_la-pam_close_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_close_session.c' object='libpam_la-pam_close_session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c + +libpam_la-pam_end.lo: pam_end.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_end.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_end.Tpo" -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_end.Tpo" "$(DEPDIR)/libpam_la-pam_end.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_end.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_end.c' object='libpam_la-pam_end.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c + +libpam_la-pam_error.lo: pam_error.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_error.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_error.Tpo" -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_error.Tpo" "$(DEPDIR)/libpam_la-pam_error.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_error.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_error.c' object='libpam_la-pam_error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c + +libpam_la-pam_get_authtok.lo: pam_get_authtok.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_authtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" "$(DEPDIR)/libpam_la-pam_get_authtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_authtok.c' object='libpam_la-pam_get_authtok.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c + +libpam_la-pam_get_data.lo: pam_get_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_data.Tpo" -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo" "$(DEPDIR)/libpam_la-pam_get_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_data.c' object='libpam_la-pam_get_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c + +libpam_la-pam_get_item.lo: pam_get_item.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_item.Tpo" -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo" "$(DEPDIR)/libpam_la-pam_get_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_item.c' object='libpam_la-pam_get_item.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c + +libpam_la-pam_get_user.lo: pam_get_user.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_user.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_user.Tpo" -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo" "$(DEPDIR)/libpam_la-pam_get_user.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_user.c' object='libpam_la-pam_get_user.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c + +libpam_la-pam_getenv.lo: pam_getenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenv.Tpo" -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo" "$(DEPDIR)/libpam_la-pam_getenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenv.c' object='libpam_la-pam_getenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c + +libpam_la-pam_getenvlist.lo: pam_getenvlist.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenvlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" "$(DEPDIR)/libpam_la-pam_getenvlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenvlist.c' object='libpam_la-pam_getenvlist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c + +libpam_la-pam_info.lo: pam_info.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_info.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_info.Tpo" -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_info.Tpo" "$(DEPDIR)/libpam_la-pam_info.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_info.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_info.c' object='libpam_la-pam_info.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c + +libpam_la-pam_open_session.lo: pam_open_session.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_open_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_open_session.Tpo" -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo" "$(DEPDIR)/libpam_la-pam_open_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_open_session.c' object='libpam_la-pam_open_session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c + +libpam_la-pam_prompt.lo: pam_prompt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_prompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_prompt.Tpo" -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo" "$(DEPDIR)/libpam_la-pam_prompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_prompt.c' object='libpam_la-pam_prompt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c + +libpam_la-pam_putenv.lo: pam_putenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_putenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_putenv.Tpo" -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo" "$(DEPDIR)/libpam_la-pam_putenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_putenv.c' object='libpam_la-pam_putenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c + +libpam_la-pam_set_data.lo: pam_set_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_data.Tpo" -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo" "$(DEPDIR)/libpam_la-pam_set_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_data.c' object='libpam_la-pam_set_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c + +libpam_la-pam_set_item.lo: pam_set_item.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_item.Tpo" -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo" "$(DEPDIR)/libpam_la-pam_set_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_item.c' object='libpam_la-pam_set_item.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c + +libpam_la-pam_setcred.lo: pam_setcred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setcred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setcred.Tpo" -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo" "$(DEPDIR)/libpam_la-pam_setcred.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setcred.c' object='libpam_la-pam_setcred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c + +libpam_la-pam_setenv.lo: pam_setenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setenv.Tpo" -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo" "$(DEPDIR)/libpam_la-pam_setenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setenv.c' object='libpam_la-pam_setenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c + +libpam_la-pam_start.lo: pam_start.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_start.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_start.Tpo" -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_start.Tpo" "$(DEPDIR)/libpam_la-pam_start.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_start.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_start.c' object='libpam_la-pam_start.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c + +libpam_la-pam_strerror.lo: pam_strerror.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_strerror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_strerror.Tpo" -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo" "$(DEPDIR)/libpam_la-pam_strerror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_strerror.c' object='libpam_la-pam_strerror.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c + +libpam_la-pam_verror.lo: pam_verror.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_verror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_verror.Tpo" -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_verror.Tpo" "$(DEPDIR)/libpam_la-pam_verror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_verror.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_verror.c' object='libpam_la-pam_verror.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c + +libpam_la-pam_vinfo.lo: pam_vinfo.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vinfo.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" "$(DEPDIR)/libpam_la-pam_vinfo.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vinfo.c' object='libpam_la-pam_vinfo.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c + +libpam_la-pam_vprompt.lo: pam_vprompt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vprompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" "$(DEPDIR)/libpam_la-pam_vprompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vprompt.c' object='libpam_la-pam_vprompt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-exec-am: install-libLTLIBRARIES + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-info-am \ + uninstall-libLTLIBRARIES + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/openpam_borrow_cred.c b/lib/openpam_borrow_cred.c new file mode 100644 index 0000000..79a349f --- /dev/null +++ b/lib/openpam_borrow_cred.c @@ -0,0 +1,121 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_borrow_cred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Temporarily borrow user credentials + */ + +int +openpam_borrow_cred(pam_handle_t *pamh, + const struct passwd *pwd) +{ + struct pam_saved_cred *scred; + const void *scredp; + int r; + + ENTERI(pwd->pw_uid); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r == PAM_SUCCESS && scredp != NULL) { + openpam_log(PAM_LOG_DEBUG, + "already operating under borrowed credentials"); + RETURNC(PAM_SYSTEM_ERR); + } + if (geteuid() != 0 && geteuid() != pwd->pw_uid) { + openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d", + (int)geteuid()); + RETURNC(PAM_PERM_DENIED); + } + scred = calloc(1, sizeof *scred); + if (scred == NULL) + RETURNC(PAM_BUF_ERR); + scred->euid = geteuid(); + scred->egid = getegid(); + r = getgroups(NGROUPS_MAX, scred->groups); + if (r < 0) { + FREE(scred); + RETURNC(PAM_SYSTEM_ERR); + } + scred->ngroups = r; + r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); + if (r != PAM_SUCCESS) { + FREE(scred); + RETURNC(r); + } + if (geteuid() == pwd->pw_uid) + RETURNC(PAM_SUCCESS); + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { + openpam_restore_cred(pamh); + RETURNC(PAM_SYSTEM_ERR); + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_set_data + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_PERM_DENIED + */ + +/** + * The =openpam_borrow_cred function saves the current credentials and + * switches to those of the user specified by its =pwd argument. + * The affected credentials are the effective UID, the effective GID, and + * the group access list. + * The original credentials can be restored using =openpam_restore_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/lib/openpam_configure.c b/lib/openpam_configure.c new file mode 100644 index 0000000..f9197ad --- /dev/null +++ b/lib/openpam_configure.c @@ -0,0 +1,340 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_configure.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} + +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ +static int +openpam_read_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility, + const char *filename, + openpam_style_t style) +{ + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; + FILE *f; + + if ((f = fopen(filename, "r")) == NULL) { + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, + "%s: %m", filename); + return (0); + } + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; + + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } + + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); + continue; + } + p = next_word(p); + + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); + continue; + } + + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; + + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; + } + this->flag = ctlf; + + /* module name */ + p = next_word(p); + if (*p == '\0') { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing module name", + filename, lineno); + goto fail; + } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; + + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); + } + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); + } + + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; + fclose(f); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); +} + +static const char *openpam_policy_path[] = { + "/etc/pam.d/", + "/etc/pam.conf", + "/usr/local/etc/pam.d/", + "/usr/local/etc/pam.conf", + NULL +}; + +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ +static int +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) +{ + const char **path; + char *filename; + size_t len; + int r; + + for (path = openpam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); + return (-PAM_BUF_ERR); + } + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); + } else { + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); + } + if (r != 0) + return (r); + } + return (0); +} + +/* + * OpenPAM internal + * + * Configure a service + */ + +int +openpam_configure(pam_handle_t *pamh, + const char *service) +{ + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; + } + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + * + * Error codes: + * PAM_SYSTEM_ERR + */ diff --git a/lib/openpam_dispatch.c b/lib/openpam_dispatch.c new file mode 100644 index 0000000..69fe472 --- /dev/null +++ b/lib/openpam_dispatch.c @@ -0,0 +1,240 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_dispatch.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#if !defined(OPENPAM_RELAX_CHECKS) +static void _openpam_check_error_code(int, int); +#else +#define _openpam_check_error_code(a, b) +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * OpenPAM internal + * + * Execute a module chain + */ + +int +openpam_dispatch(pam_handle_t *pamh, + int primitive, + int flags) +{ + pam_chain_t *chain; + int err, fail, r; +#ifdef DEBUG + int debug; +#endif + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* prevent recursion */ + if (pamh->current != NULL) { + openpam_log(PAM_LOG_ERROR, + "%s() called while %s::%s() is in progress", + _pam_func_name[primitive], + pamh->current->module->path, + _pam_sm_func_name[pamh->primitive]); + RETURNC(PAM_ABORT); + } + + /* pick a chain */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + case PAM_SM_SETCRED: + chain = pamh->chains[PAM_AUTH]; + break; + case PAM_SM_ACCT_MGMT: + chain = pamh->chains[PAM_ACCOUNT]; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + chain = pamh->chains[PAM_SESSION]; + break; + case PAM_SM_CHAUTHTOK: + chain = pamh->chains[PAM_PASSWORD]; + break; + default: + RETURNC(PAM_SYSTEM_ERR); + } + + /* execute */ + for (err = fail = 0; chain != NULL; chain = chain->next) { + if (chain->module->func[primitive] == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: no %s()", + chain->module->path, _pam_sm_func_name[primitive]); + continue; + } else { + pamh->primitive = primitive; + pamh->current = chain; +#ifdef DEBUG + debug = (openpam_get_option(pamh, "debug") != NULL); + if (debug) + ++_openpam_debug; + openpam_log(PAM_LOG_DEBUG, "calling %s() in %s", + _pam_sm_func_name[primitive], chain->module->path); +#endif + r = (chain->module->func[primitive])(pamh, flags, + chain->optc, (const char **)chain->optv); + pamh->current = NULL; +#ifdef DEBUG + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + chain->module->path, _pam_sm_func_name[primitive], + pam_strerror(pamh, r)); + if (debug) + --_openpam_debug; +#endif + } + + if (r == PAM_IGNORE) + continue; + if (r == PAM_SUCCESS) { + /* + * For pam_setcred() and pam_chauthtok() with the + * PAM_PRELIM_CHECK flag, treat "sufficient" as + * "optional". + */ + if ((chain->flag == PAM_SUFFICIENT || + chain->flag == PAM_BINDING) && !fail && + primitive != PAM_SM_SETCRED && + !(primitive == PAM_SM_CHAUTHTOK && + (flags & PAM_PRELIM_CHECK))) + break; + continue; + } + + _openpam_check_error_code(primitive, r); + + /* + * Record the return code from the first module to + * fail. If a required module fails, record the + * return code from the first required module to fail. + */ + if (err == 0) + err = r; + if ((chain->flag == PAM_REQUIRED || + chain->flag == PAM_BINDING) && !fail) { + openpam_log(PAM_LOG_DEBUG, "required module failed"); + fail = 1; + err = r; + } + + /* + * If a requisite module fails, terminate the chain + * immediately. + */ + if (chain->flag == PAM_REQUISITE) { + openpam_log(PAM_LOG_DEBUG, "requisite module failed"); + fail = 1; + break; + } + } + + if (!fail && err != PAM_NEW_AUTHTOK_REQD) + err = PAM_SUCCESS; + RETURNC(err); +} + +#if !defined(OPENPAM_RELAX_CHECKS) +static void +_openpam_check_error_code(int primitive, int r) +{ + /* common error codes */ + if (r == PAM_SUCCESS || + r == PAM_SERVICE_ERR || + r == PAM_BUF_ERR || + r == PAM_CONV_ERR || + r == PAM_PERM_DENIED || + r == PAM_ABORT) + return; + + /* specific error codes */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + if (r == PAM_AUTH_ERR || + r == PAM_CRED_INSUFFICIENT || + r == PAM_AUTHINFO_UNAVAIL || + r == PAM_USER_UNKNOWN || + r == PAM_MAXTRIES) + return; + break; + case PAM_SM_SETCRED: + if (r == PAM_CRED_UNAVAIL || + r == PAM_CRED_EXPIRED || + r == PAM_USER_UNKNOWN || + r == PAM_CRED_ERR) + return; + break; + case PAM_SM_ACCT_MGMT: + if (r == PAM_USER_UNKNOWN || + r == PAM_AUTH_ERR || + r == PAM_NEW_AUTHTOK_REQD || + r == PAM_ACCT_EXPIRED) + return; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + if (r == PAM_SESSION_ERR) + return; + break; + case PAM_SM_CHAUTHTOK: + if (r == PAM_PERM_DENIED || + r == PAM_AUTHTOK_ERR || + r == PAM_AUTHTOK_RECOVERY_ERR || + r == PAM_AUTHTOK_LOCK_BUSY || + r == PAM_AUTHTOK_DISABLE_AGING || + r == PAM_TRY_AGAIN) + return; + break; + } + + openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", + _pam_sm_func_name[primitive], r); +} +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * NODOC + * + * Error codes: + */ diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c new file mode 100644 index 0000000..084408e --- /dev/null +++ b/lib/openpam_dynamic.c @@ -0,0 +1,110 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_dynamic.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + +/* + * OpenPAM internal + * + * Locate a dynamically linked module + */ + +pam_module_t * +openpam_dynamic(const char *path) +{ + pam_module_t *module; + const char *prefix; + char *vpath; + void *dlh; + int i; + + dlh = NULL; + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; + + /* Prepend the standard prefix if not an absolute pathname. */ + if (path[0] != '/') + prefix = OPENPAM_MODULES_DIR; + else + prefix = ""; + + /* try versioned module first, then unversioned module */ + if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0) + goto buf_err; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + *strrchr(vpath, '.') = '\0'; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + FREE(vpath); + FREE(module); + return (NULL); + } + } + FREE(vpath); + if ((module->path = strdup(path)) == NULL) + goto buf_err; + module->dlh = dlh; + for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { + module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); + if (module->func[i] == NULL) + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + path, _pam_sm_func_name[i], dlerror()); + } + return (module); + buf_err: + openpam_log(PAM_LOG_ERROR, "%m"); + if (dlh != NULL) + dlclose(dlh); + FREE(module); + return (NULL); +} + +/* + * NOPARSE + */ diff --git a/lib/openpam_findenv.c b/lib/openpam_findenv.c new file mode 100644 index 0000000..d78e147 --- /dev/null +++ b/lib/openpam_findenv.c @@ -0,0 +1,69 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_findenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM internal + * + * Locate an environment variable + */ + +int +openpam_findenv(pam_handle_t *pamh, + const char *name, + size_t len) +{ + int i; + + ENTER(); + if (pamh == NULL) + RETURNN(-1); + for (i = 0; i < pamh->env_count; ++i) + if (strncmp(pamh->env[i], name, len) == 0 && + pamh->env[i][len] == '=') + RETURNN(i); + RETURNN(-1); +} + +/* + * NODOC + */ diff --git a/lib/openpam_free_data.c b/lib/openpam_free_data.c new file mode 100644 index 0000000..e071c0a --- /dev/null +++ b/lib/openpam_free_data.c @@ -0,0 +1,72 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_free_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Generic cleanup function + */ + +void +openpam_free_data(pam_handle_t *pamh, + void *data, + int status) +{ + + ENTER(); + (void)pamh; + (void)status; + FREE(data); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_data function is a cleanup function suitable for + * passing to =pam_set_data. + * It simply releases the data by passing its =data argument to =free. + */ diff --git a/lib/openpam_free_envlist.c b/lib/openpam_free_envlist.c new file mode 100644 index 0000000..346c2dd --- /dev/null +++ b/lib/openpam_free_envlist.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2005 Dag-Erling Coïdan Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $Id: openpam_free_envlist.c 320 2006-02-16 20:33:19Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Free an environment list + */ + +void +openpam_free_envlist(char **envlist) +{ + char **env; + + ENTER(); + if (envlist == NULL) + RETURNV(); + for (env = envlist; *env != NULL; ++env) + FREE(*env); + FREE(envlist); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_envlist function is a convenience function which + * frees all the environment variables in an environment list, and the + * list itself. + * It is suitable for freeing the return value from =pam_getenvlist. + */ diff --git a/lib/openpam_get_option.c b/lib/openpam_get_option.c new file mode 100644 index 0000000..73bc070 --- /dev/null +++ b/lib/openpam_get_option.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_get_option.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Returns the value of a module option + */ + +const char * +openpam_get_option(pam_handle_t *pamh, + const char *option) +{ + pam_chain_t *cur; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNS(NULL); + cur = pamh->current; + len = strlen(option); + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0) { + if (cur->optv[i][len] == '\0') + RETURNS(&cur->optv[i][len]); + else if (cur->optv[i][len] == '=') + RETURNS(&cur->optv[i][len + 1]); + } + } + RETURNS(NULL); +} + +/** + * The =openpam_get_option function returns the value of the specified + * option in the context of the currently executing service module, or + * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option + */ diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h new file mode 100644 index 0000000..7704d4e --- /dev/null +++ b/lib/openpam_impl.h @@ -0,0 +1,200 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $ + */ + +#ifndef _OPENPAM_IMPL_H_INCLUDED +#define _OPENPAM_IMPL_H_INCLUDED + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_err_name[PAM_NUM_ERRORS]; +extern const char *_pam_item_name[PAM_NUM_ITEMS]; + +extern int _openpam_debug; + +/* + * Control flags + */ +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; + +/* + * Facilities + */ +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; + +typedef struct pam_chain pam_chain_t; +struct pam_chain { + pam_module_t *module; + int flag; + int optc; + char **optv; + pam_chain_t *next; +}; + +typedef struct pam_data pam_data_t; +struct pam_data { + char *name; + void *data; + void (*cleanup)(pam_handle_t *, void *, int); + pam_data_t *next; +}; + +struct pam_handle { + char *service; + + /* chains */ + pam_chain_t *chains[PAM_NUM_FACILITIES]; + pam_chain_t *current; + int primitive; + + /* items and data */ + void *item[PAM_NUM_ITEMS]; + pam_data_t *module_data; + + /* environment list */ + char **env; + int env_count; + int env_size; +}; + +#ifdef NGROUPS_MAX +#define PAM_SAVED_CRED "pam_saved_cred" +struct pam_saved_cred { + uid_t euid; + gid_t egid; + gid_t groups[NGROUPS_MAX]; + int ngroups; +}; +#endif + +#define PAM_OTHER "other" + +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); + +#ifdef OPENPAM_STATIC_MODULES +pam_module_t *openpam_static(const char *); +#endif +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) + +#ifdef DEBUG +#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTERI(i) do { \ + int _i = (i); \ + if (_i > 0 && _i < PAM_NUM_ITEMS) \ + openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \ +} while (0) +#define ENTERN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \ +} while (0) +#define ENTERS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define RETURNC(c) do { \ + int _c = (c); \ + if (_c >= 0 && _c < PAM_NUM_ERRORS) \ + openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \ + return (_c); \ +} while (0) +#define RETURNN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \ + return (_n); \ +} while (0) +#define RETURNP(p) do { \ + const void *_p = (p); \ + if (_p == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \ + return (p); \ +} while (0) +#define RETURNS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \ + return (_s); \ +} while (0) +#else +#define ENTER() +#define ENTERI(i) +#define ENTERN(n) +#define ENTERS(s) +#define RETURNV() return +#define RETURNC(c) return (c) +#define RETURNN(n) return (n) +#define RETURNP(p) return (p) +#define RETURNS(s) return (s) +#endif + +#endif diff --git a/lib/openpam_load.c b/lib/openpam_load.c new file mode 100644 index 0000000..303f3f5 --- /dev/null +++ b/lib/openpam_load.c @@ -0,0 +1,153 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_load.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_func_name[PAM_NUM_PRIMITIVES] = { + "pam_authenticate", + "pam_setcred", + "pam_acct_mgmt", + "pam_open_session", + "pam_close_session", + "pam_chauthtok" +}; + +const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_authenticate", + "pam_sm_setcred", + "pam_sm_acct_mgmt", + "pam_sm_open_session", + "pam_sm_close_session", + "pam_sm_chauthtok" +}; + +/* + * Locate a matching dynamic or static module. + */ + +pam_module_t * +openpam_load_module(const char *path) +{ + pam_module_t *module; + + module = openpam_dynamic(path); + openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", + (module == NULL) ? "no" : "using", path); + +#ifdef OPENPAM_STATIC_MODULES + /* look for a static module */ + if (module == NULL && strchr(path, '/') == NULL) { + module = openpam_static(path); + openpam_log(PAM_LOG_DEBUG, "%s static %s", + (module == NULL) ? "no" : "using", path); + } +#endif + if (module == NULL) { + openpam_log(PAM_LOG_ERROR, "no %s found", path); + return (NULL); + } + return (module); +} + + +/* + * Release a module. + * XXX highly thread-unsafe + */ + +static void +openpam_release_module(pam_module_t *module) +{ + if (module == NULL) + return; + if (module->dlh == NULL) + /* static module */ + return; + dlclose(module->dlh); + openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); + FREE(module->path); + FREE(module); +} + + +/* + * Destroy a chain, freeing all its links and releasing the modules + * they point to. + */ + +static void +openpam_destroy_chain(pam_chain_t *chain) +{ + if (chain == NULL) + return; + openpam_destroy_chain(chain->next); + chain->next = NULL; + while (chain->optc) { + --chain->optc; + FREE(chain->optv[chain->optc]); + } + FREE(chain->optv); + openpam_release_module(chain->module); + chain->module = NULL; + FREE(chain); +} + + +/* + * Clear the chains and release the modules + */ + +void +openpam_clear_chains(pam_chain_t *policy[]) +{ + int i; + + for (i = 0; i < PAM_NUM_FACILITIES; ++i) { + openpam_destroy_chain(policy[i]); + policy[i] = NULL; + } +} + +/* + * NOPARSE + */ diff --git a/lib/openpam_log.c b/lib/openpam_log.c new file mode 100644 index 0000000..e492294 --- /dev/null +++ b/lib/openpam_log.c @@ -0,0 +1,158 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_log.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +#ifdef OPENPAM_DEBUG +int _openpam_debug = 1; +#else +int _openpam_debug = 0; +#endif + +#if !defined(openpam_log) + +/* + * OpenPAM extension + * + * Log a message through syslog + */ + +void +openpam_log(int level, const char *fmt, ...) +{ + va_list ap; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + vsyslog(priority, fmt, ap); + va_end(ap); +} + +#else + +void +_openpam_log(int level, const char *func, const char *fmt, ...) +{ + va_list ap; + char *format; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } + va_end(ap); +} + +#endif + +/** + * The =openpam_log function logs messages using =syslog. + * It is primarily intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. + * The following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. + * These messages are normally not logged unless the global + * integer variable :_openpam_debug is set to a non-zero + * value, in which case they are logged with a =syslog + * priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. + * These messages are logged with a =syslog priority of + * =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. + * These messages are logged with a =syslog priority of + * =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. + * These messages are logged with a =syslog priority of + * =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. + */ diff --git a/lib/openpam_nullconv.c b/lib/openpam_nullconv.c new file mode 100644 index 0000000..3294dcf --- /dev/null +++ b/lib/openpam_nullconv.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_nullconv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Null conversation function + */ + +int +openpam_nullconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + + ENTER(); + (void)n; + (void)msg; + (void)resp; + (void)data; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_CONV_ERR + */ + +/** + * The =openpam_nullconv function is a null conversation function suitable + * for applications that want to use PAM but don't support interactive + * dialog with the user. + * Such applications should set =PAM_AUTHTOK to whatever authentication + * token they've obtained on their own before calling =pam_authenticate + * and / or =pam_chauthtok, and their PAM configuration should specify the + * ;use_first_pass option for all modules that require access to the + * authentication token, to make sure they use =PAM_AUTHTOK rather than + * try to query the user. + * + * >openpam_ttyconv + * >pam_prompt + * >pam_set_item + * >pam_vprompt + */ diff --git a/lib/openpam_readline.c b/lib/openpam_readline.c new file mode 100644 index 0000000..17f03f3 --- /dev/null +++ b/lib/openpam_readline.c @@ -0,0 +1,155 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_readline.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace((int)line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace((int)line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/lib/openpam_restore_cred.c b/lib/openpam_restore_cred.c new file mode 100644 index 0000000..20e80d4 --- /dev/null +++ b/lib/openpam_restore_cred.c @@ -0,0 +1,94 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_restore_cred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Restore credentials + */ + +int +openpam_restore_cred(pam_handle_t *pamh) +{ + const struct pam_saved_cred *scred; + const void *scredp; + int r; + + ENTER(); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r != PAM_SUCCESS) + RETURNC(r); + if (scredp == NULL) + RETURNC(PAM_SYSTEM_ERR); + scred = scredp; + if (scred->euid != geteuid()) { + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) + RETURNC(PAM_SYSTEM_ERR); + } + pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_get_data + * PAM_SYSTEM_ERR + */ + +/** + * The =openpam_restore_cred function restores the credentials saved by + * =openpam_borrow_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/lib/openpam_set_option.c b/lib/openpam_set_option.c new file mode 100644 index 0000000..57161d3 --- /dev/null +++ b/lib/openpam_set_option.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_set_option.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Sets the value of a module option + */ + +int +openpam_set_option(pam_handle_t *pamh, + const char *option, + const char *value) +{ + pam_chain_t *cur; + char *opt, **optv; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNC(PAM_SYSTEM_ERR); + cur = pamh->current; + for (len = 0; option[len] != '\0'; ++len) + if (option[len] == '=') + break; + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0 && + (cur->optv[i][len] == '\0' || cur->optv[i][len] == '=')) + break; + } + if (value == NULL) { + /* remove */ + if (i == cur->optc) + RETURNC(PAM_SUCCESS); + for (free(cur->optv[i]); i < cur->optc; ++i) + cur->optv[i] = cur->optv[i + 1]; + cur->optv[i] = NULL; + RETURNC(PAM_SUCCESS); + } + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) + RETURNC(PAM_BUF_ERR); + if (i == cur->optc) { + /* add */ + optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); + if (optv == NULL) { + FREE(opt); + RETURNC(PAM_BUF_ERR); + } + optv[i] = opt; + optv[i + 1] = NULL; + cur->optv = optv; + ++cur->optc; + } else { + /* replace */ + FREE(cur->optv[i]); + cur->optv[i] = opt; + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =openpam_set_option function sets the specified option in the + * context of the currently executing service module. + * + * >openpam_get_option + */ diff --git a/lib/openpam_static.c b/lib/openpam_static.c new file mode 100644 index 0000000..c06ceed --- /dev/null +++ b/lib/openpam_static.c @@ -0,0 +1,70 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_static.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#ifdef OPENPAM_STATIC_MODULES + +SET_DECLARE(_openpam_static_modules, pam_module_t); + +/* + * OpenPAM internal + * + * Locate a statically linked module + */ + +pam_module_t * +openpam_static(const char *path) +{ + pam_module_t **module; + + SET_FOREACH(module, _openpam_static_modules) { + if (strcmp((*module)->path, path) == 0) + return (*module); + } + return (NULL); +} + +#endif + +/* + * NOPARSE + */ diff --git a/lib/openpam_ttyconv.c b/lib/openpam_ttyconv.c new file mode 100644 index 0000000..a6820b9 --- /dev/null +++ b/lib/openpam_ttyconv.c @@ -0,0 +1,248 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_ttyconv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +int openpam_ttyconv_timeout = 0; + +static void +timeout(int sig) +{ + + (void)sig; +} + +static char * +prompt(const char *msg) +{ + char buf[PAM_MAX_RESP_SIZE]; + struct sigaction action, saved_action; + sigset_t saved_sigset, sigset; + unsigned int saved_alarm; + int eof, error, fd; + size_t len; + char *retval; + char ch; + + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGTSTP); + sigprocmask(SIG_SETMASK, &sigset, &saved_sigset); + action.sa_handler = &timeout; + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + sigaction(SIGALRM, &action, &saved_action); + fputs(msg, stdout); + fflush(stdout); +#ifdef HAVE_FPURGE + fpurge(stdin); +#endif + fd = fileno(stdin); + buf[0] = '\0'; + eof = error = 0; + saved_alarm = 0; + if (openpam_ttyconv_timeout >= 0) + saved_alarm = alarm(openpam_ttyconv_timeout); + ch = '\0'; + for (len = 0; ch != '\n' && !eof && !error; ++len) { + switch (read(fd, &ch, 1)) { + case 1: + if (len < PAM_MAX_RESP_SIZE - 1) { + buf[len + 1] = '\0'; + buf[len] = ch; + } + break; + case 0: + eof = 1; + break; + default: + error = errno; + break; + } + } + if (openpam_ttyconv_timeout >= 0) + alarm(0); + sigaction(SIGALRM, &saved_action, NULL); + sigprocmask(SIG_SETMASK, &saved_sigset, NULL); + if (saved_alarm > 0) + alarm(saved_alarm); + if (error == EINTR) + fputs(" timeout!", stderr); + if (error || eof) { + fputs("\n", stderr); + memset(buf, 0, sizeof(buf)); + return (NULL); + } + /* trim trailing whitespace */ + for (len = strlen(buf); len > 0; --len) + if (buf[len - 1] != '\r' && buf[len - 1] != '\n') + break; + buf[len] = '\0'; + retval = strdup(buf); + memset(buf, 0, sizeof(buf)); + return (retval); +} + +static char * +prompt_echo_off(const char *msg) +{ + struct termios tattr; + tcflag_t lflag; + char *ret; + int fd; + + fd = fileno(stdin); + if (tcgetattr(fd, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m"); + return (NULL); + } + lflag = tattr.c_lflag; + tattr.c_lflag &= ~ECHO; + if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m"); + return (NULL); + } + ret = prompt(msg); + tattr.c_lflag = lflag; + (void)tcsetattr(fd, TCSANOW, &tattr); + if (ret != NULL) + fputs("\n", stdout); + return (ret); +} + +/* + * OpenPAM extension + * + * Simple tty-based conversation function + */ + +int +openpam_ttyconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + struct pam_response *aresp; + int i; + + ENTER(); + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + RETURNC(PAM_CONV_ERR); + if ((aresp = calloc(n, sizeof *aresp)) == NULL) + RETURNC(PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + aresp[i].resp_retcode = 0; + aresp[i].resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + aresp[i].resp = prompt_echo_off(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_PROMPT_ECHO_ON: + aresp[i].resp = prompt(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_ERROR_MSG: + fputs(msg[i]->msg, stderr); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stderr); + break; + case PAM_TEXT_INFO: + fputs(msg[i]->msg, stdout); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stdout); + break; + default: + goto fail; + } + } + *resp = aresp; + RETURNC(PAM_SUCCESS); + fail: + for (i = 0; i < n; ++i) { + if (aresp[i].resp != NULL) { + memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + FREE(aresp[i].resp); + } + } + memset(aresp, 0, n * sizeof *aresp); + FREE(aresp); + *resp = NULL; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =openpam_ttyconv function is a standard conversation function + * suitable for use on TTY devices. + * It should be adequate for the needs of most text-based interactive + * programs. + * + * The =openpam_ttyconv function allows the application to specify a + * timeout for user input by setting the global integer variable + * :openpam_ttyconv_timeout to the length of the timeout in seconds. + * + * >openpam_nullconv + * >pam_prompt + * >pam_vprompt + */ diff --git a/lib/pam_acct_mgmt.c b/lib/pam_acct_mgmt.c new file mode 100644 index 0000000..0088ecf --- /dev/null +++ b/lib/pam_acct_mgmt.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 32 + * + * Perform PAM account validation procedures + */ + +int +pam_acct_mgmt(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + r = openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_acct_mgmt + * !PAM_IGNORE + */ + +/** + * The =pam_acct_mgmt function verifies and enforces account restrictions + * after the user has been authenticated. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_acct_mgmt will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_authenticate.c b/lib/pam_authenticate.c new file mode 100644 index 0000000..3b5a78d --- /dev/null +++ b/lib/pam_authenticate.c @@ -0,0 +1,92 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_authenticate.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 34 + * + * Perform authentication within the PAM framework + */ + +int +pam_authenticate(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_authenticate + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_authenticate will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_authenticate_secondary.c b/lib/pam_authenticate_secondary.c new file mode 100644 index 0000000..27e3ce7 --- /dev/null +++ b/lib/pam_authenticate_secondary.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 36 + * + * Perform authentication to a secondary domain within the PAM framework + */ + +int +pam_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + char *target_module_authtok, + int flags) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_chauthtok.c b/lib/pam_chauthtok.c new file mode 100644 index 0000000..ecf1063 --- /dev/null +++ b/lib/pam_chauthtok.c @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_chauthtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 38 + * + * Perform password related functions within the PAM framework + */ + +int +pam_chauthtok(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_PRELIM_CHECK); + if (r == PAM_SUCCESS) + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_UPDATE_AUTHTOK); + pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_chauthtok + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK: + * Change only those authentication tokens that have expired. + * + * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_close_session.c b/lib/pam_close_session.c new file mode 100644 index 0000000..ab50e35 --- /dev/null +++ b/lib/pam_close_session.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_close_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 40 + * + * Close an existing user session + */ + +int +pam_close_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_close_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_close_session function tears down the user session previously + * set up by =pam_open_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_close_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_end.c b/lib/pam_end.c new file mode 100644 index 0000000..80baf8a --- /dev/null +++ b/lib/pam_end.c @@ -0,0 +1,102 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_end.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 42 + * + * Terminate the PAM transaction + */ + +int +pam_end(pam_handle_t *pamh, + int status) +{ + pam_data_t *dp; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* clear module data */ + while ((dp = pamh->module_data) != NULL) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, status); + pamh->module_data = dp->next; + FREE(dp->name); + FREE(dp); + } + + /* clear environment */ + while (pamh->env_count) { + --pamh->env_count; + FREE(pamh->env[pamh->env_count]); + } + FREE(pamh->env); + + /* clear chains */ + openpam_clear_chains(pamh->chains); + + /* clear items */ + for (i = 0; i < PAM_NUM_ITEMS; ++i) + pam_set_item(pamh, i, NULL); + + FREE(pamh); + + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_end function terminates a PAM transaction and destroys the + * corresponding PAM context, releasing all resources allocated to it. + * + * The =status argument should be set to the error code returned by the + * last API call before the call to =pam_end. + */ diff --git a/lib/pam_error.c b/lib/pam_error.c new file mode 100644 index 0000000..f42a6b5 --- /dev/null +++ b/lib/pam_error.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_error.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_error(const pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_error function displays an error message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_info + * >pam_prompt + * >pam_verror + */ diff --git a/lib/pam_get_authtok.c b/lib/pam_get_authtok.c new file mode 100644 index 0000000..2a974c9 --- /dev/null +++ b/lib/pam_get_authtok.c @@ -0,0 +1,171 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +static const char authtok_prompt[] = "Password:"; +static const char oldauthtok_prompt[] = "Old Password:"; +static const char newauthtok_prompt[] = "New Password:"; + +/* + * OpenPAM extension + * + * Retrieve authentication token + */ + +int +pam_get_authtok(pam_handle_t *pamh, + int item, + const char **authtok, + const char *prompt) +{ + const void *oldauthtok, *prevauthtok, *promptp; + const char *default_prompt; + char *resp, *resp2; + int pitem, r, style, twice; + + ENTER(); + if (pamh == NULL || authtok == NULL) + RETURNC(PAM_SYSTEM_ERR); + *authtok = NULL; + twice = 0; + switch (item) { + case PAM_AUTHTOK: + pitem = PAM_AUTHTOK_PROMPT; + default_prompt = authtok_prompt; + r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); + if (r == PAM_SUCCESS && oldauthtok != NULL) { + default_prompt = newauthtok_prompt; + twice = 1; + } + break; + case PAM_OLDAUTHTOK: + pitem = PAM_OLDAUTHTOK_PROMPT; + default_prompt = oldauthtok_prompt; + twice = 0; + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (openpam_get_option(pamh, "try_first_pass") || + openpam_get_option(pamh, "use_first_pass")) { + r = pam_get_item(pamh, item, &prevauthtok); + if (r == PAM_SUCCESS && prevauthtok != NULL) { + *authtok = prevauthtok; + RETURNC(PAM_SUCCESS); + } + else if (openpam_get_option(pamh, "use_first_pass")) + RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); + } + if (prompt == NULL) { + r = pam_get_item(pamh, pitem, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = default_prompt; + else + prompt = promptp; + } + style = openpam_get_option(pamh, "echo_pass") ? + PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; + r = pam_prompt(pamh, style, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + if (twice) { + r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); + if (r != PAM_SUCCESS) { + FREE(resp); + RETURNC(r); + } + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); + } + if (resp == NULL) + RETURNC(PAM_TRY_AGAIN); + r = pam_set_item(pamh, item, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, item, (const void **)authtok); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_TRY_AGAIN + */ + +/** + * The =pam_get_authtok function returns the cached authentication token, + * or prompts the user if no token is currently cached. + * Either way, a pointer to the authentication token is stored in the + * location pointed to by the =authtok argument. + * + * The =item argument must have one of the following values: + * + * =PAM_AUTHTOK: + * Returns the current authentication token, or the new token + * when changing authentication tokens. + * =PAM_OLDAUTHTOK: + * Returns the previous authentication token when changing + * authentication tokens. + * + * The =prompt argument specifies a prompt to use if no token is cached. + * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, + * as appropriate, will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK + * item, =pam_get_authtok will ask the user to confirm the new token by + * retyping it. + * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN. + * + * >pam_get_item + * >pam_get_user + */ diff --git a/lib/pam_get_data.c b/lib/pam_get_data.c new file mode 100644 index 0000000..0cceef0 --- /dev/null +++ b/lib/pam_get_data.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 43 + * + * Get module information + */ + +int +pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void **data) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + *data = (void *)dp->data; + RETURNC(PAM_SUCCESS); + } + } + RETURNC(PAM_NO_MODULE_DATA); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_NO_MODULE_DATA + */ + +/** + * The =pam_get_data function looks up the opaque object associated with + * the string specified by the =module_data_name argument, in the PAM + * context specified by the =pamh argument. + * A pointer to the object is stored in the location pointed to by the + * =data argument. + * + * This function and its counterpart =pam_set_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c new file mode 100644 index 0000000..9f127be --- /dev/null +++ b/lib/pam_get_item.c @@ -0,0 +1,142 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_item.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_item_name[PAM_NUM_ITEMS] = { + "(NO ITEM)", + "PAM_SERVICE", + "PAM_USER", + "PAM_TTY", + "PAM_RHOST", + "PAM_CONV", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", + "PAM_RUSER", + "PAM_USER_PROMPT", + "PAM_REPOSITORY", + "PAM_AUTHTOK_PROMPT", + "PAM_OLDAUTHTOK_PROMPT" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 46 + * + * Get PAM information + */ + +int +pam_get_item(const pam_handle_t *pamh, + int item_type, + const void **item) +{ + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_CONV: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + case PAM_REPOSITORY: + *item = pamh->item[item_type]; + RETURNC(PAM_SUCCESS); + default: + RETURNC(PAM_SYMBOL_ERR); + } +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_get_item function stores a pointer to the item specified by + * the =item_type argument in the location specified by the =item + * argument. + * The item is retrieved from the PAM context specified by the =pamh + * argument. + * The following item types are recognized: + * + * =PAM_SERVICE: + * The name of the requesting service. + * =PAM_USER: + * The name of the user the application is trying to + * authenticate. + * =PAM_TTY: + * The name of the current terminal. + * =PAM_RHOST: + * The name of the applicant's host. + * =PAM_CONV: + * A =struct pam_conv describing the current conversation + * function. + * =PAM_AUTHTOK: + * The current authentication token. + * =PAM_OLDAUTHTOK: + * The expired authentication token. + * =PAM_RUSER: + * The name of the applicant. + * =PAM_USER_PROMPT: + * The prompt to use when asking the applicant for a user + * name to authenticate as. + * =PAM_AUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * authentication token. + * =PAM_OLDAUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * expired authentication token prior to changing it. + * + * See =pam_start for a description of =struct pam_conv. + * + * >pam_set_item + */ diff --git a/lib/pam_get_mapped_authtok.c b/lib/pam_get_mapped_authtok.c new file mode 100644 index 0000000..c49a918 --- /dev/null +++ b/lib/pam_get_mapped_authtok.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 48 + * + * Get mapped password for the user + */ + +int +pam_get_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + const char *target_module_type, + const char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_get_mapped_username.c b/lib/pam_get_mapped_username.c new file mode 100644 index 0000000..359baee --- /dev/null +++ b/lib/pam_get_mapped_username.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 50 + * + * Get valid matched identity in new domain + */ + +int +pam_get_mapped_username(pam_handle_t *pamh, + const char *src_username, + const char *src_module_type, + const char *src_authn_domain, + const char *target_module_type, + const char *target_authn_domain, + char **target_module_username) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_get_user.c b/lib/pam_get_user.c new file mode 100644 index 0000000..115a3ea --- /dev/null +++ b/lib/pam_get_user.c @@ -0,0 +1,113 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_user.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +static const char user_prompt[] = "Login:"; + +/* + * XSSO 4.2.1 + * XSSO 6 page 52 + * + * Retrieve user name + */ + +int +pam_get_user(pam_handle_t *pamh, + const char **user, + const char *prompt) +{ + const void *promptp; + char *resp; + int r; + + ENTER(); + if (pamh == NULL || user == NULL) + RETURNC(PAM_SYSTEM_ERR); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + if (r == PAM_SUCCESS && *user != NULL) + RETURNC(PAM_SUCCESS); + if (prompt == NULL) { + r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = user_prompt; + else + prompt = promptp; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_set_item(pamh, PAM_USER, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + */ + +/** + * The =pam_get_user function returns the name of the target user, as + * specified to =pam_start. + * If no user was specified, nor set using =pam_set_item, =pam_get_user + * will prompt for a user name. + * Either way, a pointer to the user name is stored in the location + * pointed to by the =user argument. + * + * The =prompt argument specifies a prompt to use if no user name is + * cached. + * If it is =NULL, the =PAM_USER_PROMPT will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * >pam_get_item + * >pam_get_authtok + */ diff --git a/lib/pam_getenv.c b/lib/pam_getenv.c new file mode 100644 index 0000000..f2d7910 --- /dev/null +++ b/lib/pam_getenv.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_getenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 44 + * + * Retrieve the value of a PAM environment variable + */ + +const char * +pam_getenv(pam_handle_t *pamh, + const char *name) +{ + char *str; + int i; + + ENTERS(name); + if (pamh == NULL) + RETURNS(NULL); + if (name == NULL || strchr(name, '=') != NULL) + RETURNS(NULL); + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) + RETURNS(NULL); + for (str = pamh->env[i]; *str != '\0'; ++str) { + if (*str == '=') { + ++str; + break; + } + } + RETURNS(str); +} + +/** + * The =pam_getenv function returns the value of an environment variable. + * Its semantics are similar to those of =getenv, but it accesses the PAM + * context's environment list instead of the application's. + * + * >pam_getenvlist + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_getenvlist.c b/lib/pam_getenvlist.c new file mode 100644 index 0000000..c0e128a --- /dev/null +++ b/lib/pam_getenvlist.c @@ -0,0 +1,106 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_getenvlist.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 45 + * + * Returns a list of all the PAM environment variables + */ + +char ** +pam_getenvlist(pam_handle_t *pamh) +{ + char **envlist; + int i; + + ENTER(); + if (pamh == NULL) + RETURNP(NULL); + envlist = malloc(sizeof(char *) * (pamh->env_count + 1)); + if (envlist == NULL) { + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + for (i = 0; i < pamh->env_count; ++i) { + if ((envlist[i] = strdup(pamh->env[i])) == NULL) { + while (i) { + --i; + FREE(envlist[i]); + } + FREE(envlist); + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + } + envlist[i] = NULL; + RETURNP(envlist); +} + +/** + * The =pam_getenvlist function returns a copy of the given PAM context's + * environment list as a pointer to an array of strings. + * The last element in the array is =NULL. + * The pointer is suitable for assignment to {Va environ}. + * + * The array and the strings it lists are allocated using =malloc, and + * should be released using =free after use: + * + * char **envlist, **env; + * + * envlist = environ; + * environ = pam_getenvlist(pamh); + * \/\* do something nifty \*\/ + * for (env = environ; *env != NULL; env++) + * free(*env); + * free(environ); + * environ = envlist; + * + * >environ 7 + * >pam_getenv + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_info.c b/lib/pam_info.c new file mode 100644 index 0000000..2e4dbc7 --- /dev/null +++ b/lib/pam_info.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_info.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_info(const pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_info function displays an informational message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_error + * >pam_prompt + * >pam_vinfo + */ diff --git a/lib/pam_open_session.c b/lib/pam_open_session.c new file mode 100644 index 0000000..f8d6eca --- /dev/null +++ b/lib/pam_open_session.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_open_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 54 + * + * Open a user session + */ + +int +pam_open_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_open_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_open_session sets up a user session for a previously + * authenticated user. + * The session should later be torn down by a call to =pam_close_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_open_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_prompt.c b/lib/pam_prompt.c new file mode 100644 index 0000000..76da55f --- /dev/null +++ b/lib/pam_prompt.c @@ -0,0 +1,90 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_prompt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_prompt(const pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, style, resp, fmt, ap); + va_end(ap); + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_prompt function constructs a message from the specified format + * string and arguments and passes it to the given PAM context's + * conversation function. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * See =pam_vprompt for further details. + * + * >pam_error + * >pam_info + * >pam_vprompt + */ diff --git a/lib/pam_putenv.c b/lib/pam_putenv.c new file mode 100644 index 0000000..79d6228 --- /dev/null +++ b/lib/pam_putenv.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_putenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 56 + * + * Set the value of an environment variable + */ + +int +pam_putenv(pam_handle_t *pamh, + const char *namevalue) +{ + char **env, *p; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* see if the variable is already in the environment */ + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { + if ((p = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + FREE(pamh->env[i]); + pamh->env[i] = p; + RETURNC(PAM_SUCCESS); + } + + /* grow the environment list if necessary */ + if (pamh->env_count == pamh->env_size) { + env = realloc(pamh->env, + sizeof(char *) * (pamh->env_size * 2 + 1)); + if (env == NULL) + RETURNC(PAM_BUF_ERR); + pamh->env = env; + pamh->env_size = pamh->env_size * 2 + 1; + } + + /* add the variable at the end */ + if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + ++pamh->env_count; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_putenv function sets a environment variable. + * Its semantics are similar to those of =putenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_setenv + */ diff --git a/lib/pam_set_data.c b/lib/pam_set_data.c new file mode 100644 index 0000000..963de92 --- /dev/null +++ b/lib/pam_set_data.c @@ -0,0 +1,104 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 59 + * + * Set module information + */ + +int +pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int pam_end_status)) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); + dp->data = data; + dp->cleanup = cleanup; + RETURNC(PAM_SUCCESS); + } + } + if ((dp = malloc(sizeof *dp)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((dp->name = strdup(module_data_name)) == NULL) { + FREE(dp); + RETURNC(PAM_BUF_ERR); + } + dp->data = data; + dp->cleanup = cleanup; + dp->next = pamh->module_data; + pamh->module_data = dp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_data function associates a pointer to an opaque object + * with an arbitrary string specified by the =module_data_name argument, + * in the PAM context specified by the =pamh argument. + * + * If not =NULL, the =cleanup argument should point to a function + * responsible for releasing the resources associated with the object. + * + * This function and its counterpart =pam_get_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_set_item.c b/lib/pam_set_item.c new file mode 100644 index 0000000..9b60618 --- /dev/null +++ b/lib/pam_set_item.c @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_item.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 60 + * + * Set authentication information + */ + +int +pam_set_item(pam_handle_t *pamh, + int item_type, + const void *item) +{ + void **slot, *tmp; + size_t nsize, osize; + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + slot = &pamh->item[item_type]; + osize = nsize = 0; + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + if (*slot != NULL) + osize = strlen(*slot) + 1; + if (item != NULL) + nsize = strlen(item) + 1; + break; + case PAM_REPOSITORY: + osize = nsize = sizeof(struct pam_repository); + break; + case PAM_CONV: + osize = nsize = sizeof(struct pam_conv); + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (*slot != NULL) { + memset(*slot, 0xd0, osize); + FREE(*slot); + } + if (item != NULL) { + if ((tmp = malloc(nsize)) == NULL) + RETURNC(PAM_BUF_ERR); + memcpy(tmp, item, nsize); + } else { + tmp = NULL; + } + *slot = tmp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_item function sets the item specified by the =item_type + * argument to a copy of the object pointed to by the =item argument. + * The item is stored in the PAM context specified by the =pamh argument. + * See =pam_get_item for a list of recognized item types. + */ diff --git a/lib/pam_set_mapped_authtok.c b/lib/pam_set_mapped_authtok.c new file mode 100644 index 0000000..01ad255 --- /dev/null +++ b/lib/pam_set_mapped_authtok.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 62 + * + * Store the password for the username supplied + */ + +int +pam_set_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + const char *target_module_type, + const char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_set_mapped_username.c b/lib/pam_set_mapped_username.c new file mode 100644 index 0000000..ae3619b --- /dev/null +++ b/lib/pam_set_mapped_username.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 64 + * + * Set a username + */ + +int +pam_set_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_username, + char *target_module_type, + char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_setcred.c b/lib/pam_setcred.c new file mode 100644 index 0000000..80eb468 --- /dev/null +++ b/lib/pam_setcred.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_setcred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 57 + * + * Modify / delete user credentials for an authentication service + */ + +int +pam_setcred(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED| + PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED)) + RETURNC(PAM_SYMBOL_ERR); + /* XXX enforce exclusivity */ + r = openpam_dispatch(pamh, PAM_SM_SETCRED, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_setcred + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_setcred function manages the application's credentials. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_ESTABLISH_CRED: + * Establish the credentials of the target user. + * =PAM_DELETE_CRED: + * Revoke all established credentials. + * =PAM_REINITIALIZE_CRED: + * Fully reinitialise credentials. + * =PAM_REFRESH_CRED: + * Refresh credentials. + * + * The latter four are mutually exclusive. + * + * If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_setenv.c b/lib/pam_setenv.c new file mode 100644 index 0000000..e73f6b5 --- /dev/null +++ b/lib/pam_setenv.c @@ -0,0 +1,98 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_setenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Set the value of an environment variable + * Mirrors setenv(3) + */ + +int +pam_setenv(pam_handle_t *pamh, + const char *name, + const char *value, + int overwrite) +{ + char *env; + int r; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (name == NULL || value == NULL || strchr(name, '=') != NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* is it already there? */ + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) + RETURNC(PAM_SUCCESS); + + /* set it... */ + if (asprintf(&env, "%s=%s", name, value) < 0) + RETURNC(PAM_BUF_ERR); + r = pam_putenv(pamh, env); + FREE(env); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_putenv + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_setenv function sets a environment variable. + * Its semantics are similar to those of =setenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_putenv + */ diff --git a/lib/pam_sm_acct_mgmt.c b/lib/pam_sm_acct_mgmt.c new file mode 100644 index 0000000..a57e86a --- /dev/null +++ b/lib/pam_sm_acct_mgmt.c @@ -0,0 +1,81 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 66 + * + * Service module implementation for pam_acct_mgmt + */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_USER_UNKNOWN + * PAM_AUTH_ERR + * PAM_NEW_AUTHTOK_REQD + * PAM_ACCT_EXPIRED + */ + +/** + * The =pam_sm_acct_mgmt function is the service module's implementation + * of the =pam_acct_mgmt API function. + */ diff --git a/lib/pam_sm_authenticate.c b/lib/pam_sm_authenticate.c new file mode 100644 index 0000000..7f4bb1c --- /dev/null +++ b/lib/pam_sm_authenticate.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_authenticate.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 68 + * + * Service module implementation for pam_authenticate + */ + +int +pam_sm_authenticate(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_AUTH_ERR + * PAM_CRED_INSUFFICIENT + * PAM_AUTHINFO_UNAVAIL + * PAM_USER_UNKNOWN + * PAM_MAXTRIES + */ + +/** + * The =pam_sm_authenticate function is the service module's + * implementation of the =pam_authenticate API function. + */ diff --git a/lib/pam_sm_authenticate_secondary.c b/lib/pam_sm_authenticate_secondary.c new file mode 100644 index 0000000..bde0366 --- /dev/null +++ b/lib/pam_sm_authenticate_secondary.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 70 + * + * Service module implementation for pam_authenticate_secondary + */ + +int +pam_sm_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + unsigned char *target_module_authtok, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_chauthtok.c b/lib/pam_sm_chauthtok.c new file mode 100644 index 0000000..2c41d6d --- /dev/null +++ b/lib/pam_sm_chauthtok.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_chauthtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 72 + * + * Service module implementation for pam_chauthtok + */ + +int +pam_sm_chauthtok(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_PERM_DENIED + * PAM_AUTHTOK_ERR + * PAM_AUTHTOK_RECOVERY_ERR + * PAM_AUTHTOK_LOCK_BUSY + * PAM_AUTHTOK_DISABLE_AGING + * PAM_TRY_AGAIN + */ + +/** + * The =pam_sm_chauthtok function is the service module's implementation + * of the =pam_chauthtok API function. + */ diff --git a/lib/pam_sm_close_session.c b/lib/pam_sm_close_session.c new file mode 100644 index 0000000..25cee92 --- /dev/null +++ b/lib/pam_sm_close_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_close_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 75 + * + * Service module implementation for pam_close_session + */ + +int +pam_sm_close_session(pam_handle_t *pamh, + int flags, + int args, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_close_session function is the service module's + * implementation of the =pam_close_session API function. + */ diff --git a/lib/pam_sm_get_mapped_authtok.c b/lib/pam_sm_get_mapped_authtok.c new file mode 100644 index 0000000..9d85d5f --- /dev/null +++ b/lib/pam_sm_get_mapped_authtok.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 77 + * + * Service module implementation for pam_get_mapped_authtok + */ + +int +pam_sm_get_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok, + int argc, + char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_get_mapped_username.c b/lib/pam_sm_get_mapped_username.c new file mode 100644 index 0000000..ee4d250 --- /dev/null +++ b/lib/pam_sm_get_mapped_username.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 79 + * + * Service module implementation for pam_get_mapped_username + */ + +int +pam_sm_get_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_type, + char *target_authn_domain, + char **target_module_username, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_open_session.c b/lib/pam_sm_open_session.c new file mode 100644 index 0000000..bfe0794 --- /dev/null +++ b/lib/pam_sm_open_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_open_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 81 + * + * Service module implementation for pam_open_session + */ + +int +pam_sm_open_session(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_open_session function is the service module's + * implementation of the =pam_open_session API function. + */ diff --git a/lib/pam_sm_set_mapped_authtok.c b/lib/pam_sm_set_mapped_authtok.c new file mode 100644 index 0000000..54fd370 --- /dev/null +++ b/lib/pam_sm_set_mapped_authtok.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 83 + * + * Service module implementation for pam_set_mapped_authtok + */ + +int +pam_sm_set_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + char *target_module_type, + char *target_authn_domain, + int argc, + const char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_set_mapped_username.c b/lib/pam_sm_set_mapped_username.c new file mode 100644 index 0000000..0239dbb --- /dev/null +++ b/lib/pam_sm_set_mapped_username.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 85 + * + * Service module implementation for pam_set_mapped_username + */ + +int +pam_sm_set_mapped_username(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_setcred.c b/lib/pam_sm_setcred.c new file mode 100644 index 0000000..4d472b3 --- /dev/null +++ b/lib/pam_sm_setcred.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_setcred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 87 + * + * Service module implementation for pam_setcred + */ + +int +pam_sm_setcred(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_CRED_UNAVAIL + * PAM_CRED_EXPIRED + * PAM_USER_UNKNOWN + * PAM_CRED_ERR + */ + +/** + * The =pam_sm_setcred function is the service module's implementation of + * the =pam_setcred API function. + */ diff --git a/lib/pam_start.c b/lib/pam_start.c new file mode 100644 index 0000000..ee6468b --- /dev/null +++ b/lib/pam_start.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_start.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 89 + * + * Initiate a PAM transaction + */ + +int +pam_start(const char *service, + const char *user, + const struct pam_conv *pam_conv, + pam_handle_t **pamh) +{ + struct pam_handle *ph; + int r; + + ENTER(); + if ((ph = calloc(1, sizeof *ph)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) + goto fail; + + r = openpam_configure(ph, service); + if (r != PAM_SUCCESS) + goto fail; + + *pamh = ph; + openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); + RETURNC(PAM_SUCCESS); + + fail: + pam_end(ph, r); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_configure + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_start function creates and initializes a PAM context. + * + * The =service argument specifies the name of the policy to apply, and is + * stored in the =PAM_SERVICE item in the created context. + * + * The =user argument specifies the name of the target user - the user the + * created context will serve to authenticate. + * It is stored in the =PAM_USER item in the created context. + * + * The =pam_conv argument points to a =struct pam_conv describing the + * conversation function to use; see =pam_conv for details. + * + * >pam_get_item + * >pam_set_item + * >pam_end + */ diff --git a/lib/pam_strerror.c b/lib/pam_strerror.c new file mode 100644 index 0000000..24498c4 --- /dev/null +++ b/lib/pam_strerror.c @@ -0,0 +1,164 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_strerror.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_err_name[PAM_NUM_ERRORS] = { + "PAM_SUCCESS", + "PAM_OPEN_ERR", + "PAM_SYMBOL_ERR", + "PAM_SERVICE_ERR", + "PAM_SYSTEM_ERR", + "PAM_BUF_ERR", + "PAM_CONV_ERR", + "PAM_PERM_DENIED", + "PAM_MAXTRIES", + "PAM_AUTH_ERR", + "PAM_NEW_AUTHTOK_REQD", + "PAM_CRED_INSUFFICIENT", + "PAM_AUTHINFO_UNAVAIL", + "PAM_USER_UNKNOWN", + "PAM_CRED_UNAVAIL", + "PAM_CRED_EXPIRED", + "PAM_CRED_ERR", + "PAM_ACCT_EXPIRED", + "PAM_AUTHTOK_EXPIRED", + "PAM_SESSION_ERR", + "PAM_AUTHTOK_ERR", + "PAM_AUTHTOK_RECOVERY_ERR", + "PAM_AUTHTOK_LOCK_BUSY", + "PAM_AUTHTOK_DISABLE_AGING", + "PAM_NO_MODULE_DATA", + "PAM_IGNORE", + "PAM_ABORT", + "PAM_TRY_AGAIN", + "PAM_MODULE_UNKNOWN", + "PAM_DOMAIN_UNKNOWN" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 92 + * + * Get PAM standard error message string + */ + +const char * +pam_strerror(const pam_handle_t *pamh, + int error_number) +{ + static char unknown[16]; + + (void)pamh; + + switch (error_number) { + case PAM_SUCCESS: + return ("success"); + case PAM_OPEN_ERR: + return ("failed to load module"); + case PAM_SYMBOL_ERR: + return ("invalid symbol"); + case PAM_SERVICE_ERR: + return ("error in service module"); + case PAM_SYSTEM_ERR: + return ("system error"); + case PAM_BUF_ERR: + return ("memory buffer error"); + case PAM_CONV_ERR: + return ("conversation failure"); + case PAM_PERM_DENIED: + return ("permission denied"); + case PAM_MAXTRIES: + return ("maximum number of tries exceeded"); + case PAM_AUTH_ERR: + return ("authentication error"); + case PAM_NEW_AUTHTOK_REQD: + return ("new authentication token required"); + case PAM_CRED_INSUFFICIENT: + return ("insufficient credentials"); + case PAM_AUTHINFO_UNAVAIL: + return ("authentication information is unavailable"); + case PAM_USER_UNKNOWN: + return ("unknown user"); + case PAM_CRED_UNAVAIL: + return ("failed to retrieve user credentials"); + case PAM_CRED_EXPIRED: + return ("user credentials have expired"); + case PAM_CRED_ERR: + return ("failed to set user credentials"); + case PAM_ACCT_EXPIRED: + return ("user account has expired"); + case PAM_AUTHTOK_EXPIRED: + return ("password has expired"); + case PAM_SESSION_ERR: + return ("session failure"); + case PAM_AUTHTOK_ERR: + return ("authentication token failure"); + case PAM_AUTHTOK_RECOVERY_ERR: + return ("failed to recover old authentication token"); + case PAM_AUTHTOK_LOCK_BUSY: + return ("authentication token lock busy"); + case PAM_AUTHTOK_DISABLE_AGING: + return ("authentication token aging disabled"); + case PAM_NO_MODULE_DATA: + return ("module data not found"); + case PAM_IGNORE: + return ("ignore this module"); + case PAM_ABORT: + return ("general failure"); + case PAM_TRY_AGAIN: + return ("try again"); + case PAM_MODULE_UNKNOWN: + return ("unknown module type"); + case PAM_DOMAIN_UNKNOWN: + return ("unknown authentication domain"); + default: + snprintf(unknown, sizeof unknown, "#%d", error_number); + return (unknown); + } +} + +/** + * The =pam_strerror function returns a pointer to a string containing a + * textual description of the error indicated by the =error_number + * argument, in the context of the PAM transaction described by the =pamh + * argument. + */ diff --git a/lib/pam_verror.c b/lib/pam_verror.c new file mode 100644 index 0000000..0b128d1 --- /dev/null +++ b/lib/pam_verror.c @@ -0,0 +1,80 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_verror.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_verror(const pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_verror function passes its arguments to =pam_vprompt with a + * style argument of =PAM_ERROR_MSG, and discards the response. + * + * >pam_error + * >pam_vinfo + */ diff --git a/lib/pam_vinfo.c b/lib/pam_vinfo.c new file mode 100644 index 0000000..5282714 --- /dev/null +++ b/lib/pam_vinfo.c @@ -0,0 +1,80 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_vinfo.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_vinfo(const pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vinfo function passes its arguments to =pam_vprompt with a + * style argument of =PAM_TEXT_INFO, and discards the response. + * + * >pam_info + * >pam_verror + */ diff --git a/lib/pam_vprompt.c b/lib/pam_vprompt.c new file mode 100644 index 0000000..e1215c3 --- /dev/null +++ b/lib/pam_vprompt.c @@ -0,0 +1,129 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_vprompt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_vprompt(const pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + va_list ap) +{ + char msgbuf[PAM_MAX_MSG_SIZE]; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *rsp; + const struct pam_conv *conv; + const void *convp; + int r; + + ENTER(); + r = pam_get_item(pamh, PAM_CONV, &convp); + if (r != PAM_SUCCESS) + RETURNC(r); + conv = convp; + if (conv == NULL || conv->conv == NULL) { + openpam_log(PAM_LOG_ERROR, "no conversation function"); + RETURNC(PAM_SYSTEM_ERR); + } + vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); + msg.msg_style = style; + msg.msg = msgbuf; + msgp = &msg; + rsp = NULL; + r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); + *resp = rsp == NULL ? NULL : rsp->resp; + FREE(rsp); + RETURNC(r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vprompt function constructs a string from the =fmt and =ap + * arguments using =vsnprintf, and passes it to the given PAM context's + * conversation function. + * + * The =style argument specifies the type of interaction requested, and + * must be one of the following: + * + * =PAM_PROMPT_ECHO_OFF: + * Display the message and obtain the user's response without + * displaying it. + * =PAM_PROMPT_ECHO_ON: + * Display the message and obtain the user's response. + * =PAM_ERROR_MSG: + * Display the message as an error message, and do not wait + * for a response. + * =PAM_TEXT_INFO: + * Display the message as an informational message, and do + * not wait for a response. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * The message and response should not exceed =PAM_MAX_MSG_SIZE or + * =PAM_MAX_RESP_SIZE, respectively. + * If they do, they may be truncated. + * + * >pam_error + * >pam_info + * >pam_prompt + * >pam_verror + * >pam_vinfo + */ -- cgit v1.1 From 9a25ed673db408d79135934ee39ea88142f9ed4d Mon Sep 17 00:00:00 2001 From: des Date: Sun, 18 Dec 2011 17:08:40 +0000 Subject: Vendor import of OpenPAM Lycopsida. --- lib/Makefile.am | 17 +- lib/Makefile.in | 700 ++++++++++++------------------------ lib/openpam_borrow_cred.c | 8 +- lib/openpam_check_owner_perms.c | 127 +++++++ lib/openpam_configure.c | 487 +++++++++++++++++++------ lib/openpam_constants.c | 127 +++++++ lib/openpam_constants.h | 40 +++ lib/openpam_debug.h | 103 ++++++ lib/openpam_dispatch.c | 40 +-- lib/openpam_dynamic.c | 59 ++- lib/openpam_findenv.c | 8 +- lib/openpam_free_data.c | 8 +- lib/openpam_free_envlist.c | 10 +- lib/openpam_get_option.c | 8 +- lib/openpam_impl.h | 115 +++--- lib/openpam_load.c | 30 +- lib/openpam_log.c | 18 +- lib/openpam_nullconv.c | 8 +- lib/openpam_readline.c | 49 +-- lib/openpam_restore_cred.c | 8 +- lib/openpam_set_option.c | 8 +- lib/openpam_static.c | 12 +- lib/openpam_strlcmp.h | 46 +++ lib/openpam_strlcpy.h | 49 +++ lib/openpam_subst.c | 168 +++++++++ lib/openpam_ttyconv.c | 10 +- lib/pam_acct_mgmt.c | 8 +- lib/pam_authenticate.c | 8 +- lib/pam_authenticate_secondary.c | 8 +- lib/pam_chauthtok.c | 8 +- lib/pam_close_session.c | 8 +- lib/pam_end.c | 8 +- lib/pam_error.c | 8 +- lib/pam_get_authtok.c | 42 ++- lib/pam_get_data.c | 9 +- lib/pam_get_item.c | 33 +- lib/pam_get_mapped_authtok.c | 8 +- lib/pam_get_mapped_username.c | 8 +- lib/pam_get_user.c | 40 ++- lib/pam_getenv.c | 8 +- lib/pam_getenvlist.c | 8 +- lib/pam_info.c | 8 +- lib/pam_open_session.c | 8 +- lib/pam_prompt.c | 8 +- lib/pam_putenv.c | 8 +- lib/pam_set_data.c | 8 +- lib/pam_set_item.c | 13 +- lib/pam_set_mapped_authtok.c | 8 +- lib/pam_set_mapped_username.c | 8 +- lib/pam_setcred.c | 8 +- lib/pam_setenv.c | 8 +- lib/pam_sm_acct_mgmt.c | 8 +- lib/pam_sm_authenticate.c | 8 +- lib/pam_sm_authenticate_secondary.c | 8 +- lib/pam_sm_chauthtok.c | 12 +- lib/pam_sm_close_session.c | 8 +- lib/pam_sm_get_mapped_authtok.c | 8 +- lib/pam_sm_get_mapped_username.c | 8 +- lib/pam_sm_open_session.c | 8 +- lib/pam_sm_set_mapped_authtok.c | 8 +- lib/pam_sm_set_mapped_username.c | 8 +- lib/pam_sm_setcred.c | 8 +- lib/pam_start.c | 30 +- lib/pam_strerror.c | 45 +-- lib/pam_verror.c | 8 +- lib/pam_vinfo.c | 8 +- lib/pam_vprompt.c | 8 +- 67 files changed, 1816 insertions(+), 935 deletions(-) create mode 100644 lib/openpam_check_owner_perms.c create mode 100644 lib/openpam_constants.c create mode 100644 lib/openpam_constants.h create mode 100644 lib/openpam_debug.h create mode 100644 lib/openpam_strlcmp.h create mode 100644 lib/openpam_strlcpy.h create mode 100644 lib/openpam_subst.c (limited to 'lib') diff --git a/lib/Makefile.am b/lib/Makefile.am index c748079..3a2e60e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ +# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $ NULL = @@ -6,11 +6,18 @@ INCLUDES = -I$(top_srcdir)/include lib_LTLIBRARIES = libpam.la -noinst_HEADERS = openpam_impl.h +noinst_HEADERS = \ + openpam_constants.h \ + openpam_debug.h \ + openpam_impl.h \ + openpam_strlcmp.h \ + openpam_strlcpy.h libpam_la_SOURCES = \ openpam_borrow_cred.c \ + openpam_check_owner_perms.c \ openpam_configure.c \ + openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ openpam_findenv.c \ @@ -24,6 +31,7 @@ libpam_la_SOURCES = \ openpam_restore_cred.c \ openpam_set_option.c \ openpam_static.c \ + openpam_subst.c \ openpam_ttyconv.c \ pam_acct_mgmt.c \ pam_authenticate.c \ @@ -52,9 +60,8 @@ libpam_la_SOURCES = \ pam_vprompt.c \ $(NULL) -libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' - -libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ +libpam_la_LIBADD = @DL_LIBS@ EXTRA_DIST = \ pam_authenticate_secondary.c \ diff --git a/lib/Makefile.in b/lib/Makefile.in index f1ab0ad..0052ce2 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.9.6 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,15 @@ @SET_MAKE@ -# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ +# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $ -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = .. +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -39,7 +37,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ subdir = lib DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -50,53 +47,65 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) -libpam_la_LIBADD = +libpam_la_DEPENDENCIES = am__objects_1 = -am_libpam_la_OBJECTS = libpam_la-openpam_borrow_cred.lo \ - libpam_la-openpam_configure.lo libpam_la-openpam_dispatch.lo \ - libpam_la-openpam_dynamic.lo libpam_la-openpam_findenv.lo \ - libpam_la-openpam_free_data.lo \ - libpam_la-openpam_free_envlist.lo \ - libpam_la-openpam_get_option.lo libpam_la-openpam_load.lo \ - libpam_la-openpam_log.lo libpam_la-openpam_nullconv.lo \ - libpam_la-openpam_readline.lo \ - libpam_la-openpam_restore_cred.lo \ - libpam_la-openpam_set_option.lo libpam_la-openpam_static.lo \ - libpam_la-openpam_ttyconv.lo libpam_la-pam_acct_mgmt.lo \ - libpam_la-pam_authenticate.lo libpam_la-pam_chauthtok.lo \ - libpam_la-pam_close_session.lo libpam_la-pam_end.lo \ - libpam_la-pam_error.lo libpam_la-pam_get_authtok.lo \ - libpam_la-pam_get_data.lo libpam_la-pam_get_item.lo \ - libpam_la-pam_get_user.lo libpam_la-pam_getenv.lo \ - libpam_la-pam_getenvlist.lo libpam_la-pam_info.lo \ - libpam_la-pam_open_session.lo libpam_la-pam_prompt.lo \ - libpam_la-pam_putenv.lo libpam_la-pam_set_data.lo \ - libpam_la-pam_set_item.lo libpam_la-pam_setcred.lo \ - libpam_la-pam_setenv.lo libpam_la-pam_start.lo \ - libpam_la-pam_strerror.lo libpam_la-pam_verror.lo \ - libpam_la-pam_vinfo.lo libpam_la-pam_vprompt.lo \ - $(am__objects_1) +am_libpam_la_OBJECTS = openpam_borrow_cred.lo \ + openpam_check_owner_perms.lo openpam_configure.lo \ + openpam_constants.lo openpam_dispatch.lo openpam_dynamic.lo \ + openpam_findenv.lo openpam_free_data.lo \ + openpam_free_envlist.lo openpam_get_option.lo openpam_load.lo \ + openpam_log.lo openpam_nullconv.lo openpam_readline.lo \ + openpam_restore_cred.lo openpam_set_option.lo \ + openpam_static.lo openpam_subst.lo openpam_ttyconv.lo \ + pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \ + pam_close_session.lo pam_end.lo pam_error.lo \ + pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \ + pam_get_user.lo pam_getenv.lo pam_getenvlist.lo pam_info.lo \ + pam_open_session.lo pam_prompt.lo pam_putenv.lo \ + pam_set_data.lo pam_set_item.lo pam_setcred.lo pam_setenv.lo \ + pam_start.lo pam_strerror.lo pam_verror.lo pam_vinfo.lo \ + pam_vprompt.lo $(am__objects_1) libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +libpam_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libpam_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(libpam_la_SOURCES) DIST_SOURCES = $(libpam_la_SOURCES) HEADERS = $(noinst_HEADERS) @@ -104,8 +113,6 @@ ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ -AMDEP_FALSE = @AMDEP_FALSE@ -AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ @@ -118,42 +125,50 @@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPT_LIBS = @CRYPT_LIBS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ DL_LIBS = @DL_LIBS@ -ECHO = @ECHO@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ +INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_MAJ = @LIB_MAJ@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ @@ -162,19 +177,13 @@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ -WITH_DOC_FALSE = @WITH_DOC_FALSE@ -WITH_DOC_TRUE = @WITH_DOC_TRUE@ -WITH_PAM_UNIX_FALSE = @WITH_PAM_UNIX_FALSE@ -WITH_PAM_UNIX_TRUE = @WITH_PAM_UNIX_TRUE@ -WITH_SU_FALSE = @WITH_SU_FALSE@ -WITH_SU_TRUE = @WITH_SU_TRUE@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ -am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ -am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ -am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -186,6 +195,7 @@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ +builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -213,19 +223,27 @@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ sysconfdir = @sysconfdir@ -target = @target@ target_alias = @target_alias@ -target_cpu = @target_cpu@ -target_os = @target_os@ -target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ NULL = INCLUDES = -I$(top_srcdir)/include lib_LTLIBRARIES = libpam.la -noinst_HEADERS = openpam_impl.h +noinst_HEADERS = \ + openpam_constants.h \ + openpam_debug.h \ + openpam_impl.h \ + openpam_strlcmp.h \ + openpam_strlcpy.h + libpam_la_SOURCES = \ openpam_borrow_cred.c \ + openpam_check_owner_perms.c \ openpam_configure.c \ + openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ openpam_findenv.c \ @@ -239,6 +257,7 @@ libpam_la_SOURCES = \ openpam_restore_cred.c \ openpam_set_option.c \ openpam_static.c \ + openpam_subst.c \ openpam_ttyconv.c \ pam_acct_mgmt.c \ pam_authenticate.c \ @@ -267,8 +286,8 @@ libpam_la_SOURCES = \ pam_vprompt.c \ $(NULL) -libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' -libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ +libpam_la_LIBADD = @DL_LIBS@ EXTRA_DIST = \ pam_authenticate_secondary.c \ pam_get_mapped_authtok.c \ @@ -296,14 +315,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign lib/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -321,23 +340,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -349,7 +373,7 @@ clean-libLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libpam_la_LDFLAGS) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) + $(libpam_la_LINK) -rpath $(libdir) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -357,438 +381,157 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_configure.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dispatch.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dynamic.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_findenv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_data.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_envlist.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_get_option.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_load.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_log.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_nullconv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_readline.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_restore_cred.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_set_option.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_static.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_ttyconv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_authenticate.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_chauthtok.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_close_session.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_end.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_error.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_authtok.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_data.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_item.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_user.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenvlist.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_info.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_open_session.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_prompt.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_putenv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_data.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_item.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setcred.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setenv.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_start.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_strerror.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_verror.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vinfo.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vprompt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_borrow_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_check_owner_perms.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_configure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_constants.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dispatch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dynamic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_findenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_envlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_load.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_nullconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readline.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_restore_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_static.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_acct_mgmt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_authenticate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_chauthtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_close_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_end.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_authtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_user.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_getenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_getenvlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_open_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_prompt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_putenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_set_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_set_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_setcred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_setenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_start.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_strerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_verror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_vinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_vprompt.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -libpam_la-openpam_borrow_cred.lo: openpam_borrow_cred.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_borrow_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_borrow_cred.c' object='libpam_la-openpam_borrow_cred.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c - -libpam_la-openpam_configure.lo: openpam_configure.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_configure.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_configure.Tpo" -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo" "$(DEPDIR)/libpam_la-openpam_configure.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_configure.c' object='libpam_la-openpam_configure.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c - -libpam_la-openpam_dispatch.lo: openpam_dispatch.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dispatch.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" "$(DEPDIR)/libpam_la-openpam_dispatch.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dispatch.c' object='libpam_la-openpam_dispatch.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c - -libpam_la-openpam_dynamic.lo: openpam_dynamic.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dynamic.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" "$(DEPDIR)/libpam_la-openpam_dynamic.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dynamic.c' object='libpam_la-openpam_dynamic.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c - -libpam_la-openpam_findenv.lo: openpam_findenv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_findenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" "$(DEPDIR)/libpam_la-openpam_findenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_findenv.c' object='libpam_la-openpam_findenv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c - -libpam_la-openpam_free_data.lo: openpam_free_data.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" "$(DEPDIR)/libpam_la-openpam_free_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_data.c' object='libpam_la-openpam_free_data.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c - -libpam_la-openpam_free_envlist.lo: openpam_free_envlist.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_envlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" "$(DEPDIR)/libpam_la-openpam_free_envlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_envlist.c' object='libpam_la-openpam_free_envlist.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c - -libpam_la-openpam_get_option.lo: openpam_get_option.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_get_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" "$(DEPDIR)/libpam_la-openpam_get_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_get_option.c' object='libpam_la-openpam_get_option.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c - -libpam_la-openpam_load.lo: openpam_load.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_load.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_load.Tpo" -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_load.Tpo" "$(DEPDIR)/libpam_la-openpam_load.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_load.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_load.c' object='libpam_la-openpam_load.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c - -libpam_la-openpam_log.lo: openpam_log.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_log.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_log.Tpo" -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_log.Tpo" "$(DEPDIR)/libpam_la-openpam_log.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_log.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_log.c' object='libpam_la-openpam_log.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c - -libpam_la-openpam_nullconv.lo: openpam_nullconv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_nullconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" "$(DEPDIR)/libpam_la-openpam_nullconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_nullconv.c' object='libpam_la-openpam_nullconv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c - -libpam_la-openpam_readline.lo: openpam_readline.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_readline.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_readline.Tpo" -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo" "$(DEPDIR)/libpam_la-openpam_readline.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_readline.c' object='libpam_la-openpam_readline.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c - -libpam_la-openpam_restore_cred.lo: openpam_restore_cred.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_restore_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_restore_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_restore_cred.c' object='libpam_la-openpam_restore_cred.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c - -libpam_la-openpam_set_option.lo: openpam_set_option.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_set_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" "$(DEPDIR)/libpam_la-openpam_set_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_set_option.c' object='libpam_la-openpam_set_option.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c - -libpam_la-openpam_static.lo: openpam_static.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_static.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_static.Tpo" -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_static.Tpo" "$(DEPDIR)/libpam_la-openpam_static.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_static.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_static.c' object='libpam_la-openpam_static.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c - -libpam_la-openpam_ttyconv.lo: openpam_ttyconv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_ttyconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" "$(DEPDIR)/libpam_la-openpam_ttyconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_ttyconv.c' object='libpam_la-openpam_ttyconv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c - -libpam_la-pam_acct_mgmt.lo: pam_acct_mgmt.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_acct_mgmt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" "$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_acct_mgmt.c' object='libpam_la-pam_acct_mgmt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c - -libpam_la-pam_authenticate.lo: pam_authenticate.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_authenticate.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" "$(DEPDIR)/libpam_la-pam_authenticate.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_authenticate.c' object='libpam_la-pam_authenticate.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c - -libpam_la-pam_chauthtok.lo: pam_chauthtok.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_chauthtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" "$(DEPDIR)/libpam_la-pam_chauthtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_chauthtok.c' object='libpam_la-pam_chauthtok.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c - -libpam_la-pam_close_session.lo: pam_close_session.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_close_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_close_session.Tpo" -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo" "$(DEPDIR)/libpam_la-pam_close_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_close_session.c' object='libpam_la-pam_close_session.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c - -libpam_la-pam_end.lo: pam_end.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_end.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_end.Tpo" -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_end.Tpo" "$(DEPDIR)/libpam_la-pam_end.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_end.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_end.c' object='libpam_la-pam_end.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c - -libpam_la-pam_error.lo: pam_error.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_error.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_error.Tpo" -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_error.Tpo" "$(DEPDIR)/libpam_la-pam_error.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_error.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_error.c' object='libpam_la-pam_error.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c - -libpam_la-pam_get_authtok.lo: pam_get_authtok.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_authtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" "$(DEPDIR)/libpam_la-pam_get_authtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_authtok.c' object='libpam_la-pam_get_authtok.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c - -libpam_la-pam_get_data.lo: pam_get_data.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_data.Tpo" -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo" "$(DEPDIR)/libpam_la-pam_get_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_data.c' object='libpam_la-pam_get_data.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c - -libpam_la-pam_get_item.lo: pam_get_item.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_item.Tpo" -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo" "$(DEPDIR)/libpam_la-pam_get_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_item.c' object='libpam_la-pam_get_item.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c - -libpam_la-pam_get_user.lo: pam_get_user.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_user.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_user.Tpo" -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo" "$(DEPDIR)/libpam_la-pam_get_user.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_user.c' object='libpam_la-pam_get_user.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c - -libpam_la-pam_getenv.lo: pam_getenv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenv.Tpo" -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo" "$(DEPDIR)/libpam_la-pam_getenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenv.c' object='libpam_la-pam_getenv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c - -libpam_la-pam_getenvlist.lo: pam_getenvlist.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenvlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" "$(DEPDIR)/libpam_la-pam_getenvlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenvlist.c' object='libpam_la-pam_getenvlist.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c - -libpam_la-pam_info.lo: pam_info.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_info.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_info.Tpo" -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_info.Tpo" "$(DEPDIR)/libpam_la-pam_info.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_info.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_info.c' object='libpam_la-pam_info.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c - -libpam_la-pam_open_session.lo: pam_open_session.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_open_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_open_session.Tpo" -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo" "$(DEPDIR)/libpam_la-pam_open_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_open_session.c' object='libpam_la-pam_open_session.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c - -libpam_la-pam_prompt.lo: pam_prompt.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_prompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_prompt.Tpo" -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo" "$(DEPDIR)/libpam_la-pam_prompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_prompt.c' object='libpam_la-pam_prompt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c - -libpam_la-pam_putenv.lo: pam_putenv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_putenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_putenv.Tpo" -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo" "$(DEPDIR)/libpam_la-pam_putenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_putenv.c' object='libpam_la-pam_putenv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c - -libpam_la-pam_set_data.lo: pam_set_data.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_data.Tpo" -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo" "$(DEPDIR)/libpam_la-pam_set_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_data.c' object='libpam_la-pam_set_data.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c - -libpam_la-pam_set_item.lo: pam_set_item.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_item.Tpo" -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo" "$(DEPDIR)/libpam_la-pam_set_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_item.c' object='libpam_la-pam_set_item.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c - -libpam_la-pam_setcred.lo: pam_setcred.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setcred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setcred.Tpo" -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo" "$(DEPDIR)/libpam_la-pam_setcred.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setcred.c' object='libpam_la-pam_setcred.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c - -libpam_la-pam_setenv.lo: pam_setenv.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setenv.Tpo" -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo" "$(DEPDIR)/libpam_la-pam_setenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setenv.c' object='libpam_la-pam_setenv.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c - -libpam_la-pam_start.lo: pam_start.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_start.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_start.Tpo" -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_start.Tpo" "$(DEPDIR)/libpam_la-pam_start.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_start.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_start.c' object='libpam_la-pam_start.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c - -libpam_la-pam_strerror.lo: pam_strerror.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_strerror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_strerror.Tpo" -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo" "$(DEPDIR)/libpam_la-pam_strerror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_strerror.c' object='libpam_la-pam_strerror.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c - -libpam_la-pam_verror.lo: pam_verror.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_verror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_verror.Tpo" -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_verror.Tpo" "$(DEPDIR)/libpam_la-pam_verror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_verror.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_verror.c' object='libpam_la-pam_verror.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c - -libpam_la-pam_vinfo.lo: pam_vinfo.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vinfo.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" "$(DEPDIR)/libpam_la-pam_vinfo.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vinfo.c' object='libpam_la-pam_vinfo.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c - -libpam_la-pam_vprompt.lo: pam_vprompt.c -@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vprompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" "$(DEPDIR)/libpam_la-pam_vprompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo"; exit 1; fi -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vprompt.c' object='libpam_la-pam_vprompt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c - mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -distclean-libtool: - -rm -f libtool -uninstall-info-am: - ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ - list='$(DISTFILES)'; for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ - esac; \ + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkdir_p) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -797,7 +540,7 @@ check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(mkdir_p) "$$dir"; \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am @@ -819,6 +562,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -832,7 +576,7 @@ distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ - distclean-libtool distclean-tags + distclean-tags dvi: dvi-am @@ -840,18 +584,38 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: install-data-am: +install-dvi: install-dvi-am + +install-dvi-am: + install-exec-am: install-libLTLIBRARIES +install-html: install-html-am + +install-html-am: + install-info: install-info-am +install-info-am: + install-man: +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -872,20 +636,24 @@ ps: ps-am ps-am: -uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES +uninstall-am: uninstall-libLTLIBRARIES + +.MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-exec \ - install-exec-am install-info install-info-am \ - install-libLTLIBRARIES install-man install-strip installcheck \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-info-am \ - uninstall-libLTLIBRARIES + tags uninstall uninstall-am uninstall-libLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/lib/openpam_borrow_cred.c b/lib/openpam_borrow_cred.c index 79a349f..e0dfc55 100644 --- a/lib/openpam_borrow_cred.c +++ b/lib/openpam_borrow_cred.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_borrow_cred.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_borrow_cred.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_check_owner_perms.c b/lib/openpam_check_owner_perms.c new file mode 100644 index 0000000..67cedc0 --- /dev/null +++ b/lib/openpam_check_owner_perms.c @@ -0,0 +1,127 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM internal + * + * Verify that the file or directory referenced by the given descriptor is + * owned by either root or the arbitrator and that it is not writable by + * group or other. + */ + +int +openpam_check_desc_owner_perms(const char *name, int fd) +{ + uid_t root, arbitrator; + struct stat sb; + int serrno; + + root = 0; + arbitrator = geteuid(); + if (fstat(fd, &sb) != 0) { + serrno = errno; + openpam_log(PAM_LOG_ERROR, "%s: %m", name); + errno = serrno; + return (-1); + } + if ((sb.st_uid != root && sb.st_uid != arbitrator) || + (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + openpam_log(PAM_LOG_ERROR, + "%s: insecure ownership or permissions", name); + errno = EPERM; + return (-1); + } + return (0); +} + +/* + * OpenPAM internal + * + * Verify that a file or directory and all components of the path leading + * up to it are owned by either root or the arbitrator and that they are + * not writable by group or other. + * + * Note that openpam_check_file_owner_perms() should be used instead if + * possible to avoid a race between the ownership / permission check and + * the actual open(). + */ + +int +openpam_check_path_owner_perms(const char *path) +{ + uid_t root, arbitrator; + char pathbuf[PATH_MAX]; + struct stat sb; + int len, serrno; + + root = 0; + arbitrator = geteuid(); + if (realpath(path, pathbuf) == NULL) + return (-1); + len = strlen(pathbuf); + while (len > 0) { + if (stat(pathbuf, &sb) != 0) { + serrno = errno; + openpam_log(PAM_LOG_ERROR, "%s: %m", pathbuf); + errno = serrno; + return (-1); + } + if ((sb.st_uid != root && sb.st_uid != arbitrator) || + (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + openpam_log(PAM_LOG_ERROR, + "%s: insecure ownership or permissions", pathbuf); + errno = EPERM; + return (-1); + } + while (--len > 0 && pathbuf[len] != '/') + pathbuf[len] = '\0'; + } + return (0); +} + +/* + * NOPARSE + */ diff --git a/lib/openpam_configure.c b/lib/openpam_configure.c index f9197ad..d395565 100644 --- a/lib/openpam_configure.c +++ b/lib/openpam_configure.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_configure.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_configure.c 500 2011-11-22 12:07:03Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include @@ -44,80 +48,301 @@ #include #include "openpam_impl.h" +#include "openpam_strlcmp.h" -const char *_pam_facility_name[PAM_NUM_FACILITIES] = { - [PAM_ACCOUNT] = "account", - [PAM_AUTH] = "auth", - [PAM_PASSWORD] = "password", - [PAM_SESSION] = "session", -}; +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); -const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { - [PAM_BINDING] = "binding", - [PAM_OPTIONAL] = "optional", - [PAM_REQUIRED] = "required", - [PAM_REQUISITE] = "requisite", - [PAM_SUFFICIENT] = "sufficient", -}; +/* + * Evaluates to non-zero if the argument is a linear whitespace character. + */ +#define is_lws(ch) \ + (ch == ' ' || ch == '\t') -static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); +/* + * Evaluates to non-zero if the argument is a printable ASCII character. + * Assumes that the execution character set is a superset of ASCII. + */ +#define is_p(ch) \ + (ch >= '!' && ch <= '~') + +/* + * Returns non-zero if the argument belongs to the POSIX Portable Filename + * Character Set. Assumes that the execution character set is a superset + * of ASCII. + */ +#define is_pfcs(ch) \ + ((ch >= '0' && ch <= '9') || \ + (ch >= 'A' && ch <= 'Z') || \ + (ch >= 'a' && ch <= 'z') || \ + ch == '.' || ch == '_' || ch == '-') /* - * Matches a word against the first one in a string. - * Returns non-zero if they match. + * Parse the service name. + * + * Returns the length of the service name, or 0 if the end of the string + * was reached or a disallowed non-whitespace character was encountered. + * + * If parse_service_name() is successful, it updates *service to point to + * the first character of the service name and *line to point one + * character past the end. If it reaches the end of the string, it + * updates *line to point to the terminating NUL character and leaves + * *service unmodified. In all other cases, it leaves both *line and + * *service unmodified. + * + * Allowed characters are all characters in the POSIX portable filename + * character set. */ static int -match_word(const char *str, const char *word) +parse_service_name(char **line, char **service) { + char *b, *e; - while (*str && tolower(*str) == tolower(*word)) - ++str, ++word; - return (*str == ' ' && *word == '\0'); + for (b = *line; *b && is_lws(*b); ++b) + /* nothing */ ; + if (!*b) { + *line = b; + return (0); + } + for (e = b; *e && !is_lws(*e); ++e) + if (!is_pfcs(*e)) + return (0); + if (e == b) + return (0); + *line = e; + *service = b; + return (e - b); } /* - * Return a pointer to the next word (or the final NUL) in a string. + * Parse the facility name. + * + * Returns the corresponding pam_facility_t value, or -1 if the end of the + * string was reached, a disallowed non-whitespace character was + * encountered, or the first word was not a recognized facility name. + * + * If parse_facility_name() is successful, it updates *line to point one + * character past the end of the facility name. If it reaches the end of + * the string, it updates *line to point to the terminating NUL character. + * In all other cases, it leaves *line unmodified. */ -static const char * -next_word(const char *str) +static pam_facility_t +parse_facility_name(char **line) { + char *b, *e; + int i; - /* skip current word */ - while (*str && *str != ' ') - ++str; - /* skip whitespace */ - while (*str == ' ') - ++str; - return (str); + for (b = *line; *b && is_lws(*b); ++b) + /* nothing */ ; + if (!*b) { + *line = b; + return ((pam_facility_t)-1); + } + for (e = b; *e && !is_lws(*e); ++e) + /* nothing */ ; + if (e == b) + return ((pam_facility_t)-1); + for (i = 0; i < PAM_NUM_FACILITIES; ++i) + if (strlcmp(pam_facility_name[i], b, e - b) == 0) + break; + if (i == PAM_NUM_FACILITIES) + return ((pam_facility_t)-1); + *line = e; + return (i); } /* - * Return a malloc()ed copy of the first word in a string. + * Parse the word "include". + * + * If the next word on the line is "include", parse_include() updates + * *line to point one character past "include" and returns 1. Otherwise, + * it leaves *line unmodified and returns 0. + */ +static int +parse_include(char **line) +{ + char *b, *e; + + for (b = *line; *b && is_lws(*b); ++b) + /* nothing */ ; + if (!*b) { + *line = b; + return (-1); + } + for (e = b; *e && !is_lws(*e); ++e) + /* nothing */ ; + if (e == b) + return (0); + if (strlcmp("include", b, e - b) != 0) + return (0); + *line = e; + return (1); +} + +/* + * Parse the control flag. + * + * Returns the corresponding pam_control_t value, or -1 if the end of the + * string was reached, a disallowed non-whitespace character was + * encountered, or the first word was not a recognized control flag. + * + * If parse_control_flag() is successful, it updates *line to point one + * character past the end of the control flag. If it reaches the end of + * the string, it updates *line to point to the terminating NUL character. + * In all other cases, it leaves *line unmodified. + */ +static pam_control_t +parse_control_flag(char **line) +{ + char *b, *e; + int i; + + for (b = *line; *b && is_lws(*b); ++b) + /* nothing */ ; + if (!*b) { + *line = b; + return ((pam_control_t)-1); + } + for (e = b; *e && !is_lws(*e); ++e) + /* nothing */ ; + if (e == b) + return ((pam_control_t)-1); + for (i = 0; i < PAM_NUM_CONTROL_FLAGS; ++i) + if (strlcmp(pam_control_flag_name[i], b, e - b) == 0) + break; + if (i == PAM_NUM_CONTROL_FLAGS) + return ((pam_control_t)-1); + *line = e; + return (i); +} + +/* + * Parse a file name. + * + * Returns the length of the file name, or 0 if the end of the string was + * reached or a disallowed non-whitespace character was encountered. + * + * If parse_filename() is successful, it updates *filename to point to the + * first character of the filename and *line to point one character past + * the end. If it reaches the end of the string, it updates *line to + * point to the terminating NUL character and leaves *filename unmodified. + * In all other cases, it leaves both *line and *filename unmodified. + * + * Allowed characters are all characters in the POSIX portable filename + * character set, plus the path separator (forward slash). + */ +static int +parse_filename(char **line, char **filename) +{ + char *b, *e; + + for (b = *line; *b && is_lws(*b); ++b) + /* nothing */ ; + if (!*b) { + *line = b; + return (0); + } + for (e = b; *e && !is_lws(*e); ++e) + if (!is_pfcs(*e) && *e != '/') + return (0); + if (e == b) + return (0); + *line = e; + *filename = b; + return (e - b); +} + +/* + * Parse an option. + * + * Returns a dynamically allocated string containing the next module + * option, or NULL if the end of the string was reached or a disallowed + * non-whitespace character was encountered. + * + * If parse_option() is successful, it updates *line to point one + * character past the end of the option. If it reaches the end of the + * string, it updates *line to point to the terminating NUL character. In + * all other cases, it leaves *line unmodified. + * + * If parse_option() fails to allocate memory, it will return NULL and set + * errno to a non-zero value. + * + * Allowed characters for option names are all characters in the POSIX + * portable filename character set. Allowed characters for option values + * are any printable non-whitespace characters. The option value may be + * quoted in either single or double quotes, in which case space + * characters and whichever quote character was not used are allowed. + * Note that the entire value must be quoted, not just part of it. */ static char * -dup_word(const char *str) +parse_option(char **line) { - const char *end; - char *word; + char *nb, *ne, *vb, *ve; + unsigned char q = 0; + char *option; + size_t size; - for (end = str; *end && *end != ' '; ++end) + errno = 0; + for (nb = *line; *nb && is_lws(*nb); ++nb) /* nothing */ ; - if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + if (!*nb) { + *line = nb; + return (NULL); + } + for (ne = nb; *ne && !is_lws(*ne) && *ne != '='; ++ne) + if (!is_pfcs(*ne)) + return (NULL); + if (ne == nb) + return (NULL); + if (*ne == '=') { + vb = ne + 1; + if (*vb == '"' || *vb == '\'') + q = *vb++; + for (ve = vb; + *ve && *ve != q && (is_p(*ve) || (q && is_lws(*ve))); + ++ve) + /* nothing */ ; + if (q && *ve != q) + /* non-printable character or missing endquote */ + return (NULL); + if (q && *(ve + 1) && !is_lws(*(ve + 1))) + /* garbage after value */ + return (NULL); + } else { + vb = ve = ne; + } + size = (ne - nb) + 1; + if (ve > vb) + size += (ve - vb) + 1; + if ((option = malloc(size)) == NULL) return (NULL); - return (word); + strncpy(option, nb, ne - nb); + if (ve > vb) { + option[ne - nb] = '='; + strncpy(option + (ne - nb) + 1, vb, ve - vb); + } + option[size - 1] = '\0'; + *line = q ? ve + 1 : ve; + return (option); } /* - * Return the length of the first word in a string. + * Consume trailing whitespace. + * + * If there are no non-whitespace characters left on the line, parse_eol() + * updates *line to point at the terminating NUL character and returns 0. + * Otherwise, it leaves *line unmodified and returns a non-zero value. */ static int -wordlen(const char *str) +parse_eol(char **line) { - int i; + char *p; - for (i = 0; str[i] && str[i] != ' '; ++i) + for (p = *line; *p && is_lws(*p); ++p) /* nothing */ ; - return (i); + if (*p) + return ((unsigned char)*p); + *line = p; + return (0); } typedef enum { pam_conf_style, pam_d_style } openpam_style_t; @@ -126,126 +351,139 @@ typedef enum { pam_conf_style, pam_d_style } openpam_style_t; * Extracts given chains from a policy file. */ static int -openpam_read_chain(pam_handle_t *pamh, +openpam_parse_chain(pam_handle_t *pamh, const char *service, pam_facility_t facility, const char *filename, openpam_style_t style) { pam_chain_t *this, **next; - const char *p, *q; - int count, i, lineno, ret; pam_facility_t fclt; pam_control_t ctlf; - char *line, *name; + char *line, *str, *name; + char *option, **optv; + int len, lineno, ret; FILE *f; if ((f = fopen(filename, "r")) == NULL) { openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, "%s: %m", filename); - return (0); + return (PAM_SUCCESS); + } + if (openpam_check_desc_owner_perms(filename, fileno(f)) != 0) { + fclose(f); + return (PAM_SYSTEM_ERR); } this = NULL; - count = lineno = 0; + name = NULL; + lineno = 0; while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { - p = line; - - /* match service name */ + /* get service name if necessary */ if (style == pam_conf_style) { - if (!match_word(p, service)) { + if ((len = parse_service_name(&line, &str)) == 0) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid service name (ignored)", + filename, lineno); + FREE(line); + continue; + } + if (strlcmp(service, str, len) != 0) { FREE(line); continue; } - p = next_word(p); } - /* match facility name */ - for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) - if (match_word(p, _pam_facility_name[fclt])) - break; - if (fclt == PAM_NUM_FACILITIES) { - openpam_log(PAM_LOG_NOTICE, - "%s(%d): invalid facility '%.*s' (ignored)", - filename, lineno, wordlen(p), p); + /* get facility name */ + if ((fclt = parse_facility_name(&line)) == (pam_facility_t)-1) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing or invalid facility", + filename, lineno); goto fail; } if (facility != fclt && facility != PAM_FACILITY_ANY) { FREE(line); continue; } - p = next_word(p); - /* include other chain */ - if (match_word(p, "include")) { - p = next_word(p); - if (*next_word(p) != '\0') - openpam_log(PAM_LOG_NOTICE, - "%s(%d): garbage at end of 'include' line", + /* check for "include" */ + if (parse_include(&line)) { + if ((len = parse_service_name(&line, &str)) == 0) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing or invalid filename", filename, lineno); - if ((name = dup_word(p)) == NULL) + goto fail; + } + if ((name = strndup(str, len)) == NULL) goto syserr; + if (parse_eol(&line) != 0) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): garbage at end of line", + filename, lineno); + goto fail; + } ret = openpam_load_chain(pamh, name, fclt); FREE(name); - if (ret < 0) + if (ret != PAM_SUCCESS) goto fail; - count += ret; FREE(line); continue; } - /* allocate new entry */ - if ((this = calloc(1, sizeof *this)) == NULL) - goto syserr; + /* get control flag */ + if ((ctlf = parse_control_flag(&line)) == (pam_control_t)-1) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing or invalid control flag", + filename, lineno); + goto fail; + } - /* control flag */ - for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) - if (match_word(p, _pam_control_flag_name[ctlf])) - break; - if (ctlf == PAM_NUM_CONTROL_FLAGS) { + /* get module name */ + if ((len = parse_filename(&line, &str)) == 0) { openpam_log(PAM_LOG_ERROR, - "%s(%d): invalid control flag '%.*s'", - filename, lineno, wordlen(p), p); + "%s(%d): missing or invalid module name", + filename, lineno); goto fail; } + if ((name = strndup(str, len)) == NULL) + goto syserr; + + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; this->flag = ctlf; - /* module name */ - p = next_word(p); - if (*p == '\0') { + /* get module options */ + if ((this->optv = malloc(sizeof *optv)) == NULL) + goto syserr; + this->optc = 0; + while ((option = parse_option(&line)) != NULL) { + optv = realloc(this->optv, + (this->optc + 2) * sizeof *optv); + if (optv == NULL) + goto syserr; + this->optv = optv; + this->optv[this->optc++] = option; + } + this->optv[this->optc] = NULL; + if (*line != '\0') { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing module name", + "%s(%d): syntax error in module options", filename, lineno); goto fail; } - if ((name = dup_word(p)) == NULL) - goto syserr; + + /* load module */ this->module = openpam_load_module(name); FREE(name); if (this->module == NULL) goto fail; - /* module options */ - p = q = next_word(p); - while (*q != '\0') { - ++this->optc; - q = next_word(q); - } - this->optv = calloc(this->optc + 1, sizeof(char *)); - if (this->optv == NULL) - goto syserr; - for (i = 0; i < this->optc; ++i) { - if ((this->optv[i] = dup_word(p)) == NULL) - goto syserr; - p = next_word(p); - } - /* hook it up */ for (next = &pamh->chains[fclt]; *next != NULL; next = &(*next)->next) /* nothing */ ; *next = this; this = NULL; - ++count; /* next please... */ FREE(line); @@ -253,14 +491,20 @@ openpam_read_chain(pam_handle_t *pamh, if (!feof(f)) goto syserr; fclose(f); - return (count); - syserr: + return (PAM_SUCCESS); +syserr: openpam_log(PAM_LOG_ERROR, "%s: %m", filename); - fail: +fail: + if (this && this->optc) { + while (this->optc--) + FREE(this->optv[this->optc]); + FREE(this->optv); + } FREE(this); FREE(line); + FREE(name); fclose(f); - return (-1); + return (PAM_SYSTEM_ERR); } static const char *openpam_policy_path[] = { @@ -283,26 +527,26 @@ openpam_load_chain(pam_handle_t *pamh, const char **path; char *filename; size_t len; - int r; + int ret; for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { if (asprintf(&filename, "%s%s", *path, service) < 0) { openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); - return (-PAM_BUF_ERR); + return (PAM_BUF_ERR); } - r = openpam_read_chain(pamh, service, facility, + ret = openpam_parse_chain(pamh, service, facility, filename, pam_d_style); FREE(filename); } else { - r = openpam_read_chain(pamh, service, facility, + ret = openpam_parse_chain(pamh, service, facility, *path, pam_conf_style); } - if (r != 0) - return (r); + if (ret != PAM_SUCCESS) + return (ret); } - return (0); + return (PAM_SUCCESS); } /* @@ -316,18 +560,23 @@ openpam_configure(pam_handle_t *pamh, const char *service) { pam_facility_t fclt; + const char *p; + + for (p = service; *p; ++p) + if (!is_pfcs(*p)) + return (PAM_SYSTEM_ERR); - if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS) goto load_err; for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { if (pamh->chains[fclt] != NULL) continue; - if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + if (openpam_load_chain(pamh, PAM_OTHER, fclt) != PAM_SUCCESS) goto load_err; } return (PAM_SUCCESS); - load_err: +load_err: openpam_clear_chains(pamh->chains); return (PAM_SYSTEM_ERR); } diff --git a/lib/openpam_constants.c b/lib/openpam_constants.c new file mode 100644 index 0000000..833e81f --- /dev/null +++ b/lib/openpam_constants.c @@ -0,0 +1,127 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_constants.c 491 2011-11-12 00:12:32Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "openpam_impl.h" + +const char *pam_err_name[PAM_NUM_ERRORS] = { + "PAM_SUCCESS", + "PAM_OPEN_ERR", + "PAM_SYMBOL_ERR", + "PAM_SERVICE_ERR", + "PAM_SYSTEM_ERR", + "PAM_BUF_ERR", + "PAM_CONV_ERR", + "PAM_PERM_DENIED", + "PAM_MAXTRIES", + "PAM_AUTH_ERR", + "PAM_NEW_AUTHTOK_REQD", + "PAM_CRED_INSUFFICIENT", + "PAM_AUTHINFO_UNAVAIL", + "PAM_USER_UNKNOWN", + "PAM_CRED_UNAVAIL", + "PAM_CRED_EXPIRED", + "PAM_CRED_ERR", + "PAM_ACCT_EXPIRED", + "PAM_AUTHTOK_EXPIRED", + "PAM_SESSION_ERR", + "PAM_AUTHTOK_ERR", + "PAM_AUTHTOK_RECOVERY_ERR", + "PAM_AUTHTOK_LOCK_BUSY", + "PAM_AUTHTOK_DISABLE_AGING", + "PAM_NO_MODULE_DATA", + "PAM_IGNORE", + "PAM_ABORT", + "PAM_TRY_AGAIN", + "PAM_MODULE_UNKNOWN", + "PAM_DOMAIN_UNKNOWN" +}; + +const char *pam_item_name[PAM_NUM_ITEMS] = { + "(NO ITEM)", + "PAM_SERVICE", + "PAM_USER", + "PAM_TTY", + "PAM_RHOST", + "PAM_CONV", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", + "PAM_RUSER", + "PAM_USER_PROMPT", + "PAM_REPOSITORY", + "PAM_AUTHTOK_PROMPT", + "PAM_OLDAUTHTOK_PROMPT", + "PAM_HOST", +}; + +const char *pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +const char *pam_func_name[PAM_NUM_PRIMITIVES] = { + "pam_authenticate", + "pam_setcred", + "pam_acct_mgmt", + "pam_open_session", + "pam_close_session", + "pam_chauthtok" +}; + +const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_authenticate", + "pam_sm_setcred", + "pam_sm_acct_mgmt", + "pam_sm_open_session", + "pam_sm_close_session", + "pam_sm_chauthtok" +}; diff --git a/lib/openpam_constants.h b/lib/openpam_constants.h new file mode 100644 index 0000000..b923179 --- /dev/null +++ b/lib/openpam_constants.h @@ -0,0 +1,40 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_constants.h 491 2011-11-12 00:12:32Z des $ + */ + +#ifndef OPENPAM_CONSTANTS_INCLUDED +#define OPENPAM_CONSTANTS_INCLUDED + +extern const char *pam_err_name[PAM_NUM_ERRORS]; +extern const char *pam_item_name[PAM_NUM_ITEMS]; +extern const char *pam_facility_name[PAM_NUM_FACILITIES]; +extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS]; +extern const char *pam_func_name[PAM_NUM_PRIMITIVES]; +extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES]; + +#endif diff --git a/lib/openpam_debug.h b/lib/openpam_debug.h new file mode 100644 index 0000000..ef2884d --- /dev/null +++ b/lib/openpam_debug.h @@ -0,0 +1,103 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_debug.h 491 2011-11-12 00:12:32Z des $ + */ + +#ifndef OPENPAM_DEBUG_INCLUDED +#define OPENPAM_DEBUG_INCLUDED + +#ifdef OPENPAM_DEBUG +#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTERI(i) do { \ + int i_ = (i); \ + if (i_ > 0 && i_ < PAM_NUM_ITEMS) \ + openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \ +} while (0) +#define ENTERN(n) do { \ + int n_ = (n); \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \ +} while (0) +#define ENTERS(s) do { \ + const char *s_ = (s); \ + if (s_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define RETURNC(c) do { \ + int c_ = (c); \ + if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \ + openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \ + return (c_); \ +} while (0) +#define RETURNN(n) do { \ + int n_ = (n); \ + openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \ + return (n_); \ +} while (0) +#define RETURNP(p) do { \ + const void *p_ = (p); \ + if (p_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \ + return (p_); \ +} while (0) +#define RETURNS(s) do { \ + const char *s_ = (s); \ + if (s_ == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \ + return (s_); \ +} while (0) +#else +#define ENTER() +#define ENTERI(i) +#define ENTERN(n) +#define ENTERS(s) +#define RETURNV() return +#define RETURNC(c) return (c) +#define RETURNN(n) return (n) +#define RETURNP(p) return (p) +#define RETURNS(s) return (s) +#endif + +#endif diff --git a/lib/openpam_dispatch.c b/lib/openpam_dispatch.c index 69fe472..54dfd3b 100644 --- a/lib/openpam_dispatch.c +++ b/lib/openpam_dispatch.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dispatch.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_dispatch.c 501 2011-12-07 01:28:05Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -42,9 +46,9 @@ #include "openpam_impl.h" #if !defined(OPENPAM_RELAX_CHECKS) -static void _openpam_check_error_code(int, int); +static void openpam_check_error_code(int, int); #else -#define _openpam_check_error_code(a, b) +#define openpam_check_error_code(a, b) #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* @@ -60,9 +64,7 @@ openpam_dispatch(pam_handle_t *pamh, { pam_chain_t *chain; int err, fail, r; -#ifdef DEBUG int debug; -#endif ENTER(); if (pamh == NULL) @@ -72,9 +74,9 @@ openpam_dispatch(pam_handle_t *pamh, if (pamh->current != NULL) { openpam_log(PAM_LOG_ERROR, "%s() called while %s::%s() is in progress", - _pam_func_name[primitive], + pam_func_name[primitive], pamh->current->module->path, - _pam_sm_func_name[pamh->primitive]); + pam_sm_func_name[pamh->primitive]); RETURNC(PAM_ABORT); } @@ -102,28 +104,24 @@ openpam_dispatch(pam_handle_t *pamh, for (err = fail = 0; chain != NULL; chain = chain->next) { if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", - chain->module->path, _pam_sm_func_name[primitive]); - continue; + chain->module->path, pam_sm_func_name[primitive]); + r = PAM_SYSTEM_ERR; } else { pamh->primitive = primitive; pamh->current = chain; -#ifdef DEBUG debug = (openpam_get_option(pamh, "debug") != NULL); if (debug) - ++_openpam_debug; + ++openpam_debug; openpam_log(PAM_LOG_DEBUG, "calling %s() in %s", - _pam_sm_func_name[primitive], chain->module->path); -#endif + pam_sm_func_name[primitive], chain->module->path); r = (chain->module->func[primitive])(pamh, flags, chain->optc, (const char **)chain->optv); pamh->current = NULL; -#ifdef DEBUG openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", - chain->module->path, _pam_sm_func_name[primitive], + chain->module->path, pam_sm_func_name[primitive], pam_strerror(pamh, r)); if (debug) - --_openpam_debug; -#endif + --openpam_debug; } if (r == PAM_IGNORE) @@ -143,7 +141,7 @@ openpam_dispatch(pam_handle_t *pamh, continue; } - _openpam_check_error_code(primitive, r); + openpam_check_error_code(primitive, r); /* * Record the return code from the first module to @@ -177,7 +175,7 @@ openpam_dispatch(pam_handle_t *pamh, #if !defined(OPENPAM_RELAX_CHECKS) static void -_openpam_check_error_code(int primitive, int r) +openpam_check_error_code(int primitive, int r) { /* common error codes */ if (r == PAM_SUCCESS || @@ -229,7 +227,7 @@ _openpam_check_error_code(int primitive, int r) } openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", - _pam_sm_func_name[primitive], r); + pam_sm_func_name[primitive], r); } #endif /* !defined(OPENPAM_RELAX_CHECKS) */ diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c index 084408e..d44174f 100644 --- a/lib/openpam_dynamic.c +++ b/lib/openpam_dynamic.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,13 +32,19 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dynamic.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_dynamic.c 502 2011-12-18 13:59:22Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include +#include #include #include #include +#include #include @@ -51,21 +57,35 @@ /* * OpenPAM internal * + * Perform sanity checks and attempt to load a module + */ + +static void * +try_dlopen(const char *modfn) +{ + + if (openpam_check_path_owner_perms(modfn) != 0) + return (NULL); + return (dlopen(modfn, RTLD_NOW)); +} + +/* + * OpenPAM internal + * * Locate a dynamically linked module */ pam_module_t * openpam_dynamic(const char *path) { + const pam_module_t *dlmodule; pam_module_t *module; const char *prefix; char *vpath; void *dlh; - int i; + int i, serrno; dlh = NULL; - if ((module = calloc(1, sizeof *module)) == NULL) - goto buf_err; /* Prepend the standard prefix if not an absolute pathname. */ if (path[0] != '/') @@ -75,33 +95,36 @@ openpam_dynamic(const char *path) /* try versioned module first, then unversioned module */ if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0) - goto buf_err; - if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { - openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + goto err; + if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) { *strrchr(vpath, '.') = '\0'; - if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { - openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); - FREE(vpath); - FREE(module); - return (NULL); - } + dlh = try_dlopen(vpath); } + serrno = errno; FREE(vpath); + errno = serrno; + if (dlh == NULL) + goto err; + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; if ((module->path = strdup(path)) == NULL) goto buf_err; module->dlh = dlh; + dlmodule = dlsym(dlh, "_pam_module"); for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { - module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); + module->func[i] = dlmodule ? dlmodule->func[i] : + (pam_func_t)dlsym(dlh, pam_sm_func_name[i]); if (module->func[i] == NULL) openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", - path, _pam_sm_func_name[i], dlerror()); + path, pam_sm_func_name[i], dlerror()); } return (module); - buf_err: - openpam_log(PAM_LOG_ERROR, "%m"); +buf_err: if (dlh != NULL) dlclose(dlh); FREE(module); +err: + openpam_log(PAM_LOG_ERROR, "%m"); return (NULL); } diff --git a/lib/openpam_findenv.c b/lib/openpam_findenv.c index d78e147..b833ec9 100644 --- a/lib/openpam_findenv.c +++ b/lib/openpam_findenv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_findenv.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_findenv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_free_data.c b/lib/openpam_free_data.c index e071c0a..561687c 100644 --- a/lib/openpam_free_data.c +++ b/lib/openpam_free_data.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_free_data.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_free_data.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_free_envlist.c b/lib/openpam_free_envlist.c index 346c2dd..14754dc 100644 --- a/lib/openpam_free_envlist.c +++ b/lib/openpam_free_envlist.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2005 Dag-Erling Coïdan Smørgrav + * Copyright (c) 2005-2011 Dag-Erling Smørgrav * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -25,9 +25,13 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Id: openpam_free_envlist.c 320 2006-02-16 20:33:19Z des $ + * $Id: openpam_free_envlist.c 447 2011-10-22 02:47:36Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -63,4 +67,6 @@ openpam_free_envlist(char **envlist) * frees all the environment variables in an environment list, and the * list itself. * It is suitable for freeing the return value from =pam_getenvlist. + * + * AUTHOR DES */ diff --git a/lib/openpam_get_option.c b/lib/openpam_get_option.c index 73bc070..b5faa87 100644 --- a/lib/openpam_get_option.c +++ b/lib/openpam_get_option.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_get_option.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_get_option.c 482 2011-11-03 16:33:02Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h index 7704d4e..ba4d455 100644 --- a/lib/openpam_impl.h +++ b/lib/openpam_impl.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,24 +32,15 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_impl.h 499 2011-11-22 11:51:50Z des $ */ -#ifndef _OPENPAM_IMPL_H_INCLUDED -#define _OPENPAM_IMPL_H_INCLUDED - -#ifdef HAVE_CONFIG_H -# include -#endif +#ifndef OPENPAM_IMPL_H_INCLUDED +#define OPENPAM_IMPL_H_INCLUDED #include -extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; -extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; -extern const char *_pam_err_name[PAM_NUM_ERRORS]; -extern const char *_pam_item_name[PAM_NUM_ITEMS]; - -extern int _openpam_debug; +extern int openpam_debug; /* * Control flags @@ -75,6 +66,9 @@ typedef enum { PAM_NUM_FACILITIES } pam_facility_t; +/* + * Module chains + */ typedef struct pam_chain pam_chain_t; struct pam_chain { pam_module_t *module; @@ -84,6 +78,21 @@ struct pam_chain { pam_chain_t *next; }; +/* + * Service policies + */ +#if defined(OPENPAM_EMBEDDED) +typedef struct pam_policy pam_policy_t; +struct pam_policy { + const char *service; + pam_chain_t *chains[PAM_NUM_FACILITIES]; +}; +extern pam_policy_t *pam_embedded_policies[]; +#endif + +/* + * Module-specific data + */ typedef struct pam_data pam_data_t; struct pam_data { char *name; @@ -92,6 +101,9 @@ struct pam_data { pam_data_t *next; }; +/* + * PAM context + */ struct pam_handle { char *service; @@ -111,6 +123,9 @@ struct pam_handle { }; #ifdef NGROUPS_MAX +/* + * Saved credentials + */ #define PAM_SAVED_CRED "pam_saved_cred" struct pam_saved_cred { uid_t euid; @@ -120,14 +135,23 @@ struct pam_saved_cred { }; #endif +/* + * Default policy + */ #define PAM_OTHER "other" +/* + * Internal functions + */ int openpam_configure(pam_handle_t *, const char *); int openpam_dispatch(pam_handle_t *, int, int); int openpam_findenv(pam_handle_t *, const char *, size_t); pam_module_t *openpam_load_module(const char *); void openpam_clear_chains(pam_chain_t **); +int openpam_check_desc_owner_perms(const char *, int); +int openpam_check_path_owner_perms(const char *); + #ifdef OPENPAM_STATIC_MODULES pam_module_t *openpam_static(const char *); #endif @@ -135,66 +159,7 @@ pam_module_t *openpam_dynamic(const char *); #define FREE(p) do { free((p)); (p) = NULL; } while (0) -#ifdef DEBUG -#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") -#define ENTERI(i) do { \ - int _i = (i); \ - if (_i > 0 && _i < PAM_NUM_ITEMS) \ - openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \ - else \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \ -} while (0) -#define ENTERN(n) do { \ - int _n = (n); \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \ -} while (0) -#define ENTERS(s) do { \ - const char *_s = (s); \ - if (_s == NULL) \ - openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \ -} while (0) -#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") -#define RETURNC(c) do { \ - int _c = (c); \ - if (_c >= 0 && _c < PAM_NUM_ERRORS) \ - openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \ - return (_c); \ -} while (0) -#define RETURNN(n) do { \ - int _n = (n); \ - openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \ - return (_n); \ -} while (0) -#define RETURNP(p) do { \ - const void *_p = (p); \ - if (_p == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \ - return (p); \ -} while (0) -#define RETURNS(s) do { \ - const char *_s = (s); \ - if (_s == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ - else \ - openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \ - return (_s); \ -} while (0) -#else -#define ENTER() -#define ENTERI(i) -#define ENTERN(n) -#define ENTERS(s) -#define RETURNV() return -#define RETURNC(c) return (c) -#define RETURNN(n) return (n) -#define RETURNP(p) return (p) -#define RETURNS(s) return (s) -#endif +#include "openpam_constants.h" +#include "openpam_debug.h" #endif diff --git a/lib/openpam_load.c b/lib/openpam_load.c index 303f3f5..0eb8ea7 100644 --- a/lib/openpam_load.c +++ b/lib/openpam_load.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_load.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_load.c 491 2011-11-12 00:12:32Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include @@ -43,24 +47,6 @@ #include "openpam_impl.h" -const char *_pam_func_name[PAM_NUM_PRIMITIVES] = { - "pam_authenticate", - "pam_setcred", - "pam_acct_mgmt", - "pam_open_session", - "pam_close_session", - "pam_chauthtok" -}; - -const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { - "pam_sm_authenticate", - "pam_sm_setcred", - "pam_sm_acct_mgmt", - "pam_sm_open_session", - "pam_sm_close_session", - "pam_sm_chauthtok" -}; - /* * Locate a matching dynamic or static module. */ @@ -122,10 +108,8 @@ openpam_destroy_chain(pam_chain_t *chain) return; openpam_destroy_chain(chain->next); chain->next = NULL; - while (chain->optc) { - --chain->optc; + while (chain->optc--) FREE(chain->optv[chain->optc]); - } FREE(chain->optv); openpam_release_module(chain->module); chain->module = NULL; diff --git a/lib/openpam_log.c b/lib/openpam_log.c index e492294..9e3d28b 100644 --- a/lib/openpam_log.c +++ b/lib/openpam_log.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_log.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_log.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include @@ -47,9 +51,9 @@ #include "openpam_impl.h" #ifdef OPENPAM_DEBUG -int _openpam_debug = 1; +int openpam_debug = 1; #else -int _openpam_debug = 0; +int openpam_debug = 0; #endif #if !defined(openpam_log) @@ -68,7 +72,7 @@ openpam_log(int level, const char *fmt, ...) switch (level) { case PAM_LOG_DEBUG: - if (!_openpam_debug) + if (!openpam_debug) return; priority = LOG_DEBUG; break; @@ -99,7 +103,7 @@ _openpam_log(int level, const char *func, const char *fmt, ...) switch (level) { case PAM_LOG_DEBUG: - if (!_openpam_debug) + if (!openpam_debug) return; priority = LOG_DEBUG; break; @@ -136,7 +140,7 @@ _openpam_log(int level, const char *func, const char *fmt, ...) * =PAM_LOG_DEBUG: * Debugging messages. * These messages are normally not logged unless the global - * integer variable :_openpam_debug is set to a non-zero + * integer variable :openpam_debug is set to a non-zero * value, in which case they are logged with a =syslog * priority of =LOG_DEBUG. * =PAM_LOG_VERBOSE: diff --git a/lib/openpam_nullconv.c b/lib/openpam_nullconv.c index 3294dcf..a95b1e0 100644 --- a/lib/openpam_nullconv.c +++ b/lib/openpam_nullconv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_nullconv.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_nullconv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_readline.c b/lib/openpam_readline.c index 17f03f3..9cc8cc1 100644 --- a/lib/openpam_readline.c +++ b/lib/openpam_readline.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_readline.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_readline.c 473 2011-11-03 10:48:25Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include @@ -83,33 +87,23 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp) } /* eof */ if (ch == EOF) { - /* remove trailing whitespace */ - while (len > 0 && isspace((int)line[len - 1])) - --len; - line[len] = '\0'; - if (len == 0) - goto fail; + /* done */ break; } /* eol */ if (ch == '\n') { if (lineno != NULL) ++*lineno; - - /* remove trailing whitespace */ - while (len > 0 && isspace((int)line[len - 1])) - --len; - line[len] = '\0'; /* skip blank lines */ if (len == 0) continue; /* continuation */ if (line[len - 1] == '\\') { line[--len] = '\0'; - /* fall through to whitespace case */ - } else { - break; + continue; } + /* done */ + break; } /* whitespace */ if (isspace(ch)) { @@ -123,10 +117,16 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp) line_putch(ch); } + /* remove trailing whitespace */ + while (len > 0 && isspace((unsigned char)line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; if (lenp != NULL) *lenp = len; return (line); - fail: +fail: FREE(line); return (NULL); } @@ -136,13 +136,14 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp) * in a NUL-terminated buffer allocated with =malloc. * * The =openpam_readline function performs a certain amount of processing - * on the data it reads. - * Comments (introduced by a hash sign) are stripped, as is leading and - * trailing whitespace. - * Any amount of linear whitespace is collapsed to a single space. - * Blank lines are ignored. - * If a line ends in a backslash, the backslash is stripped and the next - * line is appended. + * on the data it reads: + * + * - Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * - Any amount of linear whitespace is collapsed to a single space. + * - Blank lines are ignored. + * - If a line ends in a backslash, the backslash is stripped and the + * next line is appended. * * If =lineno is not =NULL, the integer variable it points to is * incremented every time a newline character is read. diff --git a/lib/openpam_restore_cred.c b/lib/openpam_restore_cred.c index 20e80d4..41d44d0 100644 --- a/lib/openpam_restore_cred.c +++ b/lib/openpam_restore_cred.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_restore_cred.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_restore_cred.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_set_option.c b/lib/openpam_set_option.c index 57161d3..c7cb1c7 100644 --- a/lib/openpam_set_option.c +++ b/lib/openpam_set_option.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_set_option.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_set_option.c 482 2011-11-03 16:33:02Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/openpam_static.c b/lib/openpam_static.c index c06ceed..40b807c 100644 --- a/lib/openpam_static.c +++ b/lib/openpam_static.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_static.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_static.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -43,7 +47,7 @@ #ifdef OPENPAM_STATIC_MODULES -SET_DECLARE(_openpam_static_modules, pam_module_t); +SET_DECLARE(openpam_static_modules, pam_module_t); /* * OpenPAM internal @@ -56,7 +60,7 @@ openpam_static(const char *path) { pam_module_t **module; - SET_FOREACH(module, _openpam_static_modules) { + SET_FOREACH(module, openpam_static_modules) { if (strcmp((*module)->path, path) == 0) return (*module); } diff --git a/lib/openpam_strlcmp.h b/lib/openpam_strlcmp.h new file mode 100644 index 0000000..c692225 --- /dev/null +++ b/lib/openpam_strlcmp.h @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlcmp.h 475 2011-11-03 15:29:24Z des $ + */ + +#ifndef OPENPAM_STRLCMP_H_INCLUDED +#define OPENPAM_STRLCMP_H_INCLUDED + +#ifndef HAVE_STRLCMP +/* like strcmp(3), but verifies that the entirety of s1 was matched */ +static int +strlcmp(const char *s1, const char *s2, size_t len) +{ + + for (; len && *s1 && *s2; --len, ++s1, ++s2) + if (*s1 != *s2) + return ((unsigned char)*s1 - (unsigned char)*s2); + return ((unsigned char)*s1); +} +#endif + +#endif diff --git a/lib/openpam_strlcpy.h b/lib/openpam_strlcpy.h new file mode 100644 index 0000000..921653b --- /dev/null +++ b/lib/openpam_strlcpy.h @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlcpy.h 492 2011-11-20 02:04:17Z des $ + */ + +#ifndef OPENPAM_STRLCPY_H_INCLUDED +#define OPENPAM_STRLCPY_H_INCLUDED + +#ifndef HAVE_STRLCPY +/* like strcpy(3), but always NUL-terminates; returns strlen(src) */ +size_t +strlcpy(char *dst, const char *src, size_t size) +{ + size_t len; + + for (len = 0; *src && size > 1; ++len, --size) + *dst++ = *src++; + *dst = '\0'; + while (*src) + ++len, ++src; + return (len); +} +#endif + +#endif diff --git a/lib/openpam_subst.c b/lib/openpam_subst.c new file mode 100644 index 0000000..d54b827 --- /dev/null +++ b/lib/openpam_subst.c @@ -0,0 +1,168 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_subst.c 461 2011-11-02 14:00:38Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "openpam_impl.h" + +#define subst_char(ch) do { \ + int ch_ = (ch); \ + if (buf && len < *bufsize) \ + *buf++ = ch_; \ + ++len; \ +} while (0) + +#define subst_string(s) do { \ + const char *s_ = (s); \ + while (*s_) \ + subst_char(*s_++); \ +} while (0) + +#define subst_item(i) do { \ + int i_ = (i); \ + const void *p_; \ + ret = pam_get_item(pamh, i_, &p_); \ + if (ret == PAM_SUCCESS && p_ != NULL) \ + subst_string(p_); \ +} while (0) + +/* + * OpenPAM internal + * + * Substitute PAM item values in a string + */ + +int +openpam_subst(const pam_handle_t *pamh, + char *buf, size_t *bufsize, const char *template) +{ + size_t len; + int ret; + + ENTERS(template); + if (template == NULL) + template = "(null)"; + + len = 1; /* initialize to 1 for terminating NUL */ + ret = PAM_SUCCESS; + while (*template && ret == PAM_SUCCESS) { + if (template[0] == '%') { + ++template; + switch (*template) { + case 's': + subst_item(PAM_SERVICE); + break; + case 't': + subst_item(PAM_TTY); + break; + case 'h': + subst_item(PAM_HOST); + break; + case 'u': + subst_item(PAM_USER); + break; + case 'H': + subst_item(PAM_RHOST); + break; + case 'U': + subst_item(PAM_RUSER); + break; + case '\0': + subst_char('%'); + break; + default: + subst_char('%'); + subst_char(*template); + } + ++template; + } else { + subst_char(*template++); + } + } + if (buf) + *buf = '\0'; + if (ret == PAM_SUCCESS) { + if (len > *bufsize) + ret = PAM_TRY_AGAIN; + *bufsize = len; + } + RETURNC(ret); +} + +/* + * Error codes: + * + * =pam_get_item + * !PAM_SYMBOL_ERR + * PAM_TRY_AGAIN + */ + +/** + * The =openpam_subst function expands a string, substituting PAM item + * values for all occurrences of specific substitution codes. + * The =template argument points to the initial string. + * The result is stored in the buffer pointed to by the =buf argument; the + * =bufsize argument specifies the size of that buffer. + * The actual size of the resulting string, including the terminating NUL + * character, is stored in the location pointed to by the =bufsize + * argument. + * + * If =buf is NULL, or if the buffer is too small to hold the expanded + * string, =bufsize is updated to reflect the amount of space required to + * hold the entire string, and =openpam_subst returns =PAM_TRY_AGAIN. + * + * If =openpam_subst fails for any other reason, the =bufsize argument is + * untouched, but part of the buffer may still have been overwritten. + * + * Substitution codes are introduced by a percent character and correspond + * to PAM items: + * + * %H: + * Replaced by the current value of the =PAM_RHOST item. + * %h: + * Replaced by the current value of the =PAM_HOST item. + * %s: + * Replaced by the current value of the =PAM_SERVICE item. + * %t: + * Replaced by the current value of the =PAM_TTY item. + * %U: + * Replaced by the current value of the =PAM_RUSER item. + * %u: + * Replaced by the current value of the =PAM_USER item. + * + * >pam_get_authtok + * >pam_get_item + * >pam_get_user + * + * AUTHOR DES + */ diff --git a/lib/openpam_ttyconv.c b/lib/openpam_ttyconv.c index a6820b9..ec078f4 100644 --- a/lib/openpam_ttyconv.c +++ b/lib/openpam_ttyconv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ttyconv.c 408 2007-12-21 11:36:24Z des $ + * $Id: openpam_ttyconv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -211,7 +215,7 @@ openpam_ttyconv(int n, } *resp = aresp; RETURNC(PAM_SUCCESS); - fail: +fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { memset(aresp[i].resp, 0, strlen(aresp[i].resp)); diff --git a/lib/pam_acct_mgmt.c b/lib/pam_acct_mgmt.c index 0088ecf..49c34ab 100644 --- a/lib/pam_acct_mgmt.c +++ b/lib/pam_acct_mgmt.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_acct_mgmt.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_authenticate.c b/lib/pam_authenticate.c index 3b5a78d..fc6c20f 100644 --- a/lib/pam_authenticate.c +++ b/lib/pam_authenticate.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_authenticate.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_authenticate.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_authenticate_secondary.c b/lib/pam_authenticate_secondary.c index 27e3ce7..1a57313 100644 --- a/lib/pam_authenticate_secondary.c +++ b/lib/pam_authenticate_secondary.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_authenticate_secondary.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include /* diff --git a/lib/pam_chauthtok.c b/lib/pam_chauthtok.c index ecf1063..1750b0f 100644 --- a/lib/pam_chauthtok.c +++ b/lib/pam_chauthtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_chauthtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_chauthtok.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_close_session.c b/lib/pam_close_session.c index ab50e35..9e63a1d 100644 --- a/lib/pam_close_session.c +++ b/lib/pam_close_session.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_close_session.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_close_session.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_end.c b/lib/pam_end.c index 80baf8a..09cde35 100644 --- a/lib/pam_end.c +++ b/lib/pam_end.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_end.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_end.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_error.c b/lib/pam_error.c index f42a6b5..1e0de5b 100644 --- a/lib/pam_error.c +++ b/lib/pam_error.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_error.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_error.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include diff --git a/lib/pam_get_authtok.c b/lib/pam_get_authtok.c index 2a974c9..a0613ef 100644 --- a/lib/pam_get_authtok.c +++ b/lib/pam_get_authtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_authtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_authtok.c 455 2011-10-29 18:31:11Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -61,8 +65,10 @@ pam_get_authtok(pam_handle_t *pamh, const char **authtok, const char *prompt) { + char prompt_buf[1024]; + size_t prompt_size; const void *oldauthtok, *prevauthtok, *promptp; - const char *default_prompt; + const char *prompt_option, *default_prompt; char *resp, *resp2; int pitem, r, style, twice; @@ -74,6 +80,7 @@ pam_get_authtok(pam_handle_t *pamh, switch (item) { case PAM_AUTHTOK: pitem = PAM_AUTHTOK_PROMPT; + prompt_option = "authtok_prompt"; default_prompt = authtok_prompt; r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); if (r == PAM_SUCCESS && oldauthtok != NULL) { @@ -83,6 +90,7 @@ pam_get_authtok(pam_handle_t *pamh, break; case PAM_OLDAUTHTOK: pitem = PAM_OLDAUTHTOK_PROMPT; + prompt_option = "oldauthtok_prompt"; default_prompt = oldauthtok_prompt; twice = 0; break; @@ -99,13 +107,21 @@ pam_get_authtok(pam_handle_t *pamh, else if (openpam_get_option(pamh, "use_first_pass")) RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); } - if (prompt == NULL) { - r = pam_get_item(pamh, pitem, &promptp); - if (r != PAM_SUCCESS || promptp == NULL) - prompt = default_prompt; - else + /* pam policy overrides the module's choice */ + if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL) + prompt = promptp; + /* no prompt provided, see if there is one tucked away somewhere */ + if (prompt == NULL) + if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL) prompt = promptp; - } + /* fall back to hardcoded default */ + if (prompt == NULL) + prompt = default_prompt; + /* expand */ + prompt_size = sizeof prompt_buf; + r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt); + if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf) + prompt = prompt_buf; style = openpam_get_option(pamh, "echo_pass") ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; r = pam_prompt(pamh, style, &resp, "%s", prompt); @@ -160,6 +176,13 @@ pam_get_authtok(pam_handle_t *pamh, * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, * as appropriate, will be used. * If that item is also =NULL, a hardcoded default prompt will be used. + * Either way, the prompt is expanded using =openpam_subst before it is + * passed to the conversation function. + * + * If =pam_get_authtok is called from a module and the ;authtok_prompt / + * ;oldauthtok_prompt option is set in the policy file, the value of that + * option takes precedence over both the =prompt argument and the + * =PAM_AUTHTOK_PROMPT / =PAM_OLDAUTHTOK_PROMPT item. * * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK * item, =pam_get_authtok will ask the user to confirm the new token by @@ -168,4 +191,5 @@ pam_get_authtok(pam_handle_t *pamh, * * >pam_get_item * >pam_get_user + * >openpam_subst */ diff --git a/lib/pam_get_data.c b/lib/pam_get_data.c index 0cceef0..1a8ba1d 100644 --- a/lib/pam_get_data.c +++ b/lib/pam_get_data.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_data.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_data.c 444 2011-10-22 01:03:23Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -80,6 +84,7 @@ pam_get_data(const pam_handle_t *pamh, * context specified by the =pamh argument. * A pointer to the object is stored in the location pointed to by the * =data argument. + * If =pam_get_data fails, the =data argument is untouched. * * This function and its counterpart =pam_set_data are useful for managing * data that are meaningful only to a particular service module. diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c index 9f127be..95b9df6 100644 --- a/lib/pam_get_item.c +++ b/lib/pam_get_item.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,31 +32,19 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_item.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_item.c 491 2011-11-12 00:12:32Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include "openpam_impl.h" -const char *_pam_item_name[PAM_NUM_ITEMS] = { - "(NO ITEM)", - "PAM_SERVICE", - "PAM_USER", - "PAM_TTY", - "PAM_RHOST", - "PAM_CONV", - "PAM_AUTHTOK", - "PAM_OLDAUTHTOK", - "PAM_RUSER", - "PAM_USER_PROMPT", - "PAM_REPOSITORY", - "PAM_AUTHTOK_PROMPT", - "PAM_OLDAUTHTOK_PROMPT" -}; - /* * XSSO 4.2.1 * XSSO 6 page 46 @@ -83,9 +71,10 @@ pam_get_item(const pam_handle_t *pamh, case PAM_RUSER: case PAM_CONV: case PAM_USER_PROMPT: + case PAM_REPOSITORY: case PAM_AUTHTOK_PROMPT: case PAM_OLDAUTHTOK_PROMPT: - case PAM_REPOSITORY: + case PAM_HOST: *item = pamh->item[item_type]; RETURNC(PAM_SUCCESS); default: @@ -102,10 +91,12 @@ pam_get_item(const pam_handle_t *pamh, /** * The =pam_get_item function stores a pointer to the item specified by - * the =item_type argument in the location specified by the =item + * the =item_type argument in the location pointed to by the =item * argument. * The item is retrieved from the PAM context specified by the =pamh * argument. + * If =pam_get_item fails, the =item argument is untouched. + * * The following item types are recognized: * * =PAM_SERVICE: @@ -135,6 +126,8 @@ pam_get_item(const pam_handle_t *pamh, * =PAM_OLDAUTHTOK_PROMPT: * The prompt to use when asking the applicant for an * expired authentication token prior to changing it. + * =PAM_HOST: + * The name of the host the application runs on. * * See =pam_start for a description of =struct pam_conv. * diff --git a/lib/pam_get_mapped_authtok.c b/lib/pam_get_mapped_authtok.c index c49a918..54ff6c3 100644 --- a/lib/pam_get_mapped_authtok.c +++ b/lib/pam_get_mapped_authtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_mapped_authtok.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include /* diff --git a/lib/pam_get_mapped_username.c b/lib/pam_get_mapped_username.c index 359baee..4f8ac17 100644 --- a/lib/pam_get_mapped_username.c +++ b/lib/pam_get_mapped_username.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_mapped_username.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include /* diff --git a/lib/pam_get_user.c b/lib/pam_get_user.c index 115a3ea..53245b9 100644 --- a/lib/pam_get_user.c +++ b/lib/pam_get_user.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_user.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_get_user.c 455 2011-10-29 18:31:11Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -58,6 +62,8 @@ pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) { + char prompt_buf[1024]; + size_t prompt_size; const void *promptp; char *resp; int r; @@ -68,13 +74,22 @@ pam_get_user(pam_handle_t *pamh, r = pam_get_item(pamh, PAM_USER, (const void **)user); if (r == PAM_SUCCESS && *user != NULL) RETURNC(PAM_SUCCESS); - if (prompt == NULL) { - r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp); - if (r != PAM_SUCCESS || promptp == NULL) - prompt = user_prompt; - else + /* pam policy overrides the module's choice */ + if ((promptp = openpam_get_option(pamh, "user_prompt")) != NULL) + prompt = promptp; + /* no prompt provided, see if there is one tucked away somewhere */ + if (prompt == NULL) + if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) && + promptp != NULL) prompt = promptp; - } + /* fall back to hardcoded default */ + if (prompt == NULL) + prompt = user_prompt; + /* expand */ + prompt_size = sizeof prompt_buf; + r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt); + if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf) + prompt = prompt_buf; r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); if (r != PAM_SUCCESS) RETURNC(r); @@ -105,9 +120,16 @@ pam_get_user(pam_handle_t *pamh, * * The =prompt argument specifies a prompt to use if no user name is * cached. - * If it is =NULL, the =PAM_USER_PROMPT will be used. + * If it is =NULL, the =PAM_USER_PROMPT item will be used. * If that item is also =NULL, a hardcoded default prompt will be used. + * Either way, the prompt is expanded using =openpam_subst before it is + * passed to the conversation function. + * + * If =pam_get_user is called from a module and the ;user_prompt option is + * set in the policy file, the value of that option takes precedence over + * both the =prompt argument and the =PAM_USER_PROMPT item. * * >pam_get_item * >pam_get_authtok + * >openpam_subst */ diff --git a/lib/pam_getenv.c b/lib/pam_getenv.c index f2d7910..e2ebf57 100644 --- a/lib/pam_getenv.c +++ b/lib/pam_getenv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_getenv.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_getenv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_getenvlist.c b/lib/pam_getenvlist.c index c0e128a..06c003f 100644 --- a/lib/pam_getenvlist.c +++ b/lib/pam_getenvlist.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_getenvlist.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_getenvlist.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_info.c b/lib/pam_info.c index 2e4dbc7..7e51dbf 100644 --- a/lib/pam_info.c +++ b/lib/pam_info.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_info.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_info.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include diff --git a/lib/pam_open_session.c b/lib/pam_open_session.c index f8d6eca..36c59b0 100644 --- a/lib/pam_open_session.c +++ b/lib/pam_open_session.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_open_session.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_open_session.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_prompt.c b/lib/pam_prompt.c index 76da55f..194e765 100644 --- a/lib/pam_prompt.c +++ b/lib/pam_prompt.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_prompt.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_prompt.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_putenv.c b/lib/pam_putenv.c index 79d6228..369066d 100644 --- a/lib/pam_putenv.c +++ b/lib/pam_putenv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_putenv.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_putenv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_set_data.c b/lib/pam_set_data.c index 963de92..a8de632 100644 --- a/lib/pam_set_data.c +++ b/lib/pam_set_data.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_set_data.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_set_data.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_set_item.c b/lib/pam_set_item.c index 9b60618..05d538f 100644 --- a/lib/pam_set_item.c +++ b/lib/pam_set_item.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_set_item.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_set_item.c 496 2011-11-21 16:20:45Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -66,6 +70,10 @@ pam_set_item(pam_handle_t *pamh, osize = nsize = 0; switch (item_type) { case PAM_SERVICE: + /* set once only, by pam_start() */ + if (*slot != NULL) + RETURNC(PAM_SYSTEM_ERR); + /* fall through */ case PAM_USER: case PAM_AUTHTOK: case PAM_OLDAUTHTOK: @@ -75,6 +83,7 @@ pam_set_item(pam_handle_t *pamh, case PAM_USER_PROMPT: case PAM_AUTHTOK_PROMPT: case PAM_OLDAUTHTOK_PROMPT: + case PAM_HOST: if (*slot != NULL) osize = strlen(*slot) + 1; if (item != NULL) diff --git a/lib/pam_set_mapped_authtok.c b/lib/pam_set_mapped_authtok.c index 01ad255..d8db84f 100644 --- a/lib/pam_set_mapped_authtok.c +++ b/lib/pam_set_mapped_authtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_set_mapped_authtok.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include /* diff --git a/lib/pam_set_mapped_username.c b/lib/pam_set_mapped_username.c index ae3619b..4b8f815 100644 --- a/lib/pam_set_mapped_username.c +++ b/lib/pam_set_mapped_username.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_set_mapped_username.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include /* diff --git a/lib/pam_setcred.c b/lib/pam_setcred.c index 80eb468..51fb081 100644 --- a/lib/pam_setcred.c +++ b/lib/pam_setcred.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_setcred.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_setcred.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_setenv.c b/lib/pam_setenv.c index e73f6b5..fbe6a8f 100644 --- a/lib/pam_setenv.c +++ b/lib/pam_setenv.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_setenv.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_setenv.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include diff --git a/lib/pam_sm_acct_mgmt.c b/lib/pam_sm_acct_mgmt.c index a57e86a..f5c14cf 100644 --- a/lib/pam_sm_acct_mgmt.c +++ b/lib/pam_sm_acct_mgmt.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_acct_mgmt.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_authenticate.c b/lib/pam_sm_authenticate.c index 7f4bb1c..97851af 100644 --- a/lib/pam_sm_authenticate.c +++ b/lib/pam_sm_authenticate.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_authenticate.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_authenticate.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_authenticate_secondary.c b/lib/pam_sm_authenticate_secondary.c index bde0366..3f3f6bd 100644 --- a/lib/pam_sm_authenticate_secondary.c +++ b/lib/pam_sm_authenticate_secondary.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_authenticate_secondary.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_chauthtok.c b/lib/pam_sm_chauthtok.c index 2c41d6d..593344c 100644 --- a/lib/pam_sm_chauthtok.c +++ b/lib/pam_sm_chauthtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_chauthtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_chauthtok.c 466 2011-11-02 23:33:43Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include @@ -80,4 +84,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, /** * The =pam_sm_chauthtok function is the service module's implementation * of the =pam_chauthtok API function. + * + * When the application calls =pam_chauthtok, the service function is + * called twice, first with the =PAM_PRELIM_CHECK flag set and then again + * with the =PAM_UPDATE_AUTHTOK flag set. */ diff --git a/lib/pam_sm_close_session.c b/lib/pam_sm_close_session.c index 25cee92..290f497 100644 --- a/lib/pam_sm_close_session.c +++ b/lib/pam_sm_close_session.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_close_session.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_close_session.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_get_mapped_authtok.c b/lib/pam_sm_get_mapped_authtok.c index 9d85d5f..e86e6e5 100644 --- a/lib/pam_sm_get_mapped_authtok.c +++ b/lib/pam_sm_get_mapped_authtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_get_mapped_authtok.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_get_mapped_username.c b/lib/pam_sm_get_mapped_username.c index ee4d250..596ca6c 100644 --- a/lib/pam_sm_get_mapped_username.c +++ b/lib/pam_sm_get_mapped_username.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_get_mapped_username.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_open_session.c b/lib/pam_sm_open_session.c index bfe0794..acb401a 100644 --- a/lib/pam_sm_open_session.c +++ b/lib/pam_sm_open_session.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_open_session.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_open_session.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_set_mapped_authtok.c b/lib/pam_sm_set_mapped_authtok.c index 54fd370..dab40fd 100644 --- a/lib/pam_sm_set_mapped_authtok.c +++ b/lib/pam_sm_set_mapped_authtok.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_set_mapped_authtok.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_set_mapped_username.c b/lib/pam_sm_set_mapped_username.c index 0239dbb..3011016 100644 --- a/lib/pam_sm_set_mapped_username.c +++ b/lib/pam_sm_set_mapped_username.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_set_mapped_username.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_sm_setcred.c b/lib/pam_sm_setcred.c index 4d472b3..0d30683 100644 --- a/lib/pam_sm_setcred.c +++ b/lib/pam_sm_setcred.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_sm_setcred.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_sm_setcred.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_start.c b/lib/pam_start.c index ee6468b..84e0085 100644 --- a/lib/pam_start.c +++ b/lib/pam_start.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,14 +32,27 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_start.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_start.c 503 2011-12-18 14:00:33Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include +#include +#include #include #include "openpam_impl.h" +#include "openpam_strlcpy.h" + +#ifdef _SC_HOST_NAME_MAX +#define HOST_NAME_MAX sysconf(_SC_HOST_NAME_MAX) +#else +#define HOST_NAME_MAX 1024 +#endif /* * XSSO 4.2.1 @@ -54,6 +67,7 @@ pam_start(const char *service, const struct pam_conv *pam_conv, pam_handle_t **pamh) { + char hostname[HOST_NAME_MAX + 1]; struct pam_handle *ph; int r; @@ -62,20 +76,20 @@ pam_start(const char *service, RETURNC(PAM_BUF_ERR); if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) goto fail; + if (gethostname(hostname, sizeof hostname) != 0) + strlcpy(hostname, "localhost", sizeof hostname); + if ((r = pam_set_item(ph, PAM_HOST, hostname)) != PAM_SUCCESS) + goto fail; if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) goto fail; if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) goto fail; - - r = openpam_configure(ph, service); - if (r != PAM_SUCCESS) + if ((r = openpam_configure(ph, service)) != PAM_SUCCESS) goto fail; - *pamh = ph; openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); RETURNC(PAM_SUCCESS); - - fail: +fail: pam_end(ph, r); RETURNC(r); } diff --git a/lib/pam_strerror.c b/lib/pam_strerror.c index 24498c4..e29219d 100644 --- a/lib/pam_strerror.c +++ b/lib/pam_strerror.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,48 +32,19 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_strerror.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_strerror.c 491 2011-11-12 00:12:32Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include "openpam_impl.h" -const char *_pam_err_name[PAM_NUM_ERRORS] = { - "PAM_SUCCESS", - "PAM_OPEN_ERR", - "PAM_SYMBOL_ERR", - "PAM_SERVICE_ERR", - "PAM_SYSTEM_ERR", - "PAM_BUF_ERR", - "PAM_CONV_ERR", - "PAM_PERM_DENIED", - "PAM_MAXTRIES", - "PAM_AUTH_ERR", - "PAM_NEW_AUTHTOK_REQD", - "PAM_CRED_INSUFFICIENT", - "PAM_AUTHINFO_UNAVAIL", - "PAM_USER_UNKNOWN", - "PAM_CRED_UNAVAIL", - "PAM_CRED_EXPIRED", - "PAM_CRED_ERR", - "PAM_ACCT_EXPIRED", - "PAM_AUTHTOK_EXPIRED", - "PAM_SESSION_ERR", - "PAM_AUTHTOK_ERR", - "PAM_AUTHTOK_RECOVERY_ERR", - "PAM_AUTHTOK_LOCK_BUSY", - "PAM_AUTHTOK_DISABLE_AGING", - "PAM_NO_MODULE_DATA", - "PAM_IGNORE", - "PAM_ABORT", - "PAM_TRY_AGAIN", - "PAM_MODULE_UNKNOWN", - "PAM_DOMAIN_UNKNOWN" -}; - /* * XSSO 4.2.1 * XSSO 6 page 92 @@ -159,6 +130,8 @@ pam_strerror(const pam_handle_t *pamh, /** * The =pam_strerror function returns a pointer to a string containing a * textual description of the error indicated by the =error_number - * argument, in the context of the PAM transaction described by the =pamh * argument. + * The =pamh argument is ignored. + * For compatibility with other implementations, it should be either a + * valid PAM handle returned by a previous call to =pam_start, or =NULL. */ diff --git a/lib/pam_verror.c b/lib/pam_verror.c index 0b128d1..9ed85b6 100644 --- a/lib/pam_verror.c +++ b/lib/pam_verror.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_verror.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_verror.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_vinfo.c b/lib/pam_vinfo.c index 5282714..95f45f4 100644 --- a/lib/pam_vinfo.c +++ b/lib/pam_vinfo.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_vinfo.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_vinfo.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include diff --git a/lib/pam_vprompt.c b/lib/pam_vprompt.c index e1215c3..1e390e0 100644 --- a/lib/pam_vprompt.c +++ b/lib/pam_vprompt.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,9 +32,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_vprompt.c 408 2007-12-21 11:36:24Z des $ + * $Id: pam_vprompt.c 437 2011-09-13 12:00:13Z des $ */ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include -- cgit v1.1