From 646ea20decc87530f871e5c56e96980c93fcf391 Mon Sep 17 00:00:00 2001 From: des Date: Sat, 13 Dec 2008 22:45:22 +0000 Subject: Flatten and clean up. --- lib/Makefile.am | 76 +++ lib/Makefile.in | 892 ++++++++++++++++++++++++++++++++++++ lib/openpam_borrow_cred.c | 121 +++++ lib/openpam_configure.c | 340 ++++++++++++++ lib/openpam_dispatch.c | 240 ++++++++++ lib/openpam_dynamic.c | 110 +++++ lib/openpam_findenv.c | 69 +++ lib/openpam_free_data.c | 72 +++ lib/openpam_free_envlist.c | 66 +++ lib/openpam_get_option.c | 83 ++++ lib/openpam_impl.h | 200 ++++++++ lib/openpam_load.c | 153 +++++++ lib/openpam_log.c | 158 +++++++ lib/openpam_nullconv.c | 86 ++++ lib/openpam_readline.c | 155 +++++++ lib/openpam_restore_cred.c | 94 ++++ lib/openpam_set_option.c | 119 +++++ lib/openpam_static.c | 70 +++ lib/openpam_ttyconv.c | 248 ++++++++++ lib/pam_acct_mgmt.c | 84 ++++ lib/pam_authenticate.c | 92 ++++ lib/pam_authenticate_secondary.c | 63 +++ lib/pam_chauthtok.c | 93 ++++ lib/pam_close_session.c | 85 ++++ lib/pam_end.c | 102 +++++ lib/pam_error.c | 85 ++++ lib/pam_get_authtok.c | 171 +++++++ lib/pam_get_data.c | 86 ++++ lib/pam_get_item.c | 142 ++++++ lib/pam_get_mapped_authtok.c | 62 +++ lib/pam_get_mapped_username.c | 63 +++ lib/pam_get_user.c | 113 +++++ lib/pam_getenv.c | 83 ++++ lib/pam_getenvlist.c | 106 +++++ lib/pam_info.c | 85 ++++ lib/pam_open_session.c | 86 ++++ lib/pam_prompt.c | 90 ++++ lib/pam_putenv.c | 108 +++++ lib/pam_set_data.c | 104 +++++ lib/pam_set_item.c | 120 +++++ lib/pam_set_mapped_authtok.c | 62 +++ lib/pam_set_mapped_username.c | 63 +++ lib/pam_setcred.c | 95 ++++ lib/pam_setenv.c | 98 ++++ lib/pam_sm_acct_mgmt.c | 81 ++++ lib/pam_sm_authenticate.c | 82 ++++ lib/pam_sm_authenticate_secondary.c | 68 +++ lib/pam_sm_chauthtok.c | 83 ++++ lib/pam_sm_close_session.c | 78 ++++ lib/pam_sm_get_mapped_authtok.c | 67 +++ lib/pam_sm_get_mapped_username.c | 68 +++ lib/pam_sm_open_session.c | 78 ++++ lib/pam_sm_set_mapped_authtok.c | 67 +++ lib/pam_sm_set_mapped_username.c | 65 +++ lib/pam_sm_setcred.c | 82 ++++ lib/pam_start.c | 108 +++++ lib/pam_strerror.c | 164 +++++++ lib/pam_verror.c | 80 ++++ lib/pam_vinfo.c | 80 ++++ lib/pam_vprompt.c | 129 ++++++ 60 files changed, 7073 insertions(+) create mode 100644 lib/Makefile.am create mode 100644 lib/Makefile.in create mode 100644 lib/openpam_borrow_cred.c create mode 100644 lib/openpam_configure.c create mode 100644 lib/openpam_dispatch.c create mode 100644 lib/openpam_dynamic.c create mode 100644 lib/openpam_findenv.c create mode 100644 lib/openpam_free_data.c create mode 100644 lib/openpam_free_envlist.c create mode 100644 lib/openpam_get_option.c create mode 100644 lib/openpam_impl.h create mode 100644 lib/openpam_load.c create mode 100644 lib/openpam_log.c create mode 100644 lib/openpam_nullconv.c create mode 100644 lib/openpam_readline.c create mode 100644 lib/openpam_restore_cred.c create mode 100644 lib/openpam_set_option.c create mode 100644 lib/openpam_static.c create mode 100644 lib/openpam_ttyconv.c create mode 100644 lib/pam_acct_mgmt.c create mode 100644 lib/pam_authenticate.c create mode 100644 lib/pam_authenticate_secondary.c create mode 100644 lib/pam_chauthtok.c create mode 100644 lib/pam_close_session.c create mode 100644 lib/pam_end.c create mode 100644 lib/pam_error.c create mode 100644 lib/pam_get_authtok.c create mode 100644 lib/pam_get_data.c create mode 100644 lib/pam_get_item.c create mode 100644 lib/pam_get_mapped_authtok.c create mode 100644 lib/pam_get_mapped_username.c create mode 100644 lib/pam_get_user.c create mode 100644 lib/pam_getenv.c create mode 100644 lib/pam_getenvlist.c create mode 100644 lib/pam_info.c create mode 100644 lib/pam_open_session.c create mode 100644 lib/pam_prompt.c create mode 100644 lib/pam_putenv.c create mode 100644 lib/pam_set_data.c create mode 100644 lib/pam_set_item.c create mode 100644 lib/pam_set_mapped_authtok.c create mode 100644 lib/pam_set_mapped_username.c create mode 100644 lib/pam_setcred.c create mode 100644 lib/pam_setenv.c create mode 100644 lib/pam_sm_acct_mgmt.c create mode 100644 lib/pam_sm_authenticate.c create mode 100644 lib/pam_sm_authenticate_secondary.c create mode 100644 lib/pam_sm_chauthtok.c create mode 100644 lib/pam_sm_close_session.c create mode 100644 lib/pam_sm_get_mapped_authtok.c create mode 100644 lib/pam_sm_get_mapped_username.c create mode 100644 lib/pam_sm_open_session.c create mode 100644 lib/pam_sm_set_mapped_authtok.c create mode 100644 lib/pam_sm_set_mapped_username.c create mode 100644 lib/pam_sm_setcred.c create mode 100644 lib/pam_start.c create mode 100644 lib/pam_strerror.c create mode 100644 lib/pam_verror.c create mode 100644 lib/pam_vinfo.c create mode 100644 lib/pam_vprompt.c (limited to 'lib') diff --git a/lib/Makefile.am b/lib/Makefile.am new file mode 100644 index 0000000..c748079 --- /dev/null +++ b/lib/Makefile.am @@ -0,0 +1,76 @@ +# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ + +NULL = + +INCLUDES = -I$(top_srcdir)/include + +lib_LTLIBRARIES = libpam.la + +noinst_HEADERS = openpam_impl.h + +libpam_la_SOURCES = \ + openpam_borrow_cred.c \ + openpam_configure.c \ + openpam_dispatch.c \ + openpam_dynamic.c \ + openpam_findenv.c \ + openpam_free_data.c \ + openpam_free_envlist.c \ + openpam_get_option.c \ + openpam_load.c \ + openpam_log.c \ + openpam_nullconv.c \ + openpam_readline.c \ + openpam_restore_cred.c \ + openpam_set_option.c \ + openpam_static.c \ + openpam_ttyconv.c \ + pam_acct_mgmt.c \ + pam_authenticate.c \ + pam_chauthtok.c \ + pam_close_session.c \ + pam_end.c \ + pam_error.c \ + pam_get_authtok.c \ + pam_get_data.c \ + pam_get_item.c \ + pam_get_user.c \ + pam_getenv.c \ + pam_getenvlist.c \ + pam_info.c \ + pam_open_session.c \ + pam_prompt.c \ + pam_putenv.c \ + pam_set_data.c \ + pam_set_item.c \ + pam_setcred.c \ + pam_setenv.c \ + pam_start.c \ + pam_strerror.c \ + pam_verror.c \ + pam_vinfo.c \ + pam_vprompt.c \ + $(NULL) + +libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' + +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ + +EXTRA_DIST = \ + pam_authenticate_secondary.c \ + pam_get_mapped_authtok.c \ + pam_get_mapped_username.c \ + pam_set_mapped_authtok.c \ + pam_set_mapped_username.c \ + \ + pam_sm_acct_mgmt.c \ + pam_sm_authenticate.c \ + pam_sm_authenticate_secondary.c \ + pam_sm_chauthtok.c \ + pam_sm_close_session.c \ + pam_sm_get_mapped_authtok.c \ + pam_sm_get_mapped_username.c \ + pam_sm_open_session.c \ + pam_sm_set_mapped_authtok.c \ + pam_sm_set_mapped_username.c \ + pam_sm_setcred.c diff --git a/lib/Makefile.in b/lib/Makefile.in new file mode 100644 index 0000000..f1ab0ad --- /dev/null +++ b/lib/Makefile.in @@ -0,0 +1,892 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 395 2007-06-03 20:26:18Z des $ + + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = lib +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(libdir)" +libLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(lib_LTLIBRARIES) +libpam_la_LIBADD = +am__objects_1 = +am_libpam_la_OBJECTS = libpam_la-openpam_borrow_cred.lo \ + libpam_la-openpam_configure.lo libpam_la-openpam_dispatch.lo \ + libpam_la-openpam_dynamic.lo libpam_la-openpam_findenv.lo \ + libpam_la-openpam_free_data.lo \ + libpam_la-openpam_free_envlist.lo \ + libpam_la-openpam_get_option.lo libpam_la-openpam_load.lo \ + libpam_la-openpam_log.lo libpam_la-openpam_nullconv.lo \ + libpam_la-openpam_readline.lo \ + libpam_la-openpam_restore_cred.lo \ + libpam_la-openpam_set_option.lo libpam_la-openpam_static.lo \ + libpam_la-openpam_ttyconv.lo libpam_la-pam_acct_mgmt.lo \ + libpam_la-pam_authenticate.lo libpam_la-pam_chauthtok.lo \ + libpam_la-pam_close_session.lo libpam_la-pam_end.lo \ + libpam_la-pam_error.lo libpam_la-pam_get_authtok.lo \ + libpam_la-pam_get_data.lo libpam_la-pam_get_item.lo \ + libpam_la-pam_get_user.lo libpam_la-pam_getenv.lo \ + libpam_la-pam_getenvlist.lo libpam_la-pam_info.lo \ + libpam_la-pam_open_session.lo libpam_la-pam_prompt.lo \ + libpam_la-pam_putenv.lo libpam_la-pam_set_data.lo \ + libpam_la-pam_set_item.lo libpam_la-pam_setcred.lo \ + libpam_la-pam_setenv.lo libpam_la-pam_start.lo \ + libpam_la-pam_strerror.lo libpam_la-pam_verror.lo \ + libpam_la-pam_vinfo.lo libpam_la-pam_vprompt.lo \ + $(am__objects_1) +libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SOURCES = $(libpam_la_SOURCES) +DIST_SOURCES = $(libpam_la_SOURCES) +HEADERS = $(noinst_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DL_LIBS = @DL_LIBS@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +WITH_DOC_FALSE = @WITH_DOC_FALSE@ +WITH_DOC_TRUE = @WITH_DOC_TRUE@ +WITH_PAM_UNIX_FALSE = @WITH_PAM_UNIX_FALSE@ +WITH_PAM_UNIX_TRUE = @WITH_PAM_UNIX_TRUE@ +WITH_SU_FALSE = @WITH_SU_FALSE@ +WITH_SU_TRUE = @WITH_SU_TRUE@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +NULL = +INCLUDES = -I$(top_srcdir)/include +lib_LTLIBRARIES = libpam.la +noinst_HEADERS = openpam_impl.h +libpam_la_SOURCES = \ + openpam_borrow_cred.c \ + openpam_configure.c \ + openpam_dispatch.c \ + openpam_dynamic.c \ + openpam_findenv.c \ + openpam_free_data.c \ + openpam_free_envlist.c \ + openpam_get_option.c \ + openpam_load.c \ + openpam_log.c \ + openpam_nullconv.c \ + openpam_readline.c \ + openpam_restore_cred.c \ + openpam_set_option.c \ + openpam_static.c \ + openpam_ttyconv.c \ + pam_acct_mgmt.c \ + pam_authenticate.c \ + pam_chauthtok.c \ + pam_close_session.c \ + pam_end.c \ + pam_error.c \ + pam_get_authtok.c \ + pam_get_data.c \ + pam_get_item.c \ + pam_get_user.c \ + pam_getenv.c \ + pam_getenvlist.c \ + pam_info.c \ + pam_open_session.c \ + pam_prompt.c \ + pam_putenv.c \ + pam_set_data.c \ + pam_set_item.c \ + pam_setcred.c \ + pam_setenv.c \ + pam_start.c \ + pam_strerror.c \ + pam_verror.c \ + pam_vinfo.c \ + pam_vprompt.c \ + $(NULL) + +libpam_la_CFLAGS = -DOPENPAM_MODULES_DIR='"@OPENPAM_MODULES_DIR@/"' +libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@ @DL_LIBS@ +EXTRA_DIST = \ + pam_authenticate_secondary.c \ + pam_get_mapped_authtok.c \ + pam_get_mapped_username.c \ + pam_set_mapped_authtok.c \ + pam_set_mapped_username.c \ + \ + pam_sm_acct_mgmt.c \ + pam_sm_authenticate.c \ + pam_sm_authenticate_secondary.c \ + pam_sm_chauthtok.c \ + pam_sm_close_session.c \ + pam_sm_get_mapped_authtok.c \ + pam_sm_get_mapped_username.c \ + pam_sm_open_session.c \ + pam_sm_set_mapped_authtok.c \ + pam_sm_set_mapped_username.c \ + pam_sm_setcred.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + else :; fi; \ + done + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ + $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libpam_la_LDFLAGS) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_configure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dispatch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_dynamic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_findenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_free_envlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_get_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_load.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_nullconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_readline.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_restore_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_set_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_static.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-openpam_ttyconv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_authenticate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_chauthtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_close_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_end.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_authtok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_get_user.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_getenvlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_open_session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_prompt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_putenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_set_item.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setcred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_setenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_start.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_strerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_verror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpam_la-pam_vprompt.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +libpam_la-openpam_borrow_cred.lo: openpam_borrow_cred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_borrow_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_borrow_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_borrow_cred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_borrow_cred.c' object='libpam_la-openpam_borrow_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_borrow_cred.lo `test -f 'openpam_borrow_cred.c' || echo '$(srcdir)/'`openpam_borrow_cred.c + +libpam_la-openpam_configure.lo: openpam_configure.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_configure.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_configure.Tpo" -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo" "$(DEPDIR)/libpam_la-openpam_configure.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_configure.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_configure.c' object='libpam_la-openpam_configure.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_configure.lo `test -f 'openpam_configure.c' || echo '$(srcdir)/'`openpam_configure.c + +libpam_la-openpam_dispatch.lo: openpam_dispatch.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dispatch.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo" "$(DEPDIR)/libpam_la-openpam_dispatch.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dispatch.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dispatch.c' object='libpam_la-openpam_dispatch.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dispatch.lo `test -f 'openpam_dispatch.c' || echo '$(srcdir)/'`openpam_dispatch.c + +libpam_la-openpam_dynamic.lo: openpam_dynamic.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_dynamic.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo" "$(DEPDIR)/libpam_la-openpam_dynamic.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_dynamic.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_dynamic.c' object='libpam_la-openpam_dynamic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_dynamic.lo `test -f 'openpam_dynamic.c' || echo '$(srcdir)/'`openpam_dynamic.c + +libpam_la-openpam_findenv.lo: openpam_findenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_findenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo" "$(DEPDIR)/libpam_la-openpam_findenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_findenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_findenv.c' object='libpam_la-openpam_findenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_findenv.lo `test -f 'openpam_findenv.c' || echo '$(srcdir)/'`openpam_findenv.c + +libpam_la-openpam_free_data.lo: openpam_free_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo" "$(DEPDIR)/libpam_la-openpam_free_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_data.c' object='libpam_la-openpam_free_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_data.lo `test -f 'openpam_free_data.c' || echo '$(srcdir)/'`openpam_free_data.c + +libpam_la-openpam_free_envlist.lo: openpam_free_envlist.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_free_envlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo" "$(DEPDIR)/libpam_la-openpam_free_envlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_free_envlist.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_free_envlist.c' object='libpam_la-openpam_free_envlist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_free_envlist.lo `test -f 'openpam_free_envlist.c' || echo '$(srcdir)/'`openpam_free_envlist.c + +libpam_la-openpam_get_option.lo: openpam_get_option.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_get_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo" "$(DEPDIR)/libpam_la-openpam_get_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_get_option.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_get_option.c' object='libpam_la-openpam_get_option.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_get_option.lo `test -f 'openpam_get_option.c' || echo '$(srcdir)/'`openpam_get_option.c + +libpam_la-openpam_load.lo: openpam_load.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_load.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_load.Tpo" -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_load.Tpo" "$(DEPDIR)/libpam_la-openpam_load.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_load.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_load.c' object='libpam_la-openpam_load.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_load.lo `test -f 'openpam_load.c' || echo '$(srcdir)/'`openpam_load.c + +libpam_la-openpam_log.lo: openpam_log.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_log.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_log.Tpo" -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_log.Tpo" "$(DEPDIR)/libpam_la-openpam_log.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_log.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_log.c' object='libpam_la-openpam_log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_log.lo `test -f 'openpam_log.c' || echo '$(srcdir)/'`openpam_log.c + +libpam_la-openpam_nullconv.lo: openpam_nullconv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_nullconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo" "$(DEPDIR)/libpam_la-openpam_nullconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_nullconv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_nullconv.c' object='libpam_la-openpam_nullconv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_nullconv.lo `test -f 'openpam_nullconv.c' || echo '$(srcdir)/'`openpam_nullconv.c + +libpam_la-openpam_readline.lo: openpam_readline.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_readline.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_readline.Tpo" -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo" "$(DEPDIR)/libpam_la-openpam_readline.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_readline.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_readline.c' object='libpam_la-openpam_readline.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_readline.lo `test -f 'openpam_readline.c' || echo '$(srcdir)/'`openpam_readline.c + +libpam_la-openpam_restore_cred.lo: openpam_restore_cred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_restore_cred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo" "$(DEPDIR)/libpam_la-openpam_restore_cred.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_restore_cred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_restore_cred.c' object='libpam_la-openpam_restore_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_restore_cred.lo `test -f 'openpam_restore_cred.c' || echo '$(srcdir)/'`openpam_restore_cred.c + +libpam_la-openpam_set_option.lo: openpam_set_option.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_set_option.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo" "$(DEPDIR)/libpam_la-openpam_set_option.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_set_option.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_set_option.c' object='libpam_la-openpam_set_option.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_set_option.lo `test -f 'openpam_set_option.c' || echo '$(srcdir)/'`openpam_set_option.c + +libpam_la-openpam_static.lo: openpam_static.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_static.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_static.Tpo" -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_static.Tpo" "$(DEPDIR)/libpam_la-openpam_static.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_static.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_static.c' object='libpam_la-openpam_static.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_static.lo `test -f 'openpam_static.c' || echo '$(srcdir)/'`openpam_static.c + +libpam_la-openpam_ttyconv.lo: openpam_ttyconv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-openpam_ttyconv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo" "$(DEPDIR)/libpam_la-openpam_ttyconv.Plo"; else rm -f "$(DEPDIR)/libpam_la-openpam_ttyconv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='openpam_ttyconv.c' object='libpam_la-openpam_ttyconv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-openpam_ttyconv.lo `test -f 'openpam_ttyconv.c' || echo '$(srcdir)/'`openpam_ttyconv.c + +libpam_la-pam_acct_mgmt.lo: pam_acct_mgmt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_acct_mgmt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo" "$(DEPDIR)/libpam_la-pam_acct_mgmt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_acct_mgmt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_acct_mgmt.c' object='libpam_la-pam_acct_mgmt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_acct_mgmt.lo `test -f 'pam_acct_mgmt.c' || echo '$(srcdir)/'`pam_acct_mgmt.c + +libpam_la-pam_authenticate.lo: pam_authenticate.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_authenticate.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo" "$(DEPDIR)/libpam_la-pam_authenticate.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_authenticate.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_authenticate.c' object='libpam_la-pam_authenticate.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_authenticate.lo `test -f 'pam_authenticate.c' || echo '$(srcdir)/'`pam_authenticate.c + +libpam_la-pam_chauthtok.lo: pam_chauthtok.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_chauthtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo" "$(DEPDIR)/libpam_la-pam_chauthtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_chauthtok.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_chauthtok.c' object='libpam_la-pam_chauthtok.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_chauthtok.lo `test -f 'pam_chauthtok.c' || echo '$(srcdir)/'`pam_chauthtok.c + +libpam_la-pam_close_session.lo: pam_close_session.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_close_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_close_session.Tpo" -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo" "$(DEPDIR)/libpam_la-pam_close_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_close_session.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_close_session.c' object='libpam_la-pam_close_session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_close_session.lo `test -f 'pam_close_session.c' || echo '$(srcdir)/'`pam_close_session.c + +libpam_la-pam_end.lo: pam_end.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_end.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_end.Tpo" -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_end.Tpo" "$(DEPDIR)/libpam_la-pam_end.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_end.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_end.c' object='libpam_la-pam_end.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_end.lo `test -f 'pam_end.c' || echo '$(srcdir)/'`pam_end.c + +libpam_la-pam_error.lo: pam_error.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_error.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_error.Tpo" -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_error.Tpo" "$(DEPDIR)/libpam_la-pam_error.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_error.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_error.c' object='libpam_la-pam_error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_error.lo `test -f 'pam_error.c' || echo '$(srcdir)/'`pam_error.c + +libpam_la-pam_get_authtok.lo: pam_get_authtok.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_authtok.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo" "$(DEPDIR)/libpam_la-pam_get_authtok.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_authtok.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_authtok.c' object='libpam_la-pam_get_authtok.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_authtok.lo `test -f 'pam_get_authtok.c' || echo '$(srcdir)/'`pam_get_authtok.c + +libpam_la-pam_get_data.lo: pam_get_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_data.Tpo" -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo" "$(DEPDIR)/libpam_la-pam_get_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_data.c' object='libpam_la-pam_get_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_data.lo `test -f 'pam_get_data.c' || echo '$(srcdir)/'`pam_get_data.c + +libpam_la-pam_get_item.lo: pam_get_item.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_item.Tpo" -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo" "$(DEPDIR)/libpam_la-pam_get_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_item.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_item.c' object='libpam_la-pam_get_item.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_item.lo `test -f 'pam_get_item.c' || echo '$(srcdir)/'`pam_get_item.c + +libpam_la-pam_get_user.lo: pam_get_user.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_get_user.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_get_user.Tpo" -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo" "$(DEPDIR)/libpam_la-pam_get_user.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_get_user.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_get_user.c' object='libpam_la-pam_get_user.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_get_user.lo `test -f 'pam_get_user.c' || echo '$(srcdir)/'`pam_get_user.c + +libpam_la-pam_getenv.lo: pam_getenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenv.Tpo" -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo" "$(DEPDIR)/libpam_la-pam_getenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenv.c' object='libpam_la-pam_getenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenv.lo `test -f 'pam_getenv.c' || echo '$(srcdir)/'`pam_getenv.c + +libpam_la-pam_getenvlist.lo: pam_getenvlist.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_getenvlist.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo" "$(DEPDIR)/libpam_la-pam_getenvlist.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_getenvlist.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_getenvlist.c' object='libpam_la-pam_getenvlist.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_getenvlist.lo `test -f 'pam_getenvlist.c' || echo '$(srcdir)/'`pam_getenvlist.c + +libpam_la-pam_info.lo: pam_info.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_info.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_info.Tpo" -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_info.Tpo" "$(DEPDIR)/libpam_la-pam_info.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_info.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_info.c' object='libpam_la-pam_info.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_info.lo `test -f 'pam_info.c' || echo '$(srcdir)/'`pam_info.c + +libpam_la-pam_open_session.lo: pam_open_session.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_open_session.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_open_session.Tpo" -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo" "$(DEPDIR)/libpam_la-pam_open_session.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_open_session.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_open_session.c' object='libpam_la-pam_open_session.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_open_session.lo `test -f 'pam_open_session.c' || echo '$(srcdir)/'`pam_open_session.c + +libpam_la-pam_prompt.lo: pam_prompt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_prompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_prompt.Tpo" -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo" "$(DEPDIR)/libpam_la-pam_prompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_prompt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_prompt.c' object='libpam_la-pam_prompt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_prompt.lo `test -f 'pam_prompt.c' || echo '$(srcdir)/'`pam_prompt.c + +libpam_la-pam_putenv.lo: pam_putenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_putenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_putenv.Tpo" -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo" "$(DEPDIR)/libpam_la-pam_putenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_putenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_putenv.c' object='libpam_la-pam_putenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_putenv.lo `test -f 'pam_putenv.c' || echo '$(srcdir)/'`pam_putenv.c + +libpam_la-pam_set_data.lo: pam_set_data.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_data.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_data.Tpo" -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo" "$(DEPDIR)/libpam_la-pam_set_data.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_data.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_data.c' object='libpam_la-pam_set_data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_data.lo `test -f 'pam_set_data.c' || echo '$(srcdir)/'`pam_set_data.c + +libpam_la-pam_set_item.lo: pam_set_item.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_set_item.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_set_item.Tpo" -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo" "$(DEPDIR)/libpam_la-pam_set_item.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_set_item.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_set_item.c' object='libpam_la-pam_set_item.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_set_item.lo `test -f 'pam_set_item.c' || echo '$(srcdir)/'`pam_set_item.c + +libpam_la-pam_setcred.lo: pam_setcred.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setcred.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setcred.Tpo" -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo" "$(DEPDIR)/libpam_la-pam_setcred.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setcred.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setcred.c' object='libpam_la-pam_setcred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setcred.lo `test -f 'pam_setcred.c' || echo '$(srcdir)/'`pam_setcred.c + +libpam_la-pam_setenv.lo: pam_setenv.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_setenv.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_setenv.Tpo" -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo" "$(DEPDIR)/libpam_la-pam_setenv.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_setenv.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_setenv.c' object='libpam_la-pam_setenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_setenv.lo `test -f 'pam_setenv.c' || echo '$(srcdir)/'`pam_setenv.c + +libpam_la-pam_start.lo: pam_start.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_start.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_start.Tpo" -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_start.Tpo" "$(DEPDIR)/libpam_la-pam_start.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_start.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_start.c' object='libpam_la-pam_start.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_start.lo `test -f 'pam_start.c' || echo '$(srcdir)/'`pam_start.c + +libpam_la-pam_strerror.lo: pam_strerror.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_strerror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_strerror.Tpo" -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo" "$(DEPDIR)/libpam_la-pam_strerror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_strerror.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_strerror.c' object='libpam_la-pam_strerror.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_strerror.lo `test -f 'pam_strerror.c' || echo '$(srcdir)/'`pam_strerror.c + +libpam_la-pam_verror.lo: pam_verror.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_verror.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_verror.Tpo" -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_verror.Tpo" "$(DEPDIR)/libpam_la-pam_verror.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_verror.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_verror.c' object='libpam_la-pam_verror.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_verror.lo `test -f 'pam_verror.c' || echo '$(srcdir)/'`pam_verror.c + +libpam_la-pam_vinfo.lo: pam_vinfo.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vinfo.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo" "$(DEPDIR)/libpam_la-pam_vinfo.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vinfo.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vinfo.c' object='libpam_la-pam_vinfo.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vinfo.lo `test -f 'pam_vinfo.c' || echo '$(srcdir)/'`pam_vinfo.c + +libpam_la-pam_vprompt.lo: pam_vprompt.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -MT libpam_la-pam_vprompt.lo -MD -MP -MF "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo" "$(DEPDIR)/libpam_la-pam_vprompt.Plo"; else rm -f "$(DEPDIR)/libpam_la-pam_vprompt.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_vprompt.c' object='libpam_la-pam_vprompt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpam_la_CFLAGS) $(CFLAGS) -c -o libpam_la-pam_vprompt.lo `test -f 'pam_vprompt.c' || echo '$(srcdir)/'`pam_vprompt.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-exec-am: install-libLTLIBRARIES + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-info-am \ + uninstall-libLTLIBRARIES + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/lib/openpam_borrow_cred.c b/lib/openpam_borrow_cred.c new file mode 100644 index 0000000..79a349f --- /dev/null +++ b/lib/openpam_borrow_cred.c @@ -0,0 +1,121 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_borrow_cred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Temporarily borrow user credentials + */ + +int +openpam_borrow_cred(pam_handle_t *pamh, + const struct passwd *pwd) +{ + struct pam_saved_cred *scred; + const void *scredp; + int r; + + ENTERI(pwd->pw_uid); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r == PAM_SUCCESS && scredp != NULL) { + openpam_log(PAM_LOG_DEBUG, + "already operating under borrowed credentials"); + RETURNC(PAM_SYSTEM_ERR); + } + if (geteuid() != 0 && geteuid() != pwd->pw_uid) { + openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d", + (int)geteuid()); + RETURNC(PAM_PERM_DENIED); + } + scred = calloc(1, sizeof *scred); + if (scred == NULL) + RETURNC(PAM_BUF_ERR); + scred->euid = geteuid(); + scred->egid = getegid(); + r = getgroups(NGROUPS_MAX, scred->groups); + if (r < 0) { + FREE(scred); + RETURNC(PAM_SYSTEM_ERR); + } + scred->ngroups = r; + r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); + if (r != PAM_SUCCESS) { + FREE(scred); + RETURNC(r); + } + if (geteuid() == pwd->pw_uid) + RETURNC(PAM_SUCCESS); + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { + openpam_restore_cred(pamh); + RETURNC(PAM_SYSTEM_ERR); + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_set_data + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_PERM_DENIED + */ + +/** + * The =openpam_borrow_cred function saves the current credentials and + * switches to those of the user specified by its =pwd argument. + * The affected credentials are the effective UID, the effective GID, and + * the group access list. + * The original credentials can be restored using =openpam_restore_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/lib/openpam_configure.c b/lib/openpam_configure.c new file mode 100644 index 0000000..f9197ad --- /dev/null +++ b/lib/openpam_configure.c @@ -0,0 +1,340 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_configure.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} + +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ +static int +openpam_read_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility, + const char *filename, + openpam_style_t style) +{ + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; + FILE *f; + + if ((f = fopen(filename, "r")) == NULL) { + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, + "%s: %m", filename); + return (0); + } + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; + + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } + + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); + continue; + } + p = next_word(p); + + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); + continue; + } + + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; + + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; + } + this->flag = ctlf; + + /* module name */ + p = next_word(p); + if (*p == '\0') { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing module name", + filename, lineno); + goto fail; + } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; + + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); + } + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); + } + + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; + fclose(f); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); +} + +static const char *openpam_policy_path[] = { + "/etc/pam.d/", + "/etc/pam.conf", + "/usr/local/etc/pam.d/", + "/usr/local/etc/pam.conf", + NULL +}; + +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ +static int +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) +{ + const char **path; + char *filename; + size_t len; + int r; + + for (path = openpam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); + return (-PAM_BUF_ERR); + } + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); + } else { + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); + } + if (r != 0) + return (r); + } + return (0); +} + +/* + * OpenPAM internal + * + * Configure a service + */ + +int +openpam_configure(pam_handle_t *pamh, + const char *service) +{ + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; + } + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + * + * Error codes: + * PAM_SYSTEM_ERR + */ diff --git a/lib/openpam_dispatch.c b/lib/openpam_dispatch.c new file mode 100644 index 0000000..69fe472 --- /dev/null +++ b/lib/openpam_dispatch.c @@ -0,0 +1,240 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_dispatch.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#if !defined(OPENPAM_RELAX_CHECKS) +static void _openpam_check_error_code(int, int); +#else +#define _openpam_check_error_code(a, b) +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * OpenPAM internal + * + * Execute a module chain + */ + +int +openpam_dispatch(pam_handle_t *pamh, + int primitive, + int flags) +{ + pam_chain_t *chain; + int err, fail, r; +#ifdef DEBUG + int debug; +#endif + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* prevent recursion */ + if (pamh->current != NULL) { + openpam_log(PAM_LOG_ERROR, + "%s() called while %s::%s() is in progress", + _pam_func_name[primitive], + pamh->current->module->path, + _pam_sm_func_name[pamh->primitive]); + RETURNC(PAM_ABORT); + } + + /* pick a chain */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + case PAM_SM_SETCRED: + chain = pamh->chains[PAM_AUTH]; + break; + case PAM_SM_ACCT_MGMT: + chain = pamh->chains[PAM_ACCOUNT]; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + chain = pamh->chains[PAM_SESSION]; + break; + case PAM_SM_CHAUTHTOK: + chain = pamh->chains[PAM_PASSWORD]; + break; + default: + RETURNC(PAM_SYSTEM_ERR); + } + + /* execute */ + for (err = fail = 0; chain != NULL; chain = chain->next) { + if (chain->module->func[primitive] == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: no %s()", + chain->module->path, _pam_sm_func_name[primitive]); + continue; + } else { + pamh->primitive = primitive; + pamh->current = chain; +#ifdef DEBUG + debug = (openpam_get_option(pamh, "debug") != NULL); + if (debug) + ++_openpam_debug; + openpam_log(PAM_LOG_DEBUG, "calling %s() in %s", + _pam_sm_func_name[primitive], chain->module->path); +#endif + r = (chain->module->func[primitive])(pamh, flags, + chain->optc, (const char **)chain->optv); + pamh->current = NULL; +#ifdef DEBUG + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + chain->module->path, _pam_sm_func_name[primitive], + pam_strerror(pamh, r)); + if (debug) + --_openpam_debug; +#endif + } + + if (r == PAM_IGNORE) + continue; + if (r == PAM_SUCCESS) { + /* + * For pam_setcred() and pam_chauthtok() with the + * PAM_PRELIM_CHECK flag, treat "sufficient" as + * "optional". + */ + if ((chain->flag == PAM_SUFFICIENT || + chain->flag == PAM_BINDING) && !fail && + primitive != PAM_SM_SETCRED && + !(primitive == PAM_SM_CHAUTHTOK && + (flags & PAM_PRELIM_CHECK))) + break; + continue; + } + + _openpam_check_error_code(primitive, r); + + /* + * Record the return code from the first module to + * fail. If a required module fails, record the + * return code from the first required module to fail. + */ + if (err == 0) + err = r; + if ((chain->flag == PAM_REQUIRED || + chain->flag == PAM_BINDING) && !fail) { + openpam_log(PAM_LOG_DEBUG, "required module failed"); + fail = 1; + err = r; + } + + /* + * If a requisite module fails, terminate the chain + * immediately. + */ + if (chain->flag == PAM_REQUISITE) { + openpam_log(PAM_LOG_DEBUG, "requisite module failed"); + fail = 1; + break; + } + } + + if (!fail && err != PAM_NEW_AUTHTOK_REQD) + err = PAM_SUCCESS; + RETURNC(err); +} + +#if !defined(OPENPAM_RELAX_CHECKS) +static void +_openpam_check_error_code(int primitive, int r) +{ + /* common error codes */ + if (r == PAM_SUCCESS || + r == PAM_SERVICE_ERR || + r == PAM_BUF_ERR || + r == PAM_CONV_ERR || + r == PAM_PERM_DENIED || + r == PAM_ABORT) + return; + + /* specific error codes */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + if (r == PAM_AUTH_ERR || + r == PAM_CRED_INSUFFICIENT || + r == PAM_AUTHINFO_UNAVAIL || + r == PAM_USER_UNKNOWN || + r == PAM_MAXTRIES) + return; + break; + case PAM_SM_SETCRED: + if (r == PAM_CRED_UNAVAIL || + r == PAM_CRED_EXPIRED || + r == PAM_USER_UNKNOWN || + r == PAM_CRED_ERR) + return; + break; + case PAM_SM_ACCT_MGMT: + if (r == PAM_USER_UNKNOWN || + r == PAM_AUTH_ERR || + r == PAM_NEW_AUTHTOK_REQD || + r == PAM_ACCT_EXPIRED) + return; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + if (r == PAM_SESSION_ERR) + return; + break; + case PAM_SM_CHAUTHTOK: + if (r == PAM_PERM_DENIED || + r == PAM_AUTHTOK_ERR || + r == PAM_AUTHTOK_RECOVERY_ERR || + r == PAM_AUTHTOK_LOCK_BUSY || + r == PAM_AUTHTOK_DISABLE_AGING || + r == PAM_TRY_AGAIN) + return; + break; + } + + openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", + _pam_sm_func_name[primitive], r); +} +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * NODOC + * + * Error codes: + */ diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c new file mode 100644 index 0000000..084408e --- /dev/null +++ b/lib/openpam_dynamic.c @@ -0,0 +1,110 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_dynamic.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + +/* + * OpenPAM internal + * + * Locate a dynamically linked module + */ + +pam_module_t * +openpam_dynamic(const char *path) +{ + pam_module_t *module; + const char *prefix; + char *vpath; + void *dlh; + int i; + + dlh = NULL; + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; + + /* Prepend the standard prefix if not an absolute pathname. */ + if (path[0] != '/') + prefix = OPENPAM_MODULES_DIR; + else + prefix = ""; + + /* try versioned module first, then unversioned module */ + if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0) + goto buf_err; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + *strrchr(vpath, '.') = '\0'; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + FREE(vpath); + FREE(module); + return (NULL); + } + } + FREE(vpath); + if ((module->path = strdup(path)) == NULL) + goto buf_err; + module->dlh = dlh; + for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { + module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); + if (module->func[i] == NULL) + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + path, _pam_sm_func_name[i], dlerror()); + } + return (module); + buf_err: + openpam_log(PAM_LOG_ERROR, "%m"); + if (dlh != NULL) + dlclose(dlh); + FREE(module); + return (NULL); +} + +/* + * NOPARSE + */ diff --git a/lib/openpam_findenv.c b/lib/openpam_findenv.c new file mode 100644 index 0000000..d78e147 --- /dev/null +++ b/lib/openpam_findenv.c @@ -0,0 +1,69 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_findenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM internal + * + * Locate an environment variable + */ + +int +openpam_findenv(pam_handle_t *pamh, + const char *name, + size_t len) +{ + int i; + + ENTER(); + if (pamh == NULL) + RETURNN(-1); + for (i = 0; i < pamh->env_count; ++i) + if (strncmp(pamh->env[i], name, len) == 0 && + pamh->env[i][len] == '=') + RETURNN(i); + RETURNN(-1); +} + +/* + * NODOC + */ diff --git a/lib/openpam_free_data.c b/lib/openpam_free_data.c new file mode 100644 index 0000000..e071c0a --- /dev/null +++ b/lib/openpam_free_data.c @@ -0,0 +1,72 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_free_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Generic cleanup function + */ + +void +openpam_free_data(pam_handle_t *pamh, + void *data, + int status) +{ + + ENTER(); + (void)pamh; + (void)status; + FREE(data); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_data function is a cleanup function suitable for + * passing to =pam_set_data. + * It simply releases the data by passing its =data argument to =free. + */ diff --git a/lib/openpam_free_envlist.c b/lib/openpam_free_envlist.c new file mode 100644 index 0000000..346c2dd --- /dev/null +++ b/lib/openpam_free_envlist.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2005 Dag-Erling Coïdan Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $Id: openpam_free_envlist.c 320 2006-02-16 20:33:19Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Free an environment list + */ + +void +openpam_free_envlist(char **envlist) +{ + char **env; + + ENTER(); + if (envlist == NULL) + RETURNV(); + for (env = envlist; *env != NULL; ++env) + FREE(*env); + FREE(envlist); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_envlist function is a convenience function which + * frees all the environment variables in an environment list, and the + * list itself. + * It is suitable for freeing the return value from =pam_getenvlist. + */ diff --git a/lib/openpam_get_option.c b/lib/openpam_get_option.c new file mode 100644 index 0000000..73bc070 --- /dev/null +++ b/lib/openpam_get_option.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_get_option.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Returns the value of a module option + */ + +const char * +openpam_get_option(pam_handle_t *pamh, + const char *option) +{ + pam_chain_t *cur; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNS(NULL); + cur = pamh->current; + len = strlen(option); + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0) { + if (cur->optv[i][len] == '\0') + RETURNS(&cur->optv[i][len]); + else if (cur->optv[i][len] == '=') + RETURNS(&cur->optv[i][len + 1]); + } + } + RETURNS(NULL); +} + +/** + * The =openpam_get_option function returns the value of the specified + * option in the context of the currently executing service module, or + * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option + */ diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h new file mode 100644 index 0000000..7704d4e --- /dev/null +++ b/lib/openpam_impl.h @@ -0,0 +1,200 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $ + */ + +#ifndef _OPENPAM_IMPL_H_INCLUDED +#define _OPENPAM_IMPL_H_INCLUDED + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_err_name[PAM_NUM_ERRORS]; +extern const char *_pam_item_name[PAM_NUM_ITEMS]; + +extern int _openpam_debug; + +/* + * Control flags + */ +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; + +/* + * Facilities + */ +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; + +typedef struct pam_chain pam_chain_t; +struct pam_chain { + pam_module_t *module; + int flag; + int optc; + char **optv; + pam_chain_t *next; +}; + +typedef struct pam_data pam_data_t; +struct pam_data { + char *name; + void *data; + void (*cleanup)(pam_handle_t *, void *, int); + pam_data_t *next; +}; + +struct pam_handle { + char *service; + + /* chains */ + pam_chain_t *chains[PAM_NUM_FACILITIES]; + pam_chain_t *current; + int primitive; + + /* items and data */ + void *item[PAM_NUM_ITEMS]; + pam_data_t *module_data; + + /* environment list */ + char **env; + int env_count; + int env_size; +}; + +#ifdef NGROUPS_MAX +#define PAM_SAVED_CRED "pam_saved_cred" +struct pam_saved_cred { + uid_t euid; + gid_t egid; + gid_t groups[NGROUPS_MAX]; + int ngroups; +}; +#endif + +#define PAM_OTHER "other" + +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); + +#ifdef OPENPAM_STATIC_MODULES +pam_module_t *openpam_static(const char *); +#endif +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) + +#ifdef DEBUG +#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTERI(i) do { \ + int _i = (i); \ + if (_i > 0 && _i < PAM_NUM_ITEMS) \ + openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \ +} while (0) +#define ENTERN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \ +} while (0) +#define ENTERS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define RETURNC(c) do { \ + int _c = (c); \ + if (_c >= 0 && _c < PAM_NUM_ERRORS) \ + openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \ + return (_c); \ +} while (0) +#define RETURNN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \ + return (_n); \ +} while (0) +#define RETURNP(p) do { \ + const void *_p = (p); \ + if (_p == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \ + return (p); \ +} while (0) +#define RETURNS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \ + return (_s); \ +} while (0) +#else +#define ENTER() +#define ENTERI(i) +#define ENTERN(n) +#define ENTERS(s) +#define RETURNV() return +#define RETURNC(c) return (c) +#define RETURNN(n) return (n) +#define RETURNP(p) return (p) +#define RETURNS(s) return (s) +#endif + +#endif diff --git a/lib/openpam_load.c b/lib/openpam_load.c new file mode 100644 index 0000000..303f3f5 --- /dev/null +++ b/lib/openpam_load.c @@ -0,0 +1,153 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_load.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_func_name[PAM_NUM_PRIMITIVES] = { + "pam_authenticate", + "pam_setcred", + "pam_acct_mgmt", + "pam_open_session", + "pam_close_session", + "pam_chauthtok" +}; + +const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_authenticate", + "pam_sm_setcred", + "pam_sm_acct_mgmt", + "pam_sm_open_session", + "pam_sm_close_session", + "pam_sm_chauthtok" +}; + +/* + * Locate a matching dynamic or static module. + */ + +pam_module_t * +openpam_load_module(const char *path) +{ + pam_module_t *module; + + module = openpam_dynamic(path); + openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", + (module == NULL) ? "no" : "using", path); + +#ifdef OPENPAM_STATIC_MODULES + /* look for a static module */ + if (module == NULL && strchr(path, '/') == NULL) { + module = openpam_static(path); + openpam_log(PAM_LOG_DEBUG, "%s static %s", + (module == NULL) ? "no" : "using", path); + } +#endif + if (module == NULL) { + openpam_log(PAM_LOG_ERROR, "no %s found", path); + return (NULL); + } + return (module); +} + + +/* + * Release a module. + * XXX highly thread-unsafe + */ + +static void +openpam_release_module(pam_module_t *module) +{ + if (module == NULL) + return; + if (module->dlh == NULL) + /* static module */ + return; + dlclose(module->dlh); + openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); + FREE(module->path); + FREE(module); +} + + +/* + * Destroy a chain, freeing all its links and releasing the modules + * they point to. + */ + +static void +openpam_destroy_chain(pam_chain_t *chain) +{ + if (chain == NULL) + return; + openpam_destroy_chain(chain->next); + chain->next = NULL; + while (chain->optc) { + --chain->optc; + FREE(chain->optv[chain->optc]); + } + FREE(chain->optv); + openpam_release_module(chain->module); + chain->module = NULL; + FREE(chain); +} + + +/* + * Clear the chains and release the modules + */ + +void +openpam_clear_chains(pam_chain_t *policy[]) +{ + int i; + + for (i = 0; i < PAM_NUM_FACILITIES; ++i) { + openpam_destroy_chain(policy[i]); + policy[i] = NULL; + } +} + +/* + * NOPARSE + */ diff --git a/lib/openpam_log.c b/lib/openpam_log.c new file mode 100644 index 0000000..e492294 --- /dev/null +++ b/lib/openpam_log.c @@ -0,0 +1,158 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_log.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +#ifdef OPENPAM_DEBUG +int _openpam_debug = 1; +#else +int _openpam_debug = 0; +#endif + +#if !defined(openpam_log) + +/* + * OpenPAM extension + * + * Log a message through syslog + */ + +void +openpam_log(int level, const char *fmt, ...) +{ + va_list ap; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + vsyslog(priority, fmt, ap); + va_end(ap); +} + +#else + +void +_openpam_log(int level, const char *func, const char *fmt, ...) +{ + va_list ap; + char *format; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } + va_end(ap); +} + +#endif + +/** + * The =openpam_log function logs messages using =syslog. + * It is primarily intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. + * The following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. + * These messages are normally not logged unless the global + * integer variable :_openpam_debug is set to a non-zero + * value, in which case they are logged with a =syslog + * priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. + * These messages are logged with a =syslog priority of + * =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. + * These messages are logged with a =syslog priority of + * =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. + * These messages are logged with a =syslog priority of + * =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. + */ diff --git a/lib/openpam_nullconv.c b/lib/openpam_nullconv.c new file mode 100644 index 0000000..3294dcf --- /dev/null +++ b/lib/openpam_nullconv.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_nullconv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Null conversation function + */ + +int +openpam_nullconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + + ENTER(); + (void)n; + (void)msg; + (void)resp; + (void)data; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_CONV_ERR + */ + +/** + * The =openpam_nullconv function is a null conversation function suitable + * for applications that want to use PAM but don't support interactive + * dialog with the user. + * Such applications should set =PAM_AUTHTOK to whatever authentication + * token they've obtained on their own before calling =pam_authenticate + * and / or =pam_chauthtok, and their PAM configuration should specify the + * ;use_first_pass option for all modules that require access to the + * authentication token, to make sure they use =PAM_AUTHTOK rather than + * try to query the user. + * + * >openpam_ttyconv + * >pam_prompt + * >pam_set_item + * >pam_vprompt + */ diff --git a/lib/openpam_readline.c b/lib/openpam_readline.c new file mode 100644 index 0000000..17f03f3 --- /dev/null +++ b/lib/openpam_readline.c @@ -0,0 +1,155 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_readline.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace((int)line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace((int)line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/lib/openpam_restore_cred.c b/lib/openpam_restore_cred.c new file mode 100644 index 0000000..20e80d4 --- /dev/null +++ b/lib/openpam_restore_cred.c @@ -0,0 +1,94 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_restore_cred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Restore credentials + */ + +int +openpam_restore_cred(pam_handle_t *pamh) +{ + const struct pam_saved_cred *scred; + const void *scredp; + int r; + + ENTER(); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r != PAM_SUCCESS) + RETURNC(r); + if (scredp == NULL) + RETURNC(PAM_SYSTEM_ERR); + scred = scredp; + if (scred->euid != geteuid()) { + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) + RETURNC(PAM_SYSTEM_ERR); + } + pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_get_data + * PAM_SYSTEM_ERR + */ + +/** + * The =openpam_restore_cred function restores the credentials saved by + * =openpam_borrow_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/lib/openpam_set_option.c b/lib/openpam_set_option.c new file mode 100644 index 0000000..57161d3 --- /dev/null +++ b/lib/openpam_set_option.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_set_option.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Sets the value of a module option + */ + +int +openpam_set_option(pam_handle_t *pamh, + const char *option, + const char *value) +{ + pam_chain_t *cur; + char *opt, **optv; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNC(PAM_SYSTEM_ERR); + cur = pamh->current; + for (len = 0; option[len] != '\0'; ++len) + if (option[len] == '=') + break; + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0 && + (cur->optv[i][len] == '\0' || cur->optv[i][len] == '=')) + break; + } + if (value == NULL) { + /* remove */ + if (i == cur->optc) + RETURNC(PAM_SUCCESS); + for (free(cur->optv[i]); i < cur->optc; ++i) + cur->optv[i] = cur->optv[i + 1]; + cur->optv[i] = NULL; + RETURNC(PAM_SUCCESS); + } + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) + RETURNC(PAM_BUF_ERR); + if (i == cur->optc) { + /* add */ + optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); + if (optv == NULL) { + FREE(opt); + RETURNC(PAM_BUF_ERR); + } + optv[i] = opt; + optv[i + 1] = NULL; + cur->optv = optv; + ++cur->optc; + } else { + /* replace */ + FREE(cur->optv[i]); + cur->optv[i] = opt; + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =openpam_set_option function sets the specified option in the + * context of the currently executing service module. + * + * >openpam_get_option + */ diff --git a/lib/openpam_static.c b/lib/openpam_static.c new file mode 100644 index 0000000..c06ceed --- /dev/null +++ b/lib/openpam_static.c @@ -0,0 +1,70 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_static.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#ifdef OPENPAM_STATIC_MODULES + +SET_DECLARE(_openpam_static_modules, pam_module_t); + +/* + * OpenPAM internal + * + * Locate a statically linked module + */ + +pam_module_t * +openpam_static(const char *path) +{ + pam_module_t **module; + + SET_FOREACH(module, _openpam_static_modules) { + if (strcmp((*module)->path, path) == 0) + return (*module); + } + return (NULL); +} + +#endif + +/* + * NOPARSE + */ diff --git a/lib/openpam_ttyconv.c b/lib/openpam_ttyconv.c new file mode 100644 index 0000000..a6820b9 --- /dev/null +++ b/lib/openpam_ttyconv.c @@ -0,0 +1,248 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_ttyconv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +int openpam_ttyconv_timeout = 0; + +static void +timeout(int sig) +{ + + (void)sig; +} + +static char * +prompt(const char *msg) +{ + char buf[PAM_MAX_RESP_SIZE]; + struct sigaction action, saved_action; + sigset_t saved_sigset, sigset; + unsigned int saved_alarm; + int eof, error, fd; + size_t len; + char *retval; + char ch; + + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGTSTP); + sigprocmask(SIG_SETMASK, &sigset, &saved_sigset); + action.sa_handler = &timeout; + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + sigaction(SIGALRM, &action, &saved_action); + fputs(msg, stdout); + fflush(stdout); +#ifdef HAVE_FPURGE + fpurge(stdin); +#endif + fd = fileno(stdin); + buf[0] = '\0'; + eof = error = 0; + saved_alarm = 0; + if (openpam_ttyconv_timeout >= 0) + saved_alarm = alarm(openpam_ttyconv_timeout); + ch = '\0'; + for (len = 0; ch != '\n' && !eof && !error; ++len) { + switch (read(fd, &ch, 1)) { + case 1: + if (len < PAM_MAX_RESP_SIZE - 1) { + buf[len + 1] = '\0'; + buf[len] = ch; + } + break; + case 0: + eof = 1; + break; + default: + error = errno; + break; + } + } + if (openpam_ttyconv_timeout >= 0) + alarm(0); + sigaction(SIGALRM, &saved_action, NULL); + sigprocmask(SIG_SETMASK, &saved_sigset, NULL); + if (saved_alarm > 0) + alarm(saved_alarm); + if (error == EINTR) + fputs(" timeout!", stderr); + if (error || eof) { + fputs("\n", stderr); + memset(buf, 0, sizeof(buf)); + return (NULL); + } + /* trim trailing whitespace */ + for (len = strlen(buf); len > 0; --len) + if (buf[len - 1] != '\r' && buf[len - 1] != '\n') + break; + buf[len] = '\0'; + retval = strdup(buf); + memset(buf, 0, sizeof(buf)); + return (retval); +} + +static char * +prompt_echo_off(const char *msg) +{ + struct termios tattr; + tcflag_t lflag; + char *ret; + int fd; + + fd = fileno(stdin); + if (tcgetattr(fd, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m"); + return (NULL); + } + lflag = tattr.c_lflag; + tattr.c_lflag &= ~ECHO; + if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m"); + return (NULL); + } + ret = prompt(msg); + tattr.c_lflag = lflag; + (void)tcsetattr(fd, TCSANOW, &tattr); + if (ret != NULL) + fputs("\n", stdout); + return (ret); +} + +/* + * OpenPAM extension + * + * Simple tty-based conversation function + */ + +int +openpam_ttyconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + struct pam_response *aresp; + int i; + + ENTER(); + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + RETURNC(PAM_CONV_ERR); + if ((aresp = calloc(n, sizeof *aresp)) == NULL) + RETURNC(PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + aresp[i].resp_retcode = 0; + aresp[i].resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + aresp[i].resp = prompt_echo_off(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_PROMPT_ECHO_ON: + aresp[i].resp = prompt(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_ERROR_MSG: + fputs(msg[i]->msg, stderr); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stderr); + break; + case PAM_TEXT_INFO: + fputs(msg[i]->msg, stdout); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stdout); + break; + default: + goto fail; + } + } + *resp = aresp; + RETURNC(PAM_SUCCESS); + fail: + for (i = 0; i < n; ++i) { + if (aresp[i].resp != NULL) { + memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + FREE(aresp[i].resp); + } + } + memset(aresp, 0, n * sizeof *aresp); + FREE(aresp); + *resp = NULL; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =openpam_ttyconv function is a standard conversation function + * suitable for use on TTY devices. + * It should be adequate for the needs of most text-based interactive + * programs. + * + * The =openpam_ttyconv function allows the application to specify a + * timeout for user input by setting the global integer variable + * :openpam_ttyconv_timeout to the length of the timeout in seconds. + * + * >openpam_nullconv + * >pam_prompt + * >pam_vprompt + */ diff --git a/lib/pam_acct_mgmt.c b/lib/pam_acct_mgmt.c new file mode 100644 index 0000000..0088ecf --- /dev/null +++ b/lib/pam_acct_mgmt.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 32 + * + * Perform PAM account validation procedures + */ + +int +pam_acct_mgmt(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + r = openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_acct_mgmt + * !PAM_IGNORE + */ + +/** + * The =pam_acct_mgmt function verifies and enforces account restrictions + * after the user has been authenticated. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_acct_mgmt will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_authenticate.c b/lib/pam_authenticate.c new file mode 100644 index 0000000..3b5a78d --- /dev/null +++ b/lib/pam_authenticate.c @@ -0,0 +1,92 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_authenticate.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 34 + * + * Perform authentication within the PAM framework + */ + +int +pam_authenticate(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_authenticate + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_authenticate will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_authenticate_secondary.c b/lib/pam_authenticate_secondary.c new file mode 100644 index 0000000..27e3ce7 --- /dev/null +++ b/lib/pam_authenticate_secondary.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 36 + * + * Perform authentication to a secondary domain within the PAM framework + */ + +int +pam_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + char *target_module_authtok, + int flags) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_chauthtok.c b/lib/pam_chauthtok.c new file mode 100644 index 0000000..ecf1063 --- /dev/null +++ b/lib/pam_chauthtok.c @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_chauthtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 38 + * + * Perform password related functions within the PAM framework + */ + +int +pam_chauthtok(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_PRELIM_CHECK); + if (r == PAM_SUCCESS) + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_UPDATE_AUTHTOK); + pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_chauthtok + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK: + * Change only those authentication tokens that have expired. + * + * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_close_session.c b/lib/pam_close_session.c new file mode 100644 index 0000000..ab50e35 --- /dev/null +++ b/lib/pam_close_session.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_close_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 40 + * + * Close an existing user session + */ + +int +pam_close_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_close_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_close_session function tears down the user session previously + * set up by =pam_open_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_close_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_end.c b/lib/pam_end.c new file mode 100644 index 0000000..80baf8a --- /dev/null +++ b/lib/pam_end.c @@ -0,0 +1,102 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_end.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 42 + * + * Terminate the PAM transaction + */ + +int +pam_end(pam_handle_t *pamh, + int status) +{ + pam_data_t *dp; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* clear module data */ + while ((dp = pamh->module_data) != NULL) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, status); + pamh->module_data = dp->next; + FREE(dp->name); + FREE(dp); + } + + /* clear environment */ + while (pamh->env_count) { + --pamh->env_count; + FREE(pamh->env[pamh->env_count]); + } + FREE(pamh->env); + + /* clear chains */ + openpam_clear_chains(pamh->chains); + + /* clear items */ + for (i = 0; i < PAM_NUM_ITEMS; ++i) + pam_set_item(pamh, i, NULL); + + FREE(pamh); + + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_end function terminates a PAM transaction and destroys the + * corresponding PAM context, releasing all resources allocated to it. + * + * The =status argument should be set to the error code returned by the + * last API call before the call to =pam_end. + */ diff --git a/lib/pam_error.c b/lib/pam_error.c new file mode 100644 index 0000000..f42a6b5 --- /dev/null +++ b/lib/pam_error.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_error.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_error(const pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_error function displays an error message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_info + * >pam_prompt + * >pam_verror + */ diff --git a/lib/pam_get_authtok.c b/lib/pam_get_authtok.c new file mode 100644 index 0000000..2a974c9 --- /dev/null +++ b/lib/pam_get_authtok.c @@ -0,0 +1,171 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +static const char authtok_prompt[] = "Password:"; +static const char oldauthtok_prompt[] = "Old Password:"; +static const char newauthtok_prompt[] = "New Password:"; + +/* + * OpenPAM extension + * + * Retrieve authentication token + */ + +int +pam_get_authtok(pam_handle_t *pamh, + int item, + const char **authtok, + const char *prompt) +{ + const void *oldauthtok, *prevauthtok, *promptp; + const char *default_prompt; + char *resp, *resp2; + int pitem, r, style, twice; + + ENTER(); + if (pamh == NULL || authtok == NULL) + RETURNC(PAM_SYSTEM_ERR); + *authtok = NULL; + twice = 0; + switch (item) { + case PAM_AUTHTOK: + pitem = PAM_AUTHTOK_PROMPT; + default_prompt = authtok_prompt; + r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); + if (r == PAM_SUCCESS && oldauthtok != NULL) { + default_prompt = newauthtok_prompt; + twice = 1; + } + break; + case PAM_OLDAUTHTOK: + pitem = PAM_OLDAUTHTOK_PROMPT; + default_prompt = oldauthtok_prompt; + twice = 0; + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (openpam_get_option(pamh, "try_first_pass") || + openpam_get_option(pamh, "use_first_pass")) { + r = pam_get_item(pamh, item, &prevauthtok); + if (r == PAM_SUCCESS && prevauthtok != NULL) { + *authtok = prevauthtok; + RETURNC(PAM_SUCCESS); + } + else if (openpam_get_option(pamh, "use_first_pass")) + RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); + } + if (prompt == NULL) { + r = pam_get_item(pamh, pitem, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = default_prompt; + else + prompt = promptp; + } + style = openpam_get_option(pamh, "echo_pass") ? + PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; + r = pam_prompt(pamh, style, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + if (twice) { + r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); + if (r != PAM_SUCCESS) { + FREE(resp); + RETURNC(r); + } + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); + } + if (resp == NULL) + RETURNC(PAM_TRY_AGAIN); + r = pam_set_item(pamh, item, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, item, (const void **)authtok); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_TRY_AGAIN + */ + +/** + * The =pam_get_authtok function returns the cached authentication token, + * or prompts the user if no token is currently cached. + * Either way, a pointer to the authentication token is stored in the + * location pointed to by the =authtok argument. + * + * The =item argument must have one of the following values: + * + * =PAM_AUTHTOK: + * Returns the current authentication token, or the new token + * when changing authentication tokens. + * =PAM_OLDAUTHTOK: + * Returns the previous authentication token when changing + * authentication tokens. + * + * The =prompt argument specifies a prompt to use if no token is cached. + * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, + * as appropriate, will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK + * item, =pam_get_authtok will ask the user to confirm the new token by + * retyping it. + * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN. + * + * >pam_get_item + * >pam_get_user + */ diff --git a/lib/pam_get_data.c b/lib/pam_get_data.c new file mode 100644 index 0000000..0cceef0 --- /dev/null +++ b/lib/pam_get_data.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 43 + * + * Get module information + */ + +int +pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void **data) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + *data = (void *)dp->data; + RETURNC(PAM_SUCCESS); + } + } + RETURNC(PAM_NO_MODULE_DATA); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_NO_MODULE_DATA + */ + +/** + * The =pam_get_data function looks up the opaque object associated with + * the string specified by the =module_data_name argument, in the PAM + * context specified by the =pamh argument. + * A pointer to the object is stored in the location pointed to by the + * =data argument. + * + * This function and its counterpart =pam_set_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c new file mode 100644 index 0000000..9f127be --- /dev/null +++ b/lib/pam_get_item.c @@ -0,0 +1,142 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_item.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_item_name[PAM_NUM_ITEMS] = { + "(NO ITEM)", + "PAM_SERVICE", + "PAM_USER", + "PAM_TTY", + "PAM_RHOST", + "PAM_CONV", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", + "PAM_RUSER", + "PAM_USER_PROMPT", + "PAM_REPOSITORY", + "PAM_AUTHTOK_PROMPT", + "PAM_OLDAUTHTOK_PROMPT" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 46 + * + * Get PAM information + */ + +int +pam_get_item(const pam_handle_t *pamh, + int item_type, + const void **item) +{ + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_CONV: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + case PAM_REPOSITORY: + *item = pamh->item[item_type]; + RETURNC(PAM_SUCCESS); + default: + RETURNC(PAM_SYMBOL_ERR); + } +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_get_item function stores a pointer to the item specified by + * the =item_type argument in the location specified by the =item + * argument. + * The item is retrieved from the PAM context specified by the =pamh + * argument. + * The following item types are recognized: + * + * =PAM_SERVICE: + * The name of the requesting service. + * =PAM_USER: + * The name of the user the application is trying to + * authenticate. + * =PAM_TTY: + * The name of the current terminal. + * =PAM_RHOST: + * The name of the applicant's host. + * =PAM_CONV: + * A =struct pam_conv describing the current conversation + * function. + * =PAM_AUTHTOK: + * The current authentication token. + * =PAM_OLDAUTHTOK: + * The expired authentication token. + * =PAM_RUSER: + * The name of the applicant. + * =PAM_USER_PROMPT: + * The prompt to use when asking the applicant for a user + * name to authenticate as. + * =PAM_AUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * authentication token. + * =PAM_OLDAUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * expired authentication token prior to changing it. + * + * See =pam_start for a description of =struct pam_conv. + * + * >pam_set_item + */ diff --git a/lib/pam_get_mapped_authtok.c b/lib/pam_get_mapped_authtok.c new file mode 100644 index 0000000..c49a918 --- /dev/null +++ b/lib/pam_get_mapped_authtok.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 48 + * + * Get mapped password for the user + */ + +int +pam_get_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + const char *target_module_type, + const char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_get_mapped_username.c b/lib/pam_get_mapped_username.c new file mode 100644 index 0000000..359baee --- /dev/null +++ b/lib/pam_get_mapped_username.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 50 + * + * Get valid matched identity in new domain + */ + +int +pam_get_mapped_username(pam_handle_t *pamh, + const char *src_username, + const char *src_module_type, + const char *src_authn_domain, + const char *target_module_type, + const char *target_authn_domain, + char **target_module_username) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_get_user.c b/lib/pam_get_user.c new file mode 100644 index 0000000..115a3ea --- /dev/null +++ b/lib/pam_get_user.c @@ -0,0 +1,113 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_get_user.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +static const char user_prompt[] = "Login:"; + +/* + * XSSO 4.2.1 + * XSSO 6 page 52 + * + * Retrieve user name + */ + +int +pam_get_user(pam_handle_t *pamh, + const char **user, + const char *prompt) +{ + const void *promptp; + char *resp; + int r; + + ENTER(); + if (pamh == NULL || user == NULL) + RETURNC(PAM_SYSTEM_ERR); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + if (r == PAM_SUCCESS && *user != NULL) + RETURNC(PAM_SUCCESS); + if (prompt == NULL) { + r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = user_prompt; + else + prompt = promptp; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_set_item(pamh, PAM_USER, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + */ + +/** + * The =pam_get_user function returns the name of the target user, as + * specified to =pam_start. + * If no user was specified, nor set using =pam_set_item, =pam_get_user + * will prompt for a user name. + * Either way, a pointer to the user name is stored in the location + * pointed to by the =user argument. + * + * The =prompt argument specifies a prompt to use if no user name is + * cached. + * If it is =NULL, the =PAM_USER_PROMPT will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * >pam_get_item + * >pam_get_authtok + */ diff --git a/lib/pam_getenv.c b/lib/pam_getenv.c new file mode 100644 index 0000000..f2d7910 --- /dev/null +++ b/lib/pam_getenv.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_getenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 44 + * + * Retrieve the value of a PAM environment variable + */ + +const char * +pam_getenv(pam_handle_t *pamh, + const char *name) +{ + char *str; + int i; + + ENTERS(name); + if (pamh == NULL) + RETURNS(NULL); + if (name == NULL || strchr(name, '=') != NULL) + RETURNS(NULL); + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) + RETURNS(NULL); + for (str = pamh->env[i]; *str != '\0'; ++str) { + if (*str == '=') { + ++str; + break; + } + } + RETURNS(str); +} + +/** + * The =pam_getenv function returns the value of an environment variable. + * Its semantics are similar to those of =getenv, but it accesses the PAM + * context's environment list instead of the application's. + * + * >pam_getenvlist + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_getenvlist.c b/lib/pam_getenvlist.c new file mode 100644 index 0000000..c0e128a --- /dev/null +++ b/lib/pam_getenvlist.c @@ -0,0 +1,106 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_getenvlist.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 45 + * + * Returns a list of all the PAM environment variables + */ + +char ** +pam_getenvlist(pam_handle_t *pamh) +{ + char **envlist; + int i; + + ENTER(); + if (pamh == NULL) + RETURNP(NULL); + envlist = malloc(sizeof(char *) * (pamh->env_count + 1)); + if (envlist == NULL) { + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + for (i = 0; i < pamh->env_count; ++i) { + if ((envlist[i] = strdup(pamh->env[i])) == NULL) { + while (i) { + --i; + FREE(envlist[i]); + } + FREE(envlist); + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + } + envlist[i] = NULL; + RETURNP(envlist); +} + +/** + * The =pam_getenvlist function returns a copy of the given PAM context's + * environment list as a pointer to an array of strings. + * The last element in the array is =NULL. + * The pointer is suitable for assignment to {Va environ}. + * + * The array and the strings it lists are allocated using =malloc, and + * should be released using =free after use: + * + * char **envlist, **env; + * + * envlist = environ; + * environ = pam_getenvlist(pamh); + * \/\* do something nifty \*\/ + * for (env = environ; *env != NULL; env++) + * free(*env); + * free(environ); + * environ = envlist; + * + * >environ 7 + * >pam_getenv + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_info.c b/lib/pam_info.c new file mode 100644 index 0000000..2e4dbc7 --- /dev/null +++ b/lib/pam_info.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_info.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_info(const pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_info function displays an informational message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_error + * >pam_prompt + * >pam_vinfo + */ diff --git a/lib/pam_open_session.c b/lib/pam_open_session.c new file mode 100644 index 0000000..f8d6eca --- /dev/null +++ b/lib/pam_open_session.c @@ -0,0 +1,86 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_open_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 54 + * + * Open a user session + */ + +int +pam_open_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_open_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_open_session sets up a user session for a previously + * authenticated user. + * The session should later be torn down by a call to =pam_close_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_open_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_prompt.c b/lib/pam_prompt.c new file mode 100644 index 0000000..76da55f --- /dev/null +++ b/lib/pam_prompt.c @@ -0,0 +1,90 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_prompt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include +#include + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_prompt(const pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, style, resp, fmt, ap); + va_end(ap); + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_prompt function constructs a message from the specified format + * string and arguments and passes it to the given PAM context's + * conversation function. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * See =pam_vprompt for further details. + * + * >pam_error + * >pam_info + * >pam_vprompt + */ diff --git a/lib/pam_putenv.c b/lib/pam_putenv.c new file mode 100644 index 0000000..79d6228 --- /dev/null +++ b/lib/pam_putenv.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_putenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 56 + * + * Set the value of an environment variable + */ + +int +pam_putenv(pam_handle_t *pamh, + const char *namevalue) +{ + char **env, *p; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* see if the variable is already in the environment */ + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { + if ((p = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + FREE(pamh->env[i]); + pamh->env[i] = p; + RETURNC(PAM_SUCCESS); + } + + /* grow the environment list if necessary */ + if (pamh->env_count == pamh->env_size) { + env = realloc(pamh->env, + sizeof(char *) * (pamh->env_size * 2 + 1)); + if (env == NULL) + RETURNC(PAM_BUF_ERR); + pamh->env = env; + pamh->env_size = pamh->env_size * 2 + 1; + } + + /* add the variable at the end */ + if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + ++pamh->env_count; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_putenv function sets a environment variable. + * Its semantics are similar to those of =putenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_setenv + */ diff --git a/lib/pam_set_data.c b/lib/pam_set_data.c new file mode 100644 index 0000000..963de92 --- /dev/null +++ b/lib/pam_set_data.c @@ -0,0 +1,104 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_data.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 59 + * + * Set module information + */ + +int +pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int pam_end_status)) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); + dp->data = data; + dp->cleanup = cleanup; + RETURNC(PAM_SUCCESS); + } + } + if ((dp = malloc(sizeof *dp)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((dp->name = strdup(module_data_name)) == NULL) { + FREE(dp); + RETURNC(PAM_BUF_ERR); + } + dp->data = data; + dp->cleanup = cleanup; + dp->next = pamh->module_data; + pamh->module_data = dp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_data function associates a pointer to an opaque object + * with an arbitrary string specified by the =module_data_name argument, + * in the PAM context specified by the =pamh argument. + * + * If not =NULL, the =cleanup argument should point to a function + * responsible for releasing the resources associated with the object. + * + * This function and its counterpart =pam_get_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_set_item.c b/lib/pam_set_item.c new file mode 100644 index 0000000..9b60618 --- /dev/null +++ b/lib/pam_set_item.c @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_item.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 60 + * + * Set authentication information + */ + +int +pam_set_item(pam_handle_t *pamh, + int item_type, + const void *item) +{ + void **slot, *tmp; + size_t nsize, osize; + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + slot = &pamh->item[item_type]; + osize = nsize = 0; + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + if (*slot != NULL) + osize = strlen(*slot) + 1; + if (item != NULL) + nsize = strlen(item) + 1; + break; + case PAM_REPOSITORY: + osize = nsize = sizeof(struct pam_repository); + break; + case PAM_CONV: + osize = nsize = sizeof(struct pam_conv); + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (*slot != NULL) { + memset(*slot, 0xd0, osize); + FREE(*slot); + } + if (item != NULL) { + if ((tmp = malloc(nsize)) == NULL) + RETURNC(PAM_BUF_ERR); + memcpy(tmp, item, nsize); + } else { + tmp = NULL; + } + *slot = tmp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_item function sets the item specified by the =item_type + * argument to a copy of the object pointed to by the =item argument. + * The item is stored in the PAM context specified by the =pamh argument. + * See =pam_get_item for a list of recognized item types. + */ diff --git a/lib/pam_set_mapped_authtok.c b/lib/pam_set_mapped_authtok.c new file mode 100644 index 0000000..01ad255 --- /dev/null +++ b/lib/pam_set_mapped_authtok.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 62 + * + * Store the password for the username supplied + */ + +int +pam_set_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + const char *target_module_type, + const char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_set_mapped_username.c b/lib/pam_set_mapped_username.c new file mode 100644 index 0000000..ae3619b --- /dev/null +++ b/lib/pam_set_mapped_username.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 64 + * + * Set a username + */ + +int +pam_set_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_username, + char *target_module_type, + char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_setcred.c b/lib/pam_setcred.c new file mode 100644 index 0000000..80eb468 --- /dev/null +++ b/lib/pam_setcred.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_setcred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 57 + * + * Modify / delete user credentials for an authentication service + */ + +int +pam_setcred(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED| + PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED)) + RETURNC(PAM_SYMBOL_ERR); + /* XXX enforce exclusivity */ + r = openpam_dispatch(pamh, PAM_SM_SETCRED, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_setcred + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_setcred function manages the application's credentials. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_ESTABLISH_CRED: + * Establish the credentials of the target user. + * =PAM_DELETE_CRED: + * Revoke all established credentials. + * =PAM_REINITIALIZE_CRED: + * Fully reinitialise credentials. + * =PAM_REFRESH_CRED: + * Refresh credentials. + * + * The latter four are mutually exclusive. + * + * If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR. + */ diff --git a/lib/pam_setenv.c b/lib/pam_setenv.c new file mode 100644 index 0000000..e73f6b5 --- /dev/null +++ b/lib/pam_setenv.c @@ -0,0 +1,98 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_setenv.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Set the value of an environment variable + * Mirrors setenv(3) + */ + +int +pam_setenv(pam_handle_t *pamh, + const char *name, + const char *value, + int overwrite) +{ + char *env; + int r; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (name == NULL || value == NULL || strchr(name, '=') != NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* is it already there? */ + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) + RETURNC(PAM_SUCCESS); + + /* set it... */ + if (asprintf(&env, "%s=%s", name, value) < 0) + RETURNC(PAM_BUF_ERR); + r = pam_putenv(pamh, env); + FREE(env); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_putenv + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_setenv function sets a environment variable. + * Its semantics are similar to those of =setenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_putenv + */ diff --git a/lib/pam_sm_acct_mgmt.c b/lib/pam_sm_acct_mgmt.c new file mode 100644 index 0000000..a57e86a --- /dev/null +++ b/lib/pam_sm_acct_mgmt.c @@ -0,0 +1,81 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_acct_mgmt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 66 + * + * Service module implementation for pam_acct_mgmt + */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_USER_UNKNOWN + * PAM_AUTH_ERR + * PAM_NEW_AUTHTOK_REQD + * PAM_ACCT_EXPIRED + */ + +/** + * The =pam_sm_acct_mgmt function is the service module's implementation + * of the =pam_acct_mgmt API function. + */ diff --git a/lib/pam_sm_authenticate.c b/lib/pam_sm_authenticate.c new file mode 100644 index 0000000..7f4bb1c --- /dev/null +++ b/lib/pam_sm_authenticate.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_authenticate.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 68 + * + * Service module implementation for pam_authenticate + */ + +int +pam_sm_authenticate(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_AUTH_ERR + * PAM_CRED_INSUFFICIENT + * PAM_AUTHINFO_UNAVAIL + * PAM_USER_UNKNOWN + * PAM_MAXTRIES + */ + +/** + * The =pam_sm_authenticate function is the service module's + * implementation of the =pam_authenticate API function. + */ diff --git a/lib/pam_sm_authenticate_secondary.c b/lib/pam_sm_authenticate_secondary.c new file mode 100644 index 0000000..bde0366 --- /dev/null +++ b/lib/pam_sm_authenticate_secondary.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_authenticate_secondary.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 70 + * + * Service module implementation for pam_authenticate_secondary + */ + +int +pam_sm_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + unsigned char *target_module_authtok, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_chauthtok.c b/lib/pam_sm_chauthtok.c new file mode 100644 index 0000000..2c41d6d --- /dev/null +++ b/lib/pam_sm_chauthtok.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_chauthtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 72 + * + * Service module implementation for pam_chauthtok + */ + +int +pam_sm_chauthtok(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_PERM_DENIED + * PAM_AUTHTOK_ERR + * PAM_AUTHTOK_RECOVERY_ERR + * PAM_AUTHTOK_LOCK_BUSY + * PAM_AUTHTOK_DISABLE_AGING + * PAM_TRY_AGAIN + */ + +/** + * The =pam_sm_chauthtok function is the service module's implementation + * of the =pam_chauthtok API function. + */ diff --git a/lib/pam_sm_close_session.c b/lib/pam_sm_close_session.c new file mode 100644 index 0000000..25cee92 --- /dev/null +++ b/lib/pam_sm_close_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_close_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 75 + * + * Service module implementation for pam_close_session + */ + +int +pam_sm_close_session(pam_handle_t *pamh, + int flags, + int args, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_close_session function is the service module's + * implementation of the =pam_close_session API function. + */ diff --git a/lib/pam_sm_get_mapped_authtok.c b/lib/pam_sm_get_mapped_authtok.c new file mode 100644 index 0000000..9d85d5f --- /dev/null +++ b/lib/pam_sm_get_mapped_authtok.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_get_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 77 + * + * Service module implementation for pam_get_mapped_authtok + */ + +int +pam_sm_get_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok, + int argc, + char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_get_mapped_username.c b/lib/pam_sm_get_mapped_username.c new file mode 100644 index 0000000..ee4d250 --- /dev/null +++ b/lib/pam_sm_get_mapped_username.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_get_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 79 + * + * Service module implementation for pam_get_mapped_username + */ + +int +pam_sm_get_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_type, + char *target_authn_domain, + char **target_module_username, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_open_session.c b/lib/pam_sm_open_session.c new file mode 100644 index 0000000..bfe0794 --- /dev/null +++ b/lib/pam_sm_open_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_open_session.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 81 + * + * Service module implementation for pam_open_session + */ + +int +pam_sm_open_session(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_open_session function is the service module's + * implementation of the =pam_open_session API function. + */ diff --git a/lib/pam_sm_set_mapped_authtok.c b/lib/pam_sm_set_mapped_authtok.c new file mode 100644 index 0000000..54fd370 --- /dev/null +++ b/lib/pam_sm_set_mapped_authtok.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_set_mapped_authtok.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 83 + * + * Service module implementation for pam_set_mapped_authtok + */ + +int +pam_sm_set_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + char *target_module_type, + char *target_authn_domain, + int argc, + const char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_set_mapped_username.c b/lib/pam_sm_set_mapped_username.c new file mode 100644 index 0000000..0239dbb --- /dev/null +++ b/lib/pam_sm_set_mapped_username.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_set_mapped_username.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 85 + * + * Service module implementation for pam_set_mapped_username + */ + +int +pam_sm_set_mapped_username(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_setcred.c b/lib/pam_sm_setcred.c new file mode 100644 index 0000000..4d472b3 --- /dev/null +++ b/lib/pam_sm_setcred.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_sm_setcred.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 87 + * + * Service module implementation for pam_setcred + */ + +int +pam_sm_setcred(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_CRED_UNAVAIL + * PAM_CRED_EXPIRED + * PAM_USER_UNKNOWN + * PAM_CRED_ERR + */ + +/** + * The =pam_sm_setcred function is the service module's implementation of + * the =pam_setcred API function. + */ diff --git a/lib/pam_start.c b/lib/pam_start.c new file mode 100644 index 0000000..ee6468b --- /dev/null +++ b/lib/pam_start.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_start.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 89 + * + * Initiate a PAM transaction + */ + +int +pam_start(const char *service, + const char *user, + const struct pam_conv *pam_conv, + pam_handle_t **pamh) +{ + struct pam_handle *ph; + int r; + + ENTER(); + if ((ph = calloc(1, sizeof *ph)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) + goto fail; + + r = openpam_configure(ph, service); + if (r != PAM_SUCCESS) + goto fail; + + *pamh = ph; + openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); + RETURNC(PAM_SUCCESS); + + fail: + pam_end(ph, r); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_configure + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_start function creates and initializes a PAM context. + * + * The =service argument specifies the name of the policy to apply, and is + * stored in the =PAM_SERVICE item in the created context. + * + * The =user argument specifies the name of the target user - the user the + * created context will serve to authenticate. + * It is stored in the =PAM_USER item in the created context. + * + * The =pam_conv argument points to a =struct pam_conv describing the + * conversation function to use; see =pam_conv for details. + * + * >pam_get_item + * >pam_set_item + * >pam_end + */ diff --git a/lib/pam_strerror.c b/lib/pam_strerror.c new file mode 100644 index 0000000..24498c4 --- /dev/null +++ b/lib/pam_strerror.c @@ -0,0 +1,164 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_strerror.c 408 2007-12-21 11:36:24Z des $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_err_name[PAM_NUM_ERRORS] = { + "PAM_SUCCESS", + "PAM_OPEN_ERR", + "PAM_SYMBOL_ERR", + "PAM_SERVICE_ERR", + "PAM_SYSTEM_ERR", + "PAM_BUF_ERR", + "PAM_CONV_ERR", + "PAM_PERM_DENIED", + "PAM_MAXTRIES", + "PAM_AUTH_ERR", + "PAM_NEW_AUTHTOK_REQD", + "PAM_CRED_INSUFFICIENT", + "PAM_AUTHINFO_UNAVAIL", + "PAM_USER_UNKNOWN", + "PAM_CRED_UNAVAIL", + "PAM_CRED_EXPIRED", + "PAM_CRED_ERR", + "PAM_ACCT_EXPIRED", + "PAM_AUTHTOK_EXPIRED", + "PAM_SESSION_ERR", + "PAM_AUTHTOK_ERR", + "PAM_AUTHTOK_RECOVERY_ERR", + "PAM_AUTHTOK_LOCK_BUSY", + "PAM_AUTHTOK_DISABLE_AGING", + "PAM_NO_MODULE_DATA", + "PAM_IGNORE", + "PAM_ABORT", + "PAM_TRY_AGAIN", + "PAM_MODULE_UNKNOWN", + "PAM_DOMAIN_UNKNOWN" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 92 + * + * Get PAM standard error message string + */ + +const char * +pam_strerror(const pam_handle_t *pamh, + int error_number) +{ + static char unknown[16]; + + (void)pamh; + + switch (error_number) { + case PAM_SUCCESS: + return ("success"); + case PAM_OPEN_ERR: + return ("failed to load module"); + case PAM_SYMBOL_ERR: + return ("invalid symbol"); + case PAM_SERVICE_ERR: + return ("error in service module"); + case PAM_SYSTEM_ERR: + return ("system error"); + case PAM_BUF_ERR: + return ("memory buffer error"); + case PAM_CONV_ERR: + return ("conversation failure"); + case PAM_PERM_DENIED: + return ("permission denied"); + case PAM_MAXTRIES: + return ("maximum number of tries exceeded"); + case PAM_AUTH_ERR: + return ("authentication error"); + case PAM_NEW_AUTHTOK_REQD: + return ("new authentication token required"); + case PAM_CRED_INSUFFICIENT: + return ("insufficient credentials"); + case PAM_AUTHINFO_UNAVAIL: + return ("authentication information is unavailable"); + case PAM_USER_UNKNOWN: + return ("unknown user"); + case PAM_CRED_UNAVAIL: + return ("failed to retrieve user credentials"); + case PAM_CRED_EXPIRED: + return ("user credentials have expired"); + case PAM_CRED_ERR: + return ("failed to set user credentials"); + case PAM_ACCT_EXPIRED: + return ("user account has expired"); + case PAM_AUTHTOK_EXPIRED: + return ("password has expired"); + case PAM_SESSION_ERR: + return ("session failure"); + case PAM_AUTHTOK_ERR: + return ("authentication token failure"); + case PAM_AUTHTOK_RECOVERY_ERR: + return ("failed to recover old authentication token"); + case PAM_AUTHTOK_LOCK_BUSY: + return ("authentication token lock busy"); + case PAM_AUTHTOK_DISABLE_AGING: + return ("authentication token aging disabled"); + case PAM_NO_MODULE_DATA: + return ("module data not found"); + case PAM_IGNORE: + return ("ignore this module"); + case PAM_ABORT: + return ("general failure"); + case PAM_TRY_AGAIN: + return ("try again"); + case PAM_MODULE_UNKNOWN: + return ("unknown module type"); + case PAM_DOMAIN_UNKNOWN: + return ("unknown authentication domain"); + default: + snprintf(unknown, sizeof unknown, "#%d", error_number); + return (unknown); + } +} + +/** + * The =pam_strerror function returns a pointer to a string containing a + * textual description of the error indicated by the =error_number + * argument, in the context of the PAM transaction described by the =pamh + * argument. + */ diff --git a/lib/pam_verror.c b/lib/pam_verror.c new file mode 100644 index 0000000..0b128d1 --- /dev/null +++ b/lib/pam_verror.c @@ -0,0 +1,80 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_verror.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_verror(const pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_verror function passes its arguments to =pam_vprompt with a + * style argument of =PAM_ERROR_MSG, and discards the response. + * + * >pam_error + * >pam_vinfo + */ diff --git a/lib/pam_vinfo.c b/lib/pam_vinfo.c new file mode 100644 index 0000000..5282714 --- /dev/null +++ b/lib/pam_vinfo.c @@ -0,0 +1,80 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_vinfo.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_vinfo(const pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vinfo function passes its arguments to =pam_vprompt with a + * style argument of =PAM_TEXT_INFO, and discards the response. + * + * >pam_info + * >pam_verror + */ diff --git a/lib/pam_vprompt.c b/lib/pam_vprompt.c new file mode 100644 index 0000000..e1215c3 --- /dev/null +++ b/lib/pam_vprompt.c @@ -0,0 +1,129 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: pam_vprompt.c 408 2007-12-21 11:36:24Z des $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_vprompt(const pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + va_list ap) +{ + char msgbuf[PAM_MAX_MSG_SIZE]; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *rsp; + const struct pam_conv *conv; + const void *convp; + int r; + + ENTER(); + r = pam_get_item(pamh, PAM_CONV, &convp); + if (r != PAM_SUCCESS) + RETURNC(r); + conv = convp; + if (conv == NULL || conv->conv == NULL) { + openpam_log(PAM_LOG_ERROR, "no conversation function"); + RETURNC(PAM_SYSTEM_ERR); + } + vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); + msg.msg_style = style; + msg.msg = msgbuf; + msgp = &msg; + rsp = NULL; + r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); + *resp = rsp == NULL ? NULL : rsp->resp; + FREE(rsp); + RETURNC(r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vprompt function constructs a string from the =fmt and =ap + * arguments using =vsnprintf, and passes it to the given PAM context's + * conversation function. + * + * The =style argument specifies the type of interaction requested, and + * must be one of the following: + * + * =PAM_PROMPT_ECHO_OFF: + * Display the message and obtain the user's response without + * displaying it. + * =PAM_PROMPT_ECHO_ON: + * Display the message and obtain the user's response. + * =PAM_ERROR_MSG: + * Display the message as an error message, and do not wait + * for a response. + * =PAM_TEXT_INFO: + * Display the message as an informational message, and do + * not wait for a response. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * The message and response should not exceed =PAM_MAX_MSG_SIZE or + * =PAM_MAX_RESP_SIZE, respectively. + * If they do, they may be truncated. + * + * >pam_error + * >pam_info + * >pam_prompt + * >pam_verror + * >pam_vinfo + */ -- cgit v1.1