diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 16:26:05 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:26:38 -0800 |
commit | 9c52e721044e7501c3d4567b36d222dc7326224a (patch) | |
tree | 9011790770130c60a712a6f125ad50d60e07cc74 /Linux-PAM/libpam | |
parent | 9727ff2a3fa0e94a42b34a579027bacf4146d571 (diff) | |
parent | 186ff16e8d12ff15d518000c17f115ccab5275a4 (diff) |
New upstream version 1.0.1
Diffstat (limited to 'Linux-PAM/libpam')
44 files changed, 0 insertions, 8000 deletions
diff --git a/Linux-PAM/libpam/Makefile.am b/Linux-PAM/libpam/Makefile.am deleted file mode 100644 index 0daca423..00000000 --- a/Linux-PAM/libpam/Makefile.am +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de> -# - -AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ - -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\" -if HAVE_LIBSELINUX - AM_CFLAGS += -D"WITH_SELINUX" -endif - -CLEANFILES = *~ - -EXTRA_DIST = libpam.map - -include_HEADERS = include/security/_pam_compat.h \ - include/security/_pam_macros.h include/security/_pam_types.h \ - include/security/pam_appl.h include/security/pam_modules.h \ - include/security/pam_ext.h include/security/pam_modutil.h - -noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h pam_static_modules.h - -libpam_la_LDFLAGS = -no-undefined -version-info 81:10:81 -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ - -if STATIC_MODULES - libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ - @LIBDB@ @LIBCRYPT@ @LIBNSL@ @LIBCRACK@ -lutil -endif -if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map -endif - -lib_LTLIBRARIES = libpam.la - -libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ - pam_session.c pam_start.c pam_static.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ - pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c diff --git a/Linux-PAM/libpam/Makefile.in b/Linux-PAM/libpam/Makefile.in deleted file mode 100644 index 60e66c0c..00000000 --- a/Linux-PAM/libpam/Makefile.in +++ /dev/null @@ -1,619 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de> -# - - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@HAVE_LIBSELINUX_TRUE@am__append_1 = -D"WITH_SELINUX" -@STATIC_MODULES_TRUE@am__append_2 = `ls ../modules/pam_*/*.lo` \ -@STATIC_MODULES_TRUE@ @LIBDB@ @LIBCRYPT@ @LIBNSL@ @LIBCRACK@ -lutil - -@HAVE_VERSIONING_TRUE@am__append_3 = -Wl,--version-script=$(srcdir)/libpam.map -subdir = libpam -DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) \ - $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ - $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ - $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ - $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \ - $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) -LTLIBRARIES = $(lib_LTLIBRARIES) -am__DEPENDENCIES_1 = -@STATIC_MODULES_TRUE@am__DEPENDENCIES_2 = `ls ../modules/pam_*/*.lo` -libpam_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) -am_libpam_la_OBJECTS = pam_account.lo pam_auth.lo pam_data.lo \ - pam_delay.lo pam_dispatch.lo pam_end.lo pam_env.lo \ - pam_handlers.lo pam_item.lo pam_misc.lo pam_password.lo \ - pam_prelude.lo pam_session.lo pam_start.lo pam_static.lo \ - pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo \ - pam_audit.lo pam_modutil_cleanup.lo pam_modutil_getpwnam.lo \ - pam_modutil_ioloop.lo pam_modutil_getgrgid.lo \ - pam_modutil_getpwuid.lo pam_modutil_getgrnam.lo \ - pam_modutil_getspnam.lo pam_modutil_getlogin.lo \ - pam_modutil_ingroup.lo -libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) -libpam_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libpam_la_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@ -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libpam_la_SOURCES) -DIST_SOURCES = $(libpam_la_SOURCES) -includeHEADERS_INSTALL = $(INSTALL_HEADER) -HEADERS = $(include_HEADERS) $(noinst_HEADERS) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BROWSER = @BROWSER@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -FO2PDF = @FO2PDF@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ -LIBCRYPT = @LIBCRYPT@ -LIBDB = @LIBDB@ -LIBDL = @LIBDL@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ -LIBOBJS = @LIBOBJS@ -LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ -LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ -LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ -LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ -LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ -LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ -LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ -LIBS = @LIBS@ -LIBSELINUX = @LIBSELINUX@ -LIBTOOL = @LIBTOOL@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ -POSUB = @POSUB@ -RANLIB = @RANLIB@ -SCONFIGDIR = @SCONFIGDIR@ -SECUREDIR = @SECUREDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -USE_NLS = @USE_NLS@ -VERSION = @VERSION@ -WITH_DEBUG = @WITH_DEBUG@ -WITH_PAMLOCKING = @WITH_PAMLOCKING@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -XMLCATALOG = @XMLCATALOG@ -XMLLINT = @XMLLINT@ -XML_CATALOG_FILE = @XML_CATALOG_FILE@ -XSLTPROC = @XSLTPROC@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_xauth_path = @pam_xauth_path@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ - -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \ - -DPAM_VERSION=\"$(VERSION)\" $(am__append_1) -CLEANFILES = *~ -EXTRA_DIST = libpam.map -include_HEADERS = include/security/_pam_compat.h \ - include/security/_pam_macros.h include/security/_pam_types.h \ - include/security/pam_appl.h include/security/pam_modules.h \ - include/security/pam_ext.h include/security/pam_modutil.h - -noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h pam_static_modules.h - -libpam_la_LDFLAGS = -no-undefined -version-info 81:9:81 \ - $(am__append_3) -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ \ - $(am__append_2) -lib_LTLIBRARIES = libpam.la -libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ - pam_session.c pam_start.c pam_static.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ - pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libpam/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu libpam/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ - else :; fi; \ - done - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) - $(libpam_la_LINK) -rpath $(libdir) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_account.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_audit.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_auth.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_data.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_delay.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dispatch.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dynamic.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_end.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_handlers.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_item.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_misc.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_cleanup.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrgid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrnam.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getlogin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwnam.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwuid.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getspnam.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ingroup.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ioloop.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_password.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_prelude.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_session.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_start.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_static.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_strerror.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_syslog.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_vprompt.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) -installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-includeHEADERS - -install-dvi: install-dvi-am - -install-exec-am: install-libLTLIBRARIES - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/Linux-PAM/libpam/include/security/_pam_compat.h b/Linux-PAM/libpam/include/security/_pam_compat.h deleted file mode 100644 index a5f58e42..00000000 --- a/Linux-PAM/libpam/include/security/_pam_compat.h +++ /dev/null @@ -1,126 +0,0 @@ -#ifndef _PAM_COMPAT_H -#define _PAM_COMPAT_H - -/* - * This file was contributed by Derrick J Brashear <shadow@dementia.org> - * slight modification by Brad M. Garcia <bgarcia@fore.com> - * - * A number of operating systems have started to implement PAM. - * unfortunately, they have a different set of numeric values for - * certain constants. This file is included for compatibility's sake. - */ - -/* Solaris uses different constants. We redefine to those here */ -#if defined(solaris) || (defined(__SVR4) && defined(sun)) - -# ifdef _SECURITY_PAM_MODULES_H - -/* flags for pam_chauthtok() */ -# undef PAM_PRELIM_CHECK -# define PAM_PRELIM_CHECK 0x1 - -# undef PAM_UPDATE_AUTHTOK -# define PAM_UPDATE_AUTHTOK 0x2 - -# endif /* _SECURITY_PAM_MODULES_H */ - -# ifdef _SECURITY__PAM_TYPES_H - -/* generic for pam_* functions */ -# undef PAM_SILENT -# define PAM_SILENT 0x80000000 - -# undef PAM_CHANGE_EXPIRED_AUTHTOK -# define PAM_CHANGE_EXPIRED_AUTHTOK 0x4 - -/* flags for pam_setcred() */ -# undef PAM_ESTABLISH_CRED -# define PAM_ESTABLISH_CRED 0x1 - -# undef PAM_DELETE_CRED -# define PAM_DELETE_CRED 0x2 - -# undef PAM_REINITIALIZE_CRED -# define PAM_REINITIALIZE_CRED 0x4 - -# undef PAM_REFRESH_CRED -# define PAM_REFRESH_CRED 0x8 - -/* another binary incompatibility comes from the return codes! */ - -# undef PAM_CONV_ERR -# define PAM_CONV_ERR 6 - -# undef PAM_PERM_DENIED -# define PAM_PERM_DENIED 7 - -# undef PAM_MAXTRIES -# define PAM_MAXTRIES 8 - -# undef PAM_AUTH_ERR -# define PAM_AUTH_ERR 9 - -# undef PAM_NEW_AUTHTOK_REQD -# define PAM_NEW_AUTHTOK_REQD 10 - -# undef PAM_CRED_INSUFFICIENT -# define PAM_CRED_INSUFFICIENT 11 - -# undef PAM_AUTHINFO_UNAVAIL -# define PAM_AUTHINFO_UNAVAIL 12 - -# undef PAM_USER_UNKNOWN -# define PAM_USER_UNKNOWN 13 - -# undef PAM_CRED_UNAVAIL -# define PAM_CRED_UNAVAIL 14 - -# undef PAM_CRED_EXPIRED -# define PAM_CRED_EXPIRED 15 - -# undef PAM_CRED_ERR -# define PAM_CRED_ERR 16 - -# undef PAM_ACCT_EXPIRED -# define PAM_ACCT_EXPIRED 17 - -# undef PAM_AUTHTOK_EXPIRED -# define PAM_AUTHTOK_EXPIRED 18 - -# undef PAM_SESSION_ERR -# define PAM_SESSION_ERR 19 - -# undef PAM_AUTHTOK_ERR -# define PAM_AUTHTOK_ERR 20 - -# undef PAM_AUTHTOK_RECOVERY_ERR -# define PAM_AUTHTOK_RECOVERY_ERR 21 - -# undef PAM_AUTHTOK_LOCK_BUSY -# define PAM_AUTHTOK_LOCK_BUSY 22 - -# undef PAM_AUTHTOK_DISABLE_AGING -# define PAM_AUTHTOK_DISABLE_AGING 23 - -# undef PAM_NO_MODULE_DATA -# define PAM_NO_MODULE_DATA 24 - -# undef PAM_IGNORE -# define PAM_IGNORE 25 - -# undef PAM_ABORT -# define PAM_ABORT 26 - -# undef PAM_TRY_AGAIN -# define PAM_TRY_AGAIN 27 - -#endif /* _SECURITY__PAM_TYPES_H */ - -#else - -/* For compatibility with old Linux-PAM implementations. */ -#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR - -#endif /* defined(solaris) || (defined(__SVR4) && defined(sun)) */ - -#endif /* _PAM_COMPAT_H */ diff --git a/Linux-PAM/libpam/include/security/_pam_macros.h b/Linux-PAM/libpam/include/security/_pam_macros.h deleted file mode 100644 index bd107cfb..00000000 --- a/Linux-PAM/libpam/include/security/_pam_macros.h +++ /dev/null @@ -1,196 +0,0 @@ -#ifndef PAM_MACROS_H -#define PAM_MACROS_H - -/* - * All kind of macros used by PAM, but usable in some other - * programs too. - * Organized by Cristian Gafton <gafton@redhat.com> - */ - -/* a 'safe' version of strdup */ - -#include <stdlib.h> -#include <string.h> - -#define x_strdup(s) ( (s) ? strdup(s):NULL ) - -/* Good policy to strike out passwords with some characters not just - free the memory */ - -#define _pam_overwrite(x) \ -do { \ - register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ -} while (0) - -#define _pam_overwrite_n(x,n) \ -do { \ - register char *__xx__; \ - register unsigned int __i__ = 0; \ - if ((__xx__=(x))) \ - for (;__i__<n; __i__++) \ - __xx__[__i__] = 0; \ -} while (0) - -/* - * Don't just free it, forget it too. - */ - -#define _pam_drop(X) \ -do { \ - if (X) { \ - free(X); \ - X=NULL; \ - } \ -} while (0) - -#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - int reply_i; \ - \ - for (reply_i=0; reply_i<replies; ++reply_i) { \ - if (reply[reply_i].resp) { \ - _pam_overwrite(reply[reply_i].resp); \ - free(reply[reply_i].resp); \ - } \ - } \ - if (reply) \ - free(reply); \ -} while (0) - -/* some debugging code */ - -#ifdef DEBUG - -/* - * This provides the necessary function to do debugging in PAM. - * Cristian Gafton <gafton@redhat.com> - */ - -#include <stdio.h> -#include <sys/types.h> -#include <stdarg.h> -#include <errno.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - -/* - * This is for debugging purposes ONLY. DO NOT use on live systems !!! - * You have been warned :-) - CG - * - * to get automated debugging to the log file, it must be created manually. - * _PAM_LOGFILE must exist and be writable to the programs you debug. - */ - -#ifndef _PAM_LOGFILE -#define _PAM_LOGFILE "/var/run/pam-debug.log" -#endif - -static void _pam_output_debug_info(const char *file, const char *fn - , const int line) -{ - FILE *logfile; - int must_close = 1, fd; - -#ifdef O_NOFOLLOW - if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { -#else - if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { -#endif - if (!(logfile = fdopen(fd,"a"))) { - logfile = stderr; - must_close = 0; - close(fd); - } - } else { - logfile = stderr; - must_close = 0; - } - fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); - fflush(logfile); - if (must_close) - fclose(logfile); -} - -static void _pam_output_debug(const char *format, ...) -{ - va_list args; - FILE *logfile; - int must_close = 1, fd; - - va_start(args, format); - -#ifdef O_NOFOLLOW - if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { -#else - if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { -#endif - if (!(logfile = fdopen(fd,"a"))) { - logfile = stderr; - must_close = 0; - close(fd); - } - } else { - logfile = stderr; - must_close = 0; - } - vfprintf(logfile, format, args); - fprintf(logfile, "\n"); - fflush(logfile); - if (must_close) - fclose(logfile); - - va_end(args); -} - -#define D(x) do { \ - _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ - _pam_output_debug x ; \ -} while (0) - -#define _pam_show_mem(X,XS) do { \ - int i; \ - register unsigned char *x; \ - x = (unsigned char *)X; \ - fprintf(stderr, " <start at %p>\n", X); \ - for (i = 0; i < XS ; ++x, ++i) { \ - fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ - } \ - fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ -} while (0) - -#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ -do { \ - int reply_i; \ - setbuf(stderr, NULL); \ - fprintf(stderr, "array at %p of size %d\n",reply,replies); \ - fflush(stderr); \ - if (reply) { \ - for (reply_i = 0; reply_i < replies; reply_i++) { \ - fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ - reply_i, reply+reply_i, reply[reply_i].resp, \ - reply[reply_i].resp, _retcode); \ - fflush(stderr); \ - if (reply[reply_i].resp) { \ - fprintf(stderr, " resp[%d] = '%s'\n", \ - strlen(reply[reply_i].resp), reply[reply_i].resp); \ - fflush(stderr); \ - } \ - } \ - } \ - fprintf(stderr, "done here\n"); \ - fflush(stderr); \ -} while (0) - -#else - -#define D(x) do { } while (0) -#define _pam_show_mem(X,XS) do { } while (0) -#define _pam_show_reply(reply, replies) do { } while (0) - -#endif /* DEBUG */ - -#endif /* PAM_MACROS_H */ diff --git a/Linux-PAM/libpam/include/security/_pam_types.h b/Linux-PAM/libpam/include/security/_pam_types.h deleted file mode 100644 index 2f7e807f..00000000 --- a/Linux-PAM/libpam/include/security/_pam_types.h +++ /dev/null @@ -1,332 +0,0 @@ -/* - * <security/_pam_types.h> - * - * This file defines all of the types common to the Linux-PAM library - * applications and modules. - * - * Note, the copyright+license information is at end of file. - */ - -#ifndef _SECURITY__PAM_TYPES_H -#define _SECURITY__PAM_TYPES_H - -/* This is a blind structure; users aren't allowed to see inside a - * pam_handle_t, so we don't define struct pam_handle here. This is - * defined in a file private to the PAM library. (i.e., it's private - * to PAM service modules, too!) */ - -typedef struct pam_handle pam_handle_t; - -/* ---------------- The Linux-PAM Version defines ----------------- */ - -/* Major and minor version number of the Linux-PAM package. Use - these macros to test for features in specific releases. */ -#define __LINUX_PAM__ 1 -#define __LINUX_PAM_MINOR__ 0 - -/* ----------------- The Linux-PAM return values ------------------ */ - -#define PAM_SUCCESS 0 /* Successful function return */ -#define PAM_OPEN_ERR 1 /* dlopen() failure when dynamically */ - /* loading a service module */ -#define PAM_SYMBOL_ERR 2 /* Symbol not found */ -#define PAM_SERVICE_ERR 3 /* Error in service module */ -#define PAM_SYSTEM_ERR 4 /* System error */ -#define PAM_BUF_ERR 5 /* Memory buffer error */ -#define PAM_PERM_DENIED 6 /* Permission denied */ -#define PAM_AUTH_ERR 7 /* Authentication failure */ -#define PAM_CRED_INSUFFICIENT 8 /* Can not access authentication data */ - /* due to insufficient credentials */ -#define PAM_AUTHINFO_UNAVAIL 9 /* Underlying authentication service */ - /* can not retrieve authentication */ - /* information */ -#define PAM_USER_UNKNOWN 10 /* User not known to the underlying */ - /* authenticaiton module */ -#define PAM_MAXTRIES 11 /* An authentication service has */ - /* maintained a retry count which has */ - /* been reached. No further retries */ - /* should be attempted */ -#define PAM_NEW_AUTHTOK_REQD 12 /* New authentication token required. */ - /* This is normally returned if the */ - /* machine security policies require */ - /* that the password should be changed */ - /* beccause the password is NULL or it */ - /* has aged */ -#define PAM_ACCT_EXPIRED 13 /* User account has expired */ -#define PAM_SESSION_ERR 14 /* Can not make/remove an entry for */ - /* the specified session */ -#define PAM_CRED_UNAVAIL 15 /* Underlying authentication service */ - /* can not retrieve user credentials */ - /* unavailable */ -#define PAM_CRED_EXPIRED 16 /* User credentials expired */ -#define PAM_CRED_ERR 17 /* Failure setting user credentials */ -#define PAM_NO_MODULE_DATA 18 /* No module specific data is present */ -#define PAM_CONV_ERR 19 /* Conversation error */ -#define PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */ -#define PAM_AUTHTOK_RECOVERY_ERR 21 /* Authentication information */ - /* cannot be recovered */ -#define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token lock busy */ -#define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */ -#define PAM_TRY_AGAIN 24 /* Preliminary check by password service */ -#define PAM_IGNORE 25 /* Ignore underlying account module */ - /* regardless of whether the control */ - /* flag is required, optional, or sufficient */ -#define PAM_ABORT 26 /* Critical error (?module fail now request) */ -#define PAM_AUTHTOK_EXPIRED 27 /* user's authentication token has expired */ -#define PAM_MODULE_UNKNOWN 28 /* module is not known */ - -#define PAM_BAD_ITEM 29 /* Bad item passed to pam_*_item() */ -#define PAM_CONV_AGAIN 30 /* conversation function is event driven - and data is not available yet */ -#define PAM_INCOMPLETE 31 /* please call this function again to - complete authentication stack. Before - calling again, verify that conversation - is completed */ - -/* - * Add new #define's here - take care to also extend the libpam code: - * pam_strerror() and "libpam/pam_tokens.h" . - */ - -#define _PAM_RETURN_VALUES 32 /* this is the number of return values */ - - -/* ---------------------- The Linux-PAM flags -------------------- */ - -/* Authentication service should not generate any messages */ -#define PAM_SILENT 0x8000U - -/* Note: these flags are used by pam_authenticate{,_secondary}() */ - -/* The authentication service should return PAM_AUTH_ERROR if the - * user has a null authentication token */ -#define PAM_DISALLOW_NULL_AUTHTOK 0x0001U - -/* Note: these flags are used for pam_setcred() */ - -/* Set user credentials for an authentication service */ -#define PAM_ESTABLISH_CRED 0x0002U - -/* Delete user credentials associated with an authentication service */ -#define PAM_DELETE_CRED 0x0004U - -/* Reinitialize user credentials */ -#define PAM_REINITIALIZE_CRED 0x0008U - -/* Extend lifetime of user credentials */ -#define PAM_REFRESH_CRED 0x0010U - -/* Note: these flags are used by pam_chauthtok */ - -/* The password service should only update those passwords that have - * aged. If this flag is not passed, the password service should - * update all passwords. */ -#define PAM_CHANGE_EXPIRED_AUTHTOK 0x0020U - -/* ------------------ The Linux-PAM item types ------------------- */ - -/* These defines are used by pam_set_item() and pam_get_item(). - Please check the spec which are allowed for use by applications - and which are only allowed for use by modules. */ - -#define PAM_SERVICE 1 /* The service name */ -#define PAM_USER 2 /* The user name */ -#define PAM_TTY 3 /* The tty name */ -#define PAM_RHOST 4 /* The remote host name */ -#define PAM_CONV 5 /* The pam_conv structure */ -#define PAM_AUTHTOK 6 /* The authentication token (password) */ -#define PAM_OLDAUTHTOK 7 /* The old authentication token */ -#define PAM_RUSER 8 /* The remote user name */ -#define PAM_USER_PROMPT 9 /* the prompt for getting a username */ -/* Linux-PAM extensions */ -#define PAM_FAIL_DELAY 10 /* app supplied function to override failure - delays */ -#define PAM_XDISPLAY 11 /* X display name */ -#define PAM_XAUTHDATA 12 /* X server authentication data */ - -/* -------------- Special defines used by Linux-PAM -------------- */ - -#if defined(__GNUC__) && defined(__GNUC_MINOR__) -# define PAM_GNUC_PREREQ(maj, min) \ - ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) -#else -# define PAM_GNUC_PREREQ(maj, min) 0 -#endif - -#if PAM_GNUC_PREREQ(2,5) -# define PAM_FORMAT(params) __attribute__((__format__ params)) -#else -# define PAM_FORMAT(params) -#endif - -#if PAM_GNUC_PREREQ(3,3) && !defined(LIBPAM_COMPILE) -# define PAM_NONNULL(params) __attribute__((__nonnull__ params)) -#else -# define PAM_NONNULL(params) -#endif - -/* ---------- Common Linux-PAM application/module PI ----------- */ - -extern int PAM_NONNULL((1)) -pam_set_item(pam_handle_t *pamh, int item_type, const void *item); - -extern int PAM_NONNULL((1)) -pam_get_item(const pam_handle_t *pamh, int item_type, const void **item); - -extern const char * -pam_strerror(pam_handle_t *pamh, int errnum); - -extern int PAM_NONNULL((1,2)) -pam_putenv(pam_handle_t *pamh, const char *name_value); - -extern const char * PAM_NONNULL((1,2)) -pam_getenv(pam_handle_t *pamh, const char *name); - -extern char ** PAM_NONNULL((1)) -pam_getenvlist(pam_handle_t *pamh); - -/* ---------- Common Linux-PAM application/module PI ----------- */ - -/* - * here are some proposed error status definitions for the - * 'error_status' argument used by the cleanup function associated - * with data items they should be logically OR'd with the error_status - * of the latest return from libpam -- new with .52 and positive - * impression from Sun although not official as of 1996/9/4 - * [generally the other flags are to be found in pam_modules.h] - */ - -#define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */ - -/* - * here we define an externally (by apps or modules) callable function - * that primes the libpam library to delay when a stacked set of - * modules results in a failure. In the case of PAM_SUCCESS this delay - * is ignored. - * - * Note, the pam_[gs]et_item(... PAM_FAIL_DELAY ...) can be used to set - * a function pointer which can override the default fail-delay behavior. - * This item was added to accommodate event driven programs that need to - * manage delays more carefully. The function prototype for this data - * item is - * void (*fail_delay)(int status, unsigned int delay, void *appdata_ptr); - */ - -#define HAVE_PAM_FAIL_DELAY -extern int pam_fail_delay(pam_handle_t *pamh, unsigned int musec_delay); - -/* ------------ The Linux-PAM conversation structures ------------ */ - -/* Message styles */ - -#define PAM_PROMPT_ECHO_OFF 1 -#define PAM_PROMPT_ECHO_ON 2 -#define PAM_ERROR_MSG 3 -#define PAM_TEXT_INFO 4 - -/* Linux-PAM specific types */ - -#define PAM_RADIO_TYPE 5 /* yes/no/maybe conditionals */ - -/* This is for server client non-human interaction.. these are NOT - part of the X/Open PAM specification. */ - -#define PAM_BINARY_PROMPT 7 - -/* maximum size of messages/responses etc.. (these are mostly - arbitrary so Linux-PAM should handle longer values). */ - -#define PAM_MAX_NUM_MSG 32 -#define PAM_MAX_MSG_SIZE 512 -#define PAM_MAX_RESP_SIZE 512 - -/* Used to pass prompting text, error messages, or other informatory - * text to the user. This structure is allocated and freed by the PAM - * library (or loaded module). */ - -struct pam_message { - int msg_style; - const char *msg; -}; - -/* if the pam_message.msg_style = PAM_BINARY_PROMPT - the 'pam_message.msg' is a pointer to a 'const *' for the following - pseudo-structure. When used with a PAM_BINARY_PROMPT, the returned - pam_response.resp pointer points to an object with the following - structure: - - struct { - u32 length; # network byte order - unsigned char type; - unsigned char data[length-5]; - }; - - The 'libpamc' library is designed around this flavor of - message and should be used to handle this flavor of msg_style. - */ - -/* Used to return the user's response to the PAM library. This - structure is allocated by the application program, and free()'d by - the Linux-PAM library (or calling module). */ - -struct pam_response { - char *resp; - int resp_retcode; /* currently un-used, zero expected */ -}; - -/* The actual conversation structure itself */ - -struct pam_conv { - int (*conv)(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr); - void *appdata_ptr; -}; - -/* Used by the PAM_XAUTHDATA pam item. Contains X authentication - data used by modules to connect to the user's X display. Note: - this structure is intentionally compatible with xcb_auth_info_t. */ - -struct pam_xauth_data { - int namelen; - char *name; - int datalen; - char *data; -}; - -/* ... adapted from the pam_appl.h file created by Theodore Ts'o and - * - * Copyright Theodore Ts'o, 1996. All rights reserved. - * Copyright (c) Andrew G. Morgan <morgan@linux.kernel.org>, 1996-8 - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#endif /* _SECURITY__PAM_TYPES_H */ diff --git a/Linux-PAM/libpam/include/security/pam_appl.h b/Linux-PAM/libpam/include/security/pam_appl.h deleted file mode 100644 index d4172c69..00000000 --- a/Linux-PAM/libpam/include/security/pam_appl.h +++ /dev/null @@ -1,99 +0,0 @@ -/* - * <security/pam_appl.h> - * - * This header file collects definitions for the PAM API --- that is, - * public interface between the PAM library and an application program - * that wishes to use it. - * - * Note, the copyright information is at end of file. - */ - -#ifndef _SECURITY_PAM_APPL_H -#define _SECURITY_PAM_APPL_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include <security/_pam_types.h> /* Linux-PAM common defined types */ - -/* -------------- The Linux-PAM Framework layer API ------------- */ - -extern int PAM_NONNULL((1,3,4)) -pam_start(const char *service_name, const char *user, - const struct pam_conv *pam_conversation, - pam_handle_t **pamh); - -extern int PAM_NONNULL((1)) -pam_end(pam_handle_t *pamh, int pam_status); - -/* Authentication API's */ - -extern int PAM_NONNULL((1)) -pam_authenticate(pam_handle_t *pamh, int flags); - -extern int PAM_NONNULL((1)) -pam_setcred(pam_handle_t *pamh, int flags); - -/* Account Management API's */ - -extern int PAM_NONNULL((1)) -pam_acct_mgmt(pam_handle_t *pamh, int flags); - -/* Session Management API's */ - -extern int PAM_NONNULL((1)) -pam_open_session(pam_handle_t *pamh, int flags); - -extern int PAM_NONNULL((1)) -pam_close_session(pam_handle_t *pamh, int flags); - -/* Password Management API's */ - -extern int PAM_NONNULL((1)) -pam_chauthtok(pam_handle_t *pamh, int flags); - - -/* take care of any compatibility issues */ -#include <security/_pam_compat.h> - -#ifdef __cplusplus -} -#endif - -/* - * Copyright Theodore Ts'o, 1996. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#endif /* _SECURITY_PAM_APPL_H */ diff --git a/Linux-PAM/libpam/include/security/pam_ext.h b/Linux-PAM/libpam/include/security/pam_ext.h deleted file mode 100644 index 111dd633..00000000 --- a/Linux-PAM/libpam/include/security/pam_ext.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (C) 2005, 2006 Thorsten Kukuk. - * - * <security/pam_ext.h> - * - * This header file collects definitions for the extended PAM API. - * This is a public interface of the PAM library for PAM modules, - * which makes the life of PAM developers easier, but are not documented - * in any standard and are not portable between different PAM - * implementations. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _SECURITY__PAM_EXT_H_ -#define _SECURITY__PAM_EXT_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include <security/_pam_types.h> -#include <stdarg.h> - -extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((3)) -pam_vsyslog (const pam_handle_t *pamh, int priority, - const char *fmt, va_list args); - -extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) -pam_syslog (const pam_handle_t *pamh, int priority, const char *fmt, ...); - -extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((1,4)) -pam_vprompt (pam_handle_t *pamh, int style, char **response, - const char *fmt, va_list args); - -extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((1,4)) -pam_prompt (pam_handle_t *pamh, int style, char **response, - const char *fmt, ...); - -#define pam_error(pamh, fmt...) \ - pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt) -#define pam_verror(pamh, fmt, args) \ - pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args) - -#define pam_info(pamh, fmt...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt) -#define pam_vinfo(pamh, fmt, args) pam_vprompt(pamh, PAM_TEXT_INFO, NULL, fmt, args) - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/Linux-PAM/libpam/include/security/pam_modules.h b/Linux-PAM/libpam/include/security/pam_modules.h deleted file mode 100644 index 5c516c4e..00000000 --- a/Linux-PAM/libpam/include/security/pam_modules.h +++ /dev/null @@ -1,175 +0,0 @@ -/* - * <security/pam_modules.h> - * - * This header file collects definitions for the PAM API --- that is, - * public interface between the PAM library and PAM modules. - * - * Note, the copyright information is at end of file. - */ - -#ifndef _SECURITY_PAM_MODULES_H -#define _SECURITY_PAM_MODULES_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include <security/_pam_types.h> /* Linux-PAM common defined types */ - -/* -------------- The Linux-PAM Module PI ------------- */ - -extern int PAM_NONNULL((1,2)) -pam_set_data(pam_handle_t *pamh, const char *module_data_name, void *data, - void (*cleanup)(pam_handle_t *pamh, void *data, - int error_status)); - -extern int PAM_NONNULL((1,2,3)) -pam_get_data(const pam_handle_t *pamh, const char *module_data_name, - const void **data); - -extern int PAM_NONNULL((1,2)) -pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); - -#ifdef PAM_STATIC - -#define PAM_EXTERN static - -struct pam_module { - const char *name; /* Name of the module */ - - /* These are function pointers to the module's key functions. */ - - int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, - int argc, const char **argv); -}; - -#else /* !PAM_STATIC */ - -#define PAM_EXTERN extern - -#endif /* PAM_STATIC */ - -/* Lots of files include pam_modules.h that don't need these - * declared. However, when they are declared static, they - * need to be defined later. So we have to protect C files - * that include these without wanting these functions defined.. */ - -#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) - -/* Authentication API's */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv); -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) - -/* Account Management API's */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) - -/* Session Management API's */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) - -/* Password Management API's */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) - || !defined(PAM_STATIC)*/ - -/* The following two flags are for use across the Linux-PAM/module - * interface only. The Application is not permitted to use these - * tokens. - * - * The password service should only perform preliminary checks. No - * passwords should be updated. */ -#define PAM_PRELIM_CHECK 0x4000 - -/* The password service should update passwords Note: PAM_PRELIM_CHECK - * and PAM_UPDATE_AUTHTOK cannot both be set simultaneously! */ -#define PAM_UPDATE_AUTHTOK 0x2000 - - -/* - * here are some proposed error status definitions for the - * 'error_status' argument used by the cleanup function associated - * with data items they should be logically OR'd with the error_status - * of the latest return from libpam -- new with .52 and positive - * impression from Sun although not official as of 1996/9/4 there are - * others in _pam_types.h -- they are for common module/app use. - */ - -#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ - - -/* take care of any compatibility issues */ -#include <security/_pam_compat.h> - -#ifdef __cplusplus -} -#endif - -/* Copyright (C) Theodore Ts'o, 1996. - * Copyright (C) Andrew Morgan, 1996-8. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU General Public License, in which case the provisions of the - * GNU GPL are required INSTEAD OF the above restrictions. (This - * clause is necessary due to a potential bad interaction between the - * GNU GPL and the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#endif /* _SECURITY_PAM_MODULES_H */ diff --git a/Linux-PAM/libpam/include/security/pam_modutil.h b/Linux-PAM/libpam/include/security/pam_modutil.h deleted file mode 100644 index ffdf5ad0..00000000 --- a/Linux-PAM/libpam/include/security/pam_modutil.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org> - * - * <security/pam_modutil.h> - * - * This file is a list of handy libc wrappers that attempt to provide some - * thread-safe and other convenient functionality to modules in a common form. - * - * A number of these functions reserve space in a pam_[sg]et_data item. - * In all cases, the name of the item is prefixed with "pam_modutil_*". - * - * On systems that simply can't support thread safe programming, these - * functions don't support it either - sorry. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _SECURITY__PAM_MODUTIL_H -#define _SECURITY__PAM_MODUTIL_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include <security/_pam_types.h> - -extern struct passwd * PAM_NONNULL((1,2)) -pam_modutil_getpwnam(pam_handle_t *pamh, const char *user); - -extern struct passwd * PAM_NONNULL((1)) -pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid); - -extern struct group * PAM_NONNULL((1,2)) -pam_modutil_getgrnam(pam_handle_t *pamh, const char *group); - -extern struct group * PAM_NONNULL((1)) -pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid); - -extern struct spwd * PAM_NONNULL((1,2)) -pam_modutil_getspnam(pam_handle_t *pamh, const char *user); - -extern int PAM_NONNULL((1,2,3)) -pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, - const char *user, - const char *group); - -extern int PAM_NONNULL((1,2)) -pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, - const char *user, - gid_t group); - -extern int PAM_NONNULL((1,3)) -pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, - uid_t user, - const char *group); - -extern int PAM_NONNULL((1)) -pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, - uid_t user, - gid_t group); - -extern const char * PAM_NONNULL((1)) -pam_modutil_getlogin(pam_handle_t *pamh); - -extern int -pam_modutil_read(int fd, char *buffer, int count); - -extern int -pam_modutil_write(int fd, const char *buffer, int count); - -extern int PAM_NONNULL((1,3)) -pam_modutil_audit_write(pam_handle_t *pamh, int type, - const char *message, int retval); -#ifdef __cplusplus -} -#endif - -#endif /* _SECURITY__PAM_MODUTIL_H */ diff --git a/Linux-PAM/libpam/libpam.map b/Linux-PAM/libpam/libpam.map deleted file mode 100644 index e37fc356..00000000 --- a/Linux-PAM/libpam/libpam.map +++ /dev/null @@ -1,52 +0,0 @@ -LIBPAM_1.0 { - global: - pam_acct_mgmt; - pam_authenticate; - pam_chauthtok; - pam_close_session; - pam_end; - pam_open_session; - pam_setcred; - pam_start; - pam_getenv; - pam_putenv; - pam_getenvlist; - pam_set_item; - pam_get_item; - pam_strerror; - pam_fail_delay; - pam_set_data; - pam_get_data; - pam_get_user; - - local: - *; -}; -LIBPAM_EXTENSION_1.0 { - global: - pam_prompt; - pam_vprompt; - pam_syslog; - pam_vsyslog; -}; - -LIBPAM_MODUTIL_1.0 { - global: - pam_modutil_getpwnam; - pam_modutil_getpwuid; - pam_modutil_getgrnam; - pam_modutil_getgrgid; - pam_modutil_getspnam; - pam_modutil_user_in_group_nam_nam; - pam_modutil_user_in_group_nam_gid; - pam_modutil_user_in_group_uid_nam; - pam_modutil_user_in_group_uid_gid; - pam_modutil_getlogin; - pam_modutil_read; - pam_modutil_write; -}; - -LIBPAM_MODUTIL_1.1 { - global: - pam_modutil_audit_write; -} LIBPAM_MODUTIL_1.0; diff --git a/Linux-PAM/libpam/pam_account.c b/Linux-PAM/libpam/pam_account.c deleted file mode 100644 index 572acc47..00000000 --- a/Linux-PAM/libpam/pam_account.c +++ /dev/null @@ -1,27 +0,0 @@ -/* pam_account.c - PAM Account Management */ - -#include "pam_private.h" - -#include <stdio.h> - -int pam_acct_mgmt(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("called")); - - IF_NO_PAMH("pam_acct_mgmt", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - - retval = _pam_dispatch(pamh, flags, PAM_ACCOUNT); - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_ACCOUNT, retval, flags); -#endif - - return retval; -} diff --git a/Linux-PAM/libpam/pam_audit.c b/Linux-PAM/libpam/pam_audit.c deleted file mode 100644 index 6fd6a0c1..00000000 --- a/Linux-PAM/libpam/pam_audit.c +++ /dev/null @@ -1,185 +0,0 @@ -/* pam_audit.c -- Instrumentation code for Linux Auditing System */ - -/* (C) 2005-2006 Red Hat, Inc. -- Licensing details are in the COPYING - file accompanying the Linux-PAM source distribution. - - Authors: - Steve Grubb <sgrubb@redhat.com> */ - -#include <stdio.h> -#include <syslog.h> -#include "pam_private.h" -#include "pam_modutil_private.h" - -#ifdef HAVE_LIBAUDIT -#include <libaudit.h> -#include <pwd.h> -#include <netdb.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <arpa/inet.h> -#include <errno.h> - -#define PAMAUDIT_LOGGED 1 - -static int -_pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, - const char *message, int retval) -{ - static int old_errno = -1; - int rc; - char buf[32]; - - snprintf(buf, sizeof(buf), "PAM:%s", message); - - rc = audit_log_acct_message (audit_fd, type, NULL, buf, - (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", - -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); - - /* libaudit sets errno to his own negative error code. This can be - an official errno number, but must not. It can also be a audit - internal error code. Which makes errno useless :-((. Try the - best to fix it. */ - errno = -rc; - - if (rc < 0 && errno != old_errno) - { - old_errno = errno; - pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m"); - } - - pamh->audit_state |= PAMAUDIT_LOGGED; - - if (rc == -EPERM && getuid () != 0) - return 0; - else - return rc; -} - -static int -_pam_audit_open(pam_handle_t *pamh) -{ - int audit_fd; - audit_fd = audit_open(); - if (audit_fd < 0) { - /* You get these error codes only when the kernel doesn't have - * audit compiled in. */ - if (errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT) - return -2; - - /* this should only fail in case of extreme resource shortage, - * need to prevent login in that case for CAPP compliance. - */ - pam_syslog(pamh, LOG_CRIT, "audit_open() failed: %m"); - return -1; - } - - return audit_fd; -} - -int -_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) -{ - const char *message; - int type; - int audit_fd; - - if ((audit_fd=_pam_audit_open(pamh)) == -1) { - return PAM_SYSTEM_ERR; - } else if (audit_fd == -2) { - return retval; - } - - switch (action) { - case PAM_AUTHENTICATE: - message = "authentication"; - type = AUDIT_USER_AUTH; - break; - case PAM_OPEN_SESSION: - message = "session_open"; - type = AUDIT_USER_START; - break; - case PAM_CLOSE_SESSION: - message = "session_close"; - type = AUDIT_USER_END; - break; - case PAM_ACCOUNT: - message = "accounting"; - type = AUDIT_USER_ACCT; - break; - case PAM_CHAUTHTOK: - message = "chauthtok"; - type = AUDIT_USER_CHAUTHTOK; - break; - case PAM_SETCRED: - message = "setcred"; - if (flags & PAM_ESTABLISH_CRED) - type = AUDIT_CRED_ACQ; - else if ((flags & PAM_REINITIALIZE_CRED) || (flags & PAM_REFRESH_CRED)) - type = AUDIT_CRED_REFR; - else if (flags & PAM_DELETE_CRED) - type = AUDIT_CRED_DISP; - else - type = AUDIT_USER_ERR; - break; - case _PAM_ACTION_DONE: - message = "bad_ident"; - type = AUDIT_USER_ERR; - break; - default: - message = "UNKNOWN"; - type = AUDIT_USER_ERR; - pam_syslog(pamh, LOG_CRIT, "_pam_auditlog() should never get here"); - retval = PAM_SYSTEM_ERR; - } - - if (_pam_audit_writelog(pamh, audit_fd, type, message, retval) < 0) - retval = PAM_SYSTEM_ERR; - - audit_close(audit_fd); - return retval; -} - -int -_pam_audit_end(pam_handle_t *pamh, int status UNUSED) -{ - if (! (pamh->audit_state & PAMAUDIT_LOGGED)) { - /* PAM library is being shut down without any of the auditted - * stacks having been run. Assume that this is sshd faking - * things for an unknown user. - */ - _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0); - } - - return 0; -} - -int -pam_modutil_audit_write(pam_handle_t *pamh, int type, - const char *message, int retval) -{ - int audit_fd; - int rc; - - if ((audit_fd=_pam_audit_open(pamh)) == -1) { - return PAM_SYSTEM_ERR; - } else if (audit_fd == -2) { - return retval; - } - - rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); - - audit_close(audit_fd); - - return rc < 0 ? PAM_SYSTEM_ERR : PAM_SUCCESS; -} - -#else -int pam_modutil_audit_write(pam_handle_t *pamh UNUSED, int type UNUSED, - const char *message UNUSED, int retval UNUSED) -{ - return PAM_SUCCESS; -} -#endif /* HAVE_LIBAUDIT */ diff --git a/Linux-PAM/libpam/pam_auth.c b/Linux-PAM/libpam/pam_auth.c deleted file mode 100644 index 5c272cfe..00000000 --- a/Linux-PAM/libpam/pam_auth.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * pam_auth.c -- PAM authentication - * - * $Id: pam_auth.c,v 1.7 2006/07/24 15:47:40 kukuk Exp $ - * - */ - -#include "pam_private.h" -#include "pam_prelude.h" - -#include <stdio.h> -#include <stdlib.h> - -int pam_authenticate(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("pam_authenticate called")); - - IF_NO_PAMH("pam_authenticate", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - - if (pamh->former.choice == PAM_NOT_STACKED) { - _pam_sanitize(pamh); - _pam_start_timer(pamh); /* we try to make the time for a failure - independent of the time it takes to - fail */ - } - - retval = _pam_dispatch(pamh, flags, PAM_AUTHENTICATE); - - if (retval != PAM_INCOMPLETE) { - _pam_sanitize(pamh); - _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ - D(("pam_authenticate exit")); - } else { - D(("will resume when ready")); - } - -#ifdef PRELUDE - prelude_send_alert(pamh, retval); -#endif - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_AUTHENTICATE, retval, flags); -#endif - - return retval; -} - -int pam_setcred(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("pam_setcred called")); - - IF_NO_PAMH("pam_setcred", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - - if (! flags) { - flags = PAM_ESTABLISH_CRED; - } - - retval = _pam_dispatch(pamh, flags, PAM_SETCRED); - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_SETCRED, retval, flags); -#endif - - D(("pam_setcred exit")); - - return retval; -} diff --git a/Linux-PAM/libpam/pam_data.c b/Linux-PAM/libpam/pam_data.c deleted file mode 100644 index 30570afb..00000000 --- a/Linux-PAM/libpam/pam_data.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -#include "pam_private.h" - -#include <stdlib.h> -#include <string.h> - -static struct pam_data *_pam_locate_data(const pam_handle_t *pamh, - const char *name) -{ - struct pam_data *data; - - D(("called")); - - IF_NO_PAMH("_pam_locate_data", pamh, NULL); - - data = pamh->data; - - while (data) { - if (!strcmp(data->name, name)) { - return data; - } - data = data->next; - } - - return NULL; -} - -int pam_set_data( - pam_handle_t *pamh, - const char *module_data_name, - void *data, - void (*cleanup)(pam_handle_t *pamh, void *data, int error_status)) -{ - struct pam_data *data_entry; - - D(("called")); - - IF_NO_PAMH("pam_set_data", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_APP(pamh)) { - D(("called from application!?")); - return PAM_SYSTEM_ERR; - } - - /* module_data_name should not be NULL */ - if (module_data_name == NULL) { - D(("called with NULL as module_data_name")); - return PAM_SYSTEM_ERR; - } - - /* first check if there is some data already. If so clean it up */ - - if ((data_entry = _pam_locate_data(pamh, module_data_name))) { - if (data_entry->cleanup) { - data_entry->cleanup(pamh, data_entry->data, - PAM_DATA_REPLACE | PAM_SUCCESS ); - } - } else if ((data_entry = malloc(sizeof(*data_entry)))) { - char *tname; - - if ((tname = _pam_strdup(module_data_name)) == NULL) { - pam_syslog(pamh, LOG_CRIT, - "pam_set_data: no memory for data name"); - _pam_drop(data_entry); - return PAM_BUF_ERR; - } - data_entry->next = pamh->data; - pamh->data = data_entry; - data_entry->name = tname; - } else { - pam_syslog(pamh, LOG_CRIT, - "pam_set_data: cannot allocate data entry"); - return PAM_BUF_ERR; - } - - data_entry->data = data; /* note this could be NULL */ - data_entry->cleanup = cleanup; - - return PAM_SUCCESS; -} - -int pam_get_data( - const pam_handle_t *pamh, - const char *module_data_name, - const void **datap) -{ - struct pam_data *data; - - D(("called")); - - IF_NO_PAMH("pam_get_data", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_APP(pamh)) { - D(("called from application!?")); - return PAM_SYSTEM_ERR; - } - - /* module_data_name should not be NULL */ - if (module_data_name == NULL) { - D(("called with NULL as module_data_name")); - return PAM_SYSTEM_ERR; - } - - data = _pam_locate_data(pamh, module_data_name); - if (data) { - *datap = data->data; - return PAM_SUCCESS; - } - - return PAM_NO_MODULE_DATA; -} - -void _pam_free_data(pam_handle_t *pamh, int status) -{ - struct pam_data *last; - struct pam_data *data; - - D(("called")); - - IF_NO_PAMH("_pam_free_data", pamh, /* no return value for void fn */); - data = pamh->data; - - while (data) { - last = data; - data = data->next; - if (last->cleanup) { - last->cleanup(pamh, last->data, status); - } - _pam_drop(last->name); - _pam_drop(last); - } -} diff --git a/Linux-PAM/libpam/pam_delay.c b/Linux-PAM/libpam/pam_delay.c deleted file mode 100644 index 01304629..00000000 --- a/Linux-PAM/libpam/pam_delay.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * pam_delay.c - * - * Copyright (c) Andrew G. Morgan <morgan@kernel.org> 1996-9 - * All rights reserved. - * - * $Id: pam_delay.c,v 1.6 2003/07/13 20:01:44 vorlon Exp $ - * - */ - -/* - * This is a simple implementation of a delay on failure mechanism; an - * attempt to overcome authentication-time attacks in a simple manner. - */ - -#include "pam_private.h" -#include <unistd.h> -#include <time.h> - -/* ********************************************************************** - * initialize the time as unset, this is set on the return from the - * authenticating pair of of the libpam pam_XXX calls. - */ - -void _pam_reset_timer(pam_handle_t *pamh) -{ - D(("setting pamh->fail_delay.set to FALSE")); - pamh->fail_delay.set = PAM_FALSE; -} - -/* ********************************************************************** - * this function sets the start time for possible delayed failing. - * - * Eventually, it may set the timer so libpam knows how long the program - * has already been executing. Currently, this value is used to seed - * a pseudo-random number generator... - */ - -void _pam_start_timer(pam_handle_t *pamh) -{ - pamh->fail_delay.begin = time(NULL); - D(("starting timer...")); -} - -/* ******************************************************************* - * Compute a pseudo random time. The value is base*(1 +/- 1/5) where - * the distribution is pseudo gausian (the sum of three evenly - * distributed random numbers -- central limit theorem and all ;^) The - * linear random numbers are based on a formulae given in Knuth's - * Seminumerical recipies that was reproduced in `Numerical Recipies - * in C'. It is *not* a cryptographically strong generator, but it is - * probably "good enough" for our purposes here. - * - * /dev/random might be a better place to look for some numbers... - */ - -static unsigned int _pam_rand(unsigned int seed) -{ -#define N1 1664525 -#define N2 1013904223 - return N1*seed + N2; -} - -static unsigned int _pam_compute_delay(unsigned int seed, unsigned int base) -{ - int i; - double sum; - unsigned int ans; - - for (sum=i=0; i<3; ++i) { - seed = _pam_rand(seed); - sum += (double) ((seed / 10) % 1000000); - } - sum = (sum/3.)/1e6 - .5; /* rescale */ - ans = (unsigned int) ( base*(1.+sum) ); - D(("random number: base=%u -> ans=%u\n", base, ans)); - - return ans; -} - -/* ********************************************************************** - * the following function sleeps for a random time. The actual time - * slept is computed above.. It is based on the requested time but will - * differ by up to +/- 25%. - */ - -void _pam_await_timer(pam_handle_t *pamh, int status) -{ - unsigned int delay; - D(("waiting?...")); - - delay = _pam_compute_delay(pamh->fail_delay.begin, - pamh->fail_delay.delay); - if (pamh->fail_delay.delay_fn_ptr) { - union { - const void *value; - void (*fn)(int, unsigned, void *); - } hack_fn_u; - void *appdata_ptr; - - if (pamh->pam_conversation) { - appdata_ptr = pamh->pam_conversation->appdata_ptr; - } else { - appdata_ptr = NULL; - } - - /* always call the applications delay function, even if - the delay is zero - indicate status */ - hack_fn_u.value = pamh->fail_delay.delay_fn_ptr; - hack_fn_u.fn(status, delay, appdata_ptr); - - } else if (status != PAM_SUCCESS && pamh->fail_delay.set) { - - D(("will wait %u usec", delay)); - - if (delay > 0) { - struct timeval tval; - - tval.tv_sec = delay / 1000000; - tval.tv_usec = delay % 1000000; - select(0, NULL, NULL, NULL, &tval); - } - } - - _pam_reset_timer(pamh); - D(("waiting done")); -} - -/* ********************************************************************** - * this function is known to both the module and the application, it - * keeps a running score of the largest-requested delay so far, as - * specified by either modules or an application. - */ - -int pam_fail_delay(pam_handle_t *pamh, unsigned int usec) -{ - unsigned int largest; - - IF_NO_PAMH("pam_fail_delay", pamh, PAM_SYSTEM_ERR); - - D(("setting delay to %u",usec)); - - if (pamh->fail_delay.set) { - largest = pamh->fail_delay.delay; - } else { - pamh->fail_delay.set = PAM_TRUE; - largest = 0; - } - - D(("largest = %u",largest)); - - if (largest < usec) { - D(("resetting largest delay")); - pamh->fail_delay.delay = usec; - } - - return PAM_SUCCESS; -} - diff --git a/Linux-PAM/libpam/pam_dispatch.c b/Linux-PAM/libpam/pam_dispatch.c deleted file mode 100644 index fa4e5ed4..00000000 --- a/Linux-PAM/libpam/pam_dispatch.c +++ /dev/null @@ -1,421 +0,0 @@ -/* pam_dispatch.c - handles module function dispatch */ - -/* - * Copyright (c) 1998, 2005 Andrew G. Morgan <morgan@kernel.org> - * - */ - -#include "pam_private.h" - -#include <stdlib.h> -#include <stdio.h> - -/* - * this is the return code we return when a function pointer is NULL - * or, the handler structure indicates a broken module config line - */ -#define PAM_MUST_FAIL_CODE PAM_PERM_DENIED - -/* impression codes - this gives some sense to the logical choices */ -#define _PAM_UNDEF 0 -#define _PAM_POSITIVE +1 -#define _PAM_NEGATIVE -1 - -/* frozen chain required codes */ -#define _PAM_PLEASE_FREEZE 0 -#define _PAM_MAY_BE_FROZEN 1 -#define _PAM_MUST_BE_FROZEN 2 - -/* - * walk a stack of modules. Interpret the administrator's instructions - * when combining the return code of each module. - */ - -static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, - _pam_boolean resumed, int use_cached_chain) -{ - int depth, impression, status, skip_depth, prev_level, stack_level; - struct _pam_substack_state *substates = NULL; - - IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR); - - if (h == NULL) { - const void *service=NULL; - - (void) pam_get_item(pamh, PAM_SERVICE, &service); - pam_syslog(pamh, LOG_ERR, "no modules loaded for `%s' service", - service ? (const char *)service:"<unknown>" ); - service = NULL; - return PAM_MUST_FAIL_CODE; - } - - /* if we are recalling this module stack because a former call did - not complete, we restore the state of play from pamh. */ - if (resumed) { - skip_depth = pamh->former.depth; - status = pamh->former.status; - impression = pamh->former.impression; - substates = pamh->former.substates; - /* forget all that */ - pamh->former.impression = _PAM_UNDEF; - pamh->former.status = PAM_MUST_FAIL_CODE; - pamh->former.depth = 0; - pamh->former.substates = NULL; - } else { - skip_depth = 0; - substates = malloc(PAM_SUBSTACK_MAX_LEVEL * sizeof(*substates)); - if (substates == NULL) { - pam_syslog(pamh, LOG_CRIT, - "_pam_dispatch_aux: no memory for substack states"); - return PAM_BUF_ERR; - } - substates[0].impression = impression = _PAM_UNDEF; - substates[0].status = status = PAM_MUST_FAIL_CODE; - } - - prev_level = 0; - - /* Loop through module logic stack */ - for (depth=0 ; h != NULL ; prev_level = stack_level, h = h->next, ++depth) { - int retval, cached_retval, action; - - stack_level = h->stack_level; - - /* skip leading modules if they have already returned */ - if (depth < skip_depth) { - continue; - } - - /* remember state if we are entering a substack */ - if (prev_level < stack_level) { - substates[stack_level].impression = impression; - substates[stack_level].status = status; - } - - /* attempt to call the module */ - if (h->handler_type == PAM_HT_MUST_FAIL) { - D(("module poorly listed in PAM config; forcing failure")); - retval = PAM_MUST_FAIL_CODE; - } else if (h->handler_type == PAM_HT_SUBSTACK) { - D(("skipping substack handler")); - continue; - } else if (h->func == NULL) { - D(("module function is not defined, indicating failure")); - retval = PAM_MODULE_UNKNOWN; - } else { - D(("passing control to module...")); - pamh->mod_name=h->mod_name; - retval = h->func(pamh, flags, h->argc, h->argv); - pamh->mod_name=NULL; - D(("module returned: %s", pam_strerror(pamh, retval))); - } - - /* - * PAM_INCOMPLETE return is special. It indicates that the - * module wants to wait for the application before continuing. - * In order to return this, the module will have saved its - * state so it can resume from an equivalent position when it - * is called next time. (This was added as of 0.65) - */ - if (retval == PAM_INCOMPLETE) { - pamh->former.impression = impression; - pamh->former.status = status; - pamh->former.depth = depth; - pamh->former.substates = substates; - - D(("module %d returned PAM_INCOMPLETE", depth)); - return retval; - } - - /* - * use_cached_chain is how we ensure that the setcred/close_session - * and chauthtok(2) modules are called in the same order as they did - * when they were invoked as auth/open_session/chauthtok(1). This - * feature was added in 0.75 to make the behavior of pam_setcred - * sane. It was debugged by release 0.76. - */ - if (use_cached_chain != _PAM_PLEASE_FREEZE) { - - /* a former stack execution should have frozen the chain */ - - cached_retval = *(h->cached_retval_p); - if (cached_retval == _PAM_INVALID_RETVAL) { - - /* This may be a problem condition. It implies that - the application is running setcred, close_session, - chauthtok(2nd) without having first run - authenticate, open_session, chauthtok(1st) - [respectively]. */ - - D(("use_cached_chain is set to [%d]," - " but cached_retval == _PAM_INVALID_RETVAL", - use_cached_chain)); - - /* In the case of close_session and setcred there is a - backward compatibility reason for allowing this, in - the chauthtok case we have encountered a bug in - libpam! */ - - if (use_cached_chain == _PAM_MAY_BE_FROZEN) { - /* (not ideal) force non-frozen stack control. */ - cached_retval = retval; - } else { - D(("BUG in libpam -" - " chain is required to be frozen but isn't")); - - /* cached_retval is already _PAM_INVALID_RETVAL */ - } - } - } else { - /* this stack execution is defining the frozen chain */ - cached_retval = h->cached_retval = retval; - } - - /* verify that the return value is a valid one */ - if ((cached_retval < PAM_SUCCESS) - || (cached_retval >= _PAM_RETURN_VALUES)) { - - retval = PAM_MUST_FAIL_CODE; - action = _PAM_ACTION_BAD; - } else { - /* We treat the current retval with some respect. It may - (for example, in the case of setcred) have a value that - needs to be propagated to the user. We want to use the - cached_retval to determine the modules to be executed - in the stacked chain, but we want to treat each - non-ignored module in the cached chain as now being - 'required'. We only need to treat the, - _PAM_ACTION_IGNORE, _PAM_ACTION_IS_JUMP and - _PAM_ACTION_RESET actions specially. */ - - action = h->actions[cached_retval]; - } - - D(("use_cached_chain=%d action=%d cached_retval=%d retval=%d", - use_cached_chain, action, cached_retval, retval)); - - /* decide what to do */ - switch (action) { - case _PAM_ACTION_RESET: - - impression = substates[stack_level].impression; - status = substates[stack_level].status; - break; - - case _PAM_ACTION_OK: - case _PAM_ACTION_DONE: - - if ( impression == _PAM_UNDEF - || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - /* in case of using cached chain - we could get here with PAM_IGNORE - don't return it */ - if ( retval != PAM_IGNORE || cached_retval == retval ) { - impression = _PAM_POSITIVE; - status = retval; - } - } - if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { - goto decision_made; - } - break; - - case _PAM_ACTION_BAD: - case _PAM_ACTION_DIE: -#ifdef PAM_FAIL_NOW_ON - if ( cached_retval == PAM_ABORT ) { - impression = _PAM_NEGATIVE; - status = PAM_PERM_DENIED; - goto decision_made; - } -#endif /* PAM_FAIL_NOW_ON */ - if ( impression != _PAM_NEGATIVE ) { - impression = _PAM_NEGATIVE; - /* Don't return with PAM_IGNORE as status */ - if ( retval == PAM_IGNORE ) - status = PAM_MUST_FAIL_CODE; - else - status = retval; - } - if ( action == _PAM_ACTION_DIE ) { - goto decision_made; - } - break; - - case _PAM_ACTION_IGNORE: - break; - - /* if we get here, we expect action is a positive number -- - this is what the ...JUMP macro checks. */ - - default: - if ( _PAM_ACTION_IS_JUMP(action) ) { - - /* If we are evaluating a cached chain, we treat this - module as required (aka _PAM_ACTION_OK) as well as - executing the jump. */ - - if (use_cached_chain) { - if (impression == _PAM_UNDEF - || (impression == _PAM_POSITIVE - && status == PAM_SUCCESS) ) { - if ( retval != PAM_IGNORE || cached_retval == retval ) { - impression = _PAM_POSITIVE; - status = retval; - } - } - } - - /* this means that we need to skip #action stacked modules */ - while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { - do { - h = h->next; - ++depth; - } while (h->next != NULL && h->next->stack_level > stack_level); - --action; - } - - /* note if we try to skip too many modules action is - still non-zero and we snag the next if. */ - } - - /* this case is a syntax error: we can't succeed */ - if (action) { - pam_syslog(pamh, LOG_ERR, "bad jump in stack"); - impression = _PAM_NEGATIVE; - status = PAM_MUST_FAIL_CODE; - } - } - continue; - -decision_made: /* by getting here we have made a decision */ - while (h->next != NULL && h->next->stack_level >= stack_level) { - h = h->next; - ++depth; - } - } - - /* Sanity check */ - if ( status == PAM_SUCCESS && impression != _PAM_POSITIVE ) { - D(("caught on sanity check -- this is probably a config error!")); - status = PAM_MUST_FAIL_CODE; - } - - free(substates); - /* We have made a decision about the modules executed */ - return status; -} - -/* - * This function translates the module dispatch request into a pointer - * to the stack of modules that will actually be run. the - * _pam_dispatch_aux() function (above) is responsible for walking the - * module stack. - */ - -int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) -{ - struct handler *h = NULL; - int retval, use_cached_chain; - _pam_boolean resumed; - - IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from a module!?")); - return PAM_SYSTEM_ERR; - } - - /* Load all modules, resolve all symbols */ - - if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); - return retval; - } - - use_cached_chain = _PAM_PLEASE_FREEZE; - - switch (choice) { - case PAM_AUTHENTICATE: - h = pamh->handlers.conf.authenticate; - break; - case PAM_SETCRED: - h = pamh->handlers.conf.setcred; - use_cached_chain = _PAM_MAY_BE_FROZEN; - break; - case PAM_ACCOUNT: - h = pamh->handlers.conf.acct_mgmt; - break; - case PAM_OPEN_SESSION: - h = pamh->handlers.conf.open_session; - break; - case PAM_CLOSE_SESSION: - h = pamh->handlers.conf.close_session; - use_cached_chain = _PAM_MAY_BE_FROZEN; - break; - case PAM_CHAUTHTOK: - h = pamh->handlers.conf.chauthtok; - if (flags & PAM_UPDATE_AUTHTOK) { - use_cached_chain = _PAM_MUST_BE_FROZEN; - } - break; - default: - pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); - return PAM_ABORT; - } - - if (h == NULL) { /* there was no handlers.conf... entry; will use - * handlers.other... */ - switch (choice) { - case PAM_AUTHENTICATE: - h = pamh->handlers.other.authenticate; - break; - case PAM_SETCRED: - h = pamh->handlers.other.setcred; - break; - case PAM_ACCOUNT: - h = pamh->handlers.other.acct_mgmt; - break; - case PAM_OPEN_SESSION: - h = pamh->handlers.other.open_session; - break; - case PAM_CLOSE_SESSION: - h = pamh->handlers.other.close_session; - break; - case PAM_CHAUTHTOK: - h = pamh->handlers.other.chauthtok; - break; - } - } - - /* Did a module return an "incomplete state" last time? */ - if (pamh->former.choice != PAM_NOT_STACKED) { - if (pamh->former.choice != choice) { - pam_syslog(pamh, LOG_ERR, - "application failed to re-exec stack [%d:%d]", - pamh->former.choice, choice); - return PAM_ABORT; - } - resumed = PAM_TRUE; - } else { - resumed = PAM_FALSE; - } - - __PAM_TO_MODULE(pamh); - - /* call the list of module functions */ - pamh->choice = choice; - retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain); - resumed = PAM_FALSE; - - __PAM_TO_APP(pamh); - - /* Should we recall where to resume next time? */ - if (retval == PAM_INCOMPLETE) { - D(("module [%d] returned PAM_INCOMPLETE")); - pamh->former.choice = choice; - } else { - pamh->former.choice = PAM_NOT_STACKED; - } - - return retval; -} diff --git a/Linux-PAM/libpam/pam_dynamic.c b/Linux-PAM/libpam/pam_dynamic.c deleted file mode 100644 index 5be33c36..00000000 --- a/Linux-PAM/libpam/pam_dynamic.c +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pam_private.h" - -#ifndef PAM_STATIC - -#ifdef PAM_SHL -# include <dl.h> -#elif defined(PAM_DYLD) -# include <mach-o/dyld.h> -#else /* PAM_SHL */ -# include <dlfcn.h> -#endif /* PAM_SHL */ - -#ifndef SHLIB_SYM_PREFIX -#define SHLIB_SYM_PREFIX "_" -#endif - -void *_pam_dlopen(const char *mod_path) -{ -#ifdef PAM_SHL - return shl_load(mod_path, BIND_IMMEDIATE, 0L); -#elif defined(PAM_DYLD) - NSObjectFileImage ofile; - void *ret = NULL; - - if (NSCreateObjectFileImageFromFile(mod_path, &ofile) != - NSObjectFileImageSuccess ) - return NULL; - - ret = NSLinkModule(ofile, mod_path, NSLINKMODULE_OPTION_PRIVATE | NSLINKMODULE_OPTION_BINDNOW); - NSDestroyObjectFileImage(ofile); - - return ret; -#else - return dlopen(mod_path, RTLD_NOW); -#endif -} - -servicefn _pam_dlsym(void *handle, const char *symbol) -{ -#ifdef PAM_SHL - char *_symbol = NULL; - servicefn ret; - - if( symbol == NULL ) - return NULL; - - if( shl_findsym(&handle, symbol, (short) TYPE_PROCEDURE, &ret ){ - _symbol = malloc( strlen(symbol) + sizeof(SHLIB_SYM_PREFIX) + 1 ); - if( _symbol == NULL ) - return NULL; - strcpy(_symbol, SHLIB_SYM_PREFIX); - strcat(_symbol, symbol); - if( shl_findsym(&handle, _symbol, - (short) TYPE_PROCEDURE, &ret ){ - free(_symbol); - return NULL; - } - free(_symbol); - } - - return ret; - -#elif defined(PAM_DYLD) - NSSymbol nsSymbol; - char *_symbol; - - if( symbol == NULL ) - return NULL; - _symbol = malloc( strlen(symbol) + 2 ); - if( _symbol == NULL ) - return NULL; - strcpy(_symbol, SHLIB_SYM_PREFIX); - strcat(_symbol, symbol); - - nsSymbol = NSLookupSymbolInModule(handle, _symbol); - if( nsSymbol == NULL ) - return NULL; - free(_symbol); - - return (servicefn)NSAddressOfSymbol(nsSymbol); -#else - return (servicefn) dlsym(handle, symbol); -#endif -} - -void _pam_dlclose(void *handle) -{ -#ifdef PAM_SHL - shl_unload(handle); -#elif defined(PAM_DYLD) - NSUnLinkModule((NSModule)handle, NSUNLINKMODULE_OPTION_NONE); -#else - dlclose(handle); -#endif - - return; -} - -const char * -_pam_dlerror (void) -{ -#if defined(PAM_SHL) || defined(PAM_DYLD) - return "unknown"; -#else - return dlerror (); -#endif -} - -#endif diff --git a/Linux-PAM/libpam/pam_end.c b/Linux-PAM/libpam/pam_end.c deleted file mode 100644 index a2d94085..00000000 --- a/Linux-PAM/libpam/pam_end.c +++ /dev/null @@ -1,92 +0,0 @@ -/* pam_end.c */ - -/* - * $Id: pam_end.c,v 1.7 2008/01/28 14:50:21 kukuk Exp $ - */ - -#include "pam_private.h" - -#include <stdlib.h> - -int pam_end(pam_handle_t *pamh, int pam_status) -{ - int ret; - - D(("entering pam_end()")); - - IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - -#ifdef HAVE_LIBAUDIT - _pam_audit_end(pamh, pam_status); -#endif - - /* first liberate the modules (it is not inconcevible that the - modules may need to use the service_name etc. to clean up) */ - - _pam_free_data(pamh, pam_status); - - /* now drop all modules */ - - if ((ret = _pam_free_handlers(pamh)) != PAM_SUCCESS) { - return ret; /* error occurred */ - } - - /* from this point we cannot call the modules any more. Free the remaining - memory used by the Linux-PAM interface */ - - _pam_drop_env(pamh); /* purge the environment */ - - _pam_overwrite(pamh->authtok); /* blank out old token */ - _pam_drop(pamh->authtok); - - _pam_overwrite(pamh->oldauthtok); /* blank out old token */ - _pam_drop(pamh->oldauthtok); - - _pam_overwrite(pamh->former.prompt); - _pam_drop(pamh->former.prompt); /* drop saved prompt */ - - _pam_overwrite(pamh->service_name); - _pam_drop(pamh->service_name); - - _pam_overwrite(pamh->user); - _pam_drop(pamh->user); - - _pam_overwrite(pamh->prompt); - _pam_drop(pamh->prompt); /* prompt for pam_get_user() */ - - _pam_overwrite(pamh->tty); - _pam_drop(pamh->tty); - - _pam_overwrite(pamh->rhost); - _pam_drop(pamh->rhost); - - _pam_overwrite(pamh->ruser); - _pam_drop(pamh->ruser); - - _pam_drop(pamh->pam_conversation); - pamh->fail_delay.delay_fn_ptr = NULL; - - _pam_drop(pamh->former.substates); - - _pam_overwrite(pamh->xdisplay); - _pam_drop(pamh->xdisplay); - - _pam_overwrite(pamh->xauth.name); - _pam_drop(pamh->xauth.name); - _pam_overwrite_n(pamh->xauth.data, (unsigned int)pamh->xauth.datalen); - _pam_drop(pamh->xauth.data); - _pam_overwrite_n((char *)&pamh->xauth, sizeof(pamh->xauth)); - - /* and finally liberate the memory for the pam_handle structure */ - - _pam_drop(pamh); - - D(("exiting pam_end() successfully")); - - return PAM_SUCCESS; -} diff --git a/Linux-PAM/libpam/pam_env.c b/Linux-PAM/libpam/pam_env.c deleted file mode 100644 index 0f022f9f..00000000 --- a/Linux-PAM/libpam/pam_env.c +++ /dev/null @@ -1,392 +0,0 @@ -/* - * pam_env.c - * - * Copyright (c) Andrew G. Morgan <morgan@parc.power.net> 1996,1997 - * All rights reserved. - * - * This file was written from a "hint" provided by the people at SUN. - * and the X/Open XSSO draft of March 1997. - * - * $Id: pam_env.c,v 1.6 2005/09/04 20:32:25 kukuk Exp $ - */ - -#include "pam_private.h" - -#include <string.h> -#include <stdlib.h> - -#ifdef sunos -#define memmove(x,y,z) bcopy(y,x,z) -#endif - -/* helper functions */ - -#ifdef DEBUG -static void _pam_dump_env(pam_handle_t *pamh) -{ - int i; - - D(("Listing environment of pamh=%p", pamh)); - D(("pamh->env = %p", pamh->env)); - D(("environment entries used = %d [of %d allocated]" - , pamh->env->requested, pamh->env->entries)); - - for (i=0; i<pamh->env->requested; ++i) { - _pam_output_debug(">%-3d [%9p]:[%s]" - , i, pamh->env->list[i], pamh->env->list[i]); - } - _pam_output_debug("*NOTE* the last item should be (nil)"); -} -#else -#define _pam_dump_env(x) -#endif - -/* - * Create the environment - */ - -int _pam_make_env(pam_handle_t *pamh) -{ - D(("called.")); - - IF_NO_PAMH("_pam_make_env", pamh, PAM_ABORT); - - /* - * get structure memory - */ - - pamh->env = (struct pam_environ *) malloc(sizeof(struct pam_environ)); - if (pamh->env == NULL) { - pam_syslog(pamh, LOG_CRIT, "_pam_make_env: out of memory"); - return PAM_BUF_ERR; - } - - /* - * get list memory - */ - - pamh->env->list = (char **)calloc( PAM_ENV_CHUNK, sizeof(char *) ); - if (pamh->env->list == NULL) { - pam_syslog(pamh, LOG_CRIT, "_pam_make_env: no memory for list"); - _pam_drop(pamh->env); - return PAM_BUF_ERR; - } - - /* - * fill entries in pamh->env - */ - - pamh->env->entries = PAM_ENV_CHUNK; - pamh->env->requested = 1; - pamh->env->list[0] = NULL; - - _pam_dump_env(pamh); /* only active when debugging */ - - return PAM_SUCCESS; -} - -/* - * purge the environment - */ - -void _pam_drop_env(pam_handle_t *pamh) -{ - D(("called.")); - IF_NO_PAMH("_pam_make_env", pamh, /* nothing to return */); - - if (pamh->env != NULL) { - int i; - /* we will only purge the pamh->env->requested number of elements */ - - for (i=pamh->env->requested-1; i-- > 0; ) { - D(("dropping #%3d>%s<", i, pamh->env->list[i])); - _pam_overwrite(pamh->env->list[i]); /* clean */ - _pam_drop(pamh->env->list[i]); /* forget */ - } - pamh->env->requested = 0; - pamh->env->entries = 0; - _pam_drop(pamh->env->list); /* forget */ - _pam_drop(pamh->env); /* forget */ - } else { - D(("no environment present in pamh?")); - } -} - -/* - * Return the item number of the given variable = first 'length' chars - * of 'name_value'. Since this is a static function, it is safe to - * assume its supplied arguments are well defined. - */ - -static int _pam_search_env(const struct pam_environ *env - , const char *name_value, int length) -{ - int i; - - for (i=env->requested-1; i-- > 0; ) { - if (strncmp(name_value,env->list[i],length) == 0 - && env->list[i][length] == '=') { - - return i; /* Got it! */ - - } - } - - return -1; /* no luck */ -} - -/* - * externally visible functions - */ - -/* - * pam_putenv(): Add/replace/delete a PAM-environment variable. - * - * Add/replace: - * name_value = "NAME=VALUE" or "NAME=" (for empty value="\0") - * - * delete: - * name_value = "NAME" - */ - -int pam_putenv(pam_handle_t *pamh, const char *name_value) -{ - int l2eq, item, retval; - - D(("called.")); - IF_NO_PAMH("pam_putenv", pamh, PAM_ABORT); - - if (name_value == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_putenv: no variable indicated"); - return PAM_PERM_DENIED; - } - - /* - * establish if we are setting or deleting; scan for '=' - */ - - for (l2eq=0; name_value[l2eq] && name_value[l2eq] != '='; ++l2eq); - if (l2eq <= 0) { - pam_syslog(pamh, LOG_ERR, "pam_putenv: bad variable"); - return PAM_BAD_ITEM; - } - - /* - * Look first for environment. - */ - - if (pamh->env == NULL || pamh->env->list == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_putenv: no env%s found", - pamh->env == NULL ? "":"-list"); - return PAM_ABORT; - } - - /* find the item to replace */ - - item = _pam_search_env(pamh->env, name_value, l2eq); - - if (name_value[l2eq]) { /* (re)setting */ - - if (item == -1) { /* new variable */ - D(("adding item: %s", name_value)); - /* enough space? */ - if (pamh->env->entries <= pamh->env->requested) { - register int i; - register char **tmp; - - /* get some new space */ - tmp = calloc( pamh->env->entries + PAM_ENV_CHUNK - , sizeof(char *) ); - if (tmp == NULL) { - /* nothing has changed - old env intact */ - pam_syslog(pamh, LOG_CRIT, - "pam_putenv: cannot grow environment"); - return PAM_BUF_ERR; - } - - /* copy old env-item pointers/forget old */ - for (i=0; i<pamh->env->requested; ++i) { - tmp[i] = pamh->env->list[i]; - pamh->env->list[i] = NULL; - } - - /* drop old list and replace with new */ - _pam_drop(pamh->env->list); - pamh->env->list = tmp; - pamh->env->entries += PAM_ENV_CHUNK; - - D(("resized env list")); - _pam_dump_env(pamh); /* only when debugging */ - } - - item = pamh->env->requested-1; /* old last item (NULL) */ - - /* add a new NULL entry at end; increase counter */ - pamh->env->list[pamh->env->requested++] = NULL; - - } else { /* replace old */ - D(("replacing item: %s\n with: %s" - , pamh->env->list[item], name_value)); - _pam_overwrite(pamh->env->list[item]); - _pam_drop(pamh->env->list[item]); - } - - /* - * now we have a place to put the new env-item, insert at 'item' - */ - - pamh->env->list[item] = _pam_strdup(name_value); - if (pamh->env->list[item] != NULL) { - _pam_dump_env(pamh); /* only when debugging */ - return PAM_SUCCESS; - } - - /* something went wrong; we should delete the item - fall through */ - - retval = PAM_BUF_ERR; /* an error occurred */ - } else { - retval = PAM_SUCCESS; /* we requested delete */ - } - - /* getting to here implies we are deleting an item */ - - if (item < 0) { - pam_syslog(pamh, LOG_ERR, - "pam_putenv: delete non-existent entry; %s", name_value); - return PAM_BAD_ITEM; - } - - /* - * remove item: purge memory; reset counter; resize [; display-env] - */ - - D(("deleting: env#%3d:[%s]", item, pamh->env->list[item])); - _pam_overwrite(pamh->env->list[item]); - _pam_drop(pamh->env->list[item]); - --(pamh->env->requested); - D(("mmove: item[%d]+%d -> item[%d]" - , item+1, ( pamh->env->requested - item ), item)); - (void) memmove(&pamh->env->list[item], &pamh->env->list[item+1] - , ( pamh->env->requested - item )*sizeof(char *) ); - - _pam_dump_env(pamh); /* only when debugging */ - - /* - * deleted. - */ - - return retval; -} - -/* - * Return the value of the requested environment variable - */ - -const char *pam_getenv(pam_handle_t *pamh, const char *name) -{ - int item; - - D(("called.")); - IF_NO_PAMH("pam_getenv", pamh, NULL); - - if (name == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_getenv: no variable indicated"); - return NULL; - } - - if (pamh->env == NULL || pamh->env->list == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_getenv: no env%s found", - pamh->env == NULL ? "":"-list" ); - return NULL; - } - - /* find the requested item */ - - item = _pam_search_env(pamh->env, name, strlen(name)); - if (item != -1) { - - D(("env-item: %s, found!", name)); - return (pamh->env->list[item] + 1 + strlen(name)); - - } else { - - D(("env-item: %s, not found", name)); - return NULL; - - } -} - -static char **_copy_env(pam_handle_t *pamh) -{ - char **dump; - int i = pamh->env->requested; /* reckon size of environment */ - char *const *env = pamh->env->list; - - D(("now get some memory for dump")); - - /* allocate some memory for this (plus the null tail-pointer) */ - dump = (char **) calloc(i, sizeof(char *)); - D(("dump = %p", dump)); - if (dump == NULL) { - return NULL; - } - - /* now run through entries and copy the variables over */ - dump[--i] = NULL; - while (i-- > 0) { - D(("env[%d]=`%s'", i,env[i])); - dump[i] = _pam_strdup(env[i]); - D(("->dump[%d]=`%s'", i,dump[i])); - if (dump[i] == NULL) { - /* out of memory */ - - while (dump[++i]) { - _pam_overwrite(dump[i]); - _pam_drop(dump[i]); - } - _pam_drop(dump); - return NULL; - } - } - - env = NULL; /* forget now */ - - /* return transcribed environment */ - return dump; -} - -char **pam_getenvlist(pam_handle_t *pamh) -{ - int i; - - D(("called.")); - IF_NO_PAMH("pam_getenvlist", pamh, NULL); - - if (pamh->env == NULL || pamh->env->list == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_getenvlist: no env%s found", - pamh->env == NULL ? "":"-list" ); - return NULL; - } - - /* some quick checks */ - - if (pamh->env->requested > pamh->env->entries) { - pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment corruption"); - _pam_dump_env(pamh); /* only active when debugging */ - return NULL; - } - - for (i=pamh->env->requested-1; i-- > 0; ) { - if (pamh->env->list[i] == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment broken"); - _pam_dump_env(pamh); /* only active when debugging */ - return NULL; /* somehow we've broken the environment!? */ - } - } - - /* Seems fine; copy environment */ - - _pam_dump_env(pamh); /* only active when debugging */ - - return _copy_env(pamh); -} diff --git a/Linux-PAM/libpam/pam_handlers.c b/Linux-PAM/libpam/pam_handlers.c deleted file mode 100644 index 11508145..00000000 --- a/Linux-PAM/libpam/pam_handlers.c +++ /dev/null @@ -1,1018 +0,0 @@ -/* pam_handlers.c -- pam config file parsing and module loading */ - -/* - * created by Marc Ewing. - * Currently maintained by Andrew G. Morgan <morgan@kernel.org> - * - */ - -#include "pam_private.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - -#define BUF_SIZE 1024 -#define MODULE_CHUNK 4 -#define UNKNOWN_MODULE "<*unknown module*>" -#ifndef _PAM_ISA -#define _PAM_ISA "." -#endif - -static int _pam_assemble_line(FILE *f, char *buf, int buf_len); - -static void _pam_free_handlers_aux(struct handler **hp); - -static int _pam_add_handler(pam_handle_t *pamh - , int must_fail, int other, int stack_level, int type - , int *actions, const char *mod_path - , int argc, char **argv, int argvlen); - -/* Values for module type */ - -#define PAM_T_ANY 0 -#define PAM_T_AUTH 1 -#define PAM_T_SESS 2 -#define PAM_T_ACCT 4 -#define PAM_T_PASS 8 - -static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name - , const char *service /* specific file */ - , int module_type /* specific type */ - , int stack_level /* level of substack */ -#ifdef PAM_READ_BOTH_CONFS - , int not_other -#endif /* PAM_READ_BOTH_CONFS */ - ); - -static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f - , const char *known_service /* specific file */ - , int requested_module_type /* specific type */ - , int stack_level /* level of substack */ -#ifdef PAM_READ_BOTH_CONFS - , int not_other -#endif /* PAM_READ_BOTH_CONFS */ - ) -{ - char buf[BUF_SIZE]; - int x; /* read a line from the FILE *f ? */ - /* - * read a line from the configuration (FILE *) f - */ - while ((x = _pam_assemble_line(f, buf, BUF_SIZE)) > 0) { - char *tok, *nexttok=NULL; - const char *this_service; - const char *mod_path; - int module_type, actions[_PAM_RETURN_VALUES]; - int other; /* set if module is for PAM_DEFAULT_SERVICE */ - int res; /* module added successfully? */ - int handler_type = PAM_HT_MODULE; /* regular handler from a module */ - int argc; - char **argv; - int argvlen; - - D(("_pam_init_handler: LINE: %s", buf)); - if (known_service != NULL) { - nexttok = buf; - /* No service field: all lines are for the known service. */ - this_service = known_service; - } else { - this_service = tok = _pam_StrTok(buf, " \n\t", &nexttok); - } - -#ifdef PAM_READ_BOTH_CONFS - if (not_other) - other = 0; - else -#endif /* PAM_READ_BOTH_CONFS */ - other = !strcasecmp(this_service, PAM_DEFAULT_SERVICE); - - /* accept "service name" or PAM_DEFAULT_SERVICE modules */ - if (!strcasecmp(this_service, pamh->service_name) || other) { - int pam_include = 0; - int substack = 0; - - /* This is a service we are looking for */ - D(("_pam_init_handlers: Found PAM config entry for: %s" - , this_service)); - - tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (tok == NULL) { - /* module type does not exist */ - D(("_pam_init_handlers: empty module type for %s", this_service)); - pam_syslog(pamh, LOG_ERR, - "(%s) empty module type", this_service); - module_type = (requested_module_type != PAM_T_ANY) ? - requested_module_type : PAM_T_AUTH; /* most sensitive */ - handler_type = PAM_HT_MUST_FAIL; /* install as normal but fail when dispatched */ - } else if (!strcasecmp("auth", tok)) { - module_type = PAM_T_AUTH; - } else if (!strcasecmp("session", tok)) { - module_type = PAM_T_SESS; - } else if (!strcasecmp("account", tok)) { - module_type = PAM_T_ACCT; - } else if (!strcasecmp("password", tok)) { - module_type = PAM_T_PASS; - } else { - /* Illegal module type */ - D(("_pam_init_handlers: bad module type: %s", tok)); - pam_syslog(pamh, LOG_ERR, "(%s) illegal module type: %s", - this_service, tok); - module_type = (requested_module_type != PAM_T_ANY) ? - requested_module_type : PAM_T_AUTH; /* most sensitive */ - handler_type = PAM_HT_MUST_FAIL; /* install as normal but fail when dispatched */ - } - D(("Using %s config entry: %s", handler_type?"BAD ":"", tok)); - if (requested_module_type != PAM_T_ANY && - module_type != requested_module_type) { - D(("Skipping config entry: %s (requested=%d, found=%d)", - tok, requested_module_type, module_type)); - continue; - } - - /* reset the actions to .._UNDEF's -- this is so that - we can work out which entries are not yet set (for default). */ - { - int i; - for (i=0; i<_PAM_RETURN_VALUES; - actions[i++] = _PAM_ACTION_UNDEF); - } - tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (tok == NULL) { - /* no module name given */ - D(("_pam_init_handlers: no control flag supplied")); - pam_syslog(pamh, LOG_ERR, - "(%s) no control flag supplied", this_service); - _pam_set_default_control(actions, _PAM_ACTION_BAD); - handler_type = PAM_HT_MUST_FAIL; - } else if (!strcasecmp("required", tok)) { - D(("*PAM_F_REQUIRED*")); - actions[PAM_SUCCESS] = _PAM_ACTION_OK; - actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; - actions[PAM_IGNORE] = _PAM_ACTION_IGNORE; - _pam_set_default_control(actions, _PAM_ACTION_BAD); - } else if (!strcasecmp("requisite", tok)) { - D(("*PAM_F_REQUISITE*")); - actions[PAM_SUCCESS] = _PAM_ACTION_OK; - actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; - actions[PAM_IGNORE] = _PAM_ACTION_IGNORE; - _pam_set_default_control(actions, _PAM_ACTION_DIE); - } else if (!strcasecmp("optional", tok)) { - D(("*PAM_F_OPTIONAL*")); - actions[PAM_SUCCESS] = _PAM_ACTION_OK; - actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; - _pam_set_default_control(actions, _PAM_ACTION_IGNORE); - } else if (!strcasecmp("sufficient", tok)) { - D(("*PAM_F_SUFFICIENT*")); - actions[PAM_SUCCESS] = _PAM_ACTION_DONE; - actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_DONE; - _pam_set_default_control(actions, _PAM_ACTION_IGNORE); - } else if (!strcasecmp("include", tok)) { - D(("*PAM_F_INCLUDE*")); - pam_include = 1; - substack = 0; - } else if (!strcasecmp("substack", tok)) { - D(("*PAM_F_SUBSTACK*")); - pam_include = 1; - substack = 1; - } else { - D(("will need to parse %s", tok)); - _pam_parse_control(actions, tok); - /* by default the default is to treat as failure */ - _pam_set_default_control(actions, _PAM_ACTION_BAD); - } - - tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (pam_include) { - if (substack) { - res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, - stack_level, module_type, actions, tok, - 0, NULL, 0); - if (res != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "error adding substack %s", tok); - D(("failed to load module - aborting")); - return PAM_ABORT; - } - } - if (_pam_load_conf_file(pamh, tok, this_service, module_type, - stack_level + substack -#ifdef PAM_READ_BOTH_CONFS - , !other -#endif /* PAM_READ_BOTH_CONFS */ - ) == PAM_SUCCESS) - continue; - _pam_set_default_control(actions, _PAM_ACTION_BAD); - mod_path = NULL; - handler_type = PAM_HT_MUST_FAIL; - nexttok = NULL; - } else if (tok != NULL) { - mod_path = tok; - D(("mod_path = %s",mod_path)); - } else { - /* no module name given */ - D(("_pam_init_handlers: no module name supplied")); - pam_syslog(pamh, LOG_ERR, - "(%s) no module name supplied", this_service); - mod_path = NULL; - handler_type = PAM_HT_MUST_FAIL; - } - - /* nexttok points to remaining arguments... */ - - if (nexttok != NULL) { - D(("list: %s",nexttok)); - argvlen = _pam_mkargv(nexttok, &argv, &argc); - D(("argvlen = %d",argvlen)); - } else { /* there are no arguments so fix by hand */ - D(("_pam_init_handlers: empty argument list")); - argvlen = argc = 0; - argv = NULL; - } - -#ifdef DEBUG - { - int y; - - D(("CONF%s: %s%s %d %s %d" - , handler_type==PAM_HT_MUST_FAIL?"<*will fail*>":"" - , this_service, other ? "(backup)":"" - , module_type - , mod_path, argc)); - for (y = 0; y < argc; y++) { - D(("CONF: %s", argv[y])); - } - for (y = 0; y<_PAM_RETURN_VALUES; ++y) { - D(("RETURN %s(%d) -> %d %s", - _pam_token_returns[y], y, actions[y], - actions[y]>0 ? "jump": - _pam_token_actions[-actions[y]])); - } - } -#endif - - res = _pam_add_handler(pamh, handler_type, other, stack_level - , module_type, actions, mod_path - , argc, argv, argvlen); - if (res != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "error loading %s", mod_path); - D(("failed to load module - aborting")); - return PAM_ABORT; - } - } - } - - return ( (x < 0) ? PAM_ABORT:PAM_SUCCESS ); -} - -static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name - , const char *service /* specific file */ - , int module_type /* specific type */ - , int stack_level /* level of substack */ -#ifdef PAM_READ_BOTH_CONFS - , int not_other -#endif /* PAM_READ_BOTH_CONFS */ - ) -{ - FILE *f; - char *config_path = NULL; - int retval = PAM_ABORT; - - D(("_pam_load_conf_file called")); - - if (stack_level >= PAM_SUBSTACK_MAX_LEVEL) { - D(("maximum level of substacks reached")); - pam_syslog(pamh, LOG_ERR, "maximum level of substacks reached"); - return PAM_ABORT; - } - - if (config_name == NULL) { - D(("no config file supplied")); - pam_syslog(pamh, LOG_ERR, "(%s) no config file supplied", service); - return PAM_ABORT; - } - - if (config_name[0] != '/') { - if (asprintf (&config_path, PAM_CONFIG_DF, config_name) < 0) { - pam_syslog(pamh, LOG_CRIT, "asprintf failed"); - return PAM_BUF_ERR; - } - config_name = config_path; - } - - D(("opening %s", config_name)); - f = fopen(config_name, "r"); - if (f != NULL) { - retval = _pam_parse_conf_file(pamh, f, service, module_type, stack_level -#ifdef PAM_READ_BOTH_CONFS - , not_other -#endif /* PAM_READ_BOTH_CONFS */ - ); - fclose(f); - if (retval != PAM_SUCCESS) - pam_syslog(pamh, LOG_ERR, - "_pam_load_conf_file: error reading %s: %s", - config_name, pam_strerror(pamh, retval)); - } else { - D(("unable to open %s", config_name)); - pam_syslog(pamh, LOG_ERR, - "_pam_load_conf_file: unable to open %s", - config_name); - } - - _pam_drop(config_path); - return retval; -} - -/* Parse config file, allocate handler structures, dlopen() */ -int _pam_init_handlers(pam_handle_t *pamh) -{ - FILE *f; - int retval; - - D(("_pam_init_handlers called")); - IF_NO_PAMH("_pam_init_handlers",pamh,PAM_SYSTEM_ERR); - - /* Return immediately if everything is already loaded */ - if (pamh->handlers.handlers_loaded) { - return PAM_SUCCESS; - } - - D(("_pam_init_handlers: initializing")); - - /* First clean the service structure */ - - _pam_free_handlers(pamh); - if (! pamh->handlers.module) { - if ((pamh->handlers.module = - malloc(MODULE_CHUNK * sizeof(struct loaded_module))) == NULL) { - pam_syslog(pamh, LOG_CRIT, - "_pam_init_handlers: no memory loading module"); - return PAM_BUF_ERR; - } - pamh->handlers.modules_allocated = MODULE_CHUNK; - pamh->handlers.modules_used = 0; - } - - if (pamh->service_name == NULL) { - return PAM_BAD_ITEM; /* XXX - better error? */ - } - -#ifdef PAM_LOCKING - /* Is the PAM subsystem locked? */ - { - int fd_tmp; - - if ((fd_tmp = open( PAM_LOCK_FILE, O_RDONLY )) != -1) { - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: PAM lockfile (" - PAM_LOCK_FILE ") exists - aborting"); - (void) close(fd_tmp); - /* - * to avoid swamping the system with requests - */ - _pam_start_timer(pamh); - pam_fail_delay(pamh, 5000000); - _pam_await_timer(pamh, PAM_ABORT); - - return PAM_ABORT; - } - } -#endif /* PAM_LOCKING */ - - /* - * Now parse the config file(s) and add handlers - */ - { - struct stat test_d; - - /* Is there a PAM_CONFIG_D directory? */ - if ( stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode) ) { - char *filename; - int read_something=0; - - D(("searching " PAM_CONFIG_D " for config files")); - if (asprintf(&filename, PAM_CONFIG_DF, pamh->service_name) < 0) { - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: no memory; service %s", - pamh->service_name); - return PAM_BUF_ERR; - } - D(("opening %s", filename)); - f = fopen(filename, "r"); - if (f != NULL) { - /* would test magic here? */ - retval = _pam_parse_conf_file(pamh, f, pamh->service_name, - PAM_T_ANY, 0 -#ifdef PAM_READ_BOTH_CONFS - , 0 -#endif /* PAM_READ_BOTH_CONFS */ - ); - fclose(f); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: error reading %s", - filename); - pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: [%s]", - pam_strerror(pamh, retval)); - } else { - read_something = 1; - } - } else { - D(("unable to open %s", filename)); -#ifdef PAM_READ_BOTH_CONFS - D(("checking %s", PAM_CONFIG)); - - if ((f = fopen(PAM_CONFIG,"r")) != NULL) { - retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1); - fclose(f); - } else -#endif /* PAM_READ_BOTH_CONFS */ - retval = PAM_SUCCESS; - /* - * XXX - should we log an error? Some people want to always - * use "other" - */ - } - _pam_drop(filename); - - if (retval == PAM_SUCCESS) { - /* now parse the PAM_DEFAULT_SERVICE_FILE */ - - D(("opening %s", PAM_DEFAULT_SERVICE_FILE)); - f = fopen(PAM_DEFAULT_SERVICE_FILE, "r"); - if (f != NULL) { - /* would test magic here? */ - retval = _pam_parse_conf_file(pamh, f, PAM_DEFAULT_SERVICE, - PAM_T_ANY, 0 -#ifdef PAM_READ_BOTH_CONFS - , 0 -#endif /* PAM_READ_BOTH_CONFS */ - ); - fclose(f); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: error reading %s", - PAM_DEFAULT_SERVICE_FILE); - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: [%s]", - pam_strerror(pamh, retval)); - } else { - read_something = 1; - } - } else { - D(("unable to open %s", PAM_DEFAULT_SERVICE_FILE)); - pam_syslog(pamh, LOG_ERR, - "_pam_init_handlers: no default config %s", - PAM_DEFAULT_SERVICE_FILE); - } - if (!read_something) { /* nothing read successfully */ - retval = PAM_ABORT; - } - } - } else { - if ((f = fopen(PAM_CONFIG, "r")) == NULL) { - pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: could not open " - PAM_CONFIG ); - return PAM_ABORT; - } - - retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0 -#ifdef PAM_READ_BOTH_CONFS - , 0 -#endif /* PAM_READ_BOTH_CONFS */ - ); - - D(("closing configuration file")); - fclose(f); - } - } - - if (retval != PAM_SUCCESS) { - /* Read error */ - pam_syslog(pamh, LOG_ERR, "error reading PAM configuration file"); - return PAM_ABORT; - } - - pamh->handlers.handlers_loaded = 1; - - D(("_pam_init_handlers exiting")); - return PAM_SUCCESS; -} - -/* - * This is where we read a line of the PAM config file. The line may be - * preceeded by lines of comments and also extended with "\\\n" - */ - -static int _pam_assemble_line(FILE *f, char *buffer, int buf_len) -{ - char *p = buffer; - char *s, *os; - int used = 0; - - /* loop broken with a 'break' when a non-'\\n' ended line is read */ - - D(("called.")); - for (;;) { - if (used >= buf_len) { - /* Overflow */ - D(("_pam_assemble_line: overflow")); - return -1; - } - if (fgets(p, buf_len - used, f) == NULL) { - if (used) { - /* Incomplete read */ - return -1; - } else { - /* EOF */ - return 0; - } - } - - /* skip leading spaces --- line may be blank */ - - s = p + strspn(p, " \n\t"); - if (*s && (*s != '#')) { - os = s; - - /* - * we are only interested in characters before the first '#' - * character - */ - - while (*s && *s != '#') - ++s; - if (*s == '#') { - *s = '\0'; - used += strlen(os); - break; /* the line has been read */ - } - - s = os; - - /* - * Check for backslash by scanning back from the end of - * the entered line, the '\n' has been included since - * normally a line is terminated with this - * character. fgets() should only return one though! - */ - - s += strlen(s); - while (s > os && ((*--s == ' ') || (*s == '\t') - || (*s == '\n'))); - - /* check if it ends with a backslash */ - if (*s == '\\') { - *s++ = ' '; /* replace backslash with ' ' */ - *s = '\0'; /* truncate the line here */ - used += strlen(os); - p = s; /* there is more ... */ - } else { - /* End of the line! */ - used += strlen(os); - break; /* this is the complete line */ - } - - } else { - /* Nothing in this line */ - /* Don't move p */ - } - } - - return used; -} - -static char * -extract_modulename(const char *mod_path) -{ - const char *p = strrchr (mod_path, '/'); - char *dot, *retval; - - if (p == NULL) - p = mod_path; - else - p++; - - if ((retval = _pam_strdup (p)) == NULL) - return NULL; - - dot = strrchr (retval, '.'); - if (dot) - *dot = '\0'; - - return retval; -} - -static struct loaded_module * -_pam_load_module(pam_handle_t *pamh, const char *mod_path) -{ - int x = 0; - int success; -#ifndef PAM_STATIC - char *mod_full_isa_path=NULL, *isa=NULL; -#endif - struct loaded_module *mod; - - D(("_pam_load_module: loading module `%s'", mod_path)); - - mod = pamh->handlers.module; - - /* First, ensure the module is loaded */ - while (x < pamh->handlers.modules_used) { - if (!strcmp(mod[x].name, mod_path)) { /* case sensitive ! */ - break; - } - x++; - } - if (x == pamh->handlers.modules_used) { - /* Not found */ - if (pamh->handlers.modules_allocated == pamh->handlers.modules_used) { - /* will need more memory */ - void *tmp = realloc(pamh->handlers.module, - (pamh->handlers.modules_allocated+MODULE_CHUNK) - *sizeof(struct loaded_module)); - if (tmp == NULL) { - D(("cannot enlarge module pointer memory")); - pam_syslog(pamh, LOG_ERR, - "realloc returned NULL in _pam_load_module"); - return NULL; - } - pamh->handlers.module = tmp; - pamh->handlers.modules_allocated += MODULE_CHUNK; - } - mod = &(pamh->handlers.module[x]); - /* Be pessimistic... */ - success = PAM_ABORT; - -#ifdef PAM_STATIC - /* Only load static function if function was not found dynamically. - * This code should work even if no dynamic loading is available. */ - if (success != PAM_SUCCESS) { - D(("_pam_load_module: open static handler %s", mod_path)); - mod->dl_handle = _pam_open_static_handler(pamh, mod_path); - if (mod->dl_handle == NULL) { - D(("_pam_load_module: unable to find static handler %s", - mod_path)); - pam_syslog(pamh, LOG_ERR, - "unable to open static handler %s", mod_path); - /* Didn't find module in dynamic or static..will mark bad */ - } else { - D(("static module added successfully")); - success = PAM_SUCCESS; - mod->type = PAM_MT_STATIC_MOD; - pamh->handlers.modules_used++; - } - } -#else - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); - D(("_pam_load_module: _pam_dlopen'ed")); - D(("_pam_load_module: dlopen'ed")); - if (mod->dl_handle == NULL) { - if (strstr(mod_path, "$ISA")) { - mod_full_isa_path = malloc(strlen(mod_path) + strlen(_PAM_ISA) + 1); - if (mod_full_isa_path == NULL) { - D(("_pam_load_module: couldn't get memory for mod_path")); - pam_syslog(pamh, LOG_ERR, "no memory for module path"); - success = PAM_ABORT; - } else { - strcpy(mod_full_isa_path, mod_path); - isa = strstr(mod_full_isa_path, "$ISA"); - if (isa) { - memmove(isa + strlen(_PAM_ISA), isa + 4, strlen(isa + 4) + 1); - memmove(isa, _PAM_ISA, strlen(_PAM_ISA)); - } - mod->dl_handle = _pam_dlopen(mod_full_isa_path); - _pam_drop(mod_full_isa_path); - } - } - } - if (mod->dl_handle == NULL) { - D(("_pam_load_module: _pam_dlopen(%s) failed", mod_path)); - pam_syslog(pamh, LOG_ERR, "unable to dlopen(%s): %s", mod_path, - _pam_dlerror()); - /* Don't abort yet; static code may be able to find function. - * But defaults to abort if nothing found below... */ - } else { - D(("module added successfully")); - success = PAM_SUCCESS; - mod->type = PAM_MT_DYNAMIC_MOD; - pamh->handlers.modules_used++; - } -#endif - - if (success != PAM_SUCCESS) { /* add a malformed module */ - mod->dl_handle = NULL; - mod->type = PAM_MT_FAULTY_MOD; - pamh->handlers.modules_used++; - pam_syslog(pamh, LOG_ERR, "adding faulty module: %s", mod_path); - success = PAM_SUCCESS; /* We have successfully added a module */ - } - - /* indicate its name - later we will search for it by this */ - if ((mod->name = _pam_strdup(mod_path)) == NULL) { - D(("_pam_load_module: couldn't get memory for mod_path")); - pam_syslog(pamh, LOG_ERR, "no memory for module path"); - success = PAM_ABORT; - } - - } else { /* x != pamh->handlers.modules_used */ - mod += x; /* the located module */ - success = PAM_SUCCESS; - } - return success == PAM_SUCCESS ? mod : NULL; -} - -int _pam_add_handler(pam_handle_t *pamh - , int handler_type, int other, int stack_level, int type - , int *actions, const char *mod_path - , int argc, char **argv, int argvlen) -{ - struct loaded_module *mod = NULL; - struct handler **handler_p; - struct handler **handler_p2; - struct handlers *the_handlers; - const char *sym, *sym2; - char *mod_full_path; - servicefn func, func2; - int mod_type = PAM_MT_FAULTY_MOD; - - D(("called.")); - IF_NO_PAMH("_pam_add_handler",pamh,PAM_SYSTEM_ERR); - - D(("_pam_add_handler: adding type %d, handler_type %d, module `%s'", - type, handler_type, mod_path)); - - if (handler_type == PAM_HT_MODULE && mod_path != NULL) { - if (mod_path[0] == '/') { - mod = _pam_load_module(pamh, mod_path); - } else if (asprintf(&mod_full_path, "%s%s", - DEFAULT_MODULE_PATH, mod_path) >= 0) { - mod = _pam_load_module(pamh, mod_full_path); - _pam_drop(mod_full_path); - } else { - pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); - return PAM_ABORT; - } - - if (mod == NULL) { - /* if we get here with NULL it means allocation error */ - return PAM_ABORT; - } - - mod_type = mod->type; - } - - if (mod_path == NULL) - mod_path = UNKNOWN_MODULE; - - /* - * At this point 'mod' points to the stored/loaded module. - */ - - /* Now define the handler(s) based on mod->dlhandle and type */ - - /* decide which list of handlers to use */ - the_handlers = (other) ? &pamh->handlers.other : &pamh->handlers.conf; - - handler_p = handler_p2 = NULL; - func = func2 = NULL; - sym2 = NULL; - - /* point handler_p's at the root addresses of the function stacks */ - switch (type) { - case PAM_T_AUTH: - handler_p = &the_handlers->authenticate; - sym = "pam_sm_authenticate"; - handler_p2 = &the_handlers->setcred; - sym2 = "pam_sm_setcred"; - break; - case PAM_T_SESS: - handler_p = &the_handlers->open_session; - sym = "pam_sm_open_session"; - handler_p2 = &the_handlers->close_session; - sym2 = "pam_sm_close_session"; - break; - case PAM_T_ACCT: - handler_p = &the_handlers->acct_mgmt; - sym = "pam_sm_acct_mgmt"; - break; - case PAM_T_PASS: - handler_p = &the_handlers->chauthtok; - sym = "pam_sm_chauthtok"; - break; - default: - /* Illegal module type */ - D(("_pam_add_handler: illegal module type %d", type)); - return PAM_ABORT; - } - - /* are the modules reliable? */ - if ( -#ifdef PAM_STATIC - mod_type != PAM_MT_STATIC_MOD - && -#else - mod_type != PAM_MT_DYNAMIC_MOD - && -#endif - mod_type != PAM_MT_FAULTY_MOD - ) { - D(("_pam_add_handlers: illegal module library type; %d", mod_type)); - pam_syslog(pamh, LOG_ERR, - "internal error: module library type not known: %s;%d", - sym, mod_type); - return PAM_ABORT; - } - - /* now identify this module's functions - for non-faulty modules */ - -#ifdef PAM_STATIC - if ((mod_type == PAM_MT_STATIC_MOD) && - (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { - pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); - } -#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func = _pam_dlsym(mod->dl_handle, sym)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); - } -#endif - if (sym2) { -#ifdef PAM_STATIC - if ((mod_type == PAM_MT_STATIC_MOD) && - (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) - == NULL) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); - } -#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); - } -#endif - } - - /* here func (and perhaps func2) point to the appropriate functions */ - - /* add new handler to end of existing list */ - while (*handler_p != NULL) { - handler_p = &((*handler_p)->next); - } - - if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); - return (PAM_ABORT); - } - - (*handler_p)->handler_type = handler_type; - (*handler_p)->stack_level = stack_level; - (*handler_p)->func = func; - memcpy((*handler_p)->actions,actions,sizeof((*handler_p)->actions)); - (*handler_p)->cached_retval = _PAM_INVALID_RETVAL; - (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval); - (*handler_p)->argc = argc; - (*handler_p)->argv = argv; /* not a copy */ - (*handler_p)->mod_name = extract_modulename(mod_path); - (*handler_p)->next = NULL; - - /* some of the modules have a second calling function */ - if (handler_p2) { - /* add new handler to end of existing list */ - while (*handler_p2) { - handler_p2 = &((*handler_p2)->next); - } - - if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); - return (PAM_ABORT); - } - - (*handler_p2)->handler_type = handler_type; - (*handler_p2)->stack_level = stack_level; - (*handler_p2)->func = func2; - memcpy((*handler_p2)->actions,actions,sizeof((*handler_p2)->actions)); - (*handler_p2)->cached_retval = _PAM_INVALID_RETVAL; /* ignored */ - /* Note, this next entry points to the handler_p value! */ - (*handler_p2)->cached_retval_p = &((*handler_p)->cached_retval); - (*handler_p2)->argc = argc; - if (argv) { - if (((*handler_p2)->argv = malloc(argvlen)) == NULL) { - pam_syslog(pamh, LOG_CRIT, "cannot malloc argv for handler #2"); - return (PAM_ABORT); - } - memcpy((*handler_p2)->argv, argv, argvlen); - } else { - (*handler_p2)->argv = NULL; /* no arguments */ - } - (*handler_p2)->mod_name = extract_modulename(mod_path); - (*handler_p2)->next = NULL; - } - - D(("_pam_add_handler: returning successfully")); - - return PAM_SUCCESS; -} - -/* Free various allocated structures and dlclose() the libs */ -int _pam_free_handlers(pam_handle_t *pamh) -{ - struct loaded_module *mod; - - D(("called.")); - IF_NO_PAMH("_pam_free_handlers",pamh,PAM_SYSTEM_ERR); - - mod = pamh->handlers.module; - - /* Close all loaded modules */ - - while (pamh->handlers.modules_used) { - D(("_pam_free_handlers: dlclose(%s)", mod->name)); - free(mod->name); -#ifndef PAM_STATIC - if (mod->type == PAM_MT_DYNAMIC_MOD) { - _pam_dlclose(mod->dl_handle); - } -#endif - mod++; - pamh->handlers.modules_used--; - } - - /* Free all the handlers */ - - _pam_free_handlers_aux(&(pamh->handlers.conf.authenticate)); - _pam_free_handlers_aux(&(pamh->handlers.conf.setcred)); - _pam_free_handlers_aux(&(pamh->handlers.conf.acct_mgmt)); - _pam_free_handlers_aux(&(pamh->handlers.conf.open_session)); - _pam_free_handlers_aux(&(pamh->handlers.conf.close_session)); - _pam_free_handlers_aux(&(pamh->handlers.conf.chauthtok)); - - _pam_free_handlers_aux(&(pamh->handlers.other.authenticate)); - _pam_free_handlers_aux(&(pamh->handlers.other.setcred)); - _pam_free_handlers_aux(&(pamh->handlers.other.acct_mgmt)); - _pam_free_handlers_aux(&(pamh->handlers.other.open_session)); - _pam_free_handlers_aux(&(pamh->handlers.other.close_session)); - _pam_free_handlers_aux(&(pamh->handlers.other.chauthtok)); - - /* no more loaded modules */ - - _pam_drop(pamh->handlers.module); - - /* Indicate that handlers are not initialized for this pamh */ - - pamh->handlers.handlers_loaded = 0; - - return PAM_SUCCESS; -} - -void _pam_start_handlers(pam_handle_t *pamh) -{ - D(("called.")); - /* NB. There is no check for a NULL pamh here, since no return - * value to communicate the fact! */ - - /* Indicate that handlers are not initialized for this pamh */ - pamh->handlers.handlers_loaded = 0; - - pamh->handlers.modules_allocated = 0; - pamh->handlers.modules_used = 0; - pamh->handlers.module = NULL; - - /* initialize the .conf and .other entries */ - - pamh->handlers.conf.authenticate = NULL; - pamh->handlers.conf.setcred = NULL; - pamh->handlers.conf.acct_mgmt = NULL; - pamh->handlers.conf.open_session = NULL; - pamh->handlers.conf.close_session = NULL; - pamh->handlers.conf.chauthtok = NULL; - - pamh->handlers.other.authenticate = NULL; - pamh->handlers.other.setcred = NULL; - pamh->handlers.other.acct_mgmt = NULL; - pamh->handlers.other.open_session = NULL; - pamh->handlers.other.close_session = NULL; - pamh->handlers.other.chauthtok = NULL; -} - -void _pam_free_handlers_aux(struct handler **hp) -{ - struct handler *h = *hp; - struct handler *last; - - D(("called.")); - while (h) { - last = h; - _pam_drop(h->argv); /* This is all alocated in a single chunk */ - _pam_drop(h->mod_name); - h = h->next; - memset(last, 0, sizeof(*last)); - free(last); - } - - *hp = NULL; -} diff --git a/Linux-PAM/libpam/pam_item.c b/Linux-PAM/libpam/pam_item.c deleted file mode 100644 index 2d7985c8..00000000 --- a/Linux-PAM/libpam/pam_item.c +++ /dev/null @@ -1,370 +0,0 @@ -/* pam_item.c */ - -/* - * $Id: pam_item.c,v 1.15 2008/01/28 14:50:21 kukuk Exp $ - */ - -#include "pam_private.h" - -#include <ctype.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> - -#define RESET(X, Y) \ -{ \ - char *_TMP_ = (X); \ - if (_TMP_ != (Y)) { \ - (X) = (Y) ? _pam_strdup(Y) : NULL; \ - if (_TMP_) \ - free(_TMP_); \ - } \ -} - -/* functions */ - -int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) -{ - int retval; - - D(("called")); - - IF_NO_PAMH("pam_set_item", pamh, PAM_SYSTEM_ERR); - - retval = PAM_SUCCESS; - - switch (item_type) { - - case PAM_SERVICE: - /* Setting handlers_loaded to 0 will cause the handlers - * to be reloaded on the next call to a service module. - */ - pamh->handlers.handlers_loaded = 0; - RESET(pamh->service_name, item); - { - char *tmp; - for (tmp=pamh->service_name; *tmp; ++tmp) - *tmp = tolower(*tmp); /* require lower case */ - } - break; - - case PAM_USER: - RESET(pamh->user, item); - pamh->former.fail_user = PAM_SUCCESS; - break; - - case PAM_USER_PROMPT: - RESET(pamh->prompt, item); - pamh->former.fail_user = PAM_SUCCESS; - break; - - case PAM_TTY: - D(("setting tty to %s", item)); - RESET(pamh->tty, item); - break; - - case PAM_RUSER: - RESET(pamh->ruser, item); - break; - - case PAM_RHOST: - RESET(pamh->rhost, item); - break; - - case PAM_AUTHTOK: - /* - * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from - * modules. - */ - if (__PAM_FROM_MODULE(pamh)) { - char *_TMP_ = pamh->authtok; - if (_TMP_ == item) /* not changed so leave alone */ - break; - pamh->authtok = (item) ? _pam_strdup(item) : NULL; - if (_TMP_) { - _pam_overwrite(_TMP_); - free(_TMP_); - } - } else { - retval = PAM_BAD_ITEM; - } - - break; - - case PAM_OLDAUTHTOK: - /* - * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from - * modules. - */ - if (__PAM_FROM_MODULE(pamh)) { - char *_TMP_ = pamh->oldauthtok; - if (_TMP_ == item) /* not changed so leave alone */ - break; - pamh->oldauthtok = (item) ? _pam_strdup(item) : NULL; - if (_TMP_) { - _pam_overwrite(_TMP_); - free(_TMP_); - } - } else { - retval = PAM_BAD_ITEM; - } - - break; - - case PAM_CONV: /* want to change the conversation function */ - if (item == NULL) { - pam_syslog(pamh, LOG_ERR, - "pam_set_item: attempt to set conv() to NULL"); - retval = PAM_PERM_DENIED; - } else { - struct pam_conv *tconv; - - if ((tconv= - (struct pam_conv *) malloc(sizeof(struct pam_conv)) - ) == NULL) { - pam_syslog(pamh, LOG_CRIT, - "pam_set_item: malloc failed for pam_conv"); - retval = PAM_BUF_ERR; - } else { - memcpy(tconv, item, sizeof(struct pam_conv)); - _pam_drop(pamh->pam_conversation); - pamh->pam_conversation = tconv; - pamh->former.fail_user = PAM_SUCCESS; - } - } - break; - - case PAM_FAIL_DELAY: - pamh->fail_delay.delay_fn_ptr = item; - break; - - case PAM_XDISPLAY: - RESET(pamh->xdisplay, item); - break; - - case PAM_XAUTHDATA: - if (pamh->xauth.namelen) { - _pam_overwrite(pamh->xauth.name); - free(pamh->xauth.name); - } - if (pamh->xauth.datalen) { - _pam_overwrite_n(pamh->xauth.data, - (unsigned int) pamh->xauth.datalen); - free(pamh->xauth.data); - } - pamh->xauth = *((const struct pam_xauth_data *) item); - pamh->xauth.name = _pam_strdup(pamh->xauth.name); - pamh->xauth.data = _pam_memdup(pamh->xauth.data, pamh->xauth.datalen); - break; - - default: - retval = PAM_BAD_ITEM; - } - - return retval; -} - -int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item) -{ - int retval = PAM_SUCCESS; - - D(("called.")); - IF_NO_PAMH("pam_get_item", pamh, PAM_SYSTEM_ERR); - - if (item == NULL) { - pam_syslog(pamh, LOG_ERR, - "pam_get_item: nowhere to place requested item"); - return PAM_PERM_DENIED; - } - else - *item = NULL; - - switch (item_type) { - case PAM_SERVICE: - *item = pamh->service_name; - break; - - case PAM_USER: - D(("returning user=%s", pamh->user)); - *item = pamh->user; - break; - - case PAM_USER_PROMPT: - D(("returning userprompt=%s", pamh->user)); - *item = pamh->prompt; - break; - - case PAM_TTY: - D(("returning tty=%s", pamh->tty)); - *item = pamh->tty; - break; - - case PAM_RUSER: - *item = pamh->ruser; - break; - - case PAM_RHOST: - *item = pamh->rhost; - break; - - case PAM_AUTHTOK: - /* - * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from - * modules. - */ - if (__PAM_FROM_MODULE(pamh)) { - *item = pamh->authtok; - } else { - retval = PAM_BAD_ITEM; - } - break; - - case PAM_OLDAUTHTOK: - /* - * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from - * modules. - */ - if (__PAM_FROM_MODULE(pamh)) { - *item = pamh->oldauthtok; - } else { - retval = PAM_BAD_ITEM; - } - break; - - case PAM_CONV: - *item = pamh->pam_conversation; - break; - - case PAM_FAIL_DELAY: - *item = pamh->fail_delay.delay_fn_ptr; - break; - - case PAM_XDISPLAY: - *item = pamh->xdisplay; - break; - - case PAM_XAUTHDATA: - *item = &pamh->xauth; - break; - - default: - retval = PAM_BAD_ITEM; - } - - return retval; -} - -/* - * This function is the 'preferred method to obtain the username'. - */ - -int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) -{ - const char *use_prompt; - int retval; - struct pam_message msg,*pmsg; - struct pam_response *resp; - - D(("called.")); - - IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR); - - if (user == NULL) { - /* ensure that the module has supplied a destination */ - pam_syslog(pamh, LOG_ERR, "pam_get_user: nowhere to record username"); - return PAM_PERM_DENIED; - } else - *user = NULL; - - if (pamh->pam_conversation == NULL) { - pam_syslog(pamh, LOG_ERR, "pam_get_user: no conv element in pamh"); - return PAM_SERVICE_ERR; - } - - if (pamh->user) { /* have one so return it */ - *user = pamh->user; - return PAM_SUCCESS; - } - - if (pamh->former.fail_user != PAM_SUCCESS) - return pamh->former.fail_user; - - /* will need a prompt */ - if (prompt != NULL) - use_prompt = prompt; - else if (pamh->prompt != NULL) - use_prompt = pamh->prompt; - else - use_prompt = _("login:"); - - /* If we are resuming an old conversation, we verify that the prompt - is the same. Anything else is an error. */ - if (pamh->former.want_user) { - /* must have a prompt to resume with */ - if (! pamh->former.prompt) { - pam_syslog(pamh, LOG_ERR, - "pam_get_user: failed to resume with prompt" - ); - return PAM_ABORT; - } - - /* must be the same prompt as last time */ - if (strcmp(pamh->former.prompt, use_prompt)) { - pam_syslog(pamh, LOG_ERR, - "pam_get_user: resumed with different prompt"); - return PAM_ABORT; - } - - /* ok, we can resume where we left off last time */ - pamh->former.want_user = PAM_FALSE; - _pam_overwrite(pamh->former.prompt); - _pam_drop(pamh->former.prompt); - } - - /* converse with application -- prompt user for a username */ - pmsg = &msg; - msg.msg_style = PAM_PROMPT_ECHO_ON; - msg.msg = use_prompt; - resp = NULL; - - retval = pamh->pam_conversation-> - conv(1, (const struct pam_message **) &pmsg, &resp, - pamh->pam_conversation->appdata_ptr); - - if (retval == PAM_CONV_AGAIN) { - /* conversation function is waiting for an event - save state */ - D(("conversation function is not ready yet")); - pamh->former.want_user = PAM_TRUE; - pamh->former.prompt = _pam_strdup(use_prompt); - } else if (resp == NULL) { - /* - * conversation should have given a response - */ - D(("pam_get_user: no response provided")); - retval = PAM_CONV_ERR; - pamh->former.fail_user = retval; - } else if (retval == PAM_SUCCESS) { /* copy the username */ - /* - * now we set the PAM_USER item -- this was missing from pre.53 - * releases. However, reading the Sun manual, it is part of - * the standard API. - */ - RESET(pamh->user, resp->resp); - *user = pamh->user; - } else - pamh->former.fail_user = retval; - - if (resp) { - if (retval != PAM_SUCCESS) - pam_syslog(pamh, LOG_WARNING, - "unexpected response from failed conversation function"); - /* - * note 'resp' is allocated by the application and is - * correctly free()'d here - */ - _pam_drop_reply(resp, 1); - } - - D(("completed")); - return retval; /* pass on any error from conversation */ -} diff --git a/Linux-PAM/libpam/pam_misc.c b/Linux-PAM/libpam/pam_misc.c deleted file mode 100644 index 574a570e..00000000 --- a/Linux-PAM/libpam/pam_misc.c +++ /dev/null @@ -1,359 +0,0 @@ -/* pam_misc.c -- This is random stuff - * - * Copyright (c) Andrew G. Morgan <morgan@kernel.org> 2000-2003 - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pam_private.h" - -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <ctype.h> - -char *_pam_StrTok(char *from, const char *format, char **next) -/* - * this function is a variant of the standard strtok, it differs in that - * it takes an additional argument and doesn't nul terminate tokens until - * they are actually reached. - */ -{ - char table[256], *end; - int i; - - if (from == NULL && (from = *next) == NULL) - return from; - - /* initialize table */ - for (i=1; i<256; table[i++] = '\0'); - for (i=0; format[i] ; table[(int)format[i++]] = 'y'); - - /* look for first non-format char */ - while (*from && table[(int)*from]) { - ++from; - } - - if (*from == '[') { - /* - * special case, "[...]" is considered to be a single - * object. Note, however, if one of the format[] chars is - * '[' this single string will not be read correctly. - * Note, any '[' inside the outer "[...]" pair will survive. - * Note, the first ']' will terminate this string, but - * that "\]" will get compressed into "]". That is: - * - * "[..[..\]..]..." --> "..[..].." - */ - char *to; - for (to=end=++from; *end && *end != ']'; ++to, ++end) { - if (*end == '\\' && end[1] == ']') - ++end; - if (to != end) { - *to = *end; - } - } - if (to != end) { - *to = '\0'; - } - /* note, this string is stripped of its edges: "..." is what - remains */ - } else if (*from) { - /* simply look for next blank char */ - for (end=from; *end && !table[(int)*end]; ++end); - } else { - return (*next = NULL); /* no tokens left */ - } - - /* now terminate what we have */ - if (*end) - *end++ = '\0'; - - /* indicate what it left */ - if (*end) { - *next = end; - } else { - *next = NULL; /* have found last token */ - } - - /* return what we have */ - return from; -} - -/* - * Safe duplication of character strings. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -char *_pam_strdup(const char *x) -{ - register char *new=NULL; - - if (x != NULL) { - register int len; - - len = strlen (x) + 1; /* length of string including NUL */ - if ((new = malloc(len)) == NULL) { - len = 0; - pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory"); - } else { - strcpy (new, x); - } - x = NULL; - } - - return new; /* return the duplicate or NULL on error */ -} - -/* - * Safe duplication of memory buffers. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -char *_pam_memdup(const char *x, int len) -{ - register char *new=NULL; - - if (x != NULL) { - if ((new = malloc(len)) == NULL) { - len = 0; - pam_syslog(NULL, LOG_CRIT, "_pam_memdup: failed to get memory"); - } else { - memcpy (new, x, len); - } - x = NULL; - } - - return new; /* return the duplicate or NULL on error */ -} - -/* Generate argv, argc from s */ -/* caller must free(argv) */ - -int _pam_mkargv(char *s, char ***argv, int *argc) -{ - int l; - int argvlen = 0; - char *sbuf, *sbuf_start; - char **our_argv = NULL; - char **argvbuf; - char *argvbufp; -#ifdef DEBUG - int count=0; -#endif - - D(("_pam_mkargv called: %s",s)); - - *argc = 0; - - l = strlen(s); - if (l) { - if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by _pam_strdup"); - D(("arg NULL")); - } else { - /* Overkill on the malloc, but not large */ - argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *)); - if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by malloc"); - } else { - char *tmp=NULL; - - argvbufp = (char *) argvbuf + (l * sizeof(char *)); - D(("[%s]",sbuf)); - while ((sbuf = _pam_StrTok(sbuf, " \n\t", &tmp))) { - D(("arg #%d",++count)); - D(("->[%s]",sbuf)); - strcpy(argvbufp, sbuf); - D(("copied token")); - *argvbuf = argvbufp; - argvbufp += strlen(argvbufp) + 1; - D(("stepped in argvbufp")); - (*argc)++; - argvbuf++; - sbuf = NULL; - D(("loop again?")); - } - } - _pam_drop(sbuf_start); - } - } - - *argv = our_argv; - - D(("_pam_mkargv returned")); - - return(argvlen); -} - -/* - * this function is used to protect the modules from accidental or - * semi-mallicious harm that an application may do to confuse the API. - */ - -void _pam_sanitize(pam_handle_t *pamh) -{ - int old_caller_is = pamh->caller_is; - - /* - * this is for security. We reset the auth-tokens here. - */ - __PAM_TO_MODULE(pamh); - pam_set_item(pamh, PAM_AUTHTOK, NULL); - pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); - pamh->caller_is = old_caller_is; -} - -/* - * This function scans the array and replaces the _PAM_ACTION_UNDEF - * entries with the default action. - */ - -void _pam_set_default_control(int *control_array, int default_action) -{ - int i; - - for (i=0; i<_PAM_RETURN_VALUES; ++i) { - if (control_array[i] == _PAM_ACTION_UNDEF) { - control_array[i] = default_action; - } - } -} - -/* - * This function is used to parse a control string. This string is a - * series of tokens of the following form: - * - * "[ ]*return_code[ ]*=[ ]*action/[ ]". - */ - -#include "pam_tokens.h" - -void _pam_parse_control(int *control_array, char *tok) -{ - const char *error; - int ret; - - while (*tok) { - int act, len; - - /* skip leading space */ - while (isspace((int)*tok) && *++tok); - if (!*tok) - break; - - /* identify return code */ - for (ret=0; ret<=_PAM_RETURN_VALUES; ++ret) { - len = strlen(_pam_token_returns[ret]); - if (!strncmp(_pam_token_returns[ret], tok, len)) { - break; - } - } - if (ret > _PAM_RETURN_VALUES || !*(tok += len)) { - error = "expecting return value"; - goto parse_error; - } - - /* observe '=' */ - while (isspace((int)*tok) && *++tok); - if (!*tok || *tok++ != '=') { - error = "expecting '='"; - goto parse_error; - } - - /* skip leading space */ - while (isspace((int)*tok) && *++tok); - if (!*tok) { - error = "expecting action"; - goto parse_error; - } - - /* observe action type */ - for (act=0; act < (-(_PAM_ACTION_UNDEF)); ++act) { - len = strlen(_pam_token_actions[act]); - if (!strncmp(_pam_token_actions[act], tok, len)) { - act *= -1; - tok += len; - break; - } - } - if (act > 0) { - /* - * Either we have a number or we have hit an error. In - * principle, there is nothing to stop us accepting - * negative offsets. (Although we would have to think of - * another way of encoding the tokens.) However, I really - * think this would be both hard to administer and easily - * cause looping problems. So, for now, we will just - * allow forward jumps. (AGM 1998/1/7) - */ - if (!isdigit((int)*tok)) { - error = "expecting jump number"; - goto parse_error; - } - /* parse a number */ - act = 0; - do { - act *= 10; - act += *tok - '0'; /* XXX - this assumes ascii behavior */ - } while (*++tok && isdigit((int)*tok)); - if (! act) { - /* we do not allow 0 jumps. There is a token ('ignore') - for that */ - error = "expecting non-zero"; - goto parse_error; - } - } - - /* set control_array element */ - if (ret != _PAM_RETURN_VALUES) { - control_array[ret] = act; - } else { - /* set the default to 'act' */ - _pam_set_default_control(control_array, act); - } - } - - /* that was a success */ - return; - -parse_error: - /* treat everything as bad */ - pam_syslog(NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok); - for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD); - -} diff --git a/Linux-PAM/libpam/pam_modutil_cleanup.c b/Linux-PAM/libpam/pam_modutil_cleanup.c deleted file mode 100644 index 017b36cf..00000000 --- a/Linux-PAM/libpam/pam_modutil_cleanup.c +++ /dev/null @@ -1,19 +0,0 @@ -/* - * $Id: pam_modutil_cleanup.c,v 1.1 2005/09/21 10:00:58 t8m Exp $ - * - * This function provides a common pam_set_data() friendly version of free(). - */ - -#include "pam_modutil_private.h" - -#include <stdlib.h> - -void -pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, - int error_status UNUSED) -{ - if (data) { - /* junk it */ - (void) free(data); - } -} diff --git a/Linux-PAM/libpam/pam_modutil_getgrgid.c b/Linux-PAM/libpam/pam_modutil_getgrgid.c deleted file mode 100644 index 5b862872..00000000 --- a/Linux-PAM/libpam/pam_modutil_getgrgid.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * $Id: pam_modutil_getgrgid.c,v 1.2 2007/08/30 04:00:39 vorlon Exp $ - * - * This function provides a thread safer version of getgrgid() for use - * with PAM modules that care about this sort of thing. - * - * XXX - or at least it should provide a thread-safe alternative. - */ - -#include "pam_modutil_private.h" - -#include <errno.h> -#include <limits.h> -#include <grp.h> -#include <stdio.h> -#include <stdlib.h> - -static int intlen(int number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -static int longlen(long number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -struct group * -pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) -{ -#ifdef HAVE_GETGRGID_R - - void *buffer=NULL; - size_t length = PWD_INITIAL_LENGTH; - - do { - int status; - void *new_buffer; - struct group *result = NULL; - - new_buffer = realloc(buffer, sizeof(struct group) + length); - if (new_buffer == NULL) { - - D(("out of memory")); - - /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } - return NULL; - } - buffer = new_buffer; - - /* make the re-entrant call to get the grp structure */ - errno = 0; - status = getgrgid_r(gid, buffer, - sizeof(struct group) + (char *) buffer, - length, &result); - if (!status && (result == buffer)) { - char *data_name; - const void *ignore; - int i; - - data_name = malloc(strlen("_pammodutil_getgrgid") + 1 + - longlen((long)gid) + 1 + intlen(INT_MAX) + 1); - if ((pamh != NULL) && (data_name == NULL)) { - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - free(buffer); - return NULL; - } - - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", - (long) gid, i); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } - if (status == PAM_SUCCESS) { - break; - } - } - } else { - status = PAM_SUCCESS; - } - - free(data_name); - - if (status == PAM_SUCCESS) { - D(("success")); - return result; - } - - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - - free(buffer); - return NULL; - - } else if (errno != ERANGE && errno != EINTR) { - /* no sense in repeating the call */ - break; - } - - length <<= 2; - - } while (length < PWD_ABSURD_PWD_LENGTH); - - D(("grp structure took %u bytes or so of memory", - length+sizeof(struct group))); - - free(buffer); - return NULL; - -#else /* ie. ifndef HAVE_GETGRGID_R */ - - /* - * Sorry, there does not appear to be a reentrant version of - * getgrgid(). So, we use the standard libc function. - */ - - return getgrgid(gid); - -#endif /* def HAVE_GETGRGID_R */ -} diff --git a/Linux-PAM/libpam/pam_modutil_getgrnam.c b/Linux-PAM/libpam/pam_modutil_getgrnam.c deleted file mode 100644 index 99c90800..00000000 --- a/Linux-PAM/libpam/pam_modutil_getgrnam.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * $Id: pam_modutil_getgrnam.c,v 1.2 2007/08/30 04:00:39 vorlon Exp $ - * - * This function provides a thread safer version of getgrnam() for use - * with PAM modules that care about this sort of thing. - * - * XXX - or at least it should provide a thread-safe alternative. - */ - -#include "pam_modutil_private.h" - -#include <errno.h> -#include <limits.h> -#include <grp.h> -#include <stdio.h> -#include <stdlib.h> - -static int intlen(int number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -struct group * -pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) -{ -#ifdef HAVE_GETGRNAM_R - - void *buffer=NULL; - size_t length = PWD_INITIAL_LENGTH; - - do { - int status; - void *new_buffer; - struct group *result = NULL; - - new_buffer = realloc(buffer, sizeof(struct group) + length); - if (new_buffer == NULL) { - - D(("out of memory")); - - /* no memory for the group - so delete the memory */ - if (buffer) { - free(buffer); - } - return NULL; - } - buffer = new_buffer; - - /* make the re-entrant call to get the grp structure */ - errno = 0; - status = getgrnam_r(group, buffer, - sizeof(struct group) + (char *) buffer, - length, &result); - if (!status && (result == buffer)) { - char *data_name; - const void *ignore; - int i; - - data_name = malloc(strlen("_pammodutil_getgrnam") + 1 + - strlen(group) + 1 + intlen(INT_MAX) + 1); - if ((pamh != NULL) && (data_name == NULL)) { - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - free(buffer); - return NULL; - } - - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } - if (status == PAM_SUCCESS) { - break; - } - } - } else { - status = PAM_SUCCESS; - } - - free(data_name); - - if (status == PAM_SUCCESS) { - D(("success")); - return result; - } - - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - - free(buffer); - return NULL; - - } else if (errno != ERANGE && errno != EINTR) { - /* no sense in repeating the call */ - break; - } - - length <<= 2; - - } while (length < PWD_ABSURD_PWD_LENGTH); - - D(("grp structure took %u bytes or so of memory", - length+sizeof(struct group))); - - free(buffer); - return NULL; - -#else /* ie. ifndef HAVE_GETGRNAM_R */ - - /* - * Sorry, there does not appear to be a reentrant version of - * getgrnam(). So, we use the standard libc function. - */ - - return getgrnam(group); - -#endif /* def HAVE_GETGRNAM_R */ -} diff --git a/Linux-PAM/libpam/pam_modutil_getlogin.c b/Linux-PAM/libpam/pam_modutil_getlogin.c deleted file mode 100644 index dcd28a13..00000000 --- a/Linux-PAM/libpam/pam_modutil_getlogin.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * $Id: pam_modutil_getlogin.c,v 1.2 2005/11/23 16:42:40 kukuk Exp $ - * - * A central point for invoking getlogin(). Hopefully, this is a - * little harder to spoof than all the other versions that are out - * there. - */ - -#include "pam_modutil_private.h" - -#include <stdlib.h> -#include <unistd.h> -#include <utmp.h> - -#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" - -const char * -pam_modutil_getlogin(pam_handle_t *pamh) -{ - int status; - const void *logname; - const void *void_curr_tty; - const char *curr_tty; - char *curr_user; - struct utmp *ut, line; - - status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname); - if (status == PAM_SUCCESS) { - return logname; - } - - status = pam_get_item(pamh, PAM_TTY, &void_curr_tty); - if ((status != PAM_SUCCESS) || (void_curr_tty == NULL)) - curr_tty = ttyname(0); - else - curr_tty = (const char*)void_curr_tty; - - if (curr_tty == NULL) { - return NULL; - } - - if (curr_tty[0] == '/') { /* full path */ - const char *t; - curr_tty++; - if ((t = strchr(curr_tty, '/')) != NULL) { - curr_tty = t + 1; - } - } - logname = NULL; - - setutent(); - strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); - - if ((ut = getutline(&line)) == NULL) { - goto clean_up_and_go_home; - } - - curr_user = calloc(sizeof(line.ut_user)+1, 1); - if (curr_user == NULL) { - goto clean_up_and_go_home; - } - - strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); - /* calloc already zeroed the memory */ - - status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user, - pam_modutil_cleanup); - if (status != PAM_SUCCESS) { - free(curr_user); - goto clean_up_and_go_home; - } - - logname = curr_user; - -clean_up_and_go_home: - - endutent(); - - return logname; -} diff --git a/Linux-PAM/libpam/pam_modutil_getpwnam.c b/Linux-PAM/libpam/pam_modutil_getpwnam.c deleted file mode 100644 index b81617d5..00000000 --- a/Linux-PAM/libpam/pam_modutil_getpwnam.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * $Id: pam_modutil_getpwnam.c,v 1.2 2007/08/30 04:00:39 vorlon Exp $ - * - * This function provides a thread safer version of getpwnam() for use - * with PAM modules that care about this sort of thing. - * - * XXX - or at least it should provide a thread-safe alternative. - */ - -#include "pam_modutil_private.h" - -#include <errno.h> -#include <limits.h> -#include <pwd.h> -#include <stdio.h> -#include <stdlib.h> - -static int intlen(int number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -struct passwd * -pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) -{ -#ifdef HAVE_GETPWNAM_R - - void *buffer=NULL; - size_t length = PWD_INITIAL_LENGTH; - - do { - int status; - void *new_buffer; - struct passwd *result = NULL; - - new_buffer = realloc(buffer, sizeof(struct passwd) + length); - if (new_buffer == NULL) { - - D(("out of memory")); - - /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } - return NULL; - } - buffer = new_buffer; - - /* make the re-entrant call to get the pwd structure */ - errno = 0; - status = getpwnam_r(user, buffer, - sizeof(struct passwd) + (char *) buffer, - length, &result); - if (!status && (result == buffer)) { - char *data_name; - const void *ignore; - int i; - - data_name = malloc(strlen("_pammodutil_getpwnam") + 1 + - strlen(user) + 1 + intlen(INT_MAX) + 1); - if ((pamh != NULL) && (data_name == NULL)) { - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - free(buffer); - return NULL; - } - - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } - if (status == PAM_SUCCESS) { - break; - } - } - } else { - status = PAM_SUCCESS; - } - - free(data_name); - - if (status == PAM_SUCCESS) { - D(("success")); - return result; - } - - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - - free(buffer); - return NULL; - - } else if (errno != ERANGE && errno != EINTR) { - /* no sense in repeating the call */ - break; - } - - length <<= 2; - - } while (length < PWD_ABSURD_PWD_LENGTH); - - D(("pwd structure took %u bytes or so of memory", - length+sizeof(struct passwd))); - - free(buffer); - return NULL; - -#else /* ie. ifndef HAVE_GETPWNAM_R */ - - /* - * Sorry, there does not appear to be a reentrant version of - * getpwnam(). So, we use the standard libc function. - */ - - return getpwnam(user); - -#endif /* def HAVE_GETPWNAM_R */ -} diff --git a/Linux-PAM/libpam/pam_modutil_getpwuid.c b/Linux-PAM/libpam/pam_modutil_getpwuid.c deleted file mode 100644 index 3ea02488..00000000 --- a/Linux-PAM/libpam/pam_modutil_getpwuid.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * $Id: pam_modutil_getpwuid.c,v 1.2 2007/08/30 04:00:39 vorlon Exp $ - * - * This function provides a thread safer version of getpwuid() for use - * with PAM modules that care about this sort of thing. - * - * XXX - or at least it should provide a thread-safe alternative. - */ - -#include "pam_modutil_private.h" - -#include <errno.h> -#include <limits.h> -#include <pwd.h> -#include <stdio.h> -#include <stdlib.h> - -static int intlen(int number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -static int longlen(long number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -struct passwd * -pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) -{ -#ifdef HAVE_GETPWUID_R - - void *buffer=NULL; - size_t length = PWD_INITIAL_LENGTH; - - do { - int status; - void *new_buffer; - struct passwd *result = NULL; - - new_buffer = realloc(buffer, sizeof(struct passwd) + length); - if (new_buffer == NULL) { - - D(("out of memory")); - - /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } - return NULL; - } - buffer = new_buffer; - - /* make the re-entrant call to get the pwd structure */ - errno = 0; - status = getpwuid_r(uid, buffer, - sizeof(struct passwd) + (char *) buffer, - length, &result); - if (!status && (result == buffer)) { - char *data_name; - const void *ignore; - int i; - - data_name = malloc(strlen("_pammodutil_getpwuid") + 1 + - longlen((long) uid) + 1 + intlen(INT_MAX) + 1); - if ((pamh != NULL) && (data_name == NULL)) { - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - free(buffer); - return NULL; - } - - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", - (long) uid, i); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } - if (status == PAM_SUCCESS) { - break; - } - } - } else { - status = PAM_SUCCESS; - } - - free(data_name); - - if (status == PAM_SUCCESS) { - D(("success")); - return result; - } - - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - - free(buffer); - return NULL; - - } else if (errno != ERANGE && errno != EINTR) { - /* no sense in repeating the call */ - break; - } - - length <<= 2; - - } while (length < PWD_ABSURD_PWD_LENGTH); - - D(("pwd structure took %u bytes or so of memory", - length+sizeof(struct passwd))); - - free(buffer); - return NULL; - -#else /* ie. ifndef HAVE_GETPWUID_R */ - - /* - * Sorry, there does not appear to be a reentrant version of - * getpwuid(). So, we use the standard libc function. - */ - - return getpwuid(uid); - -#endif /* def HAVE_GETPWUID_R */ -} diff --git a/Linux-PAM/libpam/pam_modutil_getspnam.c b/Linux-PAM/libpam/pam_modutil_getspnam.c deleted file mode 100644 index 6c02e9c2..00000000 --- a/Linux-PAM/libpam/pam_modutil_getspnam.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * $Id: pam_modutil_getspnam.c,v 1.2 2007/08/30 04:00:39 vorlon Exp $ - * - * This function provides a thread safer version of getspnam() for use - * with PAM modules that care about this sort of thing. - * - * XXX - or at least it should provide a thread-safe alternative. - */ - -#include "pam_modutil_private.h" - -#include <errno.h> -#include <limits.h> -#include <shadow.h> -#include <stdio.h> -#include <stdlib.h> - -static int intlen(int number) -{ - int len = 2; - while (number != 0) { - number /= 10; - len++; - } - return len; -} - -struct spwd * -pam_modutil_getspnam(pam_handle_t *pamh, const char *user) -{ -#ifdef HAVE_GETSPNAM_R - - void *buffer=NULL; - size_t length = PWD_INITIAL_LENGTH; - - do { - int status; - void *new_buffer; - struct spwd *result = NULL; - - new_buffer = realloc(buffer, sizeof(struct spwd) + length); - if (new_buffer == NULL) { - - D(("out of memory")); - - /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } - return NULL; - } - buffer = new_buffer; - - /* make the re-entrant call to get the spwd structure */ - errno = 0; - status = getspnam_r(user, buffer, - sizeof(struct spwd) + (char *) buffer, - length, &result); - if (!status && (result == buffer)) { - char *data_name; - const void *ignore; - int i; - - data_name = malloc(strlen("_pammodutil_getspnam") + 1 + - strlen(user) + 1 + intlen(INT_MAX) + 1); - if ((pamh != NULL) && (data_name == NULL)) { - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - free(buffer); - return NULL; - } - - if (pamh != NULL) { - for (i = 0; i < INT_MAX; i++) { - sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i); - status = PAM_NO_MODULE_DATA; - if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { - status = pam_set_data(pamh, data_name, - result, pam_modutil_cleanup); - } - if (status == PAM_SUCCESS) { - break; - } - } - } else { - status = PAM_SUCCESS; - } - - free(data_name); - - if (status == PAM_SUCCESS) { - D(("success")); - return result; - } - - D(("was unable to register the data item [%s]", - pam_strerror(pamh, status))); - - free(buffer); - return NULL; - - } else if (errno != ERANGE && errno != EINTR) { - /* no sense in repeating the call */ - break; - } - - length <<= 2; - - } while (length < PWD_ABSURD_PWD_LENGTH); - - D(("spwd structure took %u bytes or so of memory", - length+sizeof(struct spwd))); - - free(buffer); - return NULL; - -#else /* ie. ifndef HAVE_GETSPNAM_R */ - - /* - * Sorry, there does not appear to be a reentrant version of - * getspnam(). So, we use the standard libc function. - */ - - return getspnam(user); - -#endif /* def HAVE_GETSPNAM_R */ -} diff --git a/Linux-PAM/libpam/pam_modutil_ingroup.c b/Linux-PAM/libpam/pam_modutil_ingroup.c deleted file mode 100644 index adb9dadb..00000000 --- a/Linux-PAM/libpam/pam_modutil_ingroup.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * $Id: pam_modutil_ingroup.c,v 1.1 2005/09/21 10:00:58 t8m Exp $ - * - * This function provides common methods for checking if a user is in a - * specified group. - */ - -#include "pam_modutil_private.h" - -#include <stdlib.h> -#include <pwd.h> -#include <grp.h> - -#ifdef HAVE_GETGROUPLIST -static int checkgrouplist(const char *user, gid_t primary, gid_t target) -{ - gid_t *grouplist = NULL; - int agroups, ngroups, i; - ngroups = agroups = 3; - do { - grouplist = malloc(sizeof(gid_t) * agroups); - if (grouplist == NULL) { - return 0; - } - ngroups = agroups; - i = getgrouplist(user, primary, grouplist, &ngroups); - if ((i < 0) || (ngroups < 1)) { - agroups *= 2; - free(grouplist); - } else { - for (i = 0; i < ngroups; i++) { - if (grouplist[i] == target) { - free(grouplist); - return 1; - } - } - free(grouplist); - } - } while (((i < 0) || (ngroups < 1)) && (agroups < 10000)); - return 0; -} -#endif - -static int -pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED, - struct passwd *pwd, - struct group *grp) -{ - int i; - - if (pwd == NULL) { - return 0; - } - if (grp == NULL) { - return 0; - } - - if (pwd->pw_gid == grp->gr_gid) { - return 1; - } - - for (i = 0; (grp->gr_mem != NULL) && (grp->gr_mem[i] != NULL); i++) { - if (strcmp(pwd->pw_name, grp->gr_mem[i]) == 0) { - return 1; - } - } - -#ifdef HAVE_GETGROUPLIST - if (checkgrouplist(pwd->pw_name, pwd->pw_gid, grp->gr_gid)) { - return 1; - } -#endif - - return 0; -} - -int -pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, - const char *user, const char *group) -{ - struct passwd *pwd; - struct group *grp; - - pwd = pam_modutil_getpwnam(pamh, user); - grp = pam_modutil_getgrnam(pamh, group); - - return pam_modutil_user_in_group_common(pamh, pwd, grp); -} - -int -pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, - const char *user, gid_t group) -{ - struct passwd *pwd; - struct group *grp; - - pwd = pam_modutil_getpwnam(pamh, user); - grp = pam_modutil_getgrgid(pamh, group); - - return pam_modutil_user_in_group_common(pamh, pwd, grp); -} - -int -pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, - uid_t user, const char *group) -{ - struct passwd *pwd; - struct group *grp; - - pwd = pam_modutil_getpwuid(pamh, user); - grp = pam_modutil_getgrnam(pamh, group); - - return pam_modutil_user_in_group_common(pamh, pwd, grp); -} - -int -pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, - uid_t user, gid_t group) -{ - struct passwd *pwd; - struct group *grp; - - pwd = pam_modutil_getpwuid(pamh, user); - grp = pam_modutil_getgrgid(pamh, group); - - return pam_modutil_user_in_group_common(pamh, pwd, grp); -} diff --git a/Linux-PAM/libpam/pam_modutil_ioloop.c b/Linux-PAM/libpam/pam_modutil_ioloop.c deleted file mode 100644 index d23f007a..00000000 --- a/Linux-PAM/libpam/pam_modutil_ioloop.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * $Id: pam_modutil_ioloop.c,v 1.1 2005/09/21 10:00:58 t8m Exp $ - * - * These functions provides common methods for ensure a complete read or - * write occurs. It handles EINTR and partial read/write returns. - */ - -#include "pam_modutil_private.h" - -#include <unistd.h> -#include <errno.h> - -int -pam_modutil_read(int fd, char *buffer, int count) -{ - int block, offset = 0; - - while (count > 0) { - block = read(fd, &buffer[offset], count); - - if (block < 0) { - if (errno == EINTR) continue; - return block; - } - if (block == 0) return offset; - - offset += block; - count -= block; - } - - return offset; -} - -int -pam_modutil_write(int fd, const char *buffer, int count) -{ - int block, offset = 0; - - while (count > 0) { - block = write(fd, &buffer[offset], count); - - if (block < 0) { - if (errno == EINTR) continue; - return block; - } - if (block == 0) return offset; - - offset += block; - count -= block; - } - - return offset; -} diff --git a/Linux-PAM/libpam/pam_modutil_private.h b/Linux-PAM/libpam/pam_modutil_private.h deleted file mode 100644 index e118f599..00000000 --- a/Linux-PAM/libpam/pam_modutil_private.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef PAMMODUTIL_PRIVATE_H -#define PAMMODUTIL_PRIVATE_H - -/* - * $Id: pam_modutil_private.h,v 1.1 2005/09/21 10:00:58 t8m Exp $ - * - * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org> - */ - -#include "config.h" - -#include <security/_pam_macros.h> -#include <security/pam_modules.h> -#include <security/pam_modutil.h> - -#define PWD_INITIAL_LENGTH 0x100 -#define PWD_ABSURD_PWD_LENGTH 0x8000 - -extern void -pam_modutil_cleanup(pam_handle_t *pamh, void *data, - int error_status); - -#endif /* PAMMODUTIL_PRIVATE_H */ diff --git a/Linux-PAM/libpam/pam_password.c b/Linux-PAM/libpam/pam_password.c deleted file mode 100644 index cd57f20b..00000000 --- a/Linux-PAM/libpam/pam_password.c +++ /dev/null @@ -1,61 +0,0 @@ -/* pam_password.c - PAM Password Management */ - -/* - * $Id: pam_password.c,v 1.5 2006/07/24 15:47:40 kukuk Exp $ - */ - -/* #define DEBUG */ - -#include "pam_private.h" - -#include <stdio.h> -#include <stdlib.h> - -int pam_chauthtok(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("called.")); - - IF_NO_PAMH("pam_chauthtok", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - - if (pamh->former.choice == PAM_NOT_STACKED) { - _pam_start_timer(pamh); /* we try to make the time for a failure - independent of the time it takes to - fail */ - _pam_sanitize(pamh); - pamh->former.update = PAM_FALSE; - } - - /* first call to check if there will be a problem */ - if (pamh->former.update || - (retval = _pam_dispatch(pamh, flags|PAM_PRELIM_CHECK, - PAM_CHAUTHTOK)) == PAM_SUCCESS) { - D(("completed check ok: former=%d", pamh->former.update)); - pamh->former.update = PAM_TRUE; - retval = _pam_dispatch(pamh, flags|PAM_UPDATE_AUTHTOK, - PAM_CHAUTHTOK); - } - - /* if we completed we should clean up */ - if (retval != PAM_INCOMPLETE) { - _pam_sanitize(pamh); - pamh->former.update = PAM_FALSE; - _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ - D(("pam_chauthtok exit %d - %d", retval, pamh->former.choice)); - } else { - D(("will resume when ready", retval)); - } - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_CHAUTHTOK, retval, flags); -#endif - - return retval; -} - diff --git a/Linux-PAM/libpam/pam_prelude.c b/Linux-PAM/libpam/pam_prelude.c deleted file mode 100644 index 6c73bf5d..00000000 --- a/Linux-PAM/libpam/pam_prelude.c +++ /dev/null @@ -1,454 +0,0 @@ -/* - * pam_prelude.c -- prelude reporting - * http://www.prelude-ids.org - * - * (C) Sebastien Tricaud 2005 <toady@gscore.org> - */ - -#include <stdio.h> -#include <syslog.h> - -#ifdef PRELUDE - -#include <libprelude/prelude.h> -#include <libprelude/prelude-log.h> -#include <libprelude/idmef-message-print.h> - -#include "pam_prelude.h" -#include "pam_private.h" - - -#define ANALYZER_CLASS "pam" -#define ANALYZER_MODEL "PAM" -#define ANALYZER_MANUFACTURER "Sebastien Tricaud, http://www.kernel.org/pub/linux/libs/pam/" - -#define DEFAULT_ANALYZER_NAME "PAM" - -static const char * -pam_get_item_service(const pam_handle_t *pamh) -{ - const void *service = NULL; - - pam_get_item(pamh, PAM_SERVICE, &service); - - return service; -} - -static const char * -pam_get_item_user(const pam_handle_t *pamh) -{ - const void *user = NULL; - - pam_get_item(pamh, PAM_USER, &user); - - return user; -} - -static const char * -pam_get_item_user_prompt(const pam_handle_t *pamh) -{ - const void *user_prompt = NULL; - - pam_get_item(pamh, PAM_USER_PROMPT, &user_prompt); - - return user_prompt; -} - -static const char * -pam_get_item_tty(const pam_handle_t *pamh) -{ - const void *tty = NULL; - - pam_get_item(pamh, PAM_TTY, &tty); - - return tty; -} - -static const char * -pam_get_item_ruser(const pam_handle_t *pamh) -{ - const void *ruser = NULL; - - pam_get_item(pamh, PAM_RUSER, &ruser); - - return ruser; -} - -static const char * -pam_get_item_rhost(const pam_handle_t *pamh) -{ - const void *rhost = NULL; - - pam_get_item(pamh, PAM_RHOST, &rhost); - - return rhost; -} - -/* Courteously stolen from prelude-lml */ -static int -generate_additional_data(idmef_alert_t *alert, const char *meaning, - const char *data) -{ - int ret; - prelude_string_t *str; - idmef_additional_data_t *adata; - - ret = idmef_alert_new_additional_data(alert, &adata, -1); - if ( ret < 0 ) - return ret; - - ret = idmef_additional_data_new_meaning(adata, &str); - if ( ret < 0 ) - return ret; - - ret = prelude_string_set_ref(str, meaning); - if ( ret < 0 ) - return ret; - - return idmef_additional_data_set_string_ref(adata, data); -} - -static int -setup_analyzer(const pam_handle_t *pamh, idmef_analyzer_t *analyzer) -{ - int ret; - prelude_string_t *string; - - ret = idmef_analyzer_new_model(analyzer, &string); - if ( ret < 0 ) - goto err; - prelude_string_set_constant(string, ANALYZER_MODEL); - - ret = idmef_analyzer_new_class(analyzer, &string); - if ( ret < 0 ) - goto err; - prelude_string_set_constant(string, ANALYZER_CLASS); - - ret = idmef_analyzer_new_manufacturer(analyzer, &string); - if ( ret < 0 ) - goto err; - prelude_string_set_constant(string, ANALYZER_MANUFACTURER); - - ret = idmef_analyzer_new_version(analyzer, &string); - if ( ret < 0 ) - goto err; - prelude_string_set_constant(string, PAM_VERSION); - - - return 0; - - err: - pam_syslog(pamh, LOG_WARNING, - "%s: IDMEF error: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); - - return -1; -} - -static void -pam_alert_prelude(const char *msg, void *data, - pam_handle_t *pamh, int authval) -{ - int ret; - idmef_time_t *clienttime; - idmef_alert_t *alert; - prelude_string_t *str; - idmef_message_t *idmef = NULL; - idmef_classification_t *class; - prelude_client_t *client = (prelude_client_t *)data; - idmef_source_t *source; - idmef_target_t *target; - idmef_user_t *user; - idmef_user_id_t *user_id; - idmef_process_t *process; - idmef_classification_t *classification; - idmef_impact_t *impact; - idmef_assessment_t *assessment; - idmef_node_t *node; - idmef_analyzer_t *analyzer; - - - ret = idmef_message_new(&idmef); - if ( ret < 0 ) - goto err; - - ret = idmef_message_new_alert(idmef, &alert); - if ( ret < 0 ) - goto err; - - ret = idmef_alert_new_classification(alert, &class); - if ( ret < 0 ) - goto err; - - ret = idmef_classification_new_text(class, &str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_new_ref(&str, msg); - if ( ret < 0 ) - goto err; - - idmef_classification_set_text(class, str); - - ret = idmef_time_new_from_gettimeofday(&clienttime); - if ( ret < 0 ) - goto err; - idmef_alert_set_create_time(alert, clienttime); - - idmef_alert_set_analyzer(alert, - idmef_analyzer_ref(prelude_client_get_analyzer(client)), - 0); - - /********** - * SOURCE * - **********/ - ret = idmef_alert_new_source(alert, &source, -1); - if ( ret < 0 ) - goto err; - - /* BEGIN: Sets the user doing authentication stuff */ - ret = idmef_source_new_user(source, &user); - if ( ret < 0 ) - goto err; - idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); - - ret = idmef_user_new_user_id(user, &user_id, 0); - if ( ret < 0 ) - goto err; - idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_ORIGINAL_USER); - - if ( pam_get_item_ruser(pamh) ) { - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_get_item_ruser(pamh)); - if ( ret < 0 ) - goto err; - - idmef_user_id_set_name(user_id, str); - } - /* END */ - /* BEGIN: Adds TTY infos */ - if ( pam_get_item_tty(pamh) ) { - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_get_item_tty(pamh)); - if ( ret < 0 ) - goto err; - - idmef_user_id_set_tty(user_id, str); - } - /* END */ - /* BEGIN: Sets the source node (rhost) */ - ret = idmef_source_new_node(source, &node); - if ( ret < 0 ) - goto err; - idmef_node_set_category(node, IDMEF_NODE_CATEGORY_HOSTS); - - if ( pam_get_item_rhost(pamh) ) { - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_get_item_rhost(pamh)); - if ( ret < 0 ) - goto err; - - idmef_node_set_name(node, str); - } - /* END */ - /* BEGIN: Describe the service */ - ret = idmef_source_new_process(source, &process); - if ( ret < 0 ) - goto err; - idmef_process_set_pid(process, getpid()); - - if ( pam_get_item_service(pamh) ) { - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_get_item_service(pamh)); - if ( ret < 0 ) - goto err; - - idmef_process_set_name(process, str); - } - /* END */ - - /********** - * TARGET * - **********/ - - ret = idmef_alert_new_target(alert, &target, -1); - if ( ret < 0 ) - goto err; - - - /* BEGIN: Sets the target node */ - analyzer = prelude_client_get_analyzer(client); - if ( ! analyzer ) goto err; - - node = idmef_analyzer_get_node(analyzer); - if ( ! node ) goto err; - idmef_target_set_node(target, node); - node = idmef_node_ref(node); - if ( ! node ) goto err; - /* END */ - /* BEGIN: Sets the user doing authentication stuff */ - ret = idmef_target_new_user(target, &user); - if ( ret < 0 ) - goto err; - idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); - - ret = idmef_user_new_user_id(user, &user_id, 0); - if ( ret < 0 ) - goto err; - idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); - - if ( pam_get_item_user(pamh) ) { - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_get_item_user(pamh)); - if ( ret < 0 ) - goto err; - - idmef_user_id_set_name(user_id, str); - } - /* END */ - /* BEGIN: Short description of the alert */ - ret = idmef_alert_new_classification(alert, &classification); - if ( ret < 0 ) - goto err; - - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, - authval == PAM_SUCCESS ? - "Authentication Success" : "Authentication Failure"); - if ( ret < 0 ) - goto err; - - idmef_classification_set_text(classification, str); - /* END */ - /* BEGIN: Long description of the alert */ - ret = idmef_alert_new_assessment(alert, &assessment); - if ( ret < 0 ) - goto err; - - ret = idmef_assessment_new_impact(assessment, &impact); - if ( ret < 0 ) - goto err; - - ret = prelude_string_new(&str); - if ( ret < 0 ) - goto err; - - ret = prelude_string_set_ref(str, pam_strerror (pamh, authval)); - if ( ret < 0 ) - goto err; - - idmef_impact_set_description(impact, str); - /* END */ - /* BEGIN: Adding additional data */ - if ( pam_get_item_user_prompt(pamh) ) { - ret = generate_additional_data(alert, "Local User Prompt", - pam_get_item_user_prompt(pamh)); - if ( ret < 0 ) - goto err; - } - /* END */ - - prelude_client_send_idmef(client, idmef); - - if ( idmef ) - idmef_message_destroy(idmef); - - return; - err: - pam_syslog(pamh, LOG_WARNING, "%s: IDMEF error: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); - - if ( idmef ) - idmef_message_destroy(idmef); - -} - -static int -pam_alert_prelude_init(pam_handle_t *pamh, int authval) -{ - - int ret; - prelude_client_t *client = NULL; - - ret = prelude_init(NULL, NULL); - if ( ret < 0 ) { - pam_syslog(pamh, LOG_WARNING, - "%s: Unable to initialize the Prelude library: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); - return -1; - } - - ret = prelude_client_new(&client, DEFAULT_ANALYZER_NAME); - if ( ! client ) { - pam_syslog(pamh, LOG_WARNING, - "%s: Unable to create a prelude client object: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); - - return -1; - } - - - ret = setup_analyzer(pamh, prelude_client_get_analyzer(client)); - if ( ret < 0 ) { - pam_syslog(pamh, LOG_WARNING, - "%s: Unable to setup analyzer: %s\n", - prelude_strsource(ret), prelude_strerror(ret)); - - prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); - - return -1; - } - - ret = prelude_client_start(client); - if ( ret < 0 ) { - pam_syslog(pamh, LOG_WARNING, - "%s: Unable to initialize prelude client: %s.\n", - prelude_strsource(ret), prelude_strerror(ret)); - - prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); - - return -1; - } - - pam_alert_prelude("libpam alert" , client, pamh, authval); - - prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); - - return 0; -} - -void -prelude_send_alert(pam_handle_t *pamh, int authval) -{ - - int ret; - - prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG); - - ret = pam_alert_prelude_init(pamh, authval); - if ( ret < 0 ) - pam_syslog(pamh, LOG_WARNING, "No prelude alert sent"); - - prelude_deinit(); - -} - -#endif /* PRELUDE */ diff --git a/Linux-PAM/libpam/pam_prelude.h b/Linux-PAM/libpam/pam_prelude.h deleted file mode 100644 index 13ee6fdb..00000000 --- a/Linux-PAM/libpam/pam_prelude.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * pam_prelude.h -- prelude ids reporting - * http://www.prelude-ids.org - * - * (C) Sebastien Tricaud 2005 <toady@gscore.org> - */ - -#ifndef _SECURITY_PAM_PRELUDE_H -#define _SECURITY_PAM_PRELUDE_H - -#include <security/_pam_types.h> - -void prelude_send_alert(pam_handle_t *pamh, int authval); - -#endif /* _SECURITY_PAM_PRELUDE_H */ - diff --git a/Linux-PAM/libpam/pam_private.h b/Linux-PAM/libpam/pam_private.h deleted file mode 100644 index 333f4d0f..00000000 --- a/Linux-PAM/libpam/pam_private.h +++ /dev/null @@ -1,357 +0,0 @@ -/* - * pam_private.h - * - * This is the Linux-PAM Library Private Header. It contains things - * internal to the Linux-PAM library. Things not needed by either an - * application or module. - * - * Please see end of file for copyright. - * - * Creator: Marc Ewing. - * Maintained: CVS - */ - -#ifndef _PAM_PRIVATE_H -#define _PAM_PRIVATE_H - -#include "config.h" - -#include <syslog.h> - -#include <security/pam_appl.h> -#include <security/pam_modules.h> -#include <security/pam_ext.h> - -/* the Linux-PAM configuration file */ - -#define PAM_CONFIG "/etc/pam.conf" -#define PAM_CONFIG_D "/etc/pam.d" -#define PAM_CONFIG_DF "/etc/pam.d/%s" - -#define PAM_DEFAULT_SERVICE "other" /* lower case */ -#define PAM_DEFAULT_SERVICE_FILE PAM_CONFIG_D "/" PAM_DEFAULT_SERVICE - -#ifdef PAM_LOCKING -/* - * the Linux-PAM lock file. If it exists Linux-PAM will abort. Use it - * to block access to libpam - */ -#define PAM_LOCK_FILE "/var/lock/subsys/PAM" -#endif - -/* components of the pam_handle structure */ - -#define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */ - -struct handler { - int handler_type; - int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv); - int actions[_PAM_RETURN_VALUES]; - /* set by authenticate, open_session, chauthtok(1st) - consumed by setcred, close_session, chauthtok(2nd) */ - int cached_retval; int *cached_retval_p; - int argc; - char **argv; - struct handler *next; - char *mod_name; - int stack_level; -}; - -#define PAM_HT_MODULE 0 -#define PAM_HT_MUST_FAIL 1 -#define PAM_HT_SUBSTACK 2 - -struct loaded_module { - char *name; - int type; /* PAM_STATIC_MOD or PAM_DYNAMIC_MOD */ - void *dl_handle; -}; - -#define PAM_MT_DYNAMIC_MOD 0 -#define PAM_MT_STATIC_MOD 1 -#define PAM_MT_FAULTY_MOD 2 - -struct handlers { - struct handler *authenticate; - struct handler *setcred; - struct handler *acct_mgmt; - struct handler *open_session; - struct handler *close_session; - struct handler *chauthtok; -}; - -struct service { - struct loaded_module *module; /* Array of modules */ - int modules_allocated; - int modules_used; - int handlers_loaded; - - struct handlers conf; /* the configured handlers */ - struct handlers other; /* the default handlers */ -}; - -/* - * Environment helper functions - */ - -#define PAM_ENV_CHUNK 10 /* chunks of memory calloc()'d * - * at once */ - -struct pam_environ { - int entries; /* the number of pointers available */ - int requested; /* the number of pointers used: * - * 1 <= requested <= entries */ - char **list; /* the environment storage (a list * - * of pointers to malloc() memory) */ -}; - -#include <sys/time.h> - -typedef enum { PAM_FALSE, PAM_TRUE } _pam_boolean; - -struct _pam_fail_delay { - _pam_boolean set; - unsigned int delay; - time_t begin; - const void *delay_fn_ptr; -}; - -/* initial state in substack */ -struct _pam_substack_state { - int impression; - int status; -}; - -struct _pam_former_state { -/* this is known and set by _pam_dispatch() */ - int choice; /* which flavor of module function did we call? */ - -/* state info for the _pam_dispatch_aux() function */ - int depth; /* how deep in the stack were we? */ - int impression; /* the impression at that time */ - int status; /* the status before returning incomplete */ - struct _pam_substack_state *substates; /* array of initial substack states */ - -/* state info used by pam_get_user() function */ - int fail_user; - int want_user; - char *prompt; /* saved prompt information */ - -/* state info for the pam_chauthtok() function */ - _pam_boolean update; -}; - -struct pam_handle { - char *authtok; - unsigned caller_is; - struct pam_conv *pam_conversation; - char *oldauthtok; - char *prompt; /* for use by pam_get_user() */ - char *service_name; - char *user; - char *rhost; - char *ruser; - char *tty; - char *xdisplay; - struct pam_data *data; - struct pam_environ *env; /* structure to maintain environment list */ - struct _pam_fail_delay fail_delay; /* helper function for easy delays */ - struct pam_xauth_data xauth; /* auth info for X display */ - struct service handlers; - struct _pam_former_state former; /* library state - support for - event driven applications */ - const char *mod_name; /* Name of the module currently executed */ - int choice; /* Which function we call from the module */ - -#ifdef HAVE_LIBAUDIT - int audit_state; /* keep track of reported audit messages */ -#endif -}; - -/* Values for select arg to _pam_dispatch() */ -#define PAM_NOT_STACKED 0 -#define PAM_AUTHENTICATE 1 -#define PAM_SETCRED 2 -#define PAM_ACCOUNT 3 -#define PAM_OPEN_SESSION 4 -#define PAM_CLOSE_SESSION 5 -#define PAM_CHAUTHTOK 6 - -#define _PAM_ACTION_IS_JUMP(x) ((x) > 0) -#define _PAM_ACTION_IGNORE 0 -#define _PAM_ACTION_OK -1 -#define _PAM_ACTION_DONE -2 -#define _PAM_ACTION_BAD -3 -#define _PAM_ACTION_DIE -4 -#define _PAM_ACTION_RESET -5 -/* Add any new entries here. Will need to change ..._UNDEF and then - * need to change pam_tokens.h */ -#define _PAM_ACTION_UNDEF -6 /* this is treated as an error - ( = _PAM_ACTION_BAD) */ - -#define PAM_SUBSTACK_MAX_LEVEL 16 /* maximum level of substacks */ - -/* character tables for parsing config files */ -extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF]; -extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1]; - -/* - * internally defined functions --- these should not be directly - * called by applications or modules - */ -int _pam_dispatch(pam_handle_t *pamh, int flags, int choice); - -/* Free various allocated structures and dlclose() the libs */ -int _pam_free_handlers(pam_handle_t *pamh); - -/* Parse config file, allocate handler structures, dlopen() */ -int _pam_init_handlers(pam_handle_t *pamh); - -/* Set all hander stuff to 0/NULL - called once from pam_start() */ -void _pam_start_handlers(pam_handle_t *pamh); - -/* environment helper functions */ - -/* create the environment structure */ -int _pam_make_env(pam_handle_t *pamh); - -/* delete the environment structure */ -void _pam_drop_env(pam_handle_t *pamh); - -/* these functions deal with failure delays as required by the - authentication modules and application. Their *interface* is likely - to remain the same although their function is hopefully going to - improve */ - -/* reset the timer to no-delay */ -void _pam_reset_timer(pam_handle_t *pamh); - -/* this sets the clock ticking */ -void _pam_start_timer(pam_handle_t *pamh); - -/* this waits for the clock to stop ticking if status != PAM_SUCCESS */ -void _pam_await_timer(pam_handle_t *pamh, int status); - -typedef void (*voidfunc(void))(void); -typedef int (*servicefn)(pam_handle_t *, int, int, char **); - -#ifdef PAM_STATIC -/* The next two in ../modules/_pam_static/pam_static.c */ - -/* Return pointer to data structure used to define a static module */ -struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, - const char *path); - -/* Return pointer to function requested from static module */ - -voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); -#else -void *_pam_dlopen (const char *mod_path); -servicefn _pam_dlsym (void *handle, const char *symbol); -void _pam_dlclose (void *handle); -const char *_pam_dlerror (void); -#endif - -/* For now we just use a stack and linear search for module data. */ -/* If it becomes apparent that there is a lot of data, it should */ -/* changed to either a sorted list or a hash table. */ - -struct pam_data { - char *name; - void *data; - void (*cleanup)(pam_handle_t *pamh, void *data, int error_status); - struct pam_data *next; -}; - -void _pam_free_data(pam_handle_t *pamh, int status); - -char *_pam_StrTok(char *from, const char *format, char **next); - -char *_pam_strdup(const char *s); - -char *_pam_memdup(const char *s, int len); - -int _pam_mkargv(char *s, char ***argv, int *argc); - -void _pam_sanitize(pam_handle_t *pamh); - -void _pam_set_default_control(int *control_array, int default_action); - -void _pam_parse_control(int *control_array, char *tok); - -#define _PAM_SYSTEM_LOG_PREFIX "PAM" - -/* - * XXX - Take care with this. It could confuse the logic of a trailing - * else - */ - -#define IF_NO_PAMH(X,pamh,ERR) \ -if ((pamh) == NULL) { \ - syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \ - return ERR; \ -} - -/* - * include some helpful macros - */ - -#include <security/_pam_macros.h> - -/* used to work out where control currently resides (in an application - or in a module) */ - -#define _PAM_CALLED_FROM_MODULE 1 -#define _PAM_CALLED_FROM_APP 2 - -#define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE) -#define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP) -#define __PAM_TO_MODULE(pamh) \ - do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0) -#define __PAM_TO_APP(pamh) \ - do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0) - -#ifdef HAVE_LIBAUDIT -extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); -extern int _pam_audit_end(pam_handle_t *pamh, int pam_status); -#endif - -/* - * Copyright (C) 1995 by Red Hat Software, Marc Ewing - * Copyright (c) 1996-8,2001 by Andrew G. Morgan <morgan@kernel.org> - * - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#endif /* _PAM_PRIVATE_H_ */ diff --git a/Linux-PAM/libpam/pam_session.c b/Linux-PAM/libpam/pam_session.c deleted file mode 100644 index 440ca8e6..00000000 --- a/Linux-PAM/libpam/pam_session.c +++ /dev/null @@ -1,52 +0,0 @@ -/* pam_session.c - PAM Session Management */ - -/* - * $Id: pam_session.c,v 1.6 2006/07/24 15:47:40 kukuk Exp $ - */ - -#include "pam_private.h" - -#include <stdio.h> - -int pam_open_session(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("called")); - - IF_NO_PAMH("pam_open_session", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION); - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags); -#endif - return retval; -} - -int pam_close_session(pam_handle_t *pamh, int flags) -{ - int retval; - - D(("called")); - - IF_NO_PAMH("pam_close_session", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from module!?")); - return PAM_SYSTEM_ERR; - } - - retval = _pam_dispatch(pamh, flags, PAM_CLOSE_SESSION); - -#ifdef HAVE_LIBAUDIT - retval = _pam_auditlog(pamh, PAM_CLOSE_SESSION, retval, flags); -#endif - - return retval; - -} diff --git a/Linux-PAM/libpam/pam_start.c b/Linux-PAM/libpam/pam_start.c deleted file mode 100644 index d7198323..00000000 --- a/Linux-PAM/libpam/pam_start.c +++ /dev/null @@ -1,136 +0,0 @@ -/* pam_start.c */ - -/* Creator Marc Ewing - * Maintained by AGM - * - * $Id: pam_start.c,v 1.10 2007/10/19 17:06:30 t8m Exp $ - * - */ - -#include "pam_private.h" - -#include <ctype.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <syslog.h> - -int pam_start ( - const char *service_name, - const char *user, - const struct pam_conv *pam_conversation, - pam_handle_t **pamh) -{ - D(("called pam_start: [%s] [%s] [%p] [%p]" - ,service_name, user, pam_conversation, pamh)); - - if (pamh == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_start: invalid argument: pamh == NULL"); - return (PAM_SYSTEM_ERR); - } - - if (service_name == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_start: invalid argument: service == NULL"); - return (PAM_SYSTEM_ERR); - } - - if (pam_conversation == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_start: invalid argument: conv == NULL"); - return (PAM_SYSTEM_ERR); - } - - if ((*pamh = calloc(1, sizeof(**pamh))) == NULL) { - pam_syslog(NULL, LOG_CRIT, "pam_start: calloc failed for *pamh"); - return (PAM_BUF_ERR); - } - - /* All service names should be files below /etc/pam.d and nothing - else. Forbid paths. */ - if (strrchr(service_name, '/') != NULL) - service_name = strrchr(service_name, '/') + 1; - - /* Mark the caller as the application - permission to do certain - things is limited to a module or an application */ - - __PAM_TO_APP(*pamh); - - if (((*pamh)->service_name = _pam_strdup(service_name)) == NULL) { - pam_syslog(*pamh, LOG_CRIT, - "pam_start: _pam_strdup failed for service name"); - _pam_drop(*pamh); - return (PAM_BUF_ERR); - } else { - char *tmp; - - for (tmp=(*pamh)->service_name; *tmp; ++tmp) - *tmp = tolower(*tmp); /* require lower case */ - } - - if (user) { - if (((*pamh)->user = _pam_strdup(user)) == NULL) { - pam_syslog(*pamh, LOG_CRIT, - "pam_start: _pam_strdup failed for user"); - _pam_drop((*pamh)->service_name); - _pam_drop(*pamh); - return (PAM_BUF_ERR); - } - } else - (*pamh)->user = NULL; - - (*pamh)->tty = NULL; - (*pamh)->prompt = NULL; /* prompt for pam_get_user() */ - (*pamh)->ruser = NULL; - (*pamh)->rhost = NULL; - (*pamh)->authtok = NULL; - (*pamh)->oldauthtok = NULL; - (*pamh)->fail_delay.delay_fn_ptr = NULL; - (*pamh)->former.choice = PAM_NOT_STACKED; - (*pamh)->former.substates = NULL; -#ifdef HAVE_LIBAUDIT - (*pamh)->audit_state = 0; -#endif - - if (((*pamh)->pam_conversation = (struct pam_conv *) - malloc(sizeof(struct pam_conv))) == NULL) { - pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv"); - _pam_drop((*pamh)->service_name); - _pam_drop((*pamh)->user); - _pam_drop(*pamh); - return (PAM_BUF_ERR); - } else { - memcpy((*pamh)->pam_conversation, pam_conversation, - sizeof(struct pam_conv)); - } - - (*pamh)->data = NULL; - if ( _pam_make_env(*pamh) != PAM_SUCCESS ) { - pam_syslog(*pamh,LOG_ERR,"pam_start: failed to initialize environment"); - _pam_drop((*pamh)->service_name); - _pam_drop((*pamh)->user); - _pam_drop(*pamh); - return PAM_ABORT; - } - - _pam_reset_timer(*pamh); /* initialize timer support */ - - _pam_start_handlers(*pamh); /* cannot fail */ - - /* According to the SunOS man pages, loading modules and resolving - * symbols happens on the first call from the application. */ - - if ( _pam_init_handlers(*pamh) != PAM_SUCCESS ) { - pam_syslog(*pamh, LOG_ERR, "pam_start: failed to initialize handlers"); - _pam_drop_env(*pamh); /* purge the environment */ - _pam_drop((*pamh)->service_name); - _pam_drop((*pamh)->user); - _pam_drop(*pamh); - return PAM_ABORT; - } - - D(("exiting pam_start successfully")); - - return PAM_SUCCESS; -} diff --git a/Linux-PAM/libpam/pam_static.c b/Linux-PAM/libpam/pam_static.c deleted file mode 100644 index 511026d4..00000000 --- a/Linux-PAM/libpam/pam_static.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * pam_static.c -- static module loading helper functions - * - * created by Michael K. Johnson, johnsonm@redhat.com - */ - -/* This whole file is only used for PAM_STATIC */ - -#ifdef PAM_STATIC - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "pam_private.h" - -#include "pam_static_modules.h" - -/* - * and now for the functions - */ - -/* Return pointer to data structure used to define a static module */ -struct pam_module * -_pam_open_static_handler (pam_handle_t *pamh, const char *path) -{ - int i; - const char *clpath = path; - char *lpath, *end; - - if (strchr(clpath, '/')) { - /* ignore path and leading "/" */ - clpath = strrchr(path, '/') + 1; - } - /* create copy to muck with (must free before return) */ - lpath = _pam_strdup(clpath); - /* chop .so off copy if it exists (or other extension on other - platform...) */ - end = strstr(lpath, ".so"); - if (end) { - *end = '\0'; - } - - /* now go find the module */ - for (i = 0; static_modules[i] != NULL; i++) { - D(("%s=?%s\n", lpath, static_modules[i]->name)); - if (static_modules[i]->name && - ! strcmp(static_modules[i]->name, lpath)) { - break; - } - } - - if (static_modules[i] == NULL) { - pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); - } - - free(lpath); - return (static_modules[i]); -} - -/* Return pointer to function requested from static module - * Can't just return void *, because ANSI C disallows casting a - * pointer to a function to a void *... - * This definition means: - * _pam_get_static_sym is a function taking two arguments and - * returning a pointer to a function which takes no arguments - * and returns void... */ -voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { - - if (! strcmp(symname, "pam_sm_authenticate")) { - return ((voidfunc *)mod->pam_sm_authenticate); - } else if (! strcmp(symname, "pam_sm_setcred")) { - return ((voidfunc *)mod->pam_sm_setcred); - } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { - return ((voidfunc *)mod->pam_sm_acct_mgmt); - } else if (! strcmp(symname, "pam_sm_open_session")) { - return ((voidfunc *)mod->pam_sm_open_session); - } else if (! strcmp(symname, "pam_sm_close_session")) { - return ((voidfunc *)mod->pam_sm_close_session); - } else if (! strcmp(symname, "pam_sm_chauthtok")) { - return ((voidfunc *)mod->pam_sm_chauthtok); - } - /* getting to this point is an error */ - return ((voidfunc *)NULL); -} - -#else /* ! PAM_STATIC */ - -typedef int blarg; - -#endif /* ! PAM_STATIC */ - -/* - * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/Linux-PAM/libpam/pam_static_modules.h b/Linux-PAM/libpam/pam_static_modules.h deleted file mode 100644 index a66b486d..00000000 --- a/Linux-PAM/libpam/pam_static_modules.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* Pointers to static module data. */ - -extern struct pam_module _pam_access_modstruct; -extern struct pam_module _pam_cracklib_modstruct; -extern struct pam_module _pam_debug_modstruct; -extern struct pam_module _pam_deny_modstruct; -extern struct pam_module _pam_echo_modstruct; -extern struct pam_module _pam_env_modstruct; -extern struct pam_module _pam_exec_modstruct; -extern struct pam_module _pam_faildelay_modstruct; -extern struct pam_module _pam_filter_modstruct; -extern struct pam_module _pam_ftp_modstruct; -extern struct pam_module _pam_group_modstruct; -extern struct pam_module _pam_issue_modstruct; -#ifdef HAVE_KEY_MANAGEMENT -extern struct pam_module _pam_keyinit_modstruct; -#endif -extern struct pam_module _pam_lastlog_modstruct; -extern struct pam_module _pam_limits_modstruct; -extern struct pam_module _pam_listfile_modstruct; -extern struct pam_module _pam_localuser_modstruct; -extern struct pam_module _pam_loginuid_modstruct; -extern struct pam_module _pam_mail_modstruct; -extern struct pam_module _pam_mkhomedir_modstruct; -extern struct pam_module _pam_motd_modstruct; -#ifdef HAVE_UNSHARE -extern struct pam_module _pam_namespace_modstruct; -#endif -extern struct pam_module _pam_nologin_modstruct; -extern struct pam_module _pam_permit_modstruct; -extern struct pam_module _pam_rhosts_modstruct; -extern struct pam_module _pam_rhosts_auth_modstruct; -extern struct pam_module _pam_rootok_modstruct; -extern struct pam_module _pam_securetty_modstruct; -#ifdef WITH_SELINUX -extern struct pam_module _pam_selinux_modstruct; -extern struct pam_module _pam_sepermit_modstruct; -#endif -extern struct pam_module _pam_shells_modstruct; -extern struct pam_module _pam_stress_modstruct; -extern struct pam_module _pam_succeed_if_modstruct; -extern struct pam_module _pam_tally_modstruct; -extern struct pam_module _pam_time_modstruct; -#ifdef HAVE_AUDIT_TTY_STATUS -extern struct pam_module _pam_tty_audit_modstruct; -#endif -extern struct pam_module _pam_umask_modstruct; -extern struct pam_module _pam_unix_acct_modstruct; -extern struct pam_module _pam_unix_auth_modstruct; -extern struct pam_module _pam_unix_passwd_modstruct; -extern struct pam_module _pam_unix_session_modstruct; -extern struct pam_module _pam_userdb_modstruct; -extern struct pam_module _pam_warn_modstruct; -extern struct pam_module _pam_wheel_modstruct; -extern struct pam_module _pam_xauth_modstruct; - -/* and here is a structure that connects libpam to the above static - modules. */ - -static struct pam_module *static_modules[] = { - &_pam_access_modstruct, - &_pam_cracklib_modstruct, - &_pam_debug_modstruct, - &_pam_deny_modstruct, - &_pam_echo_modstruct, - &_pam_env_modstruct, - &_pam_exec_modstruct, - &_pam_faildelay_modstruct, - &_pam_filter_modstruct, - &_pam_ftp_modstruct, - &_pam_group_modstruct, - &_pam_issue_modstruct, -#ifdef HAVE_KEY_MANAGEMENT - &_pam_keyinit_modstruct, -#endif - &_pam_lastlog_modstruct, - &_pam_limits_modstruct, - &_pam_listfile_modstruct, - &_pam_localuser_modstruct, - &_pam_loginuid_modstruct, - &_pam_mail_modstruct, - &_pam_mkhomedir_modstruct, - &_pam_motd_modstruct, -#ifdef HAVE_UNSHARE - &_pam_namespace_modstruct, -#endif - &_pam_nologin_modstruct, - &_pam_permit_modstruct, - &_pam_rhosts_modstruct, - &_pam_rhosts_auth_modstruct, - &_pam_rootok_modstruct, - &_pam_securetty_modstruct, -#ifdef WITH_SELINUX - &_pam_selinux_modstruct, - &_pam_sepermit_modstruct, -#endif - &_pam_shells_modstruct, - &_pam_stress_modstruct, - &_pam_succeed_if_modstruct, - &_pam_tally_modstruct, - &_pam_time_modstruct, -#ifdef HAVE_AUDIT_TTY_STATUS - &_pam_tty_audit_modstruct, -#endif - &_pam_umask_modstruct, - &_pam_unix_acct_modstruct, - &_pam_unix_auth_modstruct, - &_pam_unix_passwd_modstruct, - &_pam_unix_session_modstruct, - &_pam_userdb_modstruct, - &_pam_warn_modstruct, - &_pam_wheel_modstruct, - &_pam_xauth_modstruct, - NULL -}; diff --git a/Linux-PAM/libpam/pam_strerror.c b/Linux-PAM/libpam/pam_strerror.c deleted file mode 100644 index 17c81945..00000000 --- a/Linux-PAM/libpam/pam_strerror.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pam_private.h" - -const char *pam_strerror(pam_handle_t *pamh UNUSED, int errnum) -{ - switch (errnum) { - case PAM_SUCCESS: - return _("Success"); - case PAM_ABORT: - return _("Critical error - immediate abort"); - case PAM_OPEN_ERR: - return _("Failed to load module"); - case PAM_SYMBOL_ERR: - return _("Symbol not found"); - case PAM_SERVICE_ERR: - return _("Error in service module"); - case PAM_SYSTEM_ERR: - return _("System error"); - case PAM_BUF_ERR: - return _("Memory buffer error"); - case PAM_PERM_DENIED: - return _("Permission denied"); - case PAM_AUTH_ERR: - return _("Authentication failure"); - case PAM_CRED_INSUFFICIENT: - return _("Insufficient credentials to access authentication data"); - case PAM_AUTHINFO_UNAVAIL: - return _("Authentication service cannot retrieve authentication info"); - case PAM_USER_UNKNOWN: - return _("User not known to the underlying authentication module"); - case PAM_MAXTRIES: - return _("Have exhausted maximum number of retries for service"); - case PAM_NEW_AUTHTOK_REQD: - return _("Authentication token is no longer valid; new one required"); - case PAM_ACCT_EXPIRED: - return _("User account has expired"); - case PAM_SESSION_ERR: - return _("Cannot make/remove an entry for the specified session"); - case PAM_CRED_UNAVAIL: - return _("Authentication service cannot retrieve user credentials"); - case PAM_CRED_EXPIRED: - return _("User credentials expired"); - case PAM_CRED_ERR: - return _("Failure setting user credentials"); - case PAM_NO_MODULE_DATA: - return _("No module specific data is present"); - case PAM_BAD_ITEM: - return _("Bad item passed to pam_*_item()"); - case PAM_CONV_ERR: - return _("Conversation error"); - case PAM_AUTHTOK_ERR: - return _("Authentication token manipulation error"); - case PAM_AUTHTOK_RECOVERY_ERR: - return _("Authentication information cannot be recovered"); - case PAM_AUTHTOK_LOCK_BUSY: - return _("Authentication token lock busy"); - case PAM_AUTHTOK_DISABLE_AGING: - return _("Authentication token aging disabled"); - case PAM_TRY_AGAIN: - return _("Failed preliminary check by password service"); - case PAM_IGNORE: - return _("The return value should be ignored by PAM dispatch"); - case PAM_MODULE_UNKNOWN: - return _("Module is unknown"); - case PAM_AUTHTOK_EXPIRED: - return _("Authentication token expired"); - case PAM_CONV_AGAIN: - return _("Conversation is waiting for event"); - case PAM_INCOMPLETE: - return _("Application needs to call libpam again"); - } - - return _("Unknown PAM error"); -} diff --git a/Linux-PAM/libpam/pam_syslog.c b/Linux-PAM/libpam/pam_syslog.c deleted file mode 100644 index c5a6feca..00000000 --- a/Linux-PAM/libpam/pam_syslog.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <stdarg.h> -#include <errno.h> - -#include <security/pam_modules.h> -#include <security/_pam_macros.h> -#include <security/pam_ext.h> - -#include "pam_private.h" - -#ifndef LOG_AUTHPRIV -#define LOG_AUTHPRIV LOG_AUTH -#endif - -static const char * -_pam_choice2str (int choice) -{ - switch (choice) - { - case PAM_AUTHENTICATE: - return "auth"; - case PAM_SETCRED: - return "setcred"; - case PAM_ACCOUNT: - return "account"; - case PAM_OPEN_SESSION: - case PAM_CLOSE_SESSION: - return "session"; - case PAM_CHAUTHTOK: - return "chauthtok"; - } - return ""; -} - -void -pam_vsyslog (const pam_handle_t *pamh, int priority, - const char *fmt, va_list args) -{ - char *msgbuf1 = NULL, *msgbuf2 = NULL; - int save_errno = errno; - - if (pamh && pamh->mod_name) - { - if (asprintf (&msgbuf1, "%s(%s:%s):", pamh->mod_name, - pamh->service_name?pamh->service_name:"<unknown>", - _pam_choice2str (pamh->choice)) < 0) - { - syslog (LOG_AUTHPRIV|LOG_ERR, "asprintf: %m"); - return; - } - } - - errno = save_errno; - if (vasprintf (&msgbuf2, fmt, args) < 0) - { - syslog (LOG_AUTHPRIV|LOG_ERR, "vasprintf: %m"); - _pam_drop (msgbuf1); - return; - } - - errno = save_errno; - syslog (LOG_AUTHPRIV|priority, "%s %s", - (msgbuf1 ? msgbuf1 : _PAM_SYSTEM_LOG_PREFIX), msgbuf2); - - _pam_drop (msgbuf1); - _pam_drop (msgbuf2); -} - -void -pam_syslog (const pam_handle_t *pamh, int priority, - const char *fmt, ...) -{ - va_list args; - - va_start (args, fmt); - pam_vsyslog (pamh, priority, fmt, args); - va_end (args); -} diff --git a/Linux-PAM/libpam/pam_tokens.h b/Linux-PAM/libpam/pam_tokens.h deleted file mode 100644 index 35c127dc..00000000 --- a/Linux-PAM/libpam/pam_tokens.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * pam_tokens.h - * - * $Id: pam_tokens.h,v 1.4 2006/01/24 23:28:32 kukuk Exp $ - * - * This is a Linux-PAM Library Private Header file. It contains tokens - * that are used when we parse the configuration file(s). - * - * Please see end of file for copyright. - * - * Creator: Andrew Morgan. - * - */ - -#ifndef _PAM_TOKENS_H -#define _PAM_TOKENS_H - -/* an array of actions */ - -#ifndef LIBPAM_COMPILE -static -#endif -const char * const _pam_token_actions[-_PAM_ACTION_UNDEF] = { - "ignore", /* 0 */ - "ok", /* -1 */ - "done", /* -2 */ - "bad", /* -3 */ - "die", /* -4 */ - "reset", /* -5 */ -}; - -/* an array of possible return values */ - -#ifndef LIBPAM_COMPILE -static -#endif -const char * const _pam_token_returns[_PAM_RETURN_VALUES+1] = { - "success", /* 0 */ - "open_err", /* 1 */ - "symbol_err", /* 2 */ - "service_err", /* 3 */ - "system_err", /* 4 */ - "buf_err", /* 5 */ - "perm_denied", /* 6 */ - "auth_err", /* 7 */ - "cred_insufficient", /* 8 */ - "authinfo_unavail", /* 9 */ - "user_unknown", /* 10 */ - "maxtries", /* 11 */ - "new_authtok_reqd", /* 12 */ - "acct_expired", /* 13 */ - "session_err", /* 14 */ - "cred_unavail", /* 15 */ - "cred_expired", /* 16 */ - "cred_err", /* 17 */ - "no_module_data", /* 18 */ - "conv_err", /* 19 */ - "authtok_err", /* 20 */ - "authtok_recover_err", /* 21 */ - "authtok_lock_busy", /* 22 */ - "authtok_disable_aging", /* 23 */ - "try_again", /* 24 */ - "ignore", /* 25 */ - "abort", /* 26 */ - "authtok_expired", /* 27 */ - "module_unknown", /* 28 */ - "bad_item", /* 29 */ - "conv_again", /* 30 */ - "incomplete", /* 31 */ -/* add new return codes here */ - "default" /* this is _PAM_RETURN_VALUES and indicates - the default return action */ -}; - -/* - * Copyright (C) 1998,2001 Andrew G. Morgan <morgan@kernel.org> - * - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#endif /* _PAM_PRIVATE_H_ */ diff --git a/Linux-PAM/libpam/pam_vprompt.c b/Linux-PAM/libpam/pam_vprompt.c deleted file mode 100644 index c53079b5..00000000 --- a/Linux-PAM/libpam/pam_vprompt.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <stdarg.h> -#include <errno.h> - -#include <security/pam_modules.h> -#include <security/_pam_macros.h> -#include <security/pam_ext.h> - -#include "pam_private.h" - -int -pam_vprompt (pam_handle_t *pamh, int style, char **response, - const char *fmt, va_list args) -{ - struct pam_message msg; - struct pam_response *pam_resp = NULL; - const struct pam_message *pmsg; - const struct pam_conv *conv; - const void *convp; - char *msgbuf; - int retval; - - if (response) - *response = NULL; - - retval = pam_get_item (pamh, PAM_CONV, &convp); - if (retval != PAM_SUCCESS) - return retval; - conv = convp; - if (conv == NULL || conv->conv == NULL) - { - pam_syslog (pamh, LOG_ERR, "no conversation function"); - return PAM_SYSTEM_ERR; - } - - if (vasprintf (&msgbuf, fmt, args) < 0) - { - pam_syslog (pamh, LOG_ERR, "vasprintf: %m"); - return PAM_BUF_ERR; - } - - msg.msg_style = style; - msg.msg = msgbuf; - pmsg = &msg; - - retval = conv->conv (1, &pmsg, &pam_resp, conv->appdata_ptr); - if (retval != PAM_SUCCESS && pam_resp != NULL) - pam_syslog(pamh, LOG_WARNING, - "unexpected response from failed conversation function"); - if (response) - *response = pam_resp == NULL ? NULL : pam_resp->resp; - else if (pam_resp && pam_resp->resp) - { - _pam_overwrite (pam_resp->resp); - _pam_drop (pam_resp->resp); - } - _pam_overwrite (msgbuf); - _pam_drop (pam_resp); - free (msgbuf); - if (retval != PAM_SUCCESS) - pam_syslog (pamh, LOG_ERR, "conversation failed"); - - return retval; -} - -int -pam_prompt (pam_handle_t *pamh, int style, char **response, - const char *fmt, ...) -{ - va_list args; - int retval; - - va_start (args, fmt); - retval = pam_vprompt (pamh, style, response, fmt, args); - va_end (args); - - return retval; -} |