diff options
| author | Tomas Mraz <tm@t8m.info> | 2007-10-19 17:06:29 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2007-10-19 17:06:29 +0000 |
| commit | 695f6e358dd1e8c05e77bd13f93d85e5963c9c3e (patch) | |
| tree | 4b0c40f2bbc890af8f98f26710d0778c82019cdc /libpam/pam_private.h | |
| parent | fba28bf5631dac07841542dd81f6f2ede3198b6e (diff) | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2007-10-19 Tomas Mraz <t8m@centrum.cz>
* xtests/tst-pam_access1.c: Use different name for user and group.
* xtests/tst-pam_access1.sh: Likewise.
* xtests/tst-pam_access2.c: Likewise.
* xtests/tst-pam_access2.sh: Likewise.
* xtests/tst-pam_access4.c: Likewise.
* xtests/tst-pam_access4.sh: Likewise.
* xtests/group.conf: Likewise.
* xtests/tst-pam_group1.c: Likewise.
* xtests/tst-pam_group1.sh: Likewise.
* libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
record substack level, skip over virtual substack modules, implement
evaluation of done, die, reset and jumps in substacks. Also fixes
too far jumps in substacks.
* libpam/pam_end.c (pam_end): Drop substack evaluation states.
* libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
parameter, instead of must_fail use handler_type needed for virtual
substack modules.
(_pam_load_conf_file): Add substack level parameter.
(_pam_init_handlers): Substack level parameter added to
_pam_parse_conf_file() calls.
(_pam_load_module): New function.
(_pam_add_handler): Refactor code into the _pam_load_module(). Add
support for virtual substack modules.
* libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
to struct handler. Define handler type constants. Add struct
for substack evaluation states. Define constant for maximum
substack level. Add substack states pointer to former state struct.
* libpam/pam_start.c (pam_start): Initialize pointer to substack states.
* doc/man/pam.conf-syntax.xml: Document substack control.
* xtests/Makefile.am: Add new tests for substack evaluation.
* xtests/run_xtests.sh: Support multiple .pamd files in a test.
* xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
* xtests/tst-pam_authsucceed.pamd: Likewise.
* xtests/tst-pam_substack1.pamd: Likewise.
* xtests/tst-pam_substack1a.pamd: Likewise.
* xtests/tst-pam_substack1.sh: Likewise.
* xtests/tst-pam_substack2.pamd: Likewise.
* xtests/tst-pam_substack2a.pamd: Likewise.
* xtests/tst-pam_substack2.sh: Likewise.
* xtests/tst-pam_substack3.pamd: Likewise.
* xtests/tst-pam_substack3a.pamd: Likewise.
* xtests/tst-pam_substack3.sh: Likewise.
* xtests/tst-pam_substack4.pamd: Likewise.
* xtests/tst-pam_substack4a.pamd: Likewise.
* xtests/tst-pam_substack4.sh: Likewise.
* xtests/tst-pam_substack5.pamd: Likewise.
* xtests/tst-pam_substack5a.pamd: Likewise.
* xtests/tst-pam_substack5.sh: Likewise.
Diffstat (limited to 'libpam/pam_private.h')
| -rw-r--r-- | libpam/pam_private.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/libpam/pam_private.h b/libpam/pam_private.h index 8b7d9146..bf32ad44 100644 --- a/libpam/pam_private.h +++ b/libpam/pam_private.h @@ -44,7 +44,7 @@ #define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */ struct handler { - int must_fail; + int handler_type; int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv); int actions[_PAM_RETURN_VALUES]; /* set by authenticate, open_session, chauthtok(1st) @@ -54,8 +54,13 @@ struct handler { char **argv; struct handler *next; char *mod_name; + int stack_level; }; +#define PAM_HT_MODULE 0 +#define PAM_HT_MUST_FAIL 1 +#define PAM_HT_SUBSTACK 2 + struct loaded_module { char *name; int type; /* PAM_STATIC_MOD or PAM_DYNAMIC_MOD */ @@ -76,7 +81,7 @@ struct handlers { }; struct service { - struct loaded_module *module; /* Only used for dynamic loading */ + struct loaded_module *module; /* Array of modules */ int modules_allocated; int modules_used; int handlers_loaded; @@ -111,6 +116,12 @@ struct _pam_fail_delay { const void *delay_fn_ptr; }; +/* initial state in substack */ +struct _pam_substack_state { + int impression; + int status; +}; + struct _pam_former_state { /* this is known and set by _pam_dispatch() */ int choice; /* which flavor of module function did we call? */ @@ -119,6 +130,7 @@ struct _pam_former_state { int depth; /* how deep in the stack were we? */ int impression; /* the impression at that time */ int status; /* the status before returning incomplete */ + struct _pam_substack_state *substates; /* array of initial substack states */ /* state info used by pam_get_user() function */ int fail_user; @@ -175,6 +187,8 @@ struct pam_handle { #define _PAM_ACTION_UNDEF -6 /* this is treated as an error ( = _PAM_ACTION_BAD) */ +#define PAM_SUBSTACK_MAX_LEVEL 16 /* maximum level of substacks */ + /* character tables for parsing config files */ extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF]; extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1]; |