summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2004-09-24 13:13:18 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2004-09-24 13:13:18 +0000
commit31668ed6f0bf6d2b1c6d621cca42aee0daf23a65 (patch)
tree9f6e10e193e23fe49147939a969d3ff4f71091a8 /modules/pam_unix
parent554a5def9a2eddc643cf157208ddfe7fee444240 (diff)
Relevant BUGIDs:
Purpose of commit: Commit summary: --------------- bugfix: 440107: Add various patches from Linux Distibutors to make PAM modules reentrant.
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/Makefile7
-rw-r--r--modules/pam_unix/pam_unix_acct.c7
-rw-r--r--modules/pam_unix/pam_unix_auth.c2
-rw-r--r--modules/pam_unix/pam_unix_passwd.c11
-rw-r--r--modules/pam_unix/support.c47
-rw-r--r--modules/pam_unix/support.h3
6 files changed, 27 insertions, 50 deletions
diff --git a/modules/pam_unix/Makefile b/modules/pam_unix/Makefile
index 61c4beaa..3fe0e8ae 100644
--- a/modules/pam_unix/Makefile
+++ b/modules/pam_unix/Makefile
@@ -39,12 +39,15 @@ CHKPWD=unix_chkpwd
EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\"
+LINK_PAMMODUTILS = -L../pammodutil -lpammodutil
+INCLUDE_PAMMODUTILS = -I../pammodutil/include
+
########################################################################
CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) \
- -I../pammodutil/include
+ $(INCLUDE_PAMMODUTILS)
-LDLIBS = $(EXTRALS) -L../pammodutil -lpammodutil
+LDLIBS = $(EXTRALS) $(LINK_PAMMODUTILS)
ifdef USE_CRACKLIB
CRACKLIB = -lcrack
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 58ba93c1..f87b13b1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -53,6 +53,7 @@
#define PAM_SM_ACCOUNT
#include <security/pam_modules.h>
+#include <security/_pam_modutil.h>
#ifndef LINUX_PAM
#include <security/pam_appl.h>
@@ -89,7 +90,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
return PAM_USER_UNKNOWN;
}
- pwent = getpwnam(uname);
+ pwent = _pammodutil_getpwnam(pamh, uname);
if (!pwent) {
_log_err(LOG_ALERT, pamh
,"could not identify user (from getpwnam(%s))"
@@ -113,7 +114,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
return PAM_CRED_INSUFFICIENT;
}
}
- spent = getspnam( uname );
+ spent = _pammodutil_getspnam (pamh, uname);
if (save_uid == pwent->pw_uid)
setreuid( save_uid, save_euid );
else {
@@ -123,7 +124,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
}
} else if (!strcmp( pwent->pw_passwd, "x" )) {
- spent = getspnam(uname);
+ spent = _pammodutil_getspnam (pamh, uname);
} else {
return PAM_SUCCESS;
}
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index a0c1da81..39e0cde5 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -149,7 +149,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
/* if this user does not have a password... */
- if (_unix_blankpasswd(ctrl, name)) {
+ if (_unix_blankpasswd(pamh, ctrl, name)) {
D(("user '%s' has blank passwd", name));
name = NULL;
retval = PAM_SUCCESS;
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 4320171c..f11d2b20 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -73,6 +73,8 @@
#include <security/pam_appl.h>
#endif /* LINUX_PAM */
+#include <security/_pam_modutil.h>
+
#include "yppasswd.h"
#include "md5.h"
#include "support.h"
@@ -242,7 +244,8 @@ static int check_old_password(const char *forwho, const char *newpass)
return retval;
}
-static int save_old_password(const char *forwho, const char *oldpass,
+static int save_old_password(pam_handle_t *pamh,
+ const char *forwho, const char *oldpass,
int howmany)
{
static char buf[16384];
@@ -314,7 +317,7 @@ static int save_old_password(const char *forwho, const char *oldpass,
fclose(opwfile);
if (!found) {
- pwd = getpwnam(forwho);
+ pwd = _pammodutil_getpwnam(pamh, forwho);
if (pwd == NULL) {
err = 1;
} else {
@@ -550,7 +553,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
return retval;
}
/* first, save old password */
- if (save_old_password(forwho, fromwhat, remember)) {
+ if (save_old_password(pamh, forwho, fromwhat, remember)) {
return PAM_AUTHTOK_ERR;
}
@@ -762,7 +765,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
D(("prelim check"));
- if (_unix_blankpasswd(ctrl, user)) {
+ if (_unix_blankpasswd(pamh, ctrl, user)) {
return PAM_SUCCESS;
} else if (off(UNIX__IAMROOT, ctrl)) {
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 3b1feb96..05c51fed 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -282,19 +282,13 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err)
* - to avoid prompting for one in such cases (CG)
*/
-int _unix_blankpasswd(unsigned int ctrl, const char *name)
+int
+_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
{
struct passwd *pwd = NULL;
struct spwd *spwdent = NULL;
char *salt = NULL;
int retval;
-#if HAVE_GETPWNAM_R
- char *buf = NULL;
- int bufsize = 0;
- struct passwd pwd_buf;
-
- pwd = &pwd_buf;
-#endif
D(("called"));
@@ -310,23 +304,7 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name)
/* UNIX passwords area */
/* Get password file entry... */
-#if HAVE_GETPWNAM_R
- bufsize = 1024;
- buf = malloc(bufsize);
-
- if ((retval = getpwnam_r(name, pwd, buf, bufsize, &pwd))) {
- pwd = NULL;
- }
- while (retval == ERANGE) {
- bufsize += 1024;
- buf = realloc(buf, bufsize);
- if ((retval = getpwnam_r(name, pwd, buf, bufsize, &pwd))) {
- pwd = NULL;
- }
- }
-#else
- pwd = getpwnam(name);
-#endif
+ pwd = _pammodutil_getpwnam (pamh, name);
if (pwd != NULL) {
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
@@ -344,15 +322,11 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name)
setreuid( 0, -1 );
if(setreuid( -1, pwd->pw_uid ) == -1)
/* Will fail elsewhere. */
-#if HAVE_GETPWNAM_R
- if (buf)
- free(buf);
-#endif
return 0;
}
}
- spwdent = getspnam( name );
+ spwdent = _pammodutil_getspnam (pamh, name);
if (save_uid == pwd->pw_uid)
setreuid( save_uid, save_euid );
else {
@@ -365,7 +339,7 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name)
* ...and shadow password file entry for this user,
* if shadowing is enabled
*/
- spwdent = getspnam(name);
+ spwdent = _pammodutil_getspnam(pamh, name);
}
if (spwdent)
salt = x_strdup(spwdent->sp_pwdp);
@@ -387,11 +361,6 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name)
if (salt)
_pam_delete(salt);
-#if HAVE_GETPWNAM_R
- if (buf)
- free(buf);
-#endif
-
return retval;
}
@@ -503,7 +472,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
D(("locating user's record"));
/* UNIX passwords area */
- pwd = getpwnam(name); /* Get password file entry... */
+ pwd = _pammodutil_getpwnam (pamh, name); /* Get password file entry... */
if (pwd != NULL) {
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
@@ -524,7 +493,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
}
- spwdent = getspnam( name );
+ spwdent = _pammodutil_getspnam (pamh, name);
if (save_uid == pwd->pw_uid)
setreuid( save_uid, save_euid );
else {
@@ -537,7 +506,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
* ...and shadow password file entry for this user,
* if shadowing is enabled
*/
- spwdent = getspnam(name);
+ spwdent = _pammodutil_getspnam (pamh, name);
}
if (spwdent)
salt = x_strdup(spwdent->sp_pwdp);
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index d9212c28..7219cd99 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -133,7 +133,8 @@ extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl
,int type, const char *text);
extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int argc,
const char **argv);
-extern int _unix_blankpasswd(unsigned int ctrl, const char *name);
+extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl,
+ const char *name);
extern int _unix_verify_password(pam_handle_t * pamh, const char *name
,const char *p, unsigned int ctrl);
extern int _unix_read_password(pam_handle_t * pamh