diff options
80 files changed, 309 insertions, 375 deletions
@@ -64,6 +64,7 @@ bug report - outstanding bugs are listed here: * pam_limits: Fix regression from RLIMIT_NICE support (wrong limit values for other limits are applied) patch by Anton Guda * pam_unix: Always honor nis flag on password change (by Aaron Hope) +* libpam: Moved functions from pammodutil to libpam (t8m) 0.80: Wed Jul 13 13:23:20 CEST 2005 * pam_tally: test for NULL data before dereferencing them (t8m) diff --git a/configure.in b/configure.in index ffa64ed4..1c8d7dd0 100644 --- a/configure.in +++ b/configure.in @@ -377,7 +377,7 @@ dnl Files to be created from when we run configure AC_OUTPUT(Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ po/Makefile.in \ - modules/Makefile modules/pammodutil/Makefile \ + modules/Makefile \ modules/pam_access/Makefile modules/pam_cracklib/Makefile \ modules/pam_debug/Makefile modules/pam_deny/Makefile \ modules/pam_echo/Makefile modules/pam_env/Makefile \ diff --git a/libpam/Makefile.am b/libpam/Makefile.am index 7c837b55..2d06e416 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -25,5 +25,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \ pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_static.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c - + pam_vprompt.c pam_syslog.c \ + pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ + pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ + pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h new file mode 100644 index 00000000..5d03f58f --- /dev/null +++ b/libpam/include/security/pam_modutil.h @@ -0,0 +1,65 @@ +#ifndef _SECURITY__PAM_MODUTIL_H +#define _SECURITY__PAM_MODUTIL_H + +/* + * $Id$ + * + * This file is a list of handy libc wrappers that attempt to provide some + * thread-safe and other convenient functionality to modules in a common form. + * + * A number of these functions reserve space in a pam_[sg]et_data item. + * In all cases, the name of the item is prefixed with "_pammodutil_*". + * + * On systems that simply can't support thread safe programming, these + * functions don't support it either - sorry. + * + * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org> + */ + +#include <security/_pam_types.h> + +extern struct passwd * PAM_NONNULL((1,2)) +pam_modutil_getpwnam(pam_handle_t *pamh, const char *user); + +extern struct passwd * PAM_NONNULL((1)) +pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid); + +extern struct group * PAM_NONNULL((1,2)) +pam_modutil_getgrnam(pam_handle_t *pamh, const char *group); + +extern struct group * PAM_NONNULL((1)) +pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid); + +extern struct spwd * PAM_NONNULL((1,2)) +pam_modutil_getspnam(pam_handle_t *pamh, const char *user); + +extern int PAM_NONNULL((1,2,3)) +pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, + const char *user, + const char *group); + +extern int PAM_NONNULL((1,2)) +pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, + const char *user, + gid_t group); + +extern int PAM_NONNULL((1,3)) +pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, + uid_t user, + const char *group); + +extern int PAM_NONNULL((1)) +pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, + uid_t user, + gid_t group); + +extern const char * PAM_NONNULL((1)) +pam_modutil_getlogin(pam_handle_t *pamh); + +extern int +pam_modutil_read(int fd, char *buffer, int count); + +extern int +pam_modutil_write(int fd, const char *buffer, int count); + +#endif /* _SECURITY__PAM_MODUTIL_H */ diff --git a/libpam/libpam.map b/libpam/libpam.map index 515842ae..596754a8 100644 --- a/libpam/libpam.map +++ b/libpam/libpam.map @@ -39,3 +39,18 @@ LIBPAM_EXTENSION_1.0 { pam_vsyslog; }; +LIBPAM_MODUTIL_1.0 { + global: + pam_modutil_getpwnam; + pam_modutil_getpwuid; + pam_modutil_getgrnam; + pam_modutil_getgrgid; + pam_modutil_getspnam; + pam_modutil_user_in_group_nam_nam; + pam_modutil_user_in_group_nam_gid; + pam_modutil_user_in_group_uid_nam; + pam_modutil_user_in_group_uid_gid; + pam_modutil_getlogin; + pam_modutil_read; + pam_modutil_write; +}; diff --git a/modules/pammodutil/modutil_cleanup.c b/libpam/pam_modutil_cleanup.c index 7460da14..8224ce67 100644 --- a/modules/pammodutil/modutil_cleanup.c +++ b/libpam/pam_modutil_cleanup.c @@ -4,10 +4,12 @@ * This function provides a common pam_set_data() friendly version of free(). */ -#include "pammodutil.h" +#include "pam_modutil_private.h" + +#include <stdlib.h> void -_pammodutil_cleanup (pam_handle_t *pamh UNUSED, void *data, +pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) { if (data) { diff --git a/modules/pammodutil/modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c index 179df3b2..07503a38 100644 --- a/modules/pammodutil/modutil_getgrgid.c +++ b/libpam/pam_modutil_getgrgid.c @@ -7,7 +7,7 @@ * XXX - or at least it should provide a thread-safe alternative. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <errno.h> #include <limits.h> @@ -46,7 +46,8 @@ static int longlen(long number) return len; } -struct group *_pammodutil_getgrgid(pam_handle_t *pamh, gid_t gid) +struct group * +pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) { #ifdef HAVE_GETGRGID_R @@ -98,7 +99,7 @@ struct group *_pammodutil_getgrgid(pam_handle_t *pamh, gid_t gid) status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, - result, _pammodutil_cleanup); + result, pam_modutil_cleanup); } _pammodutil_unlock(); if (status == PAM_SUCCESS) { diff --git a/modules/pammodutil/modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c index e34d4c45..11df353f 100644 --- a/modules/pammodutil/modutil_getgrnam.c +++ b/libpam/pam_modutil_getgrnam.c @@ -7,7 +7,7 @@ * XXX - or at least it should provide a thread-safe alternative. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <errno.h> #include <limits.h> @@ -36,7 +36,8 @@ static int intlen(int number) return len; } -struct group *_pammodutil_getgrnam(pam_handle_t *pamh, const char *group) +struct group * +pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) { #ifdef HAVE_GETGRNAM_R @@ -87,7 +88,7 @@ struct group *_pammodutil_getgrnam(pam_handle_t *pamh, const char *group) status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, - result, _pammodutil_cleanup); + result, pam_modutil_cleanup); } _pammodutil_unlock(); if (status == PAM_SUCCESS) { diff --git a/modules/pammodutil/modutil_getlogin.c b/libpam/pam_modutil_getlogin.c index fa67402d..d30f1dfa 100644 --- a/modules/pammodutil/modutil_getlogin.c +++ b/libpam/pam_modutil_getlogin.c @@ -6,7 +6,7 @@ * there. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <stdlib.h> #include <unistd.h> @@ -14,7 +14,8 @@ #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" -const char *_pammodutil_getlogin(pam_handle_t *pamh) +const char * +pam_modutil_getlogin(pam_handle_t *pamh) { int status; const void *logname; @@ -57,7 +58,7 @@ const char *_pammodutil_getlogin(pam_handle_t *pamh) /* calloc already zeroed the memory */ status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user, - _pammodutil_cleanup); + pam_modutil_cleanup); if (status != PAM_SUCCESS) { free(curr_user); goto clean_up_and_go_home; diff --git a/modules/pammodutil/modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c index e0dfdca3..026e61a7 100644 --- a/modules/pammodutil/modutil_getpwnam.c +++ b/libpam/pam_modutil_getpwnam.c @@ -7,7 +7,7 @@ * XXX - or at least it should provide a thread-safe alternative. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <errno.h> #include <limits.h> @@ -36,7 +36,8 @@ static int intlen(int number) return len; } -struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user) +struct passwd * +pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) { #ifdef HAVE_GETPWNAM_R @@ -87,7 +88,7 @@ struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user) status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, - result, _pammodutil_cleanup); + result, pam_modutil_cleanup); } _pammodutil_unlock(); if (status == PAM_SUCCESS) { diff --git a/modules/pammodutil/modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c index aadd817b..732771d2 100644 --- a/modules/pammodutil/modutil_getpwuid.c +++ b/libpam/pam_modutil_getpwuid.c @@ -7,7 +7,7 @@ * XXX - or at least it should provide a thread-safe alternative. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <errno.h> #include <limits.h> @@ -46,7 +46,8 @@ static int longlen(long number) return len; } -struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) +struct passwd * +pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) { #ifdef HAVE_GETPWUID_R @@ -98,7 +99,7 @@ struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, - result, _pammodutil_cleanup); + result, pam_modutil_cleanup); } _pammodutil_unlock(); if (status == PAM_SUCCESS) { diff --git a/modules/pammodutil/modutil_getspnam.c b/libpam/pam_modutil_getspnam.c index e069d009..7fc696e2 100644 --- a/modules/pammodutil/modutil_getspnam.c +++ b/libpam/pam_modutil_getspnam.c @@ -7,7 +7,7 @@ * XXX - or at least it should provide a thread-safe alternative. */ -#include "pammodutil.h" +#include "pam_modutil_private.h" #include <errno.h> #include <limits.h> @@ -36,7 +36,8 @@ static int intlen(int number) return len; } -struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, const char *user) +struct spwd * +pam_modutil_getspnam(pam_handle_t *pamh, const char *user) { #ifdef HAVE_GETSPNAM_R @@ -87,7 +88,7 @@ struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, const char *user) status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, - result, _pammodutil_cleanup); + result, pam_modutil_cleanup); } _pammodutil_unlock(); if (status == PAM_SUCCESS) { diff --git a/modules/pammodutil/modutil_ingroup.c b/libpam/pam_modutil_ingroup.c index cb04d866..7a15f712 100644 --- a/modules/pammodutil/modutil_ingroup.c +++ b/libpam/pam_modutil_ingroup.c @@ -5,8 +5,9 @@ * specified group. */ -#include "pammodutil.h" -#include "include/security/_pam_modutil.h" +#include "pam_modutil_private.h" + +#include <stdlib.h> #include <pwd.h> #include <grp.h> @@ -41,7 +42,7 @@ static int checkgrouplist(const char *user, gid_t primary, gid_t target) #endif static int -_pammodutil_user_in_group_common(pam_handle_t *pamh UNUSED, +pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED, struct passwd *pwd, struct group *grp) { @@ -73,50 +74,54 @@ _pammodutil_user_in_group_common(pam_handle_t *pamh UNUSED, return 0; } -int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh, - const char *user, const char *group) +int +pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, + const char *user, const char *group) { struct passwd *pwd; struct group *grp; - pwd = _pammodutil_getpwnam(pamh, user); - grp = _pammodutil_getgrnam(pamh, group); + pwd = pam_modutil_getpwnam(pamh, user); + grp = pam_modutil_getgrnam(pamh, group); - return _pammodutil_user_in_group_common(pamh, pwd, grp); + return pam_modutil_user_in_group_common(pamh, pwd, grp); } -int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh, - const char *user, gid_t group) +int +pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, + const char *user, gid_t group) { struct passwd *pwd; struct group *grp; - pwd = _pammodutil_getpwnam(pamh, user); - grp = _pammodutil_getgrgid(pamh, group); + pwd = pam_modutil_getpwnam(pamh, user); + grp = pam_modutil_getgrgid(pamh, group); - return _pammodutil_user_in_group_common(pamh, pwd, grp); + return pam_modutil_user_in_group_common(pamh, pwd, grp); } -int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh, - uid_t user, const char *group) +int +pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, + uid_t user, const char *group) { struct passwd *pwd; struct group *grp; - pwd = _pammodutil_getpwuid(pamh, user); - grp = _pammodutil_getgrnam(pamh, group); + pwd = pam_modutil_getpwuid(pamh, user); + grp = pam_modutil_getgrnam(pamh, group); - return _pammodutil_user_in_group_common(pamh, pwd, grp); + return pam_modutil_user_in_group_common(pamh, pwd, grp); } -int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh, - uid_t user, gid_t group) +int +pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, + uid_t user, gid_t group) { struct passwd *pwd; struct group *grp; - pwd = _pammodutil_getpwuid(pamh, user); - grp = _pammodutil_getgrgid(pamh, group); + pwd = pam_modutil_getpwuid(pamh, user); + grp = pam_modutil_getgrgid(pamh, group); - return _pammodutil_user_in_group_common(pamh, pwd, grp); + return pam_modutil_user_in_group_common(pamh, pwd, grp); } diff --git a/modules/pammodutil/modutil_ioloop.c b/libpam/pam_modutil_ioloop.c index a852a7b8..54ab0e55 100644 --- a/modules/pammodutil/modutil_ioloop.c +++ b/libpam/pam_modutil_ioloop.c @@ -5,13 +5,13 @@ * write occurs. It handles EINTR and partial read/write returns. */ +#include "pam_modutil_private.h" + #include <unistd.h> #include <errno.h> -#include <security/pam_modules.h> -#include "include/security/_pam_modutil.h" - -int _pammodutil_read(int fd, char *buffer, int count) +int +pam_modutil_read(int fd, char *buffer, int count) { int block, offset = 0; @@ -31,7 +31,8 @@ int _pammodutil_read(int fd, char *buffer, int count) return offset; } -int _pammodutil_write(int fd, const char *buffer, int count) +int +pam_modutil_write(int fd, const char *buffer, int count) { int block, offset = 0; diff --git a/libpam/pam_modutil_private.h b/libpam/pam_modutil_private.h new file mode 100644 index 00000000..f242fdfe --- /dev/null +++ b/libpam/pam_modutil_private.h @@ -0,0 +1,23 @@ +#ifndef PAMMODUTIL_PRIVATE_H +#define PAMMODUTIL_PRIVATE_H + +/* + * $Id$ + * + * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org> + */ + +#include "config.h" + +#include <security/_pam_macros.h> +#include <security/pam_modules.h> +#include <security/pam_modutil.h> + +#define PWD_INITIAL_LENGTH 0x100 +#define PWD_ABSURD_PWD_LENGTH 0x8000 + +extern void +pam_modutil_cleanup(pam_handle_t *pamh, void *data, + int error_status); + +#endif /* PAMMODUTIL_PRIVATE_H */ diff --git a/modules/Makefile.am b/modules/Makefile.am index afa3e621..4ba6e4eb 100644 --- a/modules/Makefile.am +++ b/modules/Makefile.am @@ -2,7 +2,7 @@ # Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de> # -SUBDIRS = pammodutil pam_access pam_cracklib pam_debug pam_deny pam_echo \ +SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ pam_env pam_filter pam_ftp pam_group pam_issue pam_lastlog \ pam_limits pam_listfile pam_localuser pam_mail pam_mkhomedir \ pam_motd pam_nologin pam_permit pam_pwdb pam_rhosts pam_rootok \ diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am index 36d060a4..94f7048b 100644 --- a/modules/pam_access/Makefile.am +++ b/modules/pam_access/Makefile.am @@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam @LIBNSL@ if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 55feaeff..55b7818d 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -59,7 +59,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ @@ -291,7 +291,7 @@ static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item) return (netgroup_match(tok + 1, (char *) 0, string)); else if (string_match (tok, string)) /* ALL or exact match */ return YES; - else if (_pammodutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) + else if (pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) /* try group membership */ return YES; @@ -437,7 +437,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, } } - if ((user_pw=_pammodutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN); + if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN); /* * Bundle up the arguments to avoid unnecessary clumsiness later on. diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am index 8229a068..29bc017b 100644 --- a/modules/pam_cracklib/Makefile.am +++ b/modules/pam_cracklib/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am index e1fb3951..4b1bfec8 100644 --- a/modules/pam_debug/Makefile.am +++ b/modules/pam_debug/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am index 62ae29af..eeb6b78d 100644 --- a/modules/pam_deny/Makefile.am +++ b/modules/pam_deny/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am index d2c6faed..79a03e09 100644 --- a/modules/pam_env/Makefile.am +++ b/modules/pam_env/Makefile.am @@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am index 9d455781..6993592d 100644 --- a/modules/pam_filter/Makefile.am +++ b/modules/pam_filter/Makefile.am @@ -11,10 +11,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am index 4341bcea..d49de828 100644 --- a/modules/pam_filter/upperLOWER/Makefile.am +++ b/modules/pam_filter/upperLOWER/Makefile.am @@ -8,7 +8,7 @@ securelibfilterdir = $(SECUREDIR)/pam_filter AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ -I.. -AM_LDFLAGS = $(top_builddir)/modules/pammodutil/libpammodutil.la + -I.. +AM_LDFLAGS = -L$(top_builddir)/libpam -lpam securelibfilter_PROGRAMS = upperLOWER diff --git a/modules/pam_filter/upperLOWER/upperLOWER.c b/modules/pam_filter/upperLOWER/upperLOWER.c index d1c10114..314d2fed 100644 --- a/modules/pam_filter/upperLOWER/upperLOWER.c +++ b/modules/pam_filter/upperLOWER/upperLOWER.c @@ -23,7 +23,7 @@ #include "pam_filter.h" #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> /* ---------------------------------------------------------------- */ @@ -98,27 +98,27 @@ int main(int argc, char **argv UNUSED) /* application errors */ if ( FD_ISSET(APPERR_FILENO,&readers) ) { - int got = _pammodutil_read(APPERR_FILENO, buffer, BUFSIZ); + int got = pam_modutil_read(APPERR_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); - if (_pammodutil_write(STDERR_FILENO, buffer, got) != got ) { + if (pam_modutil_write(STDERR_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't write %d bytes?!",got); break; } } } else if ( FD_ISSET(APPOUT_FILENO,&readers) ) { /* app output */ - int got = _pammodutil_read(APPOUT_FILENO, buffer, BUFSIZ); + int got = pam_modutil_read(APPOUT_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); - if (_pammodutil_write(STDOUT_FILENO, buffer, got) != got ) { + if (pam_modutil_write(STDOUT_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't write %d bytes!?",got); break; } @@ -126,7 +126,7 @@ int main(int argc, char **argv UNUSED) } if ( FD_ISSET(STDIN_FILENO, &readers) ) { /* user input */ - int got = _pammodutil_read(STDIN_FILENO, buffer, BUFSIZ); + int got = pam_modutil_read(STDIN_FILENO, buffer, BUFSIZ); if (got < 0) { syslog(LOG_WARNING,"user input junked"); break; @@ -134,7 +134,7 @@ int main(int argc, char **argv UNUSED) /* translate to give to application */ if (before_app != NULL) before_app(buffer, got); - if (_pammodutil_write(APPIN_FILENO, buffer, got) != got ) { + if (pam_modutil_write(APPIN_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't pass %d bytes!?",got); break; } diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am index e89f8a70..4fd85bdc 100644 --- a/modules/pam_ftp/Makefile.am +++ b/modules/pam_ftp/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am index 1dd5e7a1..73a88676 100644 --- a/modules/pam_group/Makefile.am +++ b/modules/pam_group/Makefile.am @@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 99141e7c..4e6aa915 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -52,7 +52,7 @@ typedef enum { AND, OR } operator; #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* --- static functions for checking whether the user should be let in --- */ @@ -583,7 +583,7 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) { const struct group *grp; - grp = _pammodutil_getgrnam(pamh, buf+at); + grp = pam_modutil_getgrnam(pamh, buf+at); if (grp == NULL) { pam_syslog(pamh,LOG_ERR,"bad group: %s", buf+at); } else { diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am index c96f9b1b..761833c4 100644 --- a/modules/pam_issue/Makefile.am +++ b/modules/pam_issue/Makefile.am @@ -7,10 +7,8 @@ CLEANFILES = *~ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am index 8d7934c5..30b7bf1b 100644 --- a/modules/pam_lastlog/Makefile.am +++ b/modules/pam_lastlog/Makefile.am @@ -7,10 +7,8 @@ CLEANFILES = *~ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 0ed370a2..d0ad8216 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -79,7 +79,7 @@ struct lastlog { #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* argument parsing */ @@ -163,7 +163,7 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) sleep(LASTLOG_IGNORE_LOCK_TIME); } - win = (_pammodutil_read (last_fd, (char *) &last_login, + win = (pam_modutil_read (last_fd, (char *) &last_login, sizeof(last_login)) == sizeof(last_login)); last_lock.l_type = F_UNLCK; @@ -307,7 +307,7 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) } D(("writing to the last_log file")); - _pammodutil_write (last_fd, (char *) &last_login, + pam_modutil_write (last_fd, (char *) &last_login, sizeof (last_login)); last_lock.l_type = F_UNLCK; @@ -353,7 +353,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc /* what uid? */ - pwd = _pammodutil_getpwnam (pamh, user); + pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { D(("couldn't identify user %s", user)); return PAM_CRED_INSUFFICIENT; diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am index 46e03dea..cb6085b9 100644 --- a/modules/pam_limits/Makefile.am +++ b/modules/pam_limits/Makefile.am @@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index d3b5a51e..db0fcdba 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -92,7 +92,7 @@ struct pam_limit_s { #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* argument parsing */ @@ -189,7 +189,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, continue; } if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) - && !_pammodutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { + && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { continue; } } @@ -504,7 +504,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, "checking if %s is in group %s", uname, domain + 1); } - if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) + if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } else if (domain[0]=='%') { @@ -516,7 +516,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, if (strcmp(domain,"%") == 0) process_limit(pamh, LIMITS_DEF_ALL, ltype, item, value, ctrl, pl); - else if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { + else if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) { strcpy(pl->login_group, domain+1); process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); @@ -531,7 +531,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, } fclose(fil); return PAM_IGNORE; - } else if (domain[0] == '@' && _pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { + } else if (domain[0] == '@' && pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "no limits for '%s' in group '%s'", diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am index ad38ccb7..d622d7b6 100644 --- a/modules/pam_listfile/Makefile.am +++ b/modules/pam_listfile/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index e9d921dd..c19cfc1a 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -39,7 +39,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* some syslogging */ @@ -218,7 +218,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return PAM_IGNORE; } } else if(apply_type==APPLY_TYPE_GROUP) { - if(!_pammodutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { + if(!pam_modutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { /* Not a member of apply= group */ #ifdef DEBUG pam_syslog(pamh,LOG_DEBUG, @@ -261,14 +261,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if(extitem) { switch(extitem) { case EI_GROUP: - userinfo = _pammodutil_getpwnam(pamh, citemp); + userinfo = pam_modutil_getpwnam(pamh, citemp); if (userinfo == NULL) { pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", citemp); free(ifname); return onerr; } - grpinfo = _pammodutil_getgrgid(pamh, userinfo->pw_gid); + grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid); if (grpinfo == NULL) { pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed", (int)userinfo->pw_gid); @@ -290,7 +290,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* Assume that we have already gotten PAM_USER in pam_get_item() - a valid assumption since citem gets set to PAM_USER in the extitem switch */ - userinfo = _pammodutil_getpwnam(pamh, citemp); + userinfo = pam_modutil_getpwnam(pamh, citemp); if (userinfo == NULL) { pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", citemp); diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am index 10316a83..689266d2 100644 --- a/modules/pam_localuser/Makefile.am +++ b/modules/pam_localuser/Makefile.am @@ -11,10 +11,8 @@ man_MANS = pam_localuser.8 securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_mail/Makefile.am b/modules/pam_mail/Makefile.am index 4151c042..733fa6ae 100644 --- a/modules/pam_mail/Makefile.am +++ b/modules/pam_mail/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 1c2c6043..59424ff4 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -22,6 +22,10 @@ #include <unistd.h> #include <dirent.h> +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif + #define DEFAULT_MAIL_DIRECTORY PAM_PATH_MAILDIR #define MAIL_FILE_FORMAT "%s%s/%s" #define MAIL_ENV_NAME "MAIL" @@ -42,7 +46,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* argument parsing */ @@ -134,7 +138,7 @@ static int get_folder(pam_handle_t *pamh, int ctrl, if (ctrl & PAM_NEW_MAIL_DIR) { path = *path_mail; if (*path == '~') { /* support for $HOME delivery */ - pwd = _pammodutil_getpwnam(pamh, user); + pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { pam_syslog(pamh,LOG_ERR, "user [%s] unknown", user); _pam_overwrite(*path_mail); diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am index c955404e..641a5618 100644 --- a/modules/pam_mkhomedir/Makefile.am +++ b/modules/pam_mkhomedir/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 8cc20667..de67c0cc 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -53,7 +53,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> @@ -400,18 +400,18 @@ create_homedir (pam_handle_t * pamh, int ctrl, /* Copy the file */ do { - Res = _pammodutil_read(SrcFd,remark,sizeof(remark)); + Res = pam_modutil_read(SrcFd,remark,sizeof(remark)); if (Res == 0) continue; if (Res > 0) { - if (_pammodutil_write(DestFd,remark,Res) == Res) + if (pam_modutil_write(DestFd,remark,Res) == Res) continue; } - /* If we get here, pammodutil_read returned a -1 or - _pammodutil_write returned something unexpected. */ + /* If we get here, pam_modutil_read returned a -1 or + pam_modutil_write returned something unexpected. */ close(SrcFd); close(DestFd); closedir(D); @@ -473,7 +473,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, } /* Get the password entry */ - pwd = _pammodutil_getpwnam (pamh, user); + pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { D(("couldn't identify user %s", user)); diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 7a1c66d6..b35883b7 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -7,10 +7,8 @@ CLEANFILES = *~ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 552c4fc0..fff76e07 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -34,7 +34,7 @@ #define DEFAULT_MOTD "/etc/motd" #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> /* --- session management functions (only) --- */ @@ -85,7 +85,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, if (!(mtmp = malloc(st.st_size+1))) break; - if (_pammodutil_read(fd, mtmp, st.st_size) != st.st_size) + if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) break; if (mtmp[st.st_size-1] == '\n') diff --git a/modules/pam_nologin/Makefile.am b/modules/pam_nologin/Makefile.am index 0a6181c2..8c483f9a 100644 --- a/modules/pam_nologin/Makefile.am +++ b/modules/pam_nologin/Makefile.am @@ -11,10 +11,8 @@ man_MANS = pam_nologin.8 securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index d9da7bcd..1b6c0bee 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -29,7 +29,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* @@ -85,7 +85,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) struct passwd *user_pwd; struct stat st; - user_pwd = _pammodutil_getpwnam(pamh, username); + user_pwd = pam_modutil_getpwnam(pamh, username); if (user_pwd == NULL) { retval = PAM_USER_UNKNOWN; @@ -111,7 +111,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) goto clean_up_fd; } - if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) { + if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { mtmp[st.st_size] = '\000'; pam_prompt (pamh, msg_style, NULL, "%s", mtmp); diff --git a/modules/pam_permit/Makefile.am b/modules/pam_permit/Makefile.am index ef8ce215..6ba98769 100644 --- a/modules/pam_permit/Makefile.am +++ b/modules/pam_permit/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_pwdb/Makefile.am b/modules/pam_pwdb/Makefile.am index 559b2120..09b6e233 100644 --- a/modules/pam_pwdb/Makefile.am +++ b/modules/pam_pwdb/Makefile.am @@ -14,10 +14,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DCHKPWD_HELPER=\"$(sbindir)/$(CHKPWD)\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBPWDB@ if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am index 5b2bb210..e0fec5dd 100644 --- a/modules/pam_rhosts/Makefile.am +++ b/modules/pam_rhosts/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_rhosts/pam_rhosts_auth.c b/modules/pam_rhosts/pam_rhosts_auth.c index 1e6a85af..24a7135a 100644 --- a/modules/pam_rhosts/pam_rhosts_auth.c +++ b/modules/pam_rhosts/pam_rhosts_auth.c @@ -85,7 +85,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* @@ -471,7 +471,7 @@ pam_iruserok(pam_handle_t *pamh, * Identify user's local .rhosts file */ - pwd = _pammodutil_getpwnam(pamh, luser); + pwd = pam_modutil_getpwnam(pamh, luser); if (pwd == NULL) { /* * luser is assumed to be valid because of an earlier check for uid = 0 @@ -532,7 +532,7 @@ pam_iruserok(pam_handle_t *pamh, /* private group caveat */ if (opts->opt_private_group) { - struct group *grp = _pammodutil_getgrgid(pamh, sbuf.st_gid); + struct group *grp = pam_modutil_getgrgid(pamh, sbuf.st_gid); if (NULL == grp || NULL == grp->gr_name || strcmp(luser,grp->gr_name)) { @@ -694,7 +694,7 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, if (! opts.opt_no_uid_check) { struct passwd *luser_pwd; - luser_pwd = _pammodutil_getpwnam(pamh, luser); + luser_pwd = pam_modutil_getpwnam(pamh, luser); if (luser_pwd == NULL) { if (opts.opt_debug) pam_syslog(pamh,LOG_DEBUG, "user '%s' unknown to this system", diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am index b09c8881..132168cd 100644 --- a/modules/pam_rootok/Makefile.am +++ b/modules/pam_rootok/Makefile.am @@ -9,13 +9,11 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include if HAVE_LIBSELINUX AM_CFLAGS += -DWITH_SELINUX endif AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam @LIBSELINUX@ if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am index 8ea6b662..c79bee4b 100644 --- a/modules/pam_securetty/Makefile.am +++ b/modules/pam_securetty/Makefile.am @@ -11,10 +11,8 @@ man_MANS = pam_securetty.8 securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index a31bed35..fd0af9b1 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -34,7 +34,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> #define PAM_DEBUG_ARG 0x0001 @@ -85,7 +85,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); } - user_pwd = _pammodutil_getpwnam(pamh, username); + user_pwd = pam_modutil_getpwnam(pamh, username); if (user_pwd == NULL) { return PAM_USER_UNKNOWN; } else if (user_pwd->pw_uid != 0) { /* If the user is not root, diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am index 154dbf42..5dfe6a5d 100644 --- a/modules/pam_selinux/Makefile.am +++ b/modules/pam_selinux/Makefile.am @@ -12,10 +12,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/libpam_misc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ + -I$(top_srcdir)/libpam_misc/include AM_LDFLAGS = -no-undefined \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam @LIBSELINUX@ pam_selinux_check_LDFLAGS = -L$(top_builddir)/libpam_misc -lpam_misc diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index d59cc39d..373a38f3 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -57,7 +57,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> #include <selinux/selinux.h> diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am index ad504a0f..4eef6288 100644 --- a/modules/pam_shells/Makefile.am +++ b/modules/pam_shells/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index 793b3dff..be4aeb18 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -31,7 +31,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> static int perform_check(pam_handle_t *pamh) @@ -61,7 +61,7 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; } - pw = _pammodutil_getpwnam(pamh, userName); + pw = pam_modutil_getpwnam(pamh, userName); if (!pw) { return PAM_AUTH_ERR; /* user doesn't exist */ } diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am index da019f89..5aec6a4c 100644 --- a/modules/pam_stress/Makefile.am +++ b/modules/pam_stress/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am index 4ed10b72..71a63dc1 100644 --- a/modules/pam_succeed_if/Makefile.am +++ b/modules/pam_succeed_if/Makefile.am @@ -11,10 +11,8 @@ man_MANS = pam_succeed_if.8 securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 2f5e6294..9e3046f3 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -53,7 +53,7 @@ #include <pwd.h> #include <grp.h> #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* Basically, run cmp(atol(left), atol(right)), returning PAM_SUCCESS if @@ -184,7 +184,7 @@ static int evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group) { int ret; - ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); + ret = pam_modutil_user_in_group_nam_nam(pamh, user, group); switch (ret) { case 1: return PAM_SUCCESS; @@ -199,7 +199,7 @@ static int evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group) { int ret; - ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); + ret = pam_modutil_user_in_group_nam_nam(pamh, user, group); switch (ret) { case 0: return PAM_SUCCESS; @@ -349,7 +349,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, if (use_uid) { /* Get information about the user. */ - pwd = _pammodutil_getpwuid(pamh, getuid()); + pwd = pam_modutil_getpwuid(pamh, getuid()); if (pwd == NULL) { pam_syslog(pamh,LOG_CRIT, "error retrieving information about user %ld", @@ -367,7 +367,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } /* Get information about the user. */ - pwd = _pammodutil_getpwnam(pamh, user); + pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { pam_syslog(pamh,LOG_CRIT, "error retrieving information about user %s", diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am index a900612b..73c819c4 100644 --- a/modules/pam_tally/Makefile.am +++ b/modules/pam_tally/Makefile.am @@ -11,9 +11,8 @@ secureconfdir = $(SCONFIGDIR) noinst_HEADERS = faillog.h -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ -AM_LDFLAGS = $(top_builddir)/modules/pammodutil/libpammodutil.la \ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_LDFLAGS = -no-undefined -avoid-version -module \ -L$(top_builddir)/libpam -lpam pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 579eb58f..9abe7d49 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -52,7 +52,7 @@ /* #define PAM_SM_PASSWORD */ #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /*---------------------------------------------------------------------*/ @@ -238,7 +238,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt return PAM_AUTH_ERR; } - if ( ! ( pw = _pammodutil_getpwnam( pamh, user ) ) ) { + if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { opts->ctrl & OPT_AUDIT ? pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user"); diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index d0a09f75..8a84ef78 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am @@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_umask/Makefile.am b/modules/pam_umask/Makefile.am index c887cd47..abc1cd68 100644 --- a/modules/pam_umask/Makefile.am +++ b/modules/pam_umask/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index ff705567..e93efc01 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -51,7 +51,7 @@ #define PAM_SM_SESSION #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> struct options_t { @@ -192,7 +192,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options, owner bits (examples: 022 -> 002, 077 -> 007). */ if (pw->pw_uid != 0 && pw->pw_uid == pw->pw_gid) { - struct group *grp = _pammodutil_getgrgid (pamh, pw->pw_gid); + struct group *grp = pam_modutil_getgrgid (pamh, pw->pw_gid); if (grp && (strcmp (pw->pw_name, grp->gr_name) == 0)) { mode_t oldmask = umask (0777); @@ -250,7 +250,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return PAM_SERVICE_ERR; } - pw = _pammodutil_getpwnam (pamh, name); + pw = pam_modutil_getpwnam (pamh, name); if (pw == NULL) { pam_syslog (pamh, LOG_ERR, "account for %s not found", name); diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am index 9997603b..608a095f 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -12,7 +12,6 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ \ -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" AM_LDFLAGS = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBSELINUX@ @@ -25,7 +24,6 @@ if HAVE_LIBCRACK endif pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ @LIBCRACK@ @LIBNSL@ if HAVE_VERSIONING pam_unix_la_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index d01a1fc0..03143d96 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -59,7 +59,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #ifndef LINUX_PAM #include <security/pam_appl.h> @@ -143,7 +143,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons } else { retval = WEXITSTATUS(retval); if (retval != PAM_AUTHINFO_UNAVAIL) { - rc = _pammodutil_read(fds[0], buf, sizeof(buf) - 1); + rc = pam_modutil_read(fds[0], buf, sizeof(buf) - 1); if(rc > 0) { buf[rc] = '\0'; if (sscanf(buf,"%ld:%ld:%ld:%ld:%ld:%ld", @@ -208,7 +208,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return PAM_USER_UNKNOWN; } - pwent = _pammodutil_getpwnam(pamh, uname); + pwent = pam_modutil_getpwnam(pamh, uname); if (!pwent) { _log_err(LOG_ALERT, pamh ,"could not identify user (from getpwnam(%s))" @@ -232,7 +232,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return PAM_CRED_INSUFFICIENT; } } - spent = _pammodutil_getspnam (pamh, uname); + spent = pam_modutil_getspnam (pamh, uname); if (save_uid == pwent->pw_uid) setreuid( save_uid, save_euid ); else { @@ -242,7 +242,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, } } else if (_unix_shadowed (pwent)) - spent = _pammodutil_getspnam (pamh, uname); + spent = pam_modutil_getspnam (pamh, uname); else return PAM_SUCCESS; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 54b3de83..7212952e 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -83,7 +83,7 @@ static security_context_t prev_context=NULL; #include <security/pam_appl.h> #endif /* LINUX_PAM */ -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include "yppasswd.h" #include "md5.h" @@ -282,14 +282,14 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const /* if the stored password is NULL */ int rc=0; if (fromwhat) - _pammodutil_write(fds[1], fromwhat, strlen(fromwhat)+1); + pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); else - _pammodutil_write(fds[1], "", 1); + pam_modutil_write(fds[1], "", 1); if (towhat) { - _pammodutil_write(fds[1], towhat, strlen(towhat)+1); + pam_modutil_write(fds[1], towhat, strlen(towhat)+1); } else - _pammodutil_write(fds[1], "", 1); + pam_modutil_write(fds[1], "", 1); close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); @@ -463,7 +463,7 @@ static int save_old_password(pam_handle_t *pamh, fclose(opwfile); if (!found) { - pwd = _pammodutil_getpwnam(pamh, forwho); + pwd = pam_modutil_getpwnam(pamh, forwho); if (pwd == NULL) { err = 1; } else { diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index e783039e..49aa29aa 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -53,7 +53,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #ifndef LINUX_PAM #include <security/pam_appl.h> @@ -91,7 +91,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, "open_session - error recovering service"); return PAM_SESSION_ERR; } - login_name = _pammodutil_getlogin(pamh); + login_name = pam_modutil_getlogin(pamh); if (login_name == NULL) { login_name = ""; } diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 91920291..f9b84da5 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -25,7 +25,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include "md5.h" #include "support.h" @@ -476,7 +476,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) /* UNIX passwords area */ /* Get password file entry... */ - pwd = _pammodutil_getpwnam (pamh, name); + pwd = pam_modutil_getpwnam (pamh, name); if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) @@ -498,7 +498,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) } } - spwdent = _pammodutil_getspnam (pamh, name); + spwdent = pam_modutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); else { @@ -511,7 +511,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) * ...and shadow password file entry for this user, * if shadowing is enabled */ - spwdent = _pammodutil_getspnam(pamh, name); + spwdent = pam_modutil_getspnam(pamh, name); } if (spwdent) salt = x_strdup(spwdent->sp_pwdp); @@ -662,7 +662,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name D(("locating user's record")); /* UNIX passwords area */ - pwd = _pammodutil_getpwnam (pamh, name); /* Get password file entry... */ + pwd = pam_modutil_getpwnam (pamh, name); /* Get password file entry... */ if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) @@ -683,7 +683,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } - spwdent = _pammodutil_getspnam (pamh, name); + spwdent = pam_modutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); else { @@ -696,7 +696,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name * ...and shadow password file entry for this user, * if shadowing is enabled */ - spwdent = _pammodutil_getspnam (pamh, name); + spwdent = pam_modutil_getspnam (pamh, name); } if (spwdent) salt = x_strdup(spwdent->sp_pwdp); @@ -806,7 +806,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name const void *void_old; - login_name = _pammodutil_getlogin(pamh); + login_name = pam_modutil_getlogin(pamh); if (login_name == NULL) { login_name = ""; } diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am index 8a68533a..080ff6b1 100644 --- a/modules/pam_userdb/Makefile.am +++ b/modules/pam_userdb/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README create.pl securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam @LIBDB@ @LIBCRYPT@ if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am index a3916205..5cdb6668 100644 --- a/modules/pam_warn/Makefile.am +++ b/modules/pam_warn/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am index e1b115a2..0b098be1 100644 --- a/modules/pam_wheel/Makefile.am +++ b/modules/pam_wheel/Makefile.am @@ -9,10 +9,8 @@ EXTRA_DIST = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index eaf32660..ddbf3b86 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -43,7 +43,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> /* checks if a user is on a list of members of the GID 0 group */ @@ -115,7 +115,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) return PAM_SERVICE_ERR; } - pwd = _pammodutil_getpwnam (pamh, username); + pwd = pam_modutil_getpwnam (pamh, username); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh,LOG_NOTICE,"unknown user %s",username); @@ -130,7 +130,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) } if (ctrl & PAM_USE_UID_ARG) { - tpwd = _pammodutil_getpwuid (pamh, getuid()); + tpwd = pam_modutil_getpwuid (pamh, getuid()); if (!tpwd) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh,LOG_NOTICE, "who is running me ?!"); @@ -139,9 +139,9 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) } fromsu = tpwd->pw_name; } else { - fromsu = _pammodutil_getlogin(pamh); + fromsu = pam_modutil_getlogin(pamh); if (fromsu) { - tpwd = _pammodutil_getpwnam (pamh, fromsu); + tpwd = pam_modutil_getpwnam (pamh, fromsu); } if (!fromsu || !tpwd) { if (ctrl & PAM_DEBUG_ARG) { @@ -156,11 +156,11 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) */ if (!use_group[0]) { - if ((grp = _pammodutil_getgrnam (pamh, "wheel")) == NULL) { - grp = _pammodutil_getgrgid (pamh, 0); + if ((grp = pam_modutil_getgrnam (pamh, "wheel")) == NULL) { + grp = pam_modutil_getgrgid (pamh, 0); } } else { - grp = _pammodutil_getgrnam (pamh, use_group); + grp = pam_modutil_getgrnam (pamh, use_group); } if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) { diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am index 2e7f0e0f..2dc65cd6 100644 --- a/modules/pam_xauth/Makefile.am +++ b/modules/pam_xauth/Makefile.am @@ -11,10 +11,8 @@ EXTRA_DIST = README ${MANS} securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/modules/pammodutil/include/ +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module \ - $(top_builddir)/modules/pammodutil/libpammodutil.la \ -L$(top_builddir)/libpam -lpam if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=../modules.map diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 27a657b9..382186f9 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -54,7 +54,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -#include <security/_pam_modutil.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> #define DATANAME "pam_xauth_cookie_file" @@ -141,12 +141,12 @@ run_coprocess(const char *input, char **output, close(opipe[1]); /* Send input to the process (if we have any), then send an EOF. */ if (input) { - (void)_pammodutil_write(ipipe[1], input, strlen(input)); + (void)pam_modutil_write(ipipe[1], input, strlen(input)); } close(ipipe[1]); /* Read data output until we run out of stuff to read. */ - i = _pammodutil_read(opipe[0], buf, sizeof(buf)); + i = pam_modutil_read(opipe[0], buf, sizeof(buf)); while ((i != 0) && (i != -1)) { char *tmp; /* Resize the buffer to hold the data. */ @@ -168,7 +168,7 @@ run_coprocess(const char *input, char **output, buffer[buffer_size + i] = '\0'; buffer_size += i; /* Try to read again. */ - i = _pammodutil_read(opipe[0], buf, sizeof(buf)); + i = pam_modutil_read(opipe[0], buf, sizeof(buf)); } /* No more data. Clean up and return data. */ close(opipe[0]); @@ -197,7 +197,7 @@ check_acl(pam_handle_t *pamh, int i; uid_t euid; /* Check this user's <sense> file. */ - pwd = _pammodutil_getpwnam(pamh, this_user); + pwd = pam_modutil_getpwnam(pamh, this_user); if (pwd == NULL) { pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining " "home directory for '%s'", this_user); @@ -333,7 +333,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, retval = PAM_SESSION_ERR; goto cleanup; } - rpwd = _pammodutil_getpwuid(pamh, getuid()); + rpwd = pam_modutil_getpwuid(pamh, getuid()); if (rpwd == NULL) { pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining invoking " "user's name"); @@ -343,7 +343,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Get the target user's UID and primary GID, which we'll need to set * on the xauthority file we create later on. */ - tpwd = _pammodutil_getpwnam(pamh, user); + tpwd = pam_modutil_getpwnam(pamh, user); if (tpwd == NULL) { pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining target " "user's UID"); diff --git a/modules/pammodutil/.cvsignore b/modules/pammodutil/.cvsignore deleted file mode 100644 index 99d2856d..00000000 --- a/modules/pammodutil/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -static -Makefile -Makefile.in diff --git a/modules/pammodutil/Makefile.am b/modules/pammodutil/Makefile.am deleted file mode 100644 index a55ff394..00000000 --- a/modules/pammodutil/Makefile.am +++ /dev/null @@ -1,16 +0,0 @@ -# -# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -AM_CFLAGS = -I$(srcdir)/include -I$(top_srcdir)/libpam/include - -noinst_HEADERS = pammodutil.h include/security/_pam_modutil.h - -noinst_LTLIBRARIES = libpammodutil.la - -libpammodutil_la_SOURCES = modutil_cleanup.c modutil_getgrgid.c \ - modutil_getgrnam.c modutil_getlogin.c modutil_getpwnam.c \ - modutil_getpwuid.c modutil_getspnam.c modutil_ingroup.c \ - modutil_ioloop.c diff --git a/modules/pammodutil/README b/modules/pammodutil/README deleted file mode 100644 index 241f83a7..00000000 --- a/modules/pammodutil/README +++ /dev/null @@ -1,15 +0,0 @@ -$Id$ - -This is a libarary of routines for use by modules. The routines seem -to have a common use for modules, but are not part of libpam and never -will be. They are also a convenient layer of abstraction for providing -thread-safe functions that may require use of pam_handle_t 'data' -items to make their thread-safeness tied to the use of a single -pam_handle_t per thread. - -Functions provided so far are all listed in - - include/security/_pam_modutil.h - -. - diff --git a/modules/pammodutil/include/security/_pam_modutil.h b/modules/pammodutil/include/security/_pam_modutil.h deleted file mode 100644 index c2ac24c2..00000000 --- a/modules/pammodutil/include/security/_pam_modutil.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef _PAM_MODUTIL_H -#define _PAM_MODUTIL_H - -/* - * $Id$ - * - * This file is a list of handy libc wrappers that attempt to provide some - * thread-safe and other convenient functionality to modules in a form that - * is common, but not dynamically linked with yet another dynamic pam - * library extension. - * - * A number of these functions reserve space in a pam_[sg]et_data item. - * In all cases, the name of the item is prefixed with "_pammodutil_*". - * - * On systems that simply can't support thread safe programming, these - * functions don't support it either - sorry. - * - * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org> - */ - -#include <pwd.h> -#include <grp.h> -#include <shadow.h> -#include <sys/types.h> - -extern struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, - const char *user); - -extern struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, - uid_t uid); - -extern struct group *_pammodutil_getgrnam(pam_handle_t *pamh, - const char *group); - -extern struct group *_pammodutil_getgrgid(pam_handle_t *pamh, - gid_t gid); - -extern struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, - const char *user); - -extern int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh, - const char *user, - const char *group); - -extern int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh, - const char *user, - gid_t group); - -extern int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh, - uid_t user, - const char *group); - -extern int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh, - uid_t user, - gid_t group); - -extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data, - int error_status); - -extern const char *_pammodutil_getlogin(pam_handle_t *pamh); - -extern int _pammodutil_read(int fd, char *buffer, int count); - -extern int _pammodutil_write(int fd, const char *buffer, int count); - -#endif /* _PAM_MODUTIL_H */ diff --git a/modules/pammodutil/pammodutil.h b/modules/pammodutil/pammodutil.h deleted file mode 100644 index d60d588a..00000000 --- a/modules/pammodutil/pammodutil.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef PAMMODUTIL_H -#define PAMMODUTIL_H - -/* - * $Id$ - * - * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org> - */ - -#include "config.h" - -#include <security/_pam_macros.h> -#include <security/pam_modules.h> -#include <security/_pam_modutil.h> - -#define PWD_INITIAL_LENGTH 0x100 -#define PWD_ABSURD_PWD_LENGTH 0x8000 - -/* This is a simple cleanup, it just free()s the 'data' memory */ -extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data, - int error_status); - -#endif /* PAMMODUTIL_H */ diff --git a/po/POTFILES.in b/po/POTFILES.in index 8015767c..9d3b07b8 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -27,15 +27,6 @@ ./modules/pam_selinux/pam_selinux_check.c ./modules/pam_selinux/pam_selinux.c ./modules/pam_permit/pam_permit.c -./modules/pammodutil/modutil_getlogin.c -./modules/pammodutil/modutil_cleanup.c -./modules/pammodutil/modutil_getspnam.c -./modules/pammodutil/modutil_ingroup.c -./modules/pammodutil/modutil_getgrgid.c -./modules/pammodutil/modutil_getgrnam.c -./modules/pammodutil/modutil_getpwnam.c -./modules/pammodutil/modutil_getpwuid.c -./modules/pammodutil/modutil_ioloop.c ./modules/pam_deny/pam_deny.c ./modules/pam_rhosts/pam_rhosts_auth.c ./modules/pam_mail/pam_mail.c @@ -91,6 +82,15 @@ ./libpam/pam_malloc.c ./libpam/pam_syslog.c ./libpam/pam_vprompt.c +./libpam/pam_modutil_getlogin.c +./libpam/pam_modutil_cleanup.c +./libpam/pam_modutil_getspnam.c +./libpam/pam_modutil_ingroup.c +./libpam/pam_modutil_getgrgid.c +./libpam/pam_modutil_getgrnam.c +./libpam/pam_modutil_getpwnam.c +./libpam/pam_modutil_getpwuid.c +./libpam/pam_modutil_ioloop.c ./examples/xsh.c ./examples/check_user.c ./examples/vpass.c |