diff options
Diffstat (limited to 'Linux-PAM/libpam/pam_misc.c')
| -rw-r--r-- | Linux-PAM/libpam/pam_misc.c | 359 |
1 files changed, 0 insertions, 359 deletions
diff --git a/Linux-PAM/libpam/pam_misc.c b/Linux-PAM/libpam/pam_misc.c deleted file mode 100644 index 574a570e..00000000 --- a/Linux-PAM/libpam/pam_misc.c +++ /dev/null @@ -1,359 +0,0 @@ -/* pam_misc.c -- This is random stuff - * - * Copyright (c) Andrew G. Morgan <morgan@kernel.org> 2000-2003 - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "pam_private.h" - -#include <stdarg.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <ctype.h> - -char *_pam_StrTok(char *from, const char *format, char **next) -/* - * this function is a variant of the standard strtok, it differs in that - * it takes an additional argument and doesn't nul terminate tokens until - * they are actually reached. - */ -{ - char table[256], *end; - int i; - - if (from == NULL && (from = *next) == NULL) - return from; - - /* initialize table */ - for (i=1; i<256; table[i++] = '\0'); - for (i=0; format[i] ; table[(int)format[i++]] = 'y'); - - /* look for first non-format char */ - while (*from && table[(int)*from]) { - ++from; - } - - if (*from == '[') { - /* - * special case, "[...]" is considered to be a single - * object. Note, however, if one of the format[] chars is - * '[' this single string will not be read correctly. - * Note, any '[' inside the outer "[...]" pair will survive. - * Note, the first ']' will terminate this string, but - * that "\]" will get compressed into "]". That is: - * - * "[..[..\]..]..." --> "..[..].." - */ - char *to; - for (to=end=++from; *end && *end != ']'; ++to, ++end) { - if (*end == '\\' && end[1] == ']') - ++end; - if (to != end) { - *to = *end; - } - } - if (to != end) { - *to = '\0'; - } - /* note, this string is stripped of its edges: "..." is what - remains */ - } else if (*from) { - /* simply look for next blank char */ - for (end=from; *end && !table[(int)*end]; ++end); - } else { - return (*next = NULL); /* no tokens left */ - } - - /* now terminate what we have */ - if (*end) - *end++ = '\0'; - - /* indicate what it left */ - if (*end) { - *next = end; - } else { - *next = NULL; /* have found last token */ - } - - /* return what we have */ - return from; -} - -/* - * Safe duplication of character strings. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -char *_pam_strdup(const char *x) -{ - register char *new=NULL; - - if (x != NULL) { - register int len; - - len = strlen (x) + 1; /* length of string including NUL */ - if ((new = malloc(len)) == NULL) { - len = 0; - pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory"); - } else { - strcpy (new, x); - } - x = NULL; - } - - return new; /* return the duplicate or NULL on error */ -} - -/* - * Safe duplication of memory buffers. "Paranoid"; don't leave - * evidence of old token around for later stack analysis. - */ - -char *_pam_memdup(const char *x, int len) -{ - register char *new=NULL; - - if (x != NULL) { - if ((new = malloc(len)) == NULL) { - len = 0; - pam_syslog(NULL, LOG_CRIT, "_pam_memdup: failed to get memory"); - } else { - memcpy (new, x, len); - } - x = NULL; - } - - return new; /* return the duplicate or NULL on error */ -} - -/* Generate argv, argc from s */ -/* caller must free(argv) */ - -int _pam_mkargv(char *s, char ***argv, int *argc) -{ - int l; - int argvlen = 0; - char *sbuf, *sbuf_start; - char **our_argv = NULL; - char **argvbuf; - char *argvbufp; -#ifdef DEBUG - int count=0; -#endif - - D(("_pam_mkargv called: %s",s)); - - *argc = 0; - - l = strlen(s); - if (l) { - if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by _pam_strdup"); - D(("arg NULL")); - } else { - /* Overkill on the malloc, but not large */ - argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *)); - if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by malloc"); - } else { - char *tmp=NULL; - - argvbufp = (char *) argvbuf + (l * sizeof(char *)); - D(("[%s]",sbuf)); - while ((sbuf = _pam_StrTok(sbuf, " \n\t", &tmp))) { - D(("arg #%d",++count)); - D(("->[%s]",sbuf)); - strcpy(argvbufp, sbuf); - D(("copied token")); - *argvbuf = argvbufp; - argvbufp += strlen(argvbufp) + 1; - D(("stepped in argvbufp")); - (*argc)++; - argvbuf++; - sbuf = NULL; - D(("loop again?")); - } - } - _pam_drop(sbuf_start); - } - } - - *argv = our_argv; - - D(("_pam_mkargv returned")); - - return(argvlen); -} - -/* - * this function is used to protect the modules from accidental or - * semi-mallicious harm that an application may do to confuse the API. - */ - -void _pam_sanitize(pam_handle_t *pamh) -{ - int old_caller_is = pamh->caller_is; - - /* - * this is for security. We reset the auth-tokens here. - */ - __PAM_TO_MODULE(pamh); - pam_set_item(pamh, PAM_AUTHTOK, NULL); - pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); - pamh->caller_is = old_caller_is; -} - -/* - * This function scans the array and replaces the _PAM_ACTION_UNDEF - * entries with the default action. - */ - -void _pam_set_default_control(int *control_array, int default_action) -{ - int i; - - for (i=0; i<_PAM_RETURN_VALUES; ++i) { - if (control_array[i] == _PAM_ACTION_UNDEF) { - control_array[i] = default_action; - } - } -} - -/* - * This function is used to parse a control string. This string is a - * series of tokens of the following form: - * - * "[ ]*return_code[ ]*=[ ]*action/[ ]". - */ - -#include "pam_tokens.h" - -void _pam_parse_control(int *control_array, char *tok) -{ - const char *error; - int ret; - - while (*tok) { - int act, len; - - /* skip leading space */ - while (isspace((int)*tok) && *++tok); - if (!*tok) - break; - - /* identify return code */ - for (ret=0; ret<=_PAM_RETURN_VALUES; ++ret) { - len = strlen(_pam_token_returns[ret]); - if (!strncmp(_pam_token_returns[ret], tok, len)) { - break; - } - } - if (ret > _PAM_RETURN_VALUES || !*(tok += len)) { - error = "expecting return value"; - goto parse_error; - } - - /* observe '=' */ - while (isspace((int)*tok) && *++tok); - if (!*tok || *tok++ != '=') { - error = "expecting '='"; - goto parse_error; - } - - /* skip leading space */ - while (isspace((int)*tok) && *++tok); - if (!*tok) { - error = "expecting action"; - goto parse_error; - } - - /* observe action type */ - for (act=0; act < (-(_PAM_ACTION_UNDEF)); ++act) { - len = strlen(_pam_token_actions[act]); - if (!strncmp(_pam_token_actions[act], tok, len)) { - act *= -1; - tok += len; - break; - } - } - if (act > 0) { - /* - * Either we have a number or we have hit an error. In - * principle, there is nothing to stop us accepting - * negative offsets. (Although we would have to think of - * another way of encoding the tokens.) However, I really - * think this would be both hard to administer and easily - * cause looping problems. So, for now, we will just - * allow forward jumps. (AGM 1998/1/7) - */ - if (!isdigit((int)*tok)) { - error = "expecting jump number"; - goto parse_error; - } - /* parse a number */ - act = 0; - do { - act *= 10; - act += *tok - '0'; /* XXX - this assumes ascii behavior */ - } while (*++tok && isdigit((int)*tok)); - if (! act) { - /* we do not allow 0 jumps. There is a token ('ignore') - for that */ - error = "expecting non-zero"; - goto parse_error; - } - } - - /* set control_array element */ - if (ret != _PAM_RETURN_VALUES) { - control_array[ret] = act; - } else { - /* set the default to 'act' */ - _pam_set_default_control(control_array, act); - } - } - - /* that was a success */ - return; - -parse_error: - /* treat everything as bad */ - pam_syslog(NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok); - for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD); - -} |