diff options
Diffstat (limited to 'libpam_misc')
| -rw-r--r-- | libpam_misc/.cvsignore | 15 | ||||
| -rw-r--r-- | libpam_misc/Makefile.am | 23 | ||||
| -rw-r--r-- | libpam_misc/help_env.c | 88 | ||||
| -rw-r--r-- | libpam_misc/include/security/pam_misc.h | 52 | ||||
| -rw-r--r-- | libpam_misc/libpam_misc.map | 17 | ||||
| -rw-r--r-- | libpam_misc/misc_conv.c | 395 |
6 files changed, 0 insertions, 590 deletions
diff --git a/libpam_misc/.cvsignore b/libpam_misc/.cvsignore deleted file mode 100644 index 7c2d2665..00000000 --- a/libpam_misc/.cvsignore +++ /dev/null @@ -1,15 +0,0 @@ -libpam_misc.so -libpam_misc.a -libpamd_misc.so -libpamd_misc.a -help_env.o -misc_conv.o -xstrdup.o -dynamic -static -Makefile -Makefile.in -*.la -*.lo -.deps -.libs diff --git a/libpam_misc/Makefile.am b/libpam_misc/Makefile.am deleted file mode 100644 index 592c73e4..00000000 --- a/libpam_misc/Makefile.am +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de> -# - -CLEANFILES = *~ - -EXTRA_DIST = libpam_misc.map - -include_HEADERS = include/security/pam_misc.h - -AM_CFLAGS = -I$(top_srcdir)/libpam/include \ - -I$(top_srcdir)/libpamc/include -I$(srcdir)/include - -libpam_misc_la_LDFLAGS = -no-undefined -version-info 81:3:81 -if HAVE_VERSIONING - libpam_misc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam_misc.map -endif -libpam_misc_la_LIBADD = $(top_builddir)/libpam/libpam.la - -lib_LTLIBRARIES = libpam_misc.la - -libpam_misc_la_SOURCES = help_env.c misc_conv.c - diff --git a/libpam_misc/help_env.c b/libpam_misc/help_env.c deleted file mode 100644 index 601c5f41..00000000 --- a/libpam_misc/help_env.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * $Id$ - * - * This file was written by Andrew G. Morgan <morgan@parc.power.net> - * - */ - -#include "config.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <security/pam_misc.h> - -/* - * This function should be used to carefully dispose of the copied - * environment. - * - * usage: env = pam_misc_drop_env(env); - */ - -char **pam_misc_drop_env(char **dump) -{ - int i; - - for (i=0; dump[i] != NULL; ++i) { - D(("dump[%d]=`%s'", i, dump[i])); - _pam_overwrite(dump[i]); - _pam_drop(dump[i]); - } - _pam_drop(dump); - - return NULL; -} - -/* - * This function takes the supplied environment and uploads it to be - * the PAM one. - */ - -int pam_misc_paste_env(pam_handle_t *pamh, const char * const * user_env) -{ - for (; user_env && *user_env; ++user_env) { - int retval; - - D(("uploading: %s", *user_env)); - retval = pam_putenv(pamh, *user_env); - if (retval != PAM_SUCCESS) { - D(("error setting %s: %s", *user_env, pam_strerror(pamh,retval))); - return retval; - } - } - D(("done.")); - return PAM_SUCCESS; -} - -/* - * This is a wrapper to make pam behave in the way that setenv() does. - */ - -int pam_misc_setenv(pam_handle_t *pamh, const char *name - , const char *value, int readonly) -{ - char *tmp; - int retval; - - if (readonly) { - const char *etmp; - - /* we check if the variable is there already */ - etmp = pam_getenv(pamh, name); - if (etmp != NULL) { - D(("failed to set readonly variable: %s", name)); - return PAM_PERM_DENIED; /* not allowed to overwrite */ - } - } - if (asprintf(&tmp, "%s=%s", name, value) >= 0) { - D(("pam_putt()ing: %s", tmp)); - retval = pam_putenv(pamh, tmp); - _pam_overwrite(tmp); /* purge */ - _pam_drop(tmp); /* forget */ - } else { - D(("malloc failure")); - retval = PAM_BUF_ERR; - } - - return retval; -} diff --git a/libpam_misc/include/security/pam_misc.h b/libpam_misc/include/security/pam_misc.h deleted file mode 100644 index 07578e64..00000000 --- a/libpam_misc/include/security/pam_misc.h +++ /dev/null @@ -1,52 +0,0 @@ -/* $Id$ */ - -#ifndef __PAMMISC_H -#define __PAMMISC_H - -#include <security/pam_appl.h> -#include <security/pam_client.h> - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/* include some useful macros */ - -#include <security/_pam_macros.h> - -/* functions defined in pam_misc.* libraries */ - -extern int misc_conv(int num_msg, const struct pam_message **msgm, - struct pam_response **response, void *appdata_ptr); - -#include <time.h> - -extern time_t pam_misc_conv_warn_time; /* time that we should warn user */ -extern time_t pam_misc_conv_die_time; /* cut-off time for input */ -extern const char *pam_misc_conv_warn_line; /* warning notice */ -extern const char *pam_misc_conv_die_line; /* cut-off remark */ -extern int pam_misc_conv_died; /* 1 = cut-off time reached (0 not) */ -extern int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); -extern void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p); -/* - * Environment helper functions - */ - -/* transcribe given environment (to pam) */ -extern int pam_misc_paste_env(pam_handle_t *pamh - , const char * const * user_env); - -/* delete environment as obtained from (pam_getenvlist) */ -extern char **pam_misc_drop_env(char **env); - -/* provide something like the POSIX setenv function for the (Linux-)PAM - * environment. */ - -extern int pam_misc_setenv(pam_handle_t *pamh, const char *name - , const char *value, int readonly); - -#ifdef __cplusplus -} -#endif /* def __cplusplus */ - -#endif /* ndef __PAMMISC_H */ diff --git a/libpam_misc/libpam_misc.map b/libpam_misc/libpam_misc.map deleted file mode 100644 index 2f28d5cf..00000000 --- a/libpam_misc/libpam_misc.map +++ /dev/null @@ -1,17 +0,0 @@ -LIBPAM_MISC_1.0 { - global: - misc_conv; - pam_misc_conv_warn_time; - pam_misc_conv_die_time; - pam_misc_conv_warn_line; - pam_misc_conv_die_line; - pam_misc_conv_died; - pam_binary_handler_fn; - pam_binary_handler_free; - pam_misc_paste_env; - pam_misc_drop_env; - pam_misc_setenv; - - local: - *; -}; diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c deleted file mode 100644 index 3f82de1b..00000000 --- a/libpam_misc/misc_conv.c +++ /dev/null @@ -1,395 +0,0 @@ -/* - * A generic conversation function for text based applications - * - * Written by Andrew Morgan <morgan@linux.kernel.org> - */ - -#include "config.h" - -#include <signal.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/types.h> -#include <termios.h> -#include <time.h> -#include <unistd.h> - -#include <security/pam_appl.h> -#include <security/pam_misc.h> - -#define INPUTSIZE PAM_MAX_MSG_SIZE /* maximum length of input+1 */ -#define CONV_ECHO_ON 1 /* types of echo state */ -#define CONV_ECHO_OFF 0 - -/* - * external timeout definitions - these can be overriden by the - * application. - */ - -time_t pam_misc_conv_warn_time = 0; /* time when we warn */ -time_t pam_misc_conv_die_time = 0; /* time when we timeout */ - -const char *pam_misc_conv_warn_line = N_("...Time is running out...\n"); -const char *pam_misc_conv_die_line = N_("...Sorry, your time is up!\n"); - -int pam_misc_conv_died=0; /* application can probe this for timeout */ - -/* - * These functions are for binary prompt manipulation. - * The manner in which a binary prompt is processed is application - * specific, so these function pointers are provided and can be - * initialized by the application prior to the conversation function - * being used. - */ - -static void pam_misc_conv_delete_binary(void *appdata UNUSED, - pamc_bp_t *delete_me) -{ - PAM_BP_RENEW(delete_me, 0, 0); -} - -int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p) = NULL; -void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p) - = pam_misc_conv_delete_binary; - -/* the following code is used to get text input */ - -static volatile int expired=0; - -/* return to the previous signal handling */ -static void reset_alarm(struct sigaction *o_ptr) -{ - (void) alarm(0); /* stop alarm clock - if still ticking */ - (void) sigaction(SIGALRM, o_ptr, NULL); -} - -/* this is where we intercept the alarm signal */ -static void time_is_up(int ignore UNUSED) -{ - expired = 1; -} - -/* set the new alarm to hit the time_is_up() function */ -static int set_alarm(int delay, struct sigaction *o_ptr) -{ - struct sigaction new_sig; - - sigemptyset(&new_sig.sa_mask); - new_sig.sa_flags = 0; - new_sig.sa_handler = time_is_up; - if ( sigaction(SIGALRM, &new_sig, o_ptr) ) { - return 1; /* setting signal failed */ - } - if ( alarm(delay) ) { - (void) sigaction(SIGALRM, o_ptr, NULL); - return 1; /* failed to set alarm */ - } - return 0; /* all seems to have worked */ -} - -/* return the number of seconds to next alarm. 0 = no delay, -1 = expired */ -static int get_delay(void) -{ - time_t now; - - expired = 0; /* reset flag */ - (void) time(&now); - - /* has the quit time past? */ - if (pam_misc_conv_die_time && now >= pam_misc_conv_die_time) { - fprintf(stderr,"%s",pam_misc_conv_die_line); - - pam_misc_conv_died = 1; /* note we do not reset the die_time */ - return -1; /* time is up */ - } - - /* has the warning time past? */ - if (pam_misc_conv_warn_time && now >= pam_misc_conv_warn_time) { - fprintf(stderr, "%s", pam_misc_conv_warn_line); - pam_misc_conv_warn_time = 0; /* reset warn_time */ - - /* indicate remaining delay - if any */ - - return (pam_misc_conv_die_time ? pam_misc_conv_die_time - now:0 ); - } - - /* indicate possible warning delay */ - - if (pam_misc_conv_warn_time) - return (pam_misc_conv_warn_time - now); - else if (pam_misc_conv_die_time) - return (pam_misc_conv_die_time - now); - else - return 0; -} - -/* read a line of input string, giving prompt when appropriate */ -static int read_string(int echo, const char *prompt, char **retstr) -{ - struct termios term_before, term_tmp; - char line[INPUTSIZE]; - struct sigaction old_sig; - int delay, nc = -1, have_term = 0; - sigset_t oset, nset; - - D(("called with echo='%s', prompt='%s'.", echo ? "ON":"OFF" , prompt)); - - if (isatty(STDIN_FILENO)) { /* terminal state */ - - /* is a terminal so record settings and flush it */ - if ( tcgetattr(STDIN_FILENO, &term_before) != 0 ) { - D(("<error: failed to get terminal settings>")); - *retstr = NULL; - return -1; - } - memcpy(&term_tmp, &term_before, sizeof(term_tmp)); - if (!echo) { - term_tmp.c_lflag &= ~(ECHO); - } - have_term = 1; - - /* - * We make a simple attempt to block TTY signals from suspending - * the conversation without giving PAM a chance to clean up. - */ - - sigemptyset(&nset); - sigaddset(&nset, SIGTSTP); - (void) sigprocmask(SIG_BLOCK, &nset, &oset); - - } else if (!echo) { - D(("<warning: cannot turn echo off>")); - } - - /* set up the signal handling */ - delay = get_delay(); - - /* reading the line */ - while (delay >= 0) { - /* this may, or may not set echo off -- drop pending input */ - if (have_term) - (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &term_tmp); - - fprintf(stderr, "%s", prompt); - - if ( delay > 0 && set_alarm(delay, &old_sig) ) { - D(("<failed to set alarm>")); - break; - } else { - if (have_term) - nc = read(STDIN_FILENO, line, INPUTSIZE-1); - else /* we must read one line only */ - for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n'; - nc++) { - int rv; - if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) { - if (rv < 0) - nc = rv; - break; - } - } - if (have_term) { - (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); - if (!echo || expired) /* do we need a newline? */ - fprintf(stderr,"\n"); - } - if ( delay > 0 ) { - reset_alarm(&old_sig); - } - if (expired) { - delay = get_delay(); - } else if (nc > 0) { /* we got some user input */ - D(("we got some user input")); - - if (nc > 0 && line[nc-1] == '\n') { /* <NUL> terminate */ - line[--nc] = '\0'; - } else { - if (echo) { - fprintf(stderr, "\n"); - } - line[nc] = '\0'; - } - *retstr = x_strdup(line); - _pam_overwrite(line); - - goto cleanexit; /* return malloc()ed string */ - - } else if (nc == 0) { /* Ctrl-D */ - D(("user did not want to type anything")); - - *retstr = NULL; - if (echo) { - fprintf(stderr, "\n"); - } - goto cleanexit; /* return malloc()ed "" */ - } else if (nc == -1) { - /* Don't loop forever if read() returns -1. */ - D(("error reading input from the user: %m")); - if (echo) { - fprintf(stderr, "\n"); - } - *retstr = NULL; - goto cleanexit; /* return NULL */ - } - } - } - - /* getting here implies that the timer expired */ - - D(("the timer appears to have expired")); - - *retstr = NULL; - _pam_overwrite(line); - - cleanexit: - - if (have_term) { - (void) sigprocmask(SIG_SETMASK, &oset, NULL); - (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); - } - - return nc; -} - -/* end of read_string functions */ - -/* - * This conversation function is supposed to be a generic PAM one. - * Unfortunately, it is _not_ completely compatible with the Solaris PAM - * codebase. - * - * Namely, for msgm's that contain multiple prompts, this function - * interprets "const struct pam_message **msgm" as equivalent to - * "const struct pam_message *msgm[]". The Solaris module - * implementation interprets the **msgm object as a pointer to a - * pointer to an array of "struct pam_message" objects (that is, a - * confusing amount of pointer indirection). - */ - -int misc_conv(int num_msg, const struct pam_message **msgm, - struct pam_response **response, void *appdata_ptr) -{ - int count=0; - struct pam_response *reply; - - if (num_msg <= 0) - return PAM_CONV_ERR; - - D(("allocating empty response structure array.")); - - reply = (struct pam_response *) calloc(num_msg, - sizeof(struct pam_response)); - if (reply == NULL) { - D(("no memory for responses")); - return PAM_CONV_ERR; - } - - D(("entering conversation function.")); - - for (count=0; count < num_msg; ++count) { - char *string=NULL; - int nc; - - switch (msgm[count]->msg_style) { - case PAM_PROMPT_ECHO_OFF: - nc = read_string(CONV_ECHO_OFF,msgm[count]->msg, &string); - if (nc < 0) { - goto failed_conversation; - } - break; - case PAM_PROMPT_ECHO_ON: - nc = read_string(CONV_ECHO_ON,msgm[count]->msg, &string); - if (nc < 0) { - goto failed_conversation; - } - break; - case PAM_ERROR_MSG: - if (fprintf(stderr,"%s\n",msgm[count]->msg) < 0) { - goto failed_conversation; - } - break; - case PAM_TEXT_INFO: - if (fprintf(stdout,"%s\n",msgm[count]->msg) < 0) { - goto failed_conversation; - } - break; - case PAM_BINARY_PROMPT: - { - pamc_bp_t binary_prompt = NULL; - - if (!msgm[count]->msg || !pam_binary_handler_fn) { - goto failed_conversation; - } - - PAM_BP_RENEW(&binary_prompt, - PAM_BP_RCONTROL(msgm[count]->msg), - PAM_BP_LENGTH(msgm[count]->msg)); - PAM_BP_FILL(binary_prompt, 0, PAM_BP_LENGTH(msgm[count]->msg), - PAM_BP_RDATA(msgm[count]->msg)); - - if (pam_binary_handler_fn(appdata_ptr, - &binary_prompt) != PAM_SUCCESS - || (binary_prompt == NULL)) { - goto failed_conversation; - } - string = (char *) binary_prompt; - binary_prompt = NULL; - - break; - } - default: - fprintf(stderr, _("erroneous conversation (%d)\n"), - msgm[count]->msg_style); - goto failed_conversation; - } - - if (string) { /* must add to reply array */ - /* add string to list of responses */ - - reply[count].resp_retcode = 0; - reply[count].resp = string; - string = NULL; - } - } - - *response = reply; - reply = NULL; - - return PAM_SUCCESS; - -failed_conversation: - - D(("the conversation failed")); - - if (reply) { - for (count=0; count<num_msg; ++count) { - if (reply[count].resp == NULL) { - continue; - } - switch (msgm[count]->msg_style) { - case PAM_PROMPT_ECHO_ON: - case PAM_PROMPT_ECHO_OFF: - _pam_overwrite(reply[count].resp); - free(reply[count].resp); - break; - case PAM_BINARY_PROMPT: - { - void *bt_ptr = reply[count].resp; - pam_binary_handler_free(appdata_ptr, bt_ptr); - break; - } - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - /* should not actually be able to get here... */ - free(reply[count].resp); - } - reply[count].resp = NULL; - } - /* forget reply too */ - free(reply); - reply = NULL; - } - - return PAM_CONV_ERR; -} |