summaryrefslogtreecommitdiff
path: root/libpamc
diff options
context:
space:
mode:
Diffstat (limited to 'libpamc')
-rw-r--r--libpamc/include/security/pam_client.h42
-rw-r--r--libpamc/pamc_converse.c2
-rwxr-xr-xlibpamc/test/agents/secret@here3
-rw-r--r--libpamc/test/modules/pam_secret.c16
-rw-r--r--libpamc/test/regress/test.libpamc.c18
5 files changed, 48 insertions, 33 deletions
diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h
index 723dd88d..90040fbe 100644
--- a/libpamc/include/security/pam_client.h
+++ b/libpamc/include/security/pam_client.h
@@ -87,17 +87,20 @@ char **pamc_list_agents(pamc_handle_t pch);
# define PAM_BP_FREE free
#endif /* PAM_BP_FREE */
-#define __PAM_BP_OCTET(x,y) (*((y) + (__u8 *)(x)))
+#define __PAM_BP_WOCTET(x,y) (*((y) + (__u8 *)(x)))
+#define __PAM_BP_ROCTET(x,y) (*((y) + (const __u8 *)(x)))
#define PAM_BP_MIN_SIZE (sizeof(__u32) + sizeof(__u8))
#define PAM_BP_MAX_LENGTH 0x20000 /* an advisory limit */
-#define PAM_BP_CONTROL(x) (__PAM_BP_OCTET(x,4))
-#define PAM_BP_SIZE(x) ((__PAM_BP_OCTET(x,0)<<24)+ \
- (__PAM_BP_OCTET(x,1)<<16)+ \
- (__PAM_BP_OCTET(x,2)<< 8)+ \
- (__PAM_BP_OCTET(x,3) ))
+#define PAM_BP_WCONTROL(x) (__PAM_BP_WOCTET(x,4))
+#define PAM_BP_RCONTROL(x) (__PAM_BP_ROCTET(x,4))
+#define PAM_BP_SIZE(x) ((__PAM_BP_ROCTET(x,0)<<24)+ \
+ (__PAM_BP_ROCTET(x,1)<<16)+ \
+ (__PAM_BP_ROCTET(x,2)<< 8)+ \
+ (__PAM_BP_ROCTET(x,3) ))
#define PAM_BP_LENGTH(x) (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE)
-#define PAM_BP_DATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x))
+#define PAM_BP_WDATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x))
+#define PAM_BP_RDATA(x) (PAM_BP_MIN_SIZE + (const __u8 *) (x))
/* Note, this macro always '\0' terminates renewed packets */
@@ -105,7 +108,8 @@ char **pamc_list_agents(pamc_handle_t pch);
do { \
if (old_p) { \
if (*(old_p)) { \
- __u32 __size = PAM_BP_SIZE(*(old_p)); \
+ __u32 __size; \
+ __size = PAM_BP_SIZE(*(old_p)); \
memset(*(old_p), 0, __size); \
PAM_BP_FREE(*(old_p)); \
} \
@@ -114,10 +118,10 @@ do { \
\
__size = PAM_BP_MIN_SIZE + data_length; \
if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \
- __PAM_BP_OCTET(*(old_p), 3) = __size & 0xFF; \
- __PAM_BP_OCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \
- __PAM_BP_OCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \
- __PAM_BP_OCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \
+ __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \
+ __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \
+ __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \
+ __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \
(*(old_p))->control = cntrl; \
} else { \
PAM_BP_ASSERT("out of memory for binary prompt"); \
@@ -138,19 +142,19 @@ do { \
if (bp_length < ((length)+(offset))) { \
PAM_BP_ASSERT("attempt to write over end of prompt"); \
} \
- memcpy((offset) + PAM_BP_DATA(prompt), (data), (length)); \
+ memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length)); \
} while (0)
#define PAM_BP_EXTRACT(prmpt, offset, length, data) \
do { \
- int bp_length; \
- __u8 *prompt = (__u8 *) (prmpt); \
- bp_length = PAM_BP_LENGTH(prompt); \
- if (((offset) < 0) || bp_length < ((length)+(offset)) \
- || (length) < 0) { \
+ int __bp_length; \
+ const __u8 *__prompt = (const __u8 *) (prmpt); \
+ __bp_length = PAM_BP_LENGTH(__prompt); \
+ if (((offset) < 0) || (__bp_length < ((length)+(offset))) \
+ || ((length) < 0)) { \
PAM_BP_ASSERT("invalid extraction from prompt"); \
} \
- memcpy((data), (offset) + PAM_BP_DATA(prompt), (length)); \
+ memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length)); \
} while (0)
diff --git a/libpamc/pamc_converse.c b/libpamc/pamc_converse.c
index 92ef7525..540a7d86 100644
--- a/libpamc/pamc_converse.c
+++ b/libpamc/pamc_converse.c
@@ -155,7 +155,7 @@ int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p)
/* construct the whole reply prompt */
size = PAM_BP_SIZE(raw);
- control = PAM_BP_CONTROL(raw);
+ control = PAM_BP_RCONTROL(raw);
memset(raw, 0, sizeof(raw));
D(("agent replied with prompt of size %d and control %u",
diff --git a/libpamc/test/agents/secret@here b/libpamc/test/agents/secret@here
index 18d8a661..afdcbaa8 100755
--- a/libpamc/test/agents/secret@here
+++ b/libpamc/test/agents/secret@here
@@ -261,6 +261,9 @@ sub CreateDigest ($) {
or die "you'll need /usr/bin/md5sum installed";
my $oldfd = select MD5in; $|=1; select $oldfd;
+ if ($debug) {
+ print STDERR "agent: ". "telling md5: <$data>\n";
+ }
print MD5in "$data";
close MD5in;
my $reply = <MD5out>;
diff --git a/libpamc/test/modules/pam_secret.c b/libpamc/test/modules/pam_secret.c
index 04c7631b..7efa8c23 100644
--- a/libpamc/test/modules/pam_secret.c
+++ b/libpamc/test/modules/pam_secret.c
@@ -344,7 +344,7 @@ static int auth_sequence(pam_handle_t *pamh,
PAM_BP_RENEW(&new->current_prompt, PAM_BPC_SELECT,
sizeof(PS_AGENT_ID) + strlen(rusername) + 1
+ strlen(rhostname) + 1 + 32);
- sprintf(PAM_BP_DATA(new->current_prompt),
+ sprintf(PAM_BP_WDATA(new->current_prompt),
PS_AGENT_ID "/%s@%s|%.32s", rusername, rhostname,
new->server_cookie);
@@ -390,7 +390,7 @@ static int auth_sequence(pam_handle_t *pamh,
/* find | */
length = PAM_BP_LENGTH(new->current_reply);
for (i=0; i<length; ++i) {
- if (PAM_BP_DATA(new->current_reply)[i] == '|') {
+ if (PAM_BP_RDATA(new->current_reply)[i] == '|') {
break;
}
}
@@ -407,13 +407,13 @@ static int auth_sequence(pam_handle_t *pamh,
}
/* copy client cookie */
- memcpy(new->client_cookie, PAM_BP_DATA(new->current_reply)+i, 32);
+ memcpy(new->client_cookie, PAM_BP_RDATA(new->current_reply)+i, 32);
/* generate a prompt that is length(seqid) + length(|) + 32 long */
PAM_BP_RENEW(&new->current_prompt, PAM_BPC_OK, i+32);
/* copy the head of the response prompt */
- memcpy(PAM_BP_DATA(new->current_prompt),
- PAM_BP_DATA(new->current_reply), i);
+ memcpy(PAM_BP_WDATA(new->current_prompt),
+ PAM_BP_RDATA(new->current_reply), i);
PAM_BP_RENEW(&new->current_reply, 0, 0);
/* look up the secret */
@@ -456,7 +456,7 @@ static int auth_sequence(pam_handle_t *pamh,
/* construct md5[<client_cookie>|<server_cookie>|<secret_data>] */
if (! create_digest(new->client_cookie, new->server_cookie,
new->secret_data,
- PAM_BP_DATA(new->current_prompt)+i)) {
+ PAM_BP_WDATA(new->current_prompt)+i)) {
D(("md5 digesting failed"));
new->state = PS_STATE_DEAD;
return PAM_ABORT;
@@ -497,7 +497,7 @@ static int auth_sequence(pam_handle_t *pamh,
return PAM_ABORT;
}
- cf = strcmp(expectation, PAM_BP_DATA(new->current_reply));
+ cf = strcmp(expectation, PAM_BP_RDATA(new->current_reply));
memset(expectation, 0, sizeof(expectation));
if (cf || new->invalid_secret) {
D(("failed to authenticate"));
@@ -580,7 +580,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
PAM_BP_RENEW(&new_data->current_prompt,
PAM_BP_CONTROL(old_data->current_prompt), length);
PAM_BP_FILL(new_data->current_prompt, 0, length,
- PAM_BP_DATA(old_data->current_prompt));
+ PAM_BP_RDATA(old_data->current_prompt));
}
/* don't need to duplicate current_reply */
} else {
diff --git a/libpamc/test/regress/test.libpamc.c b/libpamc/test/regress/test.libpamc.c
index b5fb1b82..b7bc4e4b 100644
--- a/libpamc/test/regress/test.libpamc.c
+++ b/libpamc/test/regress/test.libpamc.c
@@ -127,10 +127,12 @@ char *create_digest(int length, const char *raw)
temp_packet.length = temp_packet.at = 0;
temp_packet.buffer = NULL;
- append_string(&temp_packet, "/bin/echo -n '", 0);
+ append_string(&temp_packet, "echo -n '", 0);
append_string(&temp_packet, raw, 0);
append_string(&temp_packet, "'|/usr/bin/md5sum -", 1);
+ fprintf(stderr, "am attempting to run [%s]\n", temp_packet.buffer);
+
pipe = popen(temp_packet.buffer, "r");
if (pipe == NULL) {
fprintf(stderr, "server: failed to run\n [%s]\n", temp_packet.buffer);
@@ -170,7 +172,13 @@ void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet)
data_length = PAM_BP_LENGTH(prompt);
packet->at = 0;
append_data(packet, data_length, NULL);
+
PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer);
+
+ fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n",
+ data_length,
+ PAM_BP_SIZE(prompt), PAM_BP_RCONTROL(prompt),
+ PAM_BP_RDATA(prompt));
}
int main(int argc, char **argv)
@@ -217,9 +225,9 @@ int main(int argc, char **argv)
retval = pamc_converse(pch, &prompt);
fprintf(stderr, "server: after conversation\n");
- if (PAM_BP_CONTROL(prompt) != PAM_BPC_OK) {
+ if (PAM_BP_RCONTROL(prompt) != PAM_BPC_OK) {
fprintf(stderr, "server: prompt had unexpected control type: %u\n",
- PAM_BP_CONTROL(prompt));
+ PAM_BP_RCONTROL(prompt));
exit(1);
}
@@ -274,9 +282,9 @@ int main(int argc, char **argv)
retval = pamc_converse(pch, &prompt);
fprintf(stderr, "server: after 2nd conversation\n");
- if (PAM_BP_CONTROL(prompt) != PAM_BPC_DONE) {
+ if (PAM_BP_RCONTROL(prompt) != PAM_BPC_DONE) {
fprintf(stderr, "server: 2nd prompt had unexpected control type: %u\n",
- PAM_BP_CONTROL(prompt));
+ PAM_BP_RCONTROL(prompt));
exit(1);
}