diff options
Diffstat (limited to 'modules')
49 files changed, 326 insertions, 340 deletions
diff --git a/modules/modules.map b/modules/modules.map index 2234aa40..369b0479 100644 --- a/modules/modules.map +++ b/modules/modules.map @@ -1,4 +1,4 @@ -{ +{ global: pam_sm_acct_mgmt; pam_sm_authenticate; @@ -8,4 +8,3 @@ pam_sm_setcred; local: *; }; - diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 2669a5ec..65798f17 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -100,7 +100,7 @@ struct login_info { const char *from; const char *config_file; const char *hostname; - int debug; /* Print debugging messages. */ + int debug; /* Print debugging messages. */ int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ int noaudit; /* Do not audit denials */ const char *fs; /* field separator */ @@ -375,7 +375,7 @@ login_access (pam_handle_t *pamh, struct login_info *item) /* Allow field seperator in last field of froms */ if (!(perm = strtok_r(line, item->fs, &sptr)) || !(users = strtok_r(NULL, item->fs, &sptr)) - || !(froms = strtok_r(NULL, "\n", &sptr))) { + || !(froms = strtok_r(NULL, "\n", &sptr))) { pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count", item->config_file, lineno); continue; @@ -398,8 +398,8 @@ login_access (pam_handle_t *pamh, struct login_info *item) nonall_match = YES; } if (item->debug) - pam_syslog (pamh, LOG_DEBUG, - "from_match=%d, \"%s\"", match, item->from); + pam_syslog (pamh, LOG_DEBUG, + "from_match=%d, \"%s\"", match, item->from); } } (void) fclose(fp); diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf index d0ba35c2..30e9d008 100644 --- a/modules/pam_env/pam_env.conf +++ b/modules/pam_env/pam_env.conf @@ -1,7 +1,7 @@ # -# This is the configuration file for pam_env, a PAM module to load in -# a configurable list of environment variables for a -# +# This is the configuration file for pam_env, a PAM module to load in +# a configurable list of environment variables for a +# # The original idea for this came from Andrew G. Morgan ... #<quote> # Mmm. Perhaps you might like to write a pam_env module that reads a @@ -22,16 +22,16 @@ # administrators rather than set by logging in, how to treat them both # in the same config file? # -# Here is my idea: +# Here is my idea: # # Each line starts with the variable name, there are then two possible -# options for each variable DEFAULT and OVERRIDE. +# options for each variable DEFAULT and OVERRIDE. # DEFAULT allows and administrator to set the value of the # variable to some default value, if none is supplied then the empty # string is assumed. The OVERRIDE option tells pam_env that it should # enter in its value (overriding the default value) if there is one # to use. OVERRIDE is not used, "" is assumed and no override will be -# done. +# done. # # VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] # @@ -42,7 +42,7 @@ # values can be delimited with "", escaped " not supported. # Note that many environment variables that you would like to use # may not be set by the time the module is called. -# For example, HOME is used below several times, but +# For example, HOME is used below several times, but # many PAM applications don't make it available by the time you need it. # # @@ -52,7 +52,7 @@ # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} # -# Set the DISPLAY variable if it seems reasonable +# Set the DISPLAY variable if it seems reasonable #DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} # # diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml index 090e0e75..45950b8c 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -21,7 +21,7 @@ <para> The <filename>/etc/security/pam_env.conf</filename> file specifies - the environment variables to be set, unset or modified by + the environment variables to be set, unset or modified by <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>. When someone logs in, this file is read and the environment variables are set according. diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml index 0976f67c..4dc2a19d 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -123,8 +123,8 @@ </term> <listitem> <para> - Per default pam_exec.so will echo the exit status of the - external command if it fails. + Per default pam_exec.so will echo the exit status of the + external command if it fails. Specifying this option will suppress the message. </para> </listitem> @@ -136,8 +136,8 @@ </term> <listitem> <para> - Per default pam_exec.so will execute the external command - with the real user ID of the calling process. + Per default pam_exec.so will execute the external command + with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. </para> diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 7b2e402c..8b37e95e 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -282,7 +282,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, char *buffer = NULL; if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY, - S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "open of %s failed: %m", diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index 4732f93b..8d0501e0 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -266,4 +266,3 @@ struct pam_module _pam_keyinit_modstruct = { NULL }; #endif - diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index c1810e07..8bf3b9bb 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -630,7 +630,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, else rlimit_value *= 1024; } - break; + break; #ifdef RLIMIT_NICE case RLIMIT_NICE: if (int_value > 19) @@ -672,7 +672,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, } else { pl->login_limit = int_value; pl->login_limit_def = source; - } + } } } return; @@ -975,8 +975,8 @@ static int setup_limits(pam_handle_t *pamh, if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { - pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, - "pam_limits", PAM_PERM_DENIED); + pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, + "pam_limits", PAM_PERM_DENIED); /* ignore return value as we fail anyway */ } #endif @@ -1055,12 +1055,12 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, /* Parse the *.conf files. */ for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { pl->conf_file = globbuf.gl_pathv[i]; - retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); - if (retval == PAM_IGNORE) { + retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); + if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable '<domain> -' entry", pl->conf_file)); globfree(&globbuf); return PAM_SUCCESS; - } + } if (retval != PAM_SUCCESS) goto out; } @@ -1070,7 +1070,7 @@ out: globfree(&globbuf); if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); + pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); return retval; } diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c index 2a47de3a..f426d721 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.c +++ b/modules/pam_mkhomedir/mkhomedir_helper.c @@ -272,8 +272,8 @@ create_homedir(const struct passwd *pwd, } /* Set the proper ownership and permissions for the module. We make - the file a+w and then mask it with the set mask. This preseves - execute bits */ + the file a+w and then mask it with the set mask. This preseves + execute bits */ if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 || fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0) { @@ -384,8 +384,8 @@ main(int argc, char *argv[]) pwd = getpwnam(argv[1]); if (pwd == NULL) { - pam_syslog(NULL, LOG_ERR, "User unknown."); - return PAM_CRED_INSUFFICIENT; + pam_syslog(NULL, LOG_ERR, "User unknown."); + return PAM_CRED_INSUFFICIENT; } if (argc >= 3) { @@ -399,11 +399,11 @@ main(int argc, char *argv[]) } if (argc >= 4) { - if (strlen(argv[3]) >= sizeof(skeldir)) { + if (strlen(argv[3]) >= sizeof(skeldir)) { pam_syslog(NULL, LOG_ERR, "Too long skeldir path."); return PAM_SESSION_ERR; - } - strcpy(skeldir, argv[3]); + } + strcpy(skeldir, argv[3]); } /* Stat the home directory, if something exists then we assume it is diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index dfc4979e..5ac8a0f1 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -140,7 +140,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, if (rlim.rlim_max >= MAX_FD_NO) rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { - close(i); + close(i); } } diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c index c79fb357..ce4f7d6e 100644 --- a/modules/pam_namespace/md5.c +++ b/modules/pam_namespace/md5.c @@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) diff --git a/modules/pam_namespace/namespace.conf b/modules/pam_namespace/namespace.conf index f973225f..b611a0f2 100644 --- a/modules/pam_namespace/namespace.conf +++ b/modules/pam_namespace/namespace.conf @@ -5,8 +5,8 @@ # Uncommenting the following three lines will polyinstantiate # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will # be polyinstantiated based on the MLS level part of the security context as well as user -# name, Polyinstantion will not be performed for user root and adm for directories -# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. +# name, Polyinstantion will not be performed for user root and adm for directories +# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. # The user name and context is appended to the instance prefix. # # Note that instance directories do not have to reside inside the diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml index 61c8673b..673099b0 100644 --- a/modules/pam_namespace/namespace.conf.5.xml +++ b/modules/pam_namespace/namespace.conf.5.xml @@ -61,7 +61,7 @@ <para> The second field, <replaceable>instance_prefix</replaceable> is the string prefix used to build the pathname for the instantiation - of <polydir>. Depending on the polyinstantiation + of <polydir>. Depending on the polyinstantiation <replaceable>method</replaceable> it is then appended with "instance differentiation string" to generate the final instance directory path. This directory is created if it did not exist @@ -75,7 +75,7 @@ <para> The third field, <replaceable>method</replaceable>, is the method used for polyinstantiation. It can take these values; "user" - for polyinstantiation based on user name, "level" for + for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and @@ -97,7 +97,7 @@ The <replaceable>method</replaceable> field can contain also following optional flags separated by <emphasis>:</emphasis> characters. </para> - + <para><emphasis>create</emphasis>=<replaceable>mode</replaceable>,<replaceable>owner</replaceable>,<replaceable>group</replaceable> - create the polyinstantiated directory. The mode, owner and group parameters are optional. The default for mode is determined by umask, the default diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init index 9898bf3a..9ab58062 100755 --- a/modules/pam_namespace/namespace.init +++ b/modules/pam_namespace/namespace.init @@ -1,5 +1,5 @@ #!/bin/sh -p -# It receives polydir path as $1, the instance path as $2, +# It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. # diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 4a99184a..f0bffa15 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -76,7 +76,7 @@ static void del_polydir_list(struct polydir_s *polydirs_ptr) struct polydir_s *dptr = polydirs_ptr; while (dptr) { - struct polydir_s *tptr = dptr; + struct polydir_s *tptr = dptr; dptr = dptr->next; del_polydir(tptr); } @@ -163,9 +163,9 @@ static int parse_create_params(char *params, struct polydir_s *poly) poly->group = (gid_t)ULONG_MAX; if (*params != '=') - return 0; + return 0; params++; - + next = strchr(params, ','); if (next != NULL) { *next = '\0'; @@ -182,7 +182,7 @@ static int parse_create_params(char *params, struct polydir_s *poly) params = next; if (params == NULL) - return 0; + return 0; next = strchr(params, ','); if (next != NULL) { *next = '\0'; @@ -200,22 +200,22 @@ static int parse_create_params(char *params, struct polydir_s *poly) if (params == NULL || *params == '\0') { if (pwd != NULL) poly->group = pwd->pw_gid; - return 0; + return 0; } grp = getgrnam(params); if (grp == NULL) - return -1; + return -1; poly->group = grp->gr_gid; - + return 0; } static int parse_iscript_params(char *params, struct polydir_s *poly) { if (*params != '=') - return 0; + return 0; params++; - + if (*params != '\0') { if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */ if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1) @@ -235,11 +235,11 @@ static int parse_method(char *method, struct polydir_s *poly, enum polymethod pm; char *sptr = NULL; static const char *method_names[] = { "user", "context", "level", "tmpdir", - "tmpfs", NULL }; + "tmpfs", NULL }; static const char *flag_names[] = { "create", "noinit", "iscript", - "shared", NULL }; + "shared", NULL }; static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT, - POLYDIR_ISCRIPT, POLYDIR_SHARED }; + POLYDIR_ISCRIPT, POLYDIR_SHARED }; int i; char *flag; @@ -247,41 +247,41 @@ static int parse_method(char *method, struct polydir_s *poly, pm = NONE; for (i = 0; method_names[i]; i++) { - if (strcmp(method, method_names[i]) == 0) { - pm = i + 1; /* 0 = NONE */ - } + if (strcmp(method, method_names[i]) == 0) { + pm = i + 1; /* 0 = NONE */ + } } if (pm == NONE) { pam_syslog(idata->pamh, LOG_NOTICE, "Unknown method"); return -1; } - + poly->method = pm; - + while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) { - for (i = 0; flag_names[i]; i++) { - int namelen = strlen(flag_names[i]); - - if (strncmp(flag, flag_names[i], namelen) == 0) { - poly->flags |= flag_values[i]; - switch (flag_values[i]) { - case POLYDIR_CREATE: - if (parse_create_params(flag+namelen, poly) != 0) { + for (i = 0; flag_names[i]; i++) { + int namelen = strlen(flag_names[i]); + + if (strncmp(flag, flag_names[i], namelen) == 0) { + poly->flags |= flag_values[i]; + switch (flag_values[i]) { + case POLYDIR_CREATE: + if (parse_create_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Invalid create parameters"); - return -1; - } - break; + return -1; + } + break; - case POLYDIR_ISCRIPT: - if (parse_iscript_params(flag+namelen, poly) != 0) { + case POLYDIR_ISCRIPT: + if (parse_iscript_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); - return -1; - }; - break; - } - } - } + return -1; + }; + break; + } + } + } } return 0; @@ -337,7 +337,7 @@ static int process_line(char *line, const char *home, const char *rhome, poly = calloc(1, sizeof(*poly)); if (poly == NULL) - goto erralloc; + goto erralloc; /* * Initialize and scan the five strings from the line from the @@ -383,12 +383,12 @@ static int process_line(char *line, const char *home, const char *rhome, dir = NULL; goto erralloc; } - + if ((dir=expand_variables(dir, var_names, var_values)) == NULL) { instance_prefix = NULL; goto erralloc; } - + if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values)) == NULL) { goto erralloc; @@ -409,12 +409,12 @@ static int process_line(char *line, const char *home, const char *rhome, if (len > 0 && rdir[len-1] == '/') { rdir[len-1] = '\0'; } - + if (dir[0] == '\0' || rdir[0] == '\0') { - pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); - goto skipping; + pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); + goto skipping; } - + /* * Populate polyinstantiated directory structure with appropriate * pathnames and the method with which to polyinstantiate. @@ -430,14 +430,14 @@ static int process_line(char *line, const char *home, const char *rhome, strcpy(poly->instance_prefix, instance_prefix); if (parse_method(method, poly, idata) != 0) { - goto skipping; + goto skipping; } if (poly->method == TMPDIR) { - if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { - pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); - goto skipping; - } + if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { + pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); + goto skipping; + } strcat(poly->instance_prefix, "XXXXXX"); } @@ -463,7 +463,7 @@ static int process_line(char *line, const char *home, const char *rhome, uid_t *uidptr; const char *ustr, *sstr; int count, i; - + if (*uids == '~') { poly->flags |= POLYDIR_EXCLUSIVE; uids++; @@ -488,8 +488,8 @@ static int process_line(char *line, const char *home, const char *rhome, pwd = pam_modutil_getpwnam(idata->pamh, ustr); if (pwd == NULL) { - pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr); - poly->num_uids--; + pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr); + poly->num_uids--; } else { *uidptr = pwd->pw_uid; uidptr++; @@ -508,7 +508,7 @@ static int process_line(char *line, const char *home, const char *rhome, erralloc: pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); - + skipping: if (idata->flags & PAMNS_IGN_CONFIG_ERR) retval = 0; @@ -554,9 +554,9 @@ static int parse_config_file(struct instance_data *idata) return PAM_SESSION_ERR; } if ((home=strdup(cpwd->pw_dir)) == NULL) { - pam_syslog(idata->pamh, LOG_CRIT, - "Memory allocation error"); - return PAM_SESSION_ERR; + pam_syslog(idata->pamh, LOG_CRIT, + "Memory allocation error"); + return PAM_SESSION_ERR; } cpwd = pam_modutil_getpwnam(idata->pamh, idata->ruser); @@ -568,10 +568,10 @@ static int parse_config_file(struct instance_data *idata) } if ((rhome=strdup(cpwd->pw_dir)) == NULL) { - pam_syslog(idata->pamh, LOG_CRIT, - "Memory allocation error"); - free(home); - return PAM_SESSION_ERR; + pam_syslog(idata->pamh, LOG_CRIT, + "Memory allocation error"); + free(home); + return PAM_SESSION_ERR; } /* @@ -594,7 +594,7 @@ static int parse_config_file(struct instance_data *idata) fil = fopen(confname, "r"); if (fil == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s", - confname); + confname); globfree(&globbuf); free(rhome); free(home); @@ -625,14 +625,14 @@ static int parse_config_file(struct instance_data *idata) if (n >= globbuf.gl_pathc) break; - confname = globbuf.gl_pathv[n]; + confname = globbuf.gl_pathv[n]; n++; } - + globfree(&globbuf); free(rhome); free(home); - + /* All done...just some debug stuff */ if (idata->flags & PAMNS_DEBUG) { struct polydir_s *dptr = idata->polydirs_ptr; @@ -640,7 +640,7 @@ static int parse_config_file(struct instance_data *idata) uid_t i; pam_syslog(idata->pamh, LOG_DEBUG, - dptr?"Configured poly dirs:":"No configured poly dirs"); + dptr?"Configured poly dirs:":"No configured poly dirs"); while (dptr) { pam_syslog(idata->pamh, LOG_DEBUG, "dir='%s' iprefix='%s' meth=%d", dptr->dir, dptr->instance_prefix, dptr->method); @@ -667,7 +667,7 @@ static int ns_override(struct polydir_s *polyptr, struct instance_data *idata, unsigned int i; if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + pam_syslog(idata->pamh, LOG_DEBUG, "Checking for ns override in dir %s for uid %d", polyptr->dir, uid); @@ -745,7 +745,7 @@ static int form_context(const struct polydir_s *polyptr, rc = getexeccon(&scon); } if (rc < 0 || scon == NULL) { - pam_syslog(idata->pamh, LOG_ERR, + pam_syslog(idata->pamh, LOG_ERR, "Error getting exec context, %m"); return PAM_SESSION_ERR; } @@ -870,17 +870,17 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, } pm = USER; } - + switch (pm) { case USER: if (asprintf(i_name, "%s", idata->user) < 0) { *i_name = NULL; goto fail; - } - break; + } + break; #ifdef WITH_SELINUX - case LEVEL: + case LEVEL: case CONTEXT: if (selinux_trans_to_raw_context(*i_context, &rawcon) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context"); @@ -890,27 +890,27 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, if (asprintf(i_name, "%s", rawcon) < 0) { *i_name = NULL; goto fail; - } + } } else { if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) { *i_name = NULL; goto fail; - } + } } - break; + break; #endif /* WITH_SELINUX */ case TMPDIR: case TMPFS: if ((*i_name=strdup("")) == NULL) - goto fail; + goto fail; return PAM_SUCCESS; - default: - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_ERR, "Unknown method"); - goto fail; + default: + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_ERR, "Unknown method"); + goto fail; } if (idata->flags & PAMNS_DEBUG) @@ -919,24 +919,24 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) { hash = md5hash(*i_name, idata); if (hash == NULL) { - goto fail; + goto fail; } if (idata->flags & PAMNS_GEN_HASH) { - free(*i_name); + free(*i_name); *i_name = hash; hash = NULL; } else { - char *newname; - if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), - *i_name, hash) < 0) { - goto fail; - } - free(*i_name); - *i_name = newname; + char *newname; + if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), + *i_name, hash) < 0) { + goto fail; + } + free(*i_name); + *i_name = newname; } } rc = PAM_SUCCESS; - + fail: free(hash); #ifdef WITH_SELINUX @@ -959,34 +959,34 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) { struct protect_dir_s *dir = idata->protect_dirs; char tmpbuf[64]; - + while (dir != NULL) { if (strcmp(path, dir->dir) == 0) { return 0; } dir = dir->next; } - + dir = calloc(1, sizeof(*dir)); - + if (dir == NULL) { return -1; } - + dir->dir = strdup(path); - + if (dir->dir == NULL) { free(dir); return -1; } - + snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); - + if (idata->flags & PAMNS_DEBUG) { pam_syslog(idata->pamh, LOG_INFO, "Protect mount of %s over itself", path); } - + if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { int save_errno = errno; pam_syslog(idata->pamh, LOG_ERR, @@ -996,7 +996,7 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata) errno = save_errno; return -1; } - + dir->next = idata->protect_dirs; idata->protect_dirs = dir; @@ -1019,15 +1019,15 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, if (p == NULL) { goto error; } - + if (*dir == '/') { dfd = open("/", flags); if (dfd == -1) { goto error; } - dir++; /* assume / is safe */ + dir++; /* assume / is safe */ } - + while ((d=strchr(dir, '/')) != NULL) { *d = '\0'; dfd_next = openat(dfd, dir, flags); @@ -1042,8 +1042,8 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, if (fstat(dfd, &st) != 0) { goto error; } - - if (flags & O_NOFOLLOW) { + + if (flags & O_NOFOLLOW) { /* we are inside user-owned dir - protect */ if (protect_mount(dfd, p, idata) == -1) goto error; @@ -1058,14 +1058,14 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, } rv = openat(dfd, dir, flags); - + if (rv == -1) { if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { goto error; } rv = openat(dfd, dir, flags); } - + if (rv != -1) { if (fstat(rv, &st) != 0) { save_errno = errno; @@ -1082,7 +1082,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always, } } - if ((flags & O_NOFOLLOW) || always) { + if ((flags & O_NOFOLLOW) || always) { /* we are inside user-owned dir - protect */ if (protect_mount(rv, p, idata) == -1) { save_errno = errno; @@ -1251,7 +1251,7 @@ static int create_polydir(struct polydir_s *polyptr, pam_syslog(idata->pamh, LOG_DEBUG, "Polydir %s context: %s", dir, (char *)dircon); if (setfscreatecon(dircon) != 0) - pam_syslog(idata->pamh, LOG_NOTICE, + pam_syslog(idata->pamh, LOG_NOTICE, "Error setting context for directory %s: %m", dir); freecon(dircon); } @@ -1279,15 +1279,15 @@ static int create_polydir(struct polydir_s *polyptr, pam_syslog(idata->pamh, LOG_DEBUG, "Created polydir %s", dir); if (polyptr->mode != (mode_t)ULONG_MAX) { - /* explicit mode requested */ - if (fchmod(rc, mode) != 0) { + /* explicit mode requested */ + if (fchmod(rc, mode) != 0) { pam_syslog(idata->pamh, LOG_ERR, - "Error changing mode of directory %s: %m", dir); + "Error changing mode of directory %s: %m", dir); close(rc); umount(dir); /* undo the eventual protection bind mount */ - rmdir(dir); - return PAM_SESSION_ERR; - } + rmdir(dir); + return PAM_SESSION_ERR; + } } if (polyptr->owner != (uid_t)ULONG_MAX) @@ -1345,14 +1345,14 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat * * attributes to match that of the original directory that is being * polyinstantiated. */ - + if (polyptr->method == TMPDIR) { - if (mkdtemp(polyptr->instance_prefix) == NULL) { + if (mkdtemp(polyptr->instance_prefix) == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m", polyptr->instance_prefix); polyptr->method = NONE; /* do not clean up! */ return PAM_SESSION_ERR; - } + } /* copy the actual directory name to ipath */ strcpy(ipath, polyptr->instance_prefix); } else if (mkdir(ipath, S_IRUSR) < 0) { @@ -1452,21 +1452,21 @@ static int ns_setup(struct polydir_s *polyptr, if (retval < 0 && errno != ENOENT) { pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", polyptr->dir); - return PAM_SESSION_ERR; + return PAM_SESSION_ERR; } if (retval < 0) { - if ((polyptr->flags & POLYDIR_CREATE) && + if ((polyptr->flags & POLYDIR_CREATE) && create_polydir(polyptr, idata) != PAM_SUCCESS) return PAM_SESSION_ERR; } else { - close(retval); + close(retval); } - + if (polyptr->method == TMPFS) { if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", - polyptr->dir); + polyptr->dir); return PAM_SESSION_ERR; } @@ -1481,7 +1481,7 @@ static int ns_setup(struct polydir_s *polyptr, polyptr->dir); return PAM_SESSION_ERR; } - + /* * Obtain the name of instance pathname based on the * polyinstantiation method and instance context returned by @@ -1495,8 +1495,8 @@ static int ns_setup(struct polydir_s *polyptr, #endif if (retval != PAM_SUCCESS) { - if (retval != PAM_IGNORE) - pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); + if (retval != PAM_IGNORE) + pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); goto cleanup; } else { #ifdef WITH_SELINUX @@ -1526,8 +1526,8 @@ static int ns_setup(struct polydir_s *polyptr, #endif if (retval == PAM_IGNORE) { - newdir = 0; - retval = PAM_SUCCESS; + newdir = 0; + retval = PAM_SUCCESS; } if (retval != PAM_SUCCESS) { @@ -1647,7 +1647,7 @@ static int cleanup_tmpdirs(struct instance_data *idata) } if (!WIFEXITED(status) || WIFSIGNALED(status) > 0) { pam_syslog(idata->pamh, LOG_ERR, - "Error removing %s", pptr->instance_prefix); + "Error removing %s", pptr->instance_prefix); } } else if (pid < 0) { pam_syslog(idata->pamh, LOG_ERR, @@ -1686,14 +1686,14 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { if (ns_override(pptr, idata, idata->uid)) { - if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, "Overriding poly for user %d for dir %s", idata->uid, pptr->dir); } else { - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, "Need unmount ns for user %d for dir %s", idata->ruid, pptr->dir); need_poly = 1; @@ -1721,7 +1721,7 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) return PAM_SESSION_ERR; } } else { - del_polydir_list(idata->polydirs_ptr); + del_polydir_list(idata->polydirs_ptr); return PAM_SUCCESS; } @@ -1768,12 +1768,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) * are available from */ strcpy(poly_parent, pptr->rdir); - fptr = strchr(poly_parent, '/'); - cptr = strrchr(poly_parent, '/'); - if (fptr && cptr && (fptr == cptr)) - strcpy(poly_parent, "/"); - else if (cptr) - *cptr = '\0'; + fptr = strchr(poly_parent, '/'); + cptr = strrchr(poly_parent, '/'); + if (fptr && cptr && (fptr == cptr)) + strcpy(poly_parent, "/"); + else if (cptr) + *cptr = '\0'; if (chdir(poly_parent) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Can't chdir to %s, %m", poly_parent); @@ -1781,12 +1781,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) } if (umount(pptr->rdir) < 0) { - int saved_errno = errno; - pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", - pptr->rdir); - if (saved_errno != EINVAL) { - retval = PAM_SESSION_ERR; - goto out; + int saved_errno = errno; + pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", + pptr->rdir); + if (saved_errno != EINVAL) { + retval = PAM_SESSION_ERR; + goto out; } } else if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s", @@ -1803,20 +1803,20 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) } out: if (retval != PAM_SUCCESS) { - cleanup_tmpdirs(idata); - unprotect_dirs(idata->protect_dirs); + cleanup_tmpdirs(idata); + unprotect_dirs(idata->protect_dirs); } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs, - cleanup_protect_data) != PAM_SUCCESS) { + cleanup_protect_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data"); - cleanup_tmpdirs(idata); - unprotect_dirs(idata->protect_dirs); + cleanup_tmpdirs(idata); + unprotect_dirs(idata->protect_dirs); return PAM_SYSTEM_ERR; } else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, - cleanup_polydir_data) != PAM_SUCCESS) { + cleanup_polydir_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data"); - cleanup_tmpdirs(idata); - pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); - idata->protect_dirs = NULL; + cleanup_tmpdirs(idata); + pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); + idata->protect_dirs = NULL; return PAM_SYSTEM_ERR; } return retval; @@ -1943,7 +1943,7 @@ static int get_user_data(struct instance_data *idata) int retval; char *user_name; struct passwd *pwd; - /* + /* * Lookup user and fill struct items */ retval = pam_get_item(idata->pamh, PAM_USER, (void*) &user_name ); @@ -1969,10 +1969,10 @@ static int get_user_data(struct instance_data *idata) /* Fill in RUSER too */ retval = pam_get_item(idata->pamh, PAM_RUSER, (void*) &user_name ); if ( user_name != NULL && retval == PAM_SUCCESS && user_name[0] != '\0' ) { - strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); - pwd = pam_modutil_getpwnam(idata->pamh, user_name); + strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); + pwd = pam_modutil_getpwnam(idata->pamh, user_name); } else { - pwd = pam_modutil_getpwuid(idata->pamh, getuid()); + pwd = pam_modutil_getpwuid(idata->pamh, getuid()); } if (!pwd) { pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name); @@ -2005,7 +2005,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, #ifdef WITH_SELINUX if (is_selinux_enabled()) idata.flags |= PAMNS_SELINUX_ENABLED; - if (ctxt_based_inst_needed()) + if (ctxt_based_inst_needed()) idata.flags |= PAMNS_CTXT_BASED_INST; #endif @@ -2036,7 +2036,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, unmnt = UNMNT_ONLY; if (strcmp(argv[i], "require_selinux") == 0) { if (!(idata.flags & PAMNS_SELINUX_ENABLED)) { - pam_syslog(idata.pamh, LOG_ERR, + pam_syslog(idata.pamh, LOG_ERR, "selinux_required option given and selinux is disabled"); return PAM_SESSION_ERR; } @@ -2047,7 +2047,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, retval = get_user_data(&idata); if (retval != PAM_SUCCESS) - return retval; + return retval; if (root_shared()) { idata.flags |= PAMNS_MOUNT_PRIVATE; @@ -2135,13 +2135,13 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, retval = get_user_data(&idata); if (retval != PAM_SUCCESS) - return retval; + return retval; retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, (const void **)&polyptr); if (retval != PAM_SUCCESS || polyptr == NULL) - /* nothing to reset */ - return PAM_SUCCESS; - + /* nothing to reset */ + return PAM_SUCCESS; + idata.polydirs_ptr = polyptr; if (idata.flags & PAMNS_DEBUG) @@ -2160,7 +2160,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); - + return PAM_SUCCESS; } diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h index c49995c0..6bca31c4 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h @@ -1,5 +1,5 @@ /****************************************************************************** - * A module for Linux-PAM that will set the default namespace after + * A module for Linux-PAM that will set the default namespace after * establishing a session via PAM. * * (C) Copyright IBM Corporation 2005 @@ -134,9 +134,9 @@ enum polymethod { /* * Depending on the application using this namespace module, we * may need to unmount priviously bind mounted instance directory. - * Applications such as login and sshd, that establish a new + * Applications such as login and sshd, that establish a new * session unmount of instance directory is not needed. For applications - * such as su and newrole, that switch the identity, this module + * such as su and newrole, that switch the identity, this module * has to unmount previous instance directory first and re-mount * based on the new indentity. For other trusted applications that * just want to undo polyinstantiation, only unmount of previous @@ -182,4 +182,3 @@ struct instance_data { uid_t ruid; /* The uid of the requesting user */ unsigned long flags; /* Flags for debug, selinux etc */ }; - diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 738483ac..f896119b 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -395,7 +395,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, entry.user, entry.uid, entry.count, oldpass) < 0) { - free (save); + free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); @@ -408,7 +408,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, entry.user, entry.uid, entry.count, entry.old_passwords, oldpass) < 0) { - free (save); + free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 4e97ef59..5f2d1bec 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -203,9 +203,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, for (n = p; n != NULL; p = n+1) { if ((n = strchr(p, ' ')) != NULL) - *n = '\0'; + *n = '\0'; - if (strcmp(p, uttyname) == 0) { + if (strcmp(p, uttyname) == 0) { retval = 0; break; } diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am index 5c83acb4..ef142f4e 100644 --- a/modules/pam_selinux/Makefile.am +++ b/modules/pam_selinux/Makefile.am @@ -10,7 +10,7 @@ EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \ if HAVE_LIBSELINUX TESTS = tst-pam_selinux - man_MANS = pam_selinux.8 + man_MANS = pam_selinux.8 endif XMLS = README.xml pam_selinux.8.xml @@ -40,4 +40,3 @@ noinst_DATA = README pam_selinux.8 README: pam_selinux.8.xml -include $(top_srcdir)/Make.xml.rules endif - diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index f99d433a..b777b01e 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -142,7 +142,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, char **response, int debug) { int rc; - if (def) + if (def) rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); else rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); @@ -150,7 +150,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def, if (*response == NULL) { rc = PAM_CONV_ERR; } - + if (rc != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); } else if (debug) @@ -190,11 +190,11 @@ manual_context (pam_handle_t *pamh, const char *user, int debug) /* Allow the user to enter each field of the context individually */ if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && response[0] != '\0') { - if (context_role_set (new_context, response)) + if (context_role_set (new_context, response)) goto fail_set; - if (get_default_type(response, &type)) + if (get_default_type(response, &type)) goto fail_set; - if (context_type_set (new_context, type)) + if (context_type_set (new_context, type)) goto fail_set; _pam_drop(type); } @@ -283,7 +283,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre while (1) { if (query_response(pamh, - _("Would you like to enter a different role or level?"), "n", + _("Would you like to enter a different role or level?"), "n", &response, debug) == PAM_SUCCESS) { resp_val = response[0]; _pam_drop(response); @@ -293,22 +293,22 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if ((resp_val == 'y') || (resp_val == 'Y')) { if ((new_context = context_new(defaultcon)) == NULL) - goto fail_set; + goto fail_set; /* Allow the user to enter role and level individually */ - if (query_response(pamh, _("role:"), context_role_get(new_context), + if (query_response(pamh, _("role:"), context_role_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (get_default_type(response, &type)) { pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); _pam_drop(response); continue; } else { - if (context_role_set(new_context, response)) + if (context_role_set(new_context, response)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; _pam_drop(type); - } + } } _pam_drop(response); @@ -320,9 +320,9 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (getcon(&mycon) != 0) goto fail_set; - my_context = context_new(mycon); + my_context = context_new(mycon); if (my_context == NULL) { - freecon(mycon); + freecon(mycon); goto fail_set; } freecon(mycon); @@ -331,11 +331,11 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre goto fail_set; } context_free(my_context); - } else if (query_response(pamh, _("level:"), context_range_get(new_context), + } else if (query_response(pamh, _("level:"), context_range_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (context_range_set(new_context, response)) goto fail_set; - } + } _pam_drop(response); } @@ -355,7 +355,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); - send_audit_message(pamh, 0, defaultcon, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); goto fail_range; @@ -380,7 +380,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre context_free (new_context); send_audit_message(pamh, 0, defaultcon, NULL); fail_range: - return NULL; + return NULL; } static security_context_t @@ -405,7 +405,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); goto fail_set; } else { - if (context_role_set(new_context, env)) + if (context_role_set(new_context, env)) goto fail_set; if (context_type_set(new_context, type)) goto fail_set; @@ -449,7 +449,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); - + /* Get the string value of the context and see if it is valid. */ if (security_check_context(newcon)) { pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); @@ -623,7 +623,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, env_params = 1; } } - + if (debug) pam_syslog(pamh, LOG_NOTICE, "Open Session"); @@ -656,9 +656,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, #else if (getseuserbyname(username, &seuser, &level) == 0) { #endif - num_contexts = get_ordered_context_list_with_level(seuser, + num_contexts = get_ordered_context_list_with_level(seuser, level, - NULL, + NULL, &contextlist); if (debug) pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", @@ -692,7 +692,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } } - else { + else { if (seuser != NULL) { user_context = manual_context(pamh,seuser,debug); free(seuser); diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8 index d6fcdff1..34f578d7 100644 --- a/modules/pam_selinux/pam_selinux_check.8 +++ b/modules/pam_selinux/pam_selinux_check.8 @@ -29,7 +29,7 @@ returns an exit code of 0 for success and > 0 on error: pam_selinux(8) .SH BUGS -Let's hope not, but if you find any, please email the author. +Let's hope not, but if you find any, please email the author. .SH AUTHOR Dan Walsh <dwalsh@redhat.com> diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 4879b685..f7998457 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -85,11 +85,11 @@ match_process_uid(pid_t pid, uid_t uid) uid_t puid; FILE *f; int re = 0; - + snprintf (buf, sizeof buf, PROC_BASE "/%d/status", pid); if (!(f = fopen (buf, "r"))) return 0; - + while (fgets(buf, sizeof buf, f)) { if (sscanf (buf, "Uid:\t%d", &puid)) { re = uid == puid; @@ -246,9 +246,9 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, int matched = 0; int exclusive = 0; int ignore = 0; - + f = fopen(cfgfile, "r"); - + if (!f) { pam_syslog(pamh, LOG_ERR, "Failed to open config file %s: %m", cfgfile); return PAM_SERVICE_ERR; @@ -276,7 +276,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, start = strtok_r(start, OPT_DELIM, &sptr); switch (start[0]) { - case '@': + case '@': ++start; if (debug) pam_syslog(pamh, LOG_NOTICE, "Matching user %s against group %s", user, start); @@ -411,9 +411,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, } #ifdef PAM_STATIC - + /* static module data */ - + struct pam_module _pam_sepermit_modstruct = { "pam_sepermit", pam_sm_authenticate, @@ -424,4 +424,3 @@ struct pam_module _pam_sepermit_modstruct = { NULL }; #endif - diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index 89fc297e..68bd6074 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -57,7 +57,7 @@ static int perform_check(pam_handle_t *pamh) return PAM_SERVICE_ERR; /* It could still be NULL the second time. */ - if (!userName || (userName[0] == '\0')) + if (!userName || (userName[0] == '\0')) return PAM_SERVICE_ERR; } diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index b75a597d..c1695d7f 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -62,7 +62,7 @@ _pam_report (const pam_handle_t *pamh, int ctrl, const char *name, pam_syslog(pamh, LOG_DEBUG, "CALLED: %s", name); pam_syslog(pamh, LOG_DEBUG, "FLAGS : 0%o%s", flags, (flags & PAM_SILENT) ? " (silent)":""); - pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl); + pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl); pam_syslog(pamh, LOG_DEBUG, "ARGV :"); while (argc--) { pam_syslog(pamh, LOG_DEBUG, " \"%s\"", *argv++); diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index dffbc895..c7128857 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -134,7 +134,7 @@ static void log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) { if ( phase != PHASE_AUTH ) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_ERR, "option %s allowed in auth phase only", argv); } } @@ -194,12 +194,12 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, else if ( ! strcmp( *argv, "per_user" ) ) { log_phase_no_auth(pamh, phase, *argv); - opts->ctrl |= OPT_PER_USER; + opts->ctrl |= OPT_PER_USER; } else if ( ! strcmp( *argv, "no_lock_time") ) { log_phase_no_auth(pamh, phase, *argv); - opts->ctrl |= OPT_NO_LOCK_TIME; + opts->ctrl |= OPT_NO_LOCK_TIME; } else if ( ! strcmp( *argv, "no_reset" ) ) { opts->ctrl |= OPT_NO_RESET; @@ -463,19 +463,19 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, &cur_tty); + (void) pam_get_item(pamh, PAM_TTY, &cur_tty); if (!cur_tty) { - strncpy(fsp->fs_faillog.fail_line, "unknown", + strncpy(fsp->fs_faillog.fail_line, "unknown", sizeof(fsp->fs_faillog.fail_line) - 1); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } else { - strncpy(fsp->fs_faillog.fail_line, cur_tty, + strncpy(fsp->fs_faillog.fail_line, cur_tty, sizeof(fsp->fs_faillog.fail_line)-1); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } } else { - strncpy(fsp->fs_faillog.fail_line, remote_host, + strncpy(fsp->fs_faillog.fail_line, remote_host, (size_t)sizeof(fsp->fs_faillog.fail_line)); fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0; } @@ -534,8 +534,8 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, if (lock_time && oldtime && !(opts->ctrl & OPT_NO_LOCK_TIME) ) { - if ( lock_time + oldtime > time(NULL) ) - { + if ( lock_time + oldtime > time(NULL) ) + { if (!(opts->ctrl & OPT_SILENT)) pam_info (pamh, _("Account temporary locked (%ld seconds left)"), @@ -543,19 +543,19 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid, if (!(opts->ctrl & OPT_NOLOGNOTICE)) pam_syslog (pamh, LOG_NOTICE, - "user %s (%lu) has time limit [%lds left]" + "user %s (%lu) has time limit [%lds left]" " since last failure.", user, (unsigned long int) uid, oldtime+lock_time-time(NULL)); - return PAM_AUTH_ERR; - } + return PAM_AUTH_ERR; + } } if (opts->unlock_time && oldtime) { - if ( opts->unlock_time + oldtime <= time(NULL) ) - { /* ignore deny check after unlock_time elapsed */ - return PAM_SUCCESS; - } + if ( opts->unlock_time + oldtime <= time(NULL) ) + { /* ignore deny check after unlock_time elapsed */ + return PAM_SUCCESS; + } } if ( ( deny != 0 ) && /* deny==0 means no deny */ @@ -599,8 +599,8 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) if (tally == 0) { - fsp->fs_faillog.fail_time = (time_t) 0; - strcpy(fsp->fs_faillog.fail_line, ""); + fsp->fs_faillog.fail_time = (time_t) 0; + strcpy(fsp->fs_faillog.fail_line, ""); } i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp); @@ -866,8 +866,8 @@ int main ( int argc UNUSED, char **argv ) if ( ! fread((char *) &fsp->fs_faillog, sizeof (struct faillog), 1, TALLY) || ! fsp->fs_faillog.fail_cnt ) { - continue; - } + continue; + } tally = fsp->fs_faillog.fail_cnt; if ( ( pw=getpwuid(uid) ) ) { diff --git a/modules/pam_tally/pam_tally_app.c b/modules/pam_tally/pam_tally_app.c index 9e6e1faf..ad288549 100644 --- a/modules/pam_tally/pam_tally_app.c +++ b/modules/pam_tally/pam_tally_app.c @@ -4,4 +4,3 @@ #define MAIN #include "pam_tally.c" - diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index e1df6d74..c72d27a0 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -159,7 +159,7 @@ static void log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) { if ( phase != PHASE_AUTH ) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_ERR, "option %s allowed in auth phase only", argv); } } @@ -407,7 +407,7 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, if ((*tfile = open(filename, O_RDWR)) == -1) { #ifndef MAIN if (errno == EACCES) /* called with insufficient access rights */ - return PAM_IGNORE; + return PAM_IGNORE; #endif pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); @@ -418,7 +418,7 @@ skip_open: if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); if (!preopened) { - close(*tfile); + close(*tfile); *tfile = -1; } return PAM_AUTH_ERR; @@ -536,30 +536,30 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, if (uid) { /* Unlock time check */ if (opts->unlock_time && oldtime) { - if (opts->unlock_time + oldtime <= time(NULL)) { + if (opts->unlock_time + oldtime <= time(NULL)) { /* ignore deny check after unlock_time elapsed */ #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, NULL, NULL, NULL, 1); #endif - rv = PAM_SUCCESS; - goto cleanup; - } + rv = PAM_SUCCESS; + goto cleanup; + } } } else { /* Root unlock time check */ if (opts->root_unlock_time && oldtime) { if (opts->root_unlock_time + oldtime <= time(NULL)) { - /* ignore deny check after unlock_time elapsed */ + /* ignore deny check after unlock_time elapsed */ #ifdef HAVE_LIBAUDIT snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, NULL, NULL, NULL, 1); #endif - rv = PAM_SUCCESS; - goto cleanup; - } + rv = PAM_SUCCESS; + goto cleanup; + } } } @@ -597,7 +597,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, oldtime+opts->lock_time-time(NULL)); } if (!(opts->ctrl & OPT_NOLOGNOTICE)) { - pam_syslog(pamh, LOG_NOTICE, + pam_syslog(pamh, LOG_NOTICE, "user %s (%lu) has time limit [%lds left]" " since last failure.", user, (unsigned long)uid, @@ -605,7 +605,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, } rv = PAM_AUTH_ERR; goto cleanup; - } + } } cleanup: @@ -648,10 +648,10 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, &remote_host); + (void) pam_get_item(pamh, PAM_TTY, &remote_host); if (!remote_host) { - remote_host = "unknown"; - } + remote_host = "unknown"; + } } strncpy(tally.fail_line, remote_host, @@ -1019,14 +1019,14 @@ main( int argc UNUSED, char **argv ) FILE *tfile=fopen(cline_filename, "r"); uid_t uid=0; if (!tfile && cline_reset != 0) { - perror(*argv); - exit(1); + perror(*argv); + exit(1); } for ( ; tfile && !feof(tfile); uid++ ) { if ( !fread(&tally, sizeof(tally), 1, tfile) || !tally.fail_cnt ) { - continue; + continue; } print_one(&tally, uid); } diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c index 681ed690..b72e9bfd 100644 --- a/modules/pam_tally2/pam_tally2_app.c +++ b/modules/pam_tally2/pam_tally2_app.c @@ -4,4 +4,3 @@ #define MAIN #include "pam_tally2.c" - diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index dff4a6da..c94737ca 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -135,7 +135,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) return -1; } } - + if (*from > 0) to = shift_buf(*buf, *from); @@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_TIME, - "pam_time", rv); /* ignore return value as we fail anyway */ + "pam_time", rv); /* ignore return value as we fail anyway */ } #endif if (ctrl & PAM_DEBUG_ARG) { diff --git a/modules/pam_time/time.conf b/modules/pam_time/time.conf index c7b7989c..68d2dadc 100644 --- a/modules/pam_time/time.conf +++ b/modules/pam_time/time.conf @@ -1,4 +1,4 @@ -# this is an example configuration file for the pam_time module. Its syntax +# this is an example configuration file for the pam_time module. Its syntax # was initially based heavily on that of the shadow package (shadow-960129). # # the syntax of the lines is as follows: diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index 224fda34..82227ba0 100644 --- a/modules/pam_time/time.conf.5.xml +++ b/modules/pam_time/time.conf.5.xml @@ -119,7 +119,7 @@ login ; tty* & !ttyp* ; !root ; !Al0000-2400 Games (configured to use PAM) are only to be accessed out of working hours. This rule does not apply to the user <emphasis>waster</emphasis>: - <programlisting> + <programlisting> games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 </programlisting> </para> diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c index d2da5ff1..7c1f8bfb 100644 --- a/modules/pam_timestamp/hmacfile.c +++ b/modules/pam_timestamp/hmacfile.c @@ -63,7 +63,7 @@ testvectors(void) "b617318655057264e28bc0b6fb378c8ef146be00", }, -#ifdef HMAC_ALLOW_SHORT_KEYS +#ifdef HMAC_ALLOW_SHORT_KEYS { "Jefe", 4, "what do ya want for nothing?", 28, diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c index 5b3774ff..573ecf3b 100644 --- a/modules/pam_timestamp/hmacsha1.c +++ b/modules/pam_timestamp/hmacsha1.c @@ -69,8 +69,8 @@ hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size, pam_syslog(pamh, LOG_ERR, "Cannot create %s: %m", filename); return; } - - + + if (fchown(keyfd, owner, group) == -1) { pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename); return; diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index adb87a79..fc6a9276 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml +++ b/modules/pam_timestamp/pam_timestamp.8.xml @@ -186,4 +186,3 @@ session optional pam_timestamp.so </refsect1> </refentry> - diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml index 7ec7140e..06432e09 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -205,4 +205,3 @@ session optional pam_timestamp.so </refsect1> </refentry> - diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c index e6705eb5..576b4b41 100644 --- a/modules/pam_timestamp/sha1.c +++ b/modules/pam_timestamp/sha1.c @@ -185,7 +185,7 @@ size_t sha1_output(struct sha1_context *ctx, unsigned char *out) { struct sha1_context ctx2; - + /* Output the sum. */ if (out != NULL) { u_int32_t c; diff --git a/modules/pam_unix/CHANGELOG b/modules/pam_unix/CHANGELOG index 1476b579..c18acc27 100644 --- a/modules/pam_unix/CHANGELOG +++ b/modules/pam_unix/CHANGELOG @@ -8,7 +8,7 @@ $Id$ - temporarily removed the crypt16 stuff. I'm really paranoid about crypto stuff and exporting it, and there are a few too many 's-box' references in the code for my liking.. - + * Wed Jun 30 1999 Steve Langasek <vorlon@netexpress.net> - further NIS+ fixes @@ -50,6 +50,5 @@ $Id$ is too lame to use it in real life) * Sun Mar 21 1999 Jan Rêkorajski <baggins@mimuw.edu.pl> -- pam_unix_auth now correctly behave when user has NULL AUTHTOK +- pam_unix_auth now correctly behave when user has NULL AUTHTOK - pam_unix_auth returns PAM_PERM_DENIED when seteuid fails - diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 9922d177..e10d1c56 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -1,20 +1,20 @@ /* * This function implements the "bigcrypt" algorithm specifically for * Linux-PAM. - * + * * This algorithm is algorithm 0 (default) shipped with the C2 secure * implementation of Digital UNIX. - * + * * Disclaimer: This work is not based on the source code to Digital * UNIX, nor am I connected to Digital Equipment Corp, in any way * other than as a customer. This code is based on published * interfaces and reasonable guesswork. - * + * * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8 * characters or less. Each block is encrypted using the standard UNIX * libc crypt function. The result of the encryption for one block * provides the salt for the suceeding block. - * + * * Restrictions: The buffer used to hold the encrypted result is * statically allocated. (see MAX_PASS_LEN below). This is necessary, * as the returned pointer points to "static data that are overwritten diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c index 94d1c9da..7881db5d 100644 --- a/modules/pam_unix/md5.c +++ b/modules/pam_unix/md5.c @@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index d9c4ea55..1379d96c 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -206,7 +206,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, don't worry about an explicit check of argv. */ if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS && pretval) { - retval = *(const int *)pretval; + retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); D(("recovered data indicates that old retval was %d", retval)); } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 631df318..6ba2c2e6 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -212,7 +212,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -262,7 +262,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 778062e4..72046ea0 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -16,13 +16,13 @@ * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE @@ -140,4 +140,3 @@ struct pam_module _pam_unix_session_modstruct = { NULL, }; #endif - diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5199a690..089f4b83 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -89,17 +89,17 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) } else { if (!strncmp(hash, "$1$", 3)) { pp = Goodcrypt_md5(p, hash); - if (pp && strcmp(pp, hash) != 0) { + if (pp && strcmp(pp, hash) != 0) { _pam_delete(pp); pp = Brokencrypt_md5(p, hash); - } + } } else if (*hash != '$' && hash_len >= 13) { - pp = bigcrypt(p, hash); - if (pp && hash_len == 13 && strlen(pp) > hash_len) { + pp = bigcrypt(p, hash); + if (pp && hash_len == 13 && strlen(pp) > hash_len) { _pam_overwrite(pp + hash_len); - } + } } else { - /* + /* * Ok, we don't know the crypt algorithm, but maybe * libcrypt knows about it? We should try it. */ @@ -448,12 +448,12 @@ unix_selinux_confined(void) char tempfile[]="/etc/.pwdXXXXXX"; if (confined != -1) - return confined; + return confined; /* cannot be confined without SELinux enabled */ if (!SELINUX_ENABLED){ - confined = 0; - return confined; + confined = 0; + return confined; } /* let's try opening shadow read only */ @@ -633,7 +633,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, char *sptr = NULL; found = 1; if (howmany == 0) - continue; + continue; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":", &sptr); s_uid = strtok_r(NULL, ":", &sptr); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index cc350e58..ab04535f 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -475,7 +475,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -530,7 +530,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index 702912d0..6ea7ea51 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -62,7 +62,7 @@ set_password(const char *forwho, const char *shadow, const char *remember) } if (lock_pwdf() != PAM_SUCCESS) - return PAM_AUTHTOK_LOCK_BUSY; + return PAM_AUTHTOK_LOCK_BUSY; pwd = getpwnam(forwho); diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am index b05cc6c6..77cc9608 100644 --- a/modules/pam_userdb/Makefile.am +++ b/modules/pam_userdb/Makefile.am @@ -35,4 +35,3 @@ noinst_DATA = README pam_userdb.8 README: pam_userdb.8.xml -include $(top_srcdir)/Make.xml.rules endif - diff --git a/modules/pam_userdb/create.pl b/modules/pam_userdb/create.pl index 224204b7..06915c92 100644 --- a/modules/pam_userdb/create.pl +++ b/modules/pam_userdb/create.pl @@ -1,5 +1,5 @@ #!/usr/bin/perl -# this program creates a database in ARGV[1] from pairs given on +# this program creates a database in ARGV[1] from pairs given on # stdandard input # # $Id$ @@ -19,5 +19,3 @@ while (<STDIN>) { $lusers{$user} = $pass; } untie %lusers; - - diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 11b0d6bd..c075c4b5 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -145,7 +145,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv, * return values: * 1 = User not found * 0 = OK - * -1 = Password incorrect + * -1 = Password incorrect * -2 = System error */ static int @@ -362,12 +362,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS || password == NULL) { if ((ctrl & PAM_TRY_FPASS_ARG) != 0) { - /* Converse to obtain a password */ - retval = obtain_authtok(pamh); - if (retval != PAM_SUCCESS) { + /* Converse to obtain a password */ + retval = obtain_authtok(pamh); + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); return retval; - } + } retval = pam_get_item(pamh, PAM_AUTHTOK, &password); } if (retval != PAM_SUCCESS || password == NULL) { diff --git a/modules/pam_userdb/pam_userdb.h b/modules/pam_userdb/pam_userdb.h index 4cd81baf..3cd8fee0 100644 --- a/modules/pam_userdb/pam_userdb.h +++ b/modules/pam_userdb/pam_userdb.h @@ -2,7 +2,7 @@ #ifndef _PAM_USERSDB_H #define _PAM_USERSDB_H /* $Id$ */ - + /* Header files */ #include <security/pam_appl.h> |