From 72609d111cf62c3de59b340cd60922ad58456868 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 8 Jan 2006 09:36:55 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- 2006-01-08 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR instead of PAM_AUTHTOK_RECOVER_ERR. * modules/pam_pwdb/support.-c: Likewise. * modules/pam_unix/support.c: Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. * libpam/pam_strerror.c (pam_strerror): Likewise. * libpam/include/security/_pam_compat.h: Define PAM_AUTHTOK_RECOVER_ERR for backward compatibility. * libpam/include/security/_pam_types.h: Rename PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR. --- ChangeLog | 15 +++++++++++++++ libpam/include/security/_pam_compat.h | 7 +++++-- libpam/include/security/_pam_types.h | 8 ++------ libpam/pam_strerror.c | 35 +++++++++++++++++++++++++++++++---- modules/pam_cracklib/pam_cracklib.c | 13 ++++++------- modules/pam_pwdb/support.-c | 19 ++++++++----------- modules/pam_unix/support.c | 18 ++++++++---------- modules/pam_userdb/pam_userdb.c | 11 +++++------ 8 files changed, 80 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index 724bc919..22cda4d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2006-01-08 Thorsten Kukuk + + * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR + instead of PAM_AUTHTOK_RECOVER_ERR. + * modules/pam_pwdb/support.-c: Likewise. + * modules/pam_unix/support.c: Likewise. + * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. + * libpam/pam_strerror.c (pam_strerror): Likewise. + + * libpam/include/security/_pam_compat.h: Define + PAM_AUTHTOK_RECOVER_ERR for backward compatibility. + + * libpam/include/security/_pam_types.h: Rename + PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR. + 2006-01-05 Thorsten Kukuk * libpam/include/security/_pam_types.h: Remove nonnull attribute diff --git a/libpam/include/security/_pam_compat.h b/libpam/include/security/_pam_compat.h index 1bfec42c..a5f58e42 100644 --- a/libpam/include/security/_pam_compat.h +++ b/libpam/include/security/_pam_compat.h @@ -2,8 +2,6 @@ #define _PAM_COMPAT_H /* - * $Id$ - * * This file was contributed by Derrick J Brashear * slight modification by Brad M. Garcia * @@ -118,6 +116,11 @@ #endif /* _SECURITY__PAM_TYPES_H */ +#else + +/* For compatibility with old Linux-PAM implementations. */ +#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR + #endif /* defined(solaris) || (defined(__SVR4) && defined(sun)) */ #endif /* _PAM_COMPAT_H */ diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h index a55dba9c..18f222db 100644 --- a/libpam/include/security/_pam_types.h +++ b/libpam/include/security/_pam_types.h @@ -1,14 +1,10 @@ /* * * - * $Id$ - * * This file defines all of the types common to the Linux-PAM library * applications and modules. * * Note, the copyright+license information is at end of file. - * - * Created: 1996/3/5 by AGM */ #ifndef _SECURITY__PAM_TYPES_H @@ -67,8 +63,8 @@ typedef struct pam_handle pam_handle_t; #define PAM_NO_MODULE_DATA 18 /* No module specific data is present */ #define PAM_CONV_ERR 19 /* Conversation error */ #define PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */ -#define PAM_AUTHTOK_RECOVER_ERR 21 /* Authentication information */ - /* cannot be recovered */ +#define PAM_AUTHTOK_RECOVERY_ERR 21 /* Authentication information */ + /* cannot be recovered */ #define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token lock busy */ #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */ #define PAM_TRY_AGAIN 24 /* Preliminary check by password service */ diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c index ca7bde83..f7923314 100644 --- a/libpam/pam_strerror.c +++ b/libpam/pam_strerror.c @@ -1,7 +1,34 @@ -/* pam_strerror.c */ - /* - * $Id$ + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "pam_private.h" @@ -55,7 +82,7 @@ const char *pam_strerror(pam_handle_t *pamh UNUSED, int errnum) return _("Conversation error"); case PAM_AUTHTOK_ERR: return _("Authentication token manipulation error"); - case PAM_AUTHTOK_RECOVER_ERR: + case PAM_AUTHTOK_RECOVERY_ERR: return _("Authentication information cannot be recovered"); case PAM_AUTHTOK_LOCK_BUSY: return _("Authentication token lock busy"); diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index aa55afd4..091a56f5 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -1,6 +1,5 @@ /* * pam_cracklib module - * $Id$ */ /* @@ -572,7 +571,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, token1 = x_strdup(item); item = NULL; } else { - retval = PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ + retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } } else { @@ -587,7 +586,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (token1 == NULL) { pam_syslog(pamh, LOG_NOTICE, "could not recover authentication token 1"); - retval = PAM_AUTHTOK_RECOVER_ERR; + retval = PAM_AUTHTOK_RECOVERY_ERR; } /* * tidy up the conversation (resp_retcode) is ignored @@ -595,7 +594,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, _pam_drop(resp); } else { retval = (retval == PAM_SUCCESS) ? - PAM_AUTHTOK_RECOVER_ERR:retval ; + PAM_AUTHTOK_RECOVERY_ERR:retval ; } } @@ -657,7 +656,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (token2 == NULL) { pam_syslog(pamh,LOG_NOTICE, "could not recover authentication token 2"); - retval = PAM_AUTHTOK_RECOVER_ERR; + retval = PAM_AUTHTOK_RECOVERY_ERR; } /* * tidy up the conversation (resp_retcode) is ignored @@ -665,7 +664,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, _pam_drop(resp); } else { retval = (retval == PAM_SUCCESS) ? - PAM_AUTHTOK_RECOVER_ERR:retval ; + PAM_AUTHTOK_RECOVERY_ERR:retval ; } if (retval != PAM_SUCCESS) { @@ -684,7 +683,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, pam_set_item(pamh, PAM_AUTHTOK, NULL); if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_NOTICE,"Password mistyped"); - retval = PAM_AUTHTOK_RECOVER_ERR; + retval = PAM_AUTHTOK_RECOVERY_ERR; continue; } diff --git a/modules/pam_pwdb/support.-c b/modules/pam_pwdb/support.-c index 45867ce8..6ba831e2 100644 --- a/modules/pam_pwdb/support.-c +++ b/modules/pam_pwdb/support.-c @@ -1,6 +1,4 @@ -/* - * $Id$ - * +/* * Copyright information at end of file. */ @@ -139,7 +137,7 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs D(("begin to converse")); - retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; + retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; if ( retval == PAM_SUCCESS ) { retval = conv->conv(nargs, ( const struct pam_message ** ) message @@ -767,10 +765,10 @@ static int _unix_read_password( pam_handle_t *pamh item = NULL; return PAM_SUCCESS; } else if (on(UNIX_USE_FIRST_PASS,ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; + return PAM_AUTHTOK_RECOVERY_ERR; } } @@ -825,7 +823,7 @@ static int _unix_read_password( pam_handle_t *pamh if (!resp[i-1].resp || strcmp(token,resp[i-1].resp)) { token = _pam_delete(token); /* mistyped */ - retval = PAM_AUTHTOK_RECOVER_ERR; + retval = PAM_AUTHTOK_RECOVERY_ERR; make_remark(pamh, ctrl , PAM_ERROR_MSG, MISTYPED_PASS); } @@ -847,7 +845,7 @@ static int _unix_read_password( pam_handle_t *pamh } else { retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR:retval ; + ? PAM_AUTHTOK_RECOVERY_ERR:retval ; } } @@ -941,13 +939,13 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE @@ -960,4 +958,3 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ - diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 733c25c2..cb89eb31 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -1,6 +1,4 @@ /* - * $Id$ - * * Copyright information at end of file. */ @@ -527,7 +525,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, out if pam is called from setuid binary (su, sudo...) */ setuid(0); } - + /* exec binary helper */ args[0] = x_strdup(CHKPWD_HELPER); args[1] = x_strdup(user); @@ -865,7 +863,7 @@ int _unix_read_password(pam_handle_t * pamh } else if (*pass != NULL) { /* we have a password! */ return PAM_SUCCESS; } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { return PAM_AUTHTOK_ERR; @@ -883,11 +881,11 @@ int _unix_read_password(pam_handle_t * pamh if (comment != NULL && off(UNIX__QUIET, ctrl)) { retval = pam_info(pamh, "%s", comment); } - + if (retval == PAM_SUCCESS) { retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp[0], "%s", prompt1); - + if (retval == PAM_SUCCESS && prompt2 != NULL) { retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp[1], "%s", prompt2); @@ -906,7 +904,7 @@ int _unix_read_password(pam_handle_t * pamh /* verify that password entered correctly */ if (strcmp(token, resp[replies - 1])) { /* mistyped */ - retval = PAM_AUTHTOK_RECOVER_ERR; + retval = PAM_AUTHTOK_RECOVERY_ERR; _make_remark(pamh, ctrl, PAM_ERROR_MSG, MISTYPED_PASS); } @@ -920,9 +918,9 @@ int _unix_read_password(pam_handle_t * pamh } else { retval = (retval == PAM_SUCCESS) - ? PAM_AUTHTOK_RECOVER_ERR : retval; + ? PAM_AUTHTOK_RECOVERY_ERR : retval; } - + resp[0] = NULL; if (replies > 1) _pam_delete(resp[1]); @@ -930,7 +928,7 @@ int _unix_read_password(pam_handle_t * pamh if (retval != PAM_SUCCESS) { _pam_delete(token); - + if (on(UNIX_DEBUG, ctrl)) pam_syslog(pamh, LOG_DEBUG, "unable to obtain a password"); diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index d47d58eb..fce5f3dd 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -1,7 +1,6 @@ /* pam_userdb module */ /* - * $Id$ * Written by Cristian Gafton 1996/09/10 * See the end of the file for Copyright Information */ @@ -249,7 +248,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, compare = strncmp(data.dptr, pass, data.dsize); } - if (cryptmode && strncasecmp(cryptmode, "none", 4) + if (cryptmode && strncasecmp(cryptmode, "none", 4) && (ctrl & PAM_DEBUG_ARG)) { pam_syslog(pamh, LOG_INFO, "invalid value for crypt parameter: %s", cryptmode); @@ -355,7 +354,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return retval; } } - + /* Check if we got a password */ retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS || password == NULL) { @@ -370,10 +369,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, } if (retval != PAM_SUCCESS || password == NULL) { pam_syslog(pamh, LOG_ERR, "can not recover user password"); - return PAM_AUTHTOK_RECOVER_ERR; - } + return PAM_AUTHTOK_RECOVERY_ERR; + } } - + if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_INFO, "Verify user `%s' with a password", username); -- cgit v1.2.3