From 3a265f6249e17882cf0195dd1fe7abb94cd3160f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 1 Sep 2005 13:59:20 +0000 Subject: Relevant BUGIDs: none Purpose of commit: new feature Commit summary: --------------- Add PAM extensions pam_*prompt, pam_*error and pam_*info for usage by modules to libpam, add new pam_ext.h header file with prototypes. --- libpam/Makefile.am | 8 ++- libpam/include/security/_pam_types.h | 28 +++++++++ libpam/include/security/pam_ext.h | 55 ++++++++++++++++++ libpam/libpam.map | 6 ++ libpam/pam_vprompt.c | 106 +++++++++++++++++++++++++++++++++++ 5 files changed, 200 insertions(+), 3 deletions(-) create mode 100644 libpam/include/security/pam_ext.h create mode 100644 libpam/pam_vprompt.c (limited to 'libpam') diff --git a/libpam/Makefile.am b/libpam/Makefile.am index f33c3db3..a9ebcf72 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -10,7 +10,7 @@ CLEANFILES = *~ EXTRA_DIST = libpam.map -include_HEADERS = $(addprefix include/security/, _pam_compat.h _pam_macros.h _pam_types.h pam_appl.h pam_malloc.h pam_modules.h) +include_HEADERS = $(addprefix include/security/, _pam_compat.h _pam_macros.h _pam_types.h pam_appl.h pam_malloc.h pam_modules.h pam_ext.h) noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h @@ -23,5 +23,7 @@ lib_LTLIBRARIES = libpam.la libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \ - pam_log.c pam_malloc.c pam_misc.c pam_password.c \ - pam_prelude.c pam_session.c pam_start.c pam_static.c pam_strerror.c + pam_log.c pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \ + pam_session.c pam_start.c pam_static.c pam_strerror.c \ + pam_vprompt.c + diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h index 116a2916..b701fec2 100644 --- a/libpam/include/security/_pam_types.h +++ b/libpam/include/security/_pam_types.h @@ -21,6 +21,13 @@ typedef struct pam_handle pam_handle_t; +/* ---------------- The Linux-PAM Version defines ----------------- */ + +/* Major and minor version number of the Linux-PAM package. Use + these macros to test for features in specific releases. */ +#define __LINUX_PAM__ 1 +#define __LINUX_PAM_MINOR__ 0 + /* ----------------- The Linux-PAM return values ------------------ */ #define PAM_SUCCESS 0 /* Successful function return */ @@ -255,6 +262,27 @@ struct pam_conv { void *appdata_ptr; }; +/* -------------- Special defines used by Linux-PAM -------------- */ + +#if defined(__GNUC__) && defined(__GNUC_MINOR__) +# define PAM_GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) +#else +# define PAM_GNUC_PREREQ(maj, min) 0 +#endif + +#if PAM_GNUC_PREREQ(2,5) +# define PAM_FORMAT(params) __attribute__((__format__ params)) +#else +# define PAM_FORMAT(params) +#endif + +#if PAM_GNUC_PREREQ(3,3) +# define PAM_NONNULL(params) __attribute__((__nonnull__ params)) +#else +# define PAM_NONNULL(params) +#endif + /* ... adapted from the pam_appl.h file created by Theodore Ts'o and * * Copyright Theodore Ts'o, 1996. All rights reserved. diff --git a/libpam/include/security/pam_ext.h b/libpam/include/security/pam_ext.h new file mode 100644 index 00000000..1434eb29 --- /dev/null +++ b/libpam/include/security/pam_ext.h @@ -0,0 +1,55 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _SECURITY__PAM_EXT_H_ +#define _SECURITY__PAM_EXT_H_ + +#include +#include + +extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4)) +pam_vprompt (pam_handle_t *pamh, int style, char **response, + const char *fmt, va_list args); + +extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4)) +pam_prompt (pam_handle_t *pamh, int style, char **response, + const char *fmt, ...); + +#define pam_error(pamh, fmt, args...) pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt, args) +#define pam_verror(pamh, fmt, args) pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args) + +#define pam_info(pamh, fmt, args...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt, args) +#define pam_vinfo(pamh, fmt, ...) pam_vprompt(pamh, PAM_TEXT_INFO, NULL, fmt, args) + +#endif + diff --git a/libpam/libpam.map b/libpam/libpam.map index 45475bd7..75f89349 100644 --- a/libpam/libpam.map +++ b/libpam/libpam.map @@ -31,3 +31,9 @@ LIBPAM_MALLOC_DEBUG_1.0 { pam_exit; pam_strdup; }; +LIBPAM_EXTENSION_1.0 { + global: + pam_prompt; + pam_vprompt; +}; + diff --git a/libpam/pam_vprompt.c b/libpam/pam_vprompt.c new file mode 100644 index 00000000..e680ceb7 --- /dev/null +++ b/libpam/pam_vprompt.c @@ -0,0 +1,106 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "pam_private.h" + +int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4)) +pam_vprompt (pam_handle_t *pamh, int style, char **response, + const char *fmt, va_list args) +{ + struct pam_message msg; + struct pam_response *pam_resp = NULL; + const struct pam_message *pmsg; + const struct pam_conv *conv; + const void *convp; + char *msgbuf; + int retval; + + if (response) + *response = NULL; + + retval = pam_get_item (pamh, PAM_CONV, &convp); + if (retval != PAM_SUCCESS) + return retval; + conv = convp; + if (conv == NULL || conv->conv == NULL) + { + _pam_system_log (LOG_ERR, "no conversation function"); + return PAM_SYSTEM_ERR; + } + + if (vasprintf (&msgbuf, fmt, args) < 0) + { + _pam_system_log (LOG_ERR, "vasprintf: %m"); + return PAM_BUF_ERR; + } + + msg.msg_style = style; + msg.msg = msgbuf; + pmsg = &msg; + + retval = conv->conv (1, &pmsg, &pam_resp, conv->appdata_ptr); + if (response) + *response = pam_resp == NULL ? NULL : pam_resp->resp; + _pam_overwrite (msgbuf); + free (msgbuf); + if (retval != PAM_SUCCESS) + _pam_system_log (LOG_ERR, "conversation failed"); + + return retval; +} + +int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((4)) +pam_prompt (pam_handle_t *pamh, int style, char **response, + const char *fmt, ...) +{ + va_list args; + int retval; + + va_start (args, fmt); + retval = pam_vprompt (pamh, style, response, fmt, args); + va_end (args); + + return retval; +} -- cgit v1.2.3