From a621d60e903247f1898a770f0f67786f5dc465da Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Sat, 20 Jan 2001 22:29:47 +0000 Subject: Relevant BUGIDs: 108786 Purpose of commit: cleanup Commit summary: --------------- This brings the binary prompt hooks in libpam_misc's conversation function into line with the current libpamc library. --- libpamc/include/security/pam_client.h | 42 +++++++++++++++++++---------------- libpamc/pamc_converse.c | 2 +- libpamc/test/agents/secret@here | 3 +++ libpamc/test/modules/pam_secret.c | 16 ++++++------- libpamc/test/regress/test.libpamc.c | 18 ++++++++++----- 5 files changed, 48 insertions(+), 33 deletions(-) (limited to 'libpamc') diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 723dd88d..90040fbe 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -87,17 +87,20 @@ char **pamc_list_agents(pamc_handle_t pch); # define PAM_BP_FREE free #endif /* PAM_BP_FREE */ -#define __PAM_BP_OCTET(x,y) (*((y) + (__u8 *)(x))) +#define __PAM_BP_WOCTET(x,y) (*((y) + (__u8 *)(x))) +#define __PAM_BP_ROCTET(x,y) (*((y) + (const __u8 *)(x))) #define PAM_BP_MIN_SIZE (sizeof(__u32) + sizeof(__u8)) #define PAM_BP_MAX_LENGTH 0x20000 /* an advisory limit */ -#define PAM_BP_CONTROL(x) (__PAM_BP_OCTET(x,4)) -#define PAM_BP_SIZE(x) ((__PAM_BP_OCTET(x,0)<<24)+ \ - (__PAM_BP_OCTET(x,1)<<16)+ \ - (__PAM_BP_OCTET(x,2)<< 8)+ \ - (__PAM_BP_OCTET(x,3) )) +#define PAM_BP_WCONTROL(x) (__PAM_BP_WOCTET(x,4)) +#define PAM_BP_RCONTROL(x) (__PAM_BP_ROCTET(x,4)) +#define PAM_BP_SIZE(x) ((__PAM_BP_ROCTET(x,0)<<24)+ \ + (__PAM_BP_ROCTET(x,1)<<16)+ \ + (__PAM_BP_ROCTET(x,2)<< 8)+ \ + (__PAM_BP_ROCTET(x,3) )) #define PAM_BP_LENGTH(x) (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE) -#define PAM_BP_DATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x)) +#define PAM_BP_WDATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x)) +#define PAM_BP_RDATA(x) (PAM_BP_MIN_SIZE + (const __u8 *) (x)) /* Note, this macro always '\0' terminates renewed packets */ @@ -105,7 +108,8 @@ char **pamc_list_agents(pamc_handle_t pch); do { \ if (old_p) { \ if (*(old_p)) { \ - __u32 __size = PAM_BP_SIZE(*(old_p)); \ + __u32 __size; \ + __size = PAM_BP_SIZE(*(old_p)); \ memset(*(old_p), 0, __size); \ PAM_BP_FREE(*(old_p)); \ } \ @@ -114,10 +118,10 @@ do { \ \ __size = PAM_BP_MIN_SIZE + data_length; \ if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \ - __PAM_BP_OCTET(*(old_p), 3) = __size & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ (*(old_p))->control = cntrl; \ } else { \ PAM_BP_ASSERT("out of memory for binary prompt"); \ @@ -138,19 +142,19 @@ do { \ if (bp_length < ((length)+(offset))) { \ PAM_BP_ASSERT("attempt to write over end of prompt"); \ } \ - memcpy((offset) + PAM_BP_DATA(prompt), (data), (length)); \ + memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length)); \ } while (0) #define PAM_BP_EXTRACT(prmpt, offset, length, data) \ do { \ - int bp_length; \ - __u8 *prompt = (__u8 *) (prmpt); \ - bp_length = PAM_BP_LENGTH(prompt); \ - if (((offset) < 0) || bp_length < ((length)+(offset)) \ - || (length) < 0) { \ + int __bp_length; \ + const __u8 *__prompt = (const __u8 *) (prmpt); \ + __bp_length = PAM_BP_LENGTH(__prompt); \ + if (((offset) < 0) || (__bp_length < ((length)+(offset))) \ + || ((length) < 0)) { \ PAM_BP_ASSERT("invalid extraction from prompt"); \ } \ - memcpy((data), (offset) + PAM_BP_DATA(prompt), (length)); \ + memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length)); \ } while (0) diff --git a/libpamc/pamc_converse.c b/libpamc/pamc_converse.c index 92ef7525..540a7d86 100644 --- a/libpamc/pamc_converse.c +++ b/libpamc/pamc_converse.c @@ -155,7 +155,7 @@ int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p) /* construct the whole reply prompt */ size = PAM_BP_SIZE(raw); - control = PAM_BP_CONTROL(raw); + control = PAM_BP_RCONTROL(raw); memset(raw, 0, sizeof(raw)); D(("agent replied with prompt of size %d and control %u", diff --git a/libpamc/test/agents/secret@here b/libpamc/test/agents/secret@here index 18d8a661..afdcbaa8 100755 --- a/libpamc/test/agents/secret@here +++ b/libpamc/test/agents/secret@here @@ -261,6 +261,9 @@ sub CreateDigest ($) { or die "you'll need /usr/bin/md5sum installed"; my $oldfd = select MD5in; $|=1; select $oldfd; + if ($debug) { + print STDERR "agent: ". "telling md5: <$data>\n"; + } print MD5in "$data"; close MD5in; my $reply = ; diff --git a/libpamc/test/modules/pam_secret.c b/libpamc/test/modules/pam_secret.c index 04c7631b..7efa8c23 100644 --- a/libpamc/test/modules/pam_secret.c +++ b/libpamc/test/modules/pam_secret.c @@ -344,7 +344,7 @@ static int auth_sequence(pam_handle_t *pamh, PAM_BP_RENEW(&new->current_prompt, PAM_BPC_SELECT, sizeof(PS_AGENT_ID) + strlen(rusername) + 1 + strlen(rhostname) + 1 + 32); - sprintf(PAM_BP_DATA(new->current_prompt), + sprintf(PAM_BP_WDATA(new->current_prompt), PS_AGENT_ID "/%s@%s|%.32s", rusername, rhostname, new->server_cookie); @@ -390,7 +390,7 @@ static int auth_sequence(pam_handle_t *pamh, /* find | */ length = PAM_BP_LENGTH(new->current_reply); for (i=0; icurrent_reply)[i] == '|') { + if (PAM_BP_RDATA(new->current_reply)[i] == '|') { break; } } @@ -407,13 +407,13 @@ static int auth_sequence(pam_handle_t *pamh, } /* copy client cookie */ - memcpy(new->client_cookie, PAM_BP_DATA(new->current_reply)+i, 32); + memcpy(new->client_cookie, PAM_BP_RDATA(new->current_reply)+i, 32); /* generate a prompt that is length(seqid) + length(|) + 32 long */ PAM_BP_RENEW(&new->current_prompt, PAM_BPC_OK, i+32); /* copy the head of the response prompt */ - memcpy(PAM_BP_DATA(new->current_prompt), - PAM_BP_DATA(new->current_reply), i); + memcpy(PAM_BP_WDATA(new->current_prompt), + PAM_BP_RDATA(new->current_reply), i); PAM_BP_RENEW(&new->current_reply, 0, 0); /* look up the secret */ @@ -456,7 +456,7 @@ static int auth_sequence(pam_handle_t *pamh, /* construct md5[||] */ if (! create_digest(new->client_cookie, new->server_cookie, new->secret_data, - PAM_BP_DATA(new->current_prompt)+i)) { + PAM_BP_WDATA(new->current_prompt)+i)) { D(("md5 digesting failed")); new->state = PS_STATE_DEAD; return PAM_ABORT; @@ -497,7 +497,7 @@ static int auth_sequence(pam_handle_t *pamh, return PAM_ABORT; } - cf = strcmp(expectation, PAM_BP_DATA(new->current_reply)); + cf = strcmp(expectation, PAM_BP_RDATA(new->current_reply)); memset(expectation, 0, sizeof(expectation)); if (cf || new->invalid_secret) { D(("failed to authenticate")); @@ -580,7 +580,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, PAM_BP_RENEW(&new_data->current_prompt, PAM_BP_CONTROL(old_data->current_prompt), length); PAM_BP_FILL(new_data->current_prompt, 0, length, - PAM_BP_DATA(old_data->current_prompt)); + PAM_BP_RDATA(old_data->current_prompt)); } /* don't need to duplicate current_reply */ } else { diff --git a/libpamc/test/regress/test.libpamc.c b/libpamc/test/regress/test.libpamc.c index b5fb1b82..b7bc4e4b 100644 --- a/libpamc/test/regress/test.libpamc.c +++ b/libpamc/test/regress/test.libpamc.c @@ -127,10 +127,12 @@ char *create_digest(int length, const char *raw) temp_packet.length = temp_packet.at = 0; temp_packet.buffer = NULL; - append_string(&temp_packet, "/bin/echo -n '", 0); + append_string(&temp_packet, "echo -n '", 0); append_string(&temp_packet, raw, 0); append_string(&temp_packet, "'|/usr/bin/md5sum -", 1); + fprintf(stderr, "am attempting to run [%s]\n", temp_packet.buffer); + pipe = popen(temp_packet.buffer, "r"); if (pipe == NULL) { fprintf(stderr, "server: failed to run\n [%s]\n", temp_packet.buffer); @@ -170,7 +172,13 @@ void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet) data_length = PAM_BP_LENGTH(prompt); packet->at = 0; append_data(packet, data_length, NULL); + PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer); + + fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n", + data_length, + PAM_BP_SIZE(prompt), PAM_BP_RCONTROL(prompt), + PAM_BP_RDATA(prompt)); } int main(int argc, char **argv) @@ -217,9 +225,9 @@ int main(int argc, char **argv) retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after conversation\n"); - if (PAM_BP_CONTROL(prompt) != PAM_BPC_OK) { + if (PAM_BP_RCONTROL(prompt) != PAM_BPC_OK) { fprintf(stderr, "server: prompt had unexpected control type: %u\n", - PAM_BP_CONTROL(prompt)); + PAM_BP_RCONTROL(prompt)); exit(1); } @@ -274,9 +282,9 @@ int main(int argc, char **argv) retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after 2nd conversation\n"); - if (PAM_BP_CONTROL(prompt) != PAM_BPC_DONE) { + if (PAM_BP_RCONTROL(prompt) != PAM_BPC_DONE) { fprintf(stderr, "server: 2nd prompt had unexpected control type: %u\n", - PAM_BP_CONTROL(prompt)); + PAM_BP_RCONTROL(prompt)); exit(1); } -- cgit v1.2.3