src - FreeBSD source tree

diff options


context:
space:
mode:

author	Dag-Erling Smørgrav <des@FreeBSD.org>	2014-09-15 09:40:30 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2014-09-15 09:40:30 +0000
commit	adf180b55c9bdbf02c7daf6a62bdecd3b7dd6cd6 (patch)
tree	0cabdf9c7495e0b4b28b66d5f485231bb928de81 /lib/libpam
parent	299a95c6b11a65ecaa8371d14fff8dffe393e091 (diff)

Vendor import of OpenPAM Ourouparia.vendor/openpam/OUROUPARIA

Notes

Notes: svn path=/vendor/openpam/dist/; revision=271612 svn path=/vendor/openpam/OUROUPARIA/; revision=271613; tag=vendor/openpam/OUROUPARIA

Diffstat (limited to 'lib/libpam')

-rw-r--r--

lib/libpam/Makefile.am

-rw-r--r--

lib/libpam/Makefile.in

-rw-r--r--

lib/libpam/openpam_configure.c

-rw-r--r--

lib/libpam/openpam_ctype.h

-rw-r--r--

lib/libpam/openpam_dispatch.c

-rw-r--r--

lib/libpam/openpam_strlset.c

-rw-r--r--

lib/libpam/openpam_strlset.h

-rw-r--r--

lib/libpam/openpam_ttyconv.c

-rw-r--r--

lib/libpam/pam_get_authtok.c

9 files changed, 179 insertions, 30 deletions

diff --git a/lib/libpam/Makefile.am b/lib/libpam/Makefile.am
index 99c37f00ee6b..a7781d656786 100644
--- a/lib/libpam/Makefile.am
+++ b/lib/libpam/Makefile.am

@@ -1,4 +1,4 @@

-# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $

+# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $

NULL =

@@ -18,6 +18,7 @@ noinst_HEADERS = \

openpam_strlcat.h \

openpam_strlcmp.h \

openpam_strlcpy.h \

+ openpam_strlset.h \

openpam_vasprintf.h

libpam_la_SOURCES = \

@@ -44,9 +45,10 @@ libpam_la_SOURCES = \

openpam_set_option.c \

openpam_set_feature.c \

openpam_static.c \

+ openpam_straddch.c \

openpam_strlcat.c \

openpam_strlcpy.c \

- openpam_straddch.c \

+ openpam_strlset.c \

openpam_subst.c \

openpam_vasprintf.c \

openpam_ttyconv.c \

diff --git a/lib/libpam/Makefile.in b/lib/libpam/Makefile.in
index b84d4793f05c..f2971163e0ed 100644
--- a/lib/libpam/Makefile.in
+++ b/lib/libpam/Makefile.in

@@ -14,7 +14,7 @@

@SET_MAKE@

-# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $

+# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $

VPATH = @srcdir@

@@ -85,10 +85,7 @@ subdir = lib/libpam

DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \

$(top_srcdir)/depcomp $(noinst_HEADERS)

ACLOCAL_M4 = $(top_srcdir)/aclocal.m4

-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \

- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \

- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \

- $(top_srcdir)/configure.ac

+am__aclocal_m4_deps = $(top_srcdir)/configure.ac

am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \

$(ACLOCAL_M4)

mkinstalldirs = $(install_sh) -d

@@ -135,10 +132,10 @@ am_libpam_la_OBJECTS = openpam_asprintf.lo openpam_borrow_cred.lo \

openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \

openpam_readword.lo openpam_restore_cred.lo \

openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \

- openpam_strlcat.lo openpam_strlcpy.lo openpam_straddch.lo \

- openpam_subst.lo openpam_vasprintf.lo openpam_ttyconv.lo \

- pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \

- pam_close_session.lo pam_end.lo pam_error.lo \

+ openpam_straddch.lo openpam_strlcat.lo openpam_strlcpy.lo \

+ openpam_strlset.lo openpam_subst.lo openpam_vasprintf.lo \

+ openpam_ttyconv.lo pam_acct_mgmt.lo pam_authenticate.lo \

+ pam_chauthtok.lo pam_close_session.lo pam_end.lo pam_error.lo \

pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \

pam_get_user.lo pam_getenv.lo pam_getenvlist.lo pam_info.lo \

pam_open_session.lo pam_prompt.lo pam_putenv.lo \

@@ -349,6 +346,7 @@ noinst_HEADERS = \

openpam_strlcat.h \

openpam_strlcmp.h \

openpam_strlcpy.h \

+ openpam_strlset.h \

openpam_vasprintf.h

libpam_la_SOURCES = \

@@ -375,9 +373,10 @@ libpam_la_SOURCES = \

openpam_set_option.c \

openpam_set_feature.c \

openpam_static.c \

+ openpam_straddch.c \

openpam_strlcat.c \

openpam_strlcpy.c \

- openpam_straddch.c \

+ openpam_strlset.c \

openpam_subst.c \

openpam_vasprintf.c \

openpam_ttyconv.c \

@@ -534,6 +533,7 @@ distclean-compile:

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcat.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcpy.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlset.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_vasprintf.Plo@am__quote@

diff --git a/lib/libpam/openpam_configure.c b/lib/libpam/openpam_configure.c
index 1a43dc799da1..5a4ca620222f 100644
--- a/lib/libpam/openpam_configure.c
+++ b/lib/libpam/openpam_configure.c

@@ -1,6 +1,6 @@

/*-

* This software was developed for the FreeBSD Project by ThinkSec AS and

@@ -32,7 +32,7 @@

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

- * $Id: openpam_configure.c 667 2013-03-17 14:24:00Z des $

+ * $Id: openpam_configure.c 796 2014-06-03 21:30:08Z des $

#ifdef HAVE_CONFIG_H

@@ -193,6 +193,7 @@ openpam_parse_chain(pam_handle_t *pamh,

openpam_log(PAM_LOG_ERROR,

"%s(%d): missing or invalid facility",

filename, lineno);

+ errno = EINVAL;

goto fail;

}

if (facility != fclt && facility != PAM_FACILITY_ANY) {

@@ -208,18 +209,28 @@ openpam_parse_chain(pam_handle_t *pamh,

openpam_log(PAM_LOG_ERROR,

"%s(%d): missing or invalid service name",

filename, lineno);

+ errno = EINVAL;

goto fail;

}

if (wordv[i] != NULL) {

openpam_log(PAM_LOG_ERROR,

"%s(%d): garbage at end of line",

filename, lineno);

+ errno = EINVAL;

goto fail;

}

ret = openpam_load_chain(pamh, servicename, fclt);

FREEV(wordc, wordv);

- if (ret < 0)

+ if (ret < 0) {

+ /*

+ * Bogus errno, but this ensures that the

+ * outer loop does not just ignore the

+ * error and keep searching.

+ */

+ if (errno == ENOENT)

+ errno = EINVAL;

goto fail;

+ }

continue;

}

@@ -229,6 +240,7 @@ openpam_parse_chain(pam_handle_t *pamh,

openpam_log(PAM_LOG_ERROR,

"%s(%d): missing or invalid control flag",

filename, lineno);

+ errno = EINVAL;

goto fail;

}

@@ -238,6 +250,7 @@ openpam_parse_chain(pam_handle_t *pamh,

openpam_log(PAM_LOG_ERROR,

"%s(%d): missing or invalid module name",

filename, lineno);

+ errno = EINVAL;

goto fail;

}

@@ -247,8 +260,11 @@ openpam_parse_chain(pam_handle_t *pamh,

this->flag = ctlf;

/* load module */

- if ((this->module = openpam_load_module(modulename)) == NULL)

+ if ((this->module = openpam_load_module(modulename)) == NULL) {

+ if (errno == ENOENT)

+ errno = ENOEXEC;

goto fail;

+ }

* The remaining items in wordv are the module's

@@ -281,7 +297,11 @@ openpam_parse_chain(pam_handle_t *pamh,

* The loop ended because openpam_readword() returned NULL, which

* can happen for four different reasons: an I/O error (ferror(f)

* is true), a memory allocation failure (ferror(f) is false,

- * errno is non-zero)

+ * feof(f) is false, errno is non-zero), the file ended with an

+ * unterminated quote or backslash escape (ferror(f) is false,

+ * feof(f) is true, errno is non-zero), or the end of the file was

+ * reached without error (ferror(f) is false, feof(f) is true,

+ * errno is zero).

if (ferror(f) || errno != 0)

goto syserr;

@@ -402,6 +422,9 @@ openpam_load_chain(pam_handle_t *pamh,

}

ret = openpam_load_file(pamh, service, facility,

filename, style);

+ /* success */

+ if (ret > 0)

+ RETURNN(ret);

/* the file exists, but an error occurred */

if (ret == -1 && errno != ENOENT)

RETURNN(ret);

@@ -411,7 +434,8 @@ openpam_load_chain(pam_handle_t *pamh,

}

/* no hit */

- RETURNN(0);

+ errno = ENOENT;

+ RETURNN(-1);

}

@@ -432,8 +456,10 @@ openpam_configure(pam_handle_t *pamh,

openpam_log(PAM_LOG_ERROR, "invalid service name");

RETURNC(PAM_SYSTEM_ERR);

}

- if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)

- goto load_err;

+ if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {

+ if (errno != ENOENT)

+ goto load_err;

+ }

for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {

if (pamh->chains[fclt] != NULL)

continue;

diff --git a/lib/libpam/openpam_ctype.h b/lib/libpam/openpam_ctype.h
index 38016227a687..d99d34b4dacf 100644
--- a/lib/libpam/openpam_ctype.h
+++ b/lib/libpam/openpam_ctype.h

@@ -26,7 +26,7 @@

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

- * $Id: openpam_ctype.h 666 2013-03-17 14:22:17Z des $

+ * $Id: openpam_ctype.h 763 2014-02-26 16:29:16Z des $

#ifndef OPENPAM_CTYPE_H_INCLUDED

diff --git a/lib/libpam/openpam_dispatch.c b/lib/libpam/openpam_dispatch.c
index 0dcc73223ce3..5fa068f8e261 100644
--- a/lib/libpam/openpam_dispatch.c
+++ b/lib/libpam/openpam_dispatch.c

@@ -32,7 +32,7 @@

* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

* SUCH DAMAGE.

- * $Id: openpam_dispatch.c 649 2013-03-05 17:58:33Z des $

+ * $Id: openpam_dispatch.c 807 2014-09-09 09:41:32Z des $

#ifdef HAVE_CONFIG_H

@@ -63,7 +63,7 @@ openpam_dispatch(pam_handle_t *pamh,

int flags)

{

pam_chain_t *chain;

- int err, fail, r;

+ int err, fail, nsuccess, r;

int debug;

ENTER();

@@ -101,7 +101,9 @@ openpam_dispatch(pam_handle_t *pamh,

}

/* execute */

- for (err = fail = 0; chain != NULL; chain = chain->next) {

+ err = PAM_SUCCESS;

+ fail = nsuccess = 0;

+ for (; chain != NULL; chain = chain->next) {

if (chain->module->func[primitive] == NULL) {

openpam_log(PAM_LOG_ERROR, "%s: no %s()",

chain->module->path, pam_sm_func_name[primitive]);

@@ -126,7 +128,8 @@ openpam_dispatch(pam_handle_t *pamh,

if (r == PAM_IGNORE)

continue;

- if (r == PAM_SUCCESS) {

+ if (r == PAM_SUCCESS) {

+ ++nsuccess;

* For pam_setcred() and pam_chauthtok() with the

* PAM_PRELIM_CHECK flag, treat "sufficient" as

@@ -148,7 +151,7 @@ openpam_dispatch(pam_handle_t *pamh,

* fail. If a required module fails, record the

* return code from the first required module to fail.

- if (err == 0)

+ if (err == PAM_SUCCESS)

err = r;

if ((chain->flag == PAM_REQUIRED ||

chain->flag == PAM_BINDING) && !fail) {

@@ -170,6 +173,18 @@ openpam_dispatch(pam_handle_t *pamh,

if (!fail && err != PAM_NEW_AUTHTOK_REQD)

err = PAM_SUCCESS;

+ /*

+ * Require the chain to be non-empty, and at least one module

+ * in the chain to be successful, so that we don't fail open.

+ */

+ if (err == PAM_SUCCESS && nsuccess < 1) {

+ openpam_log(PAM_LOG_ERROR,

+ "all modules were unsuccessful for %s()",

+ pam_sm_func_name[primitive]);

+ err = PAM_SYSTEM_ERR;

+ }

RETURNC(err);

}

diff --git a/lib/libpam/openpam_strlset.c b/lib/libpam/openpam_strlset.c
new file mode 100644
index 000000000000..2f4c4fa7e188
--- /dev/null
+++ b/lib/libpam/openpam_strlset.c

@@ -0,0 +1,58 @@

+/*-

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ * 1. Redistributions of source code must retain the above copyright

+ * notice, this list of conditions and the following disclaimer.

+ * 2. Redistributions in binary form must reproduce the above copyright

+ * notice, this list of conditions and the following disclaimer in the

+ * documentation and/or other materials provided with the distribution.

+ * 3. The name of the author may not be used to endorse or promote

+ * products derived from this software without specific prior written

+ * permission.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+ * SUCH DAMAGE.

+ *

+ * $Id: openpam_strlset.c 807 2014-09-09 09:41:32Z des $

+ */

+#ifdef HAVE_CONFIG_H

+# include "config.h"

+#endif

+#ifndef HAVE_STRLSET

+#include <stddef.h>

+#include "openpam_strlset.h"

+/*

+ * like memset(3), but stops at the first NUL byte and NUL-terminates the

+ * result. Returns the number of bytes that were written, not including

+ * the terminating NUL.

+ */

+size_t

+openpam_strlset(char *str, int ch, size_t size)

+ size_t len;

+ for (len = 0; *str && size > 1; ++len, --size)

+ *str++ = ch;

+ *str = '\0';

+ return (++len);

+#endif

diff --git a/lib/libpam/openpam_strlset.h b/lib/libpam/openpam_strlset.h
new file mode 100644
index 000000000000..4bb0bb6404d0
--- /dev/null
+++ b/lib/libpam/openpam_strlset.h

@@ -0,0 +1,41 @@