Date: Sun, 30 Jun 2002 13:42:17 -0700 (PDT) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 13657 for review Message-ID: <200206302042.g5UKgHaO030960@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=13657 Change 13657 by des@des.at.des.thinksec.com on 2002/06/30 13:41:59 Implement the "binding" control flag (from Solaris 9) Sponsored by: DARPA, NAI Labs Affected files ... .. //depot/projects/openpam/include/security/pam_constants.h#16 edit .. //depot/projects/openpam/lib/openpam_configure.c#5 edit .. //depot/projects/openpam/lib/openpam_dispatch.c#17 edit .. //depot/projects/openpam/lib/openpam_impl.h#16 edit Differences ... ==== //depot/projects/openpam/include/security/pam_constants.h#16 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_constants.h#15 $ + * $P4: //depot/projects/openpam/include/security/pam_constants.h#16 $ */ #ifndef _PAM_CONSTANTS_H_INCLUDED ==== //depot/projects/openpam/lib/openpam_configure.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_configure.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $ */ #include <ctype.h> @@ -150,6 +150,8 @@ flag = PAM_SUFFICIENT; } else if (strcmp(p, "optional") == 0) { flag = PAM_OPTIONAL; + } else if (strcmp(p, "binding") == 0) { + flag = PAM_BINDING; } else { openpam_log(PAM_LOG_ERROR, "%s: invalid control flag on line %d: '%s'", ==== //depot/projects/openpam/lib/openpam_dispatch.c#17 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#16 $ + * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $ */ #include <sys/param.h> @@ -109,13 +109,14 @@ if (r == PAM_IGNORE) continue; - if (r == PAM_SUCCESS || r == PAM_NEW_AUTHTOK_REQD) { + if (r == PAM_SUCCESS) { /* * For pam_setcred() and pam_chauthtok() with the * PAM_PRELIM_CHECK flag, treat "sufficient" as * "optional". */ - if (chain->flag == PAM_SUFFICIENT && !fail && + if ((chain->flag == PAM_SUFFICIENT || + chain->flag == PAM_BINDING) && !fail && primitive != PAM_SM_SETCRED && !(primitive == PAM_SM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK))) @@ -132,7 +133,8 @@ */ if (err == 0) err = r; - if (chain->flag == PAM_REQUIRED && !fail) { + if ((chain->flag == PAM_REQUIRED || + chain->flag == PAM_BINDING) && !fail) { openpam_log(PAM_LOG_DEBUG, "required module failed"); fail = 1; err = r; ==== //depot/projects/openpam/lib/openpam_impl.h#16 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_impl.h#15 $ + * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $ */ #ifndef _OPENPAM_IMPL_H_INCLUDED @@ -48,7 +48,8 @@ #define PAM_REQUISITE 2 #define PAM_SUFFICIENT 3 #define PAM_OPTIONAL 4 -#define PAM_NUM_CONTROLFLAGS 5 +#define PAM_BINDING 5 +#define PAM_NUM_CONTROLFLAGS 6 /* * Chains To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206302042.g5UKgHaO030960>