FreeBSD Mail Archives

Date:      Wed, 1 May 2002 21:08:08 -0700 (PDT)
From:      Dag-Erling Smorgrav <des@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 10638 for review
Message-ID:  <200205020408.g42488v75279@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10638

Change 10638 by des@des.at.des.thinksec.com on 2002/05/01 21:08:02

	Fall in line with Solaris and Linux-PAM wrt use of the "other" policy:
	use it to fill the gaps in incomplete policies as well as to replace
	missing ones.
	
	Sponsored by:	DARPA, NAI Labs

Affected files ...

... //depot/projects/openpam/lib/openpam_configure.c#2 edit
... //depot/projects/openpam/lib/openpam_impl.h#14 edit
... //depot/projects/openpam/lib/openpam_load.c#13 edit
... //depot/projects/openpam/lib/pam_end.c#9 edit
... //depot/projects/openpam/lib/pam_start.c#14 edit

Differences ...

==== //depot/projects/openpam/lib/openpam_configure.c#2 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_configure.c#1 $
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#2 $
  */
 
 #include <ctype.h>
@@ -50,7 +50,7 @@
 #define MAX_OPTIONS	256
 
 static int
-openpam_read_policy_file(pam_handle_t *pamh,
+openpam_read_policy_file(pam_chain_t *policy[],
 	const char *service,
 	const char *filename,
 	int style)
@@ -186,7 +186,7 @@
 		 * Finally, add the module at the end of the
 		 * appropriate chain and bump the counter.
 		 */
-		r = openpam_add_module(pamh, chain, flag, p, optc, optv);
+		r = openpam_add_module(policy, chain, flag, p, optc, optv);
 		if (r != PAM_SUCCESS)
 			return (-r);
 		++n;
@@ -214,14 +214,8 @@
 	NULL
 };
 
-/*
- * OpenPAM internal
- *
- * Configure a service
- */
-
-int
-openpam_configure(pam_handle_t *pamh,
+static int
+openpam_load_policy(pam_chain_t *policy[],
 	const char *service)
 {
 	const char **path;
@@ -235,24 +229,62 @@
 			filename = malloc(len + strlen(service) + 1);
 			if (filename == NULL) {
 				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-				return (PAM_BUF_ERR);
+				return (-PAM_BUF_ERR);
 			}
 			strcpy(filename, *path);
 			strcat(filename, service);
-			r = openpam_read_policy_file(pamh,
+			r = openpam_read_policy_file(policy,
 			    service, filename, PAM_D_STYLE);
 			free(filename);
 		} else {
-			r = openpam_read_policy_file(pamh,
+			r = openpam_read_policy_file(policy,
 			    service, *path, PAM_CONF_STYLE);
 		}
-		if (r < 0)
-			return (-r);
-		if (r > 0)
-			return (PAM_SUCCESS);
+		if (r != 0)
+			return (r);
+	}
+
+	return (0);
+}
+
+/*
+ * OpenPAM internal
+ *
+ * Configure a service
+ */
+
+int
+openpam_configure(pam_handle_t *pamh,
+	const char *service)
+{
+	pam_chain_t *other[PAM_NUM_CHAINS];
+	int i, n, r;
+
+	/* try own configuration first */
+	r = openpam_load_policy(pamh->chains, service);
+	if (r < 0)
+		return (-r);
+	for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
+		if (pamh->chains[i] != NULL)
+			++n;
 	}
+	if (n == PAM_NUM_CHAINS)
+		return (PAM_SUCCESS);
 
-	return (PAM_SYSTEM_ERR);
+	/* fill in the blanks with "other" */
+	openpam_load_policy(other, PAM_OTHER);
+	if (r < 0)
+		return (-r);
+	for (i = n = 0; i < PAM_NUM_CHAINS; ++i) {
+		if (pamh->chains[i] == NULL) {
+			pamh->chains[i] = other[i];
+			other[i] = NULL;
+		}
+		if (pamh->chains[i] != NULL)
+			++n;
+	}
+	openpam_clear_chains(other);
+	return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR);
 }
 
 /*

==== //depot/projects/openpam/lib/openpam_impl.h#14 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#13 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#14 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -108,9 +108,9 @@
 int		openpam_configure(pam_handle_t *, const char *);
 int		openpam_dispatch(pam_handle_t *, int, int);
 int		openpam_findenv(pam_handle_t *, const char *, size_t);
-int		openpam_add_module(pam_handle_t *, int, int,
+int		openpam_add_module(pam_chain_t **, int, int,
 				   const char *, int, const char **);
-void		openpam_clear_chains(pam_handle_t *);
+void		openpam_clear_chains(pam_chain_t **);
 
 #ifdef OPENPAM_STATIC_MODULES
 pam_module_t   *openpam_static(const char *);

==== //depot/projects/openpam/lib/openpam_load.c#13 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_load.c#12 $
+ * $P4: //depot/projects/openpam/lib/openpam_load.c#13 $
  */
 
 #include <dlfcn.h>
@@ -156,7 +156,7 @@
  */
 
 int
-openpam_add_module(pam_handle_t *pamh,
+openpam_add_module(pam_chain_t *policy[],
 	int chain,
 	int flag,
 	const char *modpath,
@@ -178,12 +178,12 @@
 		openpam_destroy_chain(new);
 		return (PAM_OPEN_ERR);
 	}
-	if ((iterator = pamh->chains[chain]) != NULL) {
+	if ((iterator = policy[chain]) != NULL) {
 		while (iterator->next != NULL)
 			iterator = iterator->next;
 		iterator->next = new;
 	} else {
-		pamh->chains[chain] = new;
+		policy[chain] = new;
 	}
 	return (PAM_SUCCESS);
 
@@ -199,12 +199,12 @@
  */
 
 void
-openpam_clear_chains(pam_handle_t *pamh)
+openpam_clear_chains(pam_chain_t *policy[])
 {
 	int i;
 
 	for (i = 0; i < PAM_NUM_CHAINS; ++i)
-		openpam_destroy_chain(pamh->chains[i]);
+		openpam_destroy_chain(policy[i]);
 }
 
 /*

==== //depot/projects/openpam/lib/pam_end.c#9 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_end.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_end.c#9 $
  */
 
 #include <stdlib.h>
@@ -72,7 +72,7 @@
 	free(pamh->env);
 
 	/* clear chains */
-	openpam_clear_chains(pamh);
+	openpam_clear_chains(pamh->chains);
 
 	/* clear items */
 	for (i = 0; i < PAM_NUM_ITEMS; ++i)

==== //depot/projects/openpam/lib/pam_start.c#14 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_start.c#13 $
+ * $P4: //depot/projects/openpam/lib/pam_start.c#14 $
  */
 
 #include <stdlib.h>
@@ -66,8 +66,6 @@
 		goto fail;
 
 	r = openpam_configure(ph, service);
-	if (r != PAM_SUCCESS && r != PAM_BUF_ERR)
-		r = openpam_configure(ph, PAM_OTHER);
 	if (r != PAM_SUCCESS)
 		goto fail;
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205020408.g42488v75279>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation