Changeset 20 in openpam


Ignore:
Timestamp:
Feb 2, 2002, 6:22:20 PM (14 years ago)
Author:
des
Message:

Add a flag to struct pam_handle that openpam_dispatch() uses to
detect and prevent indirect recursion.
Fail immediately if the requested chain is empty.
If a module couldn't be loaded, or doesn't provide the requested
service, treat it as a normal failure instead of terminating the
chain. (Solaris actually ignores this condition!)

Sponsored by: DARPA, NAI Labs

Location:
trunk/lib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_dispatch.c

    r16 r20  
    6262                return (PAM_SYSTEM_ERR);
    6363
     64        /* prevent recursion */
     65        if (pamh->dispatching) {
     66                openpam_log(PAM_LOG_ERROR, "indirect recursion");
     67                return (PAM_SYSTEM_ERR);
     68        }
     69        pamh->dispatching = 1;
     70
     71        /* pick a chain */
    6472        switch (primitive) {
    6573        case PAM_AUTHENTICATE:
     
    7886                break;
    7987        default:
    80                 return (PAM_SYSTEM_ERR);
    81         }
    82 
     88                pamh->dispatching = 0;
     89                return (PAM_SYSTEM_ERR);
     90        }
     91
     92        /* fail if the chain is empty */
     93        if (module == NULL)
     94                return (PAM_SYSTEM_ERR);
     95
     96        /* execute */
    8397        for (err = fail = 0; module != NULL; module = module->next) {
    8498                if (module->primitive[primitive] == NULL) {
    8599                        openpam_log(PAM_LOG_ERROR, "%s: no %s()",
    86100                            module->modpath, _pam_sm_func_name[primitive]);
    87                         return (PAM_SYMBOL_ERR);
    88                 }
    89                 r = (module->primitive[primitive])(pamh, flags);
    90                 openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
    91                     module->modpath, _pam_sm_func_name[primitive],
    92                     pam_strerror(pamh, r));
     101                        pamh->dispatching = 0;
     102                        r = PAM_SYMBOL_ERR;
     103                } else {
     104                        r = (module->primitive[primitive])(pamh, flags);
     105                        openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
     106                            module->modpath, _pam_sm_func_name[primitive],
     107                            pam_strerror(pamh, r));
     108                }
    93109
    94110                if (r == PAM_IGNORE)
     
    132148        }
    133149
    134         if (fail)
    135                 return (err);
    136         return (PAM_SUCCESS);
     150        pamh->dispatching = 0;
     151        return (fail ? err : PAM_SUCCESS);
    137152}
    138153
  • trunk/lib/openpam_impl.h

    r16 r20  
    9292struct pam_handle {
    9393        char            *service;
     94        int              dispatching;
    9495
    9596        /* chains */
Note: See TracChangeset for help on using the changeset viewer.