Changeset 25 in openpam

Timestamp:

02/04/02 15:00:16 (11 years ago)

Author:

des

Message:

Store options, and pass them to modules.

Replace the "dispatching" flag with a pam_chain_t pointer. It is set
to point at the currently executing module right before calling the
module, and cleared right after the module returns. Note that this
isn't intended to prevent reentrancy in multi-threaded applications,
but simply to prevent modules from using the application interface.

When recursion is detected, return PAM_ABORT rather than
PAM_SYSTEM_ERR, since this is a programmatical error rather than
a runtime one.

Sponsored by: DARPA, NAI Labs

Location:

trunk/lib

Files:

• openpam_dispatch.c (modified) (4 diffs)
• openpam_impl.h (modified) (4 diffs)
• openpam_load.c (modified) (6 diffs)
• pam_start.c (modified) (4 diffs)

trunk/lib/openpam_dispatch.c

@@ -63 +63 @@
 
         /* prevent recursion */
-        if (pamh->dispatching) {
+        if (pamh->current != NULL) {
                 openpam_log(PAM_LOG_ERROR, "indirect recursion");
-                return (PAM_SYSTEM_ERR);
-        }
-        pamh->dispatching = 1;
+                return (PAM_ABORT);
+        }
 
         /* pick a chain */
@@ -86 +85 @@
                 break;
         default:
-                pamh->dispatching = 0;
                 return (PAM_SYSTEM_ERR);
         }
@@ -99 +97 @@
                         openpam_log(PAM_LOG_ERROR, "%s: no %s()",
                             module->modpath, _pam_sm_func_name[primitive]);
-                        pamh->dispatching = 0;
                         r = PAM_SYMBOL_ERR;
                 } else {
-                        r = (module->primitive[primitive])(pamh, flags);
+                        pamh->current = module;
+                        r = (module->primitive[primitive])(pamh, flags,
+                            module->optc, (const char **)module->optv);
+                        pamh->current = NULL;
                         openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
                             module->modpath, _pam_sm_func_name[primitive],
@@ -148 +148 @@
         }
 
-        pamh->dispatching = 0;
         return (fail ? err : PAM_SUCCESS);
 }

trunk/lib/openpam_impl.h

@@ -68 +68 @@
 extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
 
-typedef int (*pam_func_t)(pam_handle_t *, int);
+typedef int (*pam_func_t)(pam_handle_t *, int, int, const char **);
 
 typedef struct pam_chain pam_chain_t;
@@ -74 +74 @@
         int              flag;
         char            *modpath;
-        /* XXX options */
+        int              optc;
+        char           **optv;
         pam_chain_t     *next;
         void            *dlh;
@@ -92 +93 @@
 struct pam_handle {
         char            *service;
-        int              dispatching;
 
         /* chains */
         pam_chain_t     *chains[PAM_NUM_CHAINS];
+        pam_chain_t     *current;
 
         /* items and data */
@@ -112 +113 @@
 int             openpam_findenv(pam_handle_t *, const char *, size_t);
 int             openpam_add_module(pam_handle_t *, int, int,
-                                   const char *, const char *);
+                                   const char *, int, const char **);
 void            openpam_clear_chains(pam_handle_t *);
 

trunk/lib/openpam_load.c

@@ -52 +52 @@
 };
 
+static void
+openpam_destroy_module(pam_chain_t *module)
+{
+        if (module->dlh != NULL)
+                dlclose(module->dlh);
+        while (module->optc--)
+                free(module->optv[module->optc]);
+        free(module->optv);
+        free(module->modpath);
+        free(module);
+}
+
 int
 openpam_add_module(pam_handle_t *pamh,
@@ -57 +69 @@
         int flag,
         const char *modpath,
-        const char *options /* XXX */ __unused)
+        int optc,
+        const char *optv[])
 {
         pam_chain_t *module, *iterator;
@@ -63 +76 @@
 
         /* fill in configuration data */
-        if ((module = malloc(sizeof(*module))) == NULL) {
-                openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-                return (PAM_BUF_ERR);
-        }
-        if ((module->modpath = strdup(modpath)) == NULL) {
-                openpam_log(PAM_LOG_ERROR, "strdup(): %m");
-                free(module);
-                return (PAM_BUF_ERR);
-        }
+        if ((module = calloc(1, sizeof(*module))) == NULL)
+                goto buf_err;
+        if ((module->modpath = strdup(modpath)) == NULL)
+                goto buf_err;
+        if ((module->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
+                goto buf_err;
+        while (optc--)
+                if ((module->optv[module->optc++] = strdup(*optv++)) == NULL)
+                        goto buf_err;
+        module->optv[module->optc] = NULL;
         module->flag = flag;
         module->next = NULL;
@@ -88 +102 @@
         if ((module->dlh = dlopen(modpath, RTLD_NOW)) == NULL) {
                 openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
-                free(module->modpath);
-                free(module);
+                openpam_destroy_module(module);
                 return (PAM_OPEN_ERR);
         }
@@ -104 +117 @@
         }
         return (PAM_SUCCESS);
+
+ buf_err:
+        openpam_log(PAM_LOG_ERROR, "%m");
+        openpam_destroy_module(module);
+        return (PAM_BUF_ERR);
 }
 
@@ -120 +138 @@
                         module = pamh->chains[i];
                         pamh->chains[i] = module->next;
-                        /* XXX free options */
-                        dlclose(module->dlh);
-                        free(module->modpath);
-                        free(module);
+                        openpam_destroy_module(module);
                 }
         }

trunk/lib/pam_start.c

@@ -90 +90 @@
 #define PAM_D_STYLE     1
 #define MAX_LINE_LEN    1024
+#define MAX_OPTIONS     256
 
 static int
@@ -98 +99 @@
 {
         char buf[MAX_LINE_LEN], *p, *q;
-        int ch, chain, flag, line, n, r;
+        const char *optv[MAX_OPTIONS + 1];
+        int ch, chain, flag, line, optc, n, r;
         size_t len;
         FILE *f;
@@ -207 +209 @@
 
                 /* get options */
-                if (*q != '\0') {
-                        *q++ = 0;
+                for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
+                        *q++ = '\0';
                         while (isspace(*q))
                                 ++q;
+                        optv[optc] = q;
+                        while (*q != '\0' && !isspace(*q))
+                                ++q;
+                }
+                optv[optc] = NULL;
+                if (*q != '\0') {
+                        *q = '\0';
+                        openpam_log(PAM_LOG_ERROR,
+                            "%s: too many options on line %d",
+                            filename, line);
                 }
 
@@ -217 +229 @@
                  * appropriate chain and bump the counter.
                  */
-                if ((r = openpam_add_module(pamh, chain, flag, p, q)) !=
-                    PAM_SUCCESS)
+                r = openpam_add_module(pamh, chain, flag, p, optc, optv);
+                if (r != PAM_SUCCESS)
                         return (-r);
                 ++n;