source: openpam/trunk/lib/openpam_dynamic.c @ 525

Last change on this file since 525 was 525, checked in by Dag-Erling Smørgrav, 9 years ago

Improve error messages by logging the full path of the module we tried
to load rather than just the module name.

  • Property svn:keywords set to Id
File size: 4.7 KB
Line 
1/*-
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 *    products derived from this software without specific prior written
21 *    permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: openpam_dynamic.c 525 2012-01-11 00:45:09Z des $
36 */
37
38#ifdef HAVE_CONFIG_H
39# include "config.h"
40#endif
41
42#include <dlfcn.h>
43#include <fcntl.h>
44#include <errno.h>
45#include <stdio.h>
46#include <stdlib.h>
47#include <string.h>
48#include <unistd.h>
49
50#include <security/pam_appl.h>
51
52#include "openpam_impl.h"
53
54#ifndef RTLD_NOW
55#define RTLD_NOW RTLD_LAZY
56#endif
57
58/*
59 * OpenPAM internal
60 *
61 * Perform sanity checks and attempt to load a module
62 */
63
64#ifdef HAVE_FDLOPEN
65static void *
66try_dlopen(const char *modfn)
67{
68        void *dlh;
69        int fd;
70
71        if ((fd = open(modfn, O_RDONLY)) < 0)
72                return (NULL);
73        if (openpam_check_desc_owner_perms(modfn, fd) != 0) {
74                close(fd);
75                return (NULL);
76        }
77        if ((dlh = fdlopen(fd, RTLD_NOW)) == NULL) {
78                openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
79                close(fd);
80                errno = 0;
81                return (NULL);
82        }
83        close(fd);
84        return (dlh);
85}
86#else
87static void *
88try_dlopen(const char *modfn)
89{
90        void *dlh;
91
92        if (openpam_check_path_owner_perms(modfn) != 0)
93                return (NULL);
94        if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
95                openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
96                errno = 0;
97                return (NULL);
98        }
99        return (dlh);
100}
101#endif
102
103/*
104 * OpenPAM internal
105 *
106 * Locate a dynamically linked module
107 */
108
109pam_module_t *
110openpam_dynamic(const char *path)
111{
112        const pam_module_t *dlmodule;
113        pam_module_t *module;
114        const char *prefix;
115        char *vpath;
116        void *dlh;
117        int i, serrno;
118
119        dlh = NULL;
120
121        /* Prepend the standard prefix if not an absolute pathname. */
122        if (path[0] != '/')
123                prefix = OPENPAM_MODULES_DIR;
124        else
125                prefix = "";
126
127        /* try versioned module first, then unversioned module */
128        if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
129                goto err;
130        if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) {
131                *strrchr(vpath, '.') = '\0';
132                dlh = try_dlopen(vpath);
133        }
134        if (dlh == NULL)
135                goto err;
136        if ((module = calloc(1, sizeof *module)) == NULL)
137                goto buf_err;
138        if ((module->path = strdup(path)) == NULL)
139                goto buf_err;
140        module->dlh = dlh;
141        dlmodule = dlsym(dlh, "_pam_module");
142        for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
143                if (dlmodule) {
144                        module->func[i] = dlmodule->func[i];
145                } else {
146                        module->func[i] =
147                            (pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
148                        /*
149                         * This openpam_log() call is a major source of
150                         * log spam, and the cases that matter are caught
151                         * and logged in openpam_dispatch().  This would
152                         * be less problematic if dlerror() returned an
153                         * error code so we could log an error only when
154                         * dlsym() failed for a reason other than "no such
155                         * symbol".
156                         */
157#if 0
158                        if (module->func[i] == NULL)
159                                openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
160                                    path, pam_sm_func_name[i], dlerror());
161#endif
162                }
163        }
164        FREE(vpath);
165        return (module);
166buf_err:
167        serrno = errno;
168        if (dlh != NULL)
169                dlclose(dlh);
170        FREE(module);
171        errno = serrno;
172err:
173        serrno = errno;
174        if (errno != 0)
175                openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);
176        FREE(vpath);
177        errno = serrno;
178        return (NULL);
179}
180
181/*
182 * NOPARSE
183 */
Note: See TracBrowser for help on using the repository browser.