source: openpam/trunk/lib/openpam_load.c @ 184

Last change on this file since 184 was 184, checked in by Dag-Erling Smørgrav, 18 years ago

Add an array containing the API names for the PAM primitives.

File size: 5.5 KB
Line 
1/*-
2 * Copyright (c) 2002 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 *    products derived from this software without specific prior written
20 *    permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $P4: //depot/projects/openpam/lib/openpam_load.c#15 $
35 */
36
37#include <dlfcn.h>
38#include <stdlib.h>
39#include <string.h>
40
41#include <security/pam_appl.h>
42
43#include "openpam_impl.h"
44
45const char *_pam_func_name[PAM_NUM_PRIMITIVES] = {
46        "pam_authenticate",
47        "pam_setcred",
48        "pam_acct_mgmt",
49        "pam_open_session",
50        "pam_close_session",
51        "pam_chauthtok"
52};
53
54const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
55        "pam_sm_authenticate",
56        "pam_sm_setcred",
57        "pam_sm_acct_mgmt",
58        "pam_sm_open_session",
59        "pam_sm_close_session",
60        "pam_sm_chauthtok"
61};
62
63static pam_module_t *modules;
64
65/*
66 * Locate a matching dynamic or static module.  Keep a list of previously
67 * found modules to speed up the process.
68 */
69
70static pam_module_t *
71openpam_load_module(const char *path)
72{
73        pam_module_t *module;
74
75        /* check cache first */
76        for (module = modules; module != NULL; module = module->next)
77                if (strcmp(module->path, path) == 0)
78                        goto found;
79
80        /* nope; try to load */
81        module = openpam_dynamic(path);
82        openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
83            (module == NULL) ? "no" : "using", path);
84
85#ifdef OPENPAM_STATIC_MODULES
86        /* look for a static module */
87        if (module == NULL && strchr(path, '/') == NULL) {
88                module = openpam_static(path);
89                openpam_log(PAM_LOG_DEBUG, "%s static %s",
90                    (module == NULL) ? "no" : "using", path);
91        }
92#endif
93        if (module == NULL) {
94                openpam_log(PAM_LOG_ERROR, "no %s found", path);
95                return (NULL);
96        }
97        openpam_log(PAM_LOG_DEBUG, "adding %s to cache", module->path);
98        module->next = modules;
99        if (module->next != NULL)
100                module->next->prev = module;
101        module->prev = NULL;
102        modules = module;
103 found:
104        ++module->refcount;
105        return (module);
106}
107
108
109/*
110 * Release a module.
111 * XXX highly thread-unsafe
112 */
113
114static void
115openpam_release_module(pam_module_t *module)
116{
117        if (module == NULL)
118                return;
119        --module->refcount;
120        if (module->refcount > 0)
121                /* still in use */
122                return;
123        if (module->refcount < 0) {
124                openpam_log(PAM_LOG_ERROR, "module %s has negative refcount",
125                    module->path);
126                module->refcount = 0;
127        }
128        if (module->dlh == NULL)
129                /* static module */
130                return;
131        dlclose(module->dlh);
132        if (module->prev != NULL)
133                module->prev->next = module->next;
134        if (module->next != NULL)
135                module->next->prev = module->prev;
136        if (module == modules)
137                modules = module->next;
138        openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path);
139        free(module->path);
140        free(module);
141}
142
143
144/*
145 * Destroy a chain, freeing all its links and releasing the modules
146 * they point to.
147 */
148
149static void
150openpam_destroy_chain(pam_chain_t *chain)
151{
152        if (chain == NULL)
153                return;
154        openpam_destroy_chain(chain->next);
155        chain->next = NULL;
156        while (chain->optc--)
157                free(chain->optv[chain->optc]);
158        free(chain->optv);
159        openpam_release_module(chain->module);
160        free(chain);
161}
162
163/*
164 * Add a module to a chain.
165 */
166
167int
168openpam_add_module(pam_chain_t *policy[],
169        int chain,
170        int flag,
171        const char *modpath,
172        int optc,
173        const char *optv[])
174{
175        pam_chain_t *new, *iterator;
176
177        if ((new = calloc(1, sizeof *new)) == NULL)
178                goto buf_err;
179        if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
180                goto buf_err;
181        while (optc--)
182                if ((new->optv[new->optc++] = strdup(*optv++)) == NULL)
183                        goto buf_err;
184        new->optv[new->optc] = NULL;
185        new->flag = flag;
186        if ((new->module = openpam_load_module(modpath)) == NULL) {
187                openpam_destroy_chain(new);
188                return (PAM_OPEN_ERR);
189        }
190        if ((iterator = policy[chain]) != NULL) {
191                while (iterator->next != NULL)
192                        iterator = iterator->next;
193                iterator->next = new;
194        } else {
195                policy[chain] = new;
196        }
197        return (PAM_SUCCESS);
198
199 buf_err:
200        openpam_log(PAM_LOG_ERROR, "%m");
201        openpam_destroy_chain(new);
202        return (PAM_BUF_ERR);
203}
204
205
206/*
207 * Clear the chains and release the modules
208 */
209
210void
211openpam_clear_chains(pam_chain_t *policy[])
212{
213        int i;
214
215        for (i = 0; i < PAM_NUM_CHAINS; ++i)
216                openpam_destroy_chain(policy[i]);
217}
218
219/*
220 * NOPARSE
221 */
Note: See TracBrowser for help on using the repository browser.