Changeset 112 in openpam
- Timestamp:
- Apr 12, 2002, 8:27:47 PM (19 years ago)
- Location:
- trunk/lib
- Files:
-
- 1 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Makefile
r106 r112 32 32 # SUCH DAMAGE. 33 33 # 34 # $P4: //depot/projects/openpam/lib/Makefile#1 3$34 # $P4: //depot/projects/openpam/lib/Makefile#14 $ 35 35 # 36 36 … … 46 46 SRCS = 47 47 SRCS += openpam_borrow_cred.c 48 SRCS += openpam_configure.c 48 49 SRCS += openpam_dispatch.c 49 50 SRCS += openpam_dynamic.c -
trunk/lib/openpam_impl.h
r106 r112 32 32 * SUCH DAMAGE. 33 33 * 34 * $P4: //depot/projects/openpam/lib/openpam_impl.h#1 2$34 * $P4: //depot/projects/openpam/lib/openpam_impl.h#13 $ 35 35 */ 36 36 … … 106 106 #define PAM_OTHER "other" 107 107 108 int openpam_configure(pam_handle_t *, const char *); 108 109 int openpam_dispatch(pam_handle_t *, int, int); 109 110 int openpam_findenv(pam_handle_t *, const char *, size_t); -
trunk/lib/pam_start.c
r93 r112 32 32 * SUCH DAMAGE. 33 33 * 34 * $P4: //depot/projects/openpam/lib/pam_start.c#1 2$34 * $P4: //depot/projects/openpam/lib/pam_start.c#13 $ 35 35 */ 36 36 37 #include <ctype.h>38 #include <errno.h>39 #include <stdio.h>40 37 #include <stdlib.h> 41 #include <string.h>42 38 43 39 #include <security/pam_appl.h> 44 40 45 41 #include "openpam_impl.h" 46 47 static int _pam_configure_service(pam_handle_t *pamh, const char *service);48 42 49 43 /* … … 72 66 goto fail; 73 67 74 if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS &&75 76 r = _pam_configure_service(ph, PAM_OTHER);68 r = openpam_configure(ph, service); 69 if (r != PAM_SUCCESS && r != PAM_BUF_ERR) 70 r = openpam_configure(ph, PAM_OTHER); 77 71 if (r != PAM_SUCCESS) 78 72 goto fail; … … 87 81 } 88 82 89 #define PAM_CONF_STYLE 090 #define PAM_D_STYLE 191 #define MAX_LINE_LEN 102492 #define MAX_OPTIONS 25693 94 static int95 _pam_read_policy_file(pam_handle_t *pamh,96 const char *service,97 const char *filename,98 int style)99 {100 char buf[MAX_LINE_LEN], *p, *q;101 const char *optv[MAX_OPTIONS + 1];102 int ch, chain, flag, line, optc, n, r;103 size_t len;104 FILE *f;105 106 n = 0;107 108 if ((f = fopen(filename, "r")) == NULL) {109 openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,110 "%s: %m", filename);111 return (0);112 }113 openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",114 service, filename);115 116 for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {117 if ((len = strlen(buf)) == 0)118 continue;119 120 /* check for overflow */121 if (buf[--len] != '\n' && !feof(f)) {122 openpam_log(PAM_LOG_ERROR, "%s: line %d too long",123 filename, line);124 openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",125 filename, line);126 while ((ch = fgetc(f)) != EOF)127 if (ch == '\n')128 break;129 continue;130 }131 132 /* strip comments and trailing whitespace */133 if ((p = strchr(buf, '#')) != NULL)134 len = p - buf ? p - buf - 1 : p - buf;135 while (len > 0 && isspace(buf[len - 1]))136 --len;137 if (len == 0)138 continue;139 buf[len] = '\0';140 p = q = buf;141 142 /* check service name */143 if (style == PAM_CONF_STYLE) {144 for (q = p = buf; *q != '\0' && !isspace(*q); ++q)145 /* nothing */;146 if (*q == '\0')147 goto syntax_error;148 *q++ = '\0';149 if (strcmp(p, service) != 0)150 continue;151 openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",152 filename, line, service);153 }154 155 156 /* get module type */157 for (p = q; isspace(*p); ++p)158 /* nothing */;159 for (q = p; *q != '\0' && !isspace(*q); ++q)160 /* nothing */;161 if (q == p || *q == '\0')162 goto syntax_error;163 *q++ = '\0';164 if (strcmp(p, "auth") == 0) {165 chain = PAM_AUTH;166 } else if (strcmp(p, "account") == 0) {167 chain = PAM_ACCOUNT;168 } else if (strcmp(p, "session") == 0) {169 chain = PAM_SESSION;170 } else if (strcmp(p, "password") == 0) {171 chain = PAM_PASSWORD;172 } else {173 openpam_log(PAM_LOG_ERROR,174 "%s: invalid module type on line %d: '%s'",175 filename, line, p);176 continue;177 }178 179 /* get control flag */180 for (p = q; isspace(*p); ++p)181 /* nothing */;182 for (q = p; *q != '\0' && !isspace(*q); ++q)183 /* nothing */;184 if (q == p || *q == '\0')185 goto syntax_error;186 *q++ = '\0';187 if (strcmp(p, "required") == 0) {188 flag = PAM_REQUIRED;189 } else if (strcmp(p, "requisite") == 0) {190 flag = PAM_REQUISITE;191 } else if (strcmp(p, "sufficient") == 0) {192 flag = PAM_SUFFICIENT;193 } else if (strcmp(p, "optional") == 0) {194 flag = PAM_OPTIONAL;195 } else {196 openpam_log(PAM_LOG_ERROR,197 "%s: invalid control flag on line %d: '%s'",198 filename, line, p);199 continue;200 }201 202 /* get module name */203 for (p = q; isspace(*p); ++p)204 /* nothing */;205 for (q = p; *q != '\0' && !isspace(*q); ++q)206 /* nothing */;207 if (q == p)208 goto syntax_error;209 210 /* get options */211 for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {212 *q++ = '\0';213 while (isspace(*q))214 ++q;215 optv[optc] = q;216 while (*q != '\0' && !isspace(*q))217 ++q;218 }219 optv[optc] = NULL;220 if (*q != '\0') {221 *q = '\0';222 openpam_log(PAM_LOG_ERROR,223 "%s: too many options on line %d",224 filename, line);225 }226 227 /*228 * Finally, add the module at the end of the229 * appropriate chain and bump the counter.230 */231 r = openpam_add_module(pamh, chain, flag, p, optc, optv);232 if (r != PAM_SUCCESS)233 return (-r);234 ++n;235 continue;236 syntax_error:237 openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",238 filename, line);239 openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",240 filename, line, q);241 openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",242 filename, line);243 }244 245 if (ferror(f))246 openpam_log(PAM_LOG_ERROR, "%s: %m", filename);247 248 fclose(f);249 return (n);250 }251 252 static const char *_pam_policy_path[] = {253 "/etc/pam.d/",254 "/etc/pam.conf",255 "/usr/local/etc/pam.d/",256 NULL257 };258 259 static int260 _pam_configure_service(pam_handle_t *pamh,261 const char *service)262 {263 const char **path;264 char *filename;265 size_t len;266 int r;267 268 for (path = _pam_policy_path; *path != NULL; ++path) {269 len = strlen(*path);270 if ((*path)[len - 1] == '/') {271 filename = malloc(len + strlen(service) + 1);272 if (filename == NULL) {273 openpam_log(PAM_LOG_ERROR, "malloc(): %m");274 return (PAM_BUF_ERR);275 }276 strcpy(filename, *path);277 strcat(filename, service);278 r = _pam_read_policy_file(pamh,279 service, filename, PAM_D_STYLE);280 free(filename);281 } else {282 r = _pam_read_policy_file(pamh,283 service, *path, PAM_CONF_STYLE);284 }285 if (r < 0)286 return (-r);287 if (r > 0)288 return (PAM_SUCCESS);289 }290 291 return (PAM_SYSTEM_ERR);292 }293 294 83 /* 295 84 * Error codes: 296 85 * 86 * =openpam_configure 297 87 * =pam_set_item 298 88 * !PAM_SYMBOL_ERR 299 * PAM_SYSTEM_ERR300 89 * PAM_BUF_ERR 301 90 */
Note: See TracChangeset
for help on using the changeset viewer.