Changeset 16 in openpam for trunk

Timestamp:

Feb 1, 2002, 10:20:07 PM (19 years ago)

Author:

Dag-Erling Smørgrav

Message:

Whitespace cleanup + keyword expansion sweep.

Sponsored by: DARPA, NAI Labs

Location:

trunk

Files:

• LICENSE (modified) (1 prop)
• Makefile (modified) (1 prop)
• bin/Makefile (modified) (1 prop)
• bin/su/Makefile (modified) (1 prop)
• bin/su/su.c (modified) (4 diffs, 1 prop)
• doc/xsso_errata.txt (modified) (4 diffs, 1 prop)
• include/security/openpam.h (modified) (1 prop)
• include/security/pam_appl.h (modified) (1 diff, 1 prop)
• include/security/pam_constants.h (modified) (1 prop)
• include/security/pam_modules.h (modified) (1 prop)
• include/security/pam_types.h (modified) (1 prop)
• lib/Makefile (modified) (1 prop)
• lib/openpam_dispatch.c (modified) (3 diffs, 1 prop)
• lib/openpam_findenv.c (modified) (1 diff, 1 prop)
• lib/openpam_impl.h (modified) (2 diffs, 1 prop)
• lib/openpam_log.c (modified) (1 prop)
• lib/openpam_ttyconv.c (modified) (2 diffs, 1 prop)
• lib/pam_acct_mgmt.c (modified) (1 prop)
• lib/pam_authenticate.c (modified) (1 prop)
• lib/pam_authenticate_secondary.c (modified) (1 prop)
• lib/pam_chauthtok.c (modified) (1 prop)
• lib/pam_close_session.c (modified) (1 prop)
• lib/pam_end.c (modified) (1 diff, 1 prop)
• lib/pam_error.c (modified) (1 prop)
• lib/pam_get_authtok.c (modified) (1 diff, 1 prop)
• lib/pam_get_data.c (modified) (2 diffs, 1 prop)
• lib/pam_get_item.c (modified) (1 diff, 1 prop)
• lib/pam_get_mapped_authtok.c (modified) (1 prop)
• lib/pam_get_mapped_username.c (modified) (1 prop)
• lib/pam_get_user.c (modified) (1 diff, 1 prop)
• lib/pam_getenv.c (modified) (1 diff, 1 prop)
• lib/pam_getenvlist.c (modified) (1 prop)
• lib/pam_info.c (modified) (1 prop)
• lib/pam_open_session.c (modified) (1 prop)
• lib/pam_prompt.c (modified) (1 diff, 1 prop)
• lib/pam_putenv.c (modified) (1 diff, 1 prop)
• lib/pam_set_data.c (modified) (2 diffs, 1 prop)
• lib/pam_set_item.c (modified) (1 diff, 1 prop)
• lib/pam_set_mapped_authtok.c (modified) (1 prop)
• lib/pam_set_mapped_username.c (modified) (1 prop)
• lib/pam_setcred.c (modified) (1 prop)
• lib/pam_setenv.c (modified) (1 prop)
• lib/pam_start.c (modified) (13 diffs, 1 prop)
• lib/pam_strerror.c (modified) (1 diff, 1 prop)
• modules/Makefile (modified) (1 prop)
• modules/pam_deny/Makefile (modified) (1 prop)
• modules/pam_deny/pam_deny.c (modified) (3 diffs, 1 prop)
• modules/pam_permit/Makefile (modified) (1 prop)
• modules/pam_permit/pam_permit.c (modified) (3 diffs, 1 prop)

trunk/bin/su/su.c

@@ -53 +53 @@
 usage(void)
 {
-        fprintf(stderr, "Usage: su [login [args]]\n");
-        exit(1);
+
+        fprintf(stderr, "Usage: su [login [args]]\n");
+        exit(1);
 }
 
@@ -60 +61 @@
 check(const char *func, int pam_err)
 {
-        if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
-                return pam_err;
-        openlog("su", LOG_CONS, LOG_AUTH);
-        syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
-        errx(1, "Sorry.");
+
+        if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
+                return pam_err;
+        openlog("su", LOG_CONS, LOG_AUTH);
+        syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
+        errx(1, "Sorry.");
 }
 
@@ -70 +72 @@
 main(int argc, char *argv[])
 {
-        char hostname[MAXHOSTNAMELEN];
-        const char *user, *tty;
+        char hostname[MAXHOSTNAMELEN];
+        const char *user, *tty;
         struct passwd *pwd;
-        int o, status;
-        pid_t pid;
+        int o, status;
+        pid_t pid;
 
-        while ((o = getopt(argc, argv, "h")) != -1)
-                switch (o) {
-                case 'h':
-                default:
-                        usage();
-                }
+        while ((o = getopt(argc, argv, "h")) != -1)
+                switch (o) {
+                case 'h':
+                default:
+                        usage();
+                }
 
-        argc -= optind;
-        argv += optind;
+        argc -= optind;
+        argv += optind;
 
-        /* initialize PAM */
-        pamc.conv = &openpam_ttyconv;
+        /* initialize PAM */
+        pamc.conv = &openpam_ttyconv;
         pam_start("su", argc ? *argv : "root", &pamc, &pamh);
 
-        /* set some items */
-        gethostname(hostname, sizeof hostname);
-        check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
-        user = getlogin();
-        check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
-        tty = ttyname(STDERR_FILENO);
-        check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
+        /* set some items */
+        gethostname(hostname, sizeof hostname);
+        check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
+        user = getlogin();
+        check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
+        tty = ttyname(STDERR_FILENO);
+        check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
 
-        /* authenticate the applicant */
-        check("pam_authenticate", pam_authenticate(pamh, 0));
-        if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
-            PAM_NEW_AUTHTOK_REQD)
-                check("pam_chauthtok",
-                    pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
-        
-        /* establish the requested credentials */
-        check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
-        
-        /* authentication succeeded; open a session */
-        check("pam_open_session", pam_open_session(pamh, 0));
+        /* authenticate the applicant */
+        check("pam_authenticate", pam_authenticate(pamh, 0));
+        if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
+            PAM_NEW_AUTHTOK_REQD)
+                check("pam_chauthtok",
+                    pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
+
+        /* establish the requested credentials */
+        check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
+
+        /* authentication succeeded; open a session */
+        check("pam_open_session", pam_open_session(pamh, 0));
 
         if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
@@ -115 +117 @@
         if (setuid(pwd->pw_uid) == -1)
                 err(1, "setuid()");
-        
+
         /* XXX export environment variables */
-        
-        switch ((pid = fork())) {
-        case -1:
-                err(1, "fork()");
-        case 0:
-                /* child: start a shell */
-                *argv = pwd->pw_shell;
-                execvp(*argv, argv);
-                err(1, "execvp()");
-        default:
-                /* parent: wait for child to exit */
-                waitpid(pid, &status, 0);
-                if (WIFEXITED(status))
-                        status = WEXITSTATUS(status);
-                else
-                        status = 1;
-        }
 
-        /* close the session and release PAM resources */
-        check("pam_close_session", pam_close_session(pamh, 0));
-        check("pam_end", pam_end(pamh, 0));
+        switch ((pid = fork())) {
+        case -1:
+                err(1, "fork()");
+        case 0:
+                /* child: start a shell */
+                *argv = pwd->pw_shell;
+                execvp(*argv, argv);
+                err(1, "execvp()");
+        default:
+                /* parent: wait for child to exit */
+                waitpid(pid, &status, 0);
+                if (WIFEXITED(status))
+                        status = WEXITSTATUS(status);
+                else
+                        status = 1;
+        }
 
-        exit(status);
+        /* close the session and release PAM resources */
+        check("pam_close_session", pam_close_session(pamh, 0));
+        check("pam_end", pam_end(pamh, 0));
+
+        exit(status);
 }

trunk/doc/xsso_errata.txt

@@ -3 +3 @@
 Errata in XSSO, chapter 5:
 
-p. 25:  the first member of struct pam_response is named "resp", not
+p. 25:  the first member of struct pam_response is named "resp", not
         "response".
 
 Errata in XSSO, chapter 6:
 
-p. 32:  "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
+p. 32:  "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
         sections should be "PAM_NEW_AUTHTOK_REQD".
 
@@ -19 +19 @@
         should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
 
-p. 62:  the target_authtok_len argument to pam_set_mapped_authtok() is
+p. 62:  the target_authtok_len argument to pam_set_mapped_authtok() is
         of type size_t, not a size_t *.
 
@@ -53 +53 @@
 p. 89:  the user argument to pam_start() is of type const char *.
 
-p. 89:  the correct definition for struct pam_conv is as follows:
+p. 89:  the correct definition for struct pam_conv is as follows:
 
         struct pam_conv {
@@ -61 +61 @@
         };
 
-p. 90:  the correct definition for struct pam_response is as follows:
+p. 90:  the correct definition for struct pam_response is as follows:
 
         struct pam_response {

trunk/include/security/pam_appl.h

@@ -142 +142 @@
 int
 pam_prompt(pam_handle_t *pamh,
-        char **resp,
+        char **resp,
         int echo,
         const char *fmt,

trunk/lib/openpam_dispatch.c

@@ -58 +58 @@
         pam_chain_t *module;
         int err, fail, r;
-        
+
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);
@@ -148 +148 @@
             r == PAM_PERM_DENIED)
                 return;
-        
+
         /* specific error codes */
         switch (primitive) {
@@ -187 +187 @@
                 break;
         }
-        
+
         openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d",
             _pam_sm_func_name[primitive], r);

trunk/lib/openpam_findenv.c

@@ -51 +51 @@
 {
         int i;
-        
+
         if (pamh == NULL)
                 return (-1);

trunk/lib/openpam_impl.h

@@ -44 +44 @@
  */
 #define PAM_REQUIRED            1
-#define PAM_REQUISITE           2
+#define PAM_REQUISITE           2
 #define PAM_SUFFICIENT          3
-#define PAM_OPTIONAL            4
+#define PAM_OPTIONAL            4
 #define PAM_NUM_CONTROLFLAGS    5
 
@@ -92 +92 @@
 struct pam_handle {
         char            *service;
-        
+
         /* chains */
         pam_chain_t     *chains[PAM_NUM_CHAINS];

trunk/lib/openpam_ttyconv.c

@@ -52 +52 @@
 int
 openpam_ttyconv(int n,
-         const struct pam_message **msg,
-         struct pam_response **resp,
-         void *data)
+         const struct pam_message **msg,
+         struct pam_response **resp,
+         void *data)
 {
-        char buf[PAM_MAX_RESP_SIZE];
-        struct termios tattr;
-        tcflag_t lflag;
-        int fd, err, i;
-        size_t len;
+        char buf[PAM_MAX_RESP_SIZE];
+        struct termios tattr;
+        tcflag_t lflag;
+        int fd, err, i;
+        size_t len;
 
-        data = data;
-        if (n <= 0 || n > PAM_MAX_NUM_MSG)
-                return (PAM_CONV_ERR);
-        if ((*resp = calloc(n, sizeof **resp)) == NULL)
-                return (PAM_BUF_ERR);
-        fd = fileno(stdin);
-        for (i = 0; i < n; ++i) {
-                resp[i]->resp_retcode = 0;
-                resp[i]->resp = NULL;
-                switch (msg[i]->msg_style) {
-                case PAM_PROMPT_ECHO_OFF:
-                case PAM_PROMPT_ECHO_ON:
+        data = data;
+        if (n <= 0 || n > PAM_MAX_NUM_MSG)
+                return (PAM_CONV_ERR);
+        if ((*resp = calloc(n, sizeof **resp)) == NULL)
+                return (PAM_BUF_ERR);
+        fd = fileno(stdin);
+        for (i = 0; i < n; ++i) {
+                resp[i]->resp_retcode = 0;
+                resp[i]->resp = NULL;
+                switch (msg[i]->msg_style) {
+                case PAM_PROMPT_ECHO_OFF:
+                case PAM_PROMPT_ECHO_ON:
                         if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
                                 if (tcgetattr(fd, &tattr) != 0) {
@@ -89 +89 @@
                                         goto fail;
                                 }
-                        }
-                        fputs(msg[i]->msg, stderr);
-                        buf[0] = '\0';
-                        fgets(buf, sizeof buf, stdin);
-                        if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
-                                tattr.c_lflag = lflag;
-                                (void)tcsetattr(fd, TCSANOW, &tattr);
-                                fputs("\n", stderr);
-                        }
-                        if (ferror(stdin)) {
-                                err = PAM_CONV_ERR;
-                                goto fail;
-                        }
-                        for (len = strlen(buf); len > 0; --len)
-                                if (!isspace(buf[len - 1]))
-                                        break;
-                        buf[len] = '\0';
-                        if ((resp[i]->resp = strdup(buf)) == NULL) {
-                                err = PAM_BUF_ERR;
-                                goto fail;
-                        }
-                        break;
-                case PAM_ERROR_MSG:
-                        fputs(msg[i]->msg, stderr);
-                        break;
-                case PAM_TEXT_INFO:
-                        fputs(msg[i]->msg, stdout);
-                        break;
-                default:
-                        err = PAM_BUF_ERR;
-                        goto fail;
-                }
-        }
-        return (PAM_SUCCESS);
+                        }
+                        fputs(msg[i]->msg, stderr);
+                        buf[0] = '\0';
+                        fgets(buf, sizeof buf, stdin);
+                        if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+                                tattr.c_lflag = lflag;
+                                (void)tcsetattr(fd, TCSANOW, &tattr);
+                                fputs("\n", stderr);
+                        }
+                        if (ferror(stdin)) {
+                                err = PAM_CONV_ERR;
+                                goto fail;
+                        }
+                        for (len = strlen(buf); len > 0; --len)
+                                if (!isspace(buf[len - 1]))
+                                        break;
+                        buf[len] = '\0';
+                        if ((resp[i]->resp = strdup(buf)) == NULL) {
+                                err = PAM_BUF_ERR;
+                                goto fail;
+                        }
+                        break;
+                case PAM_ERROR_MSG:
+                        fputs(msg[i]->msg, stderr);
+                        break;
+                case PAM_TEXT_INFO:
+                        fputs(msg[i]->msg, stdout);
+                        break;
+                default:
+                        err = PAM_BUF_ERR;
+                        goto fail;
+                }
+        }
+        return (PAM_SUCCESS);
  fail:
         while (i)
                 free(resp[--i]);
-        free(*resp);
-        *resp = NULL;
-        return (err);
+        free(*resp);
+        *resp = NULL;
+        return (err);
 }

trunk/lib/pam_end.c

@@ -74 +74 @@
         for (i = 0; i < PAM_NUM_ITEMS; ++i)
                 free(pamh->item[i]);
-        
+
         free(pamh);
-        
+
         return (PAM_SUCCESS);
 }

trunk/lib/pam_get_authtok.c

@@ -53 +53 @@
 {
         int r;
-        
+
         if (pamh == NULL || authtok == NULL)
                 return (PAM_SYSTEM_ERR);

trunk/lib/pam_get_data.c

@@ -54 +54 @@
 {
         pam_data_t *dp;
-        
+
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);
@@ -63 +63 @@
                         return (PAM_SUCCESS);
                 }
-        
+
         return (PAM_NO_MODULE_DATA);
 }

trunk/lib/pam_get_item.c

@@ -55 +55 @@
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);
-        
+
         switch (item_type) {
         case PAM_SERVICE:

trunk/lib/pam_get_user.c

@@ -54 +54 @@
 {
         int r;
-        
+
         if (pamh == NULL || user == NULL)
                 return (PAM_SYSTEM_ERR);

trunk/lib/pam_getenv.c

@@ -54 +54 @@
 {
         int i;
-        
+
         if (pamh == NULL)
                 return (NULL);

trunk/lib/pam_prompt.c

@@ -49 +49 @@
 int
 pam_prompt(pam_handle_t *pamh,
-        char **resp,
+        char **resp,
         int echo,
         const char *fmt,

trunk/lib/pam_putenv.c

@@ -55 +55 @@
         char **env, *p;
         int i;
-        
+
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);

trunk/lib/pam_set_data.c

@@ -58 +58 @@
 {
         pam_data_t *dp;
-        
+
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);
@@ -71 +71 @@
                 }
         }
-        
+
         if ((dp = malloc(sizeof *dp)) == NULL)
                 return (PAM_BUF_ERR);

trunk/lib/pam_set_item.c

@@ -60 +60 @@
         if (pamh == NULL)
                 return (PAM_SYSTEM_ERR);
-        
+
         switch (item_type) {
         case PAM_SERVICE:

trunk/lib/pam_start.c

@@ -80 +80 @@
         if (r != PAM_SUCCESS)
                 goto fail;
-        
+
         *pamh = ph;
         openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
         return (PAM_SUCCESS);
-        
+
  fail:
         pam_end(ph, r);
@@ -102 +102 @@
 static int
 _pam_add_module(pam_handle_t *pamh,
-        int chain,
-        int flag,
-        const char *modpath,
-        const char *options /* XXX */ __unused)
+        int chain,
+        int flag,
+        const char *modpath,
+        const char *options /* XXX */ __unused)
 {
         pam_chain_t *module, *iterator;
@@ -146 +146 @@
                 module->primitive[i] =
                     dlsym(module->dlh, _pam_sm_func_name[i]);
-        
+
         if ((iterator = pamh->chains[chain]) != NULL) {
                 while (iterator->next != NULL)
@@ -158 +158 @@
 
 #define PAM_CONF_STYLE  0
-#define PAM_D_STYLE     1
+#define PAM_D_STYLE     1
 #define MAX_LINE_LEN    1024
 
@@ -181 +181 @@
         openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
             service, filename);
-        
+
         for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
                 if ((len = strlen(buf)) == 0)
@@ -207 +207 @@
                 buf[len] = '\0';
                 p = q = buf;
-                
+
                 /* check service name */
                 if (style == PAM_CONF_STYLE) {
@@ -221 +221 @@
                 }
 
-                
+
                 /* get module type */
                 for (p = q; isspace(*p); ++p)
@@ -267 +267 @@
                         continue;
                 }
-                
+
                 /* get module name */
                 for (p = q; isspace(*p); ++p)
@@ -275 +275 @@
                 if (q == p)
                         goto syntax_error;
-                
+
                 /* get options */
                 if (*q != '\0') {
@@ -284 +284 @@
 
                 /*
-                 * Finally, add the module at the end of the
-                 * appropriate chain and bump the counter.
+                 * Finally, add the module at the end of the
+                 * appropriate chain and bump the counter.
                  */
                 if ((r = _pam_add_module(pamh, chain, flag, p, q)) !=
@@ -303 +303 @@
         if (ferror(f))
                 openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
-        
+
         fclose(f);
         return (n);
@@ -314 +314 @@
         NULL
 };
-        
+
 static int
 _pam_configure_service(pam_handle_t *pamh,
-        const char *service)
+        const char *service)
 {
         const char **path;
@@ -346 +346 @@
                         return (PAM_SUCCESS);
         }
-        
+
         return (PAM_SYSTEM_ERR);
 }

trunk/lib/pam_strerror.c

@@ -55 +55 @@
 
         pamh = pamh;
-        
+
         switch (error_number) {
         case PAM_SUCCESS:

trunk/modules/pam_deny/pam_deny.c

@@ -41 +41 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_AUTH_ERR);
 }
@@ -49 +49 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_PERM_DENIED);
 }
@@ -57 +57 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_AUTH_ERR);
 }

trunk/modules/pam_permit/pam_permit.c

@@ -41 +41 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_SUCCESS);
 }
@@ -49 +49 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_SUCCESS);
 }
@@ -57 +57 @@
         int argc, const char *argv[])
 {
-        
+
         return (PAM_SUCCESS);
 }