- Timestamp:
- Feb 1, 2002, 10:20:07 PM (19 years ago)
- Location:
- trunk
- Files:
-
- 49 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LICENSE
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/bin/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/bin/su/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/bin/su/su.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r15 r16 53 53 usage(void) 54 54 { 55 fprintf(stderr, "Usage: su [login [args]]\n"); 56 exit(1); 55 56 fprintf(stderr, "Usage: su [login [args]]\n"); 57 exit(1); 57 58 } 58 59 … … 60 61 check(const char *func, int pam_err) 61 62 { 62 if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD) 63 return pam_err; 64 openlog("su", LOG_CONS, LOG_AUTH); 65 syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err)); 66 errx(1, "Sorry."); 63 64 if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD) 65 return pam_err; 66 openlog("su", LOG_CONS, LOG_AUTH); 67 syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err)); 68 errx(1, "Sorry."); 67 69 } 68 70 … … 70 72 main(int argc, char *argv[]) 71 73 { 72 73 74 char hostname[MAXHOSTNAMELEN]; 75 const char *user, *tty; 74 76 struct passwd *pwd; 75 76 77 int o, status; 78 pid_t pid; 77 79 78 79 80 81 82 83 80 while ((o = getopt(argc, argv, "h")) != -1) 81 switch (o) { 82 case 'h': 83 default: 84 usage(); 85 } 84 86 85 86 87 argc -= optind; 88 argv += optind; 87 89 88 89 90 /* initialize PAM */ 91 pamc.conv = &openpam_ttyconv; 90 92 pam_start("su", argc ? *argv : "root", &pamc, &pamh); 91 93 92 93 94 95 96 97 98 94 /* set some items */ 95 gethostname(hostname, sizeof hostname); 96 check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname)); 97 user = getlogin(); 98 check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user)); 99 tty = ttyname(STDERR_FILENO); 100 check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty)); 99 101 100 101 102 103 104 105 106 107 108 109 110 111 102 /* authenticate the applicant */ 103 check("pam_authenticate", pam_authenticate(pamh, 0)); 104 if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) == 105 PAM_NEW_AUTHTOK_REQD) 106 check("pam_chauthtok", 107 pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK)); 108 109 /* establish the requested credentials */ 110 check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED)); 111 112 /* authentication succeeded; open a session */ 113 check("pam_open_session", pam_open_session(pamh, 0)); 112 114 113 115 if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) … … 115 117 if (setuid(pwd->pw_uid) == -1) 116 118 err(1, "setuid()"); 117 119 118 120 /* XXX export environment variables */ 119 120 switch ((pid = fork())) {121 case -1:122 err(1, "fork()");123 case 0:124 /* child: start a shell */125 *argv = pwd->pw_shell;126 execvp(*argv, argv);127 err(1, "execvp()");128 default:129 /* parent: wait for child to exit */130 waitpid(pid, &status, 0);131 if (WIFEXITED(status))132 status = WEXITSTATUS(status);133 else134 status = 1;135 }136 121 137 /* close the session and release PAM resources */ 138 check("pam_close_session", pam_close_session(pamh, 0)); 139 check("pam_end", pam_end(pamh, 0)); 122 switch ((pid = fork())) { 123 case -1: 124 err(1, "fork()"); 125 case 0: 126 /* child: start a shell */ 127 *argv = pwd->pw_shell; 128 execvp(*argv, argv); 129 err(1, "execvp()"); 130 default: 131 /* parent: wait for child to exit */ 132 waitpid(pid, &status, 0); 133 if (WIFEXITED(status)) 134 status = WEXITSTATUS(status); 135 else 136 status = 1; 137 } 140 138 141 exit(status); 139 /* close the session and release PAM resources */ 140 check("pam_close_session", pam_close_session(pamh, 0)); 141 check("pam_end", pam_end(pamh, 0)); 142 143 exit(status); 142 144 } -
Property
svn:keywords
set to
-
trunk/doc/xsso_errata.txt
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r7 r16 3 3 Errata in XSSO, chapter 5: 4 4 5 p. 25: 5 p. 25: the first member of struct pam_response is named "resp", not 6 6 "response". 7 7 8 8 Errata in XSSO, chapter 6: 9 9 10 p. 32: 10 p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE 11 11 sections should be "PAM_NEW_AUTHTOK_REQD". 12 12 … … 19 19 should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively. 20 20 21 p. 62: 21 p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is 22 22 of type size_t, not a size_t *. 23 23 … … 53 53 p. 89: the user argument to pam_start() is of type const char *. 54 54 55 p. 89: 55 p. 89: the correct definition for struct pam_conv is as follows: 56 56 57 57 struct pam_conv { … … 61 61 }; 62 62 63 p. 90: 63 p. 90: the correct definition for struct pam_response is as follows: 64 64 65 65 struct pam_response { -
Property
svn:keywords
set to
-
trunk/include/security/openpam.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/include/security/pam_appl.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r8 r16 142 142 int 143 143 pam_prompt(pam_handle_t *pamh, 144 144 char **resp, 145 145 int echo, 146 146 const char *fmt, -
Property
svn:keywords
set to
-
trunk/include/security/pam_constants.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/include/security/pam_modules.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/include/security/pam_types.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/openpam_dispatch.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 58 58 pam_chain_t *module; 59 59 int err, fail, r; 60 60 61 61 if (pamh == NULL) 62 62 return (PAM_SYSTEM_ERR); … … 148 148 r == PAM_PERM_DENIED) 149 149 return; 150 150 151 151 /* specific error codes */ 152 152 switch (primitive) { … … 187 187 break; 188 188 } 189 189 190 190 openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", 191 191 _pam_sm_func_name[primitive], r); -
Property
svn:keywords
set to
-
trunk/lib/openpam_findenv.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r11 r16 51 51 { 52 52 int i; 53 53 54 54 if (pamh == NULL) 55 55 return (-1); -
Property
svn:keywords
set to
-
trunk/lib/openpam_impl.h
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 44 44 */ 45 45 #define PAM_REQUIRED 1 46 #define 46 #define PAM_REQUISITE 2 47 47 #define PAM_SUFFICIENT 3 48 #define 48 #define PAM_OPTIONAL 4 49 49 #define PAM_NUM_CONTROLFLAGS 5 50 50 … … 92 92 struct pam_handle { 93 93 char *service; 94 94 95 95 /* chains */ 96 96 pam_chain_t *chains[PAM_NUM_CHAINS]; -
Property
svn:keywords
set to
-
trunk/lib/openpam_log.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/openpam_ttyconv.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r9 r16 52 52 int 53 53 openpam_ttyconv(int n, 54 55 56 54 const struct pam_message **msg, 55 struct pam_response **resp, 56 void *data) 57 57 { 58 59 60 61 62 58 char buf[PAM_MAX_RESP_SIZE]; 59 struct termios tattr; 60 tcflag_t lflag; 61 int fd, err, i; 62 size_t len; 63 63 64 65 66 67 68 69 70 71 72 73 74 75 64 data = data; 65 if (n <= 0 || n > PAM_MAX_NUM_MSG) 66 return (PAM_CONV_ERR); 67 if ((*resp = calloc(n, sizeof **resp)) == NULL) 68 return (PAM_BUF_ERR); 69 fd = fileno(stdin); 70 for (i = 0; i < n; ++i) { 71 resp[i]->resp_retcode = 0; 72 resp[i]->resp = NULL; 73 switch (msg[i]->msg_style) { 74 case PAM_PROMPT_ECHO_OFF: 75 case PAM_PROMPT_ECHO_ON: 76 76 if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { 77 77 if (tcgetattr(fd, &tattr) != 0) { … … 89 89 goto fail; 90 90 } 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 91 } 92 fputs(msg[i]->msg, stderr); 93 buf[0] = '\0'; 94 fgets(buf, sizeof buf, stdin); 95 if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { 96 tattr.c_lflag = lflag; 97 (void)tcsetattr(fd, TCSANOW, &tattr); 98 fputs("\n", stderr); 99 } 100 if (ferror(stdin)) { 101 err = PAM_CONV_ERR; 102 goto fail; 103 } 104 for (len = strlen(buf); len > 0; --len) 105 if (!isspace(buf[len - 1])) 106 break; 107 buf[len] = '\0'; 108 if ((resp[i]->resp = strdup(buf)) == NULL) { 109 err = PAM_BUF_ERR; 110 goto fail; 111 } 112 break; 113 case PAM_ERROR_MSG: 114 fputs(msg[i]->msg, stderr); 115 break; 116 case PAM_TEXT_INFO: 117 fputs(msg[i]->msg, stdout); 118 break; 119 default: 120 err = PAM_BUF_ERR; 121 goto fail; 122 } 123 } 124 return (PAM_SUCCESS); 125 125 fail: 126 126 while (i) 127 127 free(resp[--i]); 128 129 130 128 free(*resp); 129 *resp = NULL; 130 return (err); 131 131 } -
Property
svn:keywords
set to
-
trunk/lib/pam_acct_mgmt.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_authenticate.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_authenticate_secondary.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_chauthtok.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_close_session.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_end.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 74 74 for (i = 0; i < PAM_NUM_ITEMS; ++i) 75 75 free(pamh->item[i]); 76 76 77 77 free(pamh); 78 78 79 79 return (PAM_SUCCESS); 80 80 } -
Property
svn:keywords
set to
-
trunk/lib/pam_error.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_get_authtok.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 53 53 { 54 54 int r; 55 55 56 56 if (pamh == NULL || authtok == NULL) 57 57 return (PAM_SYSTEM_ERR); -
Property
svn:keywords
set to
-
trunk/lib/pam_get_data.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 54 54 { 55 55 pam_data_t *dp; 56 56 57 57 if (pamh == NULL) 58 58 return (PAM_SYSTEM_ERR); … … 63 63 return (PAM_SUCCESS); 64 64 } 65 65 66 66 return (PAM_NO_MODULE_DATA); 67 67 } -
Property
svn:keywords
set to
-
trunk/lib/pam_get_item.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 55 55 if (pamh == NULL) 56 56 return (PAM_SYSTEM_ERR); 57 57 58 58 switch (item_type) { 59 59 case PAM_SERVICE: -
Property
svn:keywords
set to
-
trunk/lib/pam_get_mapped_authtok.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_get_mapped_username.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_get_user.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 54 54 { 55 55 int r; 56 56 57 57 if (pamh == NULL || user == NULL) 58 58 return (PAM_SYSTEM_ERR); -
Property
svn:keywords
set to
-
trunk/lib/pam_getenv.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 54 54 { 55 55 int i; 56 56 57 57 if (pamh == NULL) 58 58 return (NULL); -
Property
svn:keywords
set to
-
trunk/lib/pam_getenvlist.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_info.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_open_session.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_prompt.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r8 r16 49 49 int 50 50 pam_prompt(pam_handle_t *pamh, 51 51 char **resp, 52 52 int echo, 53 53 const char *fmt, -
Property
svn:keywords
set to
-
trunk/lib/pam_putenv.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 55 55 char **env, *p; 56 56 int i; 57 57 58 58 if (pamh == NULL) 59 59 return (PAM_SYSTEM_ERR); -
Property
svn:keywords
set to
-
trunk/lib/pam_set_data.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 58 58 { 59 59 pam_data_t *dp; 60 60 61 61 if (pamh == NULL) 62 62 return (PAM_SYSTEM_ERR); … … 71 71 } 72 72 } 73 73 74 74 if ((dp = malloc(sizeof *dp)) == NULL) 75 75 return (PAM_BUF_ERR); -
Property
svn:keywords
set to
-
trunk/lib/pam_set_item.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 60 60 if (pamh == NULL) 61 61 return (PAM_SYSTEM_ERR); 62 62 63 63 switch (item_type) { 64 64 case PAM_SERVICE: -
Property
svn:keywords
set to
-
trunk/lib/pam_set_mapped_authtok.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_set_mapped_username.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_setcred.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_setenv.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/lib/pam_start.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r12 r16 80 80 if (r != PAM_SUCCESS) 81 81 goto fail; 82 82 83 83 *pamh = ph; 84 84 openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); 85 85 return (PAM_SUCCESS); 86 86 87 87 fail: 88 88 pam_end(ph, r); … … 102 102 static int 103 103 _pam_add_module(pam_handle_t *pamh, 104 105 106 107 104 int chain, 105 int flag, 106 const char *modpath, 107 const char *options /* XXX */ __unused) 108 108 { 109 109 pam_chain_t *module, *iterator; … … 146 146 module->primitive[i] = 147 147 dlsym(module->dlh, _pam_sm_func_name[i]); 148 148 149 149 if ((iterator = pamh->chains[chain]) != NULL) { 150 150 while (iterator->next != NULL) … … 158 158 159 159 #define PAM_CONF_STYLE 0 160 #define 160 #define PAM_D_STYLE 1 161 161 #define MAX_LINE_LEN 1024 162 162 … … 181 181 openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", 182 182 service, filename); 183 183 184 184 for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { 185 185 if ((len = strlen(buf)) == 0) … … 207 207 buf[len] = '\0'; 208 208 p = q = buf; 209 209 210 210 /* check service name */ 211 211 if (style == PAM_CONF_STYLE) { … … 221 221 } 222 222 223 223 224 224 /* get module type */ 225 225 for (p = q; isspace(*p); ++p) … … 267 267 continue; 268 268 } 269 269 270 270 /* get module name */ 271 271 for (p = q; isspace(*p); ++p) … … 275 275 if (q == p) 276 276 goto syntax_error; 277 277 278 278 /* get options */ 279 279 if (*q != '\0') { … … 284 284 285 285 /* 286 287 286 * Finally, add the module at the end of the 287 * appropriate chain and bump the counter. 288 288 */ 289 289 if ((r = _pam_add_module(pamh, chain, flag, p, q)) != … … 303 303 if (ferror(f)) 304 304 openpam_log(PAM_LOG_ERROR, "%s: %m", filename); 305 305 306 306 fclose(f); 307 307 return (n); … … 314 314 NULL 315 315 }; 316 316 317 317 static int 318 318 _pam_configure_service(pam_handle_t *pamh, 319 319 const char *service) 320 320 { 321 321 const char **path; … … 346 346 return (PAM_SUCCESS); 347 347 } 348 348 349 349 return (PAM_SYSTEM_ERR); 350 350 } -
Property
svn:keywords
set to
-
trunk/lib/pam_strerror.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r10 r16 55 55 56 56 pamh = pamh; 57 57 58 58 switch (error_number) { 59 59 case PAM_SUCCESS: -
Property
svn:keywords
set to
-
trunk/modules/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/modules/pam_deny/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/modules/pam_deny/pam_deny.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r14 r16 41 41 int argc, const char *argv[]) 42 42 { 43 43 44 44 return (PAM_AUTH_ERR); 45 45 } … … 49 49 int argc, const char *argv[]) 50 50 { 51 51 52 52 return (PAM_PERM_DENIED); 53 53 } … … 57 57 int argc, const char *argv[]) 58 58 { 59 59 60 60 return (PAM_AUTH_ERR); 61 61 } -
Property
svn:keywords
set to
-
trunk/modules/pam_permit/Makefile
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
-
Property
svn:keywords
set to
-
trunk/modules/pam_permit/pam_permit.c
-
Property
svn:keywords
set to
Id LastChangedRevision HeadURL LastChangedDate LastChangedBy
r14 r16 41 41 int argc, const char *argv[]) 42 42 { 43 43 44 44 return (PAM_SUCCESS); 45 45 } … … 49 49 int argc, const char *argv[]) 50 50 { 51 51 52 52 return (PAM_SUCCESS); 53 53 } … … 57 57 int argc, const char *argv[]) 58 58 { 59 59 60 60 return (PAM_SUCCESS); 61 61 } -
Property
svn:keywords
set to
Note: See TracChangeset
for help on using the changeset viewer.