Changeset 594 in openpam


Ignore:
Timestamp:
Apr 14, 2012, 2:18:41 PM (9 years ago)
Author:
Dag-Erling Smørgrav
Message:

Add an experimental mechanism for enabling / disabling optional features.
Use it to control policy and module file checks. The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.

Location:
trunk
Files:
4 added
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/doc/man

    • Property svn:ignore
      •  

        old new  
        55openpam_free_data.3
        66openpam_free_envlist.3
         7openpam_get_feature.3
        78openpam_get_option.3
        89openpam_log.3
         
        1213openpam_readword.3
        1314openpam_restore_cred.3
         15openpam_set_feature.3
        1416openpam_set_option.3
        1517openpam_straddch.3
  • trunk/doc/man/Makefile.am

    r577 r594  
    3939        openpam_free_data.3 \
    4040        openpam_free_envlist.3 \
     41        openpam_get_feature.3 \
    4142        openpam_get_option.3 \
    4243        openpam_log.3 \
     
    4647        openpam_readword.3 \
    4748        openpam_restore_cred.3 \
     49        openpam_set_feature.3 \
    4850        openpam_set_option.3 \
    4951        openpam_straddch.3 \
  • trunk/include/security/openpam.h

    r547 r594  
    180180
    181181/*
     182 * Enable / disable optional features
     183 */
     184enum {
     185        OPENPAM_RESTRICT_SERVICE_NAME,
     186        OPENPAM_VERIFY_POLICY_FILE,
     187        OPENPAM_RESTRICT_MODULE_NAME,
     188        OPENPAM_VERIFY_MODULE_FILE,
     189        OPENPAM_NUM_FEATURES
     190};
     191
     192int
     193openpam_set_feature(int _feature, int _onoff);
     194
     195int
     196openpam_get_feature(int _feature, int *_onoff);
     197
     198/*
    182199 * Log levels
    183200 */
  • trunk/lib/Makefile.am

    r570 r594  
    2323        openpam_dispatch.c \
    2424        openpam_dynamic.c \
     25        openpam_features.c \
    2526        openpam_findenv.c \
    2627        openpam_free_data.c \
    2728        openpam_free_envlist.c \
     29        openpam_get_feature.c \
    2830        openpam_get_option.c \
    2931        openpam_load.c \
     
    3537        openpam_restore_cred.c \
    3638        openpam_set_option.c \
     39        openpam_set_feature.c \
    3740        openpam_static.c \
    3841        openpam_straddch.c \
  • trunk/lib/openpam_configure.c

    r554 r594  
    6969        const char *p;
    7070
    71         for (p = name; *p != '\0'; ++p)
    72                 if (!is_pfcs(*p))
    73                         return (0);
     71        if (OPENPAM_FEATURE(RESTRICT_SERVICE_NAME)) {
     72                /* path separator not allowed */
     73                for (p = name; *p != '\0'; ++p)
     74                        if (!is_pfcs(*p))
     75                                return (0);
     76        } else {
     77                /* path separator allowed */
     78                for (p = name; *p != '\0'; ++p)
     79                        if (!is_pfcs(*p) && *p != '/')
     80                                return (0);
     81        }
    7482        return (1);
    7583}
     
    117125 */
    118126static int
    119 valid_filename(const char *name)
     127valid_module_name(const char *name)
    120128{
    121129        const char *p;
    122130
    123         for (p = name; *p != '\0'; ++p)
    124                 if (!is_pfcs(*p) && *p != '/')
    125                         return (0);
     131        if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME)) {
     132                /* path separator not allowed */
     133                for (p = name; *p != '\0'; ++p)
     134                        if (!is_pfcs(*p))
     135                                return (0);
     136        } else {
     137                /* path separator allowed */
     138                for (p = name; *p != '\0'; ++p)
     139                        if (!is_pfcs(*p) && *p != '/')
     140                                return (0);
     141        }
    126142        return (1);
    127143}
     
    220236                /* get module name */
    221237                if ((modulename = wordv[i++]) == NULL ||
    222                     !valid_filename(modulename)) {
     238                    !valid_module_name(modulename)) {
    223239                        openpam_log(PAM_LOG_ERROR,
    224240                            "%s(%d): missing or invalid module name",
     
    319335        int ret, serrno;
    320336
    321         if (!valid_service_name(service)) {
    322                 openpam_log(PAM_LOG_ERROR, "invalid service name");
    323                 errno = EINVAL;
    324                 RETURNN(-1);
    325         }
    326337        ENTERS(facility < 0 ? "any" : pam_facility_name[facility]);
    327338        for (path = openpam_policy_path; *path != NULL; ++path) {
     
    355366
    356367                /* verify type, ownership and permissions */
    357                 if (openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
     368                if (OPENPAM_FEATURE(VERIFY_POLICY_FILE) &&
     369                    openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
    358370                        serrno = errno;
    359371                        fclose(f);
     
    384396{
    385397        pam_facility_t fclt;
    386         const char *p;
    387398        int serrno;
    388399
    389400        ENTERS(service);
    390         for (p = service; *p; ++p)
    391                 if (!is_pfcs(*p))
    392                         RETURNC(PAM_SYSTEM_ERR);
     401        if (!valid_service_name(service)) {
     402                openpam_log(PAM_LOG_ERROR, "invalid service name");
     403                RETURNC(PAM_SYSTEM_ERR);
     404        }
    393405        if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
    394406                goto load_err;
  • trunk/lib/openpam_debug.h

    r522 r594  
    5959                openpam_log(PAM_LOG_LIBDEBUG, "entering: '%s'", s_); \
    6060} while (0)
     61#define ENTERF(f) do { \
     62        int f_ = (f); \
     63        if (f_ >= 0 && f_ <= OPENPAM_NUM_FEATURES) \
     64                openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", \
     65                    openpam_features[f_].name); \
     66        else \
     67                openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", f_); \
     68} while (0)
    6169#define RETURNV() openpam_log(PAM_LOG_LIBDEBUG, "returning")
    6270#define RETURNC(c) do { \
     
    94102#define ENTERN(n)
    95103#define ENTERS(s)
     104#define ENTERF(f)
    96105#define RETURNV() return
    97106#define RETURNC(c) return (c)
  • trunk/lib/openpam_dynamic.c

    r525 r594  
    7171        if ((fd = open(modfn, O_RDONLY)) < 0)
    7272                return (NULL);
    73         if (openpam_check_desc_owner_perms(modfn, fd) != 0) {
     73        if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
     74            openpam_check_desc_owner_perms(modfn, fd) != 0) {
    7475                close(fd);
    7576                return (NULL);
     
    8889try_dlopen(const char *modfn)
    8990{
     91        int check_module_file;
    9092        void *dlh;
    9193
    92         if (openpam_check_path_owner_perms(modfn) != 0)
     94        openpam_get_feature(OPENPAM_FEATURE_CHECK_MODULE_FILE,
     95            &check_module_file);
     96        if (check_module_file &&
     97            openpam_check_path_owner_perms(modfn) != 0)
    9398                return (NULL);
    9499        if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
  • trunk/lib/openpam_impl.h

    r547 r594  
    175175#include "openpam_constants.h"
    176176#include "openpam_debug.h"
     177#include "openpam_features.h"
    177178
    178179#endif
Note: See TracChangeset for help on using the changeset viewer.