system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-24 03:37:16 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update to OpenPAM Micrampelis.

Browse source
This commit is contained in:
Dag-Erling Smørgrav 2012-05-26 17:10:16 +00:00
parent 8d6900eab8 55b76c4090
commit 2f3ed61901
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=236109
114 changed files with 5799 additions and 1070 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
contrib/openpam/CREDITS
View file

@ -16,16 +16,21 @@ ideas:
Brian Fundakowski Feldman <green@freebsd.org>
Christos Zoulas <christos@netbsd.org>
Daniel Richard G. <skunk@iskunk.org>
Darren J. Moffat <Darren.Moffat@sun.com>
Darren J. Moffat <darren.moffat@sun.com>
Dmitry V. Levin <ldv@altlinux.org>
Don Lewis <truckman@freebsd.org>
Emmanuel Dreyfus <manu@netbsd.org>
Eric Melville <eric@freebsd.org>
Gary Winiger <Gary.Winiger@sun.com>
Gary Winiger <gary.winiger@sun.com>
Gleb Smirnoff <glebius@freebsd.org>
Hubert Feyrer <hubert@feyrer.de>
Jason Evans <jasone@freebsd.org>
Joe Marcus Clarke <marcus@freebsd.org>
Juli Mallett <jmallett@freebsd.org>
Jörg Sonnenberger <joerg@britannica.bec.de>
Maëlle Lesage <lesage.maelle@gmail.com>
Mark Murray <markm@freebsd.org>
Matthias Drochner <drochner@netbsd.org>
Mike Petullo <mike@flyn.org>
Mikhail Teterin <mi@aldan.algebra.com>
Mikko Työläjärvi <mbsd@pacbell.net>
@ -38,4 +43,4 @@ ideas:
Wojciech A. Koszek <wkoszek@freebsd.org>
Yar Tikhiy <yar@freebsd.org>
$Id: CREDITS 498 2011-11-21 16:27:04Z des $
$Id: CREDITS 587 2012-04-08 11:12:10Z des $

58
contrib/openpam/HISTORY
View file

@ -1,3 +1,51 @@
OpenPAM Micrampelis 2012-05-26
- FEATURE: Add an openpam_readword(3) function which reads the next
word from an input stream, applying shell quoting and escaping
rules. Add numerous unit tests for openpam_readword(3).
- FEATURE: Add an openpam_readlinev(3) function which uses the
openpam_readword(3) function to read words from an input stream one
at a time until it reaches an unquoted, unescaped newline, and
returns an array of those words. Add several unit tests for
openpam_readlinev(3).
- FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
machine's hostname. This was implemented in Lycopsida but
inadvertantly left out of the release notes.
- FEATURE: In pam_get_authtok(3), if neither the application nor the
module have specified a prompt and PAM_HOST and PAM_RHOST are both
defined but not equal, use a different default prompt that includes
PAM_USER and PAM_HOST.
- ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
which greatly simplifies the code.
- ENHANCE: The previous implementation of the policy parser relied on
the openpam_readline(3) function, which (by design) munges
whitespace and understands neither quotes nor backslash escapes.
As a result of the aforementioned rewrite, whitespace, quotes and
backslash escapes in policy files are now handled in a consistent
and predictable manner.
- ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
This closes the race between the ownership / permission check and
the dlopen(3) call.
- ENHANCE: Reduce the amount of pointless error messages generated
while searching for a module.
- ENHANCE: Numerous documentation improvements, both in content and
formatting.
- BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
OpenPAM's behavior when several policies exist for the same
service, from ignoring all but the first to concatenating them all.
Revert to the original behavior.
- BUGFIX: Plug a memory leak in the policy parser.
============================================================================
OpenPAM Lycopsida 2011-12-18
- ENHANCE: removed static build autodetection, which didn't work
@ -269,7 +317,7 @@ OpenPAM Cinchona 2002-04-08
- ENHANCE: Add openpam_free_data(), a generic cleanup function for
pam_set_data() consumers.
============================================================================
OpenPAM Centaury 2002-03-14
OpenPAM Centaury 2002-03-14
- BUGFIX: Add missing #include <string.h> to openpam_log.c.
@ -308,7 +356,7 @@ OpenPAM Celandine 2002-03-05
module with the same version number as the library itself to one
with no version number at all.
============================================================================
OpenPAM Cantaloupe 2002-02-22
OpenPAM Cantaloupe 2002-02-22
- BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
@ -338,7 +386,7 @@ OpenPAM Cantaloupe 2002-02-22
- ENHANCE: openpam_get_authtok() now respects the echo_pass,
try_first_pass, and use_first_pass options.
============================================================================
OpenPAM Caliopsis 2002-02-13
OpenPAM Caliopsis 2002-02-13
Fixed a number of bugs in the previous release, including:
- a number of bugs in and related to pam_[gs]et_item(3)
@ -349,8 +397,8 @@ Fixed a number of bugs in the previous release, including:
- missing 'continue' in openpam_dispatch.c caused successes to be
counted as failures
============================================================================
OpenPAM Calamite 2002-02-09
OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$Id: HISTORY 504 2011-12-18 14:11:12Z des $
$Id: HISTORY 609 2012-05-26 13:57:45Z des $

4
contrib/openpam/LICENSE
View file

@ -1,6 +1,6 @@
Copyright (c) 2002-2003 Networks Associates Technology, Inc.
Copyright (c) 2004-2011 Dag-Erling Smørgrav
Copyright (c) 2004-2012 Dag-Erling Smørgrav
All rights reserved.
This software was developed for the FreeBSD Project by ThinkSec AS and
@ -32,4 +32,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
$Id: LICENSE 437 2011-09-13 12:00:13Z des $
$Id: LICENSE 546 2012-03-31 23:13:20Z des $

4
contrib/openpam/Makefile.am
View file

@ -1,4 +1,4 @@
# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $
# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $
ACLOCAL_AMFLAGS = -I m4
@ -8,6 +8,8 @@ if WITH_DOC
SUBDIRS += doc
endif
SUBDIRS += t
EXTRA_DIST = \
CREDITS \
HISTORY \

14
contrib/openpam/Makefile.in
View file

@ -15,7 +15,7 @@
@SET_MAKE@
# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $
# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@ -39,8 +39,8 @@ host_triplet = @host@
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/configure INSTALL config.guess config.sub \
depcomp install-sh ltmain.sh missing
$(srcdir)/pamgdb.in $(top_srcdir)/configure INSTALL TODO \
config.guess config.sub depcomp install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
@ -49,7 +49,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_FILES = pamgdb
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
@ -67,7 +67,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
distdir dist dist-all distcheck
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = lib bin modules include doc
DIST_SUBDIRS = lib bin modules include doc t
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -222,7 +222,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = lib bin modules include $(am__append_1)
SUBDIRS = lib bin modules include $(am__append_1) t
EXTRA_DIST = \
CREDITS \
HISTORY \
@ -288,6 +288,8 @@ $(srcdir)/config.h.in: $(am__configure_deps)
distclean-hdr:
-rm -f config.h stamp-h1
pamgdb: $(top_builddir)/config.status $(srcdir)/pamgdb.in
cd $(top_builddir) && $(SHELL) ./config.status $@
mostlyclean-libtool:
-rm -f *.lo

9
contrib/openpam/RELNOTES
View file

@ -1,6 +1,6 @@
Release notes for OpenPAM Lycopsida
===================================
Release notes for OpenPAM Micrampelis
=====================================
This release corresponds to the code used in FreeBSD HEAD as of the
release date, and is also expected to work on almost any POSIX-like
@ -19,6 +19,9 @@ intended for actual use, but rather to serve as examples for module or
application developers. It also includes a command-line application
(pamtest) which can be used to test policies and modules.
Unit tests for limited portions of the library can be found in the t
subdirectory.
Please direct bug reports and inquiries to <des@des.no>.
$Id: RELNOTES 506 2011-12-18 14:25:12Z des $
$Id: RELNOTES 609 2012-05-26 13:57:45Z des $

13
contrib/openpam/TODO Normal file
View file

@ -0,0 +1,13 @@
Before the next release:
- Complete the transition from PAM_LOG_DEBUG to PAM_LOG_LIBDEBUG.
Whenever:
- Implement mechanism to enable / disable optional features. Use it
to disable strict error checking so pamtest and unit tests can do
things that we don't allow in production.
- Rewrite the module-loading code.
$Id: TODO 592 2012-04-08 13:19:51Z des $

272
contrib/openpam/aclocal.m4 vendored
View file

@ -22,8 +22,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
# Inc.
# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is free software; the Free Software Foundation gives
@ -32,8 +32,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
m4_define([_LT_COPYING], [dnl
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
# Inc.
# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@ -167,6 +167,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl
AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
dnl
_LT_DECL([], [host_alias], [0], [The host system])dnl
_LT_DECL([], [host], [0])dnl
_LT_DECL([], [host_os], [0])dnl
@ -652,7 +654,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
configured by $[0], generated by m4_PACKAGE_STRING.
Copyright (C) 2010 Free Software Foundation, Inc.
Copyright (C) 2011 Free Software Foundation, Inc.
This config.lt script is free software; the Free Software Foundation
gives unlimited permision to copy, distribute and modify it."
@ -816,6 +818,7 @@ AC_DEFUN([LT_LANG],
m4_case([$1],
[C], [_LT_LANG(C)],
[C++], [_LT_LANG(CXX)],
[Go], [_LT_LANG(GO)],
[Java], [_LT_LANG(GCJ)],
[Fortran 77], [_LT_LANG(F77)],
[Fortran], [_LT_LANG(FC)],
@ -837,6 +840,29 @@ m4_defun([_LT_LANG],
])# _LT_LANG
m4_ifndef([AC_PROG_GO], [
# NOTE: This macro has been submitted for inclusion into #
# GNU Autoconf as AC_PROG_GO. When it is available in #
# a released version of Autoconf we should remove this #
# macro and use it instead. #
m4_defun([AC_PROG_GO],
[AC_LANG_PUSH(Go)dnl
AC_ARG_VAR([GOC], [Go compiler command])dnl
AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
_AC_ARG_VAR_LDFLAGS()dnl
AC_CHECK_TOOL(GOC, gccgo)
if test -z "$GOC"; then
if test -n "$ac_tool_prefix"; then
AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
fi
fi
if test -z "$GOC"; then
AC_CHECK_PROG(GOC, gccgo, gccgo, false)
fi
])#m4_defun
])#m4_ifndef
# _LT_LANG_DEFAULT_CONFIG
# -----------------------
m4_defun([_LT_LANG_DEFAULT_CONFIG],
@ -867,6 +893,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
m4_ifdef([LT_PROG_GCJ],
[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
AC_PROVIDE_IFELSE([AC_PROG_GO],
[LT_LANG(GO)],
[m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
AC_PROVIDE_IFELSE([LT_PROG_RC],
[LT_LANG(RC)],
[m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
@ -969,7 +999,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
# If there is a non-empty error log, and "single_module"
# appears in it, assume the flag caused a linker warning
if test -s conftest.err && $GREP single_module conftest.err; then
cat conftest.err >&AS_MESSAGE_LOG_FD
# Otherwise, if the output was created with a 0 exit code from
# the compiler, it worked.
elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@ -977,6 +1013,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
rm -rf libconftest.dylib*
rm -f conftest.*
fi])
AC_CACHE_CHECK([for -exported_symbols_list linker flag],
[lt_cv_ld_exported_symbols_list],
[lt_cv_ld_exported_symbols_list=no
@ -988,6 +1025,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
[lt_cv_ld_exported_symbols_list=no])
LDFLAGS="$save_LDFLAGS"
])
AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
[lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
@ -1005,7 +1043,9 @@ _LT_EOF
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
if test -s conftest.err && $GREP force_load conftest.err; then
cat conftest.err >&AS_MESSAGE_LOG_FD
elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@ -1050,8 +1090,8 @@ _LT_EOF
])
# _LT_DARWIN_LINKER_FEATURES
# --------------------------
# _LT_DARWIN_LINKER_FEATURES([TAG])
# ---------------------------------
# Checks for linker and compiler features on darwin
m4_defun([_LT_DARWIN_LINKER_FEATURES],
[
@ -1062,6 +1102,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
_LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
[FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=''
fi
@ -1345,14 +1387,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
CFLAGS="$SAVE_CFLAGS"
fi
;;
sparc*-*solaris*)
*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
yes*) LD="${LD-ld} -m elf64_sparc" ;;
yes*)
case $host in
i?86-*-solaris*)
LD="${LD-ld} -m elf_x86_64"
;;
sparc*-*-solaris*)
LD="${LD-ld} -m elf64_sparc"
;;
esac
# GNU ld 2.21 introduced _sol2 emulations. Use them if available.
if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
LD="${LD-ld}_sol2"
fi
;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@ -1429,13 +1484,13 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@ -1615,6 +1670,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=196608
;;
os2*)
# The test takes a long time on OS/2.
lt_cv_sys_max_cmd_len=8192
;;
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@ -1654,7 +1714,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@ -2200,7 +2260,7 @@ need_version=unknown
case $host_os in
aix3*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@ -2209,7 +2269,7 @@ aix3*)
;;
aix[[4-9]]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@ -2274,7 +2334,7 @@ beos*)
;;
bsdi[[45]]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@ -2413,7 +2473,7 @@ m4_if([$1], [],[
;;
dgux*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@ -2466,17 +2526,18 @@ freebsd* | dragonfly*)
;;
gnu*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
haiku*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@ -2537,7 +2598,7 @@ hpux9* | hpux10* | hpux11*)
;;
interix[[3-9]]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@ -2553,7 +2614,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@ -2590,9 +2651,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
# This must be Linux ELF.
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -2655,7 +2716,7 @@ netbsd*)
;;
newsos6)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@ -2724,7 +2785,7 @@ rdos*)
;;
solaris*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -2749,7 +2810,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@ -2773,7 +2834,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@ -2804,7 +2865,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -2814,7 +2875,7 @@ tpf*)
;;
uts4*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@ -3236,7 +3297,7 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
# This must be Linux ELF.
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@ -3656,6 +3717,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK ['"\
" {last_section=section; section=\$ 3};"\
" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@ -4240,7 +4302,9 @@ m4_if([$1], [CXX], [
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC'
if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
_LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
fi
;;
esac
else
@ -4332,18 +4396,33 @@ m4_if([$1], [CXX], [
;;
*)
case `$CC -V 2>&1 | sed 5q` in
*Sun\ F* | *Sun*Fortran*)
*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)=''
;;
*Sun\ F* | *Sun*Fortran*)
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
;;
*Sun\ C*)
# Sun C 5.9
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
;;
*Intel*\ [[CF]]*Compiler*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
*Portland\ Group*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
;;
esac
;;
esac
@ -4503,7 +4582,9 @@ m4_if([$1], [CXX], [
;;
cygwin* | mingw* | cegcc*)
case $cc_basename in
cl*) ;;
cl*)
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
_LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
@ -4528,7 +4609,6 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@ -4779,8 +4859,7 @@ _LT_EOF
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
@ -5075,6 +5154,7 @@ _LT_EOF
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
@ -5172,7 +5252,6 @@ _LT_EOF
fi
if test "$with_gnu_ld" = no; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
@ -5614,9 +5693,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1],
_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
[Flag to hardcode $libdir into a binary during linking.
This must work even if $libdir does not exist])
_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
[[If ld is used when linking, flag to hardcode $libdir into a binary
during linking. This must work even if $libdir does not exist]])
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
[Whether we need a single "-rpath" flag with a separated argument])
_LT_TAGDECL([], [hardcode_direct], [0],
@ -5770,7 +5846,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@ -6901,12 +6976,18 @@ public class foo {
}
};
_LT_EOF
], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
package foo
func foo() {
}
_LT_EOF
])
_lt_libdeps_save_CFLAGS=$CFLAGS
case "$CC $CFLAGS " in #(
*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
esac
dnl Parse the compiler output and extract the necessary
@ -7103,7 +7184,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@ -7236,7 +7316,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@ -7419,6 +7498,73 @@ CFLAGS=$lt_save_CFLAGS
])# _LT_LANG_GCJ_CONFIG
# _LT_LANG_GO_CONFIG([TAG])
# --------------------------
# Ensure that the configuration variables for the GNU Go compiler
# are suitably defined. These variables are subsequently used by _LT_CONFIG
# to write the compiler configuration to `libtool'.
m4_defun([_LT_LANG_GO_CONFIG],
[AC_REQUIRE([LT_PROG_GO])dnl
AC_LANG_SAVE
# Source file extension for Go test sources.
ac_ext=go
# Object file extension for compiled Go test sources.
objext=o
_LT_TAGVAR(objext, $1)=$objext
# Code to be used in simple compile tests
lt_simple_compile_test_code="package main; func main() { }"
# Code to be used in simple link tests
lt_simple_link_test_code='package main; func main() { }'
# ltmain only uses $CC for tagged configurations so make sure $CC is set.
_LT_TAG_COMPILER
# save warnings/boilerplate of simple test code
_LT_COMPILER_BOILERPLATE
_LT_LINKER_BOILERPLATE
# Allow CC to be a program name with arguments.
lt_save_CC=$CC
lt_save_CFLAGS=$CFLAGS
lt_save_GCC=$GCC
GCC=yes
CC=${GOC-"gccgo"}
CFLAGS=$GOFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_TAGVAR(LD, $1)="$LD"
_LT_CC_BASENAME([$compiler])
# Go did not exist at the time GCC didn't implicitly link libc in.
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
_LT_TAGVAR(reload_flag, $1)=$reload_flag
_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
if test -n "$compiler"; then
_LT_COMPILER_NO_RTTI($1)
_LT_COMPILER_PIC($1)
_LT_COMPILER_C_O($1)
_LT_COMPILER_FILE_LOCKS($1)
_LT_LINKER_SHLIBS($1)
_LT_LINKER_HARDCODE_LIBPATH($1)
_LT_CONFIG($1)
fi
AC_LANG_RESTORE
GCC=$lt_save_GCC
CC=$lt_save_CC
CFLAGS=$lt_save_CFLAGS
])# _LT_LANG_GO_CONFIG
# _LT_LANG_RC_CONFIG([TAG])
# -------------------------
# Ensure that the configuration variables for the Windows resource compiler
@ -7488,6 +7634,13 @@ dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
# LT_PROG_GO
# ----------
AC_DEFUN([LT_PROG_GO],
[AC_CHECK_TOOL(GOC, gccgo,)
])
# LT_PROG_RC
# ----------
AC_DEFUN([LT_PROG_RC],
@ -8152,9 +8305,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
[AS_HELP_STRING([--with-pic],
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
[pic_mode="$withval"],
[lt_p=${PACKAGE-default}
case $withval in
yes|no) pic_mode=$withval ;;
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
for lt_pkg in $withval; do
IFS="$lt_save_ifs"
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
IFS="$lt_save_ifs"
;;
esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
@ -8326,15 +8494,15 @@ m4_define([lt_dict_filter],
# @configure_input@
# serial 3293 ltversion.m4
# serial 3337 ltversion.m4
# This file is part of GNU Libtool
m4_define([LT_PACKAGE_VERSION], [2.4])
m4_define([LT_PACKAGE_REVISION], [1.3293])
m4_define([LT_PACKAGE_VERSION], [2.4.2])
m4_define([LT_PACKAGE_REVISION], [1.3337])
AC_DEFUN([LTVERSION_VERSION],
[macro_version='2.4'
macro_revision='1.3293'
[macro_version='2.4.2'
macro_revision='1.3337'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])

4
contrib/openpam/bin/Makefile.am
View file

@ -1,6 +1,6 @@
# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $
# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
SUBDIRS =
SUBDIRS = openpam_dump_policy
if WITH_PAMTEST
SUBDIRS += pamtest

6
contrib/openpam/bin/Makefile.in
View file

@ -15,7 +15,7 @@
@SET_MAKE@
# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $
# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@ -63,7 +63,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
distdir
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = pamtest su
DIST_SUBDIRS = openpam_dump_policy pamtest su
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@ -207,7 +207,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = $(am__append_1) $(am__append_2)
SUBDIRS = openpam_dump_policy $(am__append_1) $(am__append_2)
all: all-recursive
.SUFFIXES:

7
contrib/openpam/bin/openpam_dump_policy/Makefile.am Normal file
View file

@ -0,0 +1,7 @@
# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
noinst_PROGRAMS = openpam_dump_policy
openpam_dump_policy_SOURCES = openpam_dump_policy.c
openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la

474
contrib/openpam/bin/openpam_dump_policy/Makefile.in Normal file
View file

@ -0,0 +1,474 @@
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
noinst_PROGRAMS = openpam_dump_policy$(EXEEXT)
subdir = bin/openpam_dump_policy
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
PROGRAMS = $(noinst_PROGRAMS)
am_openpam_dump_policy_OBJECTS = openpam_dump_policy.$(OBJEXT)
openpam_dump_policy_OBJECTS = $(am_openpam_dump_policy_OBJECTS)
openpam_dump_policy_DEPENDENCIES = $(top_builddir)/lib/libpam.la
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(openpam_dump_policy_SOURCES)
DIST_SOURCES = $(openpam_dump_policy_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPT_LIBS = @CRYPT_LIBS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DL_LIBS = @DL_LIBS@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIB_MAJ = @LIB_MAJ@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
openpam_dump_policy_SOURCES = openpam_dump_policy.c
openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la
all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
clean-noinstPROGRAMS:
@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
openpam_dump_policy$(EXEEXT): $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_DEPENDENCIES)
@rm -f openpam_dump_policy$(EXEEXT)
$(LINK) $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dump_policy.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(PROGRAMS)
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
clean-libtool clean-noinstPROGRAMS ctags distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

202
contrib/openpam/bin/openpam_dump_policy/openpam_dump_policy.c Normal file
View file

@ -0,0 +1,202 @@
/*-
* Copyright (c) 2011 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_dump_policy.c 582 2012-04-06 23:23:35Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
static char *
openpam_chain_name(const char *service, pam_facility_t fclt)
{
const char *facility = pam_facility_name[fclt];
char *name;
if (asprintf(&name, "pam_%s_%s", service, facility) == -1)
return (NULL);
return (name);
}
static char *
openpam_facility_index_name(pam_facility_t fclt)
{
const char *facility = pam_facility_name[fclt];
char *name, *p;
if (asprintf(&name, "PAM_%s", facility) == -1)
return (NULL);
for (p = name + 4; *p; ++p)
*p = toupper(*p);
return (name);
}
int
openpam_dump_chain(const char *name, pam_chain_t *chain)
{
char *modname, **opt, *p;
int i;
for (i = 0; chain != NULL; ++i, chain = chain->next) {
/* declare the module's struct pam_module */
modname = strrchr(chain->module->path, '/');
modname = strdup(modname ? modname : chain->module->path);
if (modname == NULL)
return (PAM_BUF_ERR);
for (p = modname; *p && *p != '.'; ++p)
/* nothing */ ;
*p = '\0';
printf("extern struct pam_module %s_pam_module;\n", modname);
/* module arguments */
printf("static char *%s_%d_optv[] = {\n", name, i);
for (opt = chain->optv; *opt; ++opt) {
printf("\t\"");
for (p = *opt; *p; ++p) {
if (isprint((unsigned char)*p) && *p != '"')
printf("%c", *p);
else
printf("\\x%02x", (unsigned char)*p);
}
printf("\",\n");
}
printf("\tNULL,\n");
printf("};\n");
/* next module in chain */
if (chain->next != NULL)
printf("static pam_chain_t %s_%d;\n", name, i + 1);
/* chain entry */
printf("static pam_chain_t %s_%d = {\n", name, i);
printf("\t.module = &%s_pam_module,\n", modname);
printf("\t.flag = 0x%08x,\n", chain->flag);
printf("\t.optc = %d,\n", chain->optc);
printf("\t.optv = %s_%d_optv,\n", name, i);
if (chain->next)
printf("\t.next = &%s_%d,\n", name, i + 1);
else
printf("\t.next = NULL,\n");
printf("};\n");
free(modname);
}
return (PAM_SUCCESS);
}
int
openpam_dump_policy(const char *service)
{
pam_handle_t *pamh;
char *name;
int fclt, ret;
if ((pamh = calloc(1, sizeof *pamh)) == NULL)
return (PAM_BUF_ERR);
if ((ret = openpam_configure(pamh, service)) != PAM_SUCCESS)
return (ret);
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
if (pamh->chains[fclt] != NULL) {
if ((name = openpam_chain_name(service, fclt)) == NULL)
return (PAM_BUF_ERR);
ret = openpam_dump_chain(name, pamh->chains[fclt]);
free(name);
if (ret != PAM_SUCCESS)
return (ret);
}
}
printf("static pam_policy_t pam_%s_policy = {\n", service);
printf("\t.service = \"%s\",\n", service);
printf("\t.chains = {\n");
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
if ((name = openpam_facility_index_name(fclt)) == NULL)
return (PAM_BUF_ERR);
printf("\t\t[%s] = ", name);
free(name);
if (pamh->chains[fclt] != NULL) {
if ((name = openpam_chain_name(service, fclt)) == NULL)
return (PAM_BUF_ERR);
printf("&%s_0,\n", name);
free(name);
} else {
printf("NULL,\n");
}
}
printf("\t},\n");
printf("};\n");
free(pamh);
return (PAM_SUCCESS);
}
static void
usage(void)
{
fprintf(stderr, "usage: openpam_dump_policy [-d] policy ...\n");
exit(1);
}
int
main(int argc, char *argv[])
{
int i, opt;
while ((opt = getopt(argc, argv, "d")) != -1)
switch (opt) {
case 'd':
openpam_debug = 1;
break;
default:
usage();
}
argc -= optind;
argv += optind;
if (argc < 1)
usage();
printf("#include <security/pam_appl.h>\n");
printf("#include \"openpam_impl.h\"\n");
for (i = 0; i < argc; ++i)
openpam_dump_policy(argv[i]);
printf("pam_policy_t *pam_embedded_policies[] = {\n");
for (i = 0; i < argc; ++i)
printf("\t&pam_%s_policy,\n", argv[i]);
printf("\tNULL,\n");
printf("};\n");
exit(0);
}

20
contrib/openpam/bin/pamtest/pamtest.1
View file

@ -10,6 +10,9 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -23,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: pamtest.1 471 2011-11-03 09:44:40Z des $
.\" $Id: pamtest.1 610 2012-05-26 14:03:45Z des $
.\"
.Dd November 2, 2011
.Dd May 26, 2012
.Dt PAMTEST 1
.Os
.Sh NAME
@ -33,7 +36,7 @@
.Nd PAM policy tester
.Sh SYNOPSYS
.Nm
.Op Fl dksv
.Op Fl dkMPsv
.Op Fl H Ar rhost
.Op Fl h Ar host
.Op Fl t Ar tty
@ -116,6 +119,11 @@ The default is to use the result of calling
.Xr gethostname 3 .
.It Fl k
Keep going even if one of the commands fails.
.It Fl M
Disable path, ownership and permission checks on module files.
.It Fl P
Disable service name validation and path, ownership and permission
checks on policy files.
.It Fl s
Set the
.Dv PAM_SILENT
@ -149,14 +157,14 @@ policy:
pamtest -v system auth account change setcred open close unsetcred
.Ed
.Sh SEE ALSO
.Xr openpam 3
.Xr pam 3
.Xr openpam 3 ,
.Xr pam 3 ,
.Xr pam.conf 5
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
.An Dag-Erling Sm\(/orgrav Aq des@des.no .
.Sh BUGS
The
.Nm

19
contrib/openpam/bin/pamtest/pamtest.c
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: pamtest.c 472 2011-11-03 09:46:52Z des $
* $Id: pamtest.c 595 2012-04-14 14:28:35Z des $
*/
#ifdef HAVE_CONFIG_H
@ -261,8 +264,8 @@ static void
usage(void)
{
fprintf(stderr, "usage: pamtest [-dksv] %s\n",
"[-H rhost] [-h host] [-t tty] [-U ruser] [-u user] service");
fprintf(stderr, "usage: pamtest %s service command ...\n",
"[-dkMPsv] [-H rhost] [-h host] [-t tty] [-U ruser] [-u user]");
exit(1);
}
@ -297,7 +300,7 @@ main(int argc, char *argv[])
int pame;
int opt;
while ((opt = getopt(argc, argv, "dH:h:kst:U:u:v")) != -1)
while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1)
switch (opt) {
case 'd':
openpam_debug++;
@ -311,6 +314,14 @@ main(int argc, char *argv[])
case 'k':
keepatit = 1;
break;
case 'M':
openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0);
openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0);
break;
case 'P':
openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0);
openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0);
break;
case 's':
silent = PAM_SILENT;
break;

11
contrib/openpam/bin/su/su.1
View file

@ -10,6 +10,9 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -23,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: su.1 458 2011-11-02 13:10:25Z des $
.\" $Id: su.1 610 2012-05-26 14:03:45Z des $
.\"
.Dd November 2, 2011
.Dd May 26, 2012
.Dt SU 1
.Os
.Sh NAME
@ -53,10 +56,10 @@ The
utility is provided with the OpenPAM library as a sample application
and should not be used in production systems.
.Sh SEE ALSO
.Xr openpam 3
.Xr openpam 3 ,
.Xr pam 3
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

6
contrib/openpam/config.h.in
View file

@ -9,6 +9,9 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* Define to 1 if you have the `fdlopen' function. */
#undef HAVE_FDLOPEN
/* Define to 1 if you have the `fpurge' function. */
#undef HAVE_FPURGE
@ -36,6 +39,9 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strlcat' function. */
#undef HAVE_STRLCAT
/* Define to 1 if you have the `strlcmp' function. */
#undef HAVE_STRLCMP

197
contrib/openpam/configure vendored
View file

@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Id: configure.ac 507 2011-12-18 14:43:40Z des .
# From configure.ac Id: configure.ac 610 2012-05-26 14:03:45Z des .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for OpenPAM 20111218.
# Generated by GNU Autoconf 2.68 for OpenPAM 20120526.
#
# Report bugs to <des@des.no>.
#
@ -570,8 +570,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='OpenPAM'
PACKAGE_TARNAME='openpam'
PACKAGE_VERSION='20111218'
PACKAGE_STRING='OpenPAM 20111218'
PACKAGE_VERSION='20120526'
PACKAGE_STRING='OpenPAM 20120526'
PACKAGE_BUGREPORT='des@des.no'
PACKAGE_URL=''
@ -1308,7 +1308,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenPAM 20111218 to adapt to many kinds of systems.
\`configure' configures OpenPAM 20120526 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1378,7 +1378,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenPAM 20111218:";;
short | recursive ) echo "Configuration of OpenPAM 20120526:";;
esac
cat <<\_ACEOF
@ -1405,7 +1405,7 @@ Optional Features:
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic try to use only PIC/non-PIC objects [default=use
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
@ -1492,7 +1492,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
OpenPAM configure 20111218
OpenPAM configure 20120526
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@ -1861,7 +1861,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenPAM $as_me 20111218, which was
It was created by OpenPAM $as_me 20120526, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@ -2678,7 +2678,7 @@ fi
# Define the identity of the package.
PACKAGE='openpam'
VERSION='20111218'
VERSION='20120526'
cat >>confdefs.h <<_ACEOF
@ -4631,8 +4631,8 @@ esac
macro_version='2.4'
macro_revision='1.3293'
macro_version='2.4.2'
macro_revision='1.3337'
@ -5347,6 +5347,11 @@ else
lt_cv_sys_max_cmd_len=196608
;;
os2*)
# The test takes a long time on OS/2.
lt_cv_sys_max_cmd_len=8192
;;
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@ -5386,7 +5391,7 @@ else
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@ -5815,7 +5820,7 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
# This must be Linux ELF.
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@ -6455,13 +6460,13 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@ -6608,6 +6613,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK '"\
" {last_section=section; section=\$ 3};"\
" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@ -6996,7 +7002,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
CFLAGS="$SAVE_CFLAGS"
fi
;;
sparc*-*solaris*)
*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@ -7007,7 +7013,20 @@ sparc*-*solaris*)
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
yes*) LD="${LD-ld} -m elf64_sparc" ;;
yes*)
case $host in
i?86-*-solaris*)
LD="${LD-ld} -m elf_x86_64"
;;
sparc*-*-solaris*)
LD="${LD-ld} -m elf64_sparc"
;;
esac
# GNU ld 2.21 introduced _sol2 emulations. Use them if available.
if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
LD="${LD-ld}_sol2"
fi
;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@ -7647,7 +7666,13 @@ else
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
# If there is a non-empty error log, and "single_module"
# appears in it, assume the flag caused a linker warning
if test -s conftest.err && $GREP single_module conftest.err; then
cat conftest.err >&5
# Otherwise, if the output was created with a 0 exit code from
# the compiler, it worked.
elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&5
@ -7658,6 +7683,7 @@ else
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
if ${lt_cv_ld_exported_symbols_list+:} false; then :
@ -7690,6 +7716,7 @@ rm -f core conftest.err conftest.$ac_objext \
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
$as_echo_n "checking for -force_load linker flag... " >&6; }
if ${lt_cv_ld_force_load+:} false; then :
@ -7711,7 +7738,9 @@ _LT_EOF
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
if test -s conftest.err && $GREP force_load conftest.err; then
cat conftest.err >&5
elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&5
@ -7847,7 +7876,22 @@ fi
# Check whether --with-pic was given.
if test "${with_pic+set}" = set; then :
withval=$with_pic; pic_mode="$withval"
withval=$with_pic; lt_p=${PACKAGE-default}
case $withval in
yes|no) pic_mode=$withval ;;
*)
pic_mode=default
# Look at the argument we got. We use all the common list separators.
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
for lt_pkg in $withval; do
IFS="$lt_save_ifs"
if test "X$lt_pkg" = "X$lt_p"; then
pic_mode=yes
fi
done
IFS="$lt_save_ifs"
;;
esac
else
pic_mode=default
fi
@ -7920,6 +7964,10 @@ LIBTOOL='$(SHELL) $(top_builddir)/libtool'
@ -8380,7 +8428,9 @@ lt_prog_compiler_static=
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
lt_prog_compiler_wl='-Xlinker '
lt_prog_compiler_pic='-Xcompiler -fPIC'
if test -n "$lt_prog_compiler_pic"; then
lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
fi
;;
esac
else
@ -8471,18 +8521,33 @@ lt_prog_compiler_static=
;;
*)
case `$CC -V 2>&1 | sed 5q` in
*Sun\ F* | *Sun*Fortran*)
*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl=''
;;
*Sun\ F* | *Sun*Fortran*)
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl='-Qoption ld '
;;
*Sun\ C*)
# Sun C 5.9
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl='-Wl,'
;;
*Intel*\ [CF]*Compiler*)
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-fPIC'
lt_prog_compiler_static='-static'
;;
*Portland\ Group*)
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-fpic'
lt_prog_compiler_static='-Bstatic'
;;
esac
;;
esac
@ -8844,7 +8909,6 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
hardcode_direct=no
hardcode_direct_absolute=no
hardcode_libdir_flag_spec=
hardcode_libdir_flag_spec_ld=
hardcode_libdir_separator=
hardcode_minus_L=no
hardcode_shlibpath_var=unsupported
@ -9094,8 +9158,7 @@ _LT_EOF
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
hardcode_libdir_flag_spec=
hardcode_libdir_flag_spec_ld='-rpath $libdir'
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
@ -9474,6 +9537,7 @@ fi
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
enable_shared_with_static_runtimes=yes
exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
old_postinstall_cmds='chmod 644 $oldlib'
@ -9519,6 +9583,7 @@ fi
hardcode_shlibpath_var=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
else
whole_archive_flag_spec=''
fi
@ -9598,7 +9663,6 @@ fi
fi
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
hardcode_libdir_flag_spec_ld='+b $libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
hardcode_direct_absolute=yes
@ -10216,11 +10280,6 @@ esac
@ -10316,7 +10375,7 @@ need_version=unknown
case $host_os in
aix3*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@ -10325,7 +10384,7 @@ aix3*)
;;
aix[4-9]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@ -10390,7 +10449,7 @@ beos*)
;;
bsdi[45]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@ -10529,7 +10588,7 @@ darwin* | rhapsody*)
;;
dgux*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@ -10582,17 +10641,18 @@ freebsd* | dragonfly*)
;;
gnu*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
haiku*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@ -10653,7 +10713,7 @@ hpux9* | hpux10* | hpux11*)
;;
interix[3-9]*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@ -10669,7 +10729,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@ -10706,9 +10766,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
# This must be Linux ELF.
# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -10790,7 +10850,7 @@ netbsd*)
;;
newsos6)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@ -10859,7 +10919,7 @@ rdos*)
;;
solaris*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -10884,7 +10944,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@ -10908,7 +10968,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@ -10939,7 +10999,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@ -10949,7 +11009,7 @@ tpf*)
;;
uts4*)
version_type=linux
version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@ -11731,6 +11791,8 @@ CC="$lt_save_CC"
ac_config_commands="$ac_config_commands libtool"
@ -11875,7 +11937,7 @@ fi
done
for ac_func in fpurge strlcmp strlcpy
for ac_func in fdlopen fpurge strlcat strlcmp strlcpy
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -12006,7 +12068,9 @@ if test "${enable_werror+set}" = set; then :
fi
ac_config_files="$ac_config_files bin/Makefile bin/pamtest/Makefile bin/su/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_unix/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile doc/Makefile doc/man/Makefile Makefile"
ac_config_files="$ac_config_files Makefile bin/Makefile bin/openpam_dump_policy/Makefile bin/pamtest/Makefile bin/su/Makefile doc/Makefile doc/man/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile modules/pam_unix/Makefile t/Makefile"
ac_config_files="$ac_config_files pamgdb"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@ -12558,7 +12622,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by OpenPAM $as_me 20111218, which was
This file was extended by OpenPAM $as_me 20120526, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -12624,7 +12688,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
OpenPAM config.status 20111218
OpenPAM config.status 20120526
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@ -12761,6 +12825,7 @@ pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
@ -12843,7 +12908,6 @@ with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_flag_spec_ld='`$ECHO "$hardcode_libdir_flag_spec_ld" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
@ -12899,6 +12963,7 @@ _LTECHO_EOF'
# Quote evaled strings.
for var in SHELL \
ECHO \
PATH_SEPARATOR \
SED \
GREP \
EGREP \
@ -12949,7 +13014,6 @@ with_gnu_ld \
allow_undefined_flag \
no_undefined_flag \
hardcode_libdir_flag_spec \
hardcode_libdir_flag_spec_ld \
hardcode_libdir_separator \
exclude_expsyms \
include_expsyms \
@ -13033,19 +13097,22 @@ do
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
"libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"bin/Makefile") CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;;
"bin/openpam_dump_policy/Makefile") CONFIG_FILES="$CONFIG_FILES bin/openpam_dump_policy/Makefile" ;;
"bin/pamtest/Makefile") CONFIG_FILES="$CONFIG_FILES bin/pamtest/Makefile" ;;
"bin/su/Makefile") CONFIG_FILES="$CONFIG_FILES bin/su/Makefile" ;;
"doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
"doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;;
"include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
"include/security/Makefile") CONFIG_FILES="$CONFIG_FILES include/security/Makefile" ;;
"lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
"modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;;
"modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;;
"modules/pam_deny/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_deny/Makefile" ;;
"modules/pam_permit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_permit/Makefile" ;;
"doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
"doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;;
"t/Makefile") CONFIG_FILES="$CONFIG_FILES t/Makefile" ;;
"pamgdb") CONFIG_FILES="$CONFIG_FILES pamgdb" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
@ -13757,8 +13824,8 @@ $as_echo X"$file" |
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
# Inc.
# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@ -13812,6 +13879,9 @@ SHELL=$lt_SHELL
# An echo program that protects backslashes.
ECHO=$lt_ECHO
# The PATH separator for the build system.
PATH_SEPARATOR=$lt_PATH_SEPARATOR
# The host system.
host_alias=$host_alias
host=$host
@ -14113,10 +14183,6 @@ no_undefined_flag=$lt_no_undefined_flag
# This must work even if \$libdir does not exist
hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
# If ld is used when linking, flag to hardcode \$libdir into a binary
# during linking. This must work even if \$libdir does not exist.
hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
# Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator=$lt_hardcode_libdir_separator
@ -14367,6 +14433,7 @@ fi
chmod +x "$ofile"
;;
"pamgdb":F) chmod +x pamgdb ;;
esac
done # for ac_tag

19
contrib/openpam/configure.ac
View file

@ -1,8 +1,8 @@
dnl $Id: configure.ac 507 2011-12-18 14:43:40Z des $
dnl $Id: configure.ac 610 2012-05-26 14:03:45Z des $
AC_PREREQ([2.62])
AC_REVISION([$Id: configure.ac 507 2011-12-18 14:43:40Z des $])
AC_INIT([OpenPAM], [20111218], [des@des.no])
AC_REVISION([$Id: configure.ac 610 2012-05-26 14:03:45Z des $])
AC_INIT([OpenPAM], [20120526], [des@des.no])
AC_CONFIG_SRCDIR([lib/pam_start.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([foreign])
@ -83,7 +83,7 @@ AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
AC_CHECK_HEADERS([crypt.h])
AC_CHECK_FUNCS([fpurge strlcmp strlcpy])
AC_CHECK_FUNCS([fdlopen fpurge strlcat strlcmp strlcpy])
saved_LIBS="${LIBS}"
LIBS=""
@ -110,18 +110,21 @@ AC_ARG_ENABLE([werror],
[CFLAGS="${CFLAGS} -Werror"])
AC_CONFIG_FILES([
Makefile
bin/Makefile
bin/openpam_dump_policy/Makefile
bin/pamtest/Makefile
bin/su/Makefile
doc/Makefile
doc/man/Makefile
include/Makefile
include/security/Makefile
lib/Makefile
modules/Makefile
modules/pam_unix/Makefile
modules/pam_deny/Makefile
modules/pam_permit/Makefile
doc/Makefile
doc/man/Makefile
Makefile
modules/pam_unix/Makefile
t/Makefile
])
AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
AC_OUTPUT

15
contrib/openpam/doc/man/Makefile.am
View file

@ -1,4 +1,4 @@
# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $
# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $
NULL =
@ -38,12 +38,17 @@ OMAN = \
openpam_borrow_cred.3 \
openpam_free_data.3 \
openpam_free_envlist.3 \
openpam_get_feature.3 \
openpam_get_option.3 \
openpam_log.3 \
openpam_nullconv.3 \
openpam_readline.3 \
openpam_readlinev.3 \
openpam_readword.3 \
openpam_restore_cred.3 \
openpam_set_feature.3 \
openpam_set_option.3 \
openpam_straddch.3 \
openpam_subst.3 \
openpam_ttyconv.3 \
pam_error.3 \
@ -68,17 +73,17 @@ CLEANFILES = $(ALLCMAN) openpam.3 pam.3
GENDOC = $(top_srcdir)/misc/gendoc.pl
SRCDIR = $(top_srcdir)/lib
LIBSRCDIR = $(top_srcdir)/lib
VPATH = $(SRCDIR)
VPATH = $(LIBSRCDIR) $(srcdir)
SUFFIXES = .3
.c.3: $(GENDOC)
perl -w $(GENDOC) $<
openpam.3: $(OMAN) $(GENDOC) openpam.man
openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
pam.3: $(PMAN) $(GENDOC) pam.man
pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man

15
contrib/openpam/doc/man/Makefile.in
View file

@ -15,7 +15,7 @@
@SET_MAKE@
# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $
# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -74,7 +74,7 @@ man5dir = $(mandir)/man5
NROFF = nroff
MANS = $(dist_man3_MANS) $(dist_man5_MANS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
VPATH = $(SRCDIR)
VPATH = $(LIBSRCDIR) $(srcdir)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AR = @AR@
@ -232,12 +232,17 @@ OMAN = \
openpam_borrow_cred.3 \
openpam_free_data.3 \
openpam_free_envlist.3 \
openpam_get_feature.3 \
openpam_get_option.3 \
openpam_log.3 \
openpam_nullconv.3 \
openpam_readline.3 \
openpam_readlinev.3 \
openpam_readword.3 \
openpam_restore_cred.3 \
openpam_set_feature.3 \
openpam_set_option.3 \
openpam_straddch.3 \
openpam_subst.3 \
openpam_ttyconv.3 \
pam_error.3 \
@ -256,7 +261,7 @@ dist_man3_MANS = $(ALLCMAN) openpam.3 pam.3 pam_conv.3
dist_man5_MANS = pam.conf.5
CLEANFILES = $(ALLCMAN) openpam.3 pam.3
GENDOC = $(top_srcdir)/misc/gendoc.pl
SRCDIR = $(top_srcdir)/lib
LIBSRCDIR = $(top_srcdir)/lib
SUFFIXES = .3
all: all-am
@ -536,10 +541,10 @@ uninstall-man: uninstall-man3 uninstall-man5
.c.3: $(GENDOC)
perl -w $(GENDOC) $<
openpam.3: $(OMAN) $(GENDOC) openpam.man
openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
pam.3: $(PMAN) $(GENDOC) pam.man
pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man
# Tell versions [3.59,3.63) of GNU make to not export all variables.

25
contrib/openpam/doc/man/openpam.3
View file

@ -34,19 +34,24 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM 3
.Os
.Sh NAME
.Nm openpam_borrow_cred ,
.Nm openpam_free_data ,
.Nm openpam_free_envlist ,
.Nm openpam_get_feature ,
.Nm openpam_get_option ,
.Nm openpam_log ,
.Nm openpam_nullconv ,
.Nm openpam_readline ,
.Nm openpam_readlinev ,
.Nm openpam_readword ,
.Nm openpam_restore_cred ,
.Nm openpam_set_feature ,
.Nm openpam_set_option ,
.Nm openpam_straddch ,
.Nm openpam_subst ,
.Nm openpam_ttyconv ,
.Nm pam_error ,
@ -68,6 +73,8 @@
.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
.Ft "void"
.Fn openpam_free_envlist "char **envlist"
.Ft "int"
.Fn openpam_get_feature "int feature" "int *onoff"
.Ft "const char *"
.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
.Ft "void"
@ -76,11 +83,19 @@
.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Ft "char *"
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
.Ft "char **"
.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp"
.Ft "char *"
.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp"
.Ft "int"
.Fn openpam_restore_cred "pam_handle_t *pamh"
.Ft "int"
.Fn openpam_set_feature "int feature" "int onoff"
.Ft "int"
.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
.Ft "int"
.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch"
.Ft "int"
.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template"
.Ft "int"
.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
@ -117,12 +132,17 @@ standardization.
.Xr openpam_borrow_cred 3 ,
.Xr openpam_free_data 3 ,
.Xr openpam_free_envlist 3 ,
.Xr openpam_get_feature 3 ,
.Xr openpam_get_option 3 ,
.Xr openpam_log 3 ,
.Xr openpam_nullconv 3 ,
.Xr openpam_readline 3 ,
.Xr openpam_readlinev 3 ,
.Xr openpam_readword 3 ,
.Xr openpam_restore_cred 3 ,
.Xr openpam_set_feature 3 ,
.Xr openpam_set_option 3 ,
.Xr openpam_straddch 3 ,
.Xr openpam_subst 3 ,
.Xr openpam_ttyconv 3 ,
.Xr pam_error 3 ,
@ -146,3 +166,6 @@ Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
The OpenPAM library is maintained by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

16
contrib/openpam/doc/man/openpam_borrow_cred.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_BORROW_CRED 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_borrow_cred
function saves the current credentials and
switches to those of the user specified by its
.Fa pwd
@ -62,7 +62,7 @@ The original credentials can be restored using
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_borrow_cred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -81,15 +81,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
.Fn openpam_borrow_cred
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_borrow_cred
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/openpam_free_data.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_FREE_DATA 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_free_data
function is a cleanup function suitable for
passing to
.Xr pam_set_data 3 .
@ -64,15 +64,15 @@ argument to
.Xr pam_set_data 3
.Sh STANDARDS
The
.Nm
.Fn openpam_free_data
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_free_data
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

15
contrib/openpam/doc/man/openpam_free_envlist.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_FREE_ENVLIST 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_free_envlist "char **envlist"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_free_envlist
function is a convenience function which
frees all the environment variables in an environment list, and the
list itself.
@ -62,12 +62,11 @@ It is suitable for freeing the return value from
.Xr pam_getenvlist 3
.Sh STANDARDS
The
.Nm
.Fn openpam_free_envlist
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fx
Project by
.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
.Fn openpam_free_envlist
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

105
contrib/openpam/doc/man/openpam_get_feature.3 Normal file
View file

@ -0,0 +1,105 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd May 26, 2012
.Dt OPENPAM_GET_FEATURE 3
.Os
.Sh NAME
.Nm openpam_get_feature
.Nd query the state of an optional feature
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "int"
.Fn openpam_get_feature "int feature" "int *onoff"
.Sh DESCRIPTION
.Bf Sy
This function is experimental and may be modified or removed in a future release without further warning.
.Ef
.Pp
The
.Fn openpam_get_feature
function stores the current state of the
specified feature in the variable pointed to by its
.Fa onoff
argument.
.Pp
The following features are recognized:
.Bl -tag -width 18n
.It Dv OPENPAM_RESTRICT_SERVICE_NAME
Disallow path separators in service names.
This feature is enabled by default.
Disabling it allows the application to specify the path to
the desired policy file directly.
.It Dv OPENPAM_VERIFY_POLICY_FILE
Verify the ownership and permissions of the policy file
and the path leading up to it.
This feature is enabled by default.
.It Dv OPENPAM_RESTRICT_MODULE_NAME
Disallow path separators in module names.
This feature is disabled by default.
Enabling it prevents the use of modules in non-standard
locations.
.It Dv OPENPAM_VERIFY_MODULE_FILE
Verify the ownership and permissions of each loadable
module and the path leading up to it.
This feature is enabled by default.
.El
.Sh RETURN VALUES
The
.Fn openpam_get_feature
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.El
.Sh SEE ALSO
.Xr openpam_set_feature 3 ,
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
The
.Fn openpam_get_feature
function is an OpenPAM extension.
.Sh AUTHORS
The
.Fn openpam_get_feature
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

16
contrib/openpam/doc/man/openpam_get_option.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_get_option
function returns the value of the specified
option in the context of the currently executing service module, or
.Dv NULL
@ -58,7 +58,7 @@ if the option is not set or no module is currently executing.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_get_option
function returns
.Dv NULL
on failure.
@ -67,15 +67,15 @@ on failure.
.Xr pam 3
.Sh STANDARDS
The
.Nm
.Fn openpam_get_option
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_get_option
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

17
contrib/openpam/doc/man/openpam_log.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_LOG 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_log "int level" "const char *fmt" "..."
.Sh DESCRIPTION
The
.Nm
.Fn openpam_log
function logs messages using
.Xr syslog 3 .
It is primarily intended for internal use by the library and modules.
@ -60,6 +60,9 @@ The
argument indicates the importance of the message.
The following levels are defined:
.Bl -tag -width 18n
.It Dv PAM_LOG_LIBDEBUG
Debugging messages.
For internal use only.
.It Dv PAM_LOG_DEBUG
Debugging messages.
These messages are normally not logged unless the global
@ -101,15 +104,15 @@ corresponding arguments.
.Xr syslog 3
.Sh STANDARDS
The
.Nm
.Fn openpam_log
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_log
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/openpam_nullconv.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_NULLCONV 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_nullconv
function is a null conversation function suitable
for applications that want to use PAM but don't support interactive
dialog with the user.
@ -71,7 +71,7 @@ try to query the user.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_nullconv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_CONV_ERR
@ -88,15 +88,15 @@ Conversation failure.
.Xr pam_vprompt 3
.Sh STANDARDS
The
.Nm
.Fn openpam_nullconv
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_nullconv
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

36
contrib/openpam/doc/man/openpam_readline.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_READLINE 3
.Os
.Sh NAME
@ -44,27 +44,32 @@
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In stdio.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "char *"
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
.Sh DESCRIPTION
.Bf Sy
This function is deprecated and may be removed in a future release without further warning.
The
.Nm
.Fn openpam_readlinev
function may be used to achieve similar results.
.Ef
.Pp
The
.Fn openpam_readline
function reads a line from a file, and returns it
in a NUL-terminated buffer allocated with
.Xr malloc 3 .
.Pp
The
.Nm
.Fn openpam_readline
function performs a certain amount of processing
on the data it reads:
.Bl -bullet
.It
Comments (introduced by a hash sign) are stripped, as is leading and
trailing whitespace.
.It
Any amount of linear whitespace is collapsed to a single space.
Comments (introduced by a hash sign) are stripped.
.It
Blank lines are ignored.
.It
@ -89,27 +94,28 @@ terminating NUL character) is stored in the variable it points to.
The caller is responsible for releasing the returned buffer by passing
it to
.Xr free 3 .
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_readline
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr free 3 ,
.Xr malloc 3 ,
.Xr openpam_readlinev 3 ,
.Xr openpam_readword 3 ,
.Xr pam 3
.Sh STANDARDS
The
.Nm
.Fn openpam_readline
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_readline
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

159
contrib/openpam/doc/man/openpam_readlinev.3 Normal file
View file

@ -0,0 +1,159 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd May 26, 2012
.Dt OPENPAM_READLINEV 3
.Os
.Sh NAME
.Nm openpam_readlinev
.Nd read a line from a file and split it into words
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In stdio.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "char **"
.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp"
.Sh DESCRIPTION
The
.Fn openpam_readlinev
function reads a line from a file, splits it
into words according to the rules described in the
.Xr openpam_readword 3
manual page, and returns a list of those words.
.Pp
If
.Fa lineno
is not
.Dv NULL ,
the integer variable it points to is
incremented every time a newline character is read.
This includes quoted or escaped newline characters and the newline
character at the end of the line.
.Pp
If
.Fa lenp
is not
.Dv NULL ,
the number of words on the line is stored in the
variable to which it points.
.Sh RETURN VALUES
If successful, the
.Fn openpam_readlinev
function returns a pointer to a
dynamically allocated array of pointers to individual dynamically
allocated NUL-terminated strings, each containing a single word, in the
order in which they were encountered on the line.
The array is terminated by a
.Dv NULL
pointer.
.Pp
The caller is responsible for freeing both the array and the individual
strings by passing each of them to
.Xr free 3 .
.Pp
If the end of the line was reached before any words were read,
.Fn openpam_readlinev
returns a pointer to a dynamically allocated array
containing a single
.Dv NULL
pointer.
.Pp
The
.Fn openpam_readlinev
function can fail and return
.Dv NULL
for one of
four reasons:
.Bl -bullet
.It
The end of the file was reached before any words were read;
.Va errno
is
zero,
.Xr ferror 3
returns zero, and
.Xr feof 3
returns a non-zero value.
.It
The end of the file was reached while a quote or backslash escape
was in effect;
.Va errno
is set to
.Dv EINVAL ,
.Xr ferror 3
returns zero, and
.Xr feof 3
returns a non-zero value.
.It
An error occurred while reading from the file;
.Va errno
is non-zero,
.Xr ferror 3
returns a non-zero value and
.Xr feof 3
returns zero.
.It
A
.Xr malloc 3
or
.Xr realloc 3
call failed;
.Va errno
is set to
.Dv ENOMEM ,
.Xr ferror 3
returns a non-zero value, and
.Xr feof 3
may or may not return
a non-zero value.
.El
.Sh SEE ALSO
.Xr openpam_readline 3 ,
.Xr openpam_readword 3 ,
.Xr pam 3
.Sh STANDARDS
The
.Fn openpam_readlinev
function is an OpenPAM extension.
.Sh AUTHORS
The
.Fn openpam_readlinev
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

152
contrib/openpam/doc/man/openpam_readword.3 Normal file
View file

@ -0,0 +1,152 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd May 26, 2012
.Dt OPENPAM_READWORD 3
.Os
.Sh NAME
.Nm openpam_readword
.Nd read a word from a file, respecting shell quoting rules
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In stdio.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "char *"
.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp"
.Sh DESCRIPTION
The
.Fn openpam_readword
function reads the next word from a file, and
returns it in a NUL-terminated buffer allocated with
.Xr malloc 3 .
.Pp
A word is a sequence of non-whitespace characters.
However, whitespace characters can be included in a word if quoted or
escaped according to the following rules:
.Bl -bullet
.It
An unescaped single or double quote introduces a quoted string,
which ends when the same quote character is encountered a second
time.
The quotes themselves are stripped.
.It
Within a single- or double-quoted string, all whitespace characters,
including the newline character, are preserved as-is.
.It
Outside a quoted string, a backslash escapes the next character,
which is preserved as-is, unless that character is a newline, in
which case it is discarded and reading continues at the beginning of
the next line as if the backslash and newline had not been there.
In all cases, the backslash itself is discarded.
.It
Within a single-quoted string, double quotes and backslashes are
preserved as-is.
.It
Within a double-quoted string, a single quote is preserved as-is,
and a backslash is preserved as-is unless used to escape a double
quote.
.El
.Pp
In addition, if the first non-whitespace character on the line is a
hash character (#), the rest of the line is discarded.
If a hash character occurs within a word, however, it is preserved
as-is.
A backslash at the end of a comment does cause line continuation.
.Pp
If
.Fa lineno
is not
.Dv NULL ,
the integer variable it points to is
incremented every time a quoted or escaped newline character is read.
.Pp
If
.Fa lenp
is not
.Dv NULL ,
the length of the word (after quotes and
backslashes have been removed) is stored in the variable it points to.
.Sh RETURN VALUES
If successful, the
.Fn openpam_readword
function returns a pointer to a
dynamically allocated NUL-terminated string containing the first word
encountered on the line.
.Pp
The caller is responsible for releasing the returned buffer by passing
it to
.Xr free 3 .
.Pp
If
.Fn openpam_readword
reaches the end of the line or file before any
characters are copied to the word, it returns
.Dv NULL .
In the former
case, the newline is pushed back to the file.
.Pp
If
.Fn openpam_readword
reaches the end of the file while a quote or
backslash escape is in effect, it sets
.Va errno
to
.Dv EINVAL
and returns
.Dv NULL .
.Sh IMPLEMENTATION NOTES
The parsing rules are intended to be equivalent to the normal POSIX
shell quoting rules.
Any discrepancy is a bug and should be reported to the author along
with sample input that can be used to reproduce the error.
.Pp
.Sh SEE ALSO
.Xr openpam_readline 3 ,
.Xr openpam_readlinev 3 ,
.Xr pam 3
.Sh STANDARDS
The
.Fn openpam_readword
function is an OpenPAM extension.
.Sh AUTHORS
The
.Fn openpam_readword
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

16
contrib/openpam/doc/man/openpam_restore_cred.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_RESTORE_CRED 3
.Os
.Sh NAME
@ -50,13 +50,13 @@
.Fn openpam_restore_cred "pam_handle_t *pamh"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_restore_cred
function restores the credentials saved by
.Xr openpam_borrow_cred 3 .
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_restore_cred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_NO_MODULE_DATA
@ -73,15 +73,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
.Fn openpam_restore_cred
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_restore_cred
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

87
contrib/openpam/doc/man/openpam_set_feature.3 Normal file
View file

@ -0,0 +1,87 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd May 26, 2012
.Dt OPENPAM_SET_FEATURE 3
.Os
.Sh NAME
.Nm openpam_set_feature
.Nd enable or disable an optional feature
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "int"
.Fn openpam_set_feature "int feature" "int onoff"
.Sh DESCRIPTION
.Bf Sy
This function is experimental and may be modified or removed in a future release without further warning.
.Ef
.Pp
The
.Fn openpam_set_feature
function sets the state of the specified
feature to the value specified by the
.Fa onoff
argument.
See
.Xr openpam_get_feature 3
for a list of recognized features.
.Pp
.Sh RETURN VALUES
The
.Fn openpam_set_feature
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.El
.Sh SEE ALSO
.Xr openpam_get_feature 3 ,
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
The
.Fn openpam_set_feature
function is an OpenPAM extension.
.Sh AUTHORS
The
.Fn openpam_set_feature
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

16
contrib/openpam/doc/man/openpam_set_option.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME
@ -50,13 +50,13 @@
.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_set_option
function sets the specified option in the
context of the currently executing service module.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_set_option
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -70,15 +70,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
.Fn openpam_set_option
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_set_option
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

122
contrib/openpam/doc/man/openpam_straddch.3 Normal file
View file

@ -0,0 +1,122 @@
.\"-
.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" Network Associates Laboratories, the Security Research Division of
.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.\" ("CBOSS"), as part of the DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd May 26, 2012
.Dt OPENPAM_STRADDCH 3
.Os
.Sh NAME
.Nm openpam_straddch
.Nd add a character to a string, expanding the buffer if needed
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "int"
.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch"
.Sh DESCRIPTION
The
.Fn openpam_straddch
function appends a character to a dynamically
allocated NUL-terminated buffer, reallocating the buffer as needed.
.Pp
The
.Fa str
argument points to a variable containing either a pointer to
an existing buffer or
.Dv NULL .
If the value of the variable pointed to by
.Fa str
is
.Dv NULL ,
a new buffer
is allocated.
.Pp
The
.Fa size
and
.Fa len
argument point to variables used to hold the size
of the buffer and the length of the string it contains, respectively.
.Pp
If a new buffer is allocated or an existing buffer is reallocated to
make room for the additional character,
.Fa str
and
.Fa size
are updated
accordingly.
.Pp
The
.Fn openpam_straddch
function ensures that the buffer is always
NUL-terminated.
.Pp
If the
.Fn openpam_straddch
function is successful, it increments the
integer variable pointed to by
.Fa len
and returns 0.
Otherwise, it leaves the variables pointed to by
.Fa str ,
.Fa size
and
.Fa len
unmodified, sets
.Va errno
to
.Dv ENOMEM
and returns -1.
.Pp
.Sh RETURN VALUES
The
.Fn openpam_straddch
function returns 0 on success and -1 on failure.
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
The
.Fn openpam_straddch
function is an OpenPAM extension.
.Sh AUTHORS
The
.Fn openpam_straddch
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

22
contrib/openpam/doc/man/openpam_subst.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_SUBST 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_subst
function expands a string, substituting PAM item
values for all occurrences of specific substitution codes.
The
@ -73,12 +73,12 @@ string,
.Fa bufsize
is updated to reflect the amount of space required to
hold the entire string, and
.Nm
.Fn openpam_subst
returns
.Dv PAM_TRY_AGAIN .
.Pp
If
.Nm
.Fn openpam_subst
fails for any other reason, the
.Fa bufsize
argument is
@ -112,10 +112,9 @@ Replaced by the current value of the
.Dv PAM_USER
item.
.El
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_subst
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYSTEM_ERR
@ -131,12 +130,11 @@ Try again.
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
.Fn openpam_subst
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fx
Project by
.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
.Fn openpam_subst
function and this manual page were
developed by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

18
contrib/openpam/doc/man/openpam_ttyconv.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Sh DESCRIPTION
The
.Nm
.Fn openpam_ttyconv
function is a standard conversation function
suitable for use on TTY devices.
It should be adequate for the needs of most text-based interactive
programs.
.Pp
The
.Nm
.Fn openpam_ttyconv
function allows the application to specify a
timeout for user input by setting the global integer variable
.Va openpam_ttyconv_timeout
@ -65,7 +65,7 @@ to the length of the timeout in seconds.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn openpam_ttyconv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -83,15 +83,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
.Nm
.Fn openpam_ttyconv
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn openpam_ttyconv
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

5
contrib/openpam/doc/man/pam.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM 3
.Os
.Sh NAME
@ -291,3 +291,6 @@ Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
The OpenPAM library is maintained by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

10
contrib/openpam/doc/man/pam.conf.5
View file

@ -26,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: pam.conf.5 485 2011-11-03 16:57:37Z des $
.\" $Id: pam.conf.5 610 2012-05-26 14:03:45Z des $
.\"
.Dd November 3, 2011
.Dd May 26, 2012
.Dt PAM.CONF 5
.Os
.Sh NAME
@ -50,7 +50,7 @@ decreasing order of preference:
.Pp
If none of these locations contains a policy for the given service,
the
.Dv default
.Dq Dv other
policy is used instead, if it exists.
.Pp
Entries in per-service policy files must be of one of the two forms
@ -177,5 +177,5 @@ DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
This manual page was written by
.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
The OpenPAM library is maintained by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

16
contrib/openpam/doc/man/pam_acct_mgmt.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_acct_mgmt
function verifies and enforces account restrictions
after the user has been authenticated.
.Pp
@ -65,12 +65,12 @@ Fail if the user's authentication token is null.
.El
.Pp
If any other bits are set,
.Nm
.Fn pam_acct_mgmt
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_acct_mgmt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -104,11 +104,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_acct_mgmt
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

18
contrib/openpam/doc/man/pam_authenticate.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME
@ -49,14 +49,14 @@
.Fn pam_authenticate "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_authenticate
function attempts to authenticate the user
associated with the pam context specified by the
.Fa pamh
argument.
.Pp
The application is free to call
.Nm
.Fn pam_authenticate
as many times as it
wishes, but some modules may maintain an internal retry counter and
return
@ -75,12 +75,12 @@ Fail if the user's authentication token is null.
.El
.Pp
If any other bits are set,
.Nm
.Fn pam_authenticate
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_authenticate
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -118,11 +118,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_authenticate
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_chauthtok.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_chauthtok "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_chauthtok
function attempts to change the authentication token
for the user associated with the pam context specified by the
.Fa pamh
@ -67,12 +67,12 @@ Change only those authentication tokens that have expired.
.El
.Pp
If any other bits are set,
.Nm
.Fn pam_chauthtok
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_chauthtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -110,11 +110,11 @@ Try again.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_chauthtok
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_close_session.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_close_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_close_session
function tears down the user session previously
set up by
.Xr pam_open_session 3 .
@ -64,12 +64,12 @@ Do not emit any messages.
.El
.Pp
If any other bits are set,
.Nm
.Fn pam_close_session
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_close_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -100,11 +100,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_close_session
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

7
contrib/openpam/doc/man/pam_conv.3
View file

@ -32,9 +32,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: pam_conv.3 437 2011-09-13 12:00:13Z des $
.\" $Id: pam_conv.3 610 2012-05-26 14:03:45Z des $
.\"
.Dd June 16, 2005
.Dd May 26, 2012
.Dt PAM_CONV 3
.Os
.Sh NAME
@ -181,3 +181,6 @@ the Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
The OpenPAM library is maintained by
.An Dag-Erling Sm\(/orgrav Aq des@des.no .

17
contrib/openpam/doc/man/pam_end.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_END 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_end "pam_handle_t *pamh" "int status"
.Sh DESCRIPTION
The
.Nm
.Fn pam_end
function terminates a PAM transaction and destroys the
corresponding PAM context, releasing all resources allocated to it.
.Pp
@ -57,11 +57,10 @@ The
.Fa status
argument should be set to the error code returned by the
last API call before the call to
.Nm
.
.Fn pam_end .
.Sh RETURN VALUES
The
.Nm
.Fn pam_end
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYSTEM_ERR
@ -77,11 +76,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_end
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_error.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_ERROR 3
.Os
.Sh NAME
@ -49,13 +49,13 @@
.Fn pam_error "const pam_handle_t *pamh" "const char *fmt" "..."
.Sh DESCRIPTION
The
.Nm
.Fn pam_error
function displays an error message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_error
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -73,15 +73,15 @@ System error.
.Xr pam_verror 3
.Sh STANDARDS
The
.Nm
.Fn pam_error
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_error
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

22
contrib/openpam/doc/man/pam_get_authtok.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt"
.Sh DESCRIPTION
The
.Nm
.Fn pam_get_authtok
function returns the cached authentication token,
or prompts the user if no token is currently cached.
Either way, a pointer to the authentication token is stored in the
@ -89,7 +89,7 @@ before it is
passed to the conversation function.
.Pp
If
.Nm
.Fn pam_get_authtok
is called from a module and the
.Dv authtok_prompt
/
@ -110,17 +110,17 @@ is set to
and there is a non-null
.Dv PAM_OLDAUTHTOK
item,
.Nm
.Fn pam_get_authtok
will ask the user to confirm the new token by
retyping it.
If there is a mismatch,
.Nm
.Fn pam_get_authtok
will return
.Dv PAM_TRY_AGAIN .
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_get_authtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -140,15 +140,15 @@ Try again.
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
.Fn pam_get_authtok
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_get_authtok
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_get_data.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GET_DATA 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_get_data "const pam_handle_t *pamh" "const char *module_data_name" "const void **data"
.Sh DESCRIPTION
The
.Nm
.Fn pam_get_data
function looks up the opaque object associated with
the string specified by the
.Fa module_data_name
@ -61,7 +61,7 @@ A pointer to the object is stored in the location pointed to by the
.Fa data
argument.
If
.Nm
.Fn pam_get_data
fails, the
.Fa data
argument is untouched.
@ -72,7 +72,7 @@ are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
.Nm
.Fn pam_get_data
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_NO_MODULE_DATA
@ -91,11 +91,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_get_data
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_get_item.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_get_item "const pam_handle_t *pamh" "int item_type" "const void **item"
.Sh DESCRIPTION
The
.Nm
.Fn pam_get_item
function stores a pointer to the item specified by
the
.Fa item_type
@ -60,7 +60,7 @@ The item is retrieved from the PAM context specified by the
.Fa pamh
argument.
If
.Nm
.Fn pam_get_item
fails, the
.Fa item
argument is untouched.
@ -107,7 +107,7 @@ for a description of
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_get_item
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYMBOL_ERR
@ -127,11 +127,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_get_item
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

18
contrib/openpam/doc/man/pam_get_user.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GET_USER 3
.Os
.Sh NAME
@ -49,13 +49,13 @@
.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
.Sh DESCRIPTION
The
.Nm
.Fn pam_get_user
function returns the name of the target user, as
specified to
.Xr pam_start 3 .
If no user was specified, nor set using
.Xr pam_set_item 3 ,
.Nm
.Fn pam_get_user
will prompt for a user name.
Either way, a pointer to the user name is stored in the location
pointed to by the
@ -80,7 +80,7 @@ before it is
passed to the conversation function.
.Pp
If
.Nm
.Fn pam_get_user
is called from a module and the
.Dv user_prompt
option is
@ -93,7 +93,7 @@ item.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_get_user
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -118,11 +118,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_get_user
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_getenv.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GETENV 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
.Sh DESCRIPTION
The
.Nm
.Fn pam_getenv
function returns the value of an environment variable.
Its semantics are similar to those of
.Xr getenv 3 ,
@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_getenv
function returns
.Dv NULL
on failure.
@ -75,11 +75,11 @@ on failure.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_getenv
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_getenvlist.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_getenvlist "pam_handle_t *pamh"
.Sh DESCRIPTION
The
.Nm
.Fn pam_getenvlist
function returns a copy of the given PAM context's
environment list as a pointer to an array of strings.
The last element in the array is
@ -77,7 +77,7 @@ after use:
.Ed
.Sh RETURN VALUES
The
.Nm
.Fn pam_getenvlist
function returns
.Dv NULL
on failure.
@ -96,11 +96,11 @@ on failure.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_getenvlist
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_info.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_INFO 3
.Os
.Sh NAME
@ -49,13 +49,13 @@
.Fn pam_info "const pam_handle_t *pamh" "const char *fmt" "..."
.Sh DESCRIPTION
The
.Nm
.Fn pam_info
function displays an informational message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_info
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -73,15 +73,15 @@ System error.
.Xr pam_vinfo 3
.Sh STANDARDS
The
.Nm
.Fn pam_info
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_info
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_open_session.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_open_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_open_session
sets up a user session for a previously
authenticated user.
The session should later be torn down by a call to
@ -65,12 +65,12 @@ Do not emit any messages.
.El
.Pp
If any other bits are set,
.Nm
.Fn pam_open_session
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_open_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -101,11 +101,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_open_session
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_prompt.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_PROMPT 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_prompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
.Sh DESCRIPTION
The
.Nm
.Fn pam_prompt
function constructs a message from the specified format
string and arguments and passes it to the given PAM context's
conversation function.
@ -67,7 +67,7 @@ for further details.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_prompt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -85,15 +85,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
.Nm
.Fn pam_prompt
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_prompt
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_putenv.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_PUTENV 3
.Os
.Sh NAME
@ -49,8 +49,8 @@
.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue"
.Sh DESCRIPTION
The
.Nm
function sets a environment variable.
.Fn pam_putenv
function sets an environment variable.
Its semantics are similar to those of
.Xr putenv 3 ,
but it modifies the PAM
@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_putenv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -80,11 +80,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_putenv
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_set_data.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SET_DATA 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)"
.Sh DESCRIPTION
The
.Nm
.Fn pam_set_data
function associates a pointer to an opaque object
with an arbitrary string specified by the
.Fa module_data_name
@ -71,7 +71,7 @@ are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
.Nm
.Fn pam_set_data
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -90,11 +90,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_set_data
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_set_item.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item"
.Sh DESCRIPTION
The
.Nm
.Fn pam_set_item
function sets the item specified by the
.Fa item_type
argument to a copy of the object pointed to by the
@ -63,7 +63,7 @@ See
for a list of recognized item types.
.Sh RETURN VALUES
The
.Nm
.Fn pam_set_item
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -84,11 +84,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_set_item
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_setcred.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SETCRED 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_setcred "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
.Fn pam_setcred
function manages the application's credentials.
.Pp
The
@ -72,12 +72,12 @@ Refresh credentials.
The latter four are mutually exclusive.
.Pp
If any other bits are set,
.Nm
.Fn pam_setcred
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
.Nm
.Fn pam_setcred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -113,11 +113,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_setcred
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

18
contrib/openpam/doc/man/pam_setenv.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SETENV 3
.Os
.Sh NAME
@ -49,8 +49,8 @@
.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
.Sh DESCRIPTION
The
.Nm
function sets a environment variable.
.Fn pam_setenv
function sets an environment variable.
Its semantics are similar to those of
.Xr setenv 3 ,
but it modifies the PAM
@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_setenv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -75,15 +75,15 @@ System error.
.Xr setenv 3
.Sh STANDARDS
The
.Nm
.Fn pam_setenv
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_setenv
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_acct_mgmt.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_acct_mgmt
function is the service module's implementation
of the
.Xr pam_acct_mgmt 3
API function.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_acct_mgmt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -94,11 +94,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_acct_mgmt
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_authenticate.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_authenticate
function is the service module's
implementation of the
.Xr pam_authenticate 3
API function.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_authenticate
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -96,11 +96,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_authenticate
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_chauthtok.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME
@ -50,7 +50,7 @@
.Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_chauthtok
function is the service module's implementation
of the
.Xr pam_chauthtok 3
@ -67,7 +67,7 @@ with the
flag set.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_chauthtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -106,11 +106,11 @@ Try again.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_chauthtok
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_close_session.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_close_session
function is the service module's
implementation of the
.Xr pam_close_session 3
API function.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_close_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -88,11 +88,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_close_session
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_open_session.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_open_session
function is the service module's
implementation of the
.Xr pam_open_session 3
API function.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_open_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -88,11 +88,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_open_session
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_sm_setcred.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME
@ -50,14 +50,14 @@
.Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
.Fn pam_sm_setcred
function is the service module's implementation of
the
.Xr pam_setcred 3
API function.
.Sh RETURN VALUES
The
.Nm
.Fn pam_sm_setcred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@ -94,11 +94,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_sm_setcred
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_start.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_START 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh"
.Sh DESCRIPTION
The
.Nm
.Fn pam_start
function creates and initializes a PAM context.
.Pp
The
@ -78,7 +78,7 @@ for details.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_start
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -99,11 +99,11 @@ System error.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_start
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

14
contrib/openpam/doc/man/pam_strerror.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_STRERROR 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_strerror "const pam_handle_t *pamh" "int error_number"
.Sh DESCRIPTION
The
.Nm
.Fn pam_strerror
function returns a pointer to a string containing a
textual description of the error indicated by the
.Fa error_number
@ -64,7 +64,7 @@ or
.Dv NULL .
.Sh RETURN VALUES
The
.Nm
.Fn pam_strerror
function returns
.Dv NULL
on failure.
@ -78,11 +78,11 @@ on failure.
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_strerror
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_verror.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_VERROR 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_verror "const pam_handle_t *pamh" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
.Nm
.Fn pam_verror
function passes its arguments to
.Xr pam_vprompt 3
with a
@ -59,7 +59,7 @@ and discards the response.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_verror
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -77,15 +77,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
.Nm
.Fn pam_verror
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_verror
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_vinfo.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_VINFO 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_vinfo "const pam_handle_t *pamh" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
.Nm
.Fn pam_vinfo
function passes its arguments to
.Xr pam_vprompt 3
with a
@ -59,7 +59,7 @@ and discards the response.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_vinfo
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -77,15 +77,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
.Nm
.Fn pam_vinfo
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_vinfo
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

16
contrib/openpam/doc/man/pam_vprompt.3
View file

@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
.Dd December 18, 2011
.Dd May 26, 2012
.Dt PAM_VPROMPT 3
.Os
.Sh NAME
@ -49,7 +49,7 @@
.Fn pam_vprompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
.Nm
.Fn pam_vprompt
function constructs a string from the
.Fa fmt
and
@ -93,7 +93,7 @@ If they do, they may be truncated.
.Pp
.Sh RETURN VALUES
The
.Nm
.Fn pam_vprompt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@ -114,15 +114,15 @@ System error.
.Xr vsnprintf 3
.Sh STANDARDS
The
.Nm
.Fn pam_vprompt
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the
.Fn pam_vprompt
function and this manual page were
developed for the
.Fx
Project by
ThinkSec AS and Network Associates Laboratories, the
Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,

43
contrib/openpam/include/security/openpam.h
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam.h 455 2011-10-29 18:31:11Z des $
* $Id: openpam.h 605 2012-04-20 11:05:10Z des $
*/
#ifndef SECURITY_OPENPAM_H_INCLUDED
@ -157,12 +157,49 @@ openpam_readline(FILE *_f,
int *_lineno,
size_t *_lenp)
OPENPAM_NONNULL((1));
char **
openpam_readlinev(FILE *_f,
int *_lineno,
int *_lenp)
OPENPAM_NONNULL((1));
char *
openpam_readword(FILE *_f,
int *_lineno,
size_t *_lenp)
OPENPAM_NONNULL((1));
#endif
int
openpam_straddch(char **_str,
size_t *_sizep,
size_t *_lenp,
int ch)
OPENPAM_NONNULL((1));
/*
* Enable / disable optional features
*/
enum {
OPENPAM_RESTRICT_SERVICE_NAME,
OPENPAM_VERIFY_POLICY_FILE,
OPENPAM_RESTRICT_MODULE_NAME,
OPENPAM_VERIFY_MODULE_FILE,
OPENPAM_NUM_FEATURES
};
int
openpam_set_feature(int _feature, int _onoff);
int
openpam_get_feature(int _feature, int *_onoff);
/*
* Log levels
*/
enum {
PAM_LOG_LIBDEBUG = -1,
PAM_LOG_DEBUG,
PAM_LOG_VERBOSE,
PAM_LOG_NOTICE,
@ -196,8 +233,8 @@ _openpam_log(int _level,
void
openpam_log(int _level,
const char *_format,
...)
OPENPAM_FORMAT ((__printf__, 2, 3))
...)
OPENPAM_FORMAT ((__printf__, 2, 3))
OPENPAM_NONNULL((2));
#endif

6
contrib/openpam/include/security/openpam_version.h
View file

@ -32,14 +32,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_version.h 505 2011-12-18 14:13:08Z des $
* $Id: openpam_version.h 609 2012-05-26 13:57:45Z des $
*/
#ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
#define SECURITY_OPENPAM_VERSION_H_INCLUDED
#define OPENPAM
#define OPENPAM_VERSION 20111218
#define OPENPAM_RELEASE "Lycopsida"
#define OPENPAM_VERSION 20120526
#define OPENPAM_RELEASE "Micrampelis"
#endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */

11
contrib/openpam/lib/Makefile.am
View file

@ -1,4 +1,4 @@
# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $
# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $
NULL =
@ -8,8 +8,11 @@ lib_LTLIBRARIES = libpam.la
noinst_HEADERS = \
openpam_constants.h \
openpam_ctype.h \
openpam_debug.h \
openpam_features.h \
openpam_impl.h \
openpam_strlcat.h \
openpam_strlcmp.h \
openpam_strlcpy.h
@ -20,17 +23,23 @@ libpam_la_SOURCES = \
openpam_constants.c \
openpam_dispatch.c \
openpam_dynamic.c \
openpam_features.c \
openpam_findenv.c \
openpam_free_data.c \
openpam_free_envlist.c \
openpam_get_feature.c \
openpam_get_option.c \
openpam_load.c \
openpam_log.c \
openpam_nullconv.c \
openpam_readline.c \
openpam_readlinev.c \
openpam_readword.c \
openpam_restore_cred.c \
openpam_set_option.c \
openpam_set_feature.c \
openpam_static.c \
openpam_straddch.c \
openpam_subst.c \
openpam_ttyconv.c \
pam_acct_mgmt.c \

29
contrib/openpam/lib/Makefile.in
View file

@ -15,7 +15,7 @@
@SET_MAKE@
# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $
# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $
VPATH = @srcdir@
@ -76,11 +76,13 @@ am__objects_1 =
am_libpam_la_OBJECTS = openpam_borrow_cred.lo \
openpam_check_owner_perms.lo openpam_configure.lo \
openpam_constants.lo openpam_dispatch.lo openpam_dynamic.lo \
openpam_findenv.lo openpam_free_data.lo \
openpam_free_envlist.lo openpam_get_option.lo openpam_load.lo \
openpam_log.lo openpam_nullconv.lo openpam_readline.lo \
openpam_restore_cred.lo openpam_set_option.lo \
openpam_static.lo openpam_subst.lo openpam_ttyconv.lo \
openpam_features.lo openpam_findenv.lo openpam_free_data.lo \
openpam_free_envlist.lo openpam_get_feature.lo \
openpam_get_option.lo openpam_load.lo openpam_log.lo \
openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \
openpam_readword.lo openpam_restore_cred.lo \
openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \
openpam_straddch.lo openpam_subst.lo openpam_ttyconv.lo \
pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \
pam_close_session.lo pam_end.lo pam_error.lo \
pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \
@ -234,8 +236,11 @@ INCLUDES = -I$(top_srcdir)/include
lib_LTLIBRARIES = libpam.la
noinst_HEADERS = \
openpam_constants.h \
openpam_ctype.h \
openpam_debug.h \
openpam_features.h \
openpam_impl.h \
openpam_strlcat.h \
openpam_strlcmp.h \
openpam_strlcpy.h
@ -246,17 +251,23 @@ libpam_la_SOURCES = \
openpam_constants.c \
openpam_dispatch.c \
openpam_dynamic.c \
openpam_features.c \
openpam_findenv.c \
openpam_free_data.c \
openpam_free_envlist.c \
openpam_get_feature.c \
openpam_get_option.c \
openpam_load.c \
openpam_log.c \
openpam_nullconv.c \
openpam_readline.c \
openpam_readlinev.c \
openpam_readword.c \
openpam_restore_cred.c \
openpam_set_option.c \
openpam_set_feature.c \
openpam_static.c \
openpam_straddch.c \
openpam_subst.c \
openpam_ttyconv.c \
pam_acct_mgmt.c \
@ -387,17 +398,23 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_constants.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dispatch.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dynamic.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_features.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_findenv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_data.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_envlist.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_feature.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_option.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_load.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_log.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_nullconv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readline.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readlinev.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readword.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_restore_cred.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_feature.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_option.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_static.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_acct_mgmt.Plo@am__quote@

23
contrib/openpam/lib/openpam_check_owner_perms.c
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $
* $Id: openpam_check_owner_perms.c 543 2012-03-31 22:11:34Z des $
*/
#ifdef HAVE_CONFIG_H
@ -67,6 +70,12 @@ openpam_check_desc_owner_perms(const char *name, int fd)
errno = serrno;
return (-1);
}
if (!S_ISREG(sb.st_mode)) {
openpam_log(PAM_LOG_ERROR,
"%s: not a regular file", name);
errno = EINVAL;
return (-1);
}
if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
(sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
openpam_log(PAM_LOG_ERROR,
@ -84,7 +93,7 @@ openpam_check_desc_owner_perms(const char *name, int fd)
* up to it are owned by either root or the arbitrator and that they are
* not writable by group or other.
*
* Note that openpam_check_file_owner_perms() should be used instead if
* Note that openpam_check_desc_owner_perms() should be used instead if
* possible to avoid a race between the ownership / permission check and
* the actual open().
*/
@ -95,8 +104,9 @@ openpam_check_path_owner_perms(const char *path)
uid_t root, arbitrator;
char pathbuf[PATH_MAX];
struct stat sb;
int len, serrno;
int len, serrno, tip;
tip = 1;
root = 0;
arbitrator = geteuid();
if (realpath(path, pathbuf) == NULL)
@ -111,6 +121,12 @@ openpam_check_path_owner_perms(const char *path)
}
return (-1);
}
if (tip && !S_ISREG(sb.st_mode)) {
openpam_log(PAM_LOG_ERROR,
"%s: not a regular file", pathbuf);
errno = EINVAL;
return (-1);
}
if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
(sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
openpam_log(PAM_LOG_ERROR,
@ -120,6 +136,7 @@ openpam_check_path_owner_perms(const char *path)
}
while (--len > 0 && pathbuf[len] != '/')
pathbuf[len] = '\0';
tip = 0;
}
return (0);
}

595
contrib/openpam/lib/openpam_configure.c
View file

@ -1,6 +1,6 @@
/*-
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
* Copyright (c) 2004-2011 Dag-Erling Smørgrav
* Copyright (c) 2004-2012 Dag-Erling Smørgrav
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@ -32,13 +32,15 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_configure.c 500 2011-11-22 12:07:03Z des $
* $Id: openpam_configure.c 601 2012-04-14 20:37:45Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <sys/param.h>
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
@ -48,389 +50,183 @@
#include <security/pam_appl.h>
#include "openpam_impl.h"
#include "openpam_strlcmp.h"
#include "openpam_ctype.h"
#include "openpam_strlcat.h"
#include "openpam_strlcpy.h"
static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t);
/*
* Evaluates to non-zero if the argument is a linear whitespace character.
*/
#define is_lws(ch) \
(ch == ' ' || ch == '\t')
/*
* Evaluates to non-zero if the argument is a printable ASCII character.
* Assumes that the execution character set is a superset of ASCII.
*/
#define is_p(ch) \
(ch >= '!' && ch <= '~')
/*
* Returns non-zero if the argument belongs to the POSIX Portable Filename
* Character Set. Assumes that the execution character set is a superset
* of ASCII.
*/
#define is_pfcs(ch) \
((ch >= '0' && ch <= '9') || \
(ch >= 'A' && ch <= 'Z') || \
(ch >= 'a' && ch <= 'z') || \
ch == '.' || ch == '_' || ch == '-')
/*
* Parse the service name.
* Validate a service name.
*
* Returns the length of the service name, or 0 if the end of the string
* was reached or a disallowed non-whitespace character was encountered.
*
* If parse_service_name() is successful, it updates *service to point to
* the first character of the service name and *line to point one
* character past the end. If it reaches the end of the string, it
* updates *line to point to the terminating NUL character and leaves
* *service unmodified. In all other cases, it leaves both *line and
* *service unmodified.
*
* Allowed characters are all characters in the POSIX portable filename
* character set.
* Returns a non-zero value if the argument points to a NUL-terminated
* string consisting entirely of characters in the POSIX portable filename
* character set, excluding the path separator character.
*/
static int
parse_service_name(char **line, char **service)
valid_service_name(const char *name)
{
char *b, *e;
const char *p;
for (b = *line; *b && is_lws(*b); ++b)
/* nothing */ ;
if (!*b) {
*line = b;
return (0);
if (OPENPAM_FEATURE(RESTRICT_SERVICE_NAME)) {
/* path separator not allowed */
for (p = name; *p != '\0'; ++p)
if (!is_pfcs(*p))
return (0);
} else {
/* path separator allowed */
for (p = name; *p != '\0'; ++p)
if (!is_pfcs(*p) && *p != '/')
return (0);
}
for (e = b; *e && !is_lws(*e); ++e)
if (!is_pfcs(*e))
return (0);
if (e == b)
return (0);
*line = e;
*service = b;
return (e - b);
return (1);
}
/*
* Parse the facility name.
*
* Returns the corresponding pam_facility_t value, or -1 if the end of the
* string was reached, a disallowed non-whitespace character was
* encountered, or the first word was not a recognized facility name.
*
* If parse_facility_name() is successful, it updates *line to point one
* character past the end of the facility name. If it reaches the end of
* the string, it updates *line to point to the terminating NUL character.
* In all other cases, it leaves *line unmodified.
* Returns the corresponding pam_facility_t value, or -1 if the argument
* is not a valid facility name.
*/
static pam_facility_t
parse_facility_name(char **line)
parse_facility_name(const char *name)
{
char *b, *e;
int i;
for (b = *line; *b && is_lws(*b); ++b)
/* nothing */ ;
if (!*b) {
*line = b;
return ((pam_facility_t)-1);
}
for (e = b; *e && !is_lws(*e); ++e)
/* nothing */ ;
if (e == b)
return ((pam_facility_t)-1);
for (i = 0; i < PAM_NUM_FACILITIES; ++i)
if (strlcmp(pam_facility_name[i], b, e - b) == 0)
break;
if (i == PAM_NUM_FACILITIES)
return ((pam_facility_t)-1);
*line = e;
return (i);
}
/*
* Parse the word "include".
*
* If the next word on the line is "include", parse_include() updates
* *line to point one character past "include" and returns 1. Otherwise,
* it leaves *line unmodified and returns 0.
*/
static int
parse_include(char **line)
{
char *b, *e;
for (b = *line; *b && is_lws(*b); ++b)
/* nothing */ ;
if (!*b) {
*line = b;
return (-1);
}
for (e = b; *e && !is_lws(*e); ++e)
/* nothing */ ;
if (e == b)
return (0);
if (strlcmp("include", b, e - b) != 0)
return (0);
*line = e;
return (1);
if (strcmp(pam_facility_name[i], name) == 0)
return (i);
return ((pam_facility_t)-1);
}
/*
* Parse the control flag.
*
* Returns the corresponding pam_control_t value, or -1 if the end of the
* string was reached, a disallowed non-whitespace character was
* encountered, or the first word was not a recognized control flag.
*
* If parse_control_flag() is successful, it updates *line to point one
* character past the end of the control flag. If it reaches the end of
* the string, it updates *line to point to the terminating NUL character.
* In all other cases, it leaves *line unmodified.
* Returns the corresponding pam_control_t value, or -1 if the argument is
* not a valid control flag name.
*/
static pam_control_t
parse_control_flag(char **line)
parse_control_flag(const char *name)
{
char *b, *e;
int i;
for (b = *line; *b && is_lws(*b); ++b)
/* nothing */ ;
if (!*b) {
*line = b;
return ((pam_control_t)-1);
}
for (e = b; *e && !is_lws(*e); ++e)
/* nothing */ ;
if (e == b)
return ((pam_control_t)-1);
for (i = 0; i < PAM_NUM_CONTROL_FLAGS; ++i)
if (strlcmp(pam_control_flag_name[i], b, e - b) == 0)
break;
if (i == PAM_NUM_CONTROL_FLAGS)
return ((pam_control_t)-1);
*line = e;
return (i);
if (strcmp(pam_control_flag_name[i], name) == 0)
return (i);
return ((pam_control_t)-1);
}
/*
* Parse a file name.
* Validate a file name.
*
* Returns the length of the file name, or 0 if the end of the string was
* reached or a disallowed non-whitespace character was encountered.
*
* If parse_filename() is successful, it updates *filename to point to the
* first character of the filename and *line to point one character past
* the end. If it reaches the end of the string, it updates *line to
* point to the terminating NUL character and leaves *filename unmodified.
* In all other cases, it leaves both *line and *filename unmodified.
*
* Allowed characters are all characters in the POSIX portable filename
* character set, plus the path separator (forward slash).
* Returns a non-zero value if the argument points to a NUL-terminated
* string consisting entirely of characters in the POSIX portable filename
* character set, including the path separator character.
*/
static int
parse_filename(char **line, char **filename)
valid_module_name(const char *name)
{
char *b, *e;
const char *p;
for (b = *line; *b && is_lws(*b); ++b)
/* nothing */ ;
if (!*b) {
*line = b;
return (0);
}
for (e = b; *e && !is_lws(*e); ++e)
if (!is_pfcs(*e) && *e != '/')
return (0);
if (e == b)
return (0);
*line = e;
*filename = b;
return (e - b);
}
/*
* Parse an option.
*
* Returns a dynamically allocated string containing the next module
* option, or NULL if the end of the string was reached or a disallowed
* non-whitespace character was encountered.
*
* If parse_option() is successful, it updates *line to point one
* character past the end of the option. If it reaches the end of the
* string, it updates *line to point to the terminating NUL character. In
* all other cases, it leaves *line unmodified.
*
* If parse_option() fails to allocate memory, it will return NULL and set
* errno to a non-zero value.
*
* Allowed characters for option names are all characters in the POSIX
* portable filename character set. Allowed characters for option values
* are any printable non-whitespace characters. The option value may be
* quoted in either single or double quotes, in which case space
* characters and whichever quote character was not used are allowed.
* Note that the entire value must be quoted, not just part of it.
*/
static char *
parse_option(char **line)
{
char *nb, *ne, *vb, *ve;
unsigned char q = 0;
char *option;
size_t size;
errno = 0;
for (nb = *line; *nb && is_lws(*nb); ++nb)
/* nothing */ ;
if (!*nb) {
*line = nb;
return (NULL);
}
for (ne = nb; *ne && !is_lws(*ne) && *ne != '='; ++ne)
if (!is_pfcs(*ne))
return (NULL);
if (ne == nb)
return (NULL);
if (*ne == '=') {
vb = ne + 1;
if (*vb == '"' || *vb == '\'')
q = *vb++;
for (ve = vb;
*ve && *ve != q && (is_p(*ve) || (q && is_lws(*ve)));
++ve)
/* nothing */ ;
if (q && *ve != q)
/* non-printable character or missing endquote */
return (NULL);
if (q && *(ve + 1) && !is_lws(*(ve + 1)))
/* garbage after value */
return (NULL);
if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME)) {
/* path separator not allowed */
for (p = name; *p != '\0'; ++p)
if (!is_pfcs(*p))
return (0);
} else {
vb = ve = ne;
/* path separator allowed */
for (p = name; *p != '\0'; ++p)
if (!is_pfcs(*p) && *p != '/')
return (0);
}
size = (ne - nb) + 1;
if (ve > vb)
size += (ve - vb) + 1;
if ((option = malloc(size)) == NULL)
return (NULL);
strncpy(option, nb, ne - nb);
if (ve > vb) {
option[ne - nb] = '=';
strncpy(option + (ne - nb) + 1, vb, ve - vb);
}
option[size - 1] = '\0';
*line = q ? ve + 1 : ve;
return (option);
}
/*
* Consume trailing whitespace.
*
* If there are no non-whitespace characters left on the line, parse_eol()
* updates *line to point at the terminating NUL character and returns 0.
* Otherwise, it leaves *line unmodified and returns a non-zero value.
*/
static int
parse_eol(char **line)
{
char *p;
for (p = *line; *p && is_lws(*p); ++p)
/* nothing */ ;
if (*p)
return ((unsigned char)*p);
*line = p;
return (0);
return (1);
}
typedef enum { pam_conf_style, pam_d_style } openpam_style_t;
/*
* Extracts given chains from a policy file.
*
* Returns the number of policy entries which were found for the specified
* service and facility, or -1 if a system error occurred or a syntax
* error was encountered.
*/
static int
openpam_parse_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility,
FILE *f,
const char *filename,
openpam_style_t style)
{
pam_chain_t *this, **next;
pam_facility_t fclt;
pam_control_t ctlf;
char *line0, *line, *str, *name;
char *option, **optv;
int len, lineno, ret;
FILE *f;
char *name, *servicename, *modulename;
int count, lineno, ret, serrno;
char **wordv, *word;
int i, wordc;
if ((f = fopen(filename, "r")) == NULL) {
openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
"%s: %m", filename);
return (PAM_SUCCESS);
}
if (openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
fclose(f);
return (PAM_SYSTEM_ERR);
}
count = 0;
this = NULL;
name = NULL;
lineno = 0;
while ((line0 = line = openpam_readline(f, &lineno, NULL)) != NULL) {
/* get service name if necessary */
if (style == pam_conf_style) {
if ((len = parse_service_name(&line, &str)) == 0) {
openpam_log(PAM_LOG_NOTICE,
"%s(%d): invalid service name (ignored)",
filename, lineno);
FREE(line0);
continue;
}
if (strlcmp(service, str, len) != 0) {
FREE(line0);
continue;
}
wordc = 0;
wordv = NULL;
while ((wordv = openpam_readlinev(f, &lineno, &wordc)) != NULL) {
/* blank line? */
if (wordc == 0) {
FREEV(wordc, wordv);
continue;
}
i = 0;
/* check service name if necessary */
if (style == pam_conf_style &&
strcmp(wordv[i++], service) != 0) {
FREEV(wordc, wordv);
continue;
}
/* get facility name */
if ((fclt = parse_facility_name(&line)) == (pam_facility_t)-1) {
/* check facility name */
if ((word = wordv[i++]) == NULL ||
(fclt = parse_facility_name(word)) == (pam_facility_t)-1) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid facility",
filename, lineno);
goto fail;
}
if (facility != fclt && facility != PAM_FACILITY_ANY) {
FREE(line0);
FREEV(wordc, wordv);
continue;
}
/* check for "include" */
if (parse_include(&line)) {
if ((len = parse_service_name(&line, &str)) == 0) {
if ((word = wordv[i++]) != NULL &&
strcmp(word, "include") == 0) {
if ((servicename = wordv[i++]) == NULL ||
!valid_service_name(servicename)) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid filename",
"%s(%d): missing or invalid service name",
filename, lineno);
goto fail;
}
if ((name = strndup(str, len)) == NULL)
goto syserr;
if (parse_eol(&line) != 0) {
if (wordv[i] != NULL) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): garbage at end of line",
filename, lineno);
goto fail;
}
ret = openpam_load_chain(pamh, name, fclt);
FREE(name);
if (ret != PAM_SUCCESS)
ret = openpam_load_chain(pamh, servicename, fclt);
FREEV(wordc, wordv);
if (ret < 0)
goto fail;
FREE(line0);
continue;
}
/* get control flag */
if ((ctlf = parse_control_flag(&line)) == (pam_control_t)-1) {
if (word == NULL || /* same word we compared to "include" */
(ctlf = parse_control_flag(word)) == (pam_control_t)-1) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid control flag",
filename, lineno);
@ -438,73 +234,76 @@ openpam_parse_chain(pam_handle_t *pamh,
}
/* get module name */
if ((len = parse_filename(&line, &str)) == 0) {
if ((modulename = wordv[i++]) == NULL ||
!valid_module_name(modulename)) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid module name",
filename, lineno);
goto fail;
}
if ((name = strndup(str, len)) == NULL)
goto syserr;
/* allocate new entry */
if ((this = calloc(1, sizeof *this)) == NULL)
goto syserr;
this->flag = ctlf;
/* get module options */
if ((this->optv = malloc(sizeof *optv)) == NULL)
goto syserr;
this->optc = 0;
while ((option = parse_option(&line)) != NULL) {
optv = realloc(this->optv,
(this->optc + 2) * sizeof *optv);
if (optv == NULL)
goto syserr;
this->optv = optv;
this->optv[this->optc++] = option;
}
this->optv[this->optc] = NULL;
if (*line != '\0') {
openpam_log(PAM_LOG_ERROR,
"%s(%d): syntax error in module options",
filename, lineno);
goto fail;
}
/* load module */
this->module = openpam_load_module(name);
FREE(name);
if (this->module == NULL)
if ((this->module = openpam_load_module(modulename)) == NULL)
goto fail;
/*
* The remaining items in wordv are the module's
* arguments. We could set this->optv = wordv + i, but
* then free(this->optv) wouldn't work. Instead, we free
* the words we've already consumed, shift the rest up,
* and clear the tail end of the array.
*/
this->optc = wordc - i;
for (i = 0; i < wordc - this->optc; ++i) {
FREE(wordv[i]);
wordv[i] = wordv[wordc - this->optc + i];
wordv[wordc - this->optc + i] = NULL;
}
this->optv = wordv;
wordv = NULL;
wordc = 0;
/* hook it up */
for (next = &pamh->chains[fclt]; *next != NULL;
next = &(*next)->next)
/* nothing */ ;
*next = this;
this = NULL;
/* next please... */
FREE(line0);
++count;
}
if (!feof(f))
/*
* The loop ended because openpam_readword() returned NULL, which
* can happen for four different reasons: an I/O error (ferror(f)
* is true), a memory allocation failure (ferror(f) is false,
* errno is non-zero)
*/
if (ferror(f) || errno != 0)
goto syserr;
if (!feof(f))
goto fail;
fclose(f);
return (PAM_SUCCESS);
return (count);
syserr:
serrno = errno;
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
errno = serrno;
/* fall through */
fail:
if (this && this->optc) {
while (this->optc--)
FREE(this->optv[this->optc]);
FREE(this->optv);
}
serrno = errno;
if (this && this->optc && this->optv)
FREEV(this->optc, this->optv);
FREE(this);
FREE(line0);
FREEV(wordc, wordv);
FREE(wordv);
FREE(name);
fclose(f);
return (PAM_SYSTEM_ERR);
errno = serrno;
return (-1);
}
static const char *openpam_policy_path[] = {
@ -515,45 +314,111 @@ static const char *openpam_policy_path[] = {
NULL
};
/*
* Read the specified chains from the specified file.
*
* Returns 0 if the file exists but does not contain any matching lines.
*
* Returns -1 and sets errno to ENOENT if the file does not exist.
*
* Returns -1 and sets errno to some other non-zero value if the file
* exists but is unsafe or unreadable, or an I/O error occurs.
*/
static int
openpam_load_file(pam_handle_t *pamh,
const char *service,
pam_facility_t facility,
const char *filename,
openpam_style_t style)
{
FILE *f;
int ret, serrno;
/* attempt to open the file */
if ((f = fopen(filename, "r")) == NULL) {
serrno = errno;
openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_ERROR,
"%s: %m", filename);
errno = serrno;
RETURNN(-1);
} else {
openpam_log(PAM_LOG_DEBUG, "found %s", filename);
}
/* verify type, ownership and permissions */
if (OPENPAM_FEATURE(VERIFY_POLICY_FILE) &&
openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
/* already logged the cause */
serrno = errno;
fclose(f);
errno = serrno;
RETURNN(-1);
}
/* parse the file */
ret = openpam_parse_chain(pamh, service, facility,
f, filename, style);
RETURNN(ret);
}
/*
* Locates the policy file for a given service and reads the given chains
* from it.
*
* Returns the number of policy entries which were found for the specified
* service and facility, or -1 if a system error occurred or a syntax
* error was encountered.
*/
static int
openpam_load_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility)
{
const char **path;
char *filename;
const char *p, **path;
char filename[PATH_MAX];
size_t len;
openpam_style_t style;
int ret;
/* don't allow to escape from policy_path */
if (strchr(service, '/')) {
openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
service);
return (-PAM_SYSTEM_ERR);
ENTERS(facility < 0 ? "any" : pam_facility_name[facility]);
/* either absolute or relative to cwd */
if (strchr(service, '/') != NULL) {
if ((p = strrchr(service, '.')) != NULL && strcmp(p, ".conf") == 0)
style = pam_conf_style;
else
style = pam_d_style;
ret = openpam_load_file(pamh, service, facility,
service, style);
RETURNN(ret);
}
/* search standard locations */
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
if (asprintf(&filename, "%s%s", *path, service) < 0) {
openpam_log(PAM_LOG_ERROR, "asprintf(): %m");
return (PAM_BUF_ERR);
/* construct filename */
len = strlcpy(filename, *path, sizeof filename);
if (filename[len - 1] == '/') {
len = strlcat(filename, service, sizeof filename);
if (len >= sizeof filename) {
errno = ENAMETOOLONG;
RETURNN(-1);
}
ret = openpam_parse_chain(pamh, service, facility,
filename, pam_d_style);
FREE(filename);
style = pam_d_style;
} else {
ret = openpam_parse_chain(pamh, service, facility,
*path, pam_conf_style);
style = pam_conf_style;
}
if (ret != PAM_SUCCESS)
return (ret);
ret = openpam_load_file(pamh, service, facility,
filename, style);
/* the file exists, but an error occurred */
if (ret == -1 && errno != ENOENT)
RETURNN(ret);
/* in pam.d style, an empty file counts as a hit */
if (ret == 0 && style == pam_d_style)
RETURNN(ret);
}
return (PAM_SUCCESS);
/* no hit */
RETURNN(0);
}
/*
@ -567,25 +432,27 @@ openpam_configure(pam_handle_t *pamh,
const char *service)
{
pam_facility_t fclt;
const char *p;
int serrno;
for (p = service; *p; ++p)
if (!is_pfcs(*p))
return (PAM_SYSTEM_ERR);
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS)
ENTERS(service);
if (!valid_service_name(service)) {
openpam_log(PAM_LOG_ERROR, "invalid service name");
RETURNC(PAM_SYSTEM_ERR);
}
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
goto load_err;
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
if (pamh->chains[fclt] != NULL)
continue;
if (openpam_load_chain(pamh, PAM_OTHER, fclt) != PAM_SUCCESS)
if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
goto load_err;
}
return (PAM_SUCCESS);
RETURNC(PAM_SUCCESS);
load_err:
serrno = errno;
openpam_clear_chains(pamh->chains);
return (PAM_SYSTEM_ERR);
errno = serrno;
RETURNC(PAM_SYSTEM_ERR);
}
/*

9
contrib/openpam/lib/openpam_constants.h
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,11 +27,11 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_constants.h 491 2011-11-12 00:12:32Z des $
* $Id: openpam_constants.h 606 2012-04-20 11:06:38Z des $
*/
#ifndef OPENPAM_CONSTANTS_INCLUDED
#define OPENPAM_CONSTANTS_INCLUDED
#ifndef OPENPAM_CONSTANTS_H_INCLUDED
#define OPENPAM_CONSTANTS_H_INCLUDED
extern const char *pam_err_name[PAM_NUM_ERRORS];
extern const char *pam_item_name[PAM_NUM_ITEMS];

68
contrib/openpam/lib/openpam_ctype.h Normal file
View file

@ -0,0 +1,68 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_ctype.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_CTYPE_H_INCLUDED
#define OPENPAM_CTYPE_H_INCLUDED
/*
* Evaluates to non-zero if the argument is a linear whitespace character.
* For the purposes of this macro, the definition of linear whitespace is
* extended to include the form feed and carraige return characters.
*/
#define is_lws(ch) \
(ch == ' ' || ch == '\t' || ch == '\f' || ch == '\r')
/*
* Evaluates to non-zero if the argument is a whitespace character.
*/
#define is_ws(ch) \
(is_lws(ch) || ch == '\n')
/*
* Evaluates to non-zero if the argument is a printable ASCII character.
* Assumes that the execution character set is a superset of ASCII.
*/
#define is_p(ch) \
(ch >= '!' && ch <= '~')
/*
* Returns non-zero if the argument belongs to the POSIX Portable Filename
* Character Set. Assumes that the execution character set is a superset
* of ASCII.
*/
#define is_pfcs(ch) \
((ch >= '0' && ch <= '9') || \
(ch >= 'A' && ch <= 'Z') || \
(ch >= 'a' && ch <= 'z') || \
ch == '.' || ch == '_' || ch == '-')
#endif

45
contrib/openpam/lib/openpam_debug.h
View file

@ -32,60 +32,68 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_debug.h 491 2011-11-12 00:12:32Z des $
* $Id: openpam_debug.h 606 2012-04-20 11:06:38Z des $
*/
#ifndef OPENPAM_DEBUG_INCLUDED
#define OPENPAM_DEBUG_INCLUDED
#ifndef OPENPAM_DEBUG_H_INCLUDED
#define OPENPAM_DEBUG_H_INCLUDED
#ifdef OPENPAM_DEBUG
#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
#define ENTER() openpam_log(PAM_LOG_LIBDEBUG, "entering")
#define ENTERI(i) do { \
int i_ = (i); \
if (i_ > 0 && i_ < PAM_NUM_ITEMS) \
openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \
openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", pam_item_name[i_]); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \
openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", i_); \
} while (0)
#define ENTERN(n) do { \
int n_ = (n); \
openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \
openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", n_); \
} while (0)
#define ENTERS(s) do { \
const char *s_ = (s); \
if (s_ == NULL) \
openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
openpam_log(PAM_LOG_LIBDEBUG, "entering: NULL"); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \
openpam_log(PAM_LOG_LIBDEBUG, "entering: '%s'", s_); \
} while (0)
#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
#define ENTERF(f) do { \
int f_ = (f); \
if (f_ >= 0 && f_ <= OPENPAM_NUM_FEATURES) \
openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", \
openpam_features[f_].name); \
else \
openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", f_); \
} while (0)
#define RETURNV() openpam_log(PAM_LOG_LIBDEBUG, "returning")
#define RETURNC(c) do { \
int c_ = (c); \
if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \
openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \
openpam_log(PAM_LOG_LIBDEBUG, "returning %s", pam_err_name[c_]); \
else \
openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \
openpam_log(PAM_LOG_LIBDEBUG, "returning %d!", c_); \
return (c_); \
} while (0)
#define RETURNN(n) do { \
int n_ = (n); \
openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \
openpam_log(PAM_LOG_LIBDEBUG, "returning %d", n_); \
return (n_); \
} while (0)
#define RETURNP(p) do { \
const void *p_ = (p); \
void *p_ = (p); \
if (p_ == NULL) \
openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \
else \
openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \
openpam_log(PAM_LOG_LIBDEBUG, "returning %p", p_); \
return (p_); \
} while (0)
#define RETURNS(s) do { \
const char *s_ = (s); \
if (s_ == NULL) \
openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \
else \
openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \
openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", s_); \
return (s_); \
} while (0)
#else
@ -93,6 +101,7 @@
#define ENTERI(i)
#define ENTERN(n)
#define ENTERS(s)
#define ENTERF(f)
#define RETURNV() return
#define RETURNC(c) return (c)
#define RETURNN(n) return (n)

81
contrib/openpam/lib/openpam_dynamic.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_dynamic.c 502 2011-12-18 13:59:22Z des $
* $Id: openpam_dynamic.c 607 2012-04-20 11:09:37Z des $
*/
#ifdef HAVE_CONFIG_H
@ -40,6 +40,7 @@
#endif
#include <dlfcn.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@ -60,15 +61,50 @@
* Perform sanity checks and attempt to load a module
*/
#ifdef HAVE_FDLOPEN
static void *
try_dlopen(const char *modfn)
{
void *dlh;
int fd;
if (openpam_check_path_owner_perms(modfn) != 0)
if ((fd = open(modfn, O_RDONLY)) < 0)
return (NULL);
return (dlopen(modfn, RTLD_NOW));
if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
openpam_check_desc_owner_perms(modfn, fd) != 0) {
close(fd);
return (NULL);
}
if ((dlh = fdlopen(fd, RTLD_NOW)) == NULL) {
openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
close(fd);
errno = 0;
return (NULL);
}
close(fd);
return (dlh);
}
#else
static void *
try_dlopen(const char *modfn)
{
int check_module_file;
void *dlh;
openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE,
&check_module_file);
if (check_module_file &&
openpam_check_path_owner_perms(modfn) != 0)
return (NULL);
if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
errno = 0;
return (NULL);
}
return (dlh);
}
#endif
/*
* OpenPAM internal
*
@ -100,9 +136,6 @@ openpam_dynamic(const char *path)
*strrchr(vpath, '.') = '\0';
dlh = try_dlopen(vpath);
}
serrno = errno;
FREE(vpath);
errno = serrno;
if (dlh == NULL)
goto err;
if ((module = calloc(1, sizeof *module)) == NULL)
@ -112,19 +145,41 @@ openpam_dynamic(const char *path)
module->dlh = dlh;
dlmodule = dlsym(dlh, "_pam_module");
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
module->func[i] = dlmodule ? dlmodule->func[i] :
(pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
if (module->func[i] == NULL)
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
path, pam_sm_func_name[i], dlerror());
if (dlmodule) {
module->func[i] = dlmodule->func[i];
} else {
module->func[i] =
(pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
/*
* This openpam_log() call is a major source of
* log spam, and the cases that matter are caught
* and logged in openpam_dispatch(). This would
* be less problematic if dlerror() returned an
* error code so we could log an error only when
* dlsym() failed for a reason other than "no such
* symbol".
*/
#if 0
if (module->func[i] == NULL)
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
path, pam_sm_func_name[i], dlerror());
#endif
}
}
FREE(vpath);
return (module);
buf_err:
serrno = errno;
if (dlh != NULL)
dlclose(dlh);
FREE(module);
errno = serrno;
err:
openpam_log(PAM_LOG_ERROR, "%m");
serrno = errno;
if (errno != 0)
openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);
FREE(vpath);
errno = serrno;
return (NULL);
}

69
contrib/openpam/lib/openpam_features.c Normal file
View file

@ -0,0 +1,69 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_features.c 608 2012-05-17 16:00:13Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define STRUCT_OPENPAM_FEATURE(name, descr, dflt) \
[OPENPAM_##name] = { \
"OPENPAM_" #name, \
descr, \
dflt \
}
struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
STRUCT_OPENPAM_FEATURE(
RESTRICT_SERVICE_NAME,
"Disallow path separators in service names",
1
),
STRUCT_OPENPAM_FEATURE(
VERIFY_POLICY_FILE,
"Verify ownership and permissions of policy files",
1
),
STRUCT_OPENPAM_FEATURE(
RESTRICT_MODULE_NAME,
"Disallow path separators in module names",
0
),
STRUCT_OPENPAM_FEATURE(
VERIFY_MODULE_FILE,
"Verify ownership and permissions of module files",
1
),
};

48
contrib/openpam/lib/openpam_features.h Normal file
View file

@ -0,0 +1,48 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef OPENPAM_FEATURES_H_INCLUDED
#define OPENPAM_FEATURES_H_INCLUDED
struct openpam_feature {
const char *name;
const char *desc;
int onoff;
};
extern struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES];
/* shortcut for internal use */
#define OPENPAM_FEATURE(f) \
openpam_features[OPENPAM_##f].onoff
#endif

99
contrib/openpam/lib/openpam_get_feature.c Normal file
View file

@ -0,0 +1,99 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_get_feature.c 608 2012-05-17 16:00:13Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
* Query the state of an optional feature.
*/
int
openpam_get_feature(int feature, int *onoff)
{
ENTERF(feature);
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
RETURNC(PAM_SYMBOL_ERR);
*onoff = openpam_features[feature].onoff;
RETURNC(PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYMBOL_ERR
*/
/**
* EXPERIMENTAL
*
* The =openpam_get_feature function stores the current state of the
* specified feature in the variable pointed to by its =onoff argument.
*
* The following features are recognized:
*
* =OPENPAM_RESTRICT_SERVICE_NAME:
* Disallow path separators in service names.
* This feature is enabled by default.
* Disabling it allows the application to specify the path to
* the desired policy file directly.
*
* =OPENPAM_VERIFY_POLICY_FILE:
* Verify the ownership and permissions of the policy file
* and the path leading up to it.
* This feature is enabled by default.
*
* =OPENPAM_RESTRICT_MODULE_NAME:
* Disallow path separators in module names.
* This feature is disabled by default.
* Enabling it prevents the use of modules in non-standard
* locations.
*
* =OPENPAM_VERIFY_MODULE_FILE:
* Verify the ownership and permissions of each loadable
* module and the path leading up to it.
* This feature is enabled by default.
*
*
* >openpam_set_feature
*
* AUTHOR DES
*/

3
contrib/openpam/lib/openpam_get_option.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_get_option.c 482 2011-11-03 16:33:02Z des $
* $Id: openpam_get_option.c 531 2012-03-31 14:24:37Z des $
*/
#ifdef HAVE_CONFIG_H
@ -44,7 +44,6 @@
#include <string.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"

18
contrib/openpam/lib/openpam_impl.h
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_impl.h 499 2011-11-22 11:51:50Z des $
* $Id: openpam_impl.h 594 2012-04-14 14:18:41Z des $
*/
#ifndef OPENPAM_IMPL_H_INCLUDED
@ -157,9 +157,23 @@ pam_module_t *openpam_static(const char *);
#endif
pam_module_t *openpam_dynamic(const char *);
#define FREE(p) do { free((p)); (p) = NULL; } while (0)
#define FREE(p) \
do { \
free(p); \
(p) = NULL; \
} while (0)
#define FREEV(c, v) \
do { \
while (c) { \
--(c); \
FREE((v)[(c)]); \
} \
FREE(v); \
} while (0)
#include "openpam_constants.h"
#include "openpam_debug.h"
#include "openpam_features.h"
#endif

6
contrib/openpam/lib/openpam_load.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_load.c 491 2011-11-12 00:12:32Z des $
* $Id: openpam_load.c 547 2012-04-01 15:01:21Z des $
*/
#ifdef HAVE_CONFIG_H
@ -108,9 +108,7 @@ openpam_destroy_chain(pam_chain_t *chain)
return;
openpam_destroy_chain(chain->next);
chain->next = NULL;
while (chain->optc--)
FREE(chain->optv[chain->optc]);
FREE(chain->optv);
FREEV(chain->optc, chain->optv);
openpam_release_module(chain->module);
chain->module = NULL;
FREE(chain);

14
contrib/openpam/lib/openpam_log.c
View file

@ -32,18 +32,17 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_log.c 437 2011-09-13 12:00:13Z des $
* $Id: openpam_log.c 544 2012-03-31 22:47:15Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <ctype.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <security/pam_appl.h>
@ -71,6 +70,7 @@ openpam_log(int level, const char *fmt, ...)
int priority;
switch (level) {
case PAM_LOG_LIBDEBUG:
case PAM_LOG_DEBUG:
if (!openpam_debug)
return;
@ -100,8 +100,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
va_list ap;
char *format;
int priority;
int serrno;
switch (level) {
case PAM_LOG_LIBDEBUG:
case PAM_LOG_DEBUG:
if (!openpam_debug)
return;
@ -119,10 +121,13 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
break;
}
va_start(ap, fmt);
serrno = errno;
if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
errno = serrno;
vsyslog(priority, format, ap);
FREE(format);
} else {
errno = serrno;
vsyslog(priority, fmt, ap);
}
va_end(ap);
@ -137,6 +142,9 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
* The =level argument indicates the importance of the message.
* The following levels are defined:
*
* =PAM_LOG_LIBDEBUG:
* Debugging messages.
* For internal use only.
* =PAM_LOG_DEBUG:
* Debugging messages.
* These messages are normally not logged unless the global

52
contrib/openpam/lib/openpam_readline.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_readline.c 473 2011-11-03 10:48:25Z des $
* $Id: openpam_readline.c 596 2012-04-14 14:52:40Z des $
*/
#ifdef HAVE_CONFIG_H
@ -44,6 +44,7 @@
#include <stdlib.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define MIN_LINE_LENGTH 128
@ -61,22 +62,11 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
size_t len, size;
int ch;
if ((line = malloc(MIN_LINE_LENGTH)) == NULL)
if ((line = malloc(size = MIN_LINE_LENGTH)) == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
return (NULL);
size = MIN_LINE_LENGTH;
}
len = 0;
#define line_putch(ch) do { \
if (len >= size - 1) { \
char *tmp = realloc(line, size *= 2); \
if (tmp == NULL) \
goto fail; \
line = tmp; \
} \
line[len++] = ch; \
line[len] = '\0'; \
} while (0)
for (;;) {
ch = fgetc(f);
/* strip comment */
@ -105,26 +95,15 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
/* done */
break;
}
/* whitespace */
if (isspace(ch)) {
/* ignore leading whitespace */
/* collapse linear whitespace */
if (len > 0 && line[len - 1] != ' ')
line_putch(' ');
continue;
}
/* anything else */
line_putch(ch);
if (openpam_straddch(&line, &size, &len, ch) != 0)
goto fail;
}
/* remove trailing whitespace */
while (len > 0 && isspace((unsigned char)line[len - 1]))
--len;
line[len] = '\0';
if (len == 0)
goto fail;
if (lenp != NULL)
*lenp = len;
openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", line);
return (line);
fail:
FREE(line);
@ -132,16 +111,18 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
}
/**
* DEPRECATED openpam_readlinev
*
* The =openpam_readline function reads a line from a file, and returns it
* in a NUL-terminated buffer allocated with =malloc.
* in a NUL-terminated buffer allocated with =!malloc.
*
* The =openpam_readline function performs a certain amount of processing
* on the data it reads:
*
* - Comments (introduced by a hash sign) are stripped, as is leading and
* trailing whitespace.
* - Any amount of linear whitespace is collapsed to a single space.
* - Comments (introduced by a hash sign) are stripped.
*
* - Blank lines are ignored.
*
* - If a line ends in a backslash, the backslash is stripped and the
* next line is appended.
*
@ -152,5 +133,8 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
* terminating NUL character) is stored in the variable it points to.
*
* The caller is responsible for releasing the returned buffer by passing
* it to =free.
* it to =!free.
*
* >openpam_readlinev
* >openpam_readword
*/

156
contrib/openpam/lib/openpam_readlinev.c Normal file
View file

@ -0,0 +1,156 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_readlinev.c 588 2012-04-08 11:52:25Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define MIN_WORDV_SIZE 32
/*
* OpenPAM extension
*
* Read a line from a file and split it into words.
*/
char **
openpam_readlinev(FILE *f, int *lineno, int *lenp)
{
char *word, **wordv, **tmp;
size_t wordlen, wordvsize;
int ch, serrno, wordvlen;
wordvsize = MIN_WORDV_SIZE;
wordvlen = 0;
if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
errno = ENOMEM;
return (NULL);
}
wordv[wordvlen] = NULL;
while ((word = openpam_readword(f, lineno, &wordlen)) != NULL) {
if ((unsigned int)wordvlen + 1 >= wordvsize) {
/* need to expand the array */
wordvsize *= 2;
tmp = realloc(wordv, wordvsize * sizeof *wordv);
if (tmp == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
errno = ENOMEM;
break;
}
wordv = tmp;
}
/* insert our word */
wordv[wordvlen++] = word;
wordv[wordvlen] = NULL;
}
if (errno != 0) {
/* I/O error or out of memory */
serrno = errno;
while (wordvlen--)
free(wordv[wordvlen]);
free(wordv);
errno = serrno;
return (NULL);
}
/* assert(!ferror(f)) */
ch = fgetc(f);
/* assert(ch == EOF || ch == '\n') */
if (ch == EOF && wordvlen == 0) {
free(wordv);
return (NULL);
}
if (ch == '\n' && lineno != NULL)
++*lineno;
if (lenp != NULL)
*lenp = wordvlen;
return (wordv);
}
/**
* The =openpam_readlinev function reads a line from a file, splits it
* into words according to the rules described in the =openpam_readword
* manual page, and returns a list of those words.
*
* If =lineno is not =NULL, the integer variable it points to is
* incremented every time a newline character is read.
* This includes quoted or escaped newline characters and the newline
* character at the end of the line.
*
* If =lenp is not =NULL, the number of words on the line is stored in the
* variable to which it points.
*
* RETURN VALUES
*
* If successful, the =openpam_readlinev function returns a pointer to a
* dynamically allocated array of pointers to individual dynamically
* allocated NUL-terminated strings, each containing a single word, in the
* order in which they were encountered on the line.
* The array is terminated by a =NULL pointer.
*
* The caller is responsible for freeing both the array and the individual
* strings by passing each of them to =!free.
*
* If the end of the line was reached before any words were read,
* =openpam_readlinev returns a pointer to a dynamically allocated array
* containing a single =NULL pointer.
*
* The =openpam_readlinev function can fail and return =NULL for one of
* four reasons:
*
* - The end of the file was reached before any words were read; :errno is
* zero, =!ferror returns zero, and =!feof returns a non-zero value.
*
* - The end of the file was reached while a quote or backslash escape
* was in effect; :errno is set to =EINVAL, =!ferror returns zero, and
* =!feof returns a non-zero value.
*
* - An error occurred while reading from the file; :errno is non-zero,
* =!ferror returns a non-zero value and =!feof returns zero.
*
* - A =!malloc or =!realloc call failed; :errno is set to =ENOMEM,
* =!ferror returns a non-zero value, and =!feof may or may not return
* a non-zero value.
*
* >openpam_readline
* >openpam_readword
*
* AUTHOR DES
*/

207
contrib/openpam/lib/openpam_readword.c Normal file
View file

@ -0,0 +1,207 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_readword.c 588 2012-04-08 11:52:25Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#include "openpam_ctype.h"
#define MIN_WORD_SIZE 32
/*
* OpenPAM extension
*
* Read a word from a file, respecting shell quoting rules.
*/
char *
openpam_readword(FILE *f, int *lineno, size_t *lenp)
{
char *word;
size_t size, len;
int ch, comment, escape, quote;
int serrno;
errno = 0;
/* skip initial whitespace */
comment = 0;
while ((ch = getc(f)) != EOF && ch != '\n') {
if (ch == '#')
comment = 1;
if (!is_lws(ch) && !comment)
break;
}
if (ch == EOF)
return (NULL);
ungetc(ch, f);
if (ch == '\n')
return (NULL);
word = NULL;
size = len = 0;
escape = quote = 0;
while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
if (ch == '\\' && !escape && quote != '\'') {
/* escape next character */
escape = ch;
} else if ((ch == '\'' || ch == '"') && !quote && !escape) {
/* begin quote */
quote = ch;
/* edge case: empty quoted string */
if (word == NULL && (word = malloc(1)) == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
errno = ENOMEM;
return (NULL);
}
*word = '\0';
size = 1;
} else if (ch == quote && !escape) {
/* end quote */
quote = 0;
} else if (ch == '\n' && escape && quote != '\'') {
/* line continuation */
escape = 0;
} else {
if (escape && quote && ch != '\\' && ch != quote &&
openpam_straddch(&word, &size, &len, '\\') != 0) {
free(word);
errno = ENOMEM;
return (NULL);
}
if (openpam_straddch(&word, &size, &len, ch) != 0) {
free(word);
errno = ENOMEM;
return (NULL);
}
escape = 0;
}
if (lineno != NULL && ch == '\n')
++*lineno;
}
if (ch == EOF && ferror(f)) {
serrno = errno;
free(word);
errno = serrno;
return (NULL);
}
if (ch == EOF && (escape || quote)) {
/* Missing escaped character or closing quote. */
openpam_log(PAM_LOG_ERROR, "unexpected end of file");
free(word);
errno = EINVAL;
return (NULL);
}
ungetc(ch, f);
if (lenp != NULL)
*lenp = len;
return (word);
}
/**
* The =openpam_readword function reads the next word from a file, and
* returns it in a NUL-terminated buffer allocated with =!malloc.
*
* A word is a sequence of non-whitespace characters.
* However, whitespace characters can be included in a word if quoted or
* escaped according to the following rules:
*
* - An unescaped single or double quote introduces a quoted string,
* which ends when the same quote character is encountered a second
* time.
* The quotes themselves are stripped.
*
* - Within a single- or double-quoted string, all whitespace characters,
* including the newline character, are preserved as-is.
*
* - Outside a quoted string, a backslash escapes the next character,
* which is preserved as-is, unless that character is a newline, in
* which case it is discarded and reading continues at the beginning of
* the next line as if the backslash and newline had not been there.
* In all cases, the backslash itself is discarded.
*
* - Within a single-quoted string, double quotes and backslashes are
* preserved as-is.
*
* - Within a double-quoted string, a single quote is preserved as-is,
* and a backslash is preserved as-is unless used to escape a double
* quote.
*
* In addition, if the first non-whitespace character on the line is a
* hash character (#), the rest of the line is discarded.
* If a hash character occurs within a word, however, it is preserved
* as-is.
* A backslash at the end of a comment does cause line continuation.
*
* If =lineno is not =NULL, the integer variable it points to is
* incremented every time a quoted or escaped newline character is read.
*
* If =lenp is not =NULL, the length of the word (after quotes and
* backslashes have been removed) is stored in the variable it points to.
*
* RETURN VALUES
*
* If successful, the =openpam_readword function returns a pointer to a
* dynamically allocated NUL-terminated string containing the first word
* encountered on the line.
*
* The caller is responsible for releasing the returned buffer by passing
* it to =!free.
*
* If =openpam_readword reaches the end of the line or file before any
* characters are copied to the word, it returns =NULL. In the former
* case, the newline is pushed back to the file.
*
* If =openpam_readword reaches the end of the file while a quote or
* backslash escape is in effect, it sets :errno to =EINVAL and returns
* =NULL.
*
* IMPLEMENTATION NOTES
*
* The parsing rules are intended to be equivalent to the normal POSIX
* shell quoting rules.
* Any discrepancy is a bug and should be reported to the author along
* with sample input that can be used to reproduce the error.
*
* >openpam_readline
* >openpam_readlinev
*
* AUTHOR DES
*/

75
contrib/openpam/lib/openpam_set_feature.c Normal file
View file

@ -0,0 +1,75 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_set_feature.c 608 2012-05-17 16:00:13Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
* Enable or disable an optional feature.
*/
int
openpam_set_feature(int feature, int onoff)
{
ENTERF(feature);
if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
RETURNC(PAM_SYMBOL_ERR);
openpam_features[feature].onoff = onoff;
RETURNC(PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYMBOL_ERR
*/
/**
* EXPERIMENTAL
*
* The =openpam_set_feature function sets the state of the specified
* feature to the value specified by the =onoff argument.
* See =openpam_get_feature for a list of recognized features.
*
* >openpam_get_feature
*
* AUTHOR DES
*/

3
contrib/openpam/lib/openpam_set_option.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_set_option.c 482 2011-11-03 16:33:02Z des $
* $Id: openpam_set_option.c 532 2012-03-31 14:24:53Z des $
*/
#ifdef HAVE_CONFIG_H
@ -46,7 +46,6 @@
#include <string.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"

111
contrib/openpam/lib/openpam_straddch.c Normal file
View file

@ -0,0 +1,111 @@
/*-
* Copyright (c) 2012 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_straddch.c 568 2012-04-05 14:35:53Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <errno.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#define MIN_STR_SIZE 32
/*
* OpenPAM extension
*
* Add a character to a string, expanding the buffer if needed.
*/
int
openpam_straddch(char **str, size_t *size, size_t *len, int ch)
{
size_t tmpsize;
char *tmpstr;
if (*str == NULL) {
/* initial allocation */
tmpsize = MIN_STR_SIZE;
if ((tmpstr = malloc(tmpsize)) == NULL) {
openpam_log(PAM_LOG_ERROR, "malloc(): %m");
errno = ENOMEM;
return (-1);
}
*str = tmpstr;
*size = tmpsize;
*len = 0;
} else if (*len + 1 >= *size) {
/* additional space required */
tmpsize = *size * 2;
if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
openpam_log(PAM_LOG_ERROR, "realloc(): %m");
errno = ENOMEM;
return (-1);
}
*size = tmpsize;
*str = tmpstr;
}
(*str)[*len] = ch;
++*len;
(*str)[*len] = '\0';
return (0);
}
/**
* The =openpam_straddch function appends a character to a dynamically
* allocated NUL-terminated buffer, reallocating the buffer as needed.
*
* The =str argument points to a variable containing either a pointer to
* an existing buffer or =NULL.
* If the value of the variable pointed to by =str is =NULL, a new buffer
* is allocated.
*
* The =size and =len argument point to variables used to hold the size
* of the buffer and the length of the string it contains, respectively.
*
* If a new buffer is allocated or an existing buffer is reallocated to
* make room for the additional character, =str and =size are updated
* accordingly.
*
* The =openpam_straddch function ensures that the buffer is always
* NUL-terminated.
*
* If the =openpam_straddch function is successful, it increments the
* integer variable pointed to by =len and returns 0.
* Otherwise, it leaves the variables pointed to by =str, =size and =len
* unmodified, sets :errno to =ENOMEM and returns -1.
*
* AUTHOR DES
*/

54
contrib/openpam/lib/openpam_strlcat.h Normal file
View file

@ -0,0 +1,54 @@
/*-
* Copyright (c) 2011 Dag-Erling Smørgrav
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_strlcat.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_STRLCAT_H_INCLUDED
#define OPENPAM_STRLCAT_H_INCLUDED
#ifndef HAVE_STRLCAT
/* like strcat(3), but always NUL-terminates; returns strlen(src) */
static size_t
strlcat(char *dst, const char *src, size_t size)
{
size_t len;
for (len = 0; *dst && size > 1; ++len, --size)
dst++;
for (; *src && size > 1; ++len, --size)
*dst++ = *src++;
*dst = '\0';
while (*src)
++len, ++src;
return (len);
}
#endif
#endif

5
contrib/openpam/lib/openpam_strlcmp.h
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_strlcmp.h 475 2011-11-03 15:29:24Z des $
* $Id: openpam_strlcmp.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_STRLCMP_H_INCLUDED

7
contrib/openpam/lib/openpam_strlcpy.h
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_strlcpy.h 492 2011-11-20 02:04:17Z des $
* $Id: openpam_strlcpy.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_STRLCPY_H_INCLUDED
@ -32,7 +35,7 @@
#ifndef HAVE_STRLCPY
/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
size_t
static size_t
strlcpy(char *dst, const char *src, size_t size)
{
size_t len;

5
contrib/openpam/lib/openpam_subst.c
View file

@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_subst.c 461 2011-11-02 14:00:38Z des $
* $Id: openpam_subst.c 543 2012-03-31 22:11:34Z des $
*/
#ifdef HAVE_CONFIG_H

12
contrib/openpam/lib/openpam_ttyconv.c
View file

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_ttyconv.c 437 2011-09-13 12:00:13Z des $
* $Id: openpam_ttyconv.c 527 2012-02-26 03:23:59Z des $
*/
#ifdef HAVE_CONFIG_H
@ -69,17 +69,17 @@ prompt(const char *msg)
{
char buf[PAM_MAX_RESP_SIZE];
struct sigaction action, saved_action;
sigset_t saved_sigset, sigset;
sigset_t saved_sigset, the_sigset;
unsigned int saved_alarm;
int eof, error, fd;
size_t len;
char *retval;
char ch;
sigemptyset(&sigset);
sigaddset(&sigset, SIGINT);
sigaddset(&sigset, SIGTSTP);
sigprocmask(SIG_SETMASK, &sigset, &saved_sigset);
sigemptyset(&the_sigset);
sigaddset(&the_sigset, SIGINT);
sigaddset(&the_sigset, SIGTSTP);
sigprocmask(SIG_SETMASK, &the_sigset, &saved_sigset);
action.sa_handler = &timeout;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);

Some files were not shown because too many files have changed in this diff Show more