diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2001-01-20 22:29:47 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2001-01-20 22:29:47 +0000 |
| commit | a621d60e903247f1898a770f0f67786f5dc465da (patch) | |
| tree | bab7d1caf2d8a3d4689272eb721844dda6e1ac76 | |
| parent | a7339317595a92cde290f04bda5106bd99f73177 (diff) | |
| download | pam-a621d60e903247f1898a770f0f67786f5dc465da.tar.gz pam-a621d60e903247f1898a770f0f67786f5dc465da.tar.bz2 pam-a621d60e903247f1898a770f0f67786f5dc465da.zip | |
Relevant BUGIDs: 108786
Purpose of commit: cleanup
Commit summary:
---------------
This brings the binary prompt hooks in libpam_misc's conversation
function into line with the current libpamc library.
| -rw-r--r-- | Make.Rules.in | 3 | ||||
| -rw-r--r-- | Makefile | 288 | ||||
| -rw-r--r-- | libpam_misc/include/security/pam_misc.h | 5 | ||||
| -rw-r--r-- | libpam_misc/misc_conv.c | 70 | ||||
| -rw-r--r-- | libpamc/include/security/pam_client.h | 42 | ||||
| -rw-r--r-- | libpamc/pamc_converse.c | 2 | ||||
| -rwxr-xr-x | libpamc/test/agents/secret@here | 3 | ||||
| -rw-r--r-- | libpamc/test/modules/pam_secret.c | 16 | ||||
| -rw-r--r-- | libpamc/test/regress/test.libpamc.c | 18 |
9 files changed, 88 insertions, 359 deletions
diff --git a/Make.Rules.in b/Make.Rules.in index 1a81f89f..e6c77fa0 100644 --- a/Make.Rules.in +++ b/Make.Rules.in @@ -32,7 +32,8 @@ MINOR_REL=@LIBPAM_VERSION_MINOR@ # Linux-PAM. True, they are a little anal. Pay attention to the comments # they generate. -HEADER_DIRS=-I./include -I$(absolute_srcdir)/libpam/include -I$(absolute_srcdir) +HEADER_DIRS=-I./include -I$(absolute_srcdir)/libpam/include \ + -I$(absolute_srcdir) -I$(absolute_srcdir)/libpamc/include WARNINGS=@WARNINGS@ OS_CFLAGS=@OS_CFLAGS@ PIC=@PIC@ @@ -72,289 +72,7 @@ release: echo to ../$(DISTNAME) . ; fi @diff ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/Make.Rules Make.Rules make distclean - cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz --exclude CVS --exclude .cvsignore --exclude '.#*' $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/* + cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz \ + --exclude CVS --exclude .cvsignore --exclude '.#*' \ + $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/* -## ================= - -ifdef LEGACY_OLD_MAKEFILE - -# major and minor numbers of this release -MAJOR_REL=0 -MINOR_REL=72 -DEBUG_REL=no -#DEBUG_REL=yes - -# this should be the name of this directory (under CVS) -DISTNAME = Linux-PAM -# this should be the name of this directory (when generating the release) -RELNAME = $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) - -# this is the name of the archive file -DISTFILE = $(RELNAME).tar.gz - -# define this to indicate to subdirectories that they are part of the -# full source tree. -FULL_LINUX_PAM_SOURCE_TREE=yes -export FULL_LINUX_PAM_SOURCE_TREE - -DYNLOAD="dl" -DYNTYPE="so" - -# Comment out either line to disable that type of linking for *modules only* -# Both at once is a legal configuration! -DYNAMIC=-DPAM_DYNAMIC -#STATIC=-DPAM_STATIC - -# Comment out these lines to disable building dynamic/static libpam.* -DYNAMIC_LIBPAM=yes -#STATIC_LIBPAM=yes - -# All combinations of the above four variable definitions are legal, -# however, not defining either dynamic or static modules and yet -# creating a some flavor of LIBPAM will make an authentication library -# that always fails! - -# Here we indicate which libraries are present on the local system -# they control the building of some modules in this distribution -# Note, these definitions are all "export"ed below... - -HAVE_PWDBLIB=yes -HAVE_CRACKLIB=yes -HAVE_AFSLIBS=no -HAVE_KRBLIBS=no - -# NB. The following is the generic defines for compilation. -# They can be overridden in the default.defs file below -# -WARNINGS = -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ - -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ - -Wnested-externs -Winline -Wshadow -pedantic -PIC=-fPIC - -# Mode to install shared libraries with -SHLIBMODE=755 - -# -# Conditional defines.. -# - -ifdef DYNAMIC -# need the dynamic library functions -LIBDL=-l$(DYNLOAD) -ifdef STATIC_LIBPAM -# needed because pam_xxx() fn's are now in statically linked library -RDYNAMIC = -rdynamic -endif -endif - -# Here we include the defines for the preferred operating system -# these include things like CC, CFLAGS and destination directories -# etc.. By default, this is a symbolic link to one of the .defs files -# the .../defs/ directory. Please take a moment to check that you are -# using the correct one. - -include default.defs - -# to turn on the fprintf(stderr, ..) debugging lines throughout the -# distribution uncomment this line -#EXTRAS += -DDEBUG - -# For serious memory allocation tracing uncomment the following -#MEMORY_DEBUG=-DMEMORY_DEBUG - -####################################################################### -# The pam_unix module in this file will not work on NIS based systems.# -####################################################################### - -# //////////////////////////////////////////////////// -# // You should not modify anything below this line // -# //////////////////////////////////////////////////// - -# the sub-directories to make things in - -DIRS = modules libpam conf libpam_misc libpamc examples - -# -# basic defines -# - -INCLUDEDIR=-I$(shell pwd)/include -PAMLIB=-L$(shell pwd)/libpam -PAMMISCLIB=-L$(shell pwd)/libpam_misc -ifeq ($(DEBUG_REL),yes) - PAMLIB += -lpamd - PAMMISCLIB += -lpamd_misc -else - PAMLIB += -lpam - PAMMISCLIB += -lpam_misc -endif - - -# This is Linux-PAM and not a version from Sun etc.. -# [Note, this does not describe the operating system you are using -# only that you are compiling the "Linux" (read FREE) implementation -# of Pluggable Authentication Modules. -EXTRAS += -DLINUX_PAM - -# -# build composite defines -# - -LOADLIBES = $(PAMLIB) $(RDYNAMIC) $(PAMMISCLIB) $(LIBDL) $(ULIBS) - -CFLAGS += $(EXTRAS) $(MEMORY_DEBUG) $(WARNINGS) $(INCLUDEDIR) $(PIC) -ifneq ($(strip $(OS)),) -CFLAGS += -D$(OS) -endif -ifneq ($(strip $(ARCH)),) -CFLAGS += -D$(ARCH) -endif - -# -# export the libraries-available info; the modules should know how -# to deal with this... -# -export HAVE_PWDBLIB -export HAVE_CRACKLIB -export HAVE_AFSLIBS -export HAVE_KRBLIBS - -# -# generic exports -# -export MAJOR_REL # the major release of this distribution -export MINOR_REL # the minor release of this distribution -export DEBUG_REL # for installing a debugging version of PAM -export OS # operating system -export ARCH # architecture -export CC # the C compiler -export INSTALL # to do instalations with -export MKDIR # to ensure directories exist -export CFLAGS # CC flags used to compile everything -export LD_D # build a shared object file (module) -export LD_L # build a shared library (e.g. libpam) -export USESONAME # does shlib link command require soname option -export SOSWITCH # shlib lib soname switch name -export LINKLIBS # libraries to append when making dynamic libs -export NEEDSONAME # does shared library link need versioned lib -export LD # build a generic library -export LDCONFIG # rebuild the shared libraries -export AR # build a static library -export RANLIB # reorder a static library -export LOADLIBES # libraries needed for application linking -export PAMLIB # where to find the local libpam.xx file -export DYNTYPE # which suffix is used for libraries -export SHLIBMODE # file mode for shared objects -export EXTRALS # libraries that some modules need -export LIBDL # extra library for libpam.so -# -# where to install things -# -export FAKEROOT # for package maintainers -# -export PREFIX # basic prefix for all other directories -export SUPLEMENTED # where to store module helper binaries -export LIBDIR # where libpam and libpam_misc go -export SECUREDIR # where the modules will be placed -export INCLUDED # where to store pam---.h files -export CONFIGED # where pam.conf and pam.d/ go -export SCONFIGED # where modules' config files go - -# -# Conditional exporting ( ... these go on for a while... ) -# -ifdef DYNAMIC -export DYNAMIC -endif -ifdef STATIC -export STATIC -endif -ifdef DYNAMIC_LIBPAM -export DYNAMIC_LIBPAM -endif -ifdef STATIC_LIBPAM -export STATIC_LIBPAM -endif -ifdef MEMORY_DEBUG -export MEMORY_DEBUG -endif - -## -## the rules -## - -all: .freezemake headers - - @for i in $(DIRS) ; do \ - $(MAKE) -C $$i all ; \ - if [ $$? -ne 0 ]; then break ; fi ; \ - done - -.freezemake: Makefile - @touch .freezemake - @echo "*WARNING*: If you are running a system that is dependent" - @echo " on PAM to work. DO NOT make sterile NOR make remove." - @echo " These options will delete the PAM files on your system" - @echo " and make it unusable!" - @echo "" - @echo "If you are in any doubt, just do 'make all' (or just" - @echo "'make'). It is likely that this is the SAFEST thing to do...." - @exit 1 - -install: - @for i in $(DIRS) ; do \ - $(MAKE) -C $$i install ; \ - if [ $$? -ne 0 ]; then break ; fi ; \ - done - -sterile: .freezemake - @$(MAKE) remove - @$(MAKE) extraclean - -remove: .freezemake - @for i in $(DIRS) ; do \ - $(MAKE) -C $$i remove ; \ - done - -clean: - @rm -f *~ core - @for i in $(DIRS) ; do \ - $(MAKE) -C $$i clean ; \ - done - -headers: - @mkdir -p include/security && cd include/security \ - && ln -fs ../../libpam/include/security/*.h . \ - && ln -fs ../../libpam_misc/*.h . \ - && ln -fs ../../libpamc/include/security/*.h . - -cl_headers: - @cd include/security ; rm -f *.h - -extraclean: - make cl_headers - @for i in $(DIRS) doc ; do \ - $(MAKE) -C $$i extraclean ; \ - done - -check: - @$(MAKE) -C conf check - -open: - @find . \( -type f -a -perm 644 \) -print - -release: - @egrep '^DEBUG\_REL\=yes' Makefile|grep -v grep > /dev/null ;\ - if [ $$? -eq 0 ]; then \ - echo "You should first set DEBUG_REL to no" ; exit 1 ; fi - $(MAKE) extraclean - rm -f .freezemake - touch .filelist - chmod 600 .filelist - cd .. ; find $(RELNAME) \! -type d -print | fgrep -v 'conf/.md5sum' > $(RELNAME)/.filelist - chmod 400 .filelist - $(MAKE) check - (cat .filelist ; echo $(RELNAME)/conf/.md5sum) | (cd .. ; tar -cz -f$(DISTFILE) -T-) - -endif # LEGACY_OLD_MAKEFILE diff --git a/libpam_misc/include/security/pam_misc.h b/libpam_misc/include/security/pam_misc.h index fbf7a9f1..b1ae03d0 100644 --- a/libpam_misc/include/security/pam_misc.h +++ b/libpam_misc/include/security/pam_misc.h @@ -4,6 +4,7 @@ #define __PAMMISC_H #include <security/pam_appl.h> +#include <security/pam_client.h> /* include some useful macros */ @@ -21,8 +22,8 @@ extern time_t pam_misc_conv_die_time; /* cut-off time for input */ extern const char *pam_misc_conv_warn_line; /* warning notice */ extern const char *pam_misc_conv_die_line; /* cut-off remark */ extern int pam_misc_conv_died; /* 1 = cut-off time reached (0 not) */ -extern int (*pam_binary_handler_fn)(const void *send, void **receive); - +extern int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); +extern void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p); /* * Environment helper functions */ diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c index 73ba5a83..7d4b1b99 100644 --- a/libpam_misc/misc_conv.c +++ b/libpam_misc/misc_conv.c @@ -37,39 +37,23 @@ const char *pam_misc_conv_die_line = "..\a.Sorry, your time is up!\n"; int pam_misc_conv_died=0; /* application can probe this for timeout */ -static void pam_misc_conv_delete_binary(void **delete_me) +/* + * These functions are for binary prompt manipulation. + * The manner in which a binary prompt is processed is application + * specific, so these function pointers are provided and can be + * initialized by the application prior to the conversation function + * being used. + */ + +static void pam_misc_conv_delete_binary(void *appdata, + pamc_bp_t *delete_me) { - if (delete_me && *delete_me) { - unsigned char *packet = *(unsigned char **)delete_me; - int length; - - length = (packet[0]<<24)+(packet[1]<<16)+(packet[2]<<8)+packet[3]; - memset(packet, 0, length); - free(packet); - *delete_me = packet = NULL; - } + PAM_BP_RENEW(delete_me, 0, 0); } -/* These function pointers are for application specific binary - conversations. One or both of the arguments to the first function - must be non-NULL. The first function must return PAM_SUCCESS or - PAM_CONV_ERR. If input is non-NULL, a response is expected, this - response should be malloc()'d and will eventually be free()'d by - the calling module. The structure of this malloc()'d response is as - follows: - - { int length, char data[length] } - - For convenience, the pointer used by the two function pointer - prototypes is 'void *'. - - The ...free() fn pointer is used to discard a binary message that - is not of the default form. It should be explicitly overwritten - when using some other convention for the structure of a binary - prompt (not recommended). */ - -int (*pam_binary_handler_fn)(const void *send, void **receive) = NULL; -void (*pam_binary_handler_free)(void **packet_p) = pam_misc_conv_delete_binary; +int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p) = NULL; +void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p) + = pam_misc_conv_delete_binary; /* the following code is used to get text input */ @@ -273,16 +257,25 @@ int misc_conv(int num_msg, const struct pam_message **msgm, break; case PAM_BINARY_PROMPT: { - void *pack_out=NULL; - const void *pack_in = msgm[count]->msg; + pamc_bp_t binary_prompt = NULL; + + if (!msgm[count]->msg || !pam_binary_handler_fn) { + goto failed_conversation; + } + + PAM_BP_RENEW(&binary_prompt, + PAM_BP_RCONTROL(msgm[count]->msg), + PAM_BP_LENGTH(msgm[count]->msg)); + PAM_BP_FILL(binary_prompt, 0, PAM_BP_LENGTH(msgm[count]->msg), + PAM_BP_RDATA(msgm[count]->msg)); - if (!pam_binary_handler_fn - || pam_binary_handler_fn(pack_in, &pack_out) != PAM_SUCCESS - || pack_out == NULL) { + if (pam_binary_handler_fn(appdata_ptr, + &binary_prompt) != PAM_SUCCESS + || (binary_prompt == NULL)) { goto failed_conversation; } - string = (char *) pack_out; - pack_out = NULL; + string = (char *) binary_prompt; + binary_prompt = NULL; break; } @@ -322,7 +315,8 @@ failed_conversation: free(reply[count].resp); break; case PAM_BINARY_PROMPT: - pam_binary_handler_free((void **) &reply[count].resp); + pam_binary_handler_free(appdata_ptr, + (pamc_bp_t *) &reply[count].resp); break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h index 723dd88d..90040fbe 100644 --- a/libpamc/include/security/pam_client.h +++ b/libpamc/include/security/pam_client.h @@ -87,17 +87,20 @@ char **pamc_list_agents(pamc_handle_t pch); # define PAM_BP_FREE free #endif /* PAM_BP_FREE */ -#define __PAM_BP_OCTET(x,y) (*((y) + (__u8 *)(x))) +#define __PAM_BP_WOCTET(x,y) (*((y) + (__u8 *)(x))) +#define __PAM_BP_ROCTET(x,y) (*((y) + (const __u8 *)(x))) #define PAM_BP_MIN_SIZE (sizeof(__u32) + sizeof(__u8)) #define PAM_BP_MAX_LENGTH 0x20000 /* an advisory limit */ -#define PAM_BP_CONTROL(x) (__PAM_BP_OCTET(x,4)) -#define PAM_BP_SIZE(x) ((__PAM_BP_OCTET(x,0)<<24)+ \ - (__PAM_BP_OCTET(x,1)<<16)+ \ - (__PAM_BP_OCTET(x,2)<< 8)+ \ - (__PAM_BP_OCTET(x,3) )) +#define PAM_BP_WCONTROL(x) (__PAM_BP_WOCTET(x,4)) +#define PAM_BP_RCONTROL(x) (__PAM_BP_ROCTET(x,4)) +#define PAM_BP_SIZE(x) ((__PAM_BP_ROCTET(x,0)<<24)+ \ + (__PAM_BP_ROCTET(x,1)<<16)+ \ + (__PAM_BP_ROCTET(x,2)<< 8)+ \ + (__PAM_BP_ROCTET(x,3) )) #define PAM_BP_LENGTH(x) (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE) -#define PAM_BP_DATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x)) +#define PAM_BP_WDATA(x) (PAM_BP_MIN_SIZE + (__u8 *) (x)) +#define PAM_BP_RDATA(x) (PAM_BP_MIN_SIZE + (const __u8 *) (x)) /* Note, this macro always '\0' terminates renewed packets */ @@ -105,7 +108,8 @@ char **pamc_list_agents(pamc_handle_t pch); do { \ if (old_p) { \ if (*(old_p)) { \ - __u32 __size = PAM_BP_SIZE(*(old_p)); \ + __u32 __size; \ + __size = PAM_BP_SIZE(*(old_p)); \ memset(*(old_p), 0, __size); \ PAM_BP_FREE(*(old_p)); \ } \ @@ -114,10 +118,10 @@ do { \ \ __size = PAM_BP_MIN_SIZE + data_length; \ if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \ - __PAM_BP_OCTET(*(old_p), 3) = __size & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ - __PAM_BP_OCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ + __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ (*(old_p))->control = cntrl; \ } else { \ PAM_BP_ASSERT("out of memory for binary prompt"); \ @@ -138,19 +142,19 @@ do { \ if (bp_length < ((length)+(offset))) { \ PAM_BP_ASSERT("attempt to write over end of prompt"); \ } \ - memcpy((offset) + PAM_BP_DATA(prompt), (data), (length)); \ + memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length)); \ } while (0) #define PAM_BP_EXTRACT(prmpt, offset, length, data) \ do { \ - int bp_length; \ - __u8 *prompt = (__u8 *) (prmpt); \ - bp_length = PAM_BP_LENGTH(prompt); \ - if (((offset) < 0) || bp_length < ((length)+(offset)) \ - || (length) < 0) { \ + int __bp_length; \ + const __u8 *__prompt = (const __u8 *) (prmpt); \ + __bp_length = PAM_BP_LENGTH(__prompt); \ + if (((offset) < 0) || (__bp_length < ((length)+(offset))) \ + || ((length) < 0)) { \ PAM_BP_ASSERT("invalid extraction from prompt"); \ } \ - memcpy((data), (offset) + PAM_BP_DATA(prompt), (length)); \ + memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length)); \ } while (0) diff --git a/libpamc/pamc_converse.c b/libpamc/pamc_converse.c index 92ef7525..540a7d86 100644 --- a/libpamc/pamc_converse.c +++ b/libpamc/pamc_converse.c @@ -155,7 +155,7 @@ int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p) /* construct the whole reply prompt */ size = PAM_BP_SIZE(raw); - control = PAM_BP_CONTROL(raw); + control = PAM_BP_RCONTROL(raw); memset(raw, 0, sizeof(raw)); D(("agent replied with prompt of size %d and control %u", diff --git a/libpamc/test/agents/secret@here b/libpamc/test/agents/secret@here index 18d8a661..afdcbaa8 100755 --- a/libpamc/test/agents/secret@here +++ b/libpamc/test/agents/secret@here @@ -261,6 +261,9 @@ sub CreateDigest ($) { or die "you'll need /usr/bin/md5sum installed"; my $oldfd = select MD5in; $|=1; select $oldfd; + if ($debug) { + print STDERR "agent: ". "telling md5: <$data>\n"; + } print MD5in "$data"; close MD5in; my $reply = <MD5out>; diff --git a/libpamc/test/modules/pam_secret.c b/libpamc/test/modules/pam_secret.c index 04c7631b..7efa8c23 100644 --- a/libpamc/test/modules/pam_secret.c +++ b/libpamc/test/modules/pam_secret.c @@ -344,7 +344,7 @@ static int auth_sequence(pam_handle_t *pamh, PAM_BP_RENEW(&new->current_prompt, PAM_BPC_SELECT, sizeof(PS_AGENT_ID) + strlen(rusername) + 1 + strlen(rhostname) + 1 + 32); - sprintf(PAM_BP_DATA(new->current_prompt), + sprintf(PAM_BP_WDATA(new->current_prompt), PS_AGENT_ID "/%s@%s|%.32s", rusername, rhostname, new->server_cookie); @@ -390,7 +390,7 @@ static int auth_sequence(pam_handle_t *pamh, /* find | */ length = PAM_BP_LENGTH(new->current_reply); for (i=0; i<length; ++i) { - if (PAM_BP_DATA(new->current_reply)[i] == '|') { + if (PAM_BP_RDATA(new->current_reply)[i] == '|') { break; } } @@ -407,13 +407,13 @@ static int auth_sequence(pam_handle_t *pamh, } /* copy client cookie */ - memcpy(new->client_cookie, PAM_BP_DATA(new->current_reply)+i, 32); + memcpy(new->client_cookie, PAM_BP_RDATA(new->current_reply)+i, 32); /* generate a prompt that is length(seqid) + length(|) + 32 long */ PAM_BP_RENEW(&new->current_prompt, PAM_BPC_OK, i+32); /* copy the head of the response prompt */ - memcpy(PAM_BP_DATA(new->current_prompt), - PAM_BP_DATA(new->current_reply), i); + memcpy(PAM_BP_WDATA(new->current_prompt), + PAM_BP_RDATA(new->current_reply), i); PAM_BP_RENEW(&new->current_reply, 0, 0); /* look up the secret */ @@ -456,7 +456,7 @@ static int auth_sequence(pam_handle_t *pamh, /* construct md5[<client_cookie>|<server_cookie>|<secret_data>] */ if (! create_digest(new->client_cookie, new->server_cookie, new->secret_data, - PAM_BP_DATA(new->current_prompt)+i)) { + PAM_BP_WDATA(new->current_prompt)+i)) { D(("md5 digesting failed")); new->state = PS_STATE_DEAD; return PAM_ABORT; @@ -497,7 +497,7 @@ static int auth_sequence(pam_handle_t *pamh, return PAM_ABORT; } - cf = strcmp(expectation, PAM_BP_DATA(new->current_reply)); + cf = strcmp(expectation, PAM_BP_RDATA(new->current_reply)); memset(expectation, 0, sizeof(expectation)); if (cf || new->invalid_secret) { D(("failed to authenticate")); @@ -580,7 +580,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, PAM_BP_RENEW(&new_data->current_prompt, PAM_BP_CONTROL(old_data->current_prompt), length); PAM_BP_FILL(new_data->current_prompt, 0, length, - PAM_BP_DATA(old_data->current_prompt)); + PAM_BP_RDATA(old_data->current_prompt)); } /* don't need to duplicate current_reply */ } else { diff --git a/libpamc/test/regress/test.libpamc.c b/libpamc/test/regress/test.libpamc.c index b5fb1b82..b7bc4e4b 100644 --- a/libpamc/test/regress/test.libpamc.c +++ b/libpamc/test/regress/test.libpamc.c @@ -127,10 +127,12 @@ char *create_digest(int length, const char *raw) temp_packet.length = temp_packet.at = 0; temp_packet.buffer = NULL; - append_string(&temp_packet, "/bin/echo -n '", 0); + append_string(&temp_packet, "echo -n '", 0); append_string(&temp_packet, raw, 0); append_string(&temp_packet, "'|/usr/bin/md5sum -", 1); + fprintf(stderr, "am attempting to run [%s]\n", temp_packet.buffer); + pipe = popen(temp_packet.buffer, "r"); if (pipe == NULL) { fprintf(stderr, "server: failed to run\n [%s]\n", temp_packet.buffer); @@ -170,7 +172,13 @@ void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet) data_length = PAM_BP_LENGTH(prompt); packet->at = 0; append_data(packet, data_length, NULL); + PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer); + + fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n", + data_length, + PAM_BP_SIZE(prompt), PAM_BP_RCONTROL(prompt), + PAM_BP_RDATA(prompt)); } int main(int argc, char **argv) @@ -217,9 +225,9 @@ int main(int argc, char **argv) retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after conversation\n"); - if (PAM_BP_CONTROL(prompt) != PAM_BPC_OK) { + if (PAM_BP_RCONTROL(prompt) != PAM_BPC_OK) { fprintf(stderr, "server: prompt had unexpected control type: %u\n", - PAM_BP_CONTROL(prompt)); + PAM_BP_RCONTROL(prompt)); exit(1); } @@ -274,9 +282,9 @@ int main(int argc, char **argv) retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after 2nd conversation\n"); - if (PAM_BP_CONTROL(prompt) != PAM_BPC_DONE) { + if (PAM_BP_RCONTROL(prompt) != PAM_BPC_DONE) { fprintf(stderr, "server: 2nd prompt had unexpected control type: %u\n", - PAM_BP_CONTROL(prompt)); + PAM_BP_RCONTROL(prompt)); exit(1); } |