diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
| commit | f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (patch) | |
| tree | 402838c53047b0e21466a653ae88d86a8e4b7b65 /libpam/pam_dispatch.c | |
| parent | 795badba7f95e737f979917859cd32c9bd47bcad (diff) | |
| parent | 1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 (diff) | |
| download | pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.gz pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.bz2 pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.zip | |
New upstream version 1.3.0
Diffstat (limited to 'libpam/pam_dispatch.c')
| -rw-r--r-- | libpam/pam_dispatch.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index eb52c824..cf632e8e 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -217,8 +217,14 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, status = retval; } } - if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { - goto decision_made; + if ( impression == _PAM_POSITIVE ) { + if ( retval == PAM_SUCCESS ) { + h->grantor = 1; + } + + if ( action == _PAM_ACTION_DONE ) { + goto decision_made; + } } break; @@ -262,6 +268,9 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { if ( retval != PAM_IGNORE || cached_retval == retval ) { + if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { + h->grantor = 1; + } impression = _PAM_POSITIVE; status = retval; } @@ -308,6 +317,13 @@ decision_made: /* by getting here we have made a decision */ return status; } +static void _pam_clear_grantors(struct handler *h) +{ + for (; h != NULL; h = h->next) { + h->grantor = 0; + } +} + /* * This function translates the module dispatch request into a pointer * to the stack of modules that will actually be run. the @@ -318,21 +334,21 @@ decision_made: /* by getting here we have made a decision */ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) { struct handler *h = NULL; - int retval, use_cached_chain; + int retval = PAM_SYSTEM_ERR, use_cached_chain; _pam_boolean resumed; IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from a module!?")); - return PAM_SYSTEM_ERR; + goto end; } /* Load all modules, resolve all symbols */ if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); - return retval; + goto end; } use_cached_chain = _PAM_PLEASE_FREEZE; @@ -360,7 +376,8 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) break; default: pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); - return PAM_ABORT; + retval = PAM_ABORT; + goto end; } if (h == NULL) { /* there was no handlers.conf... entry; will use @@ -393,11 +410,13 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) pam_syslog(pamh, LOG_ERR, "application failed to re-exec stack [%d:%d]", pamh->former.choice, choice); - return PAM_ABORT; + retval = PAM_ABORT; + goto end; } resumed = PAM_TRUE; } else { resumed = PAM_FALSE; + _pam_clear_grantors(h); } __PAM_TO_MODULE(pamh); @@ -417,5 +436,13 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) pamh->former.choice = PAM_NOT_STACKED; } +end: + +#ifdef HAVE_LIBAUDIT + if (choice != PAM_CHAUTHTOK || flags & PAM_UPDATE_AUTHTOK || retval != PAM_SUCCESS) { + retval = _pam_auditlog(pamh, choice, retval, flags, h); + } +#endif + return retval; } |