diff options
Diffstat (limited to 'libpam')
41 files changed, 557 insertions, 1462 deletions
diff --git a/libpam/Makefile.am b/libpam/Makefile.am deleted file mode 100644 index 389d5d02..00000000 --- a/libpam/Makefile.am +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de> -# - -AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ - -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) $(ECONF_CFLAGS) \ - -DPAM_VERSION=\"$(VERSION)\" -DSYSCONFDIR=\"$(sysconfdir)\" \ - $(WARN_CFLAGS) - -CLEANFILES = *~ - -EXTRA_DIST = libpam.map - -include_HEADERS = include/security/_pam_compat.h \ - include/security/_pam_macros.h include/security/_pam_types.h \ - include/security/pam_appl.h include/security/pam_modules.h \ - include/security/pam_ext.h include/security/pam_modutil.h - -noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h include/pam_cc_compat.h \ - include/pam_inline.h include/test_assert.h - -libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85 -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@ - -if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map -endif - -lib_LTLIBRARIES = libpam.la - -libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ - pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ - pam_session.c pam_start.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_check_user.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ - pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ - pam_modutil_priv.c pam_modutil_sanitize.c pam_modutil_searchkey.c - -# Pkg-config script. -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = pam.pc diff --git a/libpam/Makefile.in b/libpam/Makefile.in deleted file mode 100644 index 597c8dcd..00000000 --- a/libpam/Makefile.in +++ /dev/null @@ -1,963 +0,0 @@ -# Makefile.in generated by automake 1.16.3 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2020 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de> -# - - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/libpam.map -subdir = libpam -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ - $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ - $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ - $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 \ - $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/warn_lang_flags.m4 \ - $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(include_HEADERS) \ - $(noinst_HEADERS) $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = pam.pc -CONFIG_CLEAN_VPATH_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" \ - "$(DESTDIR)$(includedir)" -LTLIBRARIES = $(lib_LTLIBRARIES) -am__DEPENDENCIES_1 = -libpam_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -am_libpam_la_OBJECTS = pam_account.lo pam_auth.lo pam_data.lo \ - pam_delay.lo pam_dispatch.lo pam_end.lo pam_env.lo \ - pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo \ - pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo \ - pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo \ - pam_audit.lo pam_modutil_check_user.lo pam_modutil_cleanup.lo \ - pam_modutil_getpwnam.lo pam_modutil_ioloop.lo \ - pam_modutil_getgrgid.lo pam_modutil_getpwuid.lo \ - pam_modutil_getgrnam.lo pam_modutil_getspnam.lo \ - pam_modutil_getlogin.lo pam_modutil_ingroup.lo \ - pam_modutil_priv.lo pam_modutil_sanitize.lo \ - pam_modutil_searchkey.lo -libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -libpam_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libpam_la_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp -am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/pam_account.Plo \ - ./$(DEPDIR)/pam_audit.Plo ./$(DEPDIR)/pam_auth.Plo \ - ./$(DEPDIR)/pam_data.Plo ./$(DEPDIR)/pam_delay.Plo \ - ./$(DEPDIR)/pam_dispatch.Plo ./$(DEPDIR)/pam_dynamic.Plo \ - ./$(DEPDIR)/pam_end.Plo ./$(DEPDIR)/pam_env.Plo \ - ./$(DEPDIR)/pam_get_authtok.Plo ./$(DEPDIR)/pam_handlers.Plo \ - ./$(DEPDIR)/pam_item.Plo ./$(DEPDIR)/pam_misc.Plo \ - ./$(DEPDIR)/pam_modutil_check_user.Plo \ - ./$(DEPDIR)/pam_modutil_cleanup.Plo \ - ./$(DEPDIR)/pam_modutil_getgrgid.Plo \ - ./$(DEPDIR)/pam_modutil_getgrnam.Plo \ - ./$(DEPDIR)/pam_modutil_getlogin.Plo \ - ./$(DEPDIR)/pam_modutil_getpwnam.Plo \ - ./$(DEPDIR)/pam_modutil_getpwuid.Plo \ - ./$(DEPDIR)/pam_modutil_getspnam.Plo \ - ./$(DEPDIR)/pam_modutil_ingroup.Plo \ - ./$(DEPDIR)/pam_modutil_ioloop.Plo \ - ./$(DEPDIR)/pam_modutil_priv.Plo \ - ./$(DEPDIR)/pam_modutil_sanitize.Plo \ - ./$(DEPDIR)/pam_modutil_searchkey.Plo \ - ./$(DEPDIR)/pam_password.Plo ./$(DEPDIR)/pam_prelude.Plo \ - ./$(DEPDIR)/pam_session.Plo ./$(DEPDIR)/pam_start.Plo \ - ./$(DEPDIR)/pam_strerror.Plo ./$(DEPDIR)/pam_syslog.Plo \ - ./$(DEPDIR)/pam_vprompt.Plo -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libpam_la_SOURCES) -DIST_SOURCES = $(libpam_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DATA = $(pkgconfig_DATA) -HEADERS = $(include_HEADERS) $(noinst_HEADERS) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pam.pc.in \ - $(top_srcdir)/build-aux/depcomp -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BROWSER = @BROWSER@ -BUILD_CFLAGS = @BUILD_CFLAGS@ -BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ -BUILD_LDFLAGS = @BUILD_LDFLAGS@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CC_FOR_BUILD = @CC_FOR_BUILD@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CRYPTO_LIBS = @CRYPTO_LIBS@ -CRYPT_CFLAGS = @CRYPT_CFLAGS@ -CRYPT_LIBS = @CRYPT_LIBS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DOCBOOK_RNG = @DOCBOOK_RNG@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -ECONF_CFLAGS = @ECONF_CFLAGS@ -ECONF_LIBS = @ECONF_LIBS@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXE_CFLAGS = @EXE_CFLAGS@ -EXE_LDFLAGS = @EXE_LDFLAGS@ -FGREP = @FGREP@ -FILECMD = @FILECMD@ -FO2PDF = @FO2PDF@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -HTML_STYLESHEET = @HTML_STYLESHEET@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBAUDIT = @LIBAUDIT@ -LIBCRYPT = @LIBCRYPT@ -LIBDB = @LIBDB@ -LIBDL = @LIBDL@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ -LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ -LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ -LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ -LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ -LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ -LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ -LIBS = @LIBS@ -LIBSELINUX = @LIBSELINUX@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LOGIND_CFLAGS = @LOGIND_CFLAGS@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MAN_STYLESHEET = @MAN_STYLESHEET@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NIS_CFLAGS = @NIS_CFLAGS@ -NIS_LIBS = @NIS_LIBS@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSL_CFLAGS = @NSL_CFLAGS@ -NSL_LIBS = @NSL_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PDF_STYLESHEET = @PDF_STYLESHEET@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POSUB = @POSUB@ -RANLIB = @RANLIB@ -SCONFIGDIR = @SCONFIGDIR@ -SECUREDIR = @SECUREDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@ -STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ -STRIP = @STRIP@ -SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ -SYSTEMD_LIBS = @SYSTEMD_LIBS@ -TIRPC_CFLAGS = @TIRPC_CFLAGS@ -TIRPC_LIBS = @TIRPC_LIBS@ -TXT_STYLESHEET = @TXT_STYLESHEET@ -USE_NLS = @USE_NLS@ -VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@ -VERSION = @VERSION@ -WARN_CFLAGS = @WARN_CFLAGS@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ -XMLCATALOG = @XMLCATALOG@ -XMLLINT = @XMLLINT@ -XML_CATALOG_FILE = @XML_CATALOG_FILE@ -XSLTPROC = @XSLTPROC@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pam_xauth_path = @pam_xauth_path@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -systemdunitdir = @systemdunitdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ - -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) $(ECONF_CFLAGS) \ - -DPAM_VERSION=\"$(VERSION)\" -DSYSCONFDIR=\"$(sysconfdir)\" \ - $(WARN_CFLAGS) - -CLEANFILES = *~ -EXTRA_DIST = libpam.map -include_HEADERS = include/security/_pam_compat.h \ - include/security/_pam_macros.h include/security/_pam_types.h \ - include/security/pam_appl.h include/security/pam_modules.h \ - include/security/pam_ext.h include/security/pam_modutil.h - -noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h include/pam_cc_compat.h \ - include/pam_inline.h include/test_assert.h - -libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85 \ - $(am__append_1) -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@ -lib_LTLIBRARIES = libpam.la -libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ - pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ - pam_session.c pam_start.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_check_user.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ - pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ - pam_modutil_priv.c pam_modutil_sanitize.c pam_modutil_searchkey.c - - -# Pkg-config script. -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = pam.pc -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libpam/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu libpam/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -pam.pc: $(top_builddir)/config.status $(srcdir)/pam.pc.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ - -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ - } - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) $(EXTRA_libpam_la_DEPENDENCIES) - $(AM_V_CCLD)$(libpam_la_LINK) -rpath $(libdir) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_account.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_audit.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_auth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_data.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_delay.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dispatch.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dynamic.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_end.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_authtok.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_handlers.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_item.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_misc.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_check_user.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_cleanup.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrgid.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrnam.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getlogin.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwnam.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwuid.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getspnam.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ingroup.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ioloop.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_priv.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_sanitize.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_searchkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_password.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_prelude.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_session.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_start.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_strerror.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_syslog.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_vprompt.Plo@am__quote@ # am--include-marker - -$(am__depfiles_remade): - @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ - -am--depfiles: $(am__depfiles_remade) - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-pkgconfigDATA: $(pkgconfig_DATA) - @$(NORMAL_INSTALL) - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ - done - -uninstall-pkgconfigDATA: - @$(NORMAL_UNINSTALL) - @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ - $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) -installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -f ./$(DEPDIR)/pam_account.Plo - -rm -f ./$(DEPDIR)/pam_audit.Plo - -rm -f ./$(DEPDIR)/pam_auth.Plo - -rm -f ./$(DEPDIR)/pam_data.Plo - -rm -f ./$(DEPDIR)/pam_delay.Plo - -rm -f ./$(DEPDIR)/pam_dispatch.Plo - -rm -f ./$(DEPDIR)/pam_dynamic.Plo - -rm -f ./$(DEPDIR)/pam_end.Plo - -rm -f ./$(DEPDIR)/pam_env.Plo - -rm -f ./$(DEPDIR)/pam_get_authtok.Plo - -rm -f ./$(DEPDIR)/pam_handlers.Plo - -rm -f ./$(DEPDIR)/pam_item.Plo - -rm -f ./$(DEPDIR)/pam_misc.Plo - -rm -f ./$(DEPDIR)/pam_modutil_check_user.Plo - -rm -f ./$(DEPDIR)/pam_modutil_cleanup.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getgrgid.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getgrnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getlogin.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getpwnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getpwuid.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getspnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_ingroup.Plo - -rm -f ./$(DEPDIR)/pam_modutil_ioloop.Plo - -rm -f ./$(DEPDIR)/pam_modutil_priv.Plo - -rm -f ./$(DEPDIR)/pam_modutil_sanitize.Plo - -rm -f ./$(DEPDIR)/pam_modutil_searchkey.Plo - -rm -f ./$(DEPDIR)/pam_password.Plo - -rm -f ./$(DEPDIR)/pam_prelude.Plo - -rm -f ./$(DEPDIR)/pam_session.Plo - -rm -f ./$(DEPDIR)/pam_start.Plo - -rm -f ./$(DEPDIR)/pam_strerror.Plo - -rm -f ./$(DEPDIR)/pam_syslog.Plo - -rm -f ./$(DEPDIR)/pam_vprompt.Plo - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-includeHEADERS install-pkgconfigDATA - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-libLTLIBRARIES - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/pam_account.Plo - -rm -f ./$(DEPDIR)/pam_audit.Plo - -rm -f ./$(DEPDIR)/pam_auth.Plo - -rm -f ./$(DEPDIR)/pam_data.Plo - -rm -f ./$(DEPDIR)/pam_delay.Plo - -rm -f ./$(DEPDIR)/pam_dispatch.Plo - -rm -f ./$(DEPDIR)/pam_dynamic.Plo - -rm -f ./$(DEPDIR)/pam_end.Plo - -rm -f ./$(DEPDIR)/pam_env.Plo - -rm -f ./$(DEPDIR)/pam_get_authtok.Plo - -rm -f ./$(DEPDIR)/pam_handlers.Plo - -rm -f ./$(DEPDIR)/pam_item.Plo - -rm -f ./$(DEPDIR)/pam_misc.Plo - -rm -f ./$(DEPDIR)/pam_modutil_check_user.Plo - -rm -f ./$(DEPDIR)/pam_modutil_cleanup.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getgrgid.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getgrnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getlogin.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getpwnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getpwuid.Plo - -rm -f ./$(DEPDIR)/pam_modutil_getspnam.Plo - -rm -f ./$(DEPDIR)/pam_modutil_ingroup.Plo - -rm -f ./$(DEPDIR)/pam_modutil_ioloop.Plo - -rm -f ./$(DEPDIR)/pam_modutil_priv.Plo - -rm -f ./$(DEPDIR)/pam_modutil_sanitize.Plo - -rm -f ./$(DEPDIR)/pam_modutil_searchkey.Plo - -rm -f ./$(DEPDIR)/pam_password.Plo - -rm -f ./$(DEPDIR)/pam_prelude.Plo - -rm -f ./$(DEPDIR)/pam_session.Plo - -rm -f ./$(DEPDIR)/pam_start.Plo - -rm -f ./$(DEPDIR)/pam_strerror.Plo - -rm -f ./$(DEPDIR)/pam_syslog.Plo - -rm -f ./$(DEPDIR)/pam_vprompt.Plo - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ - uninstall-pkgconfigDATA - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ - clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \ - ctags ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-pkgconfigDATA install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES uninstall-pkgconfigDATA - -.PRECIOUS: Makefile - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/libpam/include/meson.build b/libpam/include/meson.build new file mode 100644 index 00000000..1bf46f3b --- /dev/null +++ b/libpam/include/meson.build @@ -0,0 +1,3 @@ +configure_file(output: 'config.h', configuration: cdata) + +subdir('security') diff --git a/libpam/include/pam_i18n.h b/libpam/include/pam_i18n.h new file mode 100644 index 00000000..85a21219 --- /dev/null +++ b/libpam/include/pam_i18n.h @@ -0,0 +1,17 @@ +#ifndef PAM_I18N_H +#define PAM_I18N_H + +#ifdef ENABLE_NLS + +# include <libintl.h> +# define _(msgid) dgettext(PACKAGE, msgid) +# define N_(msgid) msgid + +#else + +# define _(msgid) (msgid) +# define N_(msgid) msgid + +#endif /* ENABLE_NLS */ + +#endif /* PAM_I18N_H */ diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h index 7721c0b7..cc302248 100644 --- a/libpam/include/pam_inline.h +++ b/libpam/include/pam_inline.h @@ -45,6 +45,26 @@ #define PAM_ARRAY_SIZE(a_) (sizeof(a_) / sizeof((a_)[0]) + PAM_MUST_BE_ARRAY(a_)) /* + * Zero-extend a signed integer type to unsigned long long. + */ +# define zero_extend_signed_to_ull(v_) \ + (sizeof(v_) == sizeof(char) ? (unsigned long long) (unsigned char) (v_) : \ + sizeof(v_) == sizeof(short) ? (unsigned long long) (unsigned short) (v_) : \ + sizeof(v_) == sizeof(int) ? (unsigned long long) (unsigned int) (v_) : \ + sizeof(v_) == sizeof(long) ? (unsigned long long) (unsigned long) (v_) : \ + (unsigned long long) (v_)) + +/* + * Sign-extend an unsigned integer type to long long. + */ +# define sign_extend_unsigned_to_ll(v_) \ + (sizeof(v_) == sizeof(char) ? (long long) (signed char) (v_) : \ + sizeof(v_) == sizeof(short) ? (long long) (signed short) (v_) : \ + sizeof(v_) == sizeof(int) ? (long long) (signed int) (v_) : \ + sizeof(v_) == sizeof(long) ? (long long) (signed long) (v_) : \ + (long long) (v_)) + +/* * Returns NULL if STR does not start with PREFIX, * or a pointer to the first char in STR after PREFIX. * The length of PREFIX is specified by PREFIX_LEN. @@ -82,7 +102,7 @@ pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix static inline void pam_overwrite_n(void *ptr, size_t len) { if (ptr) - memset_explicit(ptr, len); + memset_explicit(ptr, '\0', len); } #elif defined HAVE_EXPLICIT_BZERO static inline void pam_overwrite_n(void *ptr, size_t len) @@ -175,4 +195,18 @@ pam_read_passwords(int fd, int npass, char **passwords) return i; } +static inline int +pam_consttime_streq(const char *userinput, const char *secret) { + volatile const char *u = userinput, *s = secret; + volatile int ret = 0; + + do { + ret |= *u ^ *s; + + s += !!*s; + } while (*u++ != '\0'); + + return ret == 0; +} + #endif /* PAM_INLINE_H */ diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h index b5129d2a..d01f51f5 100644 --- a/libpam/include/security/_pam_macros.h +++ b/libpam/include/security/_pam_macros.h @@ -21,21 +21,21 @@ * override the memory. */ -#define _pam_overwrite(x) \ -do { \ - PAM_DEPRECATED register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ +#define _pam_overwrite(x) \ +do { \ + PAM_DEPRECATED register char *xx_; \ + if ((xx_=(x))) \ + while (*xx_) \ + *xx_++ = '\0'; \ } while (0) -#define _pam_overwrite_n(x,n) \ -do { \ - PAM_DEPRECATED register char *__xx__; \ - register unsigned int __i__ = 0; \ - if ((__xx__=(x))) \ - for (;__i__<n; __i__++) \ - __xx__[__i__] = 0; \ +#define _pam_overwrite_n(x,n) \ +do { \ + PAM_DEPRECATED register char *xx_; \ + register unsigned int i_ = 0; \ + if ((xx_=(x))) \ + for (;i_<(n); i_++) \ + xx_[i_] = 0; \ } while (0) /* @@ -44,28 +44,25 @@ do { \ #define _pam_drop(X) \ do { \ - if (X) { \ - free(X); \ - X=NULL; \ - } \ + free(X); \ + (X)=NULL; \ } while (0) /* - * WARNING: Do NOT use this macro, as it does not reliable override the memory. + * WARNING: Do NOT use this macro, as it does not reliably override the memory. */ #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - PAM_DEPRECATED int reply_i; \ - \ - for (reply_i=0; reply_i<replies; ++reply_i) { \ - if (reply[reply_i].resp) { \ - _pam_overwrite(reply[reply_i].resp); \ - free(reply[reply_i].resp); \ - } \ - } \ - if (reply) \ - free(reply); \ +do { \ + PAM_DEPRECATED int reply_i; \ + \ + for (reply_i=0; reply_i<(replies); ++reply_i) { \ + if ((reply)[reply_i].resp) { \ + _pam_overwrite((reply)[reply_i].resp); \ + free((reply)[reply_i].resp); \ + } \ + } \ + free(reply); \ } while (0) /* some debugging code */ @@ -97,8 +94,25 @@ do { \ #define _PAM_LOGFILE "/var/run/pam-debug.log" #endif -static void _pam_output_debug_info(const char *file, const char *fn - , const int line) +#ifdef PAM_NO_HEADER_FUNCTIONS +UNUSED +extern void _pam_output_debug_info(const char *file, const char *fn + , const int line); +UNUSED +PAM_FORMAT((printf, 1, 2)) +extern void _pam_output_debug(const char *format, ...); +#else +#ifdef PAM_DEBUG_C +#define PAM_DEBUG_SCOPE +#else +#define PAM_DEBUG_SCOPE static +#endif + +#ifdef UNUSED +UNUSED +#endif +PAM_DEBUG_SCOPE void _pam_output_debug_info(const char *file, const char *fn + , const int line) { FILE *logfile; int must_close = 1, fd; @@ -123,7 +137,11 @@ static void _pam_output_debug_info(const char *file, const char *fn fclose(logfile); } -static void _pam_output_debug(const char *format, ...) +#ifdef UNUSED +UNUSED +#endif +PAM_FORMAT((printf, 1, 2)) +PAM_DEBUG_SCOPE void _pam_output_debug(const char *format, ...) { va_list args; FILE *logfile; @@ -153,6 +171,8 @@ static void _pam_output_debug(const char *format, ...) va_end(args); } +#undef PAM_DEBUG_SCOPE +#endif #define D(x) do { \ _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h index 4d6909e8..f2d3e204 100644 --- a/libpam/include/security/_pam_types.h +++ b/libpam/include/security/_pam_types.h @@ -22,7 +22,7 @@ typedef struct pam_handle pam_handle_t; /* Major and minor version number of the Linux-PAM package. Use these macros to test for features in specific releases. */ #define __LINUX_PAM__ 1 -#define __LINUX_PAM_MINOR__ 0 +#define __LINUX_PAM_MINOR__ 7 /* ----------------- The Linux-PAM return values ------------------ */ diff --git a/libpam/include/security/meson.build b/libpam/include/security/meson.build new file mode 100644 index 00000000..1a712c9f --- /dev/null +++ b/libpam/include/security/meson.build @@ -0,0 +1,10 @@ +install_headers([ + '_pam_compat.h', + '_pam_macros.h', + '_pam_types.h', + 'pam_appl.h', + 'pam_ext.h', + 'pam_modules.h', + 'pam_modutil.h', + ], + install_dir: includedir) diff --git a/libpam/include/test_assert.h b/libpam/include/test_assert.h index 9d30d62f..879f5814 100644 --- a/libpam/include/test_assert.h +++ b/libpam/include/test_assert.h @@ -7,10 +7,9 @@ #ifndef TEST_ASSERT_H # define TEST_ASSERT_H -# ifdef HAVE_CONFIG_H -# include <config.h> -# endif +# include <config.h> +# include <limits.h> # include <stdio.h> # include <stdlib.h> @@ -52,4 +51,8 @@ ASSERT_((expected_), #expected_, >=, (seen_), #seen_) \ /* End of ASSERT_LT definition. */ +# ifndef PATH_MAX +# define PATH_MAX 4096 +# endif + #endif /* TEST_ASSERT_H */ diff --git a/libpam/meson.build b/libpam/meson.build new file mode 100644 index 00000000..3e8a531c --- /dev/null +++ b/libpam/meson.build @@ -0,0 +1,73 @@ +subdir('include') + +libpam_src = [ + 'pam_account.c', + 'pam_audit.c', + 'pam_auth.c', + 'pam_data.c', + 'pam_delay.c', + 'pam_dispatch.c', + 'pam_dynamic.c', + 'pam_end.c', + 'pam_env.c', + 'pam_get_authtok.c', + 'pam_handlers.c', + 'pam_item.c', + 'pam_misc.c', + 'pam_modutil_check_user.c', + 'pam_modutil_cleanup.c', + 'pam_modutil_getgrgid.c', + 'pam_modutil_getgrnam.c', + 'pam_modutil_getlogin.c', + 'pam_modutil_getpwnam.c', + 'pam_modutil_getpwuid.c', + 'pam_modutil_getspnam.c', + 'pam_modutil_ingroup.c', + 'pam_modutil_ioloop.c', + 'pam_modutil_priv.c', + 'pam_modutil_sanitize.c', + 'pam_modutil_searchkey.c', + 'pam_password.c', + 'pam_prelude.c', + 'pam_session.c', + 'pam_start.c', + 'pam_strerror.c', + 'pam_syslog.c', + 'pam_vprompt.c', +] + +libpam_version = '0.85.1' +libpam_map = 'libpam.map' +libpam_map_path = meson.current_source_dir() / libpam_map + +libpam_link_deps = [libpam_map] +libpam_link_args = ['-Wl,--version-script=' + libpam_map_path] + +libpam = shared_library( + 'pam', + sources: libpam_src, + include_directories: [libpam_inc], + c_args: [ + '-DDEFAULT_MODULE_PATH="@0@/"'.format(securedir), + '-DLIBPAM_COMPILE', + ], + dependencies: [libpam_internal_dep, libaudit, libeconf, libdl, libintl], + link_depends: libpam_link_deps, + link_args: libpam_link_args, + version: libpam_version, + install: true, +) + +libpam_dep = declare_dependency( + include_directories: [libpam_inc], + link_with: [libpam], +) + +pkgconfig.generate( + libpam, + description: 'The primary Linux-PAM library. It is used by PAM modules and PAM-aware applications.', + name: 'PAM', + filebase: 'pam', + version: meson.project_version(), + url: 'http://www.linux-pam.org/' +) diff --git a/libpam/pam.pc.in b/libpam/pam.pc.in index c3fafe4b..73049f1e 100644 --- a/libpam/pam.pc.in +++ b/libpam/pam.pc.in @@ -1,7 +1,7 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ -includedir=@includedir@ +includedir=@pkgconfig_includedir@ Name: PAM Description: The primary Linux-PAM library. It is used by PAM modules and PAM-aware applications. diff --git a/libpam/pam_account.c b/libpam/pam_account.c index 3a4fb1fc..c74fa449 100644 --- a/libpam/pam_account.c +++ b/libpam/pam_account.c @@ -10,7 +10,7 @@ int pam_acct_mgmt(pam_handle_t *pamh, int flags) D(("called")); - IF_NO_PAMH("pam_acct_mgmt", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); diff --git a/libpam/pam_audit.c b/libpam/pam_audit.c index 97a9a929..1fe37c3f 100644 --- a/libpam/pam_audit.c +++ b/libpam/pam_audit.c @@ -44,7 +44,7 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, free(buf); } - /* libaudit sets errno to his own negative error code. This can be + /* libaudit sets errno to its own negative error code. This can be an official errno number, but must not. It can also be a audit internal error code. Which makes errno useless :-((. Try the best to fix it. */ @@ -203,7 +203,7 @@ int _pam_audit_end(pam_handle_t *pamh, int status UNUSED) { if (! (pamh->audit_state & PAMAUDIT_LOGGED)) { - /* PAM library is being shut down without any of the auditted + /* PAM library is being shut down without any of the audited * stacks having been run. Assume that this is sshd faking * things for an unknown user. */ diff --git a/libpam/pam_auth.c b/libpam/pam_auth.c index 1e7bc6e7..fdaf95db 100644 --- a/libpam/pam_auth.c +++ b/libpam/pam_auth.c @@ -15,9 +15,9 @@ int pam_authenticate(pam_handle_t *pamh, int flags) { int retval; - D(("pam_authenticate called")); + D(("called.")); - IF_NO_PAMH("pam_authenticate", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); @@ -36,7 +36,7 @@ int pam_authenticate(pam_handle_t *pamh, int flags) if (retval != PAM_INCOMPLETE) { _pam_sanitize(pamh); _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ - D(("pam_authenticate exit")); + D(("exiting")); } else { D(("will resume when ready")); } @@ -52,9 +52,9 @@ int pam_setcred(pam_handle_t *pamh, int flags) { int retval; - D(("pam_setcred called")); + D(("called.")); - IF_NO_PAMH("pam_setcred", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); @@ -67,7 +67,7 @@ int pam_setcred(pam_handle_t *pamh, int flags) retval = _pam_dispatch(pamh, flags, PAM_SETCRED); - D(("pam_setcred exit")); + D(("exiting")); return retval; } diff --git a/libpam/pam_data.c b/libpam/pam_data.c index 30570afb..2ad2a168 100644 --- a/libpam/pam_data.c +++ b/libpam/pam_data.c @@ -31,8 +31,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "config.h" - #include "pam_private.h" #include <stdlib.h> @@ -45,7 +43,7 @@ static struct pam_data *_pam_locate_data(const pam_handle_t *pamh, D(("called")); - IF_NO_PAMH("_pam_locate_data", pamh, NULL); + IF_NO_PAMH(pamh, NULL); data = pamh->data; @@ -69,7 +67,7 @@ int pam_set_data( D(("called")); - IF_NO_PAMH("pam_set_data", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_APP(pamh)) { D(("called from application!?")); @@ -122,7 +120,7 @@ int pam_get_data( D(("called")); - IF_NO_PAMH("pam_get_data", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_APP(pamh)) { D(("called from application!?")); @@ -151,7 +149,7 @@ void _pam_free_data(pam_handle_t *pamh, int status) D(("called")); - IF_NO_PAMH("_pam_free_data", pamh, /* no return value for void fn */); + IF_NO_PAMH(pamh, /* no return value for void fn */); data = pamh->data; while (data) { diff --git a/libpam/pam_delay.c b/libpam/pam_delay.c index 549da896..9c6716a1 100644 --- a/libpam/pam_delay.c +++ b/libpam/pam_delay.c @@ -14,12 +14,17 @@ */ #include "pam_private.h" +#include <limits.h> #include <unistd.h> #include <time.h> +#ifdef HAVE_SYS_RANDOM_H +#include <sys/random.h> +#endif + /* ********************************************************************** * initialize the time as unset, this is set on the return from the - * authenticating pair of of the libpam pam_XXX calls. + * authenticating pair of the libpam pam_XXX calls. */ void _pam_reset_timer(pam_handle_t *pamh) @@ -51,29 +56,40 @@ void _pam_start_timer(pam_handle_t *pamh) * in C'. It is *not* a cryptographically strong generator, but it is * probably "good enough" for our purposes here. * - * /dev/random might be a better place to look for some numbers... + * If getrandom is available, retrieve random number from there. */ static unsigned int _pam_rand(unsigned int seed) { +#ifdef HAVE_GETRANDOM + unsigned int value; + + if (getrandom(&value, sizeof(value), GRND_NONBLOCK) == + (ssize_t) sizeof(value)) { + return value; + } +#endif + #define N1 1664525 #define N2 1013904223 return N1*seed + N2; } -static unsigned int _pam_compute_delay(unsigned int seed, unsigned int base) +static unsigned long long _pam_compute_delay(unsigned int seed, + unsigned int base) { int i; double sum; - unsigned int ans; + unsigned long long ans; for (sum=i=0; i<3; ++i) { seed = _pam_rand(seed); sum += (double) ((seed / 10) % 1000000); } sum = (sum/3.)/1e6 - .5; /* rescale */ - ans = (unsigned int) ( base*(1.+sum) ); - D(("random number: base=%u -> ans=%u\n", base, ans)); + sum = base*(1.+sum); + ans = sum > (double) ULLONG_MAX ? ULLONG_MAX : (unsigned long long) sum; + D(("random number: base=%u -> ans=%llu\n", base, ans)); return ans; } @@ -88,7 +104,7 @@ static unsigned int _pam_compute_delay(unsigned int seed, unsigned int base) void _pam_await_timer(pam_handle_t *pamh, int status) { - unsigned int delay; + unsigned long long delay; D(("waiting?...")); delay = _pam_compute_delay(pamh->fail_delay.begin, @@ -99,6 +115,7 @@ void _pam_await_timer(pam_handle_t *pamh, int status) void (*fn)(int, unsigned, void *); } hack_fn_u; void *appdata_ptr; + unsigned int delay_uint; if (pamh->pam_conversation) { appdata_ptr = pamh->pam_conversation->appdata_ptr; @@ -106,14 +123,16 @@ void _pam_await_timer(pam_handle_t *pamh, int status) appdata_ptr = NULL; } - /* always call the applications delay function, even if + delay_uint = delay > UINT_MAX ? UINT_MAX : (unsigned int) delay; + + /* always call the application's delay function, even if the delay is zero - indicate status */ hack_fn_u.value = pamh->fail_delay.delay_fn_ptr; - hack_fn_u.fn(status, delay, appdata_ptr); + hack_fn_u.fn(status, delay_uint, appdata_ptr); } else if (status != PAM_SUCCESS && pamh->fail_delay.set) { - D(("will wait %u usec", delay)); + D(("will wait %llu usec", delay)); if (delay > 0) { struct timeval tval; @@ -138,7 +157,7 @@ int pam_fail_delay(pam_handle_t *pamh, unsigned int usec) { unsigned int largest; - IF_NO_PAMH("pam_fail_delay", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); D(("setting delay to %u",usec)); diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index 974104a2..3a1d59e8 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -18,8 +18,8 @@ /* impression codes - this gives some sense to the logical choices */ #define _PAM_UNDEF 0 -#define _PAM_POSITIVE +1 -#define _PAM_NEGATIVE -1 +#define _PAM_POSITIVE (+1) +#define _PAM_NEGATIVE (-1) /* frozen chain required codes */ #define _PAM_PLEASE_FREEZE 0 @@ -28,7 +28,7 @@ /* * walk a stack of modules. Interpret the administrator's instructions - * when combining the return code of each module. + * when combining the return codes of each module. */ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, @@ -37,7 +37,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, int depth, impression, status, skip_depth, prev_level, stack_level; struct _pam_substack_state *substates = NULL; - IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (h == NULL) { const void *service=NULL; @@ -240,7 +240,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if ( impression != _PAM_NEGATIVE ) { impression = _PAM_NEGATIVE; /* Don't return with PAM_IGNORE as status */ - if ( retval == PAM_IGNORE ) + if ( retval == PAM_IGNORE ) status = PAM_MUST_FAIL_CODE; else status = retval; @@ -299,7 +299,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, } continue; -decision_made: /* by getting here we have made a decision */ +decision_made: /* by getting here we have made a decision */ while (h->next != NULL && h->next->stack_level >= stack_level) { h = h->next; ++depth; @@ -337,7 +337,7 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) int retval = PAM_SYSTEM_ERR, use_cached_chain; _pam_boolean resumed; - IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from a module!?")); @@ -429,7 +429,8 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) /* Should we recall where to resume next time? */ if (retval == PAM_INCOMPLETE) { - D(("module [%d] returned PAM_INCOMPLETE")); + D(("module [%s] returned PAM_INCOMPLETE", + pamh->mod_name ? pamh->mod_name : "(NULL)")); pamh->former.choice = choice; } else { pamh->former.choice = PAM_NOT_STACKED; diff --git a/libpam/pam_end.c b/libpam/pam_end.c index 9179a915..c728f1da 100644 --- a/libpam/pam_end.c +++ b/libpam/pam_end.c @@ -13,9 +13,9 @@ int pam_end(pam_handle_t *pamh, int pam_status) { int ret; - D(("entering pam_end()")); + D(("called.")); - IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); @@ -26,7 +26,7 @@ int pam_end(pam_handle_t *pamh, int pam_status) _pam_audit_end(pamh, pam_status); #endif - /* first liberate the modules (it is not inconcevible that the + /* first liberate the modules (it is not inconceivable that the modules may need to use the service_name etc. to clean up) */ _pam_free_data(pamh, pam_status); @@ -93,7 +93,7 @@ int pam_end(pam_handle_t *pamh, int pam_status) _pam_drop(pamh); - D(("exiting pam_end() successfully")); + D(("exiting successfully")); return PAM_SUCCESS; } diff --git a/libpam/pam_env.c b/libpam/pam_env.c index bfeb57ab..2b3e3953 100644 --- a/libpam/pam_env.c +++ b/libpam/pam_env.c @@ -14,6 +14,7 @@ #include "pam_inline.h" #include <string.h> +#include <stdint.h> #include <stdlib.h> #ifdef sunos @@ -33,7 +34,12 @@ static void _pam_dump_env(pam_handle_t *pamh) , pamh->env->requested, pamh->env->entries)); for (i=0; i<pamh->env->requested; ++i) { - _pam_output_debug(">%-3d [%9p]:[%s]" + _pam_output_debug( +#if UINTPTR_MAX == UINT32_MAX + ">%-3d [%10p]:[%s]" +#else + ">%-3d [%18p]:[%s]" +#endif , i, pamh->env->list[i], pamh->env->list[i]); } _pam_output_debug("*NOTE* the last item should be (nil)"); @@ -50,13 +56,13 @@ int _pam_make_env(pam_handle_t *pamh) { D(("called.")); - IF_NO_PAMH("_pam_make_env", pamh, PAM_ABORT); + IF_NO_PAMH(pamh, PAM_ABORT); /* * get structure memory */ - pamh->env = (struct pam_environ *) malloc(sizeof(struct pam_environ)); + pamh->env = malloc(sizeof(struct pam_environ)); if (pamh->env == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_make_env: out of memory"); return PAM_BUF_ERR; @@ -66,7 +72,7 @@ int _pam_make_env(pam_handle_t *pamh) * get list memory */ - pamh->env->list = (char **)calloc( PAM_ENV_CHUNK, sizeof(char *) ); + pamh->env->list = calloc( PAM_ENV_CHUNK, sizeof(char *) ); if (pamh->env->list == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_make_env: no memory for list"); _pam_drop(pamh->env); @@ -93,7 +99,7 @@ int _pam_make_env(pam_handle_t *pamh) void _pam_drop_env(pam_handle_t *pamh) { D(("called.")); - IF_NO_PAMH("_pam_make_env", pamh, /* nothing to return */); + IF_NO_PAMH(pamh, /* nothing to return */); if (pamh->env != NULL) { int i; @@ -120,7 +126,7 @@ void _pam_drop_env(pam_handle_t *pamh) */ static int _pam_search_env(const struct pam_environ *env - , const char *name_value, int length) + , const char *name_value, size_t length) { int i; @@ -152,10 +158,11 @@ static int _pam_search_env(const struct pam_environ *env int pam_putenv(pam_handle_t *pamh, const char *name_value) { - int l2eq, item, retval; + size_t l2eq; + int item, retval; D(("called.")); - IF_NO_PAMH("pam_putenv", pamh, PAM_ABORT); + IF_NO_PAMH(pamh, PAM_ABORT); if (name_value == NULL) { pam_syslog(pamh, LOG_ERR, "pam_putenv: no variable indicated"); @@ -167,7 +174,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) */ for (l2eq=0; name_value[l2eq] && name_value[l2eq] != '='; ++l2eq); - if (l2eq <= 0) { + if (l2eq == 0) { pam_syslog(pamh, LOG_ERR, "pam_putenv: bad variable"); return PAM_BAD_ITEM; } @@ -265,7 +272,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) pam_overwrite_string(pamh->env->list[item]); _pam_drop(pamh->env->list[item]); --(pamh->env->requested); - D(("mmove: item[%d]+%d -> item[%d]" + D(("memmove: item[%d]+%d -> item[%d]" , item+1, ( pamh->env->requested - item ), item)); (void) memmove(&pamh->env->list[item], &pamh->env->list[item+1] , ( pamh->env->requested - item )*sizeof(char *) ); @@ -288,7 +295,7 @@ const char *pam_getenv(pam_handle_t *pamh, const char *name) int item; D(("called.")); - IF_NO_PAMH("pam_getenv", pamh, NULL); + IF_NO_PAMH(pamh, NULL); if (name == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenv: no variable indicated"); @@ -326,7 +333,7 @@ static char **_copy_env(pam_handle_t *pamh) D(("now get some memory for dump")); /* allocate some memory for this (plus the null tail-pointer) */ - dump = (char **) calloc(i, sizeof(char *)); + dump = calloc(i, sizeof(char *)); D(("dump = %p", dump)); if (dump == NULL) { return NULL; @@ -361,7 +368,7 @@ char **pam_getenvlist(pam_handle_t *pamh) int i; D(("called.")); - IF_NO_PAMH("pam_getenvlist", pamh, NULL); + IF_NO_PAMH(pamh, NULL); if (pamh->env == NULL || pamh->env->list == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenvlist: no env%s found", diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c index 3f383339..2e7a5996 100644 --- a/libpam/pam_get_authtok.c +++ b/libpam/pam_get_authtok.c @@ -31,9 +31,9 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "config.h" #include "pam_private.h" #include "pam_inline.h" +#include "pam_i18n.h" #include <security/pam_ext.h> @@ -84,6 +84,8 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item, unsigned int flags) { + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); + char *resp[2] = {NULL, NULL}; const void *prevauthtok; const char *authtok_type = ""; @@ -229,6 +231,8 @@ int pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok, const char *prompt) { + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); + char *resp = NULL; const char *authtok_type = ""; int retval; diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index 1f1917b5..7fd6ce84 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -9,6 +9,7 @@ #include "pam_private.h" #include "pam_inline.h" +#include <limits.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -17,21 +18,20 @@ #include <fcntl.h> #include <unistd.h> -#define BUF_SIZE 1024 +#include "pam_line.h" + #define MODULE_CHUNK 4 #define UNKNOWN_MODULE "<*unknown module*>" #ifndef _PAM_ISA #define _PAM_ISA "." #endif -static int _pam_assemble_line(FILE *f, char *buf, int buf_len); - static void _pam_free_handlers_aux(struct handler **hp); static int _pam_add_handler(pam_handle_t *pamh , int must_fail, int other, int stack_level, int type , int *actions, const char *mod_path - , int argc, char **argv, int argvlen); + , int argc, char **argv, size_t argvlen); /* Values for module type */ @@ -44,6 +44,7 @@ static int _pam_add_handler(pam_handle_t *pamh static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name , const char *service /* specific file */ , int module_type /* specific type */ + , int include_level /* level of include */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other @@ -53,18 +54,22 @@ static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f , const char *known_service /* specific file */ , int requested_module_type /* specific type */ + , int include_level /* level of include */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other #endif /* PAM_READ_BOTH_CONFS */ ) { - char buf[BUF_SIZE]; + struct pam_line_buffer buffer; int x; /* read a line from the FILE *f ? */ + + _pam_line_buffer_init(&buffer); /* * read a line from the configuration (FILE *) f */ - while ((x = _pam_assemble_line(f, buf, BUF_SIZE)) > 0) { + while ((x = _pam_line_assemble(f, &buffer, ' ')) > 0) { + char *buf = buffer.assembled; char *tok, *nexttok=NULL; const char *this_service; const char *mod_path; @@ -74,15 +79,15 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f int handler_type = PAM_HT_MODULE; /* regular handler from a module */ int argc; char **argv; - int argvlen; + size_t argvlen; - D(("_pam_init_handler: LINE: %s", buf)); + D(("LINE: %s", buf)); if (known_service != NULL) { nexttok = buf; /* No service field: all lines are for the known service. */ this_service = known_service; } else { - this_service = tok = _pam_StrTok(buf, " \n\t", &nexttok); + this_service = tok = _pam_tokenize(buf, &nexttok); } #ifdef PAM_READ_BOTH_CONFS @@ -98,13 +103,12 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f int substack = 0; /* This is a service we are looking for */ - D(("_pam_init_handlers: Found PAM config entry for: %s" - , this_service)); + D(("Found PAM config entry for: %s", this_service)); - tok = _pam_StrTok(NULL, " \n\t", &nexttok); + tok = _pam_tokenize(NULL, &nexttok); if (tok == NULL) { /* module type does not exist */ - D(("_pam_init_handlers: empty module type for %s", this_service)); + D(("empty module type for %s", this_service)); pam_syslog(pamh, LOG_ERR, "(%s) empty module type", this_service); module_type = (requested_module_type != PAM_T_ANY) ? @@ -125,7 +129,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f module_type = PAM_T_PASS; } else { /* Illegal module type */ - D(("_pam_init_handlers: bad module type: %s", tok)); + D(("bad module type: %s", tok)); pam_syslog(pamh, LOG_ERR, "(%s) illegal module type: %s", this_service, tok); module_type = (requested_module_type != PAM_T_ANY) ? @@ -133,7 +137,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f handler_type = PAM_HT_MUST_FAIL; /* install as normal but fail when dispatched */ } } - D(("Using %s config entry: %s", handler_type?"BAD ":"", tok)); + D(("Using %sconfig entry: %s", handler_type?"BAD ":"", tok)); if (requested_module_type != PAM_T_ANY && module_type != requested_module_type) { D(("Skipping config entry: %s (requested=%d, found=%d)", @@ -148,10 +152,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f for (i=0; i<_PAM_RETURN_VALUES; actions[i++] = _PAM_ACTION_UNDEF); } - tok = _pam_StrTok(NULL, " \n\t", &nexttok); + tok = _pam_tokenize(NULL, &nexttok); if (tok == NULL) { /* no module name given */ - D(("_pam_init_handlers: no control flag supplied")); + D(("no control flag supplied")); pam_syslog(pamh, LOG_ERR, "(%s) no control flag supplied", this_service); _pam_set_default_control(actions, _PAM_ACTION_BAD); @@ -193,7 +197,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f _pam_set_default_control(actions, _PAM_ACTION_BAD); } - tok = _pam_StrTok(NULL, " \n\t", &nexttok); + tok = _pam_tokenize(NULL, &nexttok); if (pam_include) { if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, @@ -206,7 +210,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f } } if (_pam_load_conf_file(pamh, tok, this_service, module_type, - stack_level + substack + include_level + 1, stack_level + substack #ifdef PAM_READ_BOTH_CONFS , !other #endif /* PAM_READ_BOTH_CONFS */ @@ -221,7 +225,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f D(("mod_path = %s",mod_path)); } else { /* no module name given */ - D(("_pam_init_handlers: no module name supplied")); + D(("no module name supplied")); pam_syslog(pamh, LOG_ERR, "(%s) no module name supplied", this_service); mod_path = NULL; @@ -233,10 +237,20 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f if (nexttok != NULL) { D(("list: %s",nexttok)); argvlen = _pam_mkargv(nexttok, &argv, &argc); - D(("argvlen = %d",argvlen)); + D(("argvlen = %zu",argvlen)); + if (argvlen == 0) { + /* memory allocation failed */ + D(("failed to allocate argument vector")); + pam_syslog(pamh, LOG_ERR, + "(%s) argument vector allocation failed", + this_service); + mod_path = NULL; + handler_type = PAM_HT_MUST_FAIL; + } } else { /* there are no arguments so fix by hand */ - D(("_pam_init_handlers: empty argument list")); - argvlen = argc = 0; + D(("empty argument list")); + argvlen = 0; + argc = 0; argv = NULL; } @@ -340,6 +354,7 @@ _pam_open_config_file(pam_handle_t *pamh static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name , const char *service /* specific file */ , int module_type /* specific type */ + , int include_level /* level of include */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other @@ -350,11 +365,11 @@ static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name char *path = NULL; int retval = PAM_ABORT; - D(("_pam_load_conf_file called")); + D(("called.")); - if (stack_level >= PAM_SUBSTACK_MAX_LEVEL) { - D(("maximum level of substacks reached")); - pam_syslog(pamh, LOG_ERR, "maximum level of substacks reached"); + if (include_level >= PAM_SUBSTACK_MAX_LEVEL) { + D(("maximum level of inclusions reached")); + pam_syslog(pamh, LOG_ERR, "maximum level of inclusions reached"); return PAM_ABORT; } @@ -365,7 +380,7 @@ static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name } if (_pam_open_config_file(pamh, config_name, &path, &f) == PAM_SUCCESS) { - retval = _pam_parse_conf_file(pamh, f, service, module_type, stack_level + retval = _pam_parse_conf_file(pamh, f, service, module_type, include_level, stack_level #ifdef PAM_READ_BOTH_CONFS , not_other #endif /* PAM_READ_BOTH_CONFS */ @@ -392,15 +407,15 @@ int _pam_init_handlers(pam_handle_t *pamh) FILE *f; int retval; - D(("_pam_init_handlers called")); - IF_NO_PAMH("_pam_init_handlers",pamh,PAM_SYSTEM_ERR); + D(("called.")); + IF_NO_PAMH(pamh,PAM_SYSTEM_ERR); /* Return immediately if everything is already loaded */ if (pamh->handlers.handlers_loaded) { return PAM_SUCCESS; } - D(("_pam_init_handlers: initializing")); + D(("initializing")); /* First clean the service structure */ @@ -462,7 +477,7 @@ int _pam_init_handlers(pam_handle_t *pamh) if (_pam_open_config_file(pamh, pamh->service_name, &path, &f) == PAM_SUCCESS) { retval = _pam_parse_conf_file(pamh, f, pamh->service_name, - PAM_T_ANY, 0 + PAM_T_ANY, 0, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -485,7 +500,7 @@ int _pam_init_handlers(pam_handle_t *pamh) if (pamh->confdir == NULL && (f = fopen(PAM_CONFIG,"r")) != NULL) { - retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1); + retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 0, 1); fclose(f); } else #endif /* PAM_READ_BOTH_CONFS */ @@ -502,7 +517,7 @@ int _pam_init_handlers(pam_handle_t *pamh) if (_pam_open_config_file(pamh, PAM_DEFAULT_SERVICE, &path, &f) == PAM_SUCCESS) { /* would test magic here? */ retval = _pam_parse_conf_file(pamh, f, PAM_DEFAULT_SERVICE, - PAM_T_ANY, 0 + PAM_T_ANY, 0, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -520,7 +535,7 @@ int _pam_init_handlers(pam_handle_t *pamh) _pam_drop(path); fclose(f); } else { - D(("unable to open %s", PAM_DEFAULT_SERVICE)); + D(("unable to open configuration for %s", PAM_DEFAULT_SERVICE)); pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: no default config %s", PAM_DEFAULT_SERVICE); @@ -536,7 +551,7 @@ int _pam_init_handlers(pam_handle_t *pamh) return PAM_ABORT; } - retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0 + retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -555,94 +570,10 @@ int _pam_init_handlers(pam_handle_t *pamh) pamh->handlers.handlers_loaded = 1; - D(("_pam_init_handlers exiting")); + D(("exiting")); return PAM_SUCCESS; } -/* - * This is where we read a line of the PAM config file. The line may be - * preceded by lines of comments and also extended with "\\\n" - */ - -static int _pam_assemble_line(FILE *f, char *buffer, int buf_len) -{ - char *p = buffer; - char *endp = buffer + buf_len; - char *s, *os; - int used = 0; - - /* loop broken with a 'break' when a non-'\\n' ended line is read */ - - D(("called.")); - for (;;) { - if (p >= endp) { - /* Overflow */ - D(("_pam_assemble_line: overflow")); - return -1; - } - if (fgets(p, endp - p, f) == NULL) { - if (used) { - /* Incomplete read */ - return -1; - } else { - /* EOF */ - return 0; - } - } - - /* skip leading spaces --- line may be blank */ - - s = p + strspn(p, " \n\t"); - if (*s && (*s != '#')) { - os = s; - - /* - * we are only interested in characters before the first '#' - * character - */ - - while (*s && *s != '#') - ++s; - if (*s == '#') { - *s = '\0'; - used += strlen(os); - break; /* the line has been read */ - } - - s = os; - - /* - * Check for backslash by scanning back from the end of - * the entered line, the '\n' has been included since - * normally a line is terminated with this - * character. fgets() should only return one though! - */ - - s += strlen(s); - while (s > os && ((*--s == ' ') || (*s == '\t') - || (*s == '\n'))); - - /* check if it ends with a backslash */ - if (*s == '\\') { - *s++ = ' '; /* replace backslash with ' ' */ - *s = '\0'; /* truncate the line here */ - used += strlen(os); - p = s; /* there is more ... */ - } else { - /* End of the line! */ - used += strlen(os); - break; /* this is the complete line */ - } - - } else { - /* Nothing in this line */ - /* Don't move p */ - } - } - - return used; -} - static char * extract_modulename(const char *mod_path) { @@ -677,7 +608,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) int success; struct loaded_module *mod; - D(("_pam_load_module: loading module `%s'", mod_path)); + D(("loading module `%s'", mod_path)); mod = pamh->handlers.module; @@ -708,39 +639,30 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) /* Be pessimistic... */ success = PAM_ABORT; - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); + D(("_pam_dlopen(%s)", mod_path)); mod->dl_handle = _pam_dlopen(mod_path); - D(("_pam_load_module: _pam_dlopen'ed")); - D(("_pam_load_module: dlopen'ed")); + D(("_pam_dlopen'ed")); + D(("dlopen'ed")); if (mod->dl_handle == NULL) { const char *isa = strstr(mod_path, "$ISA"); size_t isa_len = strlen("$ISA"); if (isa != NULL) { - size_t pam_isa_len = strlen(_PAM_ISA); - char *mod_full_isa_path = - malloc(strlen(mod_path) - isa_len + pam_isa_len + 1); - - if (mod_full_isa_path == NULL) { - D(("_pam_load_module: couldn't get memory for mod_path")); + char *mod_full_isa_path = NULL; + if (strlen(mod_path) >= INT_MAX || + asprintf(&mod_full_isa_path, "%.*s%s%s", + (int)(isa - mod_path), mod_path, _PAM_ISA, isa + isa_len) < 0) { + D(("couldn't get memory for mod_path")); pam_syslog(pamh, LOG_CRIT, "no memory for module path"); success = PAM_ABORT; } else { - char *p = mod_full_isa_path; - - memcpy(p, mod_path, isa - mod_path); - p += isa - mod_path; - memcpy(p, _PAM_ISA, pam_isa_len); - p += pam_isa_len; - strcpy(p, isa + isa_len); - mod->dl_handle = _pam_dlopen(mod_full_isa_path); _pam_drop(mod_full_isa_path); } } } if (mod->dl_handle == NULL) { - D(("_pam_load_module: _pam_dlopen(%s) failed", mod_path)); + D(("_pam_dlopen(%s) failed", mod_path)); if (handler_type != PAM_HT_SILENT_MODULE) pam_syslog(pamh, LOG_ERR, "unable to dlopen(%s): %s", mod_path, _pam_dlerror()); @@ -764,7 +686,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) /* indicate its name - later we will search for it by this */ if ((mod->name = _pam_strdup(mod_path)) == NULL) { - D(("_pam_load_module: couldn't get memory for mod_path")); + D(("couldn't get memory for mod_path")); pam_syslog(pamh, LOG_CRIT, "no memory for module path"); success = PAM_ABORT; } @@ -776,10 +698,10 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) return success == PAM_SUCCESS ? mod : NULL; } -int _pam_add_handler(pam_handle_t *pamh - , int handler_type, int other, int stack_level, int type - , int *actions, const char *mod_path - , int argc, char **argv, int argvlen) +static int _pam_add_handler(pam_handle_t *pamh + , int handler_type, int other, int stack_level + , int type, int *actions, const char *mod_path + , int argc, char **argv, size_t argvlen) { struct loaded_module *mod = NULL; struct handler **handler_p; @@ -791,9 +713,9 @@ int _pam_add_handler(pam_handle_t *pamh int mod_type = PAM_MT_FAULTY_MOD; D(("called.")); - IF_NO_PAMH("_pam_add_handler",pamh,PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh,PAM_SYSTEM_ERR); - D(("_pam_add_handler: adding type %d, handler_type %d, module `%s'", + D(("adding type %d, handler_type %d, module `%s'", type, handler_type, mod_path)); if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && @@ -857,14 +779,14 @@ int _pam_add_handler(pam_handle_t *pamh break; default: /* Illegal module type */ - D(("_pam_add_handler: illegal module type %d", type)); + D(("illegal module type %d", type)); return PAM_ABORT; } /* are the modules reliable? */ if (mod_type != PAM_MT_DYNAMIC_MOD && mod_type != PAM_MT_FAULTY_MOD) { - D(("_pam_add_handlers: illegal module library type; %d", mod_type)); + D(("illegal module library type; %d", mod_type)); pam_syslog(pamh, LOG_ERR, "internal error: module library type not known: %s;%d", sym, mod_type); @@ -938,7 +860,7 @@ int _pam_add_handler(pam_handle_t *pamh return PAM_ABORT; } - D(("_pam_add_handler: returning successfully")); + D(("returning successfully")); return PAM_SUCCESS; } @@ -949,14 +871,14 @@ int _pam_free_handlers(pam_handle_t *pamh) struct loaded_module *mod; D(("called.")); - IF_NO_PAMH("_pam_free_handlers",pamh,PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh,PAM_SYSTEM_ERR); mod = pamh->handlers.module; /* Close all loaded modules */ while (pamh->handlers.modules_used) { - D(("_pam_free_handlers: dlclose(%s)", mod->name)); + D(("dlclose(%s)", mod->name)); free(mod->name); if (mod->type == PAM_MT_DYNAMIC_MOD) { _pam_dlclose(mod->dl_handle); diff --git a/libpam/pam_item.c b/libpam/pam_item.c index 42857da5..2e43d767 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -6,6 +6,7 @@ #include "pam_private.h" #include "pam_inline.h" +#include "pam_i18n.h" #include <ctype.h> #include <stdlib.h> @@ -13,7 +14,7 @@ #include <syslog.h> #define TRY_SET(X, Y) \ -{ \ +do { \ if ((X) != (Y)) { \ char *_TMP_ = _pam_strdup(Y); \ if (_TMP_ == NULL && (Y) != NULL) \ @@ -21,7 +22,7 @@ free(X); \ (X) = _TMP_; \ } \ -} +} while(0) /* functions */ @@ -31,13 +32,19 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) D(("called")); - IF_NO_PAMH("pam_set_item", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); retval = PAM_SUCCESS; switch (item_type) { case PAM_SERVICE: + if (item == NULL) { + pam_syslog(pamh, LOG_ERR, + "pam_set_item: attempt to set service to NULL"); + retval = PAM_BAD_ITEM; + break; + } /* Setting handlers_loaded to 0 will cause the handlers * to be reloaded on the next call to a service module. */ @@ -46,7 +53,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) { char *tmp; for (tmp=pamh->service_name; *tmp; ++tmp) - *tmp = tolower(*tmp); /* require lower case */ + *tmp = tolower((unsigned char)*tmp); /* require lower case */ } break; @@ -61,7 +68,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) break; case PAM_TTY: - D(("setting tty to %s", item)); + D(("setting tty to %s", (const char *)item)); TRY_SET(pamh->tty, item); break; @@ -113,8 +120,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) } else { struct pam_conv *tconv; - if ((tconv= - (struct pam_conv *) malloc(sizeof(struct pam_conv)) + if ((tconv = malloc(sizeof(struct pam_conv)) ) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_set_item: malloc failed for pam_conv"); @@ -177,7 +183,7 @@ int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item) int retval = PAM_SUCCESS; D(("called.")); - IF_NO_PAMH("pam_get_item", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (item == NULL) { pam_syslog(pamh, LOG_ERR, @@ -280,7 +286,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) D(("called.")); - IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (user == NULL) { /* ensure that the module has supplied a destination */ @@ -372,7 +378,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) break; } else { /* conversation should have given a response */ - D(("pam_get_user: no response provided")); + D(("no response provided")); retval = PAM_CONV_ERR; } /* fallthrough */ diff --git a/libpam/pam_misc.c b/libpam/pam_misc.c index 996f23ce..e379d2f9 100644 --- a/libpam/pam_misc.c +++ b/libpam/pam_misc.c @@ -37,44 +37,38 @@ #include "pam_private.h" +#include <limits.h> #include <stdarg.h> #include <stdlib.h> +#include <stdint.h> #include <stdio.h> #include <string.h> #include <syslog.h> #include <ctype.h> -char *_pam_StrTok(char *from, const char *format, char **next) +#define DELIMITERS " \n\t" + +char *_pam_tokenize(char *from, char **next) /* - * this function is a variant of the standard strtok, it differs in that - * it takes an additional argument and doesn't nul terminate tokens until + * this function is a variant of the standard strtok_r, it differs in that + * it uses a fixed set of delimiters and doesn't nul terminate tokens until * they are actually reached. */ { - char table[256], *end; - int i; + char *end; if (from == NULL && (from = *next) == NULL) return from; - /* initialize table */ - for (i=1; i<256; table[i++] = '\0'); - for (i=0; format[i] ; - table[(unsigned char)format[i++]] = 'y'); - /* look for first non-format char */ - while (*from && table[(unsigned char)*from]) { - ++from; - } + from += strspn(from, DELIMITERS); if (*from == '[') { /* * special case, "[...]" is considered to be a single - * object. Note, however, if one of the format[] chars is - * '[' this single string will not be read correctly. - * Note, any '[' inside the outer "[...]" pair will survive. - * Note, the first ']' will terminate this string, but - * that "\]" will get compressed into "]". That is: + * object. Note, any '[' inside the outer "[...]" pair will + * survive. Note, the first ']' will terminate this string, + * but that "\]" will get compressed into "]". That is: * * "[..[..\]..]..." --> "..[..].." */ @@ -93,7 +87,7 @@ char *_pam_StrTok(char *from, const char *format, char **next) remains */ } else if (*from) { /* simply look for next blank char */ - for (end=from; *end && !table[(unsigned char)*end]; ++end); + end = from + strcspn(from, DELIMITERS); } else { return (*next = NULL); /* no tokens left */ } @@ -123,14 +117,8 @@ char *_pam_strdup(const char *x) register char *new=NULL; if (x != NULL) { - register int len; - - len = strlen (x) + 1; /* length of string including NUL */ - if ((new = malloc(len)) == NULL) { - len = 0; + if ((new = strdup(x)) == NULL) { pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory"); - } else { - strcpy (new, x); } x = NULL; } @@ -163,67 +151,62 @@ char *_pam_memdup(const char *x, int len) /* Generate argv, argc from s */ /* caller must free(argv) */ -int _pam_mkargv(const char *s, char ***argv, int *argc) +size_t _pam_mkargv(const char *s, char ***argv, int *argc) { - int l; - int argvlen = 0; - char *sbuf, *sbuf_start; + size_t l; + size_t argvlen = 0; char **our_argv = NULL; - char **argvbuf; - char *argvbufp; -#ifdef PAM_DEBUG - int count=0; -#endif - D(("_pam_mkargv called: %s",s)); + D(("called: %s",s)); *argc = 0; l = strlen(s); - if (l) { - if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by _pam_strdup"); - D(("arg NULL")); + if (l && l < SIZE_MAX / (sizeof(char) + sizeof(char *))) { + char **argvbuf; + /* Overkill on the malloc, but not large */ + argvlen = (l + 1) * (sizeof(char) + sizeof(char *)); + if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { + pam_syslog(NULL, LOG_CRIT, "pam_mkargv: null returned by malloc"); + argvlen = 0; } else { - /* Overkill on the malloc, but not large */ - argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *)); - if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { - pam_syslog(NULL, LOG_CRIT, - "pam_mkargv: null returned by malloc"); - } else { - char *tmp=NULL; - - argvbufp = (char *) argvbuf + (l * sizeof(char *)); - D(("[%s]",sbuf)); - while ((sbuf = _pam_StrTok(sbuf, " \n\t", &tmp))) { - D(("arg #%d",++count)); - D(("->[%s]",sbuf)); - strcpy(argvbufp, sbuf); - D(("copied token")); - *argvbuf = argvbufp; - argvbufp += strlen(argvbufp) + 1; - D(("stepped in argvbufp")); - (*argc)++; - argvbuf++; - sbuf = NULL; - D(("loop again?")); + char *argvbufp; + char *tmp=NULL; + char *tok; +#ifdef PAM_DEBUG + unsigned count=0; +#endif + argvbufp = (char *) argvbuf + (l * sizeof(char *)); + strcpy(argvbufp, s); + D(("[%s]",argvbufp)); + while ((tok = _pam_tokenize(argvbufp, &tmp))) { + D(("arg #%u",++count)); + D(("->[%s]",tok)); + *argvbuf++ = tok; + if (*argc == INT_MAX) { + pam_syslog(NULL, LOG_CRIT, + "pam_mkargv: too many arguments"); + argvlen = 0; + _pam_drop(our_argv); + break; } + (*argc)++; + argvbufp = NULL; + D(("loop again?")); } - _pam_drop(sbuf_start); } } *argv = our_argv; - D(("_pam_mkargv returned")); + D(("exiting")); return(argvlen); } /* * this function is used to protect the modules from accidental or - * semi-mallicious harm that an application may do to confuse the API. + * semi-malicious harm that an application may do to confuse the API. */ void _pam_sanitize(pam_handle_t *pamh) @@ -270,10 +253,11 @@ void _pam_parse_control(int *control_array, char *tok) int ret; while (*tok) { - int act, len; + size_t len; + int act; /* skip leading space */ - while (isspace((int)*tok) && *++tok); + while (isspace((unsigned char)*tok) && *++tok); if (!*tok) break; @@ -290,14 +274,14 @@ void _pam_parse_control(int *control_array, char *tok) } /* observe '=' */ - while (isspace((int)*tok) && *++tok); + while (isspace((unsigned char)*tok) && *++tok); if (!*tok || *tok++ != '=') { error = "expecting '='"; goto parse_error; } /* skip leading space */ - while (isspace((int)*tok) && *++tok); + while (isspace((unsigned char)*tok) && *++tok); if (!*tok) { error = "expecting action"; goto parse_error; @@ -322,16 +306,25 @@ void _pam_parse_control(int *control_array, char *tok) * cause looping problems. So, for now, we will just * allow forward jumps. (AGM 1998/1/7) */ - if (!isdigit((int)*tok)) { + if (!isdigit((unsigned char)*tok)) { error = "expecting jump number"; goto parse_error; } /* parse a number */ act = 0; do { + int digit = *tok - '0'; + if (act > INT_MAX / 10) { + error = "expecting smaller jump number"; + goto parse_error; + } act *= 10; - act += *tok - '0'; /* XXX - this assumes ascii behavior */ - } while (*++tok && isdigit((int)*tok)); + if (act > INT_MAX - digit) { + error = "expecting smaller jump number"; + goto parse_error; + } + act += digit; /* XXX - this assumes ascii behavior */ + } while (*++tok && isdigit((unsigned char)*tok)); if (! act) { /* we do not allow 0 jumps. There is a token ('ignore') for that */ diff --git a/libpam/pam_modutil_check_user.c b/libpam/pam_modutil_check_user.c index cf1bd1b5..4034e59d 100644 --- a/libpam/pam_modutil_check_user.c +++ b/libpam/pam_modutil_check_user.c @@ -10,22 +10,15 @@ pam_modutil_check_user_in_passwd(pam_handle_t *pamh, const char *user_name, const char *file_name) { - int rc; - size_t user_len; + int rc, c = EOF; FILE *fp; - char line[BUFSIZ]; /* Validate the user name. */ - if ((user_len = strlen(user_name)) == 0) { + if (user_name[0] == '\0') { pam_syslog(pamh, LOG_NOTICE, "user name is not valid"); return PAM_SERVICE_ERR; } - if (user_len > sizeof(line) - sizeof(":")) { - pam_syslog(pamh, LOG_NOTICE, "user name is too long"); - return PAM_SERVICE_ERR; - } - if (strchr(user_name, ':') != NULL) { /* * "root:x" is not a local user name even if the passwd file @@ -44,48 +37,40 @@ pam_modutil_check_user_in_passwd(pam_handle_t *pamh, } /* - * Scan the file using fgets() instead of fgetpwent_r() because + * Scan the file using fgetc() instead of fgetpwent_r() because * the latter is not flexible enough in handling long lines * in passwd files. */ rc = PAM_PERM_DENIED; - while (fgets(line, sizeof(line), fp) != NULL) { - size_t line_len; - const char *str; + do { + const char *p; /* * Does this line start with the user name * followed by a colon? */ - if (strncmp(user_name, line, user_len) == 0 && - line[user_len] == ':') { + for (p = user_name; *p != '\0'; p++) { + c = fgetc(fp); + if (c == EOF || c == '\n' || (char)c != *p) + break; + } + + if (c != EOF && c != '\n') + c = fgetc(fp); + + if (*p == '\0' && c == ':') { rc = PAM_SUCCESS; /* * Continue reading the file to avoid timing attacks. */ } - /* Has a newline been read? */ - line_len = strlen(line); - if (line_len < sizeof(line) - 1 || - line[line_len - 1] == '\n') { - /* Yes, continue with the next line. */ - continue; - } - /* No, read till the end of this line first. */ - while ((str = fgets(line, sizeof(line), fp)) != NULL) { - line_len = strlen(line); - if (line_len == 0 || - line[line_len - 1] == '\n') { - break; - } - } - if (str == NULL) { - /* fgets returned NULL, we are done. */ - break; - } + /* Read till the end of this line. */ + while (c != EOF && c != '\n') + c = fgetc(fp); + /* Continue with the next line. */ - } + } while (c != EOF); fclose(fp); return rc; diff --git a/libpam/pam_modutil_cleanup.c b/libpam/pam_modutil_cleanup.c index 8224ce67..2077cbd7 100644 --- a/libpam/pam_modutil_cleanup.c +++ b/libpam/pam_modutil_cleanup.c @@ -12,8 +12,6 @@ void pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) { - if (data) { /* junk it */ - (void) free(data); - } + free(data); } diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c index 386d6f4b..fd495105 100644 --- a/libpam/pam_modutil_getgrgid.c +++ b/libpam/pam_modutil_getgrgid.c @@ -54,9 +54,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) D(("out of memory")); /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } + free(buffer); return NULL; } buffer = new_buffer; @@ -119,7 +117,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) } while (length < PWD_ABSURD_PWD_LENGTH); - D(("grp structure took %u bytes or so of memory", + D(("grp structure took %zu bytes or so of memory", length+sizeof(struct group))); free(buffer); diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c index cbb1551d..c7dd175c 100644 --- a/libpam/pam_modutil_getgrnam.c +++ b/libpam/pam_modutil_getgrnam.c @@ -44,9 +44,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) D(("out of memory")); /* no memory for the group - so delete the memory */ - if (buffer) { - free(buffer); - } + free(buffer); return NULL; } buffer = new_buffer; @@ -108,7 +106,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) } while (length < PWD_ABSURD_PWD_LENGTH); - D(("grp structure took %u bytes or so of memory", + D(("grp structure took %zu bytes or so of memory", length+sizeof(struct group))); free(buffer); diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c index 8132c769..9c96150b 100644 --- a/libpam/pam_modutil_getpwnam.c +++ b/libpam/pam_modutil_getpwnam.c @@ -44,9 +44,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) D(("out of memory")); /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } + free(buffer); return NULL; } buffer = new_buffer; @@ -108,7 +106,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) } while (length < PWD_ABSURD_PWD_LENGTH); - D(("pwd structure took %u bytes or so of memory", + D(("pwd structure took %zu bytes or so of memory", length+sizeof(struct passwd))); free(buffer); diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c index 3a435937..671fdf23 100644 --- a/libpam/pam_modutil_getpwuid.c +++ b/libpam/pam_modutil_getpwuid.c @@ -54,9 +54,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) D(("out of memory")); /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } + free(buffer); return NULL; } buffer = new_buffer; @@ -119,7 +117,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) } while (length < PWD_ABSURD_PWD_LENGTH); - D(("pwd structure took %u bytes or so of memory", + D(("pwd structure took %zu bytes or so of memory", length+sizeof(struct passwd))); free(buffer); diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c index 032709ed..8b48db90 100644 --- a/libpam/pam_modutil_getspnam.c +++ b/libpam/pam_modutil_getspnam.c @@ -44,9 +44,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) D(("out of memory")); /* no memory for the user - so delete the memory */ - if (buffer) { - free(buffer); - } + free(buffer); return NULL; } buffer = new_buffer; @@ -108,7 +106,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) } while (length < PWD_ABSURD_PWD_LENGTH); - D(("spwd structure took %u bytes or so of memory", + D(("spwd structure took %zu bytes or so of memory", length+sizeof(struct spwd))); free(buffer); diff --git a/libpam/pam_modutil_ioloop.c b/libpam/pam_modutil_ioloop.c index 54ab0e55..72b58455 100644 --- a/libpam/pam_modutil_ioloop.c +++ b/libpam/pam_modutil_ioloop.c @@ -1,8 +1,8 @@ /* * $Id$ * - * These functions provides common methods for ensure a complete read or - * write occurs. It handles EINTR and partial read/write returns. + * These functions provide common methods to ensure a complete read or + * write occurs. They handle EINTR and partial read/write returns. */ #include "pam_modutil_private.h" @@ -15,6 +15,11 @@ pam_modutil_read(int fd, char *buffer, int count) { int block, offset = 0; + if (count < 0) { + errno = EINVAL; + return -1; + } + while (count > 0) { block = read(fd, &buffer[offset], count); @@ -36,6 +41,11 @@ pam_modutil_write(int fd, const char *buffer, int count) { int block, offset = 0; + if (count < 0) { + errno = EINVAL; + return -1; + } + while (count > 0) { block = write(fd, &buffer[offset], count); diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c index f26e8ec0..1b8af743 100644 --- a/libpam/pam_modutil_sanitize.c +++ b/libpam/pam_modutil_sanitize.c @@ -11,6 +11,10 @@ #include <syslog.h> #include <sys/resource.h> +#ifndef CLOSE_RANGE_UNSHARE +#define CLOSE_RANGE_UNSHARE (1U << 1) +#endif /* CLOSE_RANGE_UNSHARE */ + /* * Creates a pipe, closes its write end, redirects fd to its read end. * Returns fd on success, -1 otherwise. @@ -84,9 +88,8 @@ redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, return fd; } -/* Closes all descriptors after stderr. */ static void -close_fds(void) +close_fds_iteratively(void) { /* * An arbitrary upper limit for the maximum file descriptor number @@ -111,6 +114,18 @@ close_fds(void) close(fd); } +/* Closes all descriptors after stderr. */ +static void +close_fds(void) +{ +#ifdef HAVE_CLOSE_RANGE + if (close_range(STDERR_FILENO+1, -1U, CLOSE_RANGE_UNSHARE) == 0) + return; +#endif /* HAVE_CLOSE_RANGE */ + + close_fds_iteratively(); +} + int pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, enum pam_modutil_redirect_fd stdin_mode, diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c index ba023e52..1a497f8f 100644 --- a/libpam/pam_modutil_searchkey.c +++ b/libpam/pam_modutil_searchkey.c @@ -4,8 +4,6 @@ * lookup a value for key in login.defs file or similar key value format */ -#include "config.h" - #include "pam_private.h" #include "pam_modutil_private.h" #include <security/pam_ext.h> @@ -14,11 +12,9 @@ #include <stdlib.h> #include <ctype.h> #ifdef USE_ECONF -#include <libeconf.h> +#include "pam_econf.h" #endif -#define BUF_SIZE 8192 - #ifdef USE_ECONF #define LOGIN_DEFS "/etc/login.defs" @@ -31,10 +27,14 @@ econf_search_key (const char *name, const char *suffix, const char *key) { econf_file *key_file = NULL; char *val; + econf_err error; - if (econf_readDirs (&key_file, VENDORDIR, SYSCONFDIR, name, suffix, - " \t", "#")) - return NULL; + error = pam_econf_readconfig (&key_file, VENDORDIR, SYSCONFDIR, name, suffix, + " \t", "#", NULL, NULL); + if (error != ECONF_SUCCESS) { + econf_free (key_file); + return NULL; + } if (econf_getStringValue (key_file, NULL, key, &val)) { econf_free (key_file); @@ -70,29 +70,8 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED, while (!feof(fp)) { char *tmp, *cp; -#if defined(HAVE_GETLINE) ssize_t n = getline(&buf, &buflen, fp); -#elif defined (HAVE_GETDELIM) - ssize_t n = getdelim(&buf, &buflen, '\n', fp); -#else - ssize_t n; - - if (buf == NULL) { - buflen = BUF_SIZE; - buf = malloc(buflen); - if (buf == NULL) { - fclose(fp); - return NULL; - } - } - buf[0] = '\0'; - if (fgets(buf, buflen - 1, fp) == NULL) - break; - else if (buf != NULL) - n = strlen(buf); - else - n = 0; -#endif /* HAVE_GETLINE / HAVE_GETDELIM */ + cp = buf; if (n < 1) @@ -103,14 +82,14 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED, tmp = strchr(cp, '#'); /* remove comments */ if (tmp) *tmp = '\0'; - while (isspace((int)*cp)) /* remove spaces and tabs */ + while (isspace((unsigned char)*cp)) /* remove spaces and tabs */ ++cp; if (*cp == '\0') /* ignore empty lines */ continue; tmp = strsep (&cp, " \t="); if (cp != NULL) - while (isspace((int)*cp) || *cp == '=') + while (isspace((unsigned char)*cp) || *cp == '=') ++cp; else cp = buf + n; /* empty string */ diff --git a/libpam/pam_password.c b/libpam/pam_password.c index 592e01fb..9783dbe0 100644 --- a/libpam/pam_password.c +++ b/libpam/pam_password.c @@ -15,14 +15,14 @@ int pam_chauthtok(pam_handle_t *pamh, int flags) D(("called.")); - IF_NO_PAMH("pam_chauthtok", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } - /* applications are not allowed to set this flags */ + /* applications are not allowed to set these flags */ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { pam_syslog (pamh, LOG_ERR, "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); @@ -52,9 +52,9 @@ int pam_chauthtok(pam_handle_t *pamh, int flags) _pam_sanitize(pamh); pamh->former.update = PAM_FALSE; _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ - D(("pam_chauthtok exit %d - %d", retval, pamh->former.choice)); + D(("exiting %d - %d", retval, pamh->former.choice)); } else { - D(("will resume when ready", retval)); + D(("will resume when ready")); } return retval; diff --git a/libpam/pam_prelude.c b/libpam/pam_prelude.c index 6c73bf5d..c62e2f2c 100644 --- a/libpam/pam_prelude.c +++ b/libpam/pam_prelude.c @@ -5,17 +5,17 @@ * (C) Sebastien Tricaud 2005 <toady@gscore.org> */ -#include <stdio.h> -#include <syslog.h> - #ifdef PRELUDE +#include "pam_private.h" + +#include <stdio.h> +#include <syslog.h> #include <libprelude/prelude.h> #include <libprelude/prelude-log.h> #include <libprelude/idmef-message-print.h> #include "pam_prelude.h" -#include "pam_private.h" #define ANALYZER_CLASS "pam" diff --git a/libpam/pam_private.h b/libpam/pam_private.h index 508527cf..77dc5a69 100644 --- a/libpam/pam_private.h +++ b/libpam/pam_private.h @@ -16,6 +16,7 @@ #include "config.h" +#include <stddef.h> #include <syslog.h> #include <security/pam_appl.h> @@ -47,7 +48,7 @@ /* components of the pam_handle structure */ -#define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */ +#define _PAM_INVALID_RETVAL (-1) /* default value for cached_retval */ struct handler { int handler_type; @@ -192,14 +193,14 @@ struct pam_handle { #define _PAM_ACTION_IS_JUMP(x) ((x) > 0) #define _PAM_ACTION_IGNORE 0 -#define _PAM_ACTION_OK -1 -#define _PAM_ACTION_DONE -2 -#define _PAM_ACTION_BAD -3 -#define _PAM_ACTION_DIE -4 -#define _PAM_ACTION_RESET -5 +#define _PAM_ACTION_OK (-1) +#define _PAM_ACTION_DONE (-2) +#define _PAM_ACTION_BAD (-3) +#define _PAM_ACTION_DIE (-4) +#define _PAM_ACTION_RESET (-5) /* Add any new entries here. Will need to change ..._UNDEF and then * need to change pam_tokens.h */ -#define _PAM_ACTION_UNDEF -6 /* this is treated as an error +#define _PAM_ACTION_UNDEF (-6) /* this is treated as an error ( = _PAM_ACTION_BAD) */ #define PAM_SUBSTACK_MAX_LEVEL 16 /* maximum level of substacks */ @@ -255,7 +256,7 @@ const char *_pam_dlerror (void); /* For now we just use a stack and linear search for module data. */ /* If it becomes apparent that there is a lot of data, it should */ -/* changed to either a sorted list or a hash table. */ +/* be changed to either a sorted list or a hash table. */ struct pam_data { char *name; @@ -266,13 +267,13 @@ struct pam_data { void _pam_free_data(pam_handle_t *pamh, int status); -char *_pam_StrTok(char *from, const char *format, char **next); +char *_pam_tokenize(char *from, char **next); char *_pam_strdup(const char *s); char *_pam_memdup(const char *s, int len); -int _pam_mkargv(const char *s, char ***argv, int *argc); +size_t _pam_mkargv(const char *s, char ***argv, int *argc); void _pam_sanitize(pam_handle_t *pamh); @@ -287,11 +288,13 @@ void _pam_parse_control(int *control_array, char *tok); * else */ -#define IF_NO_PAMH(X,pamh,ERR) \ -if ((pamh) == NULL) { \ - syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \ - return ERR; \ -} +#define IF_NO_PAMH(pamh,ERR) \ +do { \ + if ((pamh) == NULL) { \ + syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " %s: NULL pam handle passed", __FUNCTION__); \ + return ERR; \ + } \ +} while(0) /* * include some helpful macros diff --git a/libpam/pam_session.c b/libpam/pam_session.c index cb393c1a..a6c54f56 100644 --- a/libpam/pam_session.c +++ b/libpam/pam_session.c @@ -14,7 +14,7 @@ int pam_open_session(pam_handle_t *pamh, int flags) D(("called")); - IF_NO_PAMH("pam_open_session", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); @@ -31,7 +31,7 @@ int pam_close_session(pam_handle_t *pamh, int flags) D(("called")); - IF_NO_PAMH("pam_close_session", pamh, PAM_SYSTEM_ERR); + IF_NO_PAMH(pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); diff --git a/libpam/pam_start.c b/libpam/pam_start.c index 99dd0389..97bc35b1 100644 --- a/libpam/pam_start.c +++ b/libpam/pam_start.c @@ -8,6 +8,7 @@ */ #include "pam_private.h" +#include "pam_i18n.h" #include <ctype.h> #include <stdlib.h> @@ -25,6 +26,21 @@ static int _pam_start_internal ( D(("called pam_start: [%s] [%s] [%p] [%p]" ,service_name, user, pam_conversation, pamh)); +#if defined HAVE_BINDTEXTDOMAIN && defined ENABLE_NLS + /* Bind text domain to pull in PAM translations for a case where + linux-pam is installed to non-default prefix. + + It is safe to call bindtextdomain() from multiple threads, but it + has a chance to have some overhead. Let's try to do it once (or a + small number of times as `bound_text_domain` is not protected by + a lock. */ + static int bound_text_domain = 0; + if (!bound_text_domain) { + bound_text_domain = 1; + bindtextdomain(PACKAGE, LOCALEDIR); + } +#endif + if (pamh == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_start: invalid argument: pamh == NULL"); @@ -67,7 +83,7 @@ static int _pam_start_internal ( char *tmp; for (tmp=(*pamh)->service_name; *tmp; ++tmp) - *tmp = tolower(*tmp); /* require lower case */ + *tmp = tolower((unsigned char)*tmp); /* require lower case */ } if (user) { @@ -143,6 +159,7 @@ static int _pam_start_internal ( if ( _pam_init_handlers(*pamh) != PAM_SUCCESS ) { pam_syslog(*pamh, LOG_ERR, "pam_start: failed to initialize handlers"); + _pam_free_handlers(*pamh); _pam_drop_env(*pamh); /* purge the environment */ _pam_drop((*pamh)->pam_conversation); _pam_drop((*pamh)->service_name); @@ -152,7 +169,7 @@ static int _pam_start_internal ( return PAM_ABORT; } - D(("exiting pam_start successfully")); + D(("exiting successfully")); return PAM_SUCCESS; } diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c index 17c81945..37f1e3b2 100644 --- a/libpam/pam_strerror.c +++ b/libpam/pam_strerror.c @@ -32,6 +32,7 @@ */ #include "pam_private.h" +#include "pam_i18n.h" const char *pam_strerror(pam_handle_t *pamh UNUSED, int errnum) { diff --git a/libpam/pam_syslog.c b/libpam/pam_syslog.c index c5a6feca..e67f713f 100644 --- a/libpam/pam_syslog.c +++ b/libpam/pam_syslog.c @@ -31,7 +31,7 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "config.h" +#include "pam_private.h" #include <stdio.h> #include <stdlib.h> @@ -43,8 +43,6 @@ #include <security/_pam_macros.h> #include <security/pam_ext.h> -#include "pam_private.h" - #ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH #endif diff --git a/libpam/pam_vprompt.c b/libpam/pam_vprompt.c index 8c9d63d5..a16f6004 100644 --- a/libpam/pam_vprompt.c +++ b/libpam/pam_vprompt.c @@ -31,7 +31,8 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "config.h" +#include "pam_private.h" +#include "pam_inline.h" #include <stdio.h> #include <stdlib.h> @@ -42,9 +43,6 @@ #include <security/pam_modules.h> #include <security/pam_ext.h> -#include "pam_private.h" -#include "pam_inline.h" - int pam_vprompt (pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args) |