From 154c00e1a480d2bac7e8aba3b13888eb909f8e7f Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 24 Jan 2014 23:53:09 +0000 Subject: Fix gratuitous use of strdup and x_strdup There is no need to copy strings passed as arguments to execve, the only potentially noticeable effect of using strdup/x_strdup would be a malformed argument list in case of memory allocation error. Also, x_strdup, being a thin wrapper around strdup, is of no benefit when its argument is known to be non-NULL, and should not be used in such cases. * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup instead of x_strdup, the latter is of no benefit in this case. * modules/pam_ftp/pam_ftp.c (lookup): Likewise. * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use x_strdup for strings passed as arguments to execve. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. (_unix_verify_password): Use strdup instead of x_strdup, the latter is of no benefit in this case. * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for strings passed as arguments to execv. --- modules/pam_unix/pam_unix_acct.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/pam_unix/pam_unix_acct.c') diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 8ec44492..dc505e73 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -101,7 +101,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, int i=0; struct rlimit rlim; static char *envp[] = { NULL }; - char *args[] = { NULL, NULL, NULL, NULL }; + const char *args[] = { NULL, NULL, NULL, NULL }; /* reopen stdout as pipe */ dup2(fds[1], STDOUT_FILENO); @@ -130,11 +130,11 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, } /* exec binary helper */ - args[0] = x_strdup(CHKPWD_HELPER); - args[1] = x_strdup(user); - args[2] = x_strdup("chkexpiry"); + args[0] = CHKPWD_HELPER; + args[1] = user; + args[2] = "chkexpiry"; - execve(CHKPWD_HELPER, args, envp); + execve(CHKPWD_HELPER, (char *const *) args, envp); pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ -- cgit v1.2.3 From b0ec5d1e472a0cd74972bfe9575dcf6a3d0cad1c Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 24 Jan 2014 15:32:08 +0000 Subject: Introduce pam_modutil_sanitize_helper_fds This change introduces pam_modutil_sanitize_helper_fds - a new function that redirects standard descriptors and closes all other descriptors. pam_modutil_sanitize_helper_fds supports three types of input and output redirection: - PAM_MODUTIL_IGNORE_FD: do not redirect at all. - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented by creating a pipe, closing its write end, and redirecting stdin to its read end. Likewise, for stdout/stderr it is implemented by creating a pipe, closing its read end, and redirecting to its write end. Unlike stdin redirection, stdout/stderr redirection to a pipe has a side effect that a process writing to such descriptor should be prepared to handle SIGPIPE appropriately. - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is implemented via PAM_MODUTIL_PIPE_FD because there is no functional difference. For stdout/stderr, it is classic redirection to /dev/null. PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel security restrictions, but when the helper process might be writing to the corresponding descriptor and termination of the helper process by SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. * libpam/pam_modutil_sanitize.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, pam_modutil_sanitize_helper_fds): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. * modules/pam_exec/pam_exec.c (call_exec): Use pam_modutil_sanitize_helper_fds. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_unix/support.h (MAX_FD_NO): Remove. --- libpam/Makefile.am | 2 +- libpam/include/security/pam_modutil.h | 13 +++ libpam/libpam.map | 5 + libpam/pam_modutil_sanitize.c | 175 ++++++++++++++++++++++++++++++++++ modules/pam_exec/pam_exec.c | 34 ++----- modules/pam_mkhomedir/pam_mkhomedir.c | 15 +-- modules/pam_unix/pam_unix_acct.c | 23 ++--- modules/pam_unix/pam_unix_passwd.c | 20 ++-- modules/pam_unix/support.c | 20 ++-- modules/pam_unix/support.h | 2 - modules/pam_xauth/pam_xauth.c | 26 +++-- 11 files changed, 251 insertions(+), 84 deletions(-) create mode 100644 libpam/pam_modutil_sanitize.c (limited to 'modules/pam_unix/pam_unix_acct.c') diff --git a/libpam/Makefile.am b/libpam/Makefile.am index 417ca779..685a797d 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -43,4 +43,4 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ - pam_modutil_priv.c + pam_modutil_priv.c pam_modutil_sanitize.c diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h index 8087ba15..4ce8c552 100644 --- a/libpam/include/security/pam_modutil.h +++ b/libpam/include/security/pam_modutil.h @@ -129,6 +129,19 @@ extern int PAM_NONNULL((1,2)) pam_modutil_regain_priv(pam_handle_t *pamh, struct pam_modutil_privs *p); +enum pam_modutil_redirect_fd { + PAM_MODUTIL_IGNORE_FD, /* do not redirect */ + PAM_MODUTIL_PIPE_FD, /* redirect to a pipe */ + PAM_MODUTIL_NULL_FD, /* redirect to /dev/null */ +}; + +/* redirect standard descriptors, close all other descriptors. */ +extern int PAM_NONNULL((1)) +pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, + enum pam_modutil_redirect_fd redirect_stdin, + enum pam_modutil_redirect_fd redirect_stdout, + enum pam_modutil_redirect_fd redirect_stderr); + #ifdef __cplusplus } #endif diff --git a/libpam/libpam.map b/libpam/libpam.map index b0885d65..d6835b47 100644 --- a/libpam/libpam.map +++ b/libpam/libpam.map @@ -67,3 +67,8 @@ LIBPAM_MODUTIL_1.1.3 { pam_modutil_drop_priv; pam_modutil_regain_priv; } LIBPAM_MODUTIL_1.1; + +LIBPAM_MODUTIL_1.1.9 { + global: + pam_modutil_sanitize_helper_fds; +} LIBPAM_MODUTIL_1.1.3; diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c new file mode 100644 index 00000000..65f85d01 --- /dev/null +++ b/libpam/pam_modutil_sanitize.c @@ -0,0 +1,175 @@ +/* + * This file implements the following functions: + * pam_modutil_sanitize_helper_fds: + * redirects standard descriptors, closes all other descriptors. + */ + +#include "pam_modutil_private.h" +#include +#include +#include +#include +#include + +/* + * Creates a pipe, closes its write end, redirects fd to its read end. + * Returns fd on success, -1 otherwise. + */ +static int +redirect_in_pipe(pam_handle_t *pamh, int fd, const char *name) +{ + int in[2]; + + if (pipe(in) < 0) { + pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + return -1; + } + + close(in[1]); + + if (in[0] == fd) + return fd; + + if (dup2(in[0], fd) != fd) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); + fd = -1; + } + + close(in[0]); + return fd; +} + +/* + * Creates a pipe, closes its read end, redirects fd to its write end. + * Returns fd on success, -1 otherwise. + */ +static int +redirect_out_pipe(pam_handle_t *pamh, int fd, const char *name) +{ + int out[2]; + + if (pipe(out) < 0) { + pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + return -1; + } + + close(out[0]); + + if (out[1] == fd) + return fd; + + if (dup2(out[1], fd) != fd) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); + fd = -1; + } + + close(out[1]); + return fd; +} + +/* + * Opens /dev/null for writing, redirects fd there. + * Returns fd on success, -1 otherwise. + */ +static int +redirect_out_null(pam_handle_t *pamh, int fd, const char *name) +{ + int null = open("/dev/null", O_WRONLY); + + if (null < 0) { + pam_syslog(pamh, LOG_ERR, "open of %s failed: %m", "/dev/null"); + return -1; + } + + if (null == fd) + return fd; + + if (dup2(null, fd) != fd) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); + fd = -1; + } + + close(null); + return fd; +} + +static int +redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, + int fd, const char *name) +{ + switch (mode) { + case PAM_MODUTIL_PIPE_FD: + if (redirect_out_pipe(pamh, fd, name) < 0) + return -1; + break; + case PAM_MODUTIL_NULL_FD: + if (redirect_out_null(pamh, fd, name) < 0) + return -1; + break; + case PAM_MODUTIL_IGNORE_FD: + break; + } + return fd; +} + +/* Closes all descriptors after stderr. */ +static void +close_fds(void) +{ + /* + * An arbitrary upper limit for the maximum file descriptor number + * returned by RLIMIT_NOFILE. + */ + const int MAX_FD_NO = 65535; + + /* The lower limit is the same as for _POSIX_OPEN_MAX. */ + const int MIN_FD_NO = 20; + + int fd; + struct rlimit rlim; + + if (getrlimit(RLIMIT_NOFILE, &rlim) || rlim.rlim_max > MAX_FD_NO) + fd = MAX_FD_NO; + else if (rlim.rlim_max < MIN_FD_NO) + fd = MIN_FD_NO; + else + fd = rlim.rlim_max - 1; + + for (; fd > STDERR_FILENO; --fd) + close(fd); +} + +int +pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, + enum pam_modutil_redirect_fd stdin_mode, + enum pam_modutil_redirect_fd stdout_mode, + enum pam_modutil_redirect_fd stderr_mode) +{ + if (stdin_mode != PAM_MODUTIL_IGNORE_FD && + redirect_in_pipe(pamh, STDIN_FILENO, "stdin") < 0) { + return -1; + } + + if (redirect_out(pamh, stdout_mode, STDOUT_FILENO, "stdout") < 0) + return -1; + + /* + * If stderr should not be ignored and + * redirect mode for stdout and stderr are the same, + * optimize by redirecting stderr to stdout. + */ + if (stderr_mode != PAM_MODUTIL_IGNORE_FD && + stdout_mode == stderr_mode) { + if (dup2(STDOUT_FILENO, STDERR_FILENO) != STDERR_FILENO) { + pam_syslog(pamh, LOG_ERR, + "dup2 of %s failed: %m", "stderr"); + return -1; + } + } else { + if (redirect_out(pamh, stderr_mode, STDERR_FILENO, "stderr") < 0) + return -1; + } + + close_fds(); + return 0; +} diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index b56e4b26..12c44444 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -302,6 +302,10 @@ call_exec (const char *pam_type, pam_handle_t *pamh, char **envlist, **tmp; int envlen, nitems; char *envstr; + enum pam_modutil_redirect_fd redirect_stdin = + expose_authtok ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_PIPE_FD; + enum pam_modutil_redirect_fd redirect_stdout = + (use_stdout || logfile) ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_NULL_FD; /* First, move all the pipes off of stdin, stdout, and stderr, to ensure * that calls to dup2 won't close them. */ @@ -330,18 +334,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh, _exit (err); } } - else - { - close (STDIN_FILENO); - - /* New stdin. */ - if ((i = open ("/dev/null", O_RDWR)) < 0) - { - int err = errno; - pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - _exit (err); - } - } /* Set up stdout. */ @@ -374,26 +366,18 @@ call_exec (const char *pam_type, pam_handle_t *pamh, free (buffer); } } - else - { - close (STDOUT_FILENO); - if ((i = open ("/dev/null", O_RDWR)) < 0) - { - int err = errno; - pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - _exit (err); - } - } - if (dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) + if ((use_stdout || logfile) && + dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); _exit (err); } - for (i = 3; i < sysconf (_SC_OPEN_MAX); i++) - close (i); + if (pam_modutil_sanitize_helper_fds(pamh, redirect_stdin, + redirect_stdout, redirect_stdout) < 0) + _exit(1); if (call_setuid) if (setuid (geteuid ()) == -1) diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index a867a738..c9220897 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -58,8 +58,6 @@ #include #include -#define MAX_FD_NO 10000 - /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ @@ -131,18 +129,13 @@ create_homedir (pam_handle_t *pamh, options_t *opt, /* fork */ child = fork(); if (child == 0) { - int i; - struct rlimit rlim; static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL, NULL }; - if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { - if (rlim.rlim_max >= MAX_FD_NO) - rlim.rlim_max = MAX_FD_NO; - for (i=0; i < (int)rlim.rlim_max; i++) { - close(i); - } - } + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD) < 0) + _exit(PAM_SYSTEM_ERR); /* exec the mkhomedir helper */ args[0] = MKHOMEDIR_HELPER; diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index dc505e73..27998451 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -98,24 +98,21 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, /* fork */ child = fork(); if (child == 0) { - int i=0; - struct rlimit rlim; static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL }; - /* reopen stdout as pipe */ - dup2(fds[1], STDOUT_FILENO); - /* XXX - should really tidy up PAM here too */ - if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - if (rlim.rlim_max >= MAX_FD_NO) - rlim.rlim_max = MAX_FD_NO; - for (i=0; i < (int)rlim.rlim_max; i++) { - if (i != STDOUT_FILENO) { - close(i); - } - } + /* reopen stdout as pipe */ + if (dup2(fds[1], STDOUT_FILENO) != STDOUT_FILENO) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); + _exit(PAM_AUTHINFO_UNAVAIL); + } + + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_IGNORE_FD, + PAM_MODUTIL_PIPE_FD) < 0) { + _exit(PAM_AUTHINFO_UNAVAIL); } if (geteuid() == 0) { diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 5f3a3db3..606071ea 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -201,8 +201,6 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* fork */ child = fork(); if (child == 0) { - int i=0; - struct rlimit rlim; static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; char buffer[16]; @@ -210,15 +208,15 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* XXX - should really tidy up PAM here too */ /* reopen stdin as pipe */ - dup2(fds[0], STDIN_FILENO); - - if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - if (rlim.rlim_max >= MAX_FD_NO) - rlim.rlim_max = MAX_FD_NO; - for (i=0; i < (int)rlim.rlim_max; i++) { - if (i != STDIN_FILENO) - close(i); - } + if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); + _exit(PAM_AUTHINFO_UNAVAIL); + } + + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, + PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD) < 0) { + _exit(PAM_AUTHINFO_UNAVAIL); } /* exec binary helper */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 3a849c81..fdb45c20 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -564,23 +564,21 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* fork */ child = fork(); if (child == 0) { - int i=0; - struct rlimit rlim; static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL }; /* XXX - should really tidy up PAM here too */ /* reopen stdin as pipe */ - dup2(fds[0], STDIN_FILENO); - - if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - if (rlim.rlim_max >= MAX_FD_NO) - rlim.rlim_max = MAX_FD_NO; - for (i=0; i < (int)rlim.rlim_max; i++) { - if (i != STDIN_FILENO) - close(i); - } + if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); + _exit(PAM_AUTHINFO_UNAVAIL); + } + + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, + PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD) < 0) { + _exit(PAM_AUTHINFO_UNAVAIL); } if (geteuid() == 0) { diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 6f5b2eb6..cd6ddb76 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -141,8 +141,6 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -#define MAX_FD_NO 2000000 - /* use this to free strings. ESPECIALLY password strings */ #define _pam_delete(xx) \ diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index c7ce55ab..2be43513 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -128,7 +128,6 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, /* We're the child. */ size_t j; const char *args[10]; - int maxopened; /* Drop privileges. */ if (setgid(gid) == -1) { @@ -150,19 +149,26 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, (unsigned long) geteuid ()); _exit (err); } - /* Initialize the argument list. */ - memset(args, 0, sizeof(args)); /* Set the pipe descriptors up as stdin and stdout, and close * everything else, including the original values for the * descriptors. */ - dup2(ipipe[0], STDIN_FILENO); - dup2(opipe[1], STDOUT_FILENO); - maxopened = (int)sysconf(_SC_OPEN_MAX); - for (i = 0; i < maxopened; i++) { - if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { - close(i); - } + if (dup2(ipipe[0], STDIN_FILENO) != STDIN_FILENO) { + int err = errno; + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); + _exit(err); } + if (dup2(opipe[1], STDOUT_FILENO) != STDOUT_FILENO) { + int err = errno; + pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); + _exit(err); + } + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, + PAM_MODUTIL_IGNORE_FD, + PAM_MODUTIL_NULL_FD) < 0) { + _exit(1); + } + /* Initialize the argument list. */ + memset(args, 0, sizeof(args)); /* Convert the varargs list into a regular array of strings. */ va_start(ap, command); args[0] = command; -- cgit v1.2.3 From 8bb171506fc2579669fd86bd29885f256e26ccb0 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 17 Feb 2016 14:21:41 +0100 Subject: pam_unix: Add no_pass_expiry option to ignore password expiration. * modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry is on and return value data is not set to PAM_SUCCESS then ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the return value data. (pam_sm_setcred): Test for likeauth option and use the return value data only if set. * modules/pam_unix/support.h: Add the no_pass_expiry option. --- modules/pam_unix/pam_unix.8.xml | 19 +++++++++++++++++++ modules/pam_unix/pam_unix_acct.c | 13 +++++++++++++ modules/pam_unix/pam_unix_auth.c | 20 +++++++++++--------- modules/pam_unix/support.h | 6 ++++-- 4 files changed, 47 insertions(+), 11 deletions(-) (limited to 'modules/pam_unix/pam_unix_acct.c') diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index a8b64bb5..6d8e4ba0 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -364,6 +364,25 @@ + + + + + + + When set ignore password expiration as defined by the + shadow entry of the user. The option has an + effect only in case pam_unix was not used + for the authentication or it returned authentication failure + meaning that other authentication source or method succeeded. + The example can be public key authentication in + sshd. The module will return + PAM_SUCCESS instead of eventual + PAM_NEW_AUTHTOK_REQD or + PAM_AUTHTOK_EXPIRED. + + + Invalid arguments are logged with diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 27998451..f8b39c91 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -235,6 +235,19 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) } else retval = check_shadow_expiry(pamh, spent, &daysleft); + if (on(UNIX_NO_PASS_EXPIRY, ctrl)) { + const void *pretval = NULL; + int authrv = PAM_AUTHINFO_UNAVAIL; /* authentication not called */ + + if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS + && pretval) + authrv = *(const int *)pretval; + + if (authrv != PAM_SUCCESS + && (retval == PAM_NEW_AUTHTOK_REQD || retval == PAM_AUTHTOK_EXPIRED)) + retval = PAM_SUCCESS; + } + switch (retval) { case PAM_ACCT_EXPIRED: pam_syslog(pamh, LOG_NOTICE, diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 44573e6c..9a547b3a 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -82,14 +82,13 @@ #define AUTH_RETURN \ do { \ - if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) { \ + if (ret_data) { \ D(("recording return code for next time [%d]", \ retval)); \ *ret_data = retval; \ pam_set_data(pamh, "unix_setcred_return", \ (void *) ret_data, setcred_free); \ - } else if (ret_data) \ - free (ret_data); \ + } \ D(("done. [%s]", pam_strerror(pamh, retval))); \ return retval; \ } while (0) @@ -115,9 +114,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); /* Get a few bytes so we can pass our return value to - pam_sm_setcred(). */ - if (on(UNIX_LIKE_AUTH, ctrl)) - ret_data = malloc(sizeof(int)); + pam_sm_setcred() and pam_sm_acct_mgmt(). */ + ret_data = malloc(sizeof(int)); /* get the user'name' */ @@ -194,20 +192,24 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) */ int -pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) +pam_sm_setcred (pam_handle_t *pamh, int flags, + int argc, const char **argv) { int retval; const void *pretval = NULL; + unsigned int ctrl; D(("called.")); + ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); + retval = PAM_SUCCESS; D(("recovering return code from auth call")); /* We will only find something here if UNIX_LIKE_AUTH is set -- don't worry about an explicit check of argv. */ - if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS + if (on(UNIX_LIKE_AUTH, ctrl) + && pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS && pretval) { retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 3729ce0c..b767c265 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -98,9 +98,10 @@ typedef struct { #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ #define UNIX_QUIET 28 /* Don't print informational messages */ -#define UNIX_DES 29 /* DES, default */ +#define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ +#define UNIX_DES 30 /* DES, default */ /* -------------- */ -#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) @@ -138,6 +139,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, }; -- cgit v1.2.3 From a684595c0bbd88df71285f43fb27630e3829121e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 29 Mar 2016 14:14:03 +0200 Subject: Remove "--enable-static-modules" option and support from Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part. --- configure.ac | 19 +--- doc/man/pam_sm_acct_mgmt.3.xml | 2 +- doc/man/pam_sm_authenticate.3.xml | 2 +- doc/man/pam_sm_chauthtok.3.xml | 2 +- doc/man/pam_sm_close_session.3.xml | 2 +- doc/man/pam_sm_open_session.3.xml | 2 +- doc/man/pam_sm_setcred.3.xml | 2 +- libpam/Makefile.am | 9 +- libpam/include/security/pam_modules.h | 78 +++-------------- libpam/pam_dynamic.c | 3 - libpam/pam_handlers.c | 53 +----------- libpam/pam_private.h | 12 --- libpam/pam_static.c | 127 --------------------------- libpam/pam_static_modules.h | 148 -------------------------------- modules/pam_access/pam_access.c | 27 ++---- modules/pam_cracklib/pam_cracklib.c | 17 +--- modules/pam_debug/pam_debug.c | 22 ----- modules/pam_deny/pam_deny.c | 25 ++---- modules/pam_echo/pam_echo.c | 15 ---- modules/pam_env/pam_env.c | 28 ++---- modules/pam_exec/pam_exec.c | 24 ++---- modules/pam_faildelay/pam_faildelay.c | 19 ---- modules/pam_filter/pam_filter.c | 40 +++------ modules/pam_ftp/pam_ftp.c | 21 +---- modules/pam_group/pam_group.c | 19 +--- modules/pam_issue/pam_issue.c | 20 +---- modules/pam_keyinit/pam_keyinit.c | 16 ---- modules/pam_lastlog/pam_lastlog.c | 26 ++---- modules/pam_limits/pam_limits.c | 19 +--- modules/pam_listfile/pam_listfile.c | 30 ++----- modules/pam_localuser/pam_localuser.c | 28 ++---- modules/pam_loginuid/pam_loginuid.c | 19 +--- modules/pam_mail/pam_mail.c | 21 +---- modules/pam_mkhomedir/pam_mkhomedir.c | 18 +--- modules/pam_motd/pam_motd.c | 20 +---- modules/pam_namespace/pam_namespace.c | 19 +--- modules/pam_nologin/pam_nologin.c | 23 +---- modules/pam_permit/pam_permit.c | 28 ++---- modules/pam_pwhistory/pam_pwhistory.c | 15 +--- modules/pam_rhosts/pam_rhosts.c | 19 +--- modules/pam_rootok/pam_rootok.c | 24 +----- modules/pam_securetty/pam_securetty.c | 22 +---- modules/pam_selinux/pam_selinux.c | 8 +- modules/pam_sepermit/pam_sepermit.c | 20 +---- modules/pam_shells/pam_shells.c | 19 ---- modules/pam_stress/pam_stress.c | 22 ----- modules/pam_succeed_if/pam_succeed_if.c | 25 ++---- modules/pam_tally/pam_tally.c | 33 +------ modules/pam_tally2/pam_tally2.c | 33 +------ modules/pam_time/pam_time.c | 17 +--- modules/pam_timestamp/pam_timestamp.c | 23 +---- modules/pam_tty_audit/pam_tty_audit.c | 13 --- modules/pam_umask/pam_umask.c | 20 +---- modules/pam_unix/Makefile.am | 6 +- modules/pam_unix/pam_unix_acct.c | 6 +- modules/pam_unix/pam_unix_auth.c | 6 +- modules/pam_unix/pam_unix_passwd.c | 6 +- modules/pam_unix/pam_unix_sess.c | 6 +- modules/pam_unix/pam_unix_static.c | 23 ----- modules/pam_unix/pam_unix_static.h | 6 -- modules/pam_userdb/pam_userdb.c | 23 +---- modules/pam_warn/pam_warn.c | 25 +----- modules/pam_wheel/pam_wheel.c | 22 +---- modules/pam_xauth/pam_xauth.c | 13 --- po/POTFILES.in | 1 - tests/tst-dlopen.c | 4 - 66 files changed, 152 insertions(+), 1313 deletions(-) delete mode 100644 libpam/pam_static.c delete mode 100644 libpam/pam_static_modules.h delete mode 100644 modules/pam_unix/pam_unix_static.c delete mode 100644 modules/pam_unix/pam_unix_static.h (limited to 'modules/pam_unix/pam_unix_acct.c') diff --git a/configure.ac b/configure.ac index a20c5022..534194d4 100644 --- a/configure.ac +++ b/configure.ac @@ -61,23 +61,8 @@ dnl This should be called before any macros that run the C compiler. AC_USE_SYSTEM_EXTENSIONS LT_INIT([disable-static]) - -dnl -dnl check if we should link everything static into libpam -dnl -AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules], - [do not make the modules dynamically loadable]), - STATIC_MODULES=$enableval,STATIC_MODULES=no) -if test "$STATIC_MODULES" != "no" ; then - CFLAGS="$CFLAGS -DPAM_STATIC" - AC_ENABLE_STATIC([yes]) - AC_ENABLE_SHARED([no]) -else -# per default don't build static libraries - AC_ENABLE_STATIC([no]) - AC_ENABLE_SHARED([yes]) -fi -AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) +AC_ENABLE_STATIC([no]) +AC_ENABLE_SHARED([yes]) dnl Checks for programs. AC_PROG_CC diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml index 35aa28a8..ff998676 100644 --- a/doc/man/pam_sm_acct_mgmt.3.xml +++ b/doc/man/pam_sm_acct_mgmt.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_acct_mgmt + int pam_sm_acct_mgmt pam_handle_t *pamh int flags int argc diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml index 9121aed2..42997265 100644 --- a/doc/man/pam_sm_authenticate.3.xml +++ b/doc/man/pam_sm_authenticate.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_AUTH #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_authenticate + int pam_sm_authenticate pam_handle_t *pamh int flags int argc diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml index d6d3093c..d8f36d69 100644 --- a/doc/man/pam_sm_chauthtok.3.xml +++ b/doc/man/pam_sm_chauthtok.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_PASSWORD #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_chauthtok + int pam_sm_chauthtok pam_handle_t *pamh int flags int argc diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml index f2e67185..db579ffa 100644 --- a/doc/man/pam_sm_close_session.3.xml +++ b/doc/man/pam_sm_close_session.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_SESSION #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_close_session + int pam_sm_close_session pam_handle_t *pamh int flags int argc diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml index 0851c345..0c9ec77f 100644 --- a/doc/man/pam_sm_open_session.3.xml +++ b/doc/man/pam_sm_open_session.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_SESSION #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_open_session + int pam_sm_open_session pam_handle_t *pamh int flags int argc diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml index e557000c..5cfe899f 100644 --- a/doc/man/pam_sm_setcred.3.xml +++ b/doc/man/pam_sm_setcred.3.xml @@ -20,7 +20,7 @@ #define PAM_SM_AUTH #include <security/pam_modules.h> - PAM_EXTERN int pam_sm_setcred + int pam_sm_setcred pam_handle_t *pamh int flags int argc diff --git a/libpam/Makefile.am b/libpam/Makefile.am index ac2a1fbf..04a8df0f 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -18,16 +18,11 @@ include_HEADERS = include/security/_pam_compat.h \ include/security/pam_ext.h include/security/pam_modutil.h noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h pam_static_modules.h + pam_modutil_private.h libpam_la_LDFLAGS = -no-undefined -version-info 84:1:84 libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ -if STATIC_MODULES - libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ - @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil - AM_CFLAGS += $(NIS_CFLAGS) -endif if HAVE_VERSIONING libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map endif @@ -38,7 +33,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ pam_handlers.c pam_item.c \ pam_misc.c pam_password.c pam_prelude.c \ - pam_session.c pam_start.c pam_static.c pam_strerror.c \ + pam_session.c pam_start.c pam_strerror.c \ pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h index 5c516c4e..37568e99 100644 --- a/libpam/include/security/pam_modules.h +++ b/libpam/include/security/pam_modules.h @@ -30,80 +30,26 @@ pam_get_data(const pam_handle_t *pamh, const char *module_data_name, extern int PAM_NONNULL((1,2)) pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); -#ifdef PAM_STATIC - -#define PAM_EXTERN static - -struct pam_module { - const char *name; /* Name of the module */ - - /* These are function pointers to the module's key functions. */ - - int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, - int argc, const char **argv); - int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, - int argc, const char **argv); -}; - -#else /* !PAM_STATIC */ - -#define PAM_EXTERN extern - -#endif /* PAM_STATIC */ - -/* Lots of files include pam_modules.h that don't need these - * declared. However, when they are declared static, they - * need to be defined later. So we have to protect C files - * that include these without wanting these functions defined.. */ - -#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) - /* Authentication API's */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv); -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) +int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv); +int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv); /* Account Management API's */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv); /* Session Management API's */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv); +int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv); -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) - || !defined(PAM_STATIC)*/ - -#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) +int pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char **argv); /* Password Management API's */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv); - -#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) - || !defined(PAM_STATIC)*/ +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char **argv); /* The following two flags are for use across the Linux-PAM/module * interface only. The Application is not permitted to use these diff --git a/libpam/pam_dynamic.c b/libpam/pam_dynamic.c index e1155e50..50bfd792 100644 --- a/libpam/pam_dynamic.c +++ b/libpam/pam_dynamic.c @@ -33,8 +33,6 @@ #include "pam_private.h" -#ifndef PAM_STATIC - #ifdef PAM_SHL # include #elif defined(PAM_DYLD) @@ -139,4 +137,3 @@ _pam_dlerror (void) #endif } -#endif diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index bc3fd9d8..91cccadc 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -665,9 +665,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) { int x = 0; int success; -#ifndef PAM_STATIC char *mod_full_isa_path=NULL, *isa=NULL; -#endif struct loaded_module *mod; D(("_pam_load_module: loading module `%s'", mod_path)); @@ -701,27 +699,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) /* Be pessimistic... */ success = PAM_ABORT; -#ifdef PAM_STATIC - /* Only load static function if function was not found dynamically. - * This code should work even if no dynamic loading is available. */ - if (success != PAM_SUCCESS) { - D(("_pam_load_module: open static handler %s", mod_path)); - mod->dl_handle = _pam_open_static_handler(pamh, mod_path); - if (mod->dl_handle == NULL) { - D(("_pam_load_module: unable to find static handler %s", - mod_path)); - if (handler_type != PAM_HT_SILENT_MODULE) - pam_syslog(pamh, LOG_ERR, - "unable to open static handler %s", mod_path); - /* Didn't find module in dynamic or static..will mark bad */ - } else { - D(("static module added successfully")); - success = PAM_SUCCESS; - mod->type = PAM_MT_STATIC_MOD; - pamh->handlers.modules_used++; - } - } -#else D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); mod->dl_handle = _pam_dlopen(mod_path); D(("_pam_load_module: _pam_dlopen'ed")); @@ -758,7 +735,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) mod->type = PAM_MT_DYNAMIC_MOD; pamh->handlers.modules_used++; } -#endif if (success != PAM_SUCCESS) { /* add a malformed module */ mod->dl_handle = NULL; @@ -869,16 +845,8 @@ int _pam_add_handler(pam_handle_t *pamh } /* are the modules reliable? */ - if ( -#ifdef PAM_STATIC - mod_type != PAM_MT_STATIC_MOD - && -#else - mod_type != PAM_MT_DYNAMIC_MOD - && -#endif - mod_type != PAM_MT_FAULTY_MOD - ) { + if (mod_type != PAM_MT_DYNAMIC_MOD && + mod_type != PAM_MT_FAULTY_MOD) { D(("_pam_add_handlers: illegal module library type; %d", mod_type)); pam_syslog(pamh, LOG_ERR, "internal error: module library type not known: %s;%d", @@ -888,30 +856,15 @@ int _pam_add_handler(pam_handle_t *pamh /* now identify this module's functions - for non-faulty modules */ -#ifdef PAM_STATIC - if ((mod_type == PAM_MT_STATIC_MOD) && - (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { - pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); - } -#else if ((mod_type == PAM_MT_DYNAMIC_MOD) && !(func = _pam_dlsym(mod->dl_handle, sym)) ) { pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); } -#endif if (sym2) { -#ifdef PAM_STATIC - if ((mod_type == PAM_MT_STATIC_MOD) && - (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) - == NULL) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); - } -#else if ((mod_type == PAM_MT_DYNAMIC_MOD) && !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); } -#endif } /* here func (and perhaps func2) point to the appropriate functions */ @@ -994,11 +947,9 @@ int _pam_free_handlers(pam_handle_t *pamh) while (pamh->handlers.modules_used) { D(("_pam_free_handlers: dlclose(%s)", mod->name)); free(mod->name); -#ifndef PAM_STATIC if (mod->type == PAM_MT_DYNAMIC_MOD) { _pam_dlclose(mod->dl_handle); } -#endif mod++; pamh->handlers.modules_used--; } diff --git a/libpam/pam_private.h b/libpam/pam_private.h index 11382774..7ff9f758 100644 --- a/libpam/pam_private.h +++ b/libpam/pam_private.h @@ -241,22 +241,10 @@ void _pam_await_timer(pam_handle_t *pamh, int status); typedef void (*voidfunc(void))(void); typedef int (*servicefn)(pam_handle_t *, int, int, char **); -#ifdef PAM_STATIC -/* The next two in ../modules/_pam_static/pam_static.c */ - -/* Return pointer to data structure used to define a static module */ -struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, - const char *path); - -/* Return pointer to function requested from static module */ - -voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); -#else void *_pam_dlopen (const char *mod_path); servicefn _pam_dlsym (void *handle, const char *symbol); void _pam_dlclose (void *handle); const char *_pam_dlerror (void); -#endif /* For now we just use a stack and linear search for module data. */ /* If it becomes apparent that there is a lot of data, it should */ diff --git a/libpam/pam_static.c b/libpam/pam_static.c deleted file mode 100644 index 511026d4..00000000 --- a/libpam/pam_static.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * pam_static.c -- static module loading helper functions - * - * created by Michael K. Johnson, johnsonm@redhat.com - */ - -/* This whole file is only used for PAM_STATIC */ - -#ifdef PAM_STATIC - -#include -#include -#include - -#include "pam_private.h" - -#include "pam_static_modules.h" - -/* - * and now for the functions - */ - -/* Return pointer to data structure used to define a static module */ -struct pam_module * -_pam_open_static_handler (pam_handle_t *pamh, const char *path) -{ - int i; - const char *clpath = path; - char *lpath, *end; - - if (strchr(clpath, '/')) { - /* ignore path and leading "/" */ - clpath = strrchr(path, '/') + 1; - } - /* create copy to muck with (must free before return) */ - lpath = _pam_strdup(clpath); - /* chop .so off copy if it exists (or other extension on other - platform...) */ - end = strstr(lpath, ".so"); - if (end) { - *end = '\0'; - } - - /* now go find the module */ - for (i = 0; static_modules[i] != NULL; i++) { - D(("%s=?%s\n", lpath, static_modules[i]->name)); - if (static_modules[i]->name && - ! strcmp(static_modules[i]->name, lpath)) { - break; - } - } - - if (static_modules[i] == NULL) { - pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); - } - - free(lpath); - return (static_modules[i]); -} - -/* Return pointer to function requested from static module - * Can't just return void *, because ANSI C disallows casting a - * pointer to a function to a void *... - * This definition means: - * _pam_get_static_sym is a function taking two arguments and - * returning a pointer to a function which takes no arguments - * and returns void... */ -voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { - - if (! strcmp(symname, "pam_sm_authenticate")) { - return ((voidfunc *)mod->pam_sm_authenticate); - } else if (! strcmp(symname, "pam_sm_setcred")) { - return ((voidfunc *)mod->pam_sm_setcred); - } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { - return ((voidfunc *)mod->pam_sm_acct_mgmt); - } else if (! strcmp(symname, "pam_sm_open_session")) { - return ((voidfunc *)mod->pam_sm_open_session); - } else if (! strcmp(symname, "pam_sm_close_session")) { - return ((voidfunc *)mod->pam_sm_close_session); - } else if (! strcmp(symname, "pam_sm_chauthtok")) { - return ((voidfunc *)mod->pam_sm_chauthtok); - } - /* getting to this point is an error */ - return ((voidfunc *)NULL); -} - -#else /* ! PAM_STATIC */ - -typedef int blarg; - -#endif /* ! PAM_STATIC */ - -/* - * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson - * All rights reserved - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/libpam/pam_static_modules.h b/libpam/pam_static_modules.h deleted file mode 100644 index 698989bd..00000000 --- a/libpam/pam_static_modules.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* Pointers to static module data. */ - -extern struct pam_module _pam_access_modstruct; -extern struct pam_module _pam_cracklib_modstruct; -extern struct pam_module _pam_debug_modstruct; -extern struct pam_module _pam_deny_modstruct; -extern struct pam_module _pam_echo_modstruct; -extern struct pam_module _pam_env_modstruct; -extern struct pam_module _pam_exec_modstruct; -extern struct pam_module _pam_faildelay_modstruct; -extern struct pam_module _pam_filter_modstruct; -extern struct pam_module _pam_ftp_modstruct; -extern struct pam_module _pam_group_modstruct; -extern struct pam_module _pam_issue_modstruct; -#ifdef HAVE_KEY_MANAGEMENT -extern struct pam_module _pam_keyinit_modstruct; -#endif -extern struct pam_module _pam_lastlog_modstruct; -extern struct pam_module _pam_limits_modstruct; -extern struct pam_module _pam_listfile_modstruct; -extern struct pam_module _pam_localuser_modstruct; -extern struct pam_module _pam_loginuid_modstruct; -extern struct pam_module _pam_mail_modstruct; -extern struct pam_module _pam_mkhomedir_modstruct; -extern struct pam_module _pam_motd_modstruct; -#ifdef HAVE_UNSHARE -extern struct pam_module _pam_namespace_modstruct; -#endif -extern struct pam_module _pam_nologin_modstruct; -extern struct pam_module _pam_permit_modstruct; -extern struct pam_module _pam_pwhistory_modstruct; -extern struct pam_module _pam_rhosts_modstruct; -extern struct pam_module _pam_rootok_modstruct; -extern struct pam_module _pam_securetty_modstruct; -#ifdef WITH_SELINUX -extern struct pam_module _pam_selinux_modstruct; -extern struct pam_module _pam_sepermit_modstruct; -#endif -extern struct pam_module _pam_shells_modstruct; -extern struct pam_module _pam_stress_modstruct; -extern struct pam_module _pam_succeed_if_modstruct; -extern struct pam_module _pam_tally_modstruct; -extern struct pam_module _pam_tally2_modstruct; -extern struct pam_module _pam_time_modstruct; -extern struct pam_module _pam_timestamp_modstruct; -#ifdef HAVE_AUDIT_TTY_STATUS -extern struct pam_module _pam_tty_audit_modstruct; -#endif -extern struct pam_module _pam_umask_modstruct; -extern struct pam_module _pam_unix_modstruct; -extern struct pam_module _pam_userdb_modstruct; -extern struct pam_module _pam_warn_modstruct; -extern struct pam_module _pam_wheel_modstruct; -extern struct pam_module _pam_xauth_modstruct; - -/* and here is a structure that connects libpam to the above static - modules. */ - -static struct pam_module *static_modules[] = { - &_pam_access_modstruct, -#ifdef HAVE_LIBCRACK - &_pam_cracklib_modstruct, -#endif - &_pam_debug_modstruct, - &_pam_deny_modstruct, - &_pam_echo_modstruct, - &_pam_env_modstruct, - &_pam_exec_modstruct, - &_pam_faildelay_modstruct, - &_pam_filter_modstruct, - &_pam_ftp_modstruct, - &_pam_group_modstruct, - &_pam_issue_modstruct, -#ifdef HAVE_KEY_MANAGEMENT - &_pam_keyinit_modstruct, -#endif - &_pam_lastlog_modstruct, - &_pam_limits_modstruct, - &_pam_listfile_modstruct, - &_pam_localuser_modstruct, - &_pam_loginuid_modstruct, - &_pam_mail_modstruct, - &_pam_mkhomedir_modstruct, - &_pam_motd_modstruct, -#ifdef HAVE_UNSHARE - &_pam_namespace_modstruct, -#endif - &_pam_nologin_modstruct, - &_pam_permit_modstruct, - &_pam_pwhistory_modstruct, - &_pam_rhosts_modstruct, - &_pam_rootok_modstruct, - &_pam_securetty_modstruct, -#ifdef WITH_SELINUX - &_pam_selinux_modstruct, - &_pam_sepermit_modstruct, -#endif - &_pam_shells_modstruct, - &_pam_stress_modstruct, - &_pam_succeed_if_modstruct, - &_pam_tally_modstruct, - &_pam_tally2_modstruct, - &_pam_time_modstruct, - &_pam_timestamp_modstruct, -#ifdef HAVE_AUDIT_TTY_STATUS - &_pam_tty_audit_modstruct, -#endif - &_pam_umask_modstruct, - &_pam_unix_modstruct, - &_pam_userdb_modstruct, - &_pam_warn_modstruct, - &_pam_wheel_modstruct, - &_pam_xauth_modstruct, - NULL -}; diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index d4c847a0..3ac1ad00 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -792,7 +792,7 @@ network_netmask_match (pam_handle_t *pamh, /* --- public PAM management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -904,35 +904,35 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate (pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -940,18 +940,3 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, } /* end of module definition */ - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_access_modstruct = { - "pam_access", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; -#endif diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 5eefd0ba..16549319 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -728,8 +728,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, /* The Main Thing (by Cristian Gafton, CEO at this module :-) * (stolen from http://home.netscape.com) */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) +int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; struct cracklib_options options; @@ -858,19 +858,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -#ifdef PAM_STATIC -/* static module data */ -struct pam_module _pam_cracklib_modstruct = { - "pam_cracklib", - NULL, - NULL, - NULL, - NULL, - NULL, - pam_sm_chauthtok -}; -#endif - /* * Copyright (c) Cristian Gafton , 1996. * All rights reserved diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c index a65d1bf2..9b68d382 100644 --- a/modules/pam_debug/pam_debug.c +++ b/modules/pam_debug/pam_debug.c @@ -75,7 +75,6 @@ static int parse_args(int retval, const char *event, return retval; } -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -103,7 +102,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return retval; } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -112,7 +110,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, /* --- account management functions --- */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -121,7 +118,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /* --- password management --- */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -134,14 +130,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, /* --- session management --- */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv); } -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -149,19 +143,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, } /* end of module definition */ - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_debug_modstruct = { - "pam_debug", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c index 544c5bdb..155a1f5d 100644 --- a/modules/pam_deny/pam_deny.c +++ b/modules/pam_deny/pam_deny.c @@ -25,14 +25,14 @@ /* --- authentication management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_AUTH_ERR; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -41,7 +41,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- account management functions --- */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -50,7 +50,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- password management --- */ -PAM_EXTERN int +int pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -59,14 +59,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- session management --- */ -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SESSION_ERR; } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -74,16 +74,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, } /* end of module definition */ - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_deny_modstruct = { - "pam_deny", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; -#endif diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c index d0879fbf..860ff0af 100644 --- a/modules/pam_echo/pam_echo.c +++ b/modules/pam_echo/pam_echo.c @@ -262,18 +262,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, return PAM_IGNORE; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_echo_modstruct = { - "pam_echo", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 1bfdf089..0b8002f8 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -768,7 +768,7 @@ static void _clean_var(VAR *var) /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -839,7 +839,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) return retval; } -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -847,7 +847,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SERVICE_ERR; } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -855,7 +855,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, return handle_env (pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -863,7 +863,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return handle_env (pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -871,7 +871,7 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -879,20 +879,4 @@ pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SERVICE_ERR; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_env_modstruct = { - "pam_env", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 17ba6ca2..0ab65489 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -467,14 +467,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh, return PAM_SYSTEM_ERR; /* will never be reached. */ } -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("auth", pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -483,7 +483,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, /* password updating functions */ -PAM_EXTERN int +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -492,35 +492,23 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, return call_exec ("password", pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("account", pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("open_session", pamh, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("close_session", pamh, argc, argv); } - -#ifdef PAM_STATIC -struct pam_module _pam_exec_modstruct = { - "pam_exec", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; -#endif diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c index 072b7dd3..7ea8f837 100644 --- a/modules/pam_faildelay/pam_faildelay.c +++ b/modules/pam_faildelay/pam_faildelay.c @@ -152,7 +152,6 @@ search_key (const char *filename) /* --- authentication management functions (only) --- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -204,28 +203,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return i; } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_faildelay_modstruct = { - "pam_faildelay", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 9935d994..6e6a0cf7 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -663,23 +663,23 @@ static int need_a_filter(pam_handle_t *pamh /* ------------------ authentication ----------------- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh - , int flags, int argc, const char **argv) +int pam_sm_authenticate(pam_handle_t *pamh, + int flags, int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "authenticate", FILTER_RUN1); } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags - , int argc, const char **argv) +int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2); } /* --------------- account management ---------------- */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - const char **argv) +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) { return need_a_filter(pamh, flags, argc, argv , "setcred", FILTER_RUN1|FILTER_RUN2 ); @@ -687,15 +687,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, /* --------------- session management ---------------- */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags - , int argc, const char **argv) +int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "open_session", FILTER_RUN1); } -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags - , int argc, const char **argv) +int pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "close_session", FILTER_RUN2); @@ -704,8 +704,8 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags /* --------- updating authentication tokens --------- */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags - , int argc, const char **argv) +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char **argv) { int runN; @@ -720,19 +720,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN); } - -#ifdef PAM_STATIC - -/* ------------ stuff for static modules ------------ */ - -struct pam_module _pam_filter_modstruct = { - "pam_filter", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 221d8f87..6b6cf2a0 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -111,7 +111,7 @@ static int lookup(const char *name, const char *list, const char **_user) /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -210,28 +210,11 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_ftp_modstruct = { - "pam_ftp", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index be5f20f3..da8237f1 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -739,14 +739,14 @@ static int check_account(pam_handle_t *pamh, const char *service, /* --- public authentication management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -817,18 +817,3 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, } /* end of module definition */ - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_group_modstruct = { - "pam_group", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL -}; -#endif diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 060baada..5b5ee416 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -42,7 +42,7 @@ static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -120,7 +120,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -291,20 +291,4 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_issue_modstruct = { - "pam_issue", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index f82eead2..5dd7b06b 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -165,7 +165,6 @@ static void kill_keyrings(pam_handle_t *pamh) /* * open a PAM session by making sure there's a session keyring */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -238,7 +237,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, /* * close a PAM session by revoking the session keyring if requested */ -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -253,17 +251,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_keyinit_modstruct = { - "pam_keyinit", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 76a33e41..1e2f08d2 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -566,7 +566,7 @@ cleanup: } /* --- authentication (locking out inactive users) functions --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -636,14 +636,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, /* --- session management functions --- */ -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -702,7 +702,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, return retval; } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -719,20 +719,4 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_lastlog_modstruct = { - "pam_lastlog", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index eabc8567..d63c683e 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -1002,7 +1002,7 @@ static int setup_limits(pam_handle_t *pamh, } /* now the session stuff */ -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -1096,7 +1096,7 @@ out: return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -1104,21 +1104,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_limits_modstruct = { - "pam_limits", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif - /* * Copyright (c) Cristian Gafton, 1996-1997, * All rights reserved. diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index 2af2afd8..c2364065 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -53,7 +53,7 @@ #define LESSER(a, b) ((a) < (b) ? (a) : (b)) -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -370,55 +370,37 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_listfile_modstruct = { - "pam_listfile", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif /* PAM_STATIC */ - -/* end of module definition */ diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index aa43bc4c..e32ea6d7 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -55,7 +55,7 @@ #define MODULE_NAME "pam_localuser" -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -123,52 +123,36 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return ret; } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_localuser_modstruct = { - "pam_localuser", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 9a1589e5..96bfd98e 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -247,34 +247,21 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, * * This is here for vsftpd which doesn't seem to run the session stack */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return _pam_loginuid(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return _pam_loginuid(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_loginuid_modstruct = { - "pam_loginuid", - NULL, - NULL, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index f5ba1733..0022f6d6 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -338,7 +338,7 @@ static int _do_mail(pam_handle_t *, int, int, const char **, int); /* --- authentication functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -346,7 +346,6 @@ pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, } /* Checking mail as part of authentication */ -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -357,7 +356,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, /* --- session management functions --- */ -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc ,const char **argv) { @@ -365,7 +363,6 @@ int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc } /* Checking mail as part of the session management */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -475,20 +472,4 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, return retval; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_mail_modstruct = { - "pam_mail", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index c9220897..daed63ae 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -183,7 +183,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -227,25 +227,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, } /* Ignore */ -PAM_EXTERN int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ -struct pam_module _pam_mkhomedir_modstruct = -{ - "pam_mkhomedir", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; - -#endif diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index ff9b1690..11c7b565 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -39,7 +39,7 @@ /* --- session management functions (only) --- */ -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -48,7 +48,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, static char default_motd[] = DEFAULT_MOTD; -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -110,21 +109,4 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, return retval; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_motd_modstruct = { - "pam_motd", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 92883f56..d02ea09e 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -2008,7 +2008,7 @@ static int get_user_data(struct instance_data *idata) /* * Entry point from pam_open_session call. */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, +int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, retval; @@ -2104,7 +2104,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, /* * Entry point from pam_close_session call. */ -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, +int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, retval; @@ -2183,18 +2183,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_namespace_modstruct = { - "pam_namespace", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index f047c324..9fd91fdb 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -135,7 +135,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) /* --- authentication management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -146,7 +146,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return perform_check(pamh, &opts); } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc, const char **argv) { @@ -159,7 +159,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- account management function --- */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -170,21 +170,4 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, return perform_check(pamh, &opts); } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_nologin_modstruct = { - "pam_nologin", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; - -#endif /* PAM_STATIC */ - /* end of module definition */ diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c index e4539b03..c773087a 100644 --- a/modules/pam_permit/pam_permit.c +++ b/modules/pam_permit/pam_permit.c @@ -30,7 +30,7 @@ /* --- authentication management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -56,7 +56,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -65,7 +65,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- account management functions --- */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -74,7 +74,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- password management --- */ -PAM_EXTERN int +int pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -83,14 +83,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- session management --- */ -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -98,19 +98,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, } /* end of module definition */ - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_permit_modstruct = { - "pam_permit", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 654edd39..0c07dc18 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -106,7 +106,7 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) /* This module saves the current crypted password in /etc/security/opasswd and then compares the new password with all entries in this file. */ -PAM_EXTERN int +int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { struct passwd *pwd; @@ -235,16 +235,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_SUCCESS; } - -#ifdef PAM_STATIC -/* static module data */ -struct pam_module _pam_pwhistory_modstruct = { - "pam_pwhistory", - NULL, - NULL, - NULL, - NULL, - NULL, - pam_sm_chauthtok -}; -#endif diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c index bc9e76f7..d6e70300 100644 --- a/modules/pam_rhosts/pam_rhosts.c +++ b/modules/pam_rhosts/pam_rhosts.c @@ -43,7 +43,6 @@ #include #include -PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -130,26 +129,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_rhosts_modstruct = { - "pam_rhosts", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; - -#endif diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 88bed0c9..17baabe4 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -135,7 +135,7 @@ check_for_root (pam_handle_t *pamh, int ctrl) /* --- management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -146,14 +146,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return check_for_root (pamh, ctrl); } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -164,7 +164,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, return check_for_root (pamh, ctrl); } -PAM_EXTERN int +int pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -175,20 +175,4 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, return check_for_root (pamh, ctrl); } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_rootok_modstruct = { - "pam_rootok", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - pam_sm_chauthtok, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 04741309..e279efac 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -235,7 +235,6 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, /* --- authentication management functions --- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -247,7 +246,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, return securetty_perform_check(pamh, ctrl, __FUNCTION__); } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -256,7 +255,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- account management functions --- */ -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -269,21 +268,4 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, return securetty_perform_check(pamh, ctrl, __FUNCTION__); } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_securetty_modstruct = { - "pam_securetty", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; - -#endif /* PAM_STATIC */ - /* end of module definition */ diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index b2a75e02..6daba1ed 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -757,7 +757,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, return set_context(pamh, data, debug, verbose); } -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -765,14 +765,14 @@ pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, return PAM_AUTH_ERR; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -813,7 +813,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, create_context(pamh, argc, argv, debug, verbose); } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index 8af1266a..0b90a39c 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -363,7 +363,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, return -1; } -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -430,31 +430,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return rv; } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_sepermit_modstruct = { - "pam_sepermit", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL -}; -#endif diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c index 68bd6074..c8acb9e2 100644 --- a/modules/pam_shells/pam_shells.c +++ b/modules/pam_shells/pam_shells.c @@ -104,14 +104,12 @@ static int perform_check(pam_handle_t *pamh) /* --- authentication management functions (only) --- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return perform_check(pamh); } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -120,27 +118,10 @@ int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, /* --- account management functions (only) --- */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return perform_check(pamh); } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_shells_modstruct = { - "pam_shells", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; - -#endif /* PAM_STATIC */ - /* end of module definition */ diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index c1695d7f..44c3a304 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -213,7 +213,6 @@ wipe_up (pam_handle_t *pamh UNUSED, void *data, int error UNUSED) free(data); } -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -281,7 +280,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, return retval; } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -299,7 +297,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, /* account management functions */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -334,7 +331,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -362,7 +358,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -390,7 +385,6 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -552,19 +546,3 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, return retval; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_stress_modstruct = { - "pam_stress", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; - -#endif diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index aa828fcc..c39b1cb1 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -400,7 +400,7 @@ evaluate(pam_handle_t *pamh, int debug, return PAM_SERVICE_ERR; } -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -544,46 +544,33 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return ret; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } -PAM_EXTERN int +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_succeed_if_modstruct = { - "pam_succeed_if", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok -}; -#endif diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index c7128857..66a515c2 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -615,7 +615,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) #ifdef PAM_SM_AUTH -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -649,7 +649,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -694,7 +694,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, /* To reset failcount of user on successfull login */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -733,33 +733,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, /*-----------------------------------------------------------------------*/ -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_tally_modstruct = { - MODULE_NAME, -#ifdef PAM_SM_AUTH - pam_sm_authenticate, - pam_sm_setcred, -#else - NULL, - NULL, -#endif -#ifdef PAM_SM_ACCOUNT - pam_sm_acct_mgmt, -#else - NULL, -#endif - NULL, - NULL, - NULL, -}; - -#endif /* #ifdef PAM_STATIC */ - -/*-----------------------------------------------------------------------*/ - #else /* #ifndef MAIN */ static const char *cline_filename = DEFAULT_LOGFILE; diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 9187cbfd..9f3bebeb 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -737,7 +737,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_ /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -770,7 +770,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return rv; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -810,7 +810,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, /* To reset failcount of user on successfull login */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -846,33 +846,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, /*-----------------------------------------------------------------------*/ -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_tally2_modstruct = { - MODULE_NAME, -#ifdef PAM_SM_AUTH - pam_sm_authenticate, - pam_sm_setcred, -#else - NULL, - NULL, -#endif -#ifdef PAM_SM_ACCOUNT - pam_sm_acct_mgmt, -#else - NULL, -#endif - NULL, - NULL, - NULL, -}; - -#endif /* #ifdef PAM_STATIC */ - -/*-----------------------------------------------------------------------*/ - #else /* #ifndef MAIN */ static const char *cline_filename = DEFAULT_LOGFILE; diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index c94737ca..75d08645 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -588,7 +588,7 @@ check_account(pam_handle_t *pamh, const char *service, /* --- public account management functions --- */ -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -663,18 +663,3 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, } /* end of module definition */ - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_time_modstruct = { - "pam_time", - NULL, - NULL, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL -}; -#endif diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 1bf0e84b..b18efdfd 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -357,7 +357,7 @@ verbose_success(pam_handle_t *pamh, long diff) pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); } -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { struct stat st; @@ -547,13 +547,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_AUTH_ERR; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { char path[BUFLEN], subdir[BUFLEN], *text, *p; @@ -670,27 +670,12 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -#ifdef PAM_STATIC -/* static module data */ - -struct pam_module _pam_timestamp_modstruct = { - "pam_timestamp", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif - - #else /* PAM_TIMESTAMP_MAIN */ #define USAGE "Usage: %s [[-k] | [-d]] [target user]\n" diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 6003f4e6..bce3ab77 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -360,16 +360,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, } return PAM_SUCCESS; } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_tty_audit_modstruct = { - "pam_tty_audit", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c index 863f0387..ab490645 100644 --- a/modules/pam_umask/pam_umask.c +++ b/modules/pam_umask/pam_umask.c @@ -249,7 +249,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options, } -PAM_EXTERN int +int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -297,27 +297,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return retval; } -PAM_EXTERN int +int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_umask_modstruct = { - "pam_umask", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am index 88e6125d..56df1782 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -34,8 +34,7 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ securelib_LTLIBRARIES = pam_unix.la -noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ - pam_unix_static.h +noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h sbin_PROGRAMS = unix_chkpwd unix_update @@ -44,9 +43,6 @@ noinst_PROGRAMS = bigcrypt pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c -if STATIC_MODULES -pam_unix_la_SOURCES += pam_unix_static.c -endif bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index f8b39c91..17a0890f 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -53,11 +53,7 @@ /* indicate that the following groups are defined */ -#ifdef PAM_STATIC -# include "pam_unix_static.h" -#else -# define PAM_SM_ACCOUNT -#endif +#define PAM_SM_ACCOUNT #include #include diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 9a547b3a..9f66c5d6 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -50,11 +50,7 @@ /* indicate the following groups are defined */ -#ifdef PAM_STATIC -# include "pam_unix_static.h" -#else -# define PAM_SM_AUTH -#endif +#define PAM_SM_AUTH #define _PAM_EXTERN_FUNCTIONS #include diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c2e5de5e..e3d32096 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -64,11 +64,7 @@ /* indicate the following groups are defined */ -#ifdef PAM_STATIC -# include "pam_unix_static.h" -#else -# define PAM_SM_PASSWORD -#endif +#define PAM_SM_PASSWORD #include #include diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 5d001816..dbc62983 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -49,11 +49,7 @@ /* indicate the following groups are defined */ -#ifdef PAM_STATIC -# include "pam_unix_static.h" -#else -# define PAM_SM_SESSION -#endif +#define PAM_SM_SESSION #include #include diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c deleted file mode 100644 index 160268c9..00000000 --- a/modules/pam_unix/pam_unix_static.c +++ /dev/null @@ -1,23 +0,0 @@ -#include "config.h" - -#ifdef PAM_STATIC - -#define static extern -#define PAM_SM_ACCOUNT -#define PAM_SM_AUTH -#define PAM_SM_PASSWORD -#define PAM_SM_SESSION -#include "pam_unix_static.h" -#include - -struct pam_module _pam_unix_modstruct = { - "pam_unix", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h deleted file mode 100644 index 39b05efe..00000000 --- a/modules/pam_unix/pam_unix_static.h +++ /dev/null @@ -1,6 +0,0 @@ -#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt -#define pam_sm_authenticate _pam_unix_sm_authenticate -#define pam_sm_setcred _pam_unix_sm_setcred -#define pam_sm_chauthtok _pam_unix_sm_chauthtok -#define pam_sm_open_session _pam_unix_sm_open_session -#define pam_sm_close_session _pam_unix_sm_close_session diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 8df1a40c..09ab8d33 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -334,7 +334,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, /* --- authentication management functions (only) --- */ -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -423,14 +423,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -475,23 +475,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } - -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_userdb_modstruct = { - "pam_userdb", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; - -#endif - /* * Copyright (c) Cristian Gafton , 1999 * All rights reserved diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c index a26c48d7..1d196ad3 100644 --- a/modules/pam_warn/pam_warn.c +++ b/modules/pam_warn/pam_warn.c @@ -54,7 +54,6 @@ static void log_items(pam_handle_t *pamh, const char *function, int flags) /* --- authentication management functions (only) --- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -62,7 +61,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -72,7 +70,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, /* password updating functions */ -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -80,7 +77,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -88,7 +85,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -96,7 +93,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc UNUSED, const char **argv UNUSED) { @@ -104,20 +101,4 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, return PAM_IGNORE; } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_warn_modstruct = { - "pam_warn", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - pam_sm_open_session, - pam_sm_close_session, - pam_sm_chauthtok, -}; - -#endif - /* end of module definition */ diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c index d7d8096e..6ea7b847 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -232,7 +232,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) /* --- authentication management functions --- */ -PAM_EXTERN int +int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -244,14 +244,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return perform_check(pamh, ctrl, use_group); } -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { @@ -263,22 +263,6 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, return perform_check(pamh, ctrl, use_group); } -#ifdef PAM_STATIC - -/* static module data */ - -struct pam_module _pam_wheel_modstruct = { - "pam_wheel", - pam_sm_authenticate, - pam_sm_setcred, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL -}; - -#endif /* PAM_STATIC */ - /* * Copyright (c) Cristian Gafton , 1996, 1997 * All rights reserved diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 2be43513..6778aa84 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -798,16 +798,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, return PAM_SUCCESS; } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_xauth_modstruct = { - "pam_xauth", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif diff --git a/po/POTFILES.in b/po/POTFILES.in index 76d9640c..fcec3d83 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -29,7 +29,6 @@ ./libpam/pam_prelude.c ./libpam/pam_session.c ./libpam/pam_start.c -./libpam/pam_static.c ./libpam/pam_strerror.c ./libpam/pam_syslog.c ./libpam/pam_vprompt.c diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c index 3000055c..70927163 100644 --- a/tests/tst-dlopen.c +++ b/tests/tst-dlopen.c @@ -19,9 +19,6 @@ /* Simple program to see if dlopen() would succeed. */ int main(int argc, char **argv) { -#ifdef PAM_STATIC - return 77; -#else int i; struct stat st; char buf[PATH_MAX]; @@ -43,5 +40,4 @@ int main(int argc, char **argv) } } return 0; -#endif } -- cgit v1.2.3 From a1765a0bc62fff8c22091c661aafa10167ec7da8 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 4 Apr 2016 14:23:22 +0200 Subject: pam_unix: Make password expiration messages more user-friendly. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Make password expiration messages more user-friendly. --- modules/pam_unix/pam_unix_acct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/pam_unix_acct.c') diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 17a0890f..782d84ac 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -258,13 +258,13 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) "expired password for user %s (root enforced)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("You are required to change your password immediately (root enforced)")); + _("You are required to change your password immediately (administrator enforced)")); } else { pam_syslog(pamh, LOG_DEBUG, "expired password for user %s (password aged)", uname); _make_remark(pamh, ctrl, PAM_ERROR_MSG, - _("You are required to change your password immediately (password aged)")); + _("You are required to change your password immediately (password expired)")); } break; case PAM_AUTHTOK_EXPIRED: -- cgit v1.2.3