1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
Index: Linux-PAM/modules/pam_unix/pam_unix_auth.c
===================================================================
RCS file: /afs/sipb/project/debian/cvs/pam/Linux-PAM/modules/pam_unix/pam_unix_auth.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pam_unix_auth.c
--- Linux-PAM/modules/pam_unix/pam_unix_auth.c 29 Apr 2001 04:17:37 -0000 1.1.1.1
+++ Linux-PAM/modules/pam_unix/pam_unix_auth.c 19 May 2002 00:42:59 -0000
@@ -81,17 +81,26 @@
#define _UNIX_AUTHTOK "-UN*X-PASS"
#define AUTH_RETURN \
-{ \
+do { \
if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) { \
D(("recording return code for next time [%d]", \
retval)); \
+ *ret_data = retval; \
pam_set_data(pamh, "unix_setcred_return", \
- (void *) retval, NULL); \
+ (void *) ret_data, setcred_free); \
} \
D(("done. [%s]", pam_strerror(pamh, retval))); \
return retval; \
+} while (0)
+
+
+static void setcred_free (pam_handle_t * pamh, void *ptr, int err)
+{
+ if (ptr)
+ free (ptr);
}
+
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
@@ -105,7 +114,8 @@
/* Get a few bytes so we can pass our return value to
pam_sm_setcred(). */
- ret_data = malloc(sizeof(int));
+ if (on(UNIX_LIKE_AUTH, ctrl))
+ ret_data = malloc(sizeof(int));
/* get the user'name' */
@@ -120,7 +130,7 @@
if (name == NULL || !isalnum(*name)) {
_log_err(LOG_ERR, pamh, "bad username [%s]", name);
retval = PAM_USER_UNKNOWN;
- AUTH_RETURN
+ AUTH_RETURN;
}
if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
D(("username [%s] obtained", name));
@@ -133,7 +143,7 @@
*/
retval = PAM_INCOMPLETE;
}
- AUTH_RETURN
+ AUTH_RETURN;
}
/* if this user does not have a password... */
@@ -142,7 +152,7 @@
D(("user '%s' has blank passwd", name));
name = NULL;
retval = PAM_SUCCESS;
- AUTH_RETURN
+ AUTH_RETURN;
}
/* get this user's authentication token */
@@ -161,7 +171,7 @@
retval = PAM_INCOMPLETE;
}
name = NULL;
- AUTH_RETURN
+ AUTH_RETURN;
}
D(("user=%s, password=[%s]", name, p));
@@ -169,7 +179,7 @@
retval = _unix_verify_password(pamh, name, p, ctrl);
name = p = NULL;
- AUTH_RETURN
+ AUTH_RETURN;
}
@@ -185,29 +195,23 @@
PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
- unsigned int ctrl;
int retval;
+ int *pretval = NULL;
D(("called."));
- /* FIXME: it shouldn't be necessary to parse the arguments again. The
- only argument we need is UNIX_LIKE_AUTH: if it was set,
- pam_get_data will succeed. If it wasn't, it will fail, and we
- return PAM_SUCCESS. -SRL */
- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
retval = PAM_SUCCESS;
- if (on(UNIX_LIKE_AUTH, ctrl)) {
- int *pretval = NULL;
-
- D(("recovering return code from auth call"));
- pam_get_data(pamh, "unix_setcred_return", (const void **) pretval);
- if(pretval) {
- retval = *pretval;
- free(pretval);
- D(("recovered data indicates that old retval was %d", retval));
- }
+ D(("recovering return code from auth call"));
+ /* We will only find something here if UNIX_LIKE_AUTH is set --
+ don't worry about an explicit check of argv. */
+ pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval);
+ if(pretval) {
+ retval = *pretval;
+ pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
+ D(("recovered data indicates that old retval was %d", retval));
}
+
return retval;
}
|
