1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-15 10:17:20 +00:00

Sync with P4. Most of this is debugging code; the only substantial changes

are improvements to openpam_{borrow,restore}_cred() (#24779 and #24780).
This commit is contained in:
Dag-Erling Smørgrav 2003-02-07 15:27:03 +00:00
parent 1e518e37e8
commit b511bdf31c
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/vendor/openpam/dist/; revision=110503
10 changed files with 77 additions and 29 deletions

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#3 $
* $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#4 $
*/
#include <sys/param.h>
@ -57,9 +57,18 @@ openpam_borrow_cred(pam_handle_t *pamh,
struct pam_saved_cred *scred;
int r;
ENTER();
if (geteuid() != 0)
ENTERI(pwd->pw_uid);
r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred);
if (r == PAM_SUCCESS && scred != NULL) {
openpam_log(PAM_LOG_DEBUG,
"already operating under borrowed credentials");
RETURNC(PAM_SYSTEM_ERR);
}
if (geteuid() != 0 && geteuid() != pwd->pw_uid) {
openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d",
(int)geteuid());
RETURNC(PAM_PERM_DENIED);
}
scred = calloc(1, sizeof *scred);
if (scred == NULL)
RETURNC(PAM_BUF_ERR);
@ -76,6 +85,8 @@ openpam_borrow_cred(pam_handle_t *pamh,
free(scred);
RETURNC(r);
}
if (geteuid() == pwd->pw_uid)
RETURNC(PAM_SUCCESS);
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 ||
setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) {
openpam_restore_cred(pamh);

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_findenv.c#9 $
* $P4: //depot/projects/openpam/lib/openpam_findenv.c#10 $
*/
#include <string.h>
@ -55,12 +55,12 @@ openpam_findenv(pam_handle_t *pamh,
ENTER();
if (pamh == NULL)
RETURNI(-1);
RETURNN(-1);
for (i = 0; i < pamh->env_count; ++i)
if (strncmp(pamh->env[i], name, len) == 0 &&
pamh->env[i][len] == '=')
RETURNI(i);
RETURNI(-1);
RETURNN(i);
RETURNN(-1);
}
/*

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_get_option.c#5 $
* $P4: //depot/projects/openpam/lib/openpam_get_option.c#6 $
*/
#include <sys/param.h>
@ -57,7 +57,7 @@ openpam_get_option(pam_handle_t *pamh,
size_t len;
int i;
ENTER();
ENTERS(option);
if (pamh == NULL || pamh->current == NULL || option == NULL)
RETURNS(NULL);
cur = pamh->current;

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_impl.h#19 $
* $P4: //depot/projects/openpam/lib/openpam_impl.h#20 $
*/
#ifndef _OPENPAM_IMPL_H_INCLUDED
@ -42,6 +42,7 @@
extern const char *_pam_func_name[PAM_NUM_PRIMITIVES];
extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
extern const char *_pam_err_name[PAM_NUM_ERRORS];
extern const char *_pam_item_name[PAM_NUM_ITEMS];
/*
* Control flags
@ -123,6 +124,21 @@ pam_module_t *openpam_dynamic(const char *);
#ifdef DEBUG
#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
#define ENTERI(i) do { \
if ((i) > 0 && (i) < PAM_NUM_ITEMS) \
openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \
} while (0);
#define ENTERN(n) do { \
openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \
} while (0);
#define ENTERS(s) do { \
if ((s) == NULL) \
openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
else \
openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \
} while (0);
#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
#define RETURNC(c) do { \
if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \
@ -131,9 +147,9 @@ pam_module_t *openpam_dynamic(const char *);
openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \
return (c); \
} while (0)
#define RETURNI(i) do { \
openpam_log(PAM_LOG_DEBUG, "returning %d", (i)); \
return (i); \
#define RETURNN(n) do { \
openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \
return (n); \
} while (0)
#define RETURNP(p) do { \
if ((p) == NULL) \
@ -151,9 +167,12 @@ pam_module_t *openpam_dynamic(const char *);
} while (0)
#else
#define ENTER()
#define ENTERI(i)
#define ENTERN(n)
#define ENTERS(s)
#define RETURNV() return
#define RETURNC(c) return (c)
#define RETURNI(i) return (i)
#define RETURNN(n) return (n)
#define RETURNP(p) return (p)
#define RETURNS(s) return (s)
#endif

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#3 $
* $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#4 $
*/
#include <sys/param.h>
@ -62,10 +62,12 @@ openpam_restore_cred(pam_handle_t *pamh)
RETURNC(r);
if (scred == NULL)
RETURNC(PAM_SYSTEM_ERR);
if (seteuid(scred->euid) == -1 ||
setgroups(scred->ngroups, scred->groups) == -1 ||
setegid(scred->egid) == -1)
RETURNC(PAM_SYSTEM_ERR);
if (scred->euid != geteuid()) {
if (seteuid(scred->euid) == -1 ||
setgroups(scred->ngroups, scred->groups) == -1 ||
setegid(scred->egid) == -1)
RETURNC(PAM_SYSTEM_ERR);
}
pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL);
RETURNC(PAM_SUCCESS);
}

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/openpam_set_option.c#6 $
* $P4: //depot/projects/openpam/lib/openpam_set_option.c#7 $
*/
#include <sys/param.h>
@ -61,7 +61,7 @@ openpam_set_option(pam_handle_t *pamh,
size_t len;
int i;
ENTER();
ENTERS(option);
if (pamh == NULL || pamh->current == NULL || option == NULL)
RETURNC(PAM_SYSTEM_ERR);
cur = pamh->current;

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_data.c#9 $
* $P4: //depot/projects/openpam/lib/pam_get_data.c#10 $
*/
#include <string.h>
@ -54,7 +54,7 @@ pam_get_data(pam_handle_t *pamh,
{
pam_data_t *dp;
ENTER();
ENTERS(module_data_name);
if (pamh == NULL)
RETURNC(PAM_SYSTEM_ERR);
for (dp = pamh->module_data; dp != NULL; dp = dp->next)

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_get_item.c#14 $
* $P4: //depot/projects/openpam/lib/pam_get_item.c#15 $
*/
#include <sys/param.h>
@ -40,6 +40,22 @@
#include "openpam_impl.h"
const char *_pam_item_name[PAM_NUM_ITEMS] = {
"(NO ITEM)",
"PAM_SERVICE",
"PAM_USER",
"PAM_TTY",
"PAM_RHOST",
"PAM_CONV",
"PAM_AUTHTOK",
"PAM_OLDAUTHTOK",
"PAM_RUSER",
"PAM_USER_PROMPT",
"PAM_REPOSITORY",
"PAM_AUTHTOK_PROMPT",
"PAM_OLDAUTHTOK_PROMPT"
};
/*
* XSSO 4.2.1
* XSSO 6 page 46
@ -53,7 +69,7 @@ pam_get_item(pam_handle_t *pamh,
const void **item)
{
ENTER();
ENTERI(item_type);
if (pamh == NULL)
RETURNC(PAM_SYSTEM_ERR);
switch (item_type) {

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_set_data.c#11 $
* $P4: //depot/projects/openpam/lib/pam_set_data.c#12 $
*/
#include <stdlib.h>
@ -58,7 +58,7 @@ pam_set_data(pam_handle_t *pamh,
{
pam_data_t *dp;
ENTER();
ENTERS(module_data_name);
if (pamh == NULL)
RETURNC(PAM_SYSTEM_ERR);
for (dp = pamh->module_data; dp != NULL; dp = dp->next) {

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $P4: //depot/projects/openpam/lib/pam_set_item.c#16 $
* $P4: //depot/projects/openpam/lib/pam_set_item.c#17 $
*/
#include <sys/param.h>
@ -58,7 +58,7 @@ pam_set_item(pam_handle_t *pamh,
void **slot, *tmp;
size_t nsize, osize;
ENTER();
ENTERI(item_type);
if (pamh == NULL)
RETURNC(PAM_SYSTEM_ERR);
slot = &pamh->item[item_type];