openpam_configure.c (255376) | openpam_configure.c (267013) |
---|---|
1/*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. | 1/*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. |
3 * Copyright (c) 2004-2012 Dag-Erling Sm��rgrav | 3 * Copyright (c) 2004-2014 Dag-Erling Sm��rgrav |
4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without --- 176 unchanged lines hidden (view full) --- 188 } 189 190 /* check facility name */ 191 if ((word = wordv[i++]) == NULL || 192 (fclt = parse_facility_name(word)) == (pam_facility_t)-1) { 193 openpam_log(PAM_LOG_ERROR, 194 "%s(%d): missing or invalid facility", 195 filename, lineno); | 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without --- 176 unchanged lines hidden (view full) --- 188 } 189 190 /* check facility name */ 191 if ((word = wordv[i++]) == NULL || 192 (fclt = parse_facility_name(word)) == (pam_facility_t)-1) { 193 openpam_log(PAM_LOG_ERROR, 194 "%s(%d): missing or invalid facility", 195 filename, lineno); |
196 errno = EINVAL; |
|
196 goto fail; 197 } 198 if (facility != fclt && facility != PAM_FACILITY_ANY) { 199 FREEV(wordc, wordv); 200 continue; 201 } 202 203 /* check for "include" */ 204 if ((word = wordv[i++]) != NULL && 205 strcmp(word, "include") == 0) { 206 if ((servicename = wordv[i++]) == NULL || 207 !valid_service_name(servicename)) { 208 openpam_log(PAM_LOG_ERROR, 209 "%s(%d): missing or invalid service name", 210 filename, lineno); | 197 goto fail; 198 } 199 if (facility != fclt && facility != PAM_FACILITY_ANY) { 200 FREEV(wordc, wordv); 201 continue; 202 } 203 204 /* check for "include" */ 205 if ((word = wordv[i++]) != NULL && 206 strcmp(word, "include") == 0) { 207 if ((servicename = wordv[i++]) == NULL || 208 !valid_service_name(servicename)) { 209 openpam_log(PAM_LOG_ERROR, 210 "%s(%d): missing or invalid service name", 211 filename, lineno); |
212 errno = EINVAL; |
|
211 goto fail; 212 } 213 if (wordv[i] != NULL) { 214 openpam_log(PAM_LOG_ERROR, 215 "%s(%d): garbage at end of line", 216 filename, lineno); | 213 goto fail; 214 } 215 if (wordv[i] != NULL) { 216 openpam_log(PAM_LOG_ERROR, 217 "%s(%d): garbage at end of line", 218 filename, lineno); |
219 errno = EINVAL; |
|
217 goto fail; 218 } 219 ret = openpam_load_chain(pamh, servicename, fclt); 220 FREEV(wordc, wordv); | 220 goto fail; 221 } 222 ret = openpam_load_chain(pamh, servicename, fclt); 223 FREEV(wordc, wordv); |
221 if (ret < 0) | 224 if (ret < 0) { 225 /* 226 * Bogus errno, but this ensures that the 227 * outer loop does not just ignore the 228 * error and keep searching. 229 */ 230 if (errno == ENOENT) 231 errno = EINVAL; |
222 goto fail; | 232 goto fail; |
233 } |
|
223 continue; 224 } 225 226 /* get control flag */ 227 if (word == NULL || /* same word we compared to "include" */ 228 (ctlf = parse_control_flag(word)) == (pam_control_t)-1) { 229 openpam_log(PAM_LOG_ERROR, 230 "%s(%d): missing or invalid control flag", 231 filename, lineno); | 234 continue; 235 } 236 237 /* get control flag */ 238 if (word == NULL || /* same word we compared to "include" */ 239 (ctlf = parse_control_flag(word)) == (pam_control_t)-1) { 240 openpam_log(PAM_LOG_ERROR, 241 "%s(%d): missing or invalid control flag", 242 filename, lineno); |
243 errno = EINVAL; |
|
232 goto fail; 233 } 234 235 /* get module name */ 236 if ((modulename = wordv[i++]) == NULL || 237 !valid_module_name(modulename)) { 238 openpam_log(PAM_LOG_ERROR, 239 "%s(%d): missing or invalid module name", 240 filename, lineno); | 244 goto fail; 245 } 246 247 /* get module name */ 248 if ((modulename = wordv[i++]) == NULL || 249 !valid_module_name(modulename)) { 250 openpam_log(PAM_LOG_ERROR, 251 "%s(%d): missing or invalid module name", 252 filename, lineno); |
253 errno = EINVAL; |
|
241 goto fail; 242 } 243 244 /* allocate new entry */ 245 if ((this = calloc(1, sizeof *this)) == NULL) 246 goto syserr; 247 this->flag = ctlf; 248 249 /* load module */ | 254 goto fail; 255 } 256 257 /* allocate new entry */ 258 if ((this = calloc(1, sizeof *this)) == NULL) 259 goto syserr; 260 this->flag = ctlf; 261 262 /* load module */ |
250 if ((this->module = openpam_load_module(modulename)) == NULL) | 263 if ((this->module = openpam_load_module(modulename)) == NULL) { 264 if (errno == ENOENT) 265 errno = ENOEXEC; |
251 goto fail; | 266 goto fail; |
267 } |
|
252 253 /* 254 * The remaining items in wordv are the module's 255 * arguments. We could set this->optv = wordv + i, but 256 * then free(this->optv) wouldn't work. Instead, we free 257 * the words we've already consumed, shift the rest up, 258 * and clear the tail end of the array. 259 */ --- 16 unchanged lines hidden (view full) --- 276 *next = this; 277 this = NULL; 278 ++count; 279 } 280 /* 281 * The loop ended because openpam_readword() returned NULL, which 282 * can happen for four different reasons: an I/O error (ferror(f) 283 * is true), a memory allocation failure (ferror(f) is false, | 268 269 /* 270 * The remaining items in wordv are the module's 271 * arguments. We could set this->optv = wordv + i, but 272 * then free(this->optv) wouldn't work. Instead, we free 273 * the words we've already consumed, shift the rest up, 274 * and clear the tail end of the array. 275 */ --- 16 unchanged lines hidden (view full) --- 292 *next = this; 293 this = NULL; 294 ++count; 295 } 296 /* 297 * The loop ended because openpam_readword() returned NULL, which 298 * can happen for four different reasons: an I/O error (ferror(f) 299 * is true), a memory allocation failure (ferror(f) is false, |
284 * errno is non-zero) | 300 * feof(f) is false, errno is non-zero), the file ended with an 301 * unterminated quote or backslash escape (ferror(f) is false, 302 * feof(f) is true, errno is non-zero), or the end of the file was 303 * reached without error (ferror(f) is false, feof(f) is true, 304 * errno is zero). |
285 */ 286 if (ferror(f) || errno != 0) 287 goto syserr; 288 if (!feof(f)) 289 goto fail; 290 fclose(f); 291 return (count); 292syserr: --- 104 unchanged lines hidden (view full) --- 397 RETURNN(-1); 398 } 399 style = pam_d_style; 400 } else { 401 style = pam_conf_style; 402 } 403 ret = openpam_load_file(pamh, service, facility, 404 filename, style); | 305 */ 306 if (ferror(f) || errno != 0) 307 goto syserr; 308 if (!feof(f)) 309 goto fail; 310 fclose(f); 311 return (count); 312syserr: --- 104 unchanged lines hidden (view full) --- 417 RETURNN(-1); 418 } 419 style = pam_d_style; 420 } else { 421 style = pam_conf_style; 422 } 423 ret = openpam_load_file(pamh, service, facility, 424 filename, style); |
425 /* success */ 426 if (ret > 0) 427 RETURNN(ret); |
|
405 /* the file exists, but an error occurred */ 406 if (ret == -1 && errno != ENOENT) 407 RETURNN(ret); 408 /* in pam.d style, an empty file counts as a hit */ 409 if (ret == 0 && style == pam_d_style) 410 RETURNN(ret); 411 } 412 413 /* no hit */ | 428 /* the file exists, but an error occurred */ 429 if (ret == -1 && errno != ENOENT) 430 RETURNN(ret); 431 /* in pam.d style, an empty file counts as a hit */ 432 if (ret == 0 && style == pam_d_style) 433 RETURNN(ret); 434 } 435 436 /* no hit */ |
414 RETURNN(0); | 437 errno = ENOENT; 438 RETURNN(-1); |
415} 416 417/* 418 * OpenPAM internal 419 * 420 * Configure a service 421 */ 422 --- 4 unchanged lines hidden (view full) --- 427 pam_facility_t fclt; 428 int serrno; 429 430 ENTERS(service); 431 if (!valid_service_name(service)) { 432 openpam_log(PAM_LOG_ERROR, "invalid service name"); 433 RETURNC(PAM_SYSTEM_ERR); 434 } | 439} 440 441/* 442 * OpenPAM internal 443 * 444 * Configure a service 445 */ 446 --- 4 unchanged lines hidden (view full) --- 451 pam_facility_t fclt; 452 int serrno; 453 454 ENTERS(service); 455 if (!valid_service_name(service)) { 456 openpam_log(PAM_LOG_ERROR, "invalid service name"); 457 RETURNC(PAM_SYSTEM_ERR); 458 } |
435 if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) 436 goto load_err; | 459 if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) { 460 if (errno != ENOENT) 461 goto load_err; 462 } |
437 for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { 438 if (pamh->chains[fclt] != NULL) 439 continue; 440 if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) 441 goto load_err; 442 } 443 RETURNC(PAM_SUCCESS); 444load_err: --- 12 unchanged lines hidden --- | 463 for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { 464 if (pamh->chains[fclt] != NULL) 465 continue; 466 if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) 467 goto load_err; 468 } 469 RETURNC(PAM_SUCCESS); 470load_err: --- 12 unchanged lines hidden --- |