mirrors/linux-pam
0
0
Fork 0
mirror of https://github.com/linux-pam/linux-pam.git synced 2024-11-23 01:33:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix whitespace issues

Browse Source 
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF.  Make the project free of warnings reported by
git diff --check 4b825dc642 HEAD
This commit is contained in:
Dmitry V. Levin 2011-10-26 23:56:54 +00:00
parent fc772e7236
commit 1814aec611
122 changed files with 435 additions and 492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ABOUT-NLS
View File

@ -1108,4 +1108,3 @@ developed inside the GNU project. Therefore the information given above
applies also for every other Free Software Project. Contact
`translation@iro.umontreal.ca' to make the `.pot' files available to
the translation teams.

21
CHANGELOG
View File

@ -129,17 +129,17 @@ bug report - outstanding bugs are listed here:
* libpam: Fix debug code (kukuk)
* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk)
* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk)
* libpam: Add prelude ids (http://www.prelude-ids.org) support,
* libpam: Add prelude ids (http://www.prelude-ids.org) support,
as experimental. (toady)
* configure: Add the directory where new versions of cracklib is
installed (from Jim Gifford - toady)
* configure: Add the directory where new versions of cracklib is
installed (from Jim Gifford - toady)
* libpamc: Use standard u_intX_t types instead of __uX (kukuk)
0.78: Do Nov 18 14:48:36 CET 2004
* pam_unix: change the order of trying password changes - local first,
NIS second (t8m)
* pam_wheel: add option only_root to make it affect authentication
* pam_wheel: add option only_root to make it affect authentication
to root account only
* pam_unix: test return values on renaming files and report error to
syslog and to user
@ -175,7 +175,7 @@ bug report - outstanding bugs are listed here:
The whole idea is to create few "systemwide" pam configs and include
parts of them in application pam configs.
(patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
(Bug 591605 - kukuk)
* pam_unix: Call password checking helper whenever the password field
contains only one character (Bug 1027903 - kukuk)
@ -1050,7 +1050,7 @@ libpam. Prior versions were buggy - see bugfix for Bug 129775.
(otherwise /etc/pam.conf is treated as before)
- given /etc/pam.d/
. config files are named (in lower case) by service-name
. config files have same syntax as /etc/pam.conf except
. config files have same syntax as /etc/pam.conf except
that the "service-name" field is not present. (there
are thus three manditory fields (and arguments are
optional):
@ -1207,7 +1207,7 @@ Sat Nov 30 19:30:20 PST 1996, Andrew Morgan <morgan@parc.power.net>
also some coverage of libpam_misc in the App. Developers' guide.
* Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added)
* adopted Cristian's _pam_macros.h file to help with common macros and
debugging stuff, gone through tree tidying up debugging lines to use
this [not complete].
@ -1287,7 +1287,7 @@ A brief summary of what has changed:
* removed <bf/ .. / from documentation titles. This was not giving
politically correct html..
----- My vvvvvvvvvvvvvvvvvvv was a long time ago ;*] -----
Wed Sep 4 23:57:19 PDT 1996 (Andrew Morgan <morgan@physics.ucla.edu>
@ -1345,7 +1345,7 @@ PASSWD - Elliot's account management included, and enhanced by Cristian Gafton.
*** If anyone has any trouble, please *say*. Your problem will be
fixed in the next release. Also please feel free to scour the
code for race conditions etc...
code for race conditions etc...
[* The above change requires that you purge your /usr/lib/security
directory of the old pam_unix_XXX.so modules: they will NOT be deleted
@ -1533,7 +1533,7 @@ CFLAGS* added 'make sterile' to top level makefile. This does extraclean and rem
future documentation of static module support in pam_modules.sgml)
* libpam; many changes to makefiles and also automated the inclusion of
static module objects in pam_static.c
* modified modules for automated static/dynamic support. Added static &
* modified modules for automated static/dynamic support. Added static &
dynamic subdirectories, as instructed by Michael
* removed an annoying syslog message from pam_filter: "parent exited.."
* updated todo list (anyone know anything about svgalib/X? we probably should
@ -1763,4 +1763,3 @@ Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu)
* stable code from pam_unix is added to modules/pam_unix
* test/test.c now requests username and password and attempts
to perform authentication

1
COPYING
View File

@ -38,4 +38,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
-------------------------------------------------------------------------

1
Copyright
View File

@ -38,4 +38,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
-------------------------------------------------------------------------

1
INSTALL
View File

@ -233,4 +233,3 @@ configuration-related scripts to be executed by `/bin/bash'.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

1
Make.xml.rules
View File

@ -22,4 +22,3 @@ README: README.xml
$(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
#CLEANFILES += $(man_MANS) README

2
NEWS
View File

@ -3,7 +3,7 @@ Linux-PAM NEWS -- history of user-visible changes.
Release 1.1.5
* pam_env: Fix CVE-2011-3148 and CVE-2011-3149
* pam_access: Add hostname resolution cache
* Documentation: Improvements/fixes
* Documentation: Improvements/fixes
Release 1.1.4

1
conf/pam.conf
View File

@ -123,4 +123,3 @@ xdm account required pam_unix.so
# The PAM configuration file for the `xlock' service
#
xlock auth required pam_unix.so

1
conf/pam_conv1/README
View File

@ -6,4 +6,3 @@ creates the pam.d/ directory in the current directory.
The program will fail if ./pam.d/ already exists.
Andrew Morgan, February 1997

1
doc/Makefile.am
View File

@ -19,4 +19,3 @@ releasedocs: all
make -C sag releasedocs
make -C adg releasedocs
make -C mwg releasedocs

2
doc/man/pam_chauthtok.3.xml
View File

@ -35,7 +35,7 @@
associated with the handle <emphasis>pamh</emphasis>).
</para>
<para>
The <emphasis>pamh</emphasis> argument is an authentication
The <emphasis>pamh</emphasis> argument is an authentication
handle obtained by a prior call to pam_start().
The flags argument is the binary or of zero or more of the
following values:

8
doc/man/pam_get_user.3.xml
View File

@ -42,7 +42,7 @@
name of the user specified by
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. If no user was specified it what
</citerefentry>. If no user was specified it what
<function>pam_get_item (pamh, PAM_USER, ... );</function> would
have returned. If this is NULL it obtains the username via the
<citerefentry>
@ -70,14 +70,14 @@
</itemizedlist>
<para>
By whatever means the username is obtained, a pointer to it is
returned as the contents of <emphasis>*user</emphasis>. Note,
this memory should <emphasis remap="B">not</emphasis> be
returned as the contents of <emphasis>*user</emphasis>. Note,
this memory should <emphasis remap="B">not</emphasis> be
<emphasis>free()</emphasis>'d or <emphasis>modified</emphasis>
by the module.
</para>
<para>
This function sets the <emphasis>PAM_USER</emphasis> item
associated with the
associated with the
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and

2
doc/man/pam_set_data.3.xml
View File

@ -40,7 +40,7 @@
<title>DESCRIPTION</title>
<para>
The <function>pam_set_data</function> function associates a pointer
to an object with the (hopefully) unique string
to an object with the (hopefully) unique string
<emphasis>module_data_name</emphasis> in the PAM context specified
by the <emphasis>pamh</emphasis> argument.
</para>

4
doc/man/pam_sm_authenticate.3.xml
View File

@ -62,7 +62,7 @@
Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the
database of authentication tokens for this authentication
mechanism has a <emphasis>NULL</emphasis> entry for the user.
Without this flag, such a <emphasis>NULL</emphasis> token
Without this flag, such a <emphasis>NULL</emphasis> token
will lead to a success without the user being prompted.
</para>
</listitem>
@ -95,7 +95,7 @@
<listitem>
<para>
The modules were not able to access the authentication
information. This might be due to a network or hardware
information. This might be due to a network or hardware
failure etc.
</para>
</listitem>

2
doc/man/pam_xauth_data.3.xml
View File

@ -35,7 +35,7 @@ struct pam_xauth_data {
<title>DESCRIPTION</title>
<para>
The <function>pam_xauth_data</function> structure contains X
authentication data used to make a connection to an X display.
authentication data used to make a connection to an X display.
Using this mechanism, an application can communicate X
authentication data to PAM service modules. This allows modules to
make a connection to the user's X display in order to label the

1
doc/specs/.cvsignore
View File

@ -9,4 +9,3 @@ padout
parse_l.c
parse_y.c
parse_y.h

6
doc/specs/draft-morgan-pam.raw
View File

@ -227,7 +227,7 @@ o Anyone can define additional agents by using names in the format
your agent has as an identifier, they you are entitled to use
this identifier.) It is up to each domain how it manages its local
namespace.
The '/' character is a mandatory delimiter, indicating the end of the
agent_id. The trailing data is of a format specific to the agent with
the given agent_id.
@ -377,7 +377,7 @@ conversation function with which it encapsulates module-generated
requests and exchanges them with the client. Every message sent by a
module should be acknowledged.
General conversation functions can support the following five
General conversation functions can support the following five
conversation requests:
echo text string
@ -617,7 +617,7 @@ Following a call to pamc_end, the pamc_handle_t will be invalid.
The return value for this function is one of the following:
PAM_BPC_TRUE - all invoked agents are content with
PAM_BPC_TRUE - all invoked agents are content with
authentication (the server is _not_ judged
_un_trustworthy by any agent)

8
doc/specs/parse_y.y
View File

@ -7,7 +7,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAXLINE 1000
#define INDENT_STRING " "
#define PAPER_WIDTH 74
@ -86,7 +86,7 @@ doc:
printf("%s%s%s", $2, fixed, $4);
free($2);
free($4);
l = (len+1)/2;
memset(fixed, ' ', l);
fixed[l] = '\0';
@ -113,7 +113,7 @@ doc:
printf("%s%s%s", $2, fixed, $4);
free($2);
free($4);
l = (len+1)/2;
memset(fixed, ' ', l);
fixed[l] = '\0';
@ -281,7 +281,7 @@ char *new_counter(const char *key)
sprintf(new+j, "%d", ++i);
counter_root = set_key(counter_root, key, new);
if (last_label) {
free(last_label);
}

6
doc/specs/rfc86.0.txt
View File

@ -1843,9 +1843,3 @@
Samar, Schemers Page 28

4
dynamic/test.c
View File

@ -16,8 +16,8 @@ int main(int argc, char **argv)
}
/* handle->XXX points to each of the PAM functions */
if (dlclose(handle)) {
fprintf(stderr, "failed to unload pam.so: %s\n", dlerror());
exit(1);

1
examples/.cvsignore
View File

@ -6,4 +6,3 @@ Makefile
Makefile.in
.deps
.libs

1
examples/README
View File

@ -10,4 +10,3 @@ application it might be a place to start...
xsh is new as of Linux-PAM-0.31, it is identical to blank, but invokes
/bin/sh if the user is authenticated.

4
examples/blank.c
View File

@ -50,7 +50,7 @@ int main(int argc, char **argv)
fprintf(stderr,"usage: %s [username]\n",argv[0]);
} else if (argc == 2) {
username = argv[1];
}
}
/* initialize the Linux-PAM library */
retcode = pam_start("blank", username, &conv, &pamh);
@ -141,7 +141,7 @@ int main(int argc, char **argv)
fprintf(stderr,"%s: problem closing a session\n",argv[0]);
break;
}
retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,0,retcode,"pam_setcred2");

4
examples/check_user.c
View File

@ -1,6 +1,6 @@
/*
$Id$
This program was contributed by Shane Watts <shane@icarus.bofh.asn.au>
slight modifications by AGM.
@ -35,7 +35,7 @@ int main(int argc, char *argv[])
}
retval = pam_start("check", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */

2
examples/vpass.c
View File

@ -47,5 +47,3 @@ int main(void)
pam_end(pamh, res);
exit(0);
}

1
libpam/.cvsignore
View File

@ -6,4 +6,3 @@ Makefile.in
.libs
*.la
*.lo

4
libpam/pam_audit.c
View File

@ -161,7 +161,7 @@ pam_modutil_audit_write(pam_handle_t *pamh, int type,
{
int audit_fd;
int rc;
if ((audit_fd=_pam_audit_open(pamh)) == -1) {
return PAM_SYSTEM_ERR;
} else if (audit_fd == -2) {
@ -171,7 +171,7 @@ pam_modutil_audit_write(pam_handle_t *pamh, int type,
rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval);
audit_close(audit_fd);
return rc < 0 ? PAM_SYSTEM_ERR : PAM_SUCCESS;
}

1
libpam/pam_delay.c
View File

@ -156,4 +156,3 @@ int pam_fail_delay(pam_handle_t *pamh, unsigned int usec)
return PAM_SUCCESS;
}

8
libpam/pam_dispatch.c
View File

@ -261,16 +261,16 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
if (impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE
&& status == PAM_SUCCESS) ) {
if ( retval != PAM_IGNORE || cached_retval == retval ) {
if ( retval != PAM_IGNORE || cached_retval == retval ) {
impression = _PAM_POSITIVE;
status = retval;
}
status = retval;
}
}
}
/* this means that we need to skip #action stacked modules */
while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) {
do {
do {
h = h->next;
++depth;
} while (h->next != NULL && h->next->stack_level > stack_level);

10
libpam/pam_dynamic.c
View File

@ -55,8 +55,8 @@ void *_pam_dlopen(const char *mod_path)
NSObjectFileImage ofile;
void *ret = NULL;
if (NSCreateObjectFileImageFromFile(mod_path, &ofile) !=
NSObjectFileImageSuccess )
if (NSCreateObjectFileImageFromFile(mod_path, &ofile) !=
NSObjectFileImageSuccess )
return NULL;
ret = NSLinkModule(ofile, mod_path, NSLINKMODULE_OPTION_PRIVATE | NSLINKMODULE_OPTION_BINDNOW);
@ -68,7 +68,7 @@ void *_pam_dlopen(const char *mod_path)
#endif
}
servicefn _pam_dlsym(void *handle, const char *symbol)
servicefn _pam_dlsym(void *handle, const char *symbol)
{
#ifdef PAM_SHL
char *_symbol = NULL;
@ -83,7 +83,7 @@ servicefn _pam_dlsym(void *handle, const char *symbol)
return NULL;
strcpy(_symbol, SHLIB_SYM_PREFIX);
strcat(_symbol, symbol);
if( shl_findsym(&handle, _symbol,
if( shl_findsym(&handle, _symbol,
(short) TYPE_PROCEDURE, &ret ){
free(_symbol);
return NULL;
@ -92,7 +92,7 @@ servicefn _pam_dlsym(void *handle, const char *symbol)
}
return ret;
#elif defined(PAM_DYLD)
NSSymbol nsSymbol;
char *_symbol;

18
libpam/pam_handlers.c
View File

@ -194,16 +194,16 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
tok = _pam_StrTok(NULL, " \n\t", &nexttok);
if (pam_include) {
if (substack) {
if (substack) {
res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
stack_level, module_type, actions, tok,
0, NULL, 0);
stack_level, module_type, actions, tok,
0, NULL, 0);
if (res != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "error adding substack %s", tok);
D(("failed to load module - aborting"));
return PAM_ABORT;
}
}
}
}
if (_pam_load_conf_file(pamh, tok, this_service, module_type,
stack_level + substack
#ifdef PAM_READ_BOTH_CONFS
@ -625,7 +625,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type)
struct loaded_module *mod;
D(("_pam_load_module: loading module `%s'", mod_path));
mod = pamh->handlers.module;
/* First, ensure the module is loaded */
@ -774,12 +774,12 @@ int _pam_add_handler(pam_handle_t *pamh
/* if we get here with NULL it means allocation error */
return PAM_ABORT;
}
mod_type = mod->type;
}
if (mod_path == NULL)
mod_path = UNKNOWN_MODULE;
mod_path = UNKNOWN_MODULE;
/*
* At this point 'mod' points to the stored/loaded module.

6
libpam/pam_item.c
View File

@ -315,8 +315,8 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
if (pamh->former.want_user) {
/* must have a prompt to resume with */
if (! pamh->former.prompt) {
pam_syslog(pamh, LOG_ERR,
"pam_get_user: failed to resume with prompt"
pam_syslog(pamh, LOG_ERR,
"pam_get_user: failed to resume with prompt"
);
return PAM_ABORT;
}
@ -324,7 +324,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
/* must be the same prompt as last time */
if (strcmp(pamh->former.prompt, use_prompt)) {
pam_syslog(pamh, LOG_ERR,
"pam_get_user: resumed with different prompt");
"pam_get_user: resumed with different prompt");
return PAM_ABORT;
}

2
libpam/pam_misc.c
View File

@ -312,7 +312,7 @@ void _pam_parse_control(int *control_array, char *tok)
break;
}
}
if (act > 0) {
if (act > 0) {
/*
* Either we have a number or we have hit an error. In
* principle, there is nothing to stop us accepting

12
libpam/pam_modutil_getgrgid.c
View File

@ -16,7 +16,7 @@
#include <stdlib.h>
static int intlen(int number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -26,7 +26,7 @@ static int intlen(int number)
}
static int longlen(long number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -72,7 +72,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid)
int i;
data_name = malloc(strlen("_pammodutil_getgrgid") + 1 +
longlen((long)gid) + 1 + intlen(INT_MAX) + 1);
longlen((long)gid) + 1 + intlen(INT_MAX) + 1);
if ((pamh != NULL) && (data_name == NULL)) {
D(("was unable to register the data item [%s]",
pam_strerror(pamh, status)));
@ -83,7 +83,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid)
if (pamh != NULL) {
for (i = 0; i < INT_MAX; i++) {
sprintf(data_name, "_pammodutil_getgrgid_%ld_%d",
(long) gid, i);
(long) gid, i);
status = PAM_NO_MODULE_DATA;
if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
status = pam_set_data(pamh, data_name,
@ -114,7 +114,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid)
/* no sense in repeating the call */
break;
}
length <<= PWD_LENGTH_SHIFT;
} while (length < PWD_ABSURD_PWD_LENGTH);
@ -131,7 +131,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid)
* Sorry, there does not appear to be a reentrant version of
* getgrgid(). So, we use the standard libc function.
*/
return getgrgid(gid);
#endif /* def HAVE_GETGRGID_R */

8
libpam/pam_modutil_getgrnam.c
View File

@ -16,7 +16,7 @@
#include <stdlib.h>
static int intlen(int number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -62,7 +62,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group)
int i;
data_name = malloc(strlen("_pammodutil_getgrnam") + 1 +
strlen(group) + 1 + intlen(INT_MAX) + 1);
strlen(group) + 1 + intlen(INT_MAX) + 1);
if ((pamh != NULL) && (data_name == NULL)) {
D(("was unable to register the data item [%s]",
pam_strerror(pamh, status)));
@ -103,7 +103,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group)
/* no sense in repeating the call */
break;
}
length <<= PWD_LENGTH_SHIFT;
} while (length < PWD_ABSURD_PWD_LENGTH);
@ -120,7 +120,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group)
* Sorry, there does not appear to be a reentrant version of
* getgrnam(). So, we use the standard libc function.
*/
return getgrnam(group);
#endif /* def HAVE_GETGRNAM_R */

8
libpam/pam_modutil_getpwnam.c
View File

@ -16,7 +16,7 @@
#include <stdlib.h>
static int intlen(int number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -62,7 +62,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user)
int i;
data_name = malloc(strlen("_pammodutil_getpwnam") + 1 +
strlen(user) + 1 + intlen(INT_MAX) + 1);
strlen(user) + 1 + intlen(INT_MAX) + 1);
if ((pamh != NULL) && (data_name == NULL)) {
D(("was unable to register the data item [%s]",
pam_strerror(pamh, status)));
@ -103,7 +103,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user)
/* no sense in repeating the call */
break;
}
length <<= PWD_LENGTH_SHIFT;
} while (length < PWD_ABSURD_PWD_LENGTH);
@ -120,7 +120,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user)
* Sorry, there does not appear to be a reentrant version of
* getpwnam(). So, we use the standard libc function.
*/
return getpwnam(user);
#endif /* def HAVE_GETPWNAM_R */

12
libpam/pam_modutil_getpwuid.c
View File

@ -16,7 +16,7 @@
#include <stdlib.h>
static int intlen(int number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -26,7 +26,7 @@ static int intlen(int number)
}
static int longlen(long number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -72,7 +72,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid)
int i;
data_name = malloc(strlen("_pammodutil_getpwuid") + 1 +
longlen((long) uid) + 1 + intlen(INT_MAX) + 1);
longlen((long) uid) + 1 + intlen(INT_MAX) + 1);
if ((pamh != NULL) && (data_name == NULL)) {
D(("was unable to register the data item [%s]",
pam_strerror(pamh, status)));
@ -83,7 +83,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid)
if (pamh != NULL) {
for (i = 0; i < INT_MAX; i++) {
sprintf(data_name, "_pammodutil_getpwuid_%ld_%d",
(long) uid, i);
(long) uid, i);
status = PAM_NO_MODULE_DATA;
if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
status = pam_set_data(pamh, data_name,
@ -114,7 +114,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid)
/* no sense in repeating the call */
break;
}
length <<= PWD_LENGTH_SHIFT;
} while (length < PWD_ABSURD_PWD_LENGTH);
@ -131,7 +131,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid)
* Sorry, there does not appear to be a reentrant version of
* getpwuid(). So, we use the standard libc function.
*/
return getpwuid(uid);
#endif /* def HAVE_GETPWUID_R */

8
libpam/pam_modutil_getspnam.c
View File

@ -16,7 +16,7 @@
#include <stdlib.h>
static int intlen(int number)
{
{
int len = 2;
while (number != 0) {
number /= 10;
@ -62,7 +62,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user)
int i;
data_name = malloc(strlen("_pammodutil_getspnam") + 1 +
strlen(user) + 1 + intlen(INT_MAX) + 1);
strlen(user) + 1 + intlen(INT_MAX) + 1);
if ((pamh != NULL) && (data_name == NULL)) {
D(("was unable to register the data item [%s]",
pam_strerror(pamh, status)));
@ -103,7 +103,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user)
/* no sense in repeating the call */
break;
}
length <<= PWD_LENGTH_SHIFT;
} while (length < PWD_ABSURD_PWD_LENGTH);
@ -120,7 +120,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user)
* Sorry, there does not appear to be a reentrant version of
* getspnam(). So, we use the standard libc function.
*/
return getspnam(user);
#endif /* def HAVE_GETSPNAM_R */

2
libpam/pam_modutil_ingroup.c
View File

@ -74,7 +74,7 @@ pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED,
return 0;
}
int
int
pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh,
const char *user, const char *group)
{

1
libpam/pam_prelude.h
View File

@ -13,4 +13,3 @@
void prelude_send_alert(pam_handle_t *pamh, int authval);
#endif /* _SECURITY_PAM_PRELUDE_H */

2
libpam/pam_session.c
View File

@ -24,7 +24,7 @@ int pam_open_session(pam_handle_t *pamh, int flags)
#ifdef HAVE_LIBAUDIT
retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags);
#endif
#endif
return retval;
}

4
libpam/pam_tokens.h
View File

@ -89,13 +89,13 @@ const char * const _pam_token_returns[_PAM_RETURN_VALUES+1] = {
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

1
libpam_misc/Makefile.am
View File

@ -20,4 +20,3 @@ libpam_misc_la_LIBADD = $(top_builddir)/libpam/libpam.la
lib_LTLIBRARIES = libpam_misc.la
libpam_misc_la_SOURCES = help_env.c misc_conv.c

4
libpam_misc/include/security/pam_misc.h
View File

@ -6,8 +6,8 @@
#include <security/pam_appl.h>
#include <security/pam_client.h>
#ifdef __cplusplus
extern "C" {
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/* include some useful macros */

2
libpam_misc/misc_conv.c
View File

@ -180,7 +180,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
if (have_term)
nc = read(STDIN_FILENO, line, INPUTSIZE-1);
else /* we must read one line only */
for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n';
for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n';
nc++) {
int rv;
if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) {

1
libpamc/License
View File

@ -39,4 +39,3 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
-------------------------------------------------------------------------

2
libpamc/include/security/pam_client.h
View File

@ -121,7 +121,7 @@ do { \
\
__size = PAM_BP_MIN_SIZE + data_length; \
if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \
__PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \
__PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \
__PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \
__PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \
__PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \

6
libpamc/pamc_client.c
View File

@ -66,7 +66,7 @@ pamc_handle_t pamc_start(void)
if ( default_path[i] == PAMC_SYSTEM_AGENT_SEPARATOR
|| !default_path[i] ) {
int length;
pch->agent_paths[this] = malloc(length = 1+i-last);
if (pch->agent_paths[this] == NULL) {
@ -102,7 +102,7 @@ drop_pch:
}
/*
* shutdown each of the loaded agents and
* shutdown each of the loaded agents and
*/
static int __pamc_shutdown_agents(pamc_handle_t pch)
@ -110,7 +110,7 @@ static int __pamc_shutdown_agents(pamc_handle_t pch)
int retval = PAM_BPC_TRUE;
D(("called"));
while (pch->chain) {
pid_t pid;
int status;

8
libpamc/pamc_load.c
View File

@ -25,7 +25,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent)
return PAM_BPC_FAIL;
}
}
/* enough memory for any path + this agent */
reset_length = 3 + pch->max_path + agent->id_length;
D(("reset_length = %d (3+%d+%d)",
@ -57,7 +57,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent)
D(("no agent was found"));
goto free_and_return;
}
if (pipe(to_agent)) {
D(("failed to open pipe to agent"));
goto free_and_return;
@ -262,7 +262,7 @@ int pamc_load(pamc_handle_t pch, const char *agent_id)
D(("sorry agent is disabled"));
return PAM_BPC_FALSE;
}
length = strlen(agent_id);
/* scan list to see if agent is loaded */
@ -296,7 +296,7 @@ int pamc_load(pamc_handle_t pch, const char *agent_id)
agent->next = pch->chain;
pch->chain = agent;
return PAM_BPC_TRUE;
fail_free_agent_id:

9
libpamc/test/agents/secret@here
View File

@ -41,7 +41,7 @@ for (;;) {
($reply_control, $reply_data) = HandleContinuation($data);
} else {
if ($debug) {
print STDERR
print STDERR
"agent: unrecognized packet $control {$data} to read\n";
}
($reply_control, $reply_data) = (0x04, "");
@ -133,7 +133,7 @@ sub HandleContinuation ($) {
}
my $expected_digest = CreateDigest($state{$key});
my ($local_cookie, $remote_cookie, $shared_secret)
my ($local_cookie, $remote_cookie, $shared_secret)
= split '\|', $state{$key};
delete $state{$key};
@ -154,7 +154,7 @@ sub HandleContinuation ($) {
print STDERR "agent: server appears to know the secret\n";
}
my $session_authenticated_ticket =
my $session_authenticated_ticket =
CreateDigest($remote_cookie."|".$shared_secret."|".$local_cookie);
# FIXME: Agent should set a derived session key environment
@ -183,7 +183,7 @@ sub ReadBinaryPrompt {
# broken packet header
return (-1, "");
}
my ($length, $control) = unpack("N C", $buffer);
if ($length < 5) {
# broken packet length
@ -305,4 +305,3 @@ sub GetRandom {
}
}

2
libpamc/test/modules/pam_secret.c
View File

@ -664,6 +664,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
old_data = NULL;
D(("done (%d)", retval));
return retval;
}

4
libpamc/test/regress/test.libpamc.c
View File

@ -172,7 +172,7 @@ void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet)
data_length = PAM_BP_LENGTH(prompt);
packet->at = 0;
append_data(packet, data_length, NULL);
PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer);
fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n",
@ -332,7 +332,7 @@ int main(int argc, char **argv)
digest);
}
retval = pamc_end(&pch);
fprintf(stderr, "server: agent(s) were %shappy to terminate\n",

3
libpamc/test/regress/test.secret@here
View File

@ -94,7 +94,7 @@ sub ReadBinaryPrompt ($) {
# broken packet header
return (-1, "");
}
my ($length, $control) = unpack("N C", $buffer);
if ($length < 5) {
# broken packet length
@ -149,4 +149,3 @@ sub IdentifyLocalSecret ($) {
return $secret;
}

1
m4/japhar_grep_cflags.m4
View File

@ -45,4 +45,3 @@ else
fi
AC_MSG_RESULT($ac_cv___attribute__)
])

2
m4/libprelude.m4
View File

@ -8,7 +8,7 @@ dnl $id$
# Werner Koch 99-12-09
dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS,
dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS,
dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS
dnl
AC_DEFUN([AM_PATH_LIBPRELUDE],

3
modules/modules.map
View File

@ -1,4 +1,4 @@
{
{
global:
pam_sm_acct_mgmt;
pam_sm_authenticate;
@ -8,4 +8,3 @@
pam_sm_setcred;
local: *;
};

8
modules/pam_access/pam_access.c
View File

@ -100,7 +100,7 @@ struct login_info {
const char *from;
const char *config_file;
const char *hostname;
int debug; /* Print debugging messages. */
int debug; /* Print debugging messages. */
int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */
int noaudit; /* Do not audit denials */
const char *fs; /* field separator */
@ -375,7 +375,7 @@ login_access (pam_handle_t *pamh, struct login_info *item)
/* Allow field seperator in last field of froms */
if (!(perm = strtok_r(line, item->fs, &sptr))
|| !(users = strtok_r(NULL, item->fs, &sptr))
|| !(froms = strtok_r(NULL, "\n", &sptr))) {
|| !(froms = strtok_r(NULL, "\n", &sptr))) {
pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count",
item->config_file, lineno);
continue;
@ -398,8 +398,8 @@ login_access (pam_handle_t *pamh, struct login_info *item)
nonall_match = YES;
}
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
"from_match=%d, \"%s\"", match, item->from);
pam_syslog (pamh, LOG_DEBUG,
"from_match=%d, \"%s\"", match, item->from);
}
}
(void) fclose(fp);

16
modules/pam_env/pam_env.conf
View File

@ -1,7 +1,7 @@
#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
#
# The original idea for this came from Andrew G. Morgan ...
#<quote>
# Mmm. Perhaps you might like to write a pam_env module that reads a
@ -22,16 +22,16 @@
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea:
# Here is my idea:
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE.
# options for each variable DEFAULT and OVERRIDE.
# DEFAULT allows and administrator to set the value of the
# variable to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done.
# done.
#
# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
#
@ -42,7 +42,7 @@
# values can be delimited with "", escaped " not supported.
# Note that many environment variables that you would like to use
# may not be set by the time the module is called.
# For example, HOME is used below several times, but
# For example, HOME is used below several times, but
# many PAM applications don't make it available by the time you need it.
#
#
@ -52,7 +52,7 @@
# to "localhost" rather than not being set at all
#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
# Set the DISPLAY variable if it seems reasonable
#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#

2
modules/pam_env/pam_env.conf.5.xml
View File

@ -21,7 +21,7 @@
<para>
The <filename>/etc/security/pam_env.conf</filename> file specifies
the environment variables to be set, unset or modified by
the environment variables to be set, unset or modified by
<citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
When someone logs in, this file is read and the environment
variables are set according.

8
modules/pam_exec/pam_exec.8.xml
View File

@ -123,8 +123,8 @@
</term>
<listitem>
<para>
Per default pam_exec.so will echo the exit status of the
external command if it fails.
Per default pam_exec.so will echo the exit status of the
external command if it fails.
Specifying this option will suppress the message.
</para>
</listitem>
@ -136,8 +136,8 @@
</term>
<listitem>
<para>
Per default pam_exec.so will execute the external command
with the real user ID of the calling process.
Per default pam_exec.so will execute the external command
with the real user ID of the calling process.
Specifying this option means the command is run
with the effective user ID.
</para>

2
modules/pam_exec/pam_exec.c
View File

@ -282,7 +282,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
char *buffer = NULL;
if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY,
S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1)
S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1)
{
int err = errno;
pam_syslog (pamh, LOG_ERR, "open of %s failed: %m",

1
modules/pam_keyinit/pam_keyinit.c
View File

@ -266,4 +266,3 @@ struct pam_module _pam_keyinit_modstruct = {
NULL
};
#endif

16
modules/pam_limits/pam_limits.c
View File

@ -630,7 +630,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
else
rlimit_value *= 1024;
}
break;
break;
#ifdef RLIMIT_NICE
case RLIMIT_NICE:
if (int_value > 19)
@ -672,7 +672,7 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
} else {
pl->login_limit = int_value;
pl->login_limit_def = source;
}
}
}
}
return;
@ -975,8 +975,8 @@ static int setup_limits(pam_handle_t *pamh,
if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) {
#ifdef HAVE_LIBAUDIT
if (!(ctrl & PAM_NO_AUDIT)) {
pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS,
"pam_limits", PAM_PERM_DENIED);
pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS,
"pam_limits", PAM_PERM_DENIED);
/* ignore return value as we fail anyway */
}
#endif
@ -1055,12 +1055,12 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
/* Parse the *.conf files. */
for (i = 0; globbuf.gl_pathv[i] != NULL; i++) {
pl->conf_file = globbuf.gl_pathv[i];
retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl);
if (retval == PAM_IGNORE) {
retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl);
if (retval == PAM_IGNORE) {
D(("the configuration file ('%s') has an applicable '<domain> -' entry", pl->conf_file));
globfree(&globbuf);
return PAM_SUCCESS;
}
}
if (retval != PAM_SUCCESS)
goto out;
}
@ -1070,7 +1070,7 @@ out:
globfree(&globbuf);
if (retval != PAM_SUCCESS)
{
pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
return retval;
}

14
modules/pam_mkhomedir/mkhomedir_helper.c
View File

@ -272,8 +272,8 @@ create_homedir(const struct passwd *pwd,
}
/* Set the proper ownership and permissions for the module. We make
the file a+w and then mask it with the set mask. This preseves
execute bits */
the file a+w and then mask it with the set mask. This preseves
execute bits */
if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 ||
fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0)
{
@ -384,8 +384,8 @@ main(int argc, char *argv[])
pwd = getpwnam(argv[1]);
if (pwd == NULL) {
pam_syslog(NULL, LOG_ERR, "User unknown.");
return PAM_CRED_INSUFFICIENT;
pam_syslog(NULL, LOG_ERR, "User unknown.");
return PAM_CRED_INSUFFICIENT;
}
if (argc >= 3) {
@ -399,11 +399,11 @@ main(int argc, char *argv[])
}
if (argc >= 4) {
if (strlen(argv[3]) >= sizeof(skeldir)) {
if (strlen(argv[3]) >= sizeof(skeldir)) {
pam_syslog(NULL, LOG_ERR, "Too long skeldir path.");
return PAM_SESSION_ERR;
}
strcpy(skeldir, argv[3]);
}
strcpy(skeldir, argv[3]);
}
/* Stat the home directory, if something exists then we assume it is

2
modules/pam_mkhomedir/pam_mkhomedir.c
View File

@ -140,7 +140,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
for (i=0; i < (int)rlim.rlim_max; i++) {
close(i);
close(i);
}
}

2
modules/pam_namespace/md5.c
View File

@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
}
/*
* Final wrapup - pad to 64-byte boundary with the bit pattern
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)

4
modules/pam_namespace/namespace.conf
View File

@ -5,8 +5,8 @@
# Uncommenting the following three lines will polyinstantiate
# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
# be polyinstantiated based on the MLS level part of the security context as well as user
# name, Polyinstantion will not be performed for user root and adm for directories
# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
# name, Polyinstantion will not be performed for user root and adm for directories
# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
# The user name and context is appended to the instance prefix.
#
# Note that instance directories do not have to reside inside the

6
modules/pam_namespace/namespace.conf.5.xml
View File

@ -61,7 +61,7 @@
<para>
The second field, <replaceable>instance_prefix</replaceable> is
the string prefix used to build the pathname for the instantiation
of &lt;polydir&gt;. Depending on the polyinstantiation
of &lt;polydir&gt;. Depending on the polyinstantiation
<replaceable>method</replaceable> it is then appended with
"instance differentiation string" to generate the final
instance directory path. This directory is created if it did not exist
@ -75,7 +75,7 @@
<para>
The third field, <replaceable>method</replaceable>, is the method
used for polyinstantiation. It can take these values; "user"
for polyinstantiation based on user name, "level" for
for polyinstantiation based on user name, "level" for
polyinstantiation based on process MLS level and user name, "context" for
polyinstantiation based on process security context and user name,
"tmpfs" for mounting tmpfs filesystem as an instance dir, and
@ -97,7 +97,7 @@
The <replaceable>method</replaceable> field can contain also following
optional flags separated by <emphasis>:</emphasis> characters.
</para>
<para><emphasis>create</emphasis>=<replaceable>mode</replaceable>,<replaceable>owner</replaceable>,<replaceable>group</replaceable>
- create the polyinstantiated directory. The mode, owner and group parameters
are optional. The default for mode is determined by umask, the default

2
modules/pam_namespace/namespace.init
View File

@ -1,5 +1,5 @@
#!/bin/sh -p
# It receives polydir path as $1, the instance path as $2,
# It receives polydir path as $1, the instance path as $2,
# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
# and user name in $4.
#

328
modules/pam_namespace/pam_namespace.c
View File

@ -76,7 +76,7 @@ static void del_polydir_list(struct polydir_s *polydirs_ptr)
struct polydir_s *dptr = polydirs_ptr;
while (dptr) {
struct polydir_s *tptr = dptr;
struct polydir_s *tptr = dptr;
dptr = dptr->next;
del_polydir(tptr);
}
@ -163,9 +163,9 @@ static int parse_create_params(char *params, struct polydir_s *poly)
poly->group = (gid_t)ULONG_MAX;
if (*params != '=')
return 0;
return 0;
params++;
next = strchr(params, ',');
if (next != NULL) {
*next = '\0';
@ -182,7 +182,7 @@ static int parse_create_params(char *params, struct polydir_s *poly)
params = next;
if (params == NULL)
return 0;
return 0;
next = strchr(params, ',');
if (next != NULL) {
*next = '\0';
@ -200,22 +200,22 @@ static int parse_create_params(char *params, struct polydir_s *poly)
if (params == NULL || *params == '\0') {
if (pwd != NULL)
poly->group = pwd->pw_gid;
return 0;
return 0;
}
grp = getgrnam(params);
if (grp == NULL)
return -1;
return -1;
poly->group = grp->gr_gid;
return 0;
}
static int parse_iscript_params(char *params, struct polydir_s *poly)
{
if (*params != '=')
return 0;
return 0;
params++;
if (*params != '\0') {
if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */
if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1)
@ -235,11 +235,11 @@ static int parse_method(char *method, struct polydir_s *poly,
enum polymethod pm;
char *sptr = NULL;
static const char *method_names[] = { "user", "context", "level", "tmpdir",
"tmpfs", NULL };
"tmpfs", NULL };
static const char *flag_names[] = { "create", "noinit", "iscript",
"shared", NULL };
"shared", NULL };
static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT,
POLYDIR_ISCRIPT, POLYDIR_SHARED };
POLYDIR_ISCRIPT, POLYDIR_SHARED };
int i;
char *flag;
@ -247,41 +247,41 @@ static int parse_method(char *method, struct polydir_s *poly,
pm = NONE;
for (i = 0; method_names[i]; i++) {
if (strcmp(method, method_names[i]) == 0) {
pm = i + 1; /* 0 = NONE */
}
if (strcmp(method, method_names[i]) == 0) {
pm = i + 1; /* 0 = NONE */
}
}
if (pm == NONE) {
pam_syslog(idata->pamh, LOG_NOTICE, "Unknown method");
return -1;
}
poly->method = pm;
while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) {
for (i = 0; flag_names[i]; i++) {
int namelen = strlen(flag_names[i]);
for (i = 0; flag_names[i]; i++) {
int namelen = strlen(flag_names[i]);
if (strncmp(flag, flag_names[i], namelen) == 0) {
poly->flags |= flag_values[i];
switch (flag_values[i]) {
case POLYDIR_CREATE:
if (parse_create_params(flag+namelen, poly) != 0) {
if (strncmp(flag, flag_names[i], namelen) == 0) {
poly->flags |= flag_values[i];
switch (flag_values[i]) {
case POLYDIR_CREATE:
if (parse_create_params(flag+namelen, poly) != 0) {
pam_syslog(idata->pamh, LOG_CRIT, "Invalid create parameters");
return -1;
}
break;
return -1;
}
break;
case POLYDIR_ISCRIPT:
if (parse_iscript_params(flag+namelen, poly) != 0) {
case POLYDIR_ISCRIPT:
if (parse_iscript_params(flag+namelen, poly) != 0) {
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
return -1;
};
break;
}
}
}
return -1;
};
break;
}
}
}
}
return 0;
@ -337,7 +337,7 @@ static int process_line(char *line, const char *home, const char *rhome,
poly = calloc(1, sizeof(*poly));
if (poly == NULL)
goto erralloc;
goto erralloc;
/*
* Initialize and scan the five strings from the line from the
@ -383,12 +383,12 @@ static int process_line(char *line, const char *home, const char *rhome,
dir = NULL;
goto erralloc;
}
if ((dir=expand_variables(dir, var_names, var_values)) == NULL) {
instance_prefix = NULL;
goto erralloc;
}
if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values))
== NULL) {
goto erralloc;
@ -409,12 +409,12 @@ static int process_line(char *line, const char *home, const char *rhome,
if (len > 0 && rdir[len-1] == '/') {
rdir[len-1] = '\0';
}
if (dir[0] == '\0' || rdir[0] == '\0') {
pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir");
goto skipping;
pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir");
goto skipping;
}
/*
* Populate polyinstantiated directory structure with appropriate
* pathnames and the method with which to polyinstantiate.
@ -430,14 +430,14 @@ static int process_line(char *line, const char *home, const char *rhome,
strcpy(poly->instance_prefix, instance_prefix);
if (parse_method(method, poly, idata) != 0) {
goto skipping;
goto skipping;
}
if (poly->method == TMPDIR) {
if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) {
pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long");
goto skipping;
}
if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) {
pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long");
goto skipping;
}
strcat(poly->instance_prefix, "XXXXXX");
}
@ -463,7 +463,7 @@ static int process_line(char *line, const char *home, const char *rhome,
uid_t *uidptr;
const char *ustr, *sstr;
int count, i;
if (*uids == '~') {
poly->flags |= POLYDIR_EXCLUSIVE;
uids++;
@ -488,8 +488,8 @@ static int process_line(char *line, const char *home, const char *rhome,
pwd = pam_modutil_getpwnam(idata->pamh, ustr);
if (pwd == NULL) {
pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr);
poly->num_uids--;
pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr);
poly->num_uids--;
} else {
*uidptr = pwd->pw_uid;
uidptr++;
@ -508,7 +508,7 @@ static int process_line(char *line, const char *home, const char *rhome,
erralloc:
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
skipping:
if (idata->flags & PAMNS_IGN_CONFIG_ERR)
retval = 0;
@ -554,9 +554,9 @@ static int parse_config_file(struct instance_data *idata)
return PAM_SESSION_ERR;
}
if ((home=strdup(cpwd->pw_dir)) == NULL) {
pam_syslog(idata->pamh, LOG_CRIT,
"Memory allocation error");
return PAM_SESSION_ERR;
pam_syslog(idata->pamh, LOG_CRIT,
"Memory allocation error");
return PAM_SESSION_ERR;
}
cpwd = pam_modutil_getpwnam(idata->pamh, idata->ruser);
@ -568,10 +568,10 @@ static int parse_config_file(struct instance_data *idata)
}
if ((rhome=strdup(cpwd->pw_dir)) == NULL) {
pam_syslog(idata->pamh, LOG_CRIT,
"Memory allocation error");
free(home);
return PAM_SESSION_ERR;
pam_syslog(idata->pamh, LOG_CRIT,
"Memory allocation error");
free(home);
return PAM_SESSION_ERR;
}
/*
@ -594,7 +594,7 @@ static int parse_config_file(struct instance_data *idata)
fil = fopen(confname, "r");
if (fil == NULL) {
pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s",
confname);
confname);
globfree(&globbuf);
free(rhome);
free(home);
@ -625,14 +625,14 @@ static int parse_config_file(struct instance_data *idata)
if (n >= globbuf.gl_pathc)
break;
confname = globbuf.gl_pathv[n];
confname = globbuf.gl_pathv[n];
n++;
}
globfree(&globbuf);
free(rhome);
free(home);
/* All done...just some debug stuff */
if (idata->flags & PAMNS_DEBUG) {
struct polydir_s *dptr = idata->polydirs_ptr;
@ -640,7 +640,7 @@ static int parse_config_file(struct instance_data *idata)
uid_t i;
pam_syslog(idata->pamh, LOG_DEBUG,
dptr?"Configured poly dirs:":"No configured poly dirs");
dptr?"Configured poly dirs:":"No configured poly dirs");
while (dptr) {
pam_syslog(idata->pamh, LOG_DEBUG, "dir='%s' iprefix='%s' meth=%d",
dptr->dir, dptr->instance_prefix, dptr->method);
@ -667,7 +667,7 @@ static int ns_override(struct polydir_s *polyptr, struct instance_data *idata,
unsigned int i;
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
pam_syslog(idata->pamh, LOG_DEBUG,
"Checking for ns override in dir %s for uid %d",
polyptr->dir, uid);
@ -745,7 +745,7 @@ static int form_context(const struct polydir_s *polyptr,
rc = getexeccon(&scon);
}
if (rc < 0 || scon == NULL) {
pam_syslog(idata->pamh, LOG_ERR,
pam_syslog(idata->pamh, LOG_ERR,
"Error getting exec context, %m");
return PAM_SESSION_ERR;
}
@ -870,17 +870,17 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
}
pm = USER;
}
switch (pm) {
case USER:
if (asprintf(i_name, "%s", idata->user) < 0) {
*i_name = NULL;
goto fail;
}
break;
}
break;
#ifdef WITH_SELINUX
case LEVEL:
case LEVEL:
case CONTEXT:
if (selinux_trans_to_raw_context(*i_context, &rawcon) < 0) {
pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context");
@ -890,27 +890,27 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
if (asprintf(i_name, "%s", rawcon) < 0) {
*i_name = NULL;
goto fail;
}
}
} else {
if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) {
*i_name = NULL;
goto fail;
}
}
}
break;
break;
#endif /* WITH_SELINUX */
case TMPDIR:
case TMPFS:
if ((*i_name=strdup("")) == NULL)
goto fail;
goto fail;
return PAM_SUCCESS;
default:
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_ERR, "Unknown method");
goto fail;
default:
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_ERR, "Unknown method");
goto fail;
}
if (idata->flags & PAMNS_DEBUG)
@ -919,24 +919,24 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) {
hash = md5hash(*i_name, idata);
if (hash == NULL) {
goto fail;
goto fail;
}
if (idata->flags & PAMNS_GEN_HASH) {
free(*i_name);
free(*i_name);
*i_name = hash;
hash = NULL;
} else {
char *newname;
if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash),
*i_name, hash) < 0) {
goto fail;
}
free(*i_name);
*i_name = newname;
char *newname;
if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash),
*i_name, hash) < 0) {
goto fail;
}
free(*i_name);
*i_name = newname;
}
}
rc = PAM_SUCCESS;
fail:
free(hash);
#ifdef WITH_SELINUX
@ -959,34 +959,34 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata)
{
struct protect_dir_s *dir = idata->protect_dirs;
char tmpbuf[64];
while (dir != NULL) {
if (strcmp(path, dir->dir) == 0) {
return 0;
}
dir = dir->next;
}
dir = calloc(1, sizeof(*dir));
if (dir == NULL) {
return -1;
}
dir->dir = strdup(path);
if (dir->dir == NULL) {
free(dir);
return -1;
}
snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd);
if (idata->flags & PAMNS_DEBUG) {
pam_syslog(idata->pamh, LOG_INFO,
"Protect mount of %s over itself", path);
}
if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) {
int save_errno = errno;
pam_syslog(idata->pamh, LOG_ERR,
@ -996,7 +996,7 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata)
errno = save_errno;
return -1;
}
dir->next = idata->protect_dirs;
idata->protect_dirs = dir;
@ -1019,15 +1019,15 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always,
if (p == NULL) {
goto error;
}
if (*dir == '/') {
dfd = open("/", flags);
if (dfd == -1) {
goto error;
}
dir++; /* assume / is safe */
dir++; /* assume / is safe */
}
while ((d=strchr(dir, '/')) != NULL) {
*d = '\0';
dfd_next = openat(dfd, dir, flags);
@ -1042,8 +1042,8 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always,
if (fstat(dfd, &st) != 0) {
goto error;
}
if (flags & O_NOFOLLOW) {
if (flags & O_NOFOLLOW) {
/* we are inside user-owned dir - protect */
if (protect_mount(dfd, p, idata) == -1)
goto error;
@ -1058,14 +1058,14 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always,
}
rv = openat(dfd, dir, flags);
if (rv == -1) {
if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) {
goto error;
}
rv = openat(dfd, dir, flags);
}
if (rv != -1) {
if (fstat(rv, &st) != 0) {
save_errno = errno;
@ -1082,7 +1082,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always,
}
}
if ((flags & O_NOFOLLOW) || always) {
if ((flags & O_NOFOLLOW) || always) {
/* we are inside user-owned dir - protect */
if (protect_mount(rv, p, idata) == -1) {
save_errno = errno;
@ -1251,7 +1251,7 @@ static int create_polydir(struct polydir_s *polyptr,
pam_syslog(idata->pamh, LOG_DEBUG,
"Polydir %s context: %s", dir, (char *)dircon);
if (setfscreatecon(dircon) != 0)
pam_syslog(idata->pamh, LOG_NOTICE,
pam_syslog(idata->pamh, LOG_NOTICE,
"Error setting context for directory %s: %m", dir);
freecon(dircon);
}
@ -1279,15 +1279,15 @@ static int create_polydir(struct polydir_s *polyptr,
pam_syslog(idata->pamh, LOG_DEBUG, "Created polydir %s", dir);
if (polyptr->mode != (mode_t)ULONG_MAX) {
/* explicit mode requested */
if (fchmod(rc, mode) != 0) {
/* explicit mode requested */
if (fchmod(rc, mode) != 0) {
pam_syslog(idata->pamh, LOG_ERR,
"Error changing mode of directory %s: %m", dir);
"Error changing mode of directory %s: %m", dir);
close(rc);
umount(dir); /* undo the eventual protection bind mount */
rmdir(dir);
return PAM_SESSION_ERR;
}
rmdir(dir);
return PAM_SESSION_ERR;
}
}
if (polyptr->owner != (uid_t)ULONG_MAX)
@ -1345,14 +1345,14 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *
* attributes to match that of the original directory that is being
* polyinstantiated.
*/
if (polyptr->method == TMPDIR) {
if (mkdtemp(polyptr->instance_prefix) == NULL) {
if (mkdtemp(polyptr->instance_prefix) == NULL) {
pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m",
polyptr->instance_prefix);
polyptr->method = NONE; /* do not clean up! */
return PAM_SESSION_ERR;
}
}
/* copy the actual directory name to ipath */
strcpy(ipath, polyptr->instance_prefix);
} else if (mkdir(ipath, S_IRUSR) < 0) {
@ -1452,21 +1452,21 @@ static int ns_setup(struct polydir_s *polyptr,
if (retval < 0 && errno != ENOENT) {
pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m",
polyptr->dir);
return PAM_SESSION_ERR;
return PAM_SESSION_ERR;
}
if (retval < 0) {
if ((polyptr->flags & POLYDIR_CREATE) &&
if ((polyptr->flags & POLYDIR_CREATE) &&
create_polydir(polyptr, idata) != PAM_SUCCESS)
return PAM_SESSION_ERR;
} else {
close(retval);
close(retval);
}
if (polyptr->method == TMPFS) {
if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) {
pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m",
polyptr->dir);
polyptr->dir);
return PAM_SESSION_ERR;
}
@ -1481,7 +1481,7 @@ static int ns_setup(struct polydir_s *polyptr,
polyptr->dir);
return PAM_SESSION_ERR;
}
/*
* Obtain the name of instance pathname based on the
* polyinstantiation method and instance context returned by
@ -1495,8 +1495,8 @@ static int ns_setup(struct polydir_s *polyptr,
#endif
if (retval != PAM_SUCCESS) {
if (retval != PAM_IGNORE)
pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name");
if (retval != PAM_IGNORE)
pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name");
goto cleanup;
} else {
#ifdef WITH_SELINUX
@ -1526,8 +1526,8 @@ static int ns_setup(struct polydir_s *polyptr,
#endif
if (retval == PAM_IGNORE) {
newdir = 0;
retval = PAM_SUCCESS;
newdir = 0;
retval = PAM_SUCCESS;
}
if (retval != PAM_SUCCESS) {
@ -1647,7 +1647,7 @@ static int cleanup_tmpdirs(struct instance_data *idata)
}
if (!WIFEXITED(status) || WIFSIGNALED(status) > 0) {
pam_syslog(idata->pamh, LOG_ERR,
"Error removing %s", pptr->instance_prefix);
"Error removing %s", pptr->instance_prefix);
}
} else if (pid < 0) {
pam_syslog(idata->pamh, LOG_ERR,
@ -1686,14 +1686,14 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
if (ns_override(pptr, idata, idata->uid)) {
if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) {
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) {
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Overriding poly for user %d for dir %s",
idata->uid, pptr->dir);
} else {
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG,
"Need unmount ns for user %d for dir %s",
idata->ruid, pptr->dir);
need_poly = 1;
@ -1721,7 +1721,7 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
return PAM_SESSION_ERR;
}
} else {
del_polydir_list(idata->polydirs_ptr);
del_polydir_list(idata->polydirs_ptr);
return PAM_SUCCESS;
}
@ -1768,12 +1768,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
* are available from
*/
strcpy(poly_parent, pptr->rdir);
fptr = strchr(poly_parent, '/');
cptr = strrchr(poly_parent, '/');
if (fptr && cptr && (fptr == cptr))
strcpy(poly_parent, "/");
else if (cptr)
*cptr = '\0';
fptr = strchr(poly_parent, '/');
cptr = strrchr(poly_parent, '/');
if (fptr && cptr && (fptr == cptr))
strcpy(poly_parent, "/");
else if (cptr)
*cptr = '\0';
if (chdir(poly_parent) < 0) {
pam_syslog(idata->pamh, LOG_ERR,
"Can't chdir to %s, %m", poly_parent);
@ -1781,12 +1781,12 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
}
if (umount(pptr->rdir) < 0) {
int saved_errno = errno;
pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m",
pptr->rdir);
if (saved_errno != EINVAL) {
retval = PAM_SESSION_ERR;
goto out;
int saved_errno = errno;
pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m",
pptr->rdir);
if (saved_errno != EINVAL) {
retval = PAM_SESSION_ERR;
goto out;
}
} else if (idata->flags & PAMNS_DEBUG)
pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s",
@ -1803,20 +1803,20 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
}
out:
if (retval != PAM_SUCCESS) {
cleanup_tmpdirs(idata);
unprotect_dirs(idata->protect_dirs);
cleanup_tmpdirs(idata);
unprotect_dirs(idata->protect_dirs);
} else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs,
cleanup_protect_data) != PAM_SUCCESS) {
cleanup_protect_data) != PAM_SUCCESS) {
pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data");
cleanup_tmpdirs(idata);
unprotect_dirs(idata->protect_dirs);
cleanup_tmpdirs(idata);
unprotect_dirs(idata->protect_dirs);
return PAM_SYSTEM_ERR;
} else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr,
cleanup_polydir_data) != PAM_SUCCESS) {
cleanup_polydir_data) != PAM_SUCCESS) {
pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data");
cleanup_tmpdirs(idata);
pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
idata->protect_dirs = NULL;
cleanup_tmpdirs(idata);
pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
idata->protect_dirs = NULL;
return PAM_SYSTEM_ERR;
}
return retval;
@ -1943,7 +1943,7 @@ static int get_user_data(struct instance_data *idata)
int retval;
char *user_name;
struct passwd *pwd;
/*
/*
* Lookup user and fill struct items
*/
retval = pam_get_item(idata->pamh, PAM_USER, (void*) &user_name );
@ -1969,10 +1969,10 @@ static int get_user_data(struct instance_data *idata)
/* Fill in RUSER too */
retval = pam_get_item(idata->pamh, PAM_RUSER, (void*) &user_name );
if ( user_name != NULL && retval == PAM_SUCCESS && user_name[0] != '\0' ) {
strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1);
pwd = pam_modutil_getpwnam(idata->pamh, user_name);
strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1);
pwd = pam_modutil_getpwnam(idata->pamh, user_name);
} else {
pwd = pam_modutil_getpwuid(idata->pamh, getuid());
pwd = pam_modutil_getpwuid(idata->pamh, getuid());
}
if (!pwd) {
pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name);
@ -2005,7 +2005,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
#ifdef WITH_SELINUX
if (is_selinux_enabled())
idata.flags |= PAMNS_SELINUX_ENABLED;
if (ctxt_based_inst_needed())
if (ctxt_based_inst_needed())
idata.flags |= PAMNS_CTXT_BASED_INST;
#endif
@ -2036,7 +2036,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
unmnt = UNMNT_ONLY;
if (strcmp(argv[i], "require_selinux") == 0) {
if (!(idata.flags & PAMNS_SELINUX_ENABLED)) {
pam_syslog(idata.pamh, LOG_ERR,
pam_syslog(idata.pamh, LOG_ERR,
"selinux_required option given and selinux is disabled");
return PAM_SESSION_ERR;
}
@ -2047,7 +2047,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
retval = get_user_data(&idata);
if (retval != PAM_SUCCESS)
return retval;
return retval;
if (root_shared()) {
idata.flags |= PAMNS_MOUNT_PRIVATE;
@ -2135,13 +2135,13 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
retval = get_user_data(&idata);
if (retval != PAM_SUCCESS)
return retval;
return retval;
retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, (const void **)&polyptr);
if (retval != PAM_SUCCESS || polyptr == NULL)
/* nothing to reset */
return PAM_SUCCESS;
/* nothing to reset */
return PAM_SUCCESS;
idata.polydirs_ptr = polyptr;
if (idata.flags & PAMNS_DEBUG)
@ -2160,7 +2160,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL);
pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
return PAM_SUCCESS;
}

7
modules/pam_namespace/pam_namespace.h
View File

@ -1,5 +1,5 @@
/******************************************************************************
* A module for Linux-PAM that will set the default namespace after
* A module for Linux-PAM that will set the default namespace after
* establishing a session via PAM.
*
* (C) Copyright IBM Corporation 2005
@ -134,9 +134,9 @@ enum polymethod {
/*
* Depending on the application using this namespace module, we
* may need to unmount priviously bind mounted instance directory.
* Applications such as login and sshd, that establish a new
* Applications such as login and sshd, that establish a new
* session unmount of instance directory is not needed. For applications
* such as su and newrole, that switch the identity, this module
* such as su and newrole, that switch the identity, this module
* has to unmount previous instance directory first and re-mount
* based on the new indentity. For other trusted applications that
* just want to undo polyinstantiation, only unmount of previous
@ -182,4 +182,3 @@ struct instance_data {
uid_t ruid; /* The uid of the requesting user */
unsigned long flags; /* Flags for debug, selinux etc */
};

4
modules/pam_pwhistory/opasswd.c
View File

@ -395,7 +395,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid,
entry.user, entry.uid, entry.count,
oldpass) < 0)
{
free (save);
free (save);
retval = PAM_AUTHTOK_ERR;
fclose (oldpf);
fclose (newpf);
@ -408,7 +408,7 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid,
entry.user, entry.uid, entry.count,
entry.old_passwords, oldpass) < 0)
{
free (save);
free (save);
retval = PAM_AUTHTOK_ERR;
fclose (oldpf);
fclose (newpf);

4
modules/pam_securetty/pam_securetty.c
View File

@ -203,9 +203,9 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
for (n = p; n != NULL; p = n+1) {
if ((n = strchr(p, ' ')) != NULL)
*n = '\0';
*n = '\0';
if (strcmp(p, uttyname) == 0) {
if (strcmp(p, uttyname) == 0) {
retval = 0;
break;
}

3
modules/pam_selinux/Makefile.am
View File

@ -10,7 +10,7 @@ EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
if HAVE_LIBSELINUX
TESTS = tst-pam_selinux
man_MANS = pam_selinux.8
man_MANS = pam_selinux.8
endif
XMLS = README.xml pam_selinux.8.xml
@ -40,4 +40,3 @@ noinst_DATA = README pam_selinux.8
README: pam_selinux.8.xml
-include $(top_srcdir)/Make.xml.rules
endif

44
modules/pam_selinux/pam_selinux.c
View File

@ -142,7 +142,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def,
char **response, int debug)
{
int rc;
if (def)
if (def)
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def);
else
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text);
@ -150,7 +150,7 @@ query_response (pam_handle_t *pamh, const char *text, const char *def,
if (*response == NULL) {
rc = PAM_CONV_ERR;
}
if (rc != PAM_SUCCESS) {
pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text);
} else if (debug)
@ -190,11 +190,11 @@ manual_context (pam_handle_t *pamh, const char *user, int debug)
/* Allow the user to enter each field of the context individually */
if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS &&
response[0] != '\0') {
if (context_role_set (new_context, response))
if (context_role_set (new_context, response))
goto fail_set;
if (get_default_type(response, &type))
if (get_default_type(response, &type))
goto fail_set;
if (context_type_set (new_context, type))
if (context_type_set (new_context, type))
goto fail_set;
_pam_drop(type);
}
@ -283,7 +283,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
while (1) {
if (query_response(pamh,
_("Would you like to enter a different role or level?"), "n",
_("Would you like to enter a different role or level?"), "n",
&response, debug) == PAM_SUCCESS) {
resp_val = response[0];
_pam_drop(response);
@ -293,22 +293,22 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
if ((resp_val == 'y') || (resp_val == 'Y'))
{
if ((new_context = context_new(defaultcon)) == NULL)
goto fail_set;
goto fail_set;
/* Allow the user to enter role and level individually */
if (query_response(pamh, _("role:"), context_role_get(new_context),
if (query_response(pamh, _("role:"), context_role_get(new_context),
&response, debug) == PAM_SUCCESS && response[0]) {
if (get_default_type(response, &type)) {
pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response);
_pam_drop(response);
continue;
} else {
if (context_role_set(new_context, response))
if (context_role_set(new_context, response))
goto fail_set;
if (context_type_set (new_context, type))
goto fail_set;
_pam_drop(type);
}
}
}
_pam_drop(response);
@ -320,9 +320,9 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
if (getcon(&mycon) != 0)
goto fail_set;
my_context = context_new(mycon);
my_context = context_new(mycon);
if (my_context == NULL) {
freecon(mycon);
freecon(mycon);
goto fail_set;
}
freecon(mycon);
@ -331,11 +331,11 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
goto fail_set;
}
context_free(my_context);
} else if (query_response(pamh, _("level:"), context_range_get(new_context),
} else if (query_response(pamh, _("level:"), context_range_get(new_context),
&response, debug) == PAM_SUCCESS && response[0]) {
if (context_range_set(new_context, response))
goto fail_set;
}
}
_pam_drop(response);
}
@ -355,7 +355,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
send_audit_message(pamh, 0, defaultcon, newcon);
send_audit_message(pamh, 0, defaultcon, newcon);
free(newcon);
goto fail_range;
@ -380,7 +380,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
context_free (new_context);
send_audit_message(pamh, 0, defaultcon, NULL);
fail_range:
return NULL;
return NULL;
}
static security_context_t
@ -405,7 +405,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env);
goto fail_set;
} else {
if (context_role_set(new_context, env))
if (context_role_set(new_context, env))
goto fail_set;
if (context_type_set(new_context, type))
goto fail_set;
@ -449,7 +449,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon);
/* Get the string value of the context and see if it is valid. */
if (security_check_context(newcon)) {
pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon);
@ -623,7 +623,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
env_params = 1;
}
}
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Open Session");
@ -656,9 +656,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
#else
if (getseuserbyname(username, &seuser, &level) == 0) {
#endif
num_contexts = get_ordered_context_list_with_level(seuser,
num_contexts = get_ordered_context_list_with_level(seuser,
level,
NULL,
NULL,
&contextlist);
if (debug)
pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
@ -692,7 +692,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
return PAM_SUCCESS;
}
}
else {
else {
if (seuser != NULL) {
user_context = manual_context(pamh,seuser,debug);
free(seuser);

2
modules/pam_selinux/pam_selinux_check.8
View File

@ -29,7 +29,7 @@ returns an exit code of 0 for success and > 0 on error:
pam_selinux(8)
.SH BUGS
Let's hope not, but if you find any, please email the author.
Let's hope not, but if you find any, please email the author.
.SH AUTHOR
Dan Walsh <dwalsh@redhat.com>

15
modules/pam_sepermit/pam_sepermit.c
View File

@ -85,11 +85,11 @@ match_process_uid(pid_t pid, uid_t uid)
uid_t puid;
FILE *f;
int re = 0;
snprintf (buf, sizeof buf, PROC_BASE "/%d/status", pid);
if (!(f = fopen (buf, "r")))
return 0;
while (fgets(buf, sizeof buf, f)) {
if (sscanf (buf, "Uid:\t%d", &puid)) {
re = uid == puid;
@ -246,9 +246,9 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
int matched = 0;
int exclusive = 0;
int ignore = 0;
f = fopen(cfgfile, "r");
if (!f) {
pam_syslog(pamh, LOG_ERR, "Failed to open config file %s: %m", cfgfile);
return PAM_SERVICE_ERR;
@ -276,7 +276,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
start = strtok_r(start, OPT_DELIM, &sptr);
switch (start[0]) {
case '@':
case '@':
++start;
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Matching user %s against group %s", user, start);
@ -411,9 +411,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
}
#ifdef PAM_STATIC
/* static module data */
struct pam_module _pam_sepermit_modstruct = {
"pam_sepermit",
pam_sm_authenticate,
@ -424,4 +424,3 @@ struct pam_module _pam_sepermit_modstruct = {
NULL
};
#endif

2
modules/pam_shells/pam_shells.c
View File

@ -57,7 +57,7 @@ static int perform_check(pam_handle_t *pamh)
return PAM_SERVICE_ERR;
/* It could still be NULL the second time. */
if (!userName || (userName[0] == '\0'))
if (!userName || (userName[0] == '\0'))
return PAM_SERVICE_ERR;
}

2
modules/pam_stress/pam_stress.c
View File

@ -62,7 +62,7 @@ _pam_report (const pam_handle_t *pamh, int ctrl, const char *name,
pam_syslog(pamh, LOG_DEBUG, "CALLED: %s", name);
pam_syslog(pamh, LOG_DEBUG, "FLAGS : 0%o%s",
flags, (flags & PAM_SILENT) ? " (silent)":"");
pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl);
pam_syslog(pamh, LOG_DEBUG, "CTRL = 0%o", ctrl);
pam_syslog(pamh, LOG_DEBUG, "ARGV :");
while (argc--) {
pam_syslog(pamh, LOG_DEBUG, " \"%s\"", *argv++);

40
modules/pam_tally/pam_tally.c
View File

@ -134,7 +134,7 @@ static void
log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
{
if ( phase != PHASE_AUTH ) {
pam_syslog(pamh, LOG_ERR,
pam_syslog(pamh, LOG_ERR,
"option %s allowed in auth phase only", argv);
}
}
@ -194,12 +194,12 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
else if ( ! strcmp( *argv, "per_user" ) )
{
log_phase_no_auth(pamh, phase, *argv);
opts->ctrl |= OPT_PER_USER;
opts->ctrl |= OPT_PER_USER;
}
else if ( ! strcmp( *argv, "no_lock_time") )
{
log_phase_no_auth(pamh, phase, *argv);
opts->ctrl |= OPT_NO_LOCK_TIME;
opts->ctrl |= OPT_NO_LOCK_TIME;
}
else if ( ! strcmp( *argv, "no_reset" ) ) {
opts->ctrl |= OPT_NO_RESET;
@ -463,19 +463,19 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
(void) pam_get_item(pamh, PAM_RHOST, &remote_host);
if (!remote_host) {
(void) pam_get_item(pamh, PAM_TTY, &cur_tty);
(void) pam_get_item(pamh, PAM_TTY, &cur_tty);
if (!cur_tty) {
strncpy(fsp->fs_faillog.fail_line, "unknown",
strncpy(fsp->fs_faillog.fail_line, "unknown",
sizeof(fsp->fs_faillog.fail_line) - 1);
fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
} else {
strncpy(fsp->fs_faillog.fail_line, cur_tty,
strncpy(fsp->fs_faillog.fail_line, cur_tty,
sizeof(fsp->fs_faillog.fail_line)-1);
fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
}
} else {
strncpy(fsp->fs_faillog.fail_line, remote_host,
strncpy(fsp->fs_faillog.fail_line, remote_host,
(size_t)sizeof(fsp->fs_faillog.fail_line));
fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
}
@ -534,8 +534,8 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
if (lock_time && oldtime
&& !(opts->ctrl & OPT_NO_LOCK_TIME) )
{
if ( lock_time + oldtime > time(NULL) )
{
if ( lock_time + oldtime > time(NULL) )
{
if (!(opts->ctrl & OPT_SILENT))
pam_info (pamh,
_("Account temporary locked (%ld seconds left)"),
@ -543,19 +543,19 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
if (!(opts->ctrl & OPT_NOLOGNOTICE))
pam_syslog (pamh, LOG_NOTICE,
"user %s (%lu) has time limit [%lds left]"
"user %s (%lu) has time limit [%lds left]"
" since last failure.",
user, (unsigned long int) uid,
oldtime+lock_time-time(NULL));
return PAM_AUTH_ERR;
}
return PAM_AUTH_ERR;
}
}
if (opts->unlock_time && oldtime)
{
if ( opts->unlock_time + oldtime <= time(NULL) )
{ /* ignore deny check after unlock_time elapsed */
return PAM_SUCCESS;
}
if ( opts->unlock_time + oldtime <= time(NULL) )
{ /* ignore deny check after unlock_time elapsed */
return PAM_SUCCESS;
}
}
if (
( deny != 0 ) && /* deny==0 means no deny */
@ -599,8 +599,8 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
if (tally == 0)
{
fsp->fs_faillog.fail_time = (time_t) 0;
strcpy(fsp->fs_faillog.fail_line, "");
fsp->fs_faillog.fail_time = (time_t) 0;
strcpy(fsp->fs_faillog.fail_line, "");
}
i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp);
@ -866,8 +866,8 @@ int main ( int argc UNUSED, char **argv )
if ( ! fread((char *) &fsp->fs_faillog,
sizeof (struct faillog), 1, TALLY)
|| ! fsp->fs_faillog.fail_cnt ) {
continue;
}
continue;
}
tally = fsp->fs_faillog.fail_cnt;
if ( ( pw=getpwuid(uid) ) ) {

1
modules/pam_tally/pam_tally_app.c
View File

@ -4,4 +4,3 @@
#define MAIN
#include "pam_tally.c"

38
modules/pam_tally2/pam_tally2.c
View File

@ -159,7 +159,7 @@ static void
log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
{
if ( phase != PHASE_AUTH ) {
pam_syslog(pamh, LOG_ERR,
pam_syslog(pamh, LOG_ERR,
"option %s allowed in auth phase only", argv);
}
}
@ -407,7 +407,7 @@ get_tally(pam_handle_t *pamh, uid_t uid, const char *filename,
if ((*tfile = open(filename, O_RDWR)) == -1) {
#ifndef MAIN
if (errno == EACCES) /* called with insufficient access rights */
return PAM_IGNORE;
return PAM_IGNORE;
#endif
pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename);
@ -418,7 +418,7 @@ skip_open:
if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) {
pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename);
if (!preopened) {
close(*tfile);
close(*tfile);
*tfile = -1;
}
return PAM_AUTH_ERR;
@ -536,30 +536,30 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
if (uid) {
/* Unlock time check */
if (opts->unlock_time && oldtime) {
if (opts->unlock_time + oldtime <= time(NULL)) {
if (opts->unlock_time + oldtime <= time(NULL)) {
/* ignore deny check after unlock_time elapsed */
#ifdef HAVE_LIBAUDIT
snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
NULL, NULL, NULL, 1);
#endif
rv = PAM_SUCCESS;
goto cleanup;
}
rv = PAM_SUCCESS;
goto cleanup;
}
}
} else {
/* Root unlock time check */
if (opts->root_unlock_time && oldtime) {
if (opts->root_unlock_time + oldtime <= time(NULL)) {
/* ignore deny check after unlock_time elapsed */
/* ignore deny check after unlock_time elapsed */
#ifdef HAVE_LIBAUDIT
snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
NULL, NULL, NULL, 1);
#endif
rv = PAM_SUCCESS;
goto cleanup;
}
rv = PAM_SUCCESS;
goto cleanup;
}
}
}
@ -597,7 +597,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
oldtime+opts->lock_time-time(NULL));
}
if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
pam_syslog(pamh, LOG_NOTICE,
pam_syslog(pamh, LOG_NOTICE,
"user %s (%lu) has time limit [%lds left]"
" since last failure.",
user, (unsigned long)uid,
@ -605,7 +605,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
}
rv = PAM_AUTH_ERR;
goto cleanup;
}
}
}
cleanup:
@ -648,10 +648,10 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
(void) pam_get_item(pamh, PAM_RHOST, &remote_host);
if (!remote_host) {
(void) pam_get_item(pamh, PAM_TTY, &remote_host);
(void) pam_get_item(pamh, PAM_TTY, &remote_host);
if (!remote_host) {
remote_host = "unknown";
}
remote_host = "unknown";
}
}
strncpy(tally.fail_line, remote_host,
@ -1019,14 +1019,14 @@ main( int argc UNUSED, char **argv )
FILE *tfile=fopen(cline_filename, "r");
uid_t uid=0;
if (!tfile && cline_reset != 0) {
perror(*argv);
exit(1);
perror(*argv);
exit(1);
}
for ( ; tfile && !feof(tfile); uid++ ) {
if ( !fread(&tally, sizeof(tally), 1, tfile)
|| !tally.fail_cnt ) {
continue;
continue;
}
print_one(&tally, uid);
}

1
modules/pam_tally2/pam_tally2_app.c
View File

@ -4,4 +4,3 @@
#define MAIN
#include "pam_tally2.c"

4
modules/pam_time/pam_time.c
View File

@ -135,7 +135,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
return -1;
}
}
if (*from > 0)
to = shift_buf(*buf, *from);
@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
#ifdef HAVE_LIBAUDIT
if (!(ctrl & PAM_NO_AUDIT)) {
pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_TIME,
"pam_time", rv); /* ignore return value as we fail anyway */
"pam_time", rv); /* ignore return value as we fail anyway */
}
#endif
if (ctrl & PAM_DEBUG_ARG) {

2
modules/pam_time/time.conf
View File

@ -1,4 +1,4 @@
# this is an example configuration file for the pam_time module. Its syntax
# this is an example configuration file for the pam_time module. Its syntax
# was initially based heavily on that of the shadow package (shadow-960129).
#
# the syntax of the lines is as follows:

2
modules/pam_time/time.conf.5.xml
View File

@ -119,7 +119,7 @@ login ; tty* &amp; !ttyp* ; !root ; !Al0000-2400
Games (configured to use PAM) are only to be accessed out of
working hours. This rule does not apply to the user
<emphasis>waster</emphasis>:
<programlisting>
<programlisting>
games ; * ; !waster ; Wd0000-2400 | Wk1800-0800
</programlisting>
</para>

2
modules/pam_timestamp/hmacfile.c
View File

@ -63,7 +63,7 @@ testvectors(void)
"b617318655057264e28bc0b6fb378c8ef146be00",
},
#ifdef HMAC_ALLOW_SHORT_KEYS
#ifdef HMAC_ALLOW_SHORT_KEYS
{
"Jefe", 4,
"what do ya want for nothing?", 28,

4
modules/pam_timestamp/hmacsha1.c
View File

@ -69,8 +69,8 @@ hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size,
pam_syslog(pamh, LOG_ERR, "Cannot create %s: %m", filename);
return;
}
if (fchown(keyfd, owner, group) == -1) {
pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename);
return;

1
modules/pam_timestamp/pam_timestamp.8.xml
View File

@ -186,4 +186,3 @@ session optional pam_timestamp.so
</refsect1>
</refentry>

1
modules/pam_timestamp/pam_timestamp_check.8.xml
View File

@ -205,4 +205,3 @@ session optional pam_timestamp.so
</refsect1>
</refentry>

2
modules/pam_timestamp/sha1.c
View File

@ -185,7 +185,7 @@ size_t
sha1_output(struct sha1_context *ctx, unsigned char *out)
{
struct sha1_context ctx2;
/* Output the sum. */
if (out != NULL) {
u_int32_t c;

5
modules/pam_unix/CHANGELOG
View File

@ -8,7 +8,7 @@ $Id$
- temporarily removed the crypt16 stuff. I'm really paranoid about
crypto stuff and exporting it, and there are a few too many 's-box'
references in the code for my liking..
* Wed Jun 30 1999 Steve Langasek <vorlon@netexpress.net>
- further NIS+ fixes
@ -50,6 +50,5 @@ $Id$
is too lame to use it in real life)
* Sun Mar 21 1999 Jan Rêkorajski <baggins@mimuw.edu.pl>
- pam_unix_auth now correctly behave when user has NULL AUTHTOK
- pam_unix_auth now correctly behave when user has NULL AUTHTOK
- pam_unix_auth returns PAM_PERM_DENIED when seteuid fails

8
modules/pam_unix/bigcrypt.c
View File

@ -1,20 +1,20 @@
/*
* This function implements the "bigcrypt" algorithm specifically for
* Linux-PAM.
*
*
* This algorithm is algorithm 0 (default) shipped with the C2 secure
* implementation of Digital UNIX.
*
*
* Disclaimer: This work is not based on the source code to Digital
* UNIX, nor am I connected to Digital Equipment Corp, in any way
* other than as a customer. This code is based on published
* interfaces and reasonable guesswork.
*
*
* Description: The cleartext is divided into blocks of SEGMENT_SIZE=8
* characters or less. Each block is encrypted using the standard UNIX
* libc crypt function. The result of the encryption for one block
* provides the salt for the suceeding block.
*
*
* Restrictions: The buffer used to hold the encrypted result is
* statically allocated. (see MAX_PASS_LEN below). This is necessary,
* as the returned pointer points to "static data that are overwritten

2
modules/pam_unix/md5.c
View File

@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
}
/*
* Final wrapup - pad to 64-byte boundary with the bit pattern
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)

2
modules/pam_unix/pam_unix_auth.c
View File

@ -206,7 +206,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED,
don't worry about an explicit check of argv. */
if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS
&& pretval) {
retval = *(const int *)pretval;
retval = *(const int *)pretval;
pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
D(("recovered data indicates that old retval was %d", retval));
}

4
modules/pam_unix/pam_unix_passwd.c
View File

@ -212,7 +212,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
rlim.rlim_max = MAX_FD_NO;
for (i=0; i < (int)rlim.rlim_max; i++) {
if (i != STDIN_FILENO)
close(i);
close(i);
}
}
@ -262,7 +262,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
} else {
D(("fork failed"));
close(fds[0]);
close(fds[1]);
close(fds[1]);
retval = PAM_AUTH_ERR;
}

5
modules/pam_unix/pam_unix_sess.c
View File

@ -16,13 +16,13 @@
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@ -140,4 +140,3 @@ struct pam_module _pam_unix_session_modstruct = {
NULL,
};
#endif

20
modules/pam_unix/passverify.c
View File

@ -89,17 +89,17 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
} else {
if (!strncmp(hash, "$1$", 3)) {
pp = Goodcrypt_md5(p, hash);
if (pp && strcmp(pp, hash) != 0) {
if (pp && strcmp(pp, hash) != 0) {
_pam_delete(pp);
pp = Brokencrypt_md5(p, hash);
}
}
} else if (*hash != '$' && hash_len >= 13) {
pp = bigcrypt(p, hash);
if (pp && hash_len == 13 && strlen(pp) > hash_len) {
pp = bigcrypt(p, hash);
if (pp && hash_len == 13 && strlen(pp) > hash_len) {
_pam_overwrite(pp + hash_len);
}
}
} else {
/*
/*
* Ok, we don't know the crypt algorithm, but maybe
* libcrypt knows about it? We should try it.
*/
@ -448,12 +448,12 @@ unix_selinux_confined(void)
char tempfile[]="/etc/.pwdXXXXXX";
if (confined != -1)
return confined;
return confined;
/* cannot be confined without SELinux enabled */
if (!SELINUX_ENABLED){
confined = 0;
return confined;
confined = 0;
return confined;
}
/* let's try opening shadow read only */
@ -633,7 +633,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
char *sptr = NULL;
found = 1;
if (howmany == 0)
continue;
continue;
buf[strlen(buf) - 1] = '\0';
s_luser = strtok_r(buf, ":", &sptr);
s_uid = strtok_r(NULL, ":", &sptr);

4
modules/pam_unix/support.c
View File

@ -475,7 +475,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
rlim.rlim_max = MAX_FD_NO;
for (i=0; i < (int)rlim.rlim_max; i++) {
if (i != STDIN_FILENO)
close(i);
close(i);
}
}
@ -530,7 +530,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
} else {
D(("fork failed"));
close(fds[0]);
close(fds[1]);
close(fds[1]);
retval = PAM_AUTH_ERR;
}

2
modules/pam_unix/unix_update.c
View File

@ -62,7 +62,7 @@ set_password(const char *forwho, const char *shadow, const char *remember)
}
if (lock_pwdf() != PAM_SUCCESS)
return PAM_AUTHTOK_LOCK_BUSY;
return PAM_AUTHTOK_LOCK_BUSY;
pwd = getpwnam(forwho);

Some files were not shown because too many files have changed in this diff Show More