vendor/openpam/RADULA

author: Dag-Erling Smørgrav <des@FreeBSD.org> 2017-02-19 21:00:46 +0000
committer: Dag-Erling Smørgrav <des@FreeBSD.org> 2017-02-19 21:00:46 +0000
commit: 04e30652172d69d399641893e6a801503a0a1f8f (patch)
tree: 13dc6a841647bee3f58db67dea6c46970b923e12 /lib/libpam
parent: d2afd010d41e1acf0fe4e164246c8055368bf503 (diff)
26 files changed, 150 insertions, 126 deletions
diff --git a/lib/libpam/Makefile.am b/lib/libpam/Makefile.am
index a7781d656786f..faf0dd553f218 100644
--- a/lib/libpam/Makefile.am
+++ b/lib/libpam/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $
+# $Id: Makefile.am 833 2014-10-28 09:03:41Z des $
 
 NULL =
 
@@ -79,8 +79,8 @@ libpam_la_SOURCES = \
 	pam_vprompt.c \
 	$(NULL)
 
-libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
-libpam_la_LIBADD = @DL_LIBS@
+libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
+libpam_la_LIBADD = $(DL_LIBS)
 
 EXTRA_DIST = \
 	pam_authenticate_secondary.c \
diff --git a/lib/libpam/Makefile.in b/lib/libpam/Makefile.in
index f2971163e0ed7..7e73926685d4b 100644
--- a/lib/libpam/Makefile.in
+++ b/lib/libpam/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -14,11 +14,21 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $
+# $Id: Makefile.am 833 2014-10-28 09:03:41Z des $
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -82,12 +92,15 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = lib/libpam
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/depcomp $(noinst_HEADERS)
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -121,7 +134,8 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(libdir)"
 LTLIBRARIES = $(lib_LTLIBRARIES)
-libpam_la_DEPENDENCIES =
+am__DEPENDENCIES_1 =
+libpam_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am__objects_1 =
 am_libpam_la_OBJECTS = openpam_asprintf.lo openpam_borrow_cred.lo \
 	openpam_check_owner_perms.lo openpam_configure.lo \
@@ -211,6 +225,7 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -225,6 +240,7 @@ CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYB_TEST_LIBS = @CRYB_TEST_LIBS@
 CRYPTO_LIBS = @CRYPTO_LIBS@
 CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
@@ -255,6 +271,7 @@ LIB_MAJ = @LIB_MAJ@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -278,6 +295,7 @@ SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
+SYSTEM_LIBPAM = @SYSTEM_LIBPAM@
 VERSION = @VERSION@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
@@ -407,8 +425,8 @@ libpam_la_SOURCES = \
 	pam_vprompt.c \
 	$(NULL)
 
-libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
-libpam_la_LIBADD = @DL_LIBS@
+libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
+libpam_la_LIBADD = $(DL_LIBS)
 EXTRA_DIST = \
 	pam_authenticate_secondary.c \
 	pam_get_mapped_authtok.c \
@@ -444,7 +462,6 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/libpam/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --foreign lib/libpam/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -796,6 +813,8 @@ uninstall-am: uninstall-libLTLIBRARIES
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
 	tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES
 
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/lib/libpam/openpam_configure.c b/lib/libpam/openpam_configure.c
index 5a4ca620222fe..e06eba2859dc2 100644
--- a/lib/libpam/openpam_configure.c
+++ b/lib/libpam/openpam_configure.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2014 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_configure.c 796 2014-06-03 21:30:08Z des $
+ * $Id: openpam_configure.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -410,6 +410,10 @@ openpam_load_chain(pam_handle_t *pamh,
 	for (path = openpam_policy_path; *path != NULL; ++path) {
 		/* construct filename */
 		len = strlcpy(filename, *path, sizeof filename);
+		if (len >= sizeof filename) {
+			errno = ENAMETOOLONG;
+			RETURNN(-1);
+		}
 		if (filename[len - 1] == '/') {
 			len = strlcat(filename, service, sizeof filename);
 			if (len >= sizeof filename) {
@@ -463,8 +467,10 @@ openpam_configure(pam_handle_t *pamh,
 	for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
 		if (pamh->chains[fclt] != NULL)
 			continue;
-		if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
-			goto load_err;
+		if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
+			if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
+				goto load_err;
+		}
 	}
 	RETURNC(PAM_SUCCESS);
 load_err:
diff --git a/lib/libpam/openpam_ctype.h b/lib/libpam/openpam_ctype.h
index d99d34b4dacf7..671c2f5cf8c98 100644
--- a/lib/libpam/openpam_ctype.h
+++ b/lib/libpam/openpam_ctype.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_ctype.h 763 2014-02-26 16:29:16Z des $
+ * $Id: openpam_ctype.h 890 2016-01-11 16:22:09Z des $
  */
 
 #ifndef OPENPAM_CTYPE_H_INCLUDED
diff --git a/lib/libpam/openpam_dispatch.c b/lib/libpam/openpam_dispatch.c
index 5fa068f8e261d..391ce8050d8fc 100644
--- a/lib/libpam/openpam_dispatch.c
+++ b/lib/libpam/openpam_dispatch.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_dispatch.c 807 2014-09-09 09:41:32Z des $
+ * $Id: openpam_dispatch.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -41,6 +41,8 @@
 
 #include <sys/param.h>
 
+#include <stdint.h>
+
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
@@ -67,8 +69,6 @@ openpam_dispatch(pam_handle_t *pamh,
 	int debug;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* prevent recursion */
 	if (pamh->current != NULL) {
@@ -117,7 +117,7 @@ openpam_dispatch(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
 			    pam_sm_func_name[primitive], chain->module->path);
 			r = (chain->module->func[primitive])(pamh, flags,
-			    chain->optc, (const char **)chain->optv);
+			    chain->optc, (const char **)(intptr_t)chain->optv);
 			pamh->current = NULL;
 			openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
 			    chain->module->path, pam_sm_func_name[primitive],
@@ -128,7 +128,7 @@ openpam_dispatch(pam_handle_t *pamh,
 
 		if (r == PAM_IGNORE)
 			continue;
-		if (r == PAM_SUCCESS) {	
+		if (r == PAM_SUCCESS) {
 			++nsuccess;
 			/*
 			 * For pam_setcred() and pam_chauthtok() with the
diff --git a/lib/libpam/openpam_dlfunc.h b/lib/libpam/openpam_dlfunc.h
index a92ab9cd368d1..6f8724a65d4fe 100644
--- a/lib/libpam/openpam_dlfunc.h
+++ b/lib/libpam/openpam_dlfunc.h
@@ -10,6 +10,9 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_dlfunc.h 660 2013-03-11 15:08:52Z des $
+ * $Id: openpam_dlfunc.h 872 2015-12-01 19:25:07Z des $
  */
 
 #ifndef OPENPAM_DLFCN_H_INCLUDED
diff --git a/lib/libpam/openpam_features.c b/lib/libpam/openpam_features.c
index 8ca8828058bed..387d27bcd3848 100644
--- a/lib/libpam/openpam_features.c
+++ b/lib/libpam/openpam_features.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_features.c 648 2013-03-05 17:54:27Z des $
+ * $Id: openpam_features.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -65,4 +65,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
 	    "Verify ownership and permissions of module files",
 	    1
 	),
+	STRUCT_OPENPAM_FEATURE(
+	    FALLBACK_TO_OTHER,
+	    "Fall back to \"other\" policy for empty chains",
+	    1
+	),
 };
diff --git a/lib/libpam/openpam_findenv.c b/lib/libpam/openpam_findenv.c
index 3512c3f3c96da..3ad2c845794a4 100644
--- a/lib/libpam/openpam_findenv.c
+++ b/lib/libpam/openpam_findenv.c
@@ -32,13 +32,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_findenv.c 648 2013-03-05 17:54:27Z des $
+ * $Id: openpam_findenv.c 914 2017-01-21 15:15:29Z des $
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <string.h>
 
 #include <security/pam_appl.h>
@@ -59,12 +60,11 @@ openpam_findenv(pam_handle_t *pamh,
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNN(-1);
 	for (i = 0; i < pamh->env_count; ++i)
 		if (strncmp(pamh->env[i], name, len) == 0 &&
 		    pamh->env[i][len] == '=')
 			RETURNN(i);
+	errno = ENOENT;
 	RETURNN(-1);
 }
 
diff --git a/lib/libpam/openpam_impl.h b/lib/libpam/openpam_impl.h
index c533acb775724..589a3b3255390 100644
--- a/lib/libpam/openpam_impl.h
+++ b/lib/libpam/openpam_impl.h
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_impl.h 648 2013-03-05 17:54:27Z des $
+ * $Id: openpam_impl.h 915 2017-02-07 12:03:19Z des $
  */
 
 #ifndef OPENPAM_IMPL_H_INCLUDED
@@ -130,19 +130,28 @@ struct pam_handle {
 /*
  * Internal functions
  */
-int		 openpam_configure(pam_handle_t *, const char *);
-int		 openpam_dispatch(pam_handle_t *, int, int);
-int		 openpam_findenv(pam_handle_t *, const char *, size_t);
-pam_module_t	*openpam_load_module(const char *);
-void		 openpam_clear_chains(pam_chain_t **);
-
-int		 openpam_check_desc_owner_perms(const char *, int);
-int		 openpam_check_path_owner_perms(const char *);
+int		 openpam_configure(pam_handle_t *, const char *)
+	OPENPAM_NONNULL((1));
+int		 openpam_dispatch(pam_handle_t *, int, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_findenv(pam_handle_t *, const char *, size_t)
+	OPENPAM_NONNULL((1,2));
+pam_module_t	*openpam_load_module(const char *)
+	OPENPAM_NONNULL((1));
+void		 openpam_clear_chains(pam_chain_t **)
+	OPENPAM_NONNULL((1));
+
+int		 openpam_check_desc_owner_perms(const char *, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_check_path_owner_perms(const char *)
+	OPENPAM_NONNULL((1));
 
 #ifdef OPENPAM_STATIC_MODULES
-pam_module_t	*openpam_static(const char *);
+pam_module_t	*openpam_static(const char *)
+	OPENPAM_NONNULL((1));
 #endif
-pam_module_t	*openpam_dynamic(const char *);
+pam_module_t	*openpam_dynamic(const char *)
+	OPENPAM_NONNULL((1));
 
 #define	FREE(p)					\
 	do {					\
@@ -152,11 +161,11 @@ pam_module_t	*openpam_dynamic(const char *);
 
 #define FREEV(c, v)				\
 	do {					\
-		while (c) {			\
-			--(c);			\
-			FREE((v)[(c)]);		\
+		if ((v) != NULL) {		\
+			while ((c)-- > 0)	\
+				FREE((v)[(c)]);	\
+			FREE(v);		\
 		}				\
-		FREE(v);			\
 	} while (0)
 
 #include "openpam_constants.h"
diff --git a/lib/libpam/openpam_load.c b/lib/libpam/openpam_load.c
index a926dbd1288e7..614c6fb409381 100644
--- a/lib/libpam/openpam_load.c
+++ b/lib/libpam/openpam_load.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2013 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_load.c 664 2013-03-17 10:56:15Z des $
+ * $Id: openpam_load.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -84,6 +84,7 @@ openpam_load_module(const char *modulename)
 static void
 openpam_release_module(pam_module_t *module)
 {
+
 	if (module == NULL)
 		return;
 	if (module->dlh == NULL)
@@ -104,6 +105,7 @@ openpam_release_module(pam_module_t *module)
 static void
 openpam_destroy_chain(pam_chain_t *chain)
 {
+
 	if (chain == NULL)
 		return;
 	openpam_destroy_chain(chain->next);
diff --git a/lib/libpam/openpam_readlinev.c b/lib/libpam/openpam_readlinev.c
index 5edc368fd356e..d73fc5580e8f0 100644
--- a/lib/libpam/openpam_readlinev.c
+++ b/lib/libpam/openpam_readlinev.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2016 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_readlinev.c 648 2013-03-05 17:54:27Z des $
+ * $Id: openpam_readlinev.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -79,6 +79,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		/* insert our word */
 		wordv[wordvlen++] = word;
 		wordv[wordvlen] = NULL;
+		word = NULL;
 	}
 	if (errno != 0) {
 		/* I/O error or out of memory */
@@ -86,6 +87,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		while (wordvlen--)
 			free(wordv[wordvlen]);
 		free(wordv);
+		free(word);
 		errno = serrno;
 		return (NULL);
 	}
diff --git a/lib/libpam/openpam_readword.c b/lib/libpam/openpam_readword.c
index b52e7dfa41c07..a73b900cbacd2 100644
--- a/lib/libpam/openpam_readword.c
+++ b/lib/libpam/openpam_readword.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_readword.c 648 2013-03-05 17:54:27Z des $
+ * $Id: openpam_readword.c 916 2017-02-07 12:25:58Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -134,7 +134,7 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 	}
 	if (ch == EOF && (escape || quote)) {
 		/* Missing escaped character or closing quote. */
-		openpam_log(PAM_LOG_ERROR, "unexpected end of file");
+		openpam_log(PAM_LOG_DEBUG, "unexpected end of file");
 		free(word);
 		errno = EINVAL;
 		return (NULL);
diff --git a/lib/libpam/openpam_strlset.c b/lib/libpam/openpam_strlset.c
index 2f4c4fa7e1888..febdb5c4ebc87 100644
--- a/lib/libpam/openpam_strlset.c
+++ b/lib/libpam/openpam_strlset.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011-2012 Dag-Erling Smørgrav
+ * Copyright (c) 2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_strlset.c 807 2014-09-09 09:41:32Z des $
+ * $Id: openpam_strlset.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
diff --git a/lib/libpam/openpam_strlset.h b/lib/libpam/openpam_strlset.h
index 4bb0bb6404d0f..282a26bdbde26 100644
--- a/lib/libpam/openpam_strlset.h
+++ b/lib/libpam/openpam_strlset.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_strlset.h 807 2014-09-09 09:41:32Z des $
+ * $Id: openpam_strlset.h 890 2016-01-11 16:22:09Z des $
  */
 
 #ifndef OPENPAM_STRLSET_H_INCLUDED
diff --git a/lib/libpam/openpam_ttyconv.c b/lib/libpam/openpam_ttyconv.c
index d21320ca72280..7591eed682bc2 100644
--- a/lib/libpam/openpam_ttyconv.c
+++ b/lib/libpam/openpam_ttyconv.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_ttyconv.c 807 2014-09-09 09:41:32Z des $
+ * $Id: openpam_ttyconv.c 890 2016-01-11 16:22:09Z des $
  */
 
 #ifdef HAVE_CONFIG_H
diff --git a/lib/libpam/pam_end.c b/lib/libpam/pam_end.c
index f7ece50e535fc..c855b59c48852 100644
--- a/lib/libpam/pam_end.c
+++ b/lib/libpam/pam_end.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_end.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_end.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,8 +60,6 @@ pam_end(pam_handle_t *pamh,
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* clear module data */
 	while ((dp = pamh->module_data) != NULL) {
@@ -91,12 +89,6 @@ pam_end(pam_handle_t *pamh,
 	RETURNC(PAM_SUCCESS);
 }
 
-/*
- * Error codes:
- *
- *	PAM_SYSTEM_ERR
- */
-
 /**
  * The =pam_end function terminates a PAM transaction and destroys the
  * corresponding PAM context, releasing all resources allocated to it.
diff --git a/lib/libpam/pam_get_authtok.c b/lib/libpam/pam_get_authtok.c
index 36382f5d86903..83c6b7053fac5 100644
--- a/lib/libpam/pam_get_authtok.c
+++ b/lib/libpam/pam_get_authtok.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_get_authtok.c 807 2014-09-09 09:41:32Z des $
+ * $Id: pam_get_authtok.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -76,8 +76,6 @@ pam_get_authtok(pam_handle_t *pamh,
 	int pitem, r, style, twice;
 
 	ENTER();
-	if (pamh == NULL || authtok == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	*authtok = NULL;
 	twice = 0;
 	switch (item) {
@@ -122,9 +120,11 @@ pam_get_authtok(pam_handle_t *pamh,
 	if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
 		prompt = promptp;
 	/* no prompt provided, see if there is one tucked away somewhere */
-	if (prompt == NULL)
-		if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
+	if (prompt == NULL) {
+		r = pam_get_item(pamh, pitem, &promptp);
+		if (r == PAM_SUCCESS && promptp != NULL)
 			prompt = promptp;
+	}
 	/* fall back to hardcoded default */
 	if (prompt == NULL)
 		prompt = default_prompt;
diff --git a/lib/libpam/pam_get_data.c b/lib/libpam/pam_get_data.c
index de31d7013f4cc..a2f5072cb374c 100644
--- a/lib/libpam/pam_get_data.c
+++ b/lib/libpam/pam_get_data.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_get_data.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_get_data.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,8 +60,6 @@ pam_get_data(const pam_handle_t *pamh,
 	pam_data_t *dp;
 
 	ENTERS(module_data_name);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
 		if (strcmp(dp->name, module_data_name) == 0) {
 			*data = (void *)dp->data;
@@ -74,7 +72,6 @@ pam_get_data(const pam_handle_t *pamh,
 /*
  * Error codes:
  *
- *	PAM_SYSTEM_ERR
  *	PAM_NO_MODULE_DATA
  */
 
diff --git a/lib/libpam/pam_get_item.c b/lib/libpam/pam_get_item.c
index 9dc3dc33b202d..e28012ea26726 100644
--- a/lib/libpam/pam_get_item.c
+++ b/lib/libpam/pam_get_item.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_get_item.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_get_item.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -59,8 +59,6 @@ pam_get_item(const pam_handle_t *pamh,
 {
 
 	ENTERI(item_type);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	switch (item_type) {
 	case PAM_SERVICE:
 	case PAM_USER:
@@ -86,7 +84,6 @@ pam_get_item(const pam_handle_t *pamh,
  * Error codes:
  *
  *	PAM_SYMBOL_ERR
- *	PAM_SYSTEM_ERR
  */
 
 /**
diff --git a/lib/libpam/pam_get_user.c b/lib/libpam/pam_get_user.c
index 2e22e0ec0364c..f3fc4b60b8f22 100644
--- a/lib/libpam/pam_get_user.c
+++ b/lib/libpam/pam_get_user.c
@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_get_user.c 670 2013-03-17 19:26:07Z des $
+ * $Id: pam_get_user.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -69,8 +69,6 @@ pam_get_user(pam_handle_t *pamh,
 	int r;
 
 	ENTER();
-	if (pamh == NULL || user == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	r = pam_get_item(pamh, PAM_USER, (const void **)user);
 	if (r == PAM_SUCCESS && *user != NULL)
 		RETURNC(PAM_SUCCESS);
@@ -78,10 +76,11 @@ pam_get_user(pam_handle_t *pamh,
 	if ((promptp = openpam_get_option(pamh, "user_prompt")) != NULL)
 		prompt = promptp;
 	/* no prompt provided, see if there is one tucked away somewhere */
-	if (prompt == NULL)
-		if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) &&
-		    promptp != NULL)
+	if (prompt == NULL) {
+		r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp);
+		if (r == PAM_SUCCESS && promptp != NULL)
 			prompt = promptp;
+	}
 	/* fall back to hardcoded default */
 	if (prompt == NULL)
 		prompt = user_prompt;
diff --git a/lib/libpam/pam_getenv.c b/lib/libpam/pam_getenv.c
index 6669035494542..1e034468fbc29 100644
--- a/lib/libpam/pam_getenv.c
+++ b/lib/libpam/pam_getenv.c
@@ -32,13 +32,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_getenv.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_getenv.c 914 2017-01-21 15:15:29Z des $
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -61,18 +62,14 @@ pam_getenv(pam_handle_t *pamh,
 	int i;
 
 	ENTERS(name);
-	if (pamh == NULL)
-		RETURNS(NULL);
-	if (name == NULL || strchr(name, '=') != NULL)
+	if (strchr(name, '=') != NULL) {
+		errno = EINVAL;
 		RETURNS(NULL);
+	}
 	if ((i = openpam_findenv(pamh, name, strlen(name))) < 0)
 		RETURNS(NULL);
-	for (str = pamh->env[i]; *str != '\0'; ++str) {
-		if (*str == '=') {
-			++str;
-			break;
-		}
-	}
+	if ((str = strchr(pamh->env[i], '=')) == NULL)
+		RETURNS("");
 	RETURNS(str);
 }
 
diff --git a/lib/libpam/pam_getenvlist.c b/lib/libpam/pam_getenvlist.c
index 9dcded0e79b94..4139c2fb4d316 100644
--- a/lib/libpam/pam_getenvlist.c
+++ b/lib/libpam/pam_getenvlist.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_getenvlist.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_getenvlist.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,8 +60,6 @@ pam_getenvlist(pam_handle_t *pamh)
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNP(NULL);
 	envlist = malloc(sizeof(char *) * (pamh->env_count + 1));
 	if (envlist == NULL) {
 		openpam_log(PAM_LOG_ERROR, "%s",
diff --git a/lib/libpam/pam_putenv.c b/lib/libpam/pam_putenv.c
index 0d4d71036cf55..605277fda6f49 100644
--- a/lib/libpam/pam_putenv.c
+++ b/lib/libpam/pam_putenv.c
@@ -32,13 +32,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_putenv.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_putenv.c 914 2017-01-21 15:15:29Z des $
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -58,15 +59,16 @@ pam_putenv(pam_handle_t *pamh,
 	const char *namevalue)
 {
 	char **env, *p;
+	size_t env_size;
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* sanity checks */
-	if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL)
+	if ((p = strchr(namevalue, '=')) == NULL) {
+		errno = EINVAL;
 		RETURNC(PAM_SYSTEM_ERR);
+	}
 
 	/* see if the variable is already in the environment */
 	if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) {
@@ -79,12 +81,12 @@ pam_putenv(pam_handle_t *pamh,
 
 	/* grow the environment list if necessary */
 	if (pamh->env_count == pamh->env_size) {
-		env = realloc(pamh->env,
-		    sizeof(char *) * (pamh->env_size * 2 + 1));
+		env_size = pamh->env_size * 2 + 1;
+		env = realloc(pamh->env, sizeof(char *) * env_size);
 		if (env == NULL)
 			RETURNC(PAM_BUF_ERR);
 		pamh->env = env;
-		pamh->env_size = pamh->env_size * 2 + 1;
+		pamh->env_size = env_size;
 	}
 
 	/* add the variable at the end */
diff --git a/lib/libpam/pam_set_data.c b/lib/libpam/pam_set_data.c
index 344f4ef30fae3..6a26b6fb02e02 100644
--- a/lib/libpam/pam_set_data.c
+++ b/lib/libpam/pam_set_data.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_set_data.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_set_data.c 913 2017-01-21 15:11:12Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -64,8 +64,6 @@ pam_set_data(pam_handle_t *pamh,
 	pam_data_t *dp;
 
 	ENTERS(module_data_name);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
 		if (strcmp(dp->name, module_data_name) == 0) {
 			if (dp->cleanup)
diff --git a/lib/libpam/pam_set_item.c b/lib/libpam/pam_set_item.c
index 10c855aa9e102..0e8f76f7fa6b8 100644
--- a/lib/libpam/pam_set_item.c
+++ b/lib/libpam/pam_set_item.c
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_set_item.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_set_item.c 918 2017-02-19 17:46:22Z des $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,18 +60,16 @@ pam_set_item(pam_handle_t *pamh,
 	int item_type,
 	const void *item)
 {
-	void **slot, *tmp;
+	void **slot;
 	size_t nsize, osize;
 
 	ENTERI(item_type);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	slot = &pamh->item[item_type];
 	osize = nsize = 0;
 	switch (item_type) {
 	case PAM_SERVICE:
 		/* set once only, by pam_start() */
-		if (*slot != NULL)
+		if (*slot != NULL && item != NULL)
 			RETURNC(PAM_SYSTEM_ERR);
 		/* fall through */
 	case PAM_USER:
@@ -103,13 +101,12 @@ pam_set_item(pam_handle_t *pamh,
 		FREE(*slot);
 	}
 	if (item != NULL) {
-		if ((tmp = malloc(nsize)) == NULL)
+		if ((*slot = malloc(nsize)) == NULL)
 			RETURNC(PAM_BUF_ERR);
-		memcpy(tmp, item, nsize);
+		memcpy(*slot, item, nsize);
 	} else {
-		tmp = NULL;
+		*slot = NULL;
 	}
-	*slot = tmp;
 	RETURNC(PAM_SUCCESS);
 }
 
diff --git a/lib/libpam/pam_setenv.c b/lib/libpam/pam_setenv.c
index 070a185e6019c..3c2209c1c0dd9 100644
--- a/lib/libpam/pam_setenv.c
+++ b/lib/libpam/pam_setenv.c
@@ -32,13 +32,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: pam_setenv.c 648 2013-03-05 17:54:27Z des $
+ * $Id: pam_setenv.c 914 2017-01-21 15:15:29Z des $
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -65,12 +66,12 @@ pam_setenv(pam_handle_t *pamh,
 	int r;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* sanity checks */
-	if (name == NULL || value == NULL || strchr(name, '=') != NULL)
+	if (*name == '\0' || strchr(name, '=') != NULL) {
+		errno = EINVAL;
 		RETURNC(PAM_SYSTEM_ERR);
+	}
 
 	/* is it already there? */
 	if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0)
author	Dag-Erling Smørgrav <des@FreeBSD.org>	2017-02-19 21:00:46 +0000
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2017-02-19 21:00:46 +0000
commit	04e30652172d69d399641893e6a801503a0a1f8f (patch)
tree	13dc6a841647bee3f58db67dea6c46970b923e12 /lib/libpam
parent	d2afd010d41e1acf0fe4e164246c8055368bf503 (diff)