diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.in | 19 | ||||
| -rw-r--r-- | lib/libpam/Makefile.in | 40 | ||||
| -rw-r--r-- | lib/libpam/openpam_borrow_cred.c | 4 | ||||
| -rw-r--r-- | lib/libpam/openpam_configure.c | 91 | ||||
| -rw-r--r-- | lib/libpam/openpam_constants.c | 12 |
5 files changed, 113 insertions, 53 deletions
diff --git a/lib/Makefile.in b/lib/Makefile.in index 364a73ea8492..d09110f627f7 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -69,6 +69,8 @@ am__make_running_with_option = \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -274,8 +276,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -544,8 +548,8 @@ mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -637,3 +641,10 @@ uninstall-am: # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff --git a/lib/libpam/Makefile.in b/lib/libpam/Makefile.in index 042b4b49cbb2..a6da7b3a9f5d 100644 --- a/lib/libpam/Makefile.in +++ b/lib/libpam/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -71,6 +71,8 @@ am__make_running_with_option = \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -126,10 +128,9 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -357,8 +358,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -558,15 +561,13 @@ uninstall-libLTLIBRARIES: done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) $(EXTRA_libpam_la_DEPENDENCIES) $(AM_V_CCLD)$(libpam_la_LINK) -rpath $(libdir) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) @@ -635,7 +636,7 @@ distclean-compile: $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -781,8 +782,8 @@ mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -793,7 +794,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/openpam_asprintf.Plo + -rm -f ./$(DEPDIR)/openpam_asprintf.Plo -rm -f ./$(DEPDIR)/openpam_borrow_cred.Plo -rm -f ./$(DEPDIR)/openpam_check_owner_perms.Plo -rm -f ./$(DEPDIR)/openpam_configure.Plo @@ -893,7 +894,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/openpam_asprintf.Plo + -rm -f ./$(DEPDIR)/openpam_asprintf.Plo -rm -f ./$(DEPDIR)/openpam_borrow_cred.Plo -rm -f ./$(DEPDIR)/openpam_check_owner_perms.Plo -rm -f ./$(DEPDIR)/openpam_configure.Plo @@ -988,3 +989,10 @@ uninstall-am: uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff --git a/lib/libpam/openpam_borrow_cred.c b/lib/libpam/openpam_borrow_cred.c index 5c479fe8291e..4a4ac7417425 100644 --- a/lib/libpam/openpam_borrow_cred.c +++ b/lib/libpam/openpam_borrow_cred.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * Copyright (c) 2004-2025 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -64,7 +64,7 @@ openpam_borrow_cred(pam_handle_t *pamh, const void *scredp; int r; - ENTERI(pwd->pw_uid); + ENTERN(pwd->pw_uid); r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); if (r == PAM_SUCCESS && scredp != NULL) { openpam_log(PAM_LOG_LIBDEBUG, diff --git a/lib/libpam/openpam_configure.c b/lib/libpam/openpam_configure.c index 65628fb70e12..229ff13ad08c 100644 --- a/lib/libpam/openpam_configure.c +++ b/lib/libpam/openpam_configure.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2015 Dag-Erling Smørgrav + * Copyright (c) 2004-2025 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -157,10 +157,11 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_style_t style) { pam_chain_t *this, **next; + pam_module_t *module; pam_facility_t fclt; pam_control_t ctlf; char *name, *servicename, *modulename; - int count, lineno, ret, serrno; + int count, lineno, nonfatal, ret, serrno; char **wordv, *word; int i, wordc; @@ -186,10 +187,22 @@ openpam_parse_chain(pam_handle_t *pamh, } /* check facility name */ - if ((word = wordv[i++]) == NULL || - (fclt = parse_facility_name(word)) == (pam_facility_t)-1) { + if ((word = wordv[i++]) == NULL) { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing or invalid facility", + "%s(%d): missing facility", + filename, lineno); + errno = EINVAL; + goto fail; + } + if (*word == '-') { + nonfatal = 1; + word++; + } else { + nonfatal = 0; + } + if ((fclt = parse_facility_name(word)) == (pam_facility_t)-1) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): invalid facility", filename, lineno); errno = EINVAL; goto fail; @@ -199,13 +212,25 @@ openpam_parse_chain(pam_handle_t *pamh, continue; } - /* check for "include" */ - if ((word = wordv[i++]) != NULL && - strcmp(word, "include") == 0) { - if ((servicename = wordv[i++]) == NULL || - !valid_service_name(servicename)) { + /* control flag or "include" */ + if ((word = wordv[i++]) == NULL) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing control flag", + filename, lineno); + errno = EINVAL; + goto fail; + } + if (strcmp(word, "include") == 0) { + if ((servicename = wordv[i++]) == NULL) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing service name", + filename, lineno); + errno = EINVAL; + goto fail; + } + if (!valid_service_name(servicename)) { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing or invalid service name", + "%s(%d): invalid service name", filename, lineno); errno = EINVAL; goto fail; @@ -225,45 +250,57 @@ openpam_parse_chain(pam_handle_t *pamh, * outer loop does not just ignore the * error and keep searching. */ - if (errno == ENOENT) + if (errno == ENOENT) { + if (nonfatal) + continue; errno = EINVAL; + } goto fail; } continue; } - - /* get control flag */ - if (word == NULL || /* same word we compared to "include" */ - (ctlf = parse_control_flag(word)) == (pam_control_t)-1) { + if ((ctlf = parse_control_flag(word)) == (pam_control_t)-1) { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing or invalid control flag", + "%s(%d): invalid control flag", filename, lineno); errno = EINVAL; goto fail; } /* get module name */ - if ((modulename = wordv[i++]) == NULL || - !valid_module_name(modulename)) { + if ((modulename = wordv[i++]) == NULL) { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing or invalid module name", + "%s(%d): missing module name", + filename, lineno); + errno = EINVAL; + goto fail; + } + if (!valid_module_name(modulename)) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): invalid module name", filename, lineno); errno = EINVAL; goto fail; } - - /* allocate new entry */ - if ((this = calloc(1, sizeof *this)) == NULL) - goto syserr; - this->flag = ctlf; /* load module */ - if ((this->module = openpam_load_module(modulename)) == NULL) { - if (errno == ENOENT) + if ((module = openpam_load_module(modulename)) == NULL) { + if (errno == ENOENT) { + if (nonfatal) { + FREEV(wordc, wordv); + continue; + } errno = ENOEXEC; + } goto fail; } + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; + this->flag = ctlf; + this->module = module; + /* * The remaining items in wordv are the module's * arguments. We could set this->optv = wordv + i, but diff --git a/lib/libpam/openpam_constants.c b/lib/libpam/openpam_constants.c index e57228156561..0178f4ca2a5c 100644 --- a/lib/libpam/openpam_constants.c +++ b/lib/libpam/openpam_constants.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2017 Dag-Erling Smørgrav + * Copyright (c) 2004-2025 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -167,8 +167,10 @@ const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = { const char *openpam_policy_path[] = { "/etc/pam.d/", "/etc/pam.conf", - "/usr/local/etc/pam.d/", - "/usr/local/etc/pam.conf", +#ifdef LOCALBASE + LOCALBASE "/etc/pam.d/", + LOCALBASE "/etc/pam.conf", +#endif NULL }; @@ -177,7 +179,9 @@ const char *openpam_module_path[] = { OPENPAM_MODULES_DIRECTORY, #else "/usr/lib", - "/usr/local/lib", +#ifdef LOCALBASE + LOCALBASE "/lib", +#endif #endif NULL }; |