pam_chroot/pam_chroot.c | 25 +++++---- pam_console/50-default.perms | 55 ++++++++++--------- pam_console/Makefile.am | 4 +- pam_console/chmod.c | 111 +++++++++++++++++++++------------------ pam_console/configfile.y | 13 ----- pam_console/console.handlers | 4 +- pam_console/console.perms | 5 +- pam_console/hashtable.c | 36 ++++++------ pam_console/pam_console.c | 14 +++-- pam_console/pam_console.h | 2 +- pam_console/pam_console_apply.c | 16 ++---- pam_console/pstack.c | 87 ++++++++++++++++++++++++++++++ pam_console/pstack.h | 17 ++++++ pam_timestamp/pam_timestamp.c | 12 +++-- 14 files changed, 253 insertions(+), 148 deletions(-) diff --git a/pam_chroot/pam_chroot.c b/pam_chroot/pam_chroot.c index 8acbfd7..83b35ba 100644 --- a/pam_chroot/pam_chroot.c +++ b/pam_chroot/pam_chroot.c @@ -8,6 +8,7 @@ #define PAM_SM_SESSION #include +#include #include #include @@ -22,7 +23,7 @@ #define CONFIG "/etc/security/chroot.conf" -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, +PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ret = PAM_SESSION_ERR; @@ -43,7 +44,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, onerr = PAM_SESSION_ERR; } - if((ret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { + ret = pam_get_user(pamh, &user, NULL); + if(ret != PAM_SUCCESS || user == NULL) { pam_syslog(pamh, LOG_ERR, "can't get username: %s", pam_strerror(pamh, ret)); return ret; @@ -51,8 +53,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, conf = fopen(CONFIG, "r"); if(conf == NULL) { - pam_syslog(pamh, LOG_ERR, "can't open config file \"" CONFIG "\": %s", - strerror(errno)); + pam_syslog(pamh, LOG_ERR, "can't open config file \"" CONFIG "\": %m"); return ret; } @@ -103,8 +104,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, struct stat st; if (stat(dir, &st) == -1) { - pam_syslog(pamh, LOG_ERR, "stat(%s) failed: %s", - dir, strerror(errno)); + pam_syslog(pamh, LOG_ERR, "stat(%s) failed: %m", + dir); ret = onerr; } else /* Catch the most common misuse */ @@ -115,8 +116,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, ret = onerr; } else if(chdir(dir) == -1) { - pam_syslog(pamh, LOG_ERR, "chdir(%s) failed: %s", - dir, strerror(errno)); + pam_syslog(pamh, LOG_ERR, "chdir(%s) failed: %m", + dir); ret = onerr; } else { if(debug) { @@ -124,8 +125,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, dir); } if(chroot(dir) == -1) { - pam_syslog(pamh, LOG_ERR, "chroot(%s) failed: %s", - dir, strerror(errno)); + pam_syslog(pamh, LOG_ERR, "chroot(%s) failed: %m", + dir); ret = onerr; } else { pam_syslog(pamh, LOG_ERR, "chroot(%s) succeeded", @@ -141,8 +142,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, return ret; } -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) +PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } diff --git a/pam_console/50-default.perms b/pam_console/50-default.perms index 7f7d7ec..f61814a 100644 --- a/pam_console/50-default.perms +++ b/pam_console/50-default.perms @@ -1,11 +1,12 @@ # device classes -- these are shell-style globs -=/dev/fd[0-1]* \ - /dev/floppy* /mnt/floppy* +=/dev/fd[0-7]* /dev/floppy/* /mnt/floppy* =/dev/dsp* /dev/audio* /dev/midi* \ - /dev/mixer* /dev/sequencer* \ - /dev/sound/* /dev/beep \ - /dev/snd/* /dev/adsp* -=/dev/cdrom* /dev/cdroms/* /dev/cdwriter* /mnt/cdrom* + /dev/mixer* /dev/sequencer* /dev/admm* \ + /dev/adsp* /dev/aload* /dev/amidi* /dev/dmfm* \ + /dev/dmmidi* /dev/music /dev/patmgr* \ + /dev/sndstat /dev/snd/* /dev/sound/* /dev/beep +=/dev/dvd* /dev/cdrom* /dev/cdroms/* /mnt/cdrom* /mnt/dvd* +=/dev/scd* /dev/sr[0-7]* /dev/pcd* /dev/pg* /dev/cdwriter* =/dev/pilot =/mnt/jaz* =/mnt/pocketzip* /mnt/zip* /dev/zip* @@ -17,49 +18,51 @@ =/mnt/flash* /dev/flash* =/mnt/diskonkey* =/mnt/microdrive* -=/dev/fb /dev/fb[0-9]* \ - /dev/fb/* +=/dev/fb /dev/fb[0-9]* /dev/fb/* =/dev/kbd -=/dev/js[0-9]* -=/dev/video* /dev/radio* /dev/winradio* /dev/vtx* /dev/vbi* \ - /dev/video/* +=/dev/js[0-9]* /dev/input/js[0-9]* +=/dev/video* /dev/video/* /dev/radio* /dev/winradio* /dev/vtx* /dev/vbi* /dev/vttuner =/dev/gpmctl =/dev/nvidia* /dev/3dfx* /dev/dri/card* =/dev/apm_bios =/dev/pmu =/dev/rfcomm* =/dev/raw1394 +=/dev/toshiba =/dev/ircomm* =/dev/dvb/adapter*/* =/dev/iidc* /dev/vendorfw* /dev/avc* # permission definitions 0660 0660 root.floppy - 0600 0600 root - 0600 0660 root.disk - 0600 0660 root.uucp - 0600 0660 root.disk - 0600 0660 root.disk - 0600 0660 root.disk + 0660 0660 root.audio + 0640 0640 root.cdrom + 0660 0660 root.cdwriter + 0660 0660 root.uucp + 0660 0660 root.disk + 0660 0660 root.disk + 0660 0660 root.disk 0600 0600 root - 0600 0600 root.disk - 0600 0600 root.disk - 0600 0600 root.disk - 0600 0660 root.disk - 0600 0660 root.disk + 0660 0660 root.disk + 0660 0660 root.disk + 0660 0660 root.disk + 0660 0660 root.disk + 0660 0660 root.disk 0600 0600 root 0600 0600 root 0600 0600 root - 0600 0600 root - 0700 0700 root + 0660 0660 root.radio + 0700 0700 root 0600 0600 root - 0600 0600 root + 0660 0660 root.disk 0600 0600 root 0600 0600 root 0600 0600 root + 0600 0600 root + 0660 0660 root.xgrp 0600 0600 root 0600 0600 root 0600 0600 root 0600 /dev/console 0600 root.root - 0600 0600 root + 0660 0660 root.xgrp diff --git a/pam_console/Makefile.am b/pam_console/Makefile.am index fdddb8b..c8218ab 100644 --- a/pam_console/Makefile.am +++ b/pam_console/Makefile.am @@ -20,7 +20,7 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) permsddir = $(SCONFIGDIR)/console.perms.d -noinst_HEADERS = chmod.h configfile.h configfile.tab.h handlers.h modechange.h pam_console.h +noinst_HEADERS = chmod.h configfile.h configfile.tab.h handlers.h modechange.h pam_console.h pstack.h AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(GLIB_CFLAGS) -DLOCKDIR=\"$(LOCKDIR)\" @@ -44,7 +44,7 @@ FLEX_OPTS = -Cr BISON_OPTS = -d pam_console_la_SOURCES = pam_console.c pam_console.h regerr.c handlers.c handlers.h -pam_console_apply_SOURCES = pam_console_apply.c pam_console.h chmod.c modechange.c regerr.c \ +pam_console_apply_SOURCES = pam_console_apply.c pam_console.h chmod.c pstack.c modechange.c regerr.c \ configfile.c configfile.h hashtable.c hashtable.h hashtable_private.h pam_console_la_CFLAGS = $(AM_CFLAGS) diff --git a/pam_console/chmod.c b/pam_console/chmod.c index 777e37f..6bc52f4 100644 --- a/pam_console/chmod.c +++ b/pam_console/chmod.c @@ -38,43 +38,15 @@ #include "configfile.h" #include "chmod.h" #include "modechange.h" +#include "pstack.c" #define CLOSEDIR(d) closedir (d) -#ifdef _D_NEED_STPCPY -/* stpcpy.c -- copy a string and return pointer to end of new string - Copyright (C) 1989, 1990 Free Software Foundation. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -/* Copy SRC to DEST, returning the address of the terminating '\0' in DEST. */ - -static char * -stpcpy (char *dest, const char *src) -{ - while ((*dest++ = *src++) != '\0') - /* Do nothing. */ ; - return dest - 1; -} -#endif /* _D_NEED_STPCPY */ - /* end included files */ static const char *fstab_filename = "/etc/fstab"; -static int change_via_fstab __P ((const char *dir, +static int change_via_fstab __P ((pstack stack, const char *dir, const struct mode_change *changes, uid_t user, gid_t group)); @@ -84,7 +56,7 @@ static int change_via_fstab __P ((const char *dir, links. Return 0 if successful, 1 if errors occurred. */ static int -change_file (const char *file, const struct mode_change *changes, +change_file (pstack stack, const char *file, const struct mode_change *changes, const int deref_symlink, uid_t user, gid_t group) { struct stat file_stats; @@ -96,7 +68,7 @@ change_file (const char *file, const struct mode_change *changes, if (errno == ENOENT) { /* doesn't exist, check fstab */ - errors |= change_via_fstab (file, changes, user, group); + errors |= change_via_fstab (stack, file, changes, user, group); return errors; } else @@ -107,6 +79,8 @@ change_file (const char *file, const struct mode_change *changes, if (S_ISLNK (file_stats.st_mode)) { + if (!deref_symlink) + return 0; /* don't bother with dangling symlinks */ if (stat (file, &file_stats)) { @@ -117,7 +91,7 @@ change_file (const char *file, const struct mode_change *changes, newmode = mode_adjust (file_stats.st_mode, changes); if (S_ISDIR (file_stats.st_mode)) - errors |= change_via_fstab (file, changes, user, group); + errors |= change_via_fstab (stack, file, changes, user, group); else { if (newmode != (file_stats.st_mode & 07777)) @@ -143,7 +117,7 @@ chmod_set_fstab(const char *fstab) /* If the directory spec given matches a filesystem listed in /etc/fstab, * modify the device special associated with that filesystem. */ static int -change_via_fstab (const char *dir, const struct mode_change *changes, +change_via_fstab (pstack stack, const char *dir, const struct mode_change *changes, uid_t user, gid_t group) { int errors = 0; @@ -154,6 +128,7 @@ change_via_fstab (const char *dir, const struct mode_change *changes, if (fstab == NULL) { + fprintf(stderr, "pam_console: change_via_fstab: setmntent: %s: %m\n", fstab_filename); return 1; } @@ -161,9 +136,16 @@ change_via_fstab (const char *dir, const struct mode_change *changes, { if(mntent->mnt_dir && mntent->mnt_fsname && + !stack_lookup(stack, mntent->mnt_fsname) && (fnmatch(dir, mntent->mnt_dir, 0) == 0)) { - errors |= change_file(mntent->mnt_fsname, changes, TRUE, user, group); + if (!stack_push(stack, mntent->mnt_fsname)) + { + fprintf(stderr, "pam_console: change_via_fstab: stack_push: memory exhausted\n"); + return 1; + } + errors |= change_file(stack, mntent->mnt_fsname, changes, TRUE, user, group); + stack_pop(stack); } } @@ -177,14 +159,6 @@ change_via_fstab (const char *dir, const struct mode_change *changes, static int -glob_errfn(const char *pathname, int theerr) { - /* silently ignore inaccessible files */ - return 0; -} - -#define DIE(n) {fprintf(stderr, "chmod failure\n"); return (n);} - -static int match_files(GSList *files, const char *filename) { if (!files) @@ -205,28 +179,59 @@ chmod_files (const char *mode, uid_t user, gid_t group, glob_t result; char *filename = NULL; int flags = GLOB_NOCHECK; - int i, rc; + int rc; + size_t i; + pstack stack = 0; + + memset(&result, 0, sizeof(result)); changes = mode_compile (mode, MODE_MASK_EQUALS | MODE_MASK_PLUS | MODE_MASK_MINUS); - if (changes == MODE_INVALID) DIE(1) - else if (changes == MODE_MEMORY_EXHAUSTED) DIE(1) + if (changes == MODE_INVALID) + { + fprintf(stderr, "pam_console: chmod_files: mode_compile: invalid mode\n"); + return 1; + } + else if (changes == MODE_MEMORY_EXHAUSTED) + { + fprintf(stderr, "pam_console: chmod_files: mode_compile: memory exhausted\n"); + return 1; + } for (; filelist; filelist = filelist->next) { filename = filelist->data; - rc = glob(filename, flags, glob_errfn, &result); - if (rc == GLOB_NOSPACE) DIE(1) + rc = glob(filename, flags, 0, &result); + if (rc == GLOB_NOSPACE) + { + fprintf(stderr, "pam_console: chmod_files: glob: memory exhausted\n"); + errors = 1; goto chmod_files_end; + } flags |= GLOB_APPEND; } - if(single_file) { - rc = glob(single_file, flags, glob_errfn, &result); - if (rc == GLOB_NOSPACE) DIE(1) + if(filename && single_file) { + rc = glob(single_file, flags, 0, &result); + if (rc == GLOB_NOSPACE) + { + fprintf(stderr, "pam_console: chmod_files: glob: memory exhausted\n"); + errors = 1; goto chmod_files_end; + } } + if (!(stack = stack_alloc())) + { + fprintf(stderr, "pam_console: chmod_files: stack_alloc: memory exhausted\n"); + errors = 1; goto chmod_files_end; + } for (i = 0; i < result.gl_pathc; i++) { if (!match_files(constraints, result.gl_pathv[i])) { - errors |= change_file (result.gl_pathv[i], changes, 1, user, group); + if (!stack_push(stack, result.gl_pathv[i])) + { + fprintf(stderr, "pam_console: chmod_files: stack_push: memory exhausted\n"); + errors = 1; goto chmod_files_end; + } + errors |= change_file(stack, result.gl_pathv[i], changes, 1, user, group); + stack_pop(stack); #if 0 _pam_log(LOG_DEBUG, TRUE, "file %s (%d): mode %s\n", result.gl_pathv[i], user, mode); @@ -234,6 +239,8 @@ chmod_files (const char *mode, uid_t user, gid_t group, } } +chmod_files_end: + stack_free(stack); globfree(&result); return (errors); diff --git a/pam_console/configfile.y b/pam_console/configfile.y index a298ff9..cfcaf63 100644 --- a/pam_console/configfile.y +++ b/pam_console/configfile.y @@ -31,9 +31,6 @@ static const char *consoleNameCache = NULL; static GHashTable *consoleHash = NULL; static void -do_yyerror(const char *format, ...); - -static void empty_class(class *c); static unsigned int @@ -322,16 +319,6 @@ reset_permissions(const char *consolename, GSList *files) { /* local, static functions */ static void -do_yyerror(const char *format, ...) { - va_list ap; - - va_start(ap, format); - openlog("pam_console", LOG_CONS|LOG_PID, LOG_AUTHPRIV); - vsyslog(LOG_PID|LOG_AUTHPRIV|LOG_ERR, format, ap); - va_end(ap); -} - -static void empty_class(class *c) { free(c->name); c->name = NULL; diff --git a/pam_console/console.handlers b/pam_console/console.handlers index 98cc071..887e62f 100644 --- a/pam_console/console.handlers +++ b/pam_console/console.handlers @@ -10,10 +10,10 @@ # See man console.handlers # # Example: -# console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9] +# console consoledevs (/dev/)?(tty|vc/)[1-9][0-9]* :[0-9]+(\.[0-9]+)? # echo lock wait Locking console for user on tty # touch unlock wait /var/run/console-unlocked -console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+ +console consoledevs (/dev/)?(tty|vc/)[1-9][0-9]* :[0-9]+(\.[0-9]+)? /sbin/pam_console_apply lock logfail wait -t tty -s /sbin/pam_console_apply unlock logfail wait -r -t tty -s diff --git a/pam_console/console.perms b/pam_console/console.perms index 75dc90a..1493e88 100644 --- a/pam_console/console.perms +++ b/pam_console/console.perms @@ -18,8 +18,9 @@ # Rather a new file in the console.perms.d directory should be created. # file classes -- these are regular expressions -=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+ -=:[0-9]+\.[0-9]+ :[0-9]+ +=(/dev/)?(tty|vc/)[0-9]+ :[0-9]+(\.[0-9]+)? +=:[0-9]+(\.[0-9]+)? +=(/dev/)?pts/[0-9]+ # device classes -- see console.perms.d/50-default.perms # permission definitions -- see console.perms.d/50-default.perms diff --git a/pam_console/hashtable.c b/pam_console/hashtable.c index 4e1698d..06b72c2 100644 --- a/pam_console/hashtable.c +++ b/pam_console/hashtable.c @@ -64,7 +64,7 @@ hashtable_expand(struct hashtable *h) struct entry **newtable; struct entry *e; struct entry **pE; - unsigned int newsize, i, index; + unsigned int newsize, i, idx; /* Check we're not hitting max capacity */ if (h->primeindex == (prime_table_length - 1)) return 0; newsize = primes[++(h->primeindex)]; @@ -78,9 +78,9 @@ hashtable_expand(struct hashtable *h) for (i = 0; i < h->tablelength; i++) { while (NULL != (e = h->table[i])) { h->table[i] = e->next; - index = indexFor(newsize,e->h); - e->next = newtable[index]; - newtable[index] = e; + idx = indexFor(newsize,e->h); + e->next = newtable[idx]; + newtable[idx] = e; } } free(h->table); @@ -96,16 +96,16 @@ hashtable_expand(struct hashtable *h) memset(newtable[h->tablelength], 0, newsize - h->tablelength); for (i = 0; i < h->tablelength; i++) { for (pE = &(newtable[i]), e = *pE; e != NULL; e = *pE) { - index = indexFor(newsize,e->h); - if (index == i) + idx = indexFor(newsize,e->h); + if (idx == i) { pE = &(e->next); } else { *pE = e->next; - e->next = newtable[index]; - newtable[index] = e; + e->next = newtable[idx]; + newtable[idx] = e; } } } @@ -127,7 +127,7 @@ int hashtable_insert(struct hashtable *h, void *k, void *v) { /* This method allows duplicate keys - but they shouldn't be used */ - unsigned int index; + unsigned int idx; struct entry *e; if (++(h->entrycount) > h->loadlimit) { @@ -140,11 +140,11 @@ hashtable_insert(struct hashtable *h, void *k, void *v) e = (struct entry *)malloc(sizeof(struct entry)); if (NULL == e) { --(h->entrycount); return 0; } /*oom*/ e->h = hash(h,k); - index = indexFor(h->tablelength,e->h); + idx = indexFor(h->tablelength,e->h); e->k = k; e->v = v; - e->next = h->table[index]; - h->table[index] = e; + e->next = h->table[idx]; + h->table[idx] = e; return -1; } @@ -153,10 +153,10 @@ void * /* returns value associated with key */ hashtable_search(struct hashtable *h, void *k) { struct entry *e; - unsigned int hashvalue, index; + unsigned int hashvalue, idx; hashvalue = hash(h,k); - index = indexFor(h->tablelength,hashvalue); - e = h->table[index]; + idx = indexFor(h->tablelength,hashvalue); + e = h->table[idx]; while (NULL != e) { /* Check hash value to short circuit heavier comparison */ @@ -176,11 +176,11 @@ hashtable_remove(struct hashtable *h, void *k, int free_key) struct entry *e; struct entry **pE; void *v; - unsigned int hashvalue, index; + unsigned int hashvalue, idx; hashvalue = hash(h,k); - index = indexFor(h->tablelength,hash(h,k)); - pE = &(h->table[index]); + idx = indexFor(h->tablelength,hash(h,k)); + pE = &(h->table[idx]); e = *pE; while (NULL != e) { diff --git a/pam_console/pam_console.c b/pam_console/pam_console.c index 46e5b26..d180c7c 100644 --- a/pam_console/pam_console.c +++ b/pam_console/pam_console.c @@ -307,7 +307,7 @@ top: */ _pam_log(pamh, LOG_ERR, FALSE, "ignoring stale lock on file %s by process %d", - lockinfo.l_pid, filename); + filename, lockinfo.l_pid); } /* it is possible at this point that the file has been removed @@ -378,7 +378,8 @@ return_error: } PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { /* getuid() must return an id that maps to a username as a filename in * /var/run/console/ @@ -471,13 +472,15 @@ error_return: } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { /* Create /var/run/console/console.lock if it does not exist * Create /var/run/console/ if it does not exist @@ -547,7 +550,8 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { /* Get /var/run/console/ use count, leave it locked * If use count is now 1: diff --git a/pam_console/pam_console.h b/pam_console/pam_console.h index fa3bbee..184368d 100644 --- a/pam_console/pam_console.h +++ b/pam_console/pam_console.h @@ -16,7 +16,7 @@ #define TRUE (!FALSE) #endif -void +void PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4)) _pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...); void diff --git a/pam_console/pam_console_apply.c b/pam_console/pam_console_apply.c index 8cf08a1..be92cc1 100644 --- a/pam_console/pam_console_apply.c +++ b/pam_console/pam_console_apply.c @@ -41,9 +41,7 @@ _pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...) if (debug_p && !debug) return; va_start(args, format); if (syslogging) { - openlog("pam_console_apply", LOG_CONS|LOG_PID, LOG_AUTHPRIV); vsyslog(err, format, args); - closelog(); } else { vfprintf(stderr, format, args); @@ -52,12 +50,6 @@ _pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...) va_end(args); } -static int -pf_glob_errorfn(const char *epath, int eerrno) -{ - return 0; -} - static void parse_files(void) { @@ -73,11 +65,10 @@ parse_files(void) on system locale */ oldlocale = setlocale(LC_COLLATE, "C"); - rc = glob(PERMS_GLOB, GLOB_NOCHECK, pf_glob_errorfn, &globbuf); + rc = glob(PERMS_GLOB, GLOB_NOCHECK, NULL, &globbuf); setlocale(LC_COLLATE, oldlocale); - if (rc == GLOB_NOSPACE) { + if (rc) return; - } for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { parse_file(globbuf.gl_pathv[i]); @@ -130,6 +121,9 @@ main(int argc, char **argv) } } + if (syslogging) + openlog("pam_console_apply", LOG_CONS|LOG_PID, LOG_AUTH); + for (i = argc-1; i >= optind; i--) { files = g_slist_prepend(files, argv[i]); } diff --git a/pam_console/pstack.c b/pam_console/pstack.c new file mode 100644 index 0000000..a714c45 --- /dev/null +++ b/pam_console/pstack.c @@ -0,0 +1,87 @@ +/* + Plain stack implementation. + Copyright (C) 2001 Dmitry V. Levin + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +#include +#include +#include "pstack.h" + +struct plain_stack +{ + size_t allocated; + size_t used; + const char **memory; +}; + +STATIC pstack +stack_alloc(void) +{ + return calloc(1, sizeof(struct plain_stack)); +} + +STATIC void +stack_free(pstack s) +{ + if (s) + { + free(s->memory); + s->memory = 0; + free(s); + } +} + +STATIC pstack +stack_push(pstack s, const char *data) +{ + if (s->used == s->allocated) + { + size_t need = + (s->allocated ? (s->allocated << 1) : 2) * + sizeof(void *); + void *mem; + + if (!need) + return 0; + + mem = realloc(s->memory, need); + if (!mem) + return 0; + + s->memory = (const char **) mem; + s->allocated = need / sizeof(void *); + } + s->memory[s->used++] = data; + return s; +} + +STATIC const char * +stack_pop(pstack s) +{ + return (s->used) ? s->memory[--s->used] : 0; +} + +STATIC const char * +stack_lookup(pstack s, const char *sample) +{ + size_t i; + + for (i = 0; i < s->used; ++i) + if (!strcmp(sample, s->memory[i])) + return s->memory[i]; + return 0; +} diff --git a/pam_console/pstack.h b/pam_console/pstack.h new file mode 100644 index 0000000..e42b218 --- /dev/null +++ b/pam_console/pstack.h @@ -0,0 +1,17 @@ +#ifndef _PSTACK_H +#define _PSTACK_H + +#ifndef STATIC +#define STATIC +#endif + +struct plain_stack; +typedef struct plain_stack *pstack; + +STATIC pstack stack_alloc(void); +STATIC void stack_free(pstack); +STATIC pstack stack_push(pstack, const char *); +STATIC const char *stack_pop(pstack); +STATIC const char *stack_lookup(pstack, const char *); + +#endif /* _PSTACK_H */ diff --git a/pam_timestamp/pam_timestamp.c b/pam_timestamp/pam_timestamp.c index 0804a06..91e3e37 100644 --- a/pam_timestamp/pam_timestamp.c +++ b/pam_timestamp/pam_timestamp.c @@ -345,7 +345,8 @@ verbose_success(pam_handle_t *pamh, int debug, int diff) } PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { struct stat st; time_t interval = DEFAULT_TIMESTAMP_TIMEOUT; @@ -527,13 +528,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { char path[BUFLEN], subdir[BUFLEN], *mac, *text, *p; size_t maclen; @@ -632,7 +635,8 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; }