lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam



Author: arthur
Date: Mon May 10 22:59:52 2010
New Revision: 1098
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1098

Log:
replace my_pam_warn() with pam_info() and pam_error() and provide replacement 
for pam_prompt() also using it in our pam_get_authtok() replacement

Added:
   nss-pam-ldapd/compat/pam_prompt.c
Modified:
   nss-pam-ldapd/compat/Makefile.am
   nss-pam-ldapd/compat/pam_compat.h
   nss-pam-ldapd/compat/pam_get_authtok.c
   nss-pam-ldapd/configure.ac
   nss-pam-ldapd/pam/pam.c

Modified: nss-pam-ldapd/compat/Makefile.am
==============================================================================
--- nss-pam-ldapd/compat/Makefile.am    Sun May  9 13:40:26 2010        (r1097)
+++ nss-pam-ldapd/compat/Makefile.am    Mon May 10 22:59:52 2010        (r1098)
@@ -26,7 +26,7 @@
              daemon.c daemon.h \
              ether.c ether.h \
              ldap_compat.h pagectrl.c ldap_passwd_s.c ldap_initialize.c \
-             pam_compat.h pam_get_authtok.c
+             pam_compat.h pam_get_authtok.c pam_prompt.c
 
 libcompat_a_SOURCES = getpeercred.c getpeercred.h
 libcompat_a_LIBADD = @LIBOBJS@

Modified: nss-pam-ldapd/compat/pam_compat.h
==============================================================================
--- nss-pam-ldapd/compat/pam_compat.h   Sun May  9 13:40:26 2010        (r1097)
+++ nss-pam-ldapd/compat/pam_compat.h   Mon May 10 22:59:52 2010        (r1098)
@@ -40,7 +40,23 @@
 /* define our own replacement pam_get_authtok() if it wasn't found */
 #ifndef HAVE_PAM_GET_AUTHTOK
 int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const 
char *prompt);
-#endif /* HAVE_PAM_GET_AUTHTOK */
+#endif /* not HAVE_PAM_GET_AUTHTOK */
+
+/* replace pam_prompt() if needed */
+#ifndef HAVE_PAM_PROMPT
+int pam_prompt(pam_handle_t *pamh,int style,char **response,const char 
*format,...)
+  LIKE_PRINTF(4,5);
+#endif /* not HAVE_PAM_PROMPT */
+
+/* provide pam_info() if needed */
+#ifndef pam_info
+#define pam_info(pamh, fmt...) pam_prompt(pamh,PAM_TEXT_INFO,NULL,__VA_ARGS__)
+#endif /* not pam_info */
+
+/* provide pam_error() if needed */
+#ifndef pam_error
+#define pam_error(pamh, fmt...) pam_prompt(pamh,PAM_ERROR_MSG,NULL,__VA_ARGS__)
+#endif /* not pam_error */
 
 /* fall back to using getpwnam() if pam_modutil_getpwnam() isn't defined */
 #ifndef HAVE_PAM_MODUTIL_GETGWNAM

Modified: nss-pam-ldapd/compat/pam_get_authtok.c
==============================================================================
--- nss-pam-ldapd/compat/pam_get_authtok.c      Sun May  9 13:40:26 2010        
(r1097)
+++ nss-pam-ldapd/compat/pam_get_authtok.c      Mon May 10 22:59:52 2010        
(r1098)
@@ -32,41 +32,12 @@
 #include "compat/attrs.h"
 #include "compat/pam_compat.h"
 
-static int prompt_passwd(struct pam_conv *conv,const char *prompt,
-                         char **passwd)
-{
-  struct pam_message msg,*msgs[1];
-  struct pam_response *resp;
-  int rc;
-  /* provide fallback */
-  *passwd=NULL;
-  /* set up prompt */
-  msg.msg_style=PAM_PROMPT_ECHO_OFF;
-  msg.msg=prompt;
-  msgs[0]=&msg;
-  resp=NULL;
-  rc=conv->conv(1,(const struct pam_message **)msgs,&resp,conv->appdata_ptr);
-  if (rc!=PAM_SUCCESS)
-    return rc;
-  else if (resp==NULL)
-    return PAM_CONV_ERR;
-  else if (resp[0].resp==NULL)
-  {
-    free(resp);
-    return PAM_CONV_ERR;
-  }
-  *passwd=resp[0].resp;
-  resp[0].resp=NULL;
-  free(resp);
-  return PAM_SUCCESS;
-}
 
 int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const 
char *prompt)
 {
   int rc;
   char *passwd=NULL,*retype_passwd=NULL;
   const void *oldauthtok;
-  struct pam_conv *conv;
   char retype_prompt[80];
   /* first try to see if the value is already on the stack */
   *authtok=NULL;
@@ -89,18 +60,14 @@
     else
       prompt=(prompt!=NULL)?prompt:"Password: ";
   }
-  /* get PAM_CONV */
-  rc=pam_get_item(pamh,PAM_CONV,(const void **)&conv);
-  if (rc!=PAM_SUCCESS)
-    return rc;
   /* prepare prompt and get password */
-  rc=prompt_passwd(conv,prompt,&passwd);
+  rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&passwd,"%s",prompt);
   if (rc!=PAM_SUCCESS)
     return rc;
   /* if a second prompt should be presented, do it */
   if (*retype_prompt)
   {
-    rc=prompt_passwd(conv,retype_prompt,&retype_passwd);
+    rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&retype_passwd,"%s",retype_prompt);
     /* check passwords */
     if ((rc==PAM_SUCCESS)&&(strcmp(retype_passwd,passwd)!=0))
       rc=PAM_AUTHTOK_RECOVERY_ERR;

Added: nss-pam-ldapd/compat/pam_prompt.c
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ nss-pam-ldapd/compat/pam_prompt.c   Mon May 10 22:59:52 2010        (r1098)
@@ -0,0 +1,72 @@
+/*
+   pam_prompt.c - replacement function for pam_prompt()
+
+   Copyright (C) 2010 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "compat/attrs.h"
+#include "compat/pam_compat.h"
+
+int pam_prompt(pam_handle_t *pamh,int style,char **response,const char 
*format,...)
+{
+  int rc;
+  struct pam_conv *aconv;
+  char buffer[200];
+  va_list ap;
+  struct pam_message msg, *pmsg;
+  struct pam_response *resp;
+  /* the the conversion function */
+  rc=pam_get_item(pamh,PAM_CONV,(const void **)&aconv);
+  if (rc!=PAM_SUCCESS)
+    return rc;
+  /* make the message string */
+  va_start(ap,format);
+  vsnprintf(buffer,sizeof(buffer),format,ap);
+  buffer[sizeof(buffer)-1]='\0';
+  va_end(ap);
+  /* build the message */
+  msg.msg_style=style;
+  msg.msg=buffer;
+  pmsg=&msg;
+  resp=NULL;
+  rc=aconv->conv(1,(const struct pam_message 
**)&pmsg,&resp,aconv->appdata_ptr);
+  if (rc!=PAM_SUCCESS)
+    return rc;
+  /* assign response if it is set */
+  if (response!=NULL)
+  {
+    if (resp==NULL)
+      return PAM_CONV_ERR;
+    if (resp[0].resp==NULL)
+    {
+      free(resp);
+      return PAM_CONV_ERR;
+    }
+    *response=resp[0].resp;
+  }
+  else
+    free(resp[0].resp);
+  free(resp);
+  return PAM_SUCCESS;
+}

Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac  Sun May  9 13:40:26 2010        (r1097)
+++ nss-pam-ldapd/configure.ac  Mon May 10 22:59:52 2010        (r1098)
@@ -308,8 +308,8 @@
   save_LIBS="$LIBS"
   # find pam library
   AC_SEARCH_LIBS(pam_get_data,pam,,AC_MSG_ERROR(no PAM library available))
-  # replace the pam_get_authtok() function if it's unavailable
-  AC_REPLACE_FUNCS(pam_get_authtok)
+  # replace some PAM functions if they are unavailable
+  AC_REPLACE_FUNCS(pam_get_authtok pam_prompt)
   AC_CHECK_FUNCS(pam_modutil_getpwnam)
   # restore CFLAGS and LIBS
   CFLAGS="$save_CFLAGS"

Modified: nss-pam-ldapd/pam/pam.c
==============================================================================
--- nss-pam-ldapd/pam/pam.c     Sun May  9 13:40:26 2010        (r1097)
+++ nss-pam-ldapd/pam/pam.c     Mon May 10 22:59:52 2010        (r1098)
@@ -351,26 +351,6 @@
   return PAM_SUCCESS;
 }
 
-static int my_pam_warn(
-  struct pam_conv *aconv, const char *message, int style, int no_warn)
-{
-  struct pam_message msg, *pmsg;
-  struct pam_response *resp;
-
-  if (no_warn)
-    return PAM_SUCCESS;
-
-  pmsg=&msg;
-
-  msg.msg_style=style;
-  msg.msg=(char *)message;
-  resp=NULL;
-
-  return aconv->conv(1,
-          (const struct pam_message **) &pmsg,
-          &resp, aconv->appdata_ptr);
-}
-
 /* perform an authorisation call over nslcd */
 static int nslcd_request_authz(pld_ctx *ctx,const char *username,
                                const char *service,const char *ruser,
@@ -397,7 +377,6 @@
   const char *username,*svc,*ruser,*rhost,*tty;
   int no_warn=0, ignore_flags=0;
   int i;
-  struct pam_conv *appconv;
   pld_ctx *ctx=NULL, ctx2;
   uid_t minimum_uid=0;
   struct passwd *pwent;
@@ -425,9 +404,6 @@
   if (flags&PAM_SILENT)
     no_warn=1;
 
-  rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
-  if (rc!=PAM_SUCCESS)
-    return rc;
   /* get user name */
   rc=pam_get_user(pamh,(const char **)&username,NULL);
   if (rc!=PAM_SUCCESS)
@@ -472,18 +448,21 @@
   if (rc!=PAM_SUCCESS)
   {
     if (rc!=PAM_IGNORE)
-      my_pam_warn(appconv,"LDAP authorization failed",PAM_ERROR_MSG,no_warn);
+      if (!no_warn)
+        pam_error(pamh,"LDAP authorization failed");
   }
   else
   {
     rc=ctx2.authz;
     if (ctx2.authzmsg && ctx2.authzmsg[0])
-      my_pam_warn(appconv,ctx2.authzmsg,PAM_TEXT_INFO,no_warn);
+      if (!no_warn)
+        pam_info(pamh,"%s",ctx2.authzmsg);
     if (ctx2.authz==PAM_SUCCESS)
     {
       rc=ctx->authz;
       if (ctx->authzmsg && ctx->authzmsg[0])
-        my_pam_warn(appconv,ctx->authzmsg,PAM_TEXT_INFO,no_warn);
+        if (!no_warn)
+          pam_info(pamh,"%s",ctx->authzmsg);
     }
   }
 
@@ -583,15 +562,11 @@
   pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
   int rc, no_warn=0;
-  struct pam_conv *appconv;
-
-  rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
-  if (rc!=PAM_SUCCESS)
-    return rc;
 
   rc=pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_O,&no_warn);
   if ((rc!=PAM_SUCCESS)&&(rc!=PAM_IGNORE))
-    my_pam_warn(appconv,"LDAP open_session failed",PAM_ERROR_MSG,no_warn);
+    if (!no_warn)
+      pam_error(pamh,"LDAP open_session failed");
   return rc;
 }
 
@@ -599,15 +574,11 @@
   pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
   int rc, no_warn=0;
-  struct pam_conv *appconv;
-
-  rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
-  if (rc!=PAM_SUCCESS)
-    return rc;
 
   rc=pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_C,&no_warn);
   if ((rc!=PAM_SUCCESS)&&(rc!=PAM_IGNORE))
-    my_pam_warn(appconv,"LDAP close_session failed",PAM_ERROR_MSG,no_warn);
+    if (!no_warn)
+      pam_error(pamh,"LDAP close_session failed");
   return rc;
 }
 
@@ -669,7 +640,6 @@
   const char *newpassword=NULL;
   int first_pass=0, no_warn=0, ignore_flags=0;
   int i;
-  struct pam_conv *appconv;
   pld_ctx *ctx=NULL;
   uid_t minimum_uid=0;
   struct passwd *pwent;
@@ -699,9 +669,6 @@
   if (flags&PAM_SILENT)
     no_warn=1;
 
-  rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
-  if (rc!=PAM_SUCCESS)
-    return rc;
   /* get user name */
   rc=pam_get_user(pamh,(const char **)&username,NULL);
   if (rc!=PAM_SUCCESS)
@@ -778,8 +745,8 @@
     rc=PAM_IGNORE;
   else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN))
     rc=PAM_IGNORE;
-  else
-    my_pam_warn(appconv,ctx->authzmsg,PAM_ERROR_MSG,no_warn);
+  else if (!no_warn)
+    pam_error(pamh,"%s",ctx->authzmsg);
   return rc;
 }
 
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits