nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam
- From: "Commits of the nss-pam-ldapd project." <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam
- Date: Mon, 10 May 2010 22:59:54 +0200 (CEST)
Author: arthur
Date: Mon May 10 22:59:52 2010
New Revision: 1098
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1098
Log:
replace my_pam_warn() with pam_info() and pam_error() and provide replacement
for pam_prompt() also using it in our pam_get_authtok() replacement
Added:
nss-pam-ldapd/compat/pam_prompt.c
Modified:
nss-pam-ldapd/compat/Makefile.am
nss-pam-ldapd/compat/pam_compat.h
nss-pam-ldapd/compat/pam_get_authtok.c
nss-pam-ldapd/configure.ac
nss-pam-ldapd/pam/pam.c
Modified: nss-pam-ldapd/compat/Makefile.am
==============================================================================
--- nss-pam-ldapd/compat/Makefile.am Sun May 9 13:40:26 2010 (r1097)
+++ nss-pam-ldapd/compat/Makefile.am Mon May 10 22:59:52 2010 (r1098)
@@ -26,7 +26,7 @@
daemon.c daemon.h \
ether.c ether.h \
ldap_compat.h pagectrl.c ldap_passwd_s.c ldap_initialize.c \
- pam_compat.h pam_get_authtok.c
+ pam_compat.h pam_get_authtok.c pam_prompt.c
libcompat_a_SOURCES = getpeercred.c getpeercred.h
libcompat_a_LIBADD = @LIBOBJS@
Modified: nss-pam-ldapd/compat/pam_compat.h
==============================================================================
--- nss-pam-ldapd/compat/pam_compat.h Sun May 9 13:40:26 2010 (r1097)
+++ nss-pam-ldapd/compat/pam_compat.h Mon May 10 22:59:52 2010 (r1098)
@@ -40,7 +40,23 @@
/* define our own replacement pam_get_authtok() if it wasn't found */
#ifndef HAVE_PAM_GET_AUTHTOK
int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const
char *prompt);
-#endif /* HAVE_PAM_GET_AUTHTOK */
+#endif /* not HAVE_PAM_GET_AUTHTOK */
+
+/* replace pam_prompt() if needed */
+#ifndef HAVE_PAM_PROMPT
+int pam_prompt(pam_handle_t *pamh,int style,char **response,const char
*format,...)
+ LIKE_PRINTF(4,5);
+#endif /* not HAVE_PAM_PROMPT */
+
+/* provide pam_info() if needed */
+#ifndef pam_info
+#define pam_info(pamh, fmt...) pam_prompt(pamh,PAM_TEXT_INFO,NULL,__VA_ARGS__)
+#endif /* not pam_info */
+
+/* provide pam_error() if needed */
+#ifndef pam_error
+#define pam_error(pamh, fmt...) pam_prompt(pamh,PAM_ERROR_MSG,NULL,__VA_ARGS__)
+#endif /* not pam_error */
/* fall back to using getpwnam() if pam_modutil_getpwnam() isn't defined */
#ifndef HAVE_PAM_MODUTIL_GETGWNAM
Modified: nss-pam-ldapd/compat/pam_get_authtok.c
==============================================================================
--- nss-pam-ldapd/compat/pam_get_authtok.c Sun May 9 13:40:26 2010
(r1097)
+++ nss-pam-ldapd/compat/pam_get_authtok.c Mon May 10 22:59:52 2010
(r1098)
@@ -32,41 +32,12 @@
#include "compat/attrs.h"
#include "compat/pam_compat.h"
-static int prompt_passwd(struct pam_conv *conv,const char *prompt,
- char **passwd)
-{
- struct pam_message msg,*msgs[1];
- struct pam_response *resp;
- int rc;
- /* provide fallback */
- *passwd=NULL;
- /* set up prompt */
- msg.msg_style=PAM_PROMPT_ECHO_OFF;
- msg.msg=prompt;
- msgs[0]=&msg;
- resp=NULL;
- rc=conv->conv(1,(const struct pam_message **)msgs,&resp,conv->appdata_ptr);
- if (rc!=PAM_SUCCESS)
- return rc;
- else if (resp==NULL)
- return PAM_CONV_ERR;
- else if (resp[0].resp==NULL)
- {
- free(resp);
- return PAM_CONV_ERR;
- }
- *passwd=resp[0].resp;
- resp[0].resp=NULL;
- free(resp);
- return PAM_SUCCESS;
-}
int pam_get_authtok(pam_handle_t *pamh,int item,const char **authtok,const
char *prompt)
{
int rc;
char *passwd=NULL,*retype_passwd=NULL;
const void *oldauthtok;
- struct pam_conv *conv;
char retype_prompt[80];
/* first try to see if the value is already on the stack */
*authtok=NULL;
@@ -89,18 +60,14 @@
else
prompt=(prompt!=NULL)?prompt:"Password: ";
}
- /* get PAM_CONV */
- rc=pam_get_item(pamh,PAM_CONV,(const void **)&conv);
- if (rc!=PAM_SUCCESS)
- return rc;
/* prepare prompt and get password */
- rc=prompt_passwd(conv,prompt,&passwd);
+ rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&passwd,"%s",prompt);
if (rc!=PAM_SUCCESS)
return rc;
/* if a second prompt should be presented, do it */
if (*retype_prompt)
{
- rc=prompt_passwd(conv,retype_prompt,&retype_passwd);
+ rc=pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&retype_passwd,"%s",retype_prompt);
/* check passwords */
if ((rc==PAM_SUCCESS)&&(strcmp(retype_passwd,passwd)!=0))
rc=PAM_AUTHTOK_RECOVERY_ERR;
Added: nss-pam-ldapd/compat/pam_prompt.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ nss-pam-ldapd/compat/pam_prompt.c Mon May 10 22:59:52 2010 (r1098)
@@ -0,0 +1,72 @@
+/*
+ pam_prompt.c - replacement function for pam_prompt()
+
+ Copyright (C) 2010 Arthur de Jong
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA
+*/
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "compat/attrs.h"
+#include "compat/pam_compat.h"
+
+int pam_prompt(pam_handle_t *pamh,int style,char **response,const char
*format,...)
+{
+ int rc;
+ struct pam_conv *aconv;
+ char buffer[200];
+ va_list ap;
+ struct pam_message msg, *pmsg;
+ struct pam_response *resp;
+ /* the the conversion function */
+ rc=pam_get_item(pamh,PAM_CONV,(const void **)&aconv);
+ if (rc!=PAM_SUCCESS)
+ return rc;
+ /* make the message string */
+ va_start(ap,format);
+ vsnprintf(buffer,sizeof(buffer),format,ap);
+ buffer[sizeof(buffer)-1]='\0';
+ va_end(ap);
+ /* build the message */
+ msg.msg_style=style;
+ msg.msg=buffer;
+ pmsg=&msg;
+ resp=NULL;
+ rc=aconv->conv(1,(const struct pam_message
**)&pmsg,&resp,aconv->appdata_ptr);
+ if (rc!=PAM_SUCCESS)
+ return rc;
+ /* assign response if it is set */
+ if (response!=NULL)
+ {
+ if (resp==NULL)
+ return PAM_CONV_ERR;
+ if (resp[0].resp==NULL)
+ {
+ free(resp);
+ return PAM_CONV_ERR;
+ }
+ *response=resp[0].resp;
+ }
+ else
+ free(resp[0].resp);
+ free(resp);
+ return PAM_SUCCESS;
+}
Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac Sun May 9 13:40:26 2010 (r1097)
+++ nss-pam-ldapd/configure.ac Mon May 10 22:59:52 2010 (r1098)
@@ -308,8 +308,8 @@
save_LIBS="$LIBS"
# find pam library
AC_SEARCH_LIBS(pam_get_data,pam,,AC_MSG_ERROR(no PAM library available))
- # replace the pam_get_authtok() function if it's unavailable
- AC_REPLACE_FUNCS(pam_get_authtok)
+ # replace some PAM functions if they are unavailable
+ AC_REPLACE_FUNCS(pam_get_authtok pam_prompt)
AC_CHECK_FUNCS(pam_modutil_getpwnam)
# restore CFLAGS and LIBS
CFLAGS="$save_CFLAGS"
Modified: nss-pam-ldapd/pam/pam.c
==============================================================================
--- nss-pam-ldapd/pam/pam.c Sun May 9 13:40:26 2010 (r1097)
+++ nss-pam-ldapd/pam/pam.c Mon May 10 22:59:52 2010 (r1098)
@@ -351,26 +351,6 @@
return PAM_SUCCESS;
}
-static int my_pam_warn(
- struct pam_conv *aconv, const char *message, int style, int no_warn)
-{
- struct pam_message msg, *pmsg;
- struct pam_response *resp;
-
- if (no_warn)
- return PAM_SUCCESS;
-
- pmsg=&msg;
-
- msg.msg_style=style;
- msg.msg=(char *)message;
- resp=NULL;
-
- return aconv->conv(1,
- (const struct pam_message **) &pmsg,
- &resp, aconv->appdata_ptr);
-}
-
/* perform an authorisation call over nslcd */
static int nslcd_request_authz(pld_ctx *ctx,const char *username,
const char *service,const char *ruser,
@@ -397,7 +377,6 @@
const char *username,*svc,*ruser,*rhost,*tty;
int no_warn=0, ignore_flags=0;
int i;
- struct pam_conv *appconv;
pld_ctx *ctx=NULL, ctx2;
uid_t minimum_uid=0;
struct passwd *pwent;
@@ -425,9 +404,6 @@
if (flags&PAM_SILENT)
no_warn=1;
- rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
- if (rc!=PAM_SUCCESS)
- return rc;
/* get user name */
rc=pam_get_user(pamh,(const char **)&username,NULL);
if (rc!=PAM_SUCCESS)
@@ -472,18 +448,21 @@
if (rc!=PAM_SUCCESS)
{
if (rc!=PAM_IGNORE)
- my_pam_warn(appconv,"LDAP authorization failed",PAM_ERROR_MSG,no_warn);
+ if (!no_warn)
+ pam_error(pamh,"LDAP authorization failed");
}
else
{
rc=ctx2.authz;
if (ctx2.authzmsg && ctx2.authzmsg[0])
- my_pam_warn(appconv,ctx2.authzmsg,PAM_TEXT_INFO,no_warn);
+ if (!no_warn)
+ pam_info(pamh,"%s",ctx2.authzmsg);
if (ctx2.authz==PAM_SUCCESS)
{
rc=ctx->authz;
if (ctx->authzmsg && ctx->authzmsg[0])
- my_pam_warn(appconv,ctx->authzmsg,PAM_TEXT_INFO,no_warn);
+ if (!no_warn)
+ pam_info(pamh,"%s",ctx->authzmsg);
}
}
@@ -583,15 +562,11 @@
pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int rc, no_warn=0;
- struct pam_conv *appconv;
-
- rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
- if (rc!=PAM_SUCCESS)
- return rc;
rc=pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_O,&no_warn);
if ((rc!=PAM_SUCCESS)&&(rc!=PAM_IGNORE))
- my_pam_warn(appconv,"LDAP open_session failed",PAM_ERROR_MSG,no_warn);
+ if (!no_warn)
+ pam_error(pamh,"LDAP open_session failed");
return rc;
}
@@ -599,15 +574,11 @@
pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int rc, no_warn=0;
- struct pam_conv *appconv;
-
- rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
- if (rc!=PAM_SUCCESS)
- return rc;
rc=pam_sm_session(pamh,flags,argc,argv,NSLCD_ACTION_PAM_SESS_C,&no_warn);
if ((rc!=PAM_SUCCESS)&&(rc!=PAM_IGNORE))
- my_pam_warn(appconv,"LDAP close_session failed",PAM_ERROR_MSG,no_warn);
+ if (!no_warn)
+ pam_error(pamh,"LDAP close_session failed");
return rc;
}
@@ -669,7 +640,6 @@
const char *newpassword=NULL;
int first_pass=0, no_warn=0, ignore_flags=0;
int i;
- struct pam_conv *appconv;
pld_ctx *ctx=NULL;
uid_t minimum_uid=0;
struct passwd *pwent;
@@ -699,9 +669,6 @@
if (flags&PAM_SILENT)
no_warn=1;
- rc=pam_get_item(pamh,PAM_CONV,(const void **)&appconv);
- if (rc!=PAM_SUCCESS)
- return rc;
/* get user name */
rc=pam_get_user(pamh,(const char **)&username,NULL);
if (rc!=PAM_SUCCESS)
@@ -778,8 +745,8 @@
rc=PAM_IGNORE;
else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN))
rc=PAM_IGNORE;
- else
- my_pam_warn(appconv,ctx->authzmsg,PAM_ERROR_MSG,no_warn);
+ else if (!no_warn)
+ pam_error(pamh,"%s",ctx->authzmsg);
return rc;
}
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1098 - in nss-pam-ldapd: . compat pam,
Commits of the nss-pam-ldapd project.