debian/cdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import of the CDE 2.1.30 sources from the Open Group.

Browse Source
This commit is contained in:
Peter Howkins
2012-03-10 18:21:40 +00:00
commit 83b6996daa
18978 changed files with 3945623 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
cde/lib/pam/libpam/Imakefile Normal file
View File

@@ -0,0 +1,36 @@
/* $XConsortium: Imakefile /main/4 1996/04/21 19:12:58 drk $
*
* (c) Copyright 1996 Digital Equipment Corporation.
* (c) Copyright 1996 Hewlett-Packard Company.
* (c) Copyright 1996 International Business Machines Corp.
* (c) Copyright 1995,1996 Sun Microsystems, Inc.
* (c) Copyright 1996 Novell, Inc.
* (c) Copyright 1996 FUJITSU LIMITED.
* (c) Copyright 1996 Hitachi.
*/
#define DoNormalLib NormalLibPam
#define DoSharedLib SharedLibPam
#define DoDebugLib DebugLibPam
#define DoProfileLib ProfileLibPam
#define LibName pam
#define SoRev SOPAMREV
#define IncSubdir security
#include <Threads.tmpl>
HEADERS = pam_appl.h pam_modules.h
SRCS = pam_framework.c pam_framework_utils.c
OBJS = pam_framework.o pam_framework_utils.o
#ifdef SharedPamReqs
REQUIREDLIBS = SharedPamReqs
#endif
DEFINES = -DOPT_INCLUDE_XTHREADS_H
#include <Library.tmpl>
DependTarget()

35
cde/lib/pam/libpam/libpam.elist Normal file
View File

@@ -0,0 +1,35 @@
/****************************************************************************
* Export list for libpam.
* This list *must* be updated whenever a change is made to the libpam API.
*
* The syntax for the symbol declarations in this list is as follows:
* public sym => Public C symbol, i.e., publicised API
* private sym => Private C symbol, i.e., unpublicised API
* internal sym => Internal C symbol, i.e., not part of API
* publicC++ sym => Public C++ symbol, i.e., publicised API
* privateC++ sym => Private C++ symbol, i.e., unpublicised API
* internalC++ sym => Internal C++ symbol, i.e., not part of API
*
* $TOG: libpam.elist /main/1 1999/09/08 15:03:20 mgreess $
*****************************************************************************/
public pam_start
public pam_end
public pam_set_item
public pam_get_item
public pam_get_user
public pam_set_data
public pam_get_data
public pam_strerror
public pam_authenticate
public pam_acct_mgmt
public pam_open_session
public pam_close_session
public pam_setcred
public pam_chauthtok
private __pam_free_resp
private __pam_display_msg
private __pam_get_input
private __pam_get_authtok
private __pam_get_i18n_msg

148
cde/lib/pam/libpam/libpam.msg Normal file
View File

@@ -0,0 +1,148 @@
$ $XConsortium: libpam.msg /main/3 1996/07/24 19:03:44 drk $
$ *************************************<+>*************************************
$ *****************************************************************************
$ **
$ ** File: libpam.msg
$ **
$ ** Project: libpam
$ **
$ ** Description:
$ ** -----------
$ ** This file is the source for the message catalog for libpam library.
$ **
$ **
$ *****************************************************************************
$ **
$ ** (c) Copyright 1995 Sun Microsystems, Inc.
$ ** (c) Copyright 1995 Hewlett-Packard Company
$ ** All Rights reserved
$ **
$ **
$ *****************************************************************************
$ **
$ **
$ *****************************************************************************
$ *************************************<+>*************************************
$ *****************************************************************************
$
$ ***** NOTE FOR MESSAGE CATALOG TRANSLATORS *****
$
$ There may be three types of messages in this file:
$
$ 1. Messages that appear in dialogs or are displayed to the user.
$
$ These messages are the default and they should ALL BE LOCALIZED.
$ Note that these messages do NOT have any identification (see the
$ comments for type 2 and 3 below).
$
$ 2. Messages that only appear in the error log file.
$
$ The localization of these messages is OPTIONAL. These messages are
$ identified by the following:
$
$ MESSAGES xx-yy IN SET zz WILL ONLY APPEAR IN THE DT ERRORLOG FILE
$
$ 3. Messages that should not be localized.
$
$ These messages are identified by the following:
$
$ DO NOT TRANSLATE or CHANGE or LOCALIZE MESSAGES xx-yy from set zz
$
$ ***** END (NOTE FOR MESSAGE CATALOG TRANSLATORS) *****
$
$ ******************************************************************************
$set 2
$ PAM_SUCCESS
1 Success
$ PAM_OPEN_ERR
2 Dlopen failure
$ PAM_SYMBOL_ERR
3 Symbol not found
$ PAM_SERVICE_ERR
4 Error in underlying service module
$ PAM_SYSTEM_ERR
5 System error
$ PAM_BUF_ERR
6 Memory buffer error
$ PAM_CONV_ERR
7 Conversation failure
$ PAM_PERM_DENIED
8 Permission denied
$ PAM_MAXTRIES
9 Maximum number of attempts exceeded
$ PAM_AUTH_ERR
10 Authentication failed
$ PAM_AUTHTOKEN_REQD
11 Get new authentication token
$ PAM_CRED_INSUFFICIENT
12 Insufficient credentials
$ PAM_AUTHINFO_UNAVAIL
13 Can not retrieve authentication info
$ PAM_USER_UNKNOWN
14 No account present for user
$ PAM_CRED_UNAVAIL
15 Can not retrieve user credentials
$ PAM_CRED_EXPIRED
16 User credentials have expired
$ PAM_CRED_ERR
17 Failure setting user credentials
$ PAM_ACCT_EXPIRED
18 User account has expired
$ PAM_AUTHTOK_EXPIRED
19 User password has expired
$ PAM_SESSION_ERR
20 Can not make/remove entry for session
$ PAM_AUTHTOK_ERR
21 Authentication token manipulation error
$ PAM_AUTHTOK_RECOVERY_ERR
22 Authentication token can not be recovered
$ PAM_AUTHTOK_LOCK_BUSY
23 Authentication token lock busy
$ PAM_AUTHTOK_DISABLE_AGING
24 Authentication token aging disabled
$ PAM_NO_MODULE_DATA
25 Module specific data not found
$ PAM_IGNORE
26 Ignore module
$ PAM_ABORT
27 General PAM failure
$ Unknown Error
28 Unknown Error
$ Following messages are from pam_framework_util.c
29 pam_sm_setcred: %s
30 setproc_cred: %s
31 password:
$ from pam_framework.c, default prompt
32 Please enter user name:

27
cde/lib/pam/libpam/pam.conf Normal file
View File

@@ -0,0 +1,27 @@
# $TOG: pam.conf /main/5 1999/02/04 16:16:12 mgreess $
#
# PAM configuration
#
# Authentication management
#
dtlogin auth required /usr/dt/lib/security/pam_unix.so.2.1
other auth required /usr/dt/lib/security/pam_unix.so.2.1
#rsh auth required /usr/dt/lib/security/pam_rhosts_auth.so.1
#rlogin auth sufficient /usr/dt/lib/security/pam_rhosts_auth.so.1
#rlogin auth required /usr/dt/lib/security/pam_rhosts_auth.so.1
#
# Account management
#
dtlogin account required /usr/dt/lib/security/pam_unix.so.2.1
other account required /usr/dt/lib/security/pam_unix.so.2.1
#
# Session management
#
other session required /usr/dt/lib/security/pam_unix.so.2.1
#
# Password management
#
other password required /usr/dt/lib/security/pam_unix.so.2.1

322
cde/lib/pam/libpam/pam_appl.h Normal file
View File

@@ -0,0 +1,322 @@
/* $XConsortium: pam_appl.h /main/5 1996/05/09 04:24:28 drk $ */
/*
* Copyright (c) 1992-1995, by Sun Microsystems, Inc.
* All rights reserved.
*/
#ifndef _PAM_APPL_H
#define _PAM_APPL_H
#pragma ident "@(#)pam_appl.h 1.45 96/02/15 SMI" /* PAM 2.6 */
#include <pwd.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Generic PAM errors */
#define PAM_SUCCESS 0 /* Normal function return */
#define PAM_OPEN_ERR 1 /* Dlopen failure */
#define PAM_SYMBOL_ERR 2 /* Symbol not found */
#define PAM_SERVICE_ERR 3 /* Error in underlying service module */
#define PAM_SYSTEM_ERR 4 /* System error */
#define PAM_BUF_ERR 5 /* Memory buffer error */
#define PAM_CONV_ERR 6 /* Conversation failure */
#define PAM_PERM_DENIED 7 /* Permission denied */
/* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred() */
#define PAM_MAXTRIES 8 /* Maximum number of tries exceeded */
#define PAM_AUTH_ERR 9 /* Authentication failure */
#define PAM_NEW_AUTHTOK_REQD 10 /* Get new auth token from the user */
#define PAM_AUTHTOKEN_REQD PAM_NEW_AUTHTOK_REQD /* backward compatible */
#define PAM_CRED_INSUFFICIENT 11 /* can not access auth data b/c */
/* of insufficient credentials */
#define PAM_AUTHINFO_UNAVAIL 12 /* Can not retrieve auth information */
#define PAM_USER_UNKNOWN 13 /* No account present for user */
/* Errors returned by pam_setcred() */
#define PAM_CRED_UNAVAIL 14 /* can not retrieve user credentials */
#define PAM_CRED_EXPIRED 15 /* user credentials expired */
#define PAM_CRED_ERR 16 /* failure setting user credentials */
/* Errors returned by pam_acct_mgmt() */
#define PAM_ACCT_EXPIRED 17 /* user account has expired */
#define PAM_AUTHTOK_EXPIRED 18 /* Password expired and no longer */
/* usable */
/* Errors returned by pam_open/close_session() */
#define PAM_SESSION_ERR 19 /* can not make/remove entry for */
/* specified session */
/* Errors returned by pam_chauthtok() */
#define PAM_AUTHTOK_ERR 20 /* Authentication token */
/* manipulation error */
#define PAM_AUTHTOK_RECOVERY_ERR 21 /* Old authentication token */
/* cannot be recovered */
#define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token */
/* lock busy */
#define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging */
/* is disabled */
/* Errors returned by pam_get_data */
#define PAM_NO_MODULE_DATA 24 /* module data not found */
/* Errors returned by modules */
#define PAM_IGNORE 25 /* ignore module */
#define PAM_ABORT 26 /* General PAM failure */
#define PAM_TRY_AGAIN 27 /* Unable to update password */
/* Try again another time */
/*
* XXX: Make sure that PAM_TOTAL_ERRNUM = 28 in pam_impl.h
*/
/*
* structure pam_message is used to pass prompt, error message,
* or any text information from scheme to application/user.
*/
struct pam_message {
int msg_style; /* Msg_style - see below */
char *msg; /* Message string */
};
/*
* msg_style defines the interaction style between the
* scheme and the application.
*/
#define PAM_PROMPT_ECHO_OFF 1 /* Echo off when getting response */
#define PAM_PROMPT_ECHO_ON 2 /* Echo on when getting response */
#define PAM_ERROR_MSG 3 /* Error message */
#define PAM_TEXT_INFO 4 /* Textual information */
/* max # of authentication token attributes */
#define PAM_MAX_NUM_ATTR 10
/* max size (in chars) of an authentication token attribute */
#define PAM_MAX_ATTR_SIZE 80
/*
* max # of messages passed to the application through the
* conversation function call
*/
#define PAM_MAX_NUM_MSG 32
/*
* max size (in chars) of each messages passed to the application
* through the conversation function call
*/
#define PAM_MAX_MSG_SIZE 512
/*
* max size (in chars) of each response passed from the application
* through the conversation function call
*/
#define PAM_MAX_RESP_SIZE 512
/*
* structure pam_response is used by the scheme to get the user's
* response back from the application/user.
*/
struct pam_response {
char *resp; /* Response string */
int resp_retcode; /* Return code - for future use */
};
/*
* structure pam_conv is used by authentication applications for passing
* call back function pointers and application data pointers to the scheme
*/
struct pam_conv {
int (*conv)(int, struct pam_message **,
struct pam_response **, void *);
void *appdata_ptr; /* Application data ptr */
};
/* the pam handle */
typedef struct pam_handle pam_handle_t;
/*
* pam_start() is called to initiate an authentication exchange
* with PAM.
*/
extern int
pam_start(
const char *service_name, /* Service Name */
const char *user, /* User Name */
const struct pam_conv *pam_conv, /* Conversation structure */
pam_handle_t **pamh /* Address to store handle */
);
/*
* pam_end() is called to end an authentication exchange with PAM.
*/
extern int
pam_end(
pam_handle_t *pamh, /* handle from pam_start() */
int status /* the final status value that */
/* gets passed to cleanup functions */
);
/*
* pam_set_item is called to store an object in PAM handle.
*/
extern int
pam_set_item(
pam_handle_t *pamh, /* PAM handle */
int item_type, /* Type of object - see below */
const void *item /* Address of place to put pointer */
/* to object */
);
/*
* pam_get_item is called to retrieve an object from the static data area
*/
extern int
pam_get_item(
const pam_handle_t *pamh, /* PAM handle */
int item_type, /* Type of object - see below */
void ** item /* Address of place to put pointer */
/* to object */
);
/* Items supported by pam_[sg]et_item() calls */
#define PAM_SERVICE 1 /* The program/service name */
#define PAM_USER 2 /* The user name */
#define PAM_TTY 3 /* The tty name */
#define PAM_RHOST 4 /* The remote host name */
#define PAM_CONV 5 /* The conversation structure */
#define PAM_AUTHTOK 6 /* The authentication token */
#define PAM_OLDAUTHTOK 7 /* Old authentication token */
#define PAM_RUSER 8 /* The remote user name */
#define PAM_USER_PROMPT 9 /* The user prompt */
/*
* pam_get_user is called to retrieve the user name (PAM_USER). If PAM_USER
* is not set then this call will prompt for the user name using the
* conversation function. This function should only be used by modules, not
* applications.
*/
extern int
pam_get_user(
pam_handle_t *pamh, /* PAM handle */
char **user, /* User Name */
const char *prompt /* Prompt */
);
/*
* pam_set_data is used to create module specific data, and
* to optionally add a cleanup handler that gets called by pam_end.
*
*/
extern int
pam_set_data(
pam_handle_t *pamh, /* PAM handle */
const char *module_data_name, /* unique module data name */
const void *data, /* the module specific data */
void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)
);
/*
* get module specific data set by pam_set_scheme_data.
* returns PAM_NO_MODULE_DATA if specified module data was not found.
*/
extern int
pam_get_data(
const pam_handle_t *pamh,
const char *module_data_name,
void **data
);
/*
* PAM equivalent to strerror();
*/
extern char *
pam_strerror(
pam_handle_t *pamh, /* pam handle */
int errnum /* error number */
);
/* general flag for pam_* functions */
#define PAM_SILENT 0x80000000
/*
* pam_authenticate is called to authenticate the current user.
*/
extern int
pam_authenticate(
pam_handle_t *pamh,
int flags
);
/*
* Flags for pam_authenticate
*/
#define PAM_DISALLOW_NULL_AUTHTOK 2 /* The password must be non-null */
/*
* pam_acct_mgmt is called to perform account management processing
*/
extern int
pam_acct_mgmt(
pam_handle_t *pamh,
int flags
);
/*
* pam_open_session is called to note the initiation of new session in the
* appropriate administrative data bases.
*/
extern int
pam_open_session(
pam_handle_t *pamh,
int flags
);
/*
* pam_close_session records the termination of a session.
*/
extern int
pam_close_session(
pam_handle_t *pamh,
int flags
);
/* pam_setcred is called to set the credentials of the current user */
extern int
pam_setcred(
pam_handle_t *pamh,
int flags
);
/* flags for pam_setcred() */
#define PAM_ESTABLISH_CRED 1 /* set scheme specific user id */
#define PAM_DELETE_CRED 2 /* unset scheme specific user id */
#define PAM_REINITIALIZE_CRED 4 /* reinitialize user credentials */
/* (after a password has changed */
#define PAM_REFRESH_CRED 8 /* extend lifetime of credentials */
/* pam_chauthtok is called to change authentication token */
extern int
pam_chauthtok(
pam_handle_t *pamh,
int flags
);
/*
* Be careful - there are flags defined for pam_sm_chauthtok() in
* pam_modules.h also.
*/
#define PAM_CHANGE_EXPIRED_AUTHTOK 4 /* update expired passwords only */
#ifdef __cplusplus
}
#endif
#endif /* _PAM_APPL_H */

1797
cde/lib/pam/libpam/pam_framework.c Normal file
View File

File diff suppressed because it is too large Load Diff

866
cde/lib/pam/libpam/pam_framework_utils.c Normal file
View File

@@ -0,0 +1,866 @@
/* $XConsortium: pam_framework_utils.c /main/8 1996/11/20 11:07:39 drk $ */
/*
* Copyright (c) 1992-1995, by Sun Microsystems, Inc.
* All rights reserved.
*/
#ident "@(#)pam_framework_utils.c 1.37 95/12/20 SMI" /* */
#include <syslog.h>
#include <dlfcn.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <utmpx.h>
#include <string.h>
#include <malloc.h>
#include <unistd.h>
#include <libintl.h>
#include <synch.h>
#include <shadow.h>
#include <locale.h>
#include <stdio.h>
#include <nl_types.h>
#include <X11/Xthreads.h>
#include <X11/Xos.h>
#include <errno.h>
#ifdef X_NOT_STDC_ENV
extern int errno;
#endif
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include "pam_impl.h"
#include "pam_loc.h"
static void __pam_msg_destroy(void *);
static char * __pam_thread_backup(char *);
static int __pam_input_output(pam_handle_t *, int, int, char [][], void *,
struct pam_response **);
/*
* __pam_free_resp():
* free storage for responses used in the call back "pam_conv" functions
*/
void
__pam_free_resp(int num_msg, struct pam_response *resp)
{
int i;
struct pam_response *r;
if (resp) {
r = resp;
for (i = 0; i < num_msg; i++, r++) {
if (r->resp)
free(r->resp);
}
free(resp);
}
}
/*
* __pam_display_msg():
* display message by calling the call back functions
* provided by the application through "pam_conv" structure
*/
int
__pam_display_msg(pamh, msg_style, num_msg, messages, conv_apdp)
pam_handle_t *pamh;
int msg_style;
int num_msg;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
void *conv_apdp;
{
struct pam_response *ret_respp = NULL;
return (__pam_input_output(pamh, msg_style, num_msg, messages,
conv_apdp, &ret_respp));
}
int
__pam_get_input(pamh, msg_style, num_msg, messages, conv_apdp, ret_respp)
pam_handle_t *pamh;
int msg_style;
int num_msg;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
void *conv_apdp;
struct pam_response **ret_respp;
{
return (__pam_input_output(pamh, msg_style, num_msg, messages,
conv_apdp, ret_respp));
}
static int
__pam_input_output(pamh, msg_style, num_msg, messages, conv_apdp, ret_respp)
pam_handle_t *pamh;
int msg_style;
int num_msg;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
void *conv_apdp;
struct pam_response **ret_respp;
{
struct pam_message *msg;
struct pam_message *m;
int i;
int k;
int retcode;
struct pam_conv *pam_convp;
if ((retcode = pam_get_item(pamh, PAM_CONV, (void **)&pam_convp))
!= PAM_SUCCESS) {
return (retcode);
}
if (pam_convp == NULL)
return (PAM_SYSTEM_ERR);
i = 0;
k = num_msg;
msg = (struct pam_message *)calloc(num_msg,
sizeof (struct pam_message));
if (msg == NULL) {
return (PAM_BUF_ERR);
}
m = msg;
while (k--) {
/*
* fill out the message structure to display prompt message
*/
m->msg_style = msg_style;
m->msg = messages[i];
m++;
i++;
}
/*
* Call conv function to display the prompt.
*/
retcode = (pam_convp->conv)(num_msg, &msg, ret_respp, conv_apdp);
return (retcode);
}
/*
* __pam_get_authtok()
* retrieves a password of length "len" from the pam handle
* (pam_get_item) or from the input stream (pam_get_input).
*
* This function allocates memory for the new authtok.
* Applications calling this function are responsible for
* freeing this memory.
*
* If "source" is
* PAM_HANDLE
* and "type" is:
* PAM_AUTHTOK - password is taken from pam handle (PAM_AUTHTOK)
* PAM_OLDAUTHTOK - password is taken from pam handle (PAM_OLDAUTHTOK)
*
* If "source" is
* PAM_PROMPT
* and "type" is:
* 0: Prompt for new passwd, do not even attempt
* to store it in the pam handle.
* PAM_AUTHTOK: Prompt for new passwd, store in pam handle as
* PAM_AUTHTOK item if this value is not already set.
* PAM_OLDAUTHTOK: Prompt for new passwd, store in pam handle as
* PAM_OLDAUTHTOK item if this value is not
* already set.
*/
int
__pam_get_authtok(pam_handle_t *pamh, int source, int type, int len,
char *prompt, char **authtok)
{
int error = PAM_SYSTEM_ERR;
char *new_password = NULL;
struct pam_response *ret_resp = (struct pam_response *)0;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
char *backup_prompt = PAM_MSG(pamh, 31, "password: ");
if (len >= PAM_MAX_RESP_SIZE) {
syslog(LOG_ERR,
"__pam_get_authtok: requested passwd length too long");
return (PAM_BUF_ERR);
}
if ((*authtok = (char *)calloc(len + 1, sizeof (char))) == NULL) {
*authtok = NULL;
return (PAM_BUF_ERR);
}
if (prompt == NULL)
prompt = backup_prompt;
switch (source) {
case PAM_HANDLE:
/* get password from pam handle item list */
switch (type) {
case PAM_AUTHTOK:
case PAM_OLDAUTHTOK:
if ((error = pam_get_item(pamh, type,
(void **)&new_password)) != PAM_SUCCESS) {
free(*authtok);
*authtok = NULL;
return (error);
}
if (new_password == NULL || new_password[0] == '\0') {
free(*authtok);
*authtok = NULL;
} else {
strncpy(*authtok, new_password, len);
(*authtok)[len] = '\0';
}
break;
default:
syslog(LOG_ERR,
"__pam_get_authtok() invalid type: %d", type);
free(*authtok);
*authtok = NULL;
return (PAM_SYMBOL_ERR);
}
break;
case PAM_PROMPT:
/*
* Prompt for new password and save in pam handle item list
* if the that item is not already set.
*/
strncpy(messages[0], prompt, sizeof (messages[0]));
if ((error = __pam_get_input(pamh, PAM_PROMPT_ECHO_OFF,
1, messages, NULL, &ret_resp)) != PAM_SUCCESS) {
free(*authtok);
*authtok = NULL;
return (error);
}
/* save the new password if this item was NULL */
if (type) {
pam_get_item(pamh, type, (void **)&new_password);
if (new_password == NULL)
pam_set_item(pamh, type, ret_resp->resp);
}
strncpy(*authtok, ret_resp->resp, len);
(*authtok)[len] = '\0';
memset(ret_resp->resp, 0, strlen(ret_resp->resp));
__pam_free_resp(1, ret_resp);
break;
default:
syslog(LOG_ERR,
"__pam_get_authtok() invalid source: %d", source);
free(*authtok);
*authtok = NULL;
return (PAM_SYMBOL_ERR);
}
return (PAM_SUCCESS);
}
#if !defined(NL_CAT_LOCALE)
#define NL_CAT_LOCALE 0
#endif
typedef struct _pam_msg_data {
nl_catd fd;
} _pam_msg_data;
static void
__pam_msg_cleanup(
pam_handle_t *pamh,
void *data,
int pam_status)
{
_pam_msg_data *msg_data = (_pam_msg_data *) data;
catclose(msg_data->fd);
free(msg_data);
}
static void
__pam_msg_destroy(void *tsd)
{
if (tsd)
free((char *)tsd);
}
static char *
__pam_thread_backup(char *msg)
{
char *data_buffer = 0;
static xmutex_rec thread_lock = XMUTEX_INITIALIZER;
static xthread_key_t thread_key = 0;
static char fallback_buff[PAM_MAX_MSG_SIZE];
memset(fallback_buff, 0, sizeof (fallback_buff));
if (thread_key == 0) {
xmutex_lock(&thread_lock);
if (thread_key == 0)
xthread_key_create(&thread_key, __pam_msg_destroy);
xmutex_unlock(&thread_lock);
if (thread_key == 0) {
strncat(fallback_buff, msg, PAM_MAX_MSG_SIZE-1);
return (fallback_buff);
}
}
xthread_get_specific(thread_key, (void **)&data_buffer);
if (data_buffer == (char *)NULL) {
if ((data_buffer = (char *)calloc(PAM_MAX_MSG_SIZE,
sizeof (char))) == NULL) {
/* what else can i do? */
strncat(fallback_buff, msg, PAM_MAX_MSG_SIZE-1);
return (fallback_buff);
}
xthread_set_specific(thread_key, (void *)data_buffer);
}
/*
* Memset the buffer because we might have stale data from
* a previous thr_setspecific() call.
*/
memset(data_buffer, 0, PAM_MAX_MSG_SIZE);
strncat(data_buffer, msg, PAM_MAX_MSG_SIZE-1);
return (data_buffer);
}
/*
*
* Function: __pam_get_i18n_msg
*
*
* Parameters:
*
* int set - The message catalog set number.
*
* int n - The message number.
*
* char *s - The default message if the message is not
* retrieved from a message catalog.
*
* Returns: the string for set 'set' and number 'n'.
*
*/
char *
__pam_get_i18n_msg(
pam_handle_t *pamh,
char *filename,
int set,
int n,
char *s)
{
char *msg;
char *output_msg;
nl_catd nlmsg_fd;
/*
* If pam handle was supplied,
* look for stored message file descriptor.
*/
if (pamh != NULL) {
_pam_msg_data *msg_data;
int status = pam_get_data(pamh, filename, (void**) &msg_data);
if (status == PAM_SUCCESS) {
return (catgets(msg_data->fd, set, n, s));
}
if (status == PAM_NO_MODULE_DATA) {
/*
* No message file descriptor found, make and store one.
*/
nlmsg_fd = catopen(filename, NL_CAT_LOCALE);
msg = catgets(nlmsg_fd, set, n, s);
if ((msg_data = (_pam_msg_data *)
calloc(1, sizeof (_pam_msg_data))) == NULL) {
output_msg = __pam_thread_backup(msg);
catclose(nlmsg_fd);
return (output_msg);
}
msg_data->fd = nlmsg_fd;
pam_set_data(pamh, filename, msg_data, __pam_msg_cleanup);
return (msg);
}
}
/* NULL pamh */
nlmsg_fd = catopen(filename, NL_CAT_LOCALE);
msg = catgets(nlmsg_fd, set, n, s);
output_msg = __pam_thread_backup(msg);
catclose(nlmsg_fd);
return (output_msg);
}
#ifdef PAM_MAYBE_WILL_BE_USED_LATER
extern int pam_debug;
/* Errors returned by __setutmp_mgmt/__reset_utmp_mgmt() */
#define __NOENTRY 27 /* No entry found */
#define __ENTRYFAIL 28 /* Couldn't make/remove the entry */
/* Errors returned by __setproc_cred() */
#define __BAD_GID 29 /* Invalid Group ID */
#define __INITGROUP_FAIL 30 /* Initialization of group IDs failed */
#define __BAD_UID 31 /* Invaid User ID */
#define __SETGROUP_FAIL 32 /* Set of group IDs failed */
#define INIT_PROC_PID 1
#define PAMTXD "SUNW_OST_SYSOSPAM"
#define SCPYN(a, b) (void) strncpy(a, b, sizeof (a))
/* utility function to do UTMP/WTMP management */
int
__setutmp_mgmt(
char *user, /* user */
char *ttyn, /* ttyn */
char *rhost, /* remote hostname */
int flags, /* Flags - see below */
int type, /* type of utmp/wtmp entry */
char id[] /* 4 byte id field for utmp */
);
/* Flags for the flags field */
#define __UPDATE_ENTRY 1 /* Update an existing entry */
#define __NOLOG 2 /* Don't log the new session */
#define __LOGIN 4 /* login type entry (sigh...) */
/*
* __reset_utmp_mgmt is a utility function which terminates UTMP/WTMP mgmt
*/
int
__reset_utmp_mgmt(
char **user, /* user */
char **ttyn, /* tty name */
char **rhost, /* remote host */
int flags, /* flags - see below */
int status, /* logout process status */
char id[] /* logout ut_id (/etc/inittab id) */
);
/* flags for the flags field */
#define __NOOP 8 /* No utmp action desired */
/* __setproc_cred is a utility function to set process credentials */
int
__setproc_cred(
char *user, /* user */
int flags, /* flags - see below */
uid_t uid, /* User ID to set for this process */
gid_t gid, /* Group ID */
int ngroups, /* Number of groups */
gid_t *grouplist /* Group list */
);
/* flags indicates specific set credential actions */
#define __INITGROUPS 0x00000001 /* Request to initgroups() */
#define __SETGROUPS 0x00000002 /* Request to setgroups() */
#define __SETEGID 0x00000004 /* Set effective gid only */
#define __SETGID 0x00000008 /* Set real gid */
#define __SETEUID 0x00000010 /* Set effective uid only */
#define __SETUID 0x00000020 /* Set real uid */
#define __SETEID (__SETEGID|__SETEUID) /* Set effective ids only */
#define __SETRID (__SETGID|__SETUID) /* Set real ids */
/*
* __setutmp_mgmt - A utility function used to do UTMP/WTMP management.
* This function is NOT meant to be part of the official
* PAM API, and only serves as a convenience function.
*
* "user" is the current username.
* "ttyn" is the tty name.
* "rhost" is the remote hostname.
* The following flags may be set in the "flags" field:
*
* __UPDATE_ENTRY No new entry will be created if utmp
* entry not found - return __NOENTRY
* __NOLOG Generate a wtmp/wtmpx entry only
* __LOGIN Caller is a login application - update
* utmp entry accordingly
*
* "type" is used to indicate the type of utmp/wtmp entry written
* (see also utmp.h and utmpx.h)
* "id is an optional application-defined 4 byte array that represents
* the /sbin/inittab id (created by the process that puts an entry in
* utmp).
*
* Upon successful completion, PAM_SUCCESS is returned.
* Error values may include:
*
* __NOENTRY An entry for the specified process was not found
* __ENTRYFAIL Could not make/remove entry for specified process
*/
int
__setutmp_mgmt(
char *user,
char *ttyn,
char *rhost,
int flags,
int type,
char id[])
{
int tmplen;
struct utmpx *u = (struct utmpx *)0;
struct utmpx utmp;
char *ttyntail;
int err = PAM_SUCCESS;
if (pam_debug)
syslog(LOG_DEBUG, "pam_open_session(%d)\n", type);
(void) memset((void *)&utmp, 0, sizeof (utmp));
(void) time(&utmp.ut_tv.tv_sec);
utmp.ut_pid = getpid();
if (rhost != NULL && rhost[0] != '\0') {
(void) strcpy(utmp.ut_host, rhost);
tmplen = strlen(rhost) + 1;
if (tmplen < sizeof (utmp.ut_host))
utmp.ut_syslen = tmplen;
else
utmp.ut_syslen = sizeof (utmp.ut_host);
} else {
(void) memset(utmp.ut_host, 0, sizeof (utmp.ut_host));
utmp.ut_syslen = 0;
}
(void) strcpy(utmp.ut_user, user);
/*
* Copy in the name of the tty minus the "/dev/" if a /dev/ is
* in the path name.
*/
if (!(flags&__LOGIN))
SCPYN(utmp.ut_line, ttyn);
ttyntail = ttyn;
utmp.ut_type = type;
if (id != NULL)
(void) memcpy(utmp.ut_id, id, sizeof (utmp.ut_id));
if ((flags & __NOLOG) == __NOLOG) {
updwtmpx(WTMPX_FILE, &utmp);
} else {
/*
* Go through each entry one by one, looking only at INIT,
* LOGIN or USER Processes. Use the entry found if flags == 0
* and the line name matches, or if the process ID matches if
* the UPDATE_ENTRY flag is set. The UPDATE_ENTRY flag is
* mainly for login which normally only wants to update an
* entry if the pid fields matches.
*/
if (flags & __LOGIN) {
while ((u = getutxent()) != NULL) {
if ((u->ut_type == INIT_PROCESS ||
u->ut_type == LOGIN_PROCESS ||
u->ut_type == USER_PROCESS) &&
((flags == __LOGIN && ttyn != NULL &&
strncmp(u->ut_line, ttyntail,
sizeof (u->ut_line)) == 0) ||
u->ut_pid == utmp.ut_pid)) {
if (ttyn)
SCPYN(utmp.ut_line,
(ttyn + sizeof ("/dev/") - 1));
if (id == NULL) {
(void) memcpy(utmp.ut_id, u->ut_id,
sizeof (utmp.ut_id));
}
(void) pututxline(&utmp);
break;
}
} /* end while */
endutxent(); /* Close utmp file */
}
if (u == (struct utmpx *)NULL) {
/* audit_login_main11(); */
if (flags & __UPDATE_ENTRY)
err = __NOENTRY;
else
(void) makeutx(&utmp);
}
else
updwtmpx(WTMPX_FILE, &utmp);
}
return (err);
}
/*
* __reset_utmp_mgmt A utility function used to terminate UTMP/WTMP mgmt.
* This function is NOT meant to be part of the official
* PAM API, and only serves as a convenience function.
*
* "user" is the current username.
* "ttyn" is the tty name.
* "rhost" is the remote hostname.
* The following flags may be set in the "flags" field:
*
* __NOLOG Write a wtmp/wtmpx entry only
* __NOOP Ignore utmp/wtmp processing
*
* "status" is the logout process status.
* "id is an optional application-defined 4 byte array that represents
* the /sbin/inittab id (created by the process that puts an entry in
* utmp).
*
* Upon successful completion, PAM_SUCCESS is returned.
* Error values may include:
*
* __NOENTRY An entry for the specified process was not found
* __ENTRYFAIL Could not make/remove entry for specified process
*/
int
__reset_utmp_mgmt(
char **user,
char **ttyn,
char **rhost,
int flags,
int status,
char id[])
{
struct utmpx *up;
struct utmpx ut;
int err = 0;
int pid;
if (pam_debug)
syslog(LOG_DEBUG, "pam_close_session()\n");
/*
* do we want to do any utmp processing?
*/
if (flags & __NOOP) {
return (PAM_SUCCESS);
}
pid = (int) getpid();
if ((flags & __NOLOG) == __NOLOG) { /* only write to wtmp files */
/* clear utmpx entry */
(void) memset((char *)&ut, 0, sizeof (ut));
if (id != NULL)
(void) memcpy(ut.ut_id, id, sizeof (ut.ut_id));
if (*ttyn != NULL && **ttyn != '\0') {
if (strstr(*ttyn, "/dev/") != NULL)
(void) strncpy(ut.ut_line, (*ttyn+sizeof ("/dev/")-1),
sizeof (ut.ut_line));
else
(void) strncpy(ut.ut_line, *ttyn,
sizeof (ut.ut_line));
}
ut.ut_pid = pid;
ut.ut_type = DEAD_PROCESS;
ut.ut_exit.e_termination = 0;
ut.ut_exit.e_exit = 0;
ut.ut_syslen = 1;
(void) gettimeofday(&ut.ut_tv, NULL);
updwtmpx(WTMPX_FILE, &ut);
return (PAM_SUCCESS);
} else {
setutxent();
while (up = getutxent()) {
if (up->ut_pid == pid) {
if (up->ut_type == DEAD_PROCESS) {
/*
* Cleaned up elsewhere.
*/
endutxent();
return (0);
}
if ((*user = (char *) strdup(up->ut_user))
== NULL ||
(*ttyn = (char *) strdup(up->ut_line))
== NULL ||
(*rhost = (char *) strdup(up->ut_host))
== NULL ||)
return (PAM_BUF_ERR);
up->ut_type = DEAD_PROCESS;
up->ut_exit.e_termination = status & 0xff;
up->ut_exit.e_exit = (status >> 8) & 0xff;
if (id != NULL)
(void) memcpy(up->ut_id, id,
sizeof (up->ut_id));
(void) time(&up->ut_tv.tv_sec);
/*
* For init (Process ID 1) we don't write to
* init's pipe, since we are init.
*/
if (getpid() == INIT_PROC_PID) {
(void) pututxline(up);
/*
* Now attempt to add to the end of the
* wtmp and wtmpx files. Do not create
* if they don't already exist.
*/
updwtmpx("wtmpx", up);
} else {
if (modutx(up) == NULL) {
syslog(LOG_INFO,
"\tmodutx failed");
/*
* Since modutx failed we'll
* write out the new entry
* ourselves.
*/
(void) pututxline(up);
updwtmpx("wtmpx", up);
}
}
endutxent();
return (PAM_SUCCESS);
}
}
endutxent();
return (__NOENTRY);
}
}
/*
* __setproc_cred - A utility function used to set the unix credentials of the
* current process. This function is NOT meant to be part of
* the official PAM API, and only serves as a convenience
* function.
*
* "user" is the current username.
* The following flags may be set in the "flags" field:
*
* __INITGROUPS Initialize the supplementary group access list.
* __SETGROUPS Set the supplementary group access list.
* __SETEGID Set the effective group ID only.
* __SETGID Set the real and effective group IDs.
* __SETEUID Set the effective user ID only.
* __SETUID Set the real and effective user IDs.
* __SETEID Set the effective user and group IDs.
* __SETRID Set the real and effective user and group IDs.
*
* "uid" and "gid" are the values of the user ID and group ID respectively.
* "ngroups" is the number of supplementary groups.
* "grouplist" is a pointer to the list of supplementary groups.
*
* Upon successful completion, PAM_SUCCESS is returned.
* Error values may include:
*
* __BAD_GID Invalid group ID
* __INITGROUP_FAIL Initialization of group ID's failed
* __BAD_UID Invalid user ID
* __SETGROUP_FAIL Set of group ID's failed
*/
int
__setproc_cred(
char *user,
int flags,
uid_t uid,
gid_t gid,
int ngroups,
gid_t *grouplist)
{
int err = 0;
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
/*
* Set the credentials
*/
/* set the effective GID */
if (flags & __SETEGID) {
if (setegid(gid) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 29,
"pam_sm_setcred: %s\n"), strerror(errno));
return (__BAD_GID);
}
}
/* set the real (and effective) GID */
if (flags & __SETGID) {
if (setgid(gid) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 30,
"setproc_cred: %s\n"), strerror(errno));
return (__BAD_GID);
}
}
/*
* Initialize the supplementary group access list.
*/
if (!user)
return (__INITGROUP_FAIL);
if (flags & __INITGROUPS) {
if (initgroups(user, gid) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 29,
"pam_sm_setcred: %s\n"), strerror(errno));
return (__INITGROUP_FAIL);
}
}
/*
* Set the supplementary group access list.
*/
if (flags & __SETGROUPS) {
if (setgroups(ngroups, (gid_t *)grouplist) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 29,
"pam_sm_setcred: %s\n"), strerror(errno));
return (__SETGROUP_FAIL);
}
}
/*
* Set the user id
*/
/* set the effective UID */
if (flags & __SETEUID) {
if (seteuid(uid) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 29
"pam_sm_setcred: %s\n"), strerror(errno));
return (__BAD_UID);
}
}
/* set the real (and effective) UID */
if (flags & __SETUID) {
if (setuid(uid) == -1) {
sprintf(messages[0], PAM_MSG(NULL, 29,
"pam_sm_setcred: %s\n"), strerror(errno));
return (__BAD_UID);
}
}
return (PAM_SUCCESS);
}
#endif

191
cde/lib/pam/libpam/pam_impl.h Normal file
View File

@@ -0,0 +1,191 @@
/* $XConsortium: pam_impl.h /main/4 1996/05/09 04:25:20 drk $ */
/*
* Copyright (c) 1992-1995, by Sun Microsystems, Inc.
* All rights reserved.
*/
#ifndef _PAM_IMPL_H
#define _PAM_IMPL_H
#pragma ident "@(#)pam_impl.h 1.42 96/02/02 SMI" /* PAM 2.6 */
#ifdef __cplusplus
extern "C" {
#endif
#include <shadow.h>
#define PAMTXD "SUNW_OST_SYSOSPAM"
#define AUTH_LIB "/usr/lib/libpam.a"
#define PAM_CONFIG "/etc/pam.conf"
#define PAM_LIB_DIR "/usr/lib/security/"
#define PAM_AUTH_MODULE 0
#define PAM_ACCOUNT_MODULE 1
#define PAM_PASSWORD_MODULE 2
#define PAM_SESSION_MODULE 3
#define PAM_NUM_MODULE_TYPES 4
#define PAM_REQUIRED 1 /* required flag in config file */
#define PAM_OPTIONAL 2 /* optional flag in config file */
#define PAM_SUFFICIENT 4 /* sufficient flag in config file */
/* XXX: Make sure this is correct in pam_appl.h */
#define PAM_TOTAL_ERRNUM 28 /* total # PAM error numbers */
/* authentication module functions */
#define PAM_SM_AUTHENTICATE "pam_sm_authenticate"
#define PAM_SM_SETCRED "pam_sm_setcred"
/* session module functions */
#define PAM_SM_OPEN_SESSION "pam_sm_open_session"
#define PAM_SM_CLOSE_SESSION "pam_sm_close_session"
/* password module functions */
#define PAM_SM_CHAUTHTOK "pam_sm_chauthtok"
/* account module functions */
#define PAM_SM_ACCT_MGMT "pam_sm_acct_mgmt"
#define PAM_MAX_ITEMS 64 /* Max number of items */
/* for modules when calling __pam_get_authtok() */
#define PAM_PROMPT 1 /* prompt user for new password */
#define PAM_HANDLE 2 /* get password from pam handle (item) */
/* utility function prototypes */
extern void
__pam_free_resp(
int num_msg,
struct pam_response *resp
);
extern int
__pam_display_msg(
pam_handle_t *pamh,
int msg_style,
int num_msg,
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE],
void *conv_apdp
);
extern int
__pam_get_input(
pam_handle_t *pamh,
int msg_style,
int num_msg,
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE],
void *conv_apdp,
struct pam_response **ret_respp
);
extern int
__pam_get_authtok(
pam_handle_t *pamh,
int source,
int type,
int len,
char *prompt,
char **authtok
);
extern char *
__pam_get_i18n_msg(
pam_handle_t *pamh,
char *filename,
int set,
int n,
char *string
);
/* file handle for pam.conf */
struct pam_fh {
FILE *fconfig;
char line[256];
};
/* items that can be set/retrieved thru pam_[sg]et_item() */
struct pam_item {
void *pi_addr; /* pointer to item */
int pi_size; /* size of item */
};
/* module specific data stored in the pam handle */
struct pam_module_data {
char *module_data_name; /* unique module data name */
void *data; /* the module specific data */
void (*cleanup)(pam_handle_t *pamh, void *data, int pam_status);
struct pam_module_data *next; /* pointer to next module data */
};
/* each entry from pam.conf is stored here (in the pam handle) */
typedef struct pamtab {
char *pam_service; /* PAM service, e.g. login, rlogin */
int pam_type; /* AUTH, ACCOUNT, PASSWORD, SESSION */
int pam_flag; /* required, optional, sufficient */
char *module_path; /* module library */
int module_argc; /* module specific options */
char **module_argv;
void *function_ptr; /* pointer to struct holding function ptrs */
struct pamtab *next;
} pamtab;
/* the pam handle */
struct pam_handle {
struct pam_item ps_item[PAM_MAX_ITEMS]; /* array of PAM items */
pamtab *pam_conf_info[PAM_NUM_MODULE_TYPES]; /* pam.conf info */
struct pam_module_data *ssd; /* module specific data */
};
/*
* the function_ptr field in struct pamtab
* will point to one of these modules
*/
struct auth_module {
int (*pam_sm_authenticate)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
int (*pam_sm_setcred)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
};
struct password_module {
int (*pam_sm_chauthtok)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
};
struct session_module {
int (*pam_sm_open_session)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
int (*pam_sm_close_session)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
};
struct account_module {
int (*pam_sm_acct_mgmt)(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
};
#ifdef __cplusplus
}
#endif
#endif /* _PAM_IMPL_H */

30
cde/lib/pam/libpam/pam_loc.h Normal file
View File

@@ -0,0 +1,30 @@
/* $XConsortium: pam_loc.h /main/3 1996/05/09 04:25:37 drk $ */
/*
* "@(#)pam_loc.h 1.4 96/02/02
*
* Copyright 1996 Sun Microsystems, Inc.
*
* All Rights reserved
*/
#ifndef _PAM_LOC_H
#define _PAM_LOC_H
#pragma ident "@(#)pam_loc.h 1.4 96/02/02 SMI" /* PAM 2.6 */
#ifdef __cplusplus
extern "C" {
#endif
/*
* PAM_MSG macro for return of internationalized text
*/
#define PAM_MSG(pamh, number, string)\
(char *) __pam_get_i18n_msg(pamh, "libpam", 2, number, string)
#ifdef __cplusplus
}
#endif
#endif /* _PAM_LOC_H */

80
cde/lib/pam/libpam/pam_modules.h Normal file
View File

@@ -0,0 +1,80 @@
/* $XConsortium: pam_modules.h /main/5 1996/05/09 04:25:54 drk $ */
/*
* Copyright (c) 1992-1995, by Sun Microsystems, Inc.
* All rights reserved.
*/
#ifndef _PAM_MODULES_H
#define _PAM_MODULES_H
#pragma ident "@(#)pam_modules.h 1.20 96/02/02 SMI" /* PAM 2.6 */
#ifdef __cplusplus
extern "C" {
#endif
extern int
pam_sm_authenticate(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
extern int
pam_sm_setcred(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
extern int
pam_sm_acct_mgmt(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
extern int
pam_sm_open_session(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
extern int
pam_sm_close_session(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
/*
* Be careful - there are flags defined for pam_chauthtok() in
* pam_appl.h also.
*/
#define PAM_PRELIM_CHECK 1
#define PAM_UPDATE_AUTHTOK 2
#define PAM_REP_DEFAULT 0x0
#define PAM_REP_FILES 0x01
#define PAM_REP_NIS 0x02
#define PAM_REP_NISPLUS 0x04
#define PAM_OPWCMD 0x08 /* for nispasswd, yppasswd */
#define IS_FILES(x) ((x & PAM_REP_FILES) == PAM_REP_FILES)
#define IS_NIS(x) ((x & PAM_REP_NIS) == PAM_REP_NIS)
#define IS_NISPLUS(x) ((x & PAM_REP_NISPLUS) == PAM_REP_NISPLUS)
#define IS_OPWCMD(x) ((x & PAM_OPWCMD) == PAM_OPWCMD)
extern int
pam_sm_chauthtok(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv);
#ifdef __cplusplus
}
#endif
#endif /* _PAM_MODULES_H */