Group :: System/Base
RPM: pam
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: pam-redhat-1.0.1-alt1.patch
Download
Download
pam_chroot/pam_chroot.c | 25 +++++----
pam_console/50-default.perms | 55 ++++++++++---------
pam_console/Makefile.am | 4 +-
pam_console/chmod.c | 111 +++++++++++++++++++++------------------
pam_console/configfile.y | 13 -----
pam_console/console.handlers | 4 +-
pam_console/console.perms | 5 +-
pam_console/hashtable.c | 36 ++++++------
pam_console/pam_console.c | 14 +++--
pam_console/pam_console.h | 2 +-
pam_console/pam_console_apply.c | 16 ++----
pam_console/pstack.c | 87 ++++++++++++++++++++++++++++++
pam_console/pstack.h | 17 ++++++
pam_timestamp/pam_timestamp.c | 12 +++--
14 files changed, 253 insertions(+), 148 deletions(-)
diff --git a/pam_chroot/pam_chroot.c b/pam_chroot/pam_chroot.c
index 8acbfd7..83b35ba 100644
--- a/pam_chroot/pam_chroot.c
+++ b/pam_chroot/pam_chroot.c
@@ -8,6 +8,7 @@
#define PAM_SM_SESSION
#include <security/pam_modules.h>
+#include <security/pam_ext.h>
#include <syslog.h>
#include <string.h>
@@ -22,7 +23,7 @@
#define CONFIG "/etc/security/chroot.conf"
-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
int ret = PAM_SESSION_ERR;
@@ -43,7 +44,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
onerr = PAM_SESSION_ERR;
}
- if((ret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+ ret = pam_get_user(pamh, &user, NULL);
+ if(ret != PAM_SUCCESS || user == NULL) {
pam_syslog(pamh, LOG_ERR, "can't get username: %s",
pam_strerror(pamh, ret));
return ret;
@@ -51,8 +53,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
conf = fopen(CONFIG, "r");
if(conf == NULL) {
- pam_syslog(pamh, LOG_ERR, "can't open config file \"" CONFIG "\": %s",
- strerror(errno));
+ pam_syslog(pamh, LOG_ERR, "can't open config file \"" CONFIG "\": %m");
return ret;
}
@@ -103,8 +104,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
struct stat st;
if (stat(dir, &st) == -1) {
- pam_syslog(pamh, LOG_ERR, "stat(%s) failed: %s",
- dir, strerror(errno));
+ pam_syslog(pamh, LOG_ERR, "stat(%s) failed: %m",
+ dir);
ret = onerr;
} else
/* Catch the most common misuse */
@@ -115,8 +116,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
ret = onerr;
} else
if(chdir(dir) == -1) {
- pam_syslog(pamh, LOG_ERR, "chdir(%s) failed: %s",
- dir, strerror(errno));
+ pam_syslog(pamh, LOG_ERR, "chdir(%s) failed: %m",
+ dir);
ret = onerr;
} else {
if(debug) {
@@ -124,8 +125,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
dir);
}
if(chroot(dir) == -1) {
- pam_syslog(pamh, LOG_ERR, "chroot(%s) failed: %s",
- dir, strerror(errno));
+ pam_syslog(pamh, LOG_ERR, "chroot(%s) failed: %m",
+ dir);
ret = onerr;
} else {
pam_syslog(pamh, LOG_ERR, "chroot(%s) succeeded",
@@ -141,8 +142,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
return ret;
}
-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,
- int argc, const char **argv)
+PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
diff --git a/pam_console/50-default.perms b/pam_console/50-default.perms
index 7f7d7ec..f61814a 100644
--- a/pam_console/50-default.perms
+++ b/pam_console/50-default.perms
@@ -1,11 +1,12 @@
# device classes -- these are shell-style globs
-<floppy>=/dev/fd[0-1]* \
- /dev/floppy* /mnt/floppy*
+<floppy>=/dev/fd[0-7]* /dev/floppy/* /mnt/floppy*
<sound>=/dev/dsp* /dev/audio* /dev/midi* \
- /dev/mixer* /dev/sequencer* \
- /dev/sound/* /dev/beep \
- /dev/snd/* /dev/adsp*
-<cdrom>=/dev/cdrom* /dev/cdroms/* /dev/cdwriter* /mnt/cdrom*
+ /dev/mixer* /dev/sequencer* /dev/admm* \
+ /dev/adsp* /dev/aload* /dev/amidi* /dev/dmfm* \
+ /dev/dmmidi* /dev/music /dev/patmgr* \
+ /dev/sndstat /dev/snd/* /dev/sound/* /dev/beep
+<cdrom>=/dev/dvd* /dev/cdrom* /dev/cdroms/* /mnt/cdrom* /mnt/dvd*
+<burner>=/dev/scd* /dev/sr[0-7]* /dev/pcd* /dev/pg* /dev/cdwriter*
<pilot>=/dev/pilot
<jaz>=/mnt/jaz*
<zip>=/mnt/pocketzip* /mnt/zip* /dev/zip*
@@ -17,49 +18,51 @@
<flash>=/mnt/flash* /dev/flash*
<diskonkey>=/mnt/diskonkey*
<rem_ide>=/mnt/microdrive*
-<fb>=/dev/fb /dev/fb[0-9]* \
- /dev/fb/*
+<fb>=/dev/fb /dev/fb[0-9]* /dev/fb/*
<kbd>=/dev/kbd
-<joystick>=/dev/js[0-9]*
-<v4l>=/dev/video* /dev/radio* /dev/winradio* /dev/vtx* /dev/vbi* \
- /dev/video/*
+<joystick>=/dev/js[0-9]* /dev/input/js[0-9]*
+<v4l>=/dev/video* /dev/video/* /dev/radio* /dev/winradio* /dev/vtx* /dev/vbi* /dev/vttuner
<gpm>=/dev/gpmctl
<dri>=/dev/nvidia* /dev/3dfx* /dev/dri/card*
<mainboard>=/dev/apm_bios
<pmu>=/dev/pmu
<bluetooth>=/dev/rfcomm*
<raw1394>=/dev/raw1394
+<toshiba>=/dev/toshiba
<irda>=/dev/ircomm*
<dvb>=/dev/dvb/adapter*/*
<firewire>=/dev/iidc* /dev/vendorfw* /dev/avc*
# permission definitions
<console> 0660 <floppy> 0660 root.floppy
-<console> 0600 <sound> 0600 root
-<console> 0600 <cdrom> 0660 root.disk
-<console> 0600 <pilot> 0660 root.uucp
-<console> 0600 <jaz> 0660 root.disk
-<console> 0600 <zip> 0660 root.disk
-<console> 0600 <ls120> 0660 root.disk
+<console> 0660 <sound> 0660 root.audio
+<console> 0640 <cdrom> 0640 root.cdrom
+<console> 0660 <burner> 0660 root.cdwriter
+<console> 0660 <pilot> 0660 root.uucp
+<console> 0660 <jaz> 0660 root.disk
+<console> 0660 <zip> 0660 root.disk
+<console> 0660 <ls120> 0660 root.disk
<console> 0600 <scanner> 0600 root
-<console> 0600 <camera> 0600 root.disk
-<console> 0600 <memstick> 0600 root.disk
-<console> 0600 <flash> 0600 root.disk
-<console> 0600 <diskonkey> 0660 root.disk
-<console> 0600 <rem_ide> 0660 root.disk
+<console> 0660 <camera> 0660 root.disk
+<console> 0660 <memstick> 0660 root.disk
+<console> 0660 <flash> 0660 root.disk
+<console> 0660 <diskonkey> 0660 root.disk
+<console> 0660 <rem_ide> 0660 root.disk
<console> 0600 <fb> 0600 root
<console> 0600 <kbd> 0600 root
<console> 0600 <joystick> 0600 root
-<console> 0600 <v4l> 0600 root
-<console> 0700 <gpm> 0700 root
+<console> 0660 <v4l> 0660 root.radio
+<console> 0700 <gpm> 0700 root
<console> 0600 <mainboard> 0600 root
-<console> 0600 <rio500> 0600 root
+<console> 0660 <rio500> 0660 root.disk
<console> 0600 <pmu> 0600 root
<console> 0600 <bluetooth> 0600 root
<console> 0600 <raw1394> 0600 root
+<console> 0600 <toshiba> 0600 root
+<console> 0660 <dri> 0660 root.xgrp
<console> 0600 <irda> 0600 root
<console> 0600 <dvb> 0600 root
<console> 0600 <firewire> 0600 root
<xconsole> 0600 /dev/console 0600 root.root
-<console> 0600 <dri> 0600 root
+<console> 0660 <dri> 0660 root.xgrp
diff --git a/pam_console/Makefile.am b/pam_console/Makefile.am
index fdddb8b..c8218ab 100644
--- a/pam_console/Makefile.am
+++ b/pam_console/Makefile.am
@@ -20,7 +20,7 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
permsddir = $(SCONFIGDIR)/console.perms.d
-noinst_HEADERS = chmod.h configfile.h configfile.tab.h handlers.h modechange.h pam_console.h
+noinst_HEADERS = chmod.h configfile.h configfile.tab.h handlers.h modechange.h pam_console.h pstack.h
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
$(GLIB_CFLAGS) -DLOCKDIR=\"$(LOCKDIR)\"
@@ -44,7 +44,7 @@ FLEX_OPTS = -Cr
BISON_OPTS = -d
pam_console_la_SOURCES = pam_console.c pam_console.h regerr.c handlers.c handlers.h
-pam_console_apply_SOURCES = pam_console_apply.c pam_console.h chmod.c modechange.c regerr.c \
+pam_console_apply_SOURCES = pam_console_apply.c pam_console.h chmod.c pstack.c modechange.c regerr.c \
configfile.c configfile.h hashtable.c hashtable.h hashtable_private.h
pam_console_la_CFLAGS = $(AM_CFLAGS)
diff --git a/pam_console/chmod.c b/pam_console/chmod.c
index 777e37f..6bc52f4 100644
--- a/pam_console/chmod.c
+++ b/pam_console/chmod.c
@@ -38,43 +38,15 @@
#include "configfile.h"
#include "chmod.h"
#include "modechange.h"
+#include "pstack.c"
#define CLOSEDIR(d) closedir (d)
-#ifdef _D_NEED_STPCPY
-/* stpcpy.c -- copy a string and return pointer to end of new string
- Copyright (C) 1989, 1990 Free Software Foundation.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
-
-/* Copy SRC to DEST, returning the address of the terminating '\0' in DEST. */
-
-static char *
-stpcpy (char *dest, const char *src)
-{
- while ((*dest++ = *src++) != '\0')
- /* Do nothing. */ ;
- return dest - 1;
-}
-#endif /* _D_NEED_STPCPY */
-
/* end included files */
static const char *fstab_filename = "/etc/fstab";
-static int change_via_fstab __P ((const char *dir,
+static int change_via_fstab __P ((pstack stack, const char *dir,
const struct mode_change *changes,
uid_t user, gid_t group));
@@ -84,7 +56,7 @@ static int change_via_fstab __P ((const char *dir,
links. Return 0 if successful, 1 if errors occurred. */
static int
-change_file (const char *file, const struct mode_change *changes,
+change_file (pstack stack, const char *file, const struct mode_change *changes,
const int deref_symlink, uid_t user, gid_t group)
{
struct stat file_stats;
@@ -96,7 +68,7 @@ change_file (const char *file, const struct mode_change *changes,
if (errno == ENOENT)
{
/* doesn't exist, check fstab */
- errors |= change_via_fstab (file, changes, user, group);
+ errors |= change_via_fstab (stack, file, changes, user, group);
return errors;
}
else
@@ -107,6 +79,8 @@ change_file (const char *file, const struct mode_change *changes,
if (S_ISLNK (file_stats.st_mode))
{
+ if (!deref_symlink)
+ return 0;
/* don't bother with dangling symlinks */
if (stat (file, &file_stats))
{
@@ -117,7 +91,7 @@ change_file (const char *file, const struct mode_change *changes,
newmode = mode_adjust (file_stats.st_mode, changes);
if (S_ISDIR (file_stats.st_mode))
- errors |= change_via_fstab (file, changes, user, group);
+ errors |= change_via_fstab (stack, file, changes, user, group);
else
{
if (newmode != (file_stats.st_mode & 07777))
@@ -143,7 +117,7 @@ chmod_set_fstab(const char *fstab)
/* If the directory spec given matches a filesystem listed in /etc/fstab,
* modify the device special associated with that filesystem. */
static int
-change_via_fstab (const char *dir, const struct mode_change *changes,
+change_via_fstab (pstack stack, const char *dir, const struct mode_change *changes,
uid_t user, gid_t group)
{
int errors = 0;
@@ -154,6 +128,7 @@ change_via_fstab (const char *dir, const struct mode_change *changes,
if (fstab == NULL)
{
+ fprintf(stderr, "pam_console: change_via_fstab: setmntent: %s: %m\n", fstab_filename);
return 1;
}
@@ -161,9 +136,16 @@ change_via_fstab (const char *dir, const struct mode_change *changes,
{
if(mntent->mnt_dir &&
mntent->mnt_fsname &&
+ !stack_lookup(stack, mntent->mnt_fsname) &&
(fnmatch(dir, mntent->mnt_dir, 0) == 0))
{
- errors |= change_file(mntent->mnt_fsname, changes, TRUE, user, group);
+ if (!stack_push(stack, mntent->mnt_fsname))
+ {
+ fprintf(stderr, "pam_console: change_via_fstab: stack_push: memory exhausted\n");
+ return 1;
+ }
+ errors |= change_file(stack, mntent->mnt_fsname, changes, TRUE, user, group);
+ stack_pop(stack);
}
}
@@ -177,14 +159,6 @@ change_via_fstab (const char *dir, const struct mode_change *changes,
static int
-glob_errfn(const char *pathname, int theerr) {
- /* silently ignore inaccessible files */
- return 0;
-}
-
-#define DIE(n) {fprintf(stderr, "chmod failure\n"); return (n);}
-
-static int
match_files(GSList *files, const char *filename) {
if (!files)
@@ -205,28 +179,59 @@ chmod_files (const char *mode, uid_t user, gid_t group,
glob_t result;
char *filename = NULL;
int flags = GLOB_NOCHECK;
- int i, rc;
+ int rc;
+ size_t i;
+ pstack stack = 0;
+
+ memset(&result, 0, sizeof(result));
changes = mode_compile (mode,
MODE_MASK_EQUALS | MODE_MASK_PLUS | MODE_MASK_MINUS);
- if (changes == MODE_INVALID) DIE(1)
- else if (changes == MODE_MEMORY_EXHAUSTED) DIE(1)
+ if (changes == MODE_INVALID)
+ {
+ fprintf(stderr, "pam_console: chmod_files: mode_compile: invalid mode\n");
+ return 1;
+ }
+ else if (changes == MODE_MEMORY_EXHAUSTED)
+ {
+ fprintf(stderr, "pam_console: chmod_files: mode_compile: memory exhausted\n");
+ return 1;
+ }
for (; filelist; filelist = filelist->next)
{
filename = filelist->data;
- rc = glob(filename, flags, glob_errfn, &result);
- if (rc == GLOB_NOSPACE) DIE(1)
+ rc = glob(filename, flags, 0, &result);
+ if (rc == GLOB_NOSPACE)
+ {
+ fprintf(stderr, "pam_console: chmod_files: glob: memory exhausted\n");
+ errors = 1; goto chmod_files_end;
+ }
flags |= GLOB_APPEND;
}
- if(single_file) {
- rc = glob(single_file, flags, glob_errfn, &result);
- if (rc == GLOB_NOSPACE) DIE(1)
+ if(filename && single_file) {
+ rc = glob(single_file, flags, 0, &result);
+ if (rc == GLOB_NOSPACE)
+ {
+ fprintf(stderr, "pam_console: chmod_files: glob: memory exhausted\n");
+ errors = 1; goto chmod_files_end;
+ }
}
+ if (!(stack = stack_alloc()))
+ {
+ fprintf(stderr, "pam_console: chmod_files: stack_alloc: memory exhausted\n");
+ errors = 1; goto chmod_files_end;
+ }
for (i = 0; i < result.gl_pathc; i++) {
if (!match_files(constraints, result.gl_pathv[i])) {
- errors |= change_file (result.gl_pathv[i], changes, 1, user, group);
+ if (!stack_push(stack, result.gl_pathv[i]))
+ {
+ fprintf(stderr, "pam_console: chmod_files: stack_push: memory exhausted\n");
+ errors = 1; goto chmod_files_end;
+ }
+ errors |= change_file(stack, result.gl_pathv[i], changes, 1, user, group);
+ stack_pop(stack);
#if 0
_pam_log(LOG_DEBUG, TRUE,
"file %s (%d): mode %s\n", result.gl_pathv[i], user, mode);
@@ -234,6 +239,8 @@ chmod_files (const char *mode, uid_t user, gid_t group,
}
}
+chmod_files_end:
+ stack_free(stack);
globfree(&result);
return (errors);
diff --git a/pam_console/configfile.y b/pam_console/configfile.y
index a298ff9..cfcaf63 100644
--- a/pam_console/configfile.y
+++ b/pam_console/configfile.y
@@ -31,9 +31,6 @@ static const char *consoleNameCache = NULL;
static GHashTable *consoleHash = NULL;
static void
-do_yyerror(const char *format, ...);
-
-static void
empty_class(class *c);
static unsigned int
@@ -322,16 +319,6 @@ reset_permissions(const char *consolename, GSList *files) {
/* local, static functions */
static void
-do_yyerror(const char *format, ...) {
- va_list ap;
-
- va_start(ap, format);
- openlog("pam_console", LOG_CONS|LOG_PID, LOG_AUTHPRIV);
- vsyslog(LOG_PID|LOG_AUTHPRIV|LOG_ERR, format, ap);
- va_end(ap);
-}
-
-static void
empty_class(class *c) {
free(c->name);
c->name = NULL;
diff --git a/pam_console/console.handlers b/pam_console/console.handlers
index 98cc071..887e62f 100644
--- a/pam_console/console.handlers
+++ b/pam_console/console.handlers
@@ -10,10 +10,10 @@
# See man console.handlers
#
# Example:
-# console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
+# console consoledevs (/dev/)?(tty|vc/)[1-9][0-9]* :[0-9]+(\.[0-9]+)?
# echo lock wait Locking console for user on tty
# touch unlock wait /var/run/console-unlocked
-console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+
+console consoledevs (/dev/)?(tty|vc/)[1-9][0-9]* :[0-9]+(\.[0-9]+)?
/sbin/pam_console_apply lock logfail wait -t tty -s
/sbin/pam_console_apply unlock logfail wait -r -t tty -s
diff --git a/pam_console/console.perms b/pam_console/console.perms
index 75dc90a..1493e88 100644
--- a/pam_console/console.perms
+++ b/pam_console/console.perms
@@ -18,8 +18,9 @@
# Rather a new file in the console.perms.d directory should be created.
# file classes -- these are regular expressions
-<console>=tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+
-<xconsole>=:[0-9]+\.[0-9]+ :[0-9]+
+<console>=(/dev/)?(tty|vc/)[0-9]+ :[0-9]+(\.[0-9]+)?
+<xconsole>=:[0-9]+(\.[0-9]+)?
+<rsession>=(/dev/)?pts/[0-9]+
# device classes -- see console.perms.d/50-default.perms
# permission definitions -- see console.perms.d/50-default.perms
diff --git a/pam_console/hashtable.c b/pam_console/hashtable.c
index 4e1698d..06b72c2 100644
--- a/pam_console/hashtable.c
+++ b/pam_console/hashtable.c
@@ -64,7 +64,7 @@ hashtable_expand(struct hashtable *h)
struct entry **newtable;
struct entry *e;
struct entry **pE;
- unsigned int newsize, i, index;
+ unsigned int newsize, i, idx;
/* Check we're not hitting max capacity */
if (h->primeindex == (prime_table_length - 1)) return 0;
newsize = primes[++(h->primeindex)];
@@ -78,9 +78,9 @@ hashtable_expand(struct hashtable *h)
for (i = 0; i < h->tablelength; i++) {
while (NULL != (e = h->table[i])) {
h->table[i] = e->next;
- index = indexFor(newsize,e->h);
- e->next = newtable[index];
- newtable[index] = e;
+ idx = indexFor(newsize,e->h);
+ e->next = newtable[idx];
+ newtable[idx] = e;
}
}
free(h->table);
@@ -96,16 +96,16 @@ hashtable_expand(struct hashtable *h)
memset(newtable[h->tablelength], 0, newsize - h->tablelength);
for (i = 0; i < h->tablelength; i++) {
for (pE = &(newtable[i]), e = *pE; e != NULL; e = *pE) {
- index = indexFor(newsize,e->h);
- if (index == i)
+ idx = indexFor(newsize,e->h);
+ if (idx == i)
{
pE = &(e->next);
}
else
{
*pE = e->next;
- e->next = newtable[index];
- newtable[index] = e;
+ e->next = newtable[idx];
+ newtable[idx] = e;
}
}
}
@@ -127,7 +127,7 @@ int
hashtable_insert(struct hashtable *h, void *k, void *v)
{
/* This method allows duplicate keys - but they shouldn't be used */
- unsigned int index;
+ unsigned int idx;
struct entry *e;
if (++(h->entrycount) > h->loadlimit)
{
@@ -140,11 +140,11 @@ hashtable_insert(struct hashtable *h, void *k, void *v)
e = (struct entry *)malloc(sizeof(struct entry));
if (NULL == e) { --(h->entrycount); return 0; } /*oom*/
e->h = hash(h,k);
- index = indexFor(h->tablelength,e->h);
+ idx = indexFor(h->tablelength,e->h);
e->k = k;
e->v = v;
- e->next = h->table[index];
- h->table[index] = e;
+ e->next = h->table[idx];
+ h->table[idx] = e;
return -1;
}
@@ -153,10 +153,10 @@ void * /* returns value associated with key */
hashtable_search(struct hashtable *h, void *k)
{
struct entry *e;
- unsigned int hashvalue, index;
+ unsigned int hashvalue, idx;
hashvalue = hash(h,k);
- index = indexFor(h->tablelength,hashvalue);
- e = h->table[index];
+ idx = indexFor(h->tablelength,hashvalue);
+ e = h->table[idx];
while (NULL != e)
{
/* Check hash value to short circuit heavier comparison */
@@ -176,11 +176,11 @@ hashtable_remove(struct hashtable *h, void *k, int free_key)
struct entry *e;
struct entry **pE;
void *v;
- unsigned int hashvalue, index;
+ unsigned int hashvalue, idx;
hashvalue = hash(h,k);
- index = indexFor(h->tablelength,hash(h,k));
- pE = &(h->table[index]);
+ idx = indexFor(h->tablelength,hash(h,k));
+ pE = &(h->table[idx]);
e = *pE;
while (NULL != e)
{
diff --git a/pam_console/pam_console.c b/pam_console/pam_console.c
index 46e5b26..d180c7c 100644
--- a/pam_console/pam_console.c
+++ b/pam_console/pam_console.c
@@ -307,7 +307,7 @@ top:
*/
_pam_log(pamh, LOG_ERR, FALSE,
"ignoring stale lock on file %s by process %d",
- lockinfo.l_pid, filename);
+ filename, lockinfo.l_pid);
}
/* it is possible at this point that the file has been removed
@@ -378,7 +378,8 @@ return_error:
}
PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
/* getuid() must return an id that maps to a username as a filename in
* /var/run/console/
@@ -471,13 +472,15 @@ error_return:
}
PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
/* Create /var/run/console/console.lock if it does not exist
* Create /var/run/console/<username> if it does not exist
@@ -547,7 +550,8 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
}
PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
/* Get /var/run/console/<username> use count, leave it locked
* If use count is now 1:
diff --git a/pam_console/pam_console.h b/pam_console/pam_console.h
index fa3bbee..184368d 100644
--- a/pam_console/pam_console.h
+++ b/pam_console/pam_console.h
@@ -16,7 +16,7 @@
#define TRUE (!FALSE)
#endif
-void
+void PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((4))
_pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...);
void
diff --git a/pam_console/pam_console_apply.c b/pam_console/pam_console_apply.c
index 8cf08a1..be92cc1 100644
--- a/pam_console/pam_console_apply.c
+++ b/pam_console/pam_console_apply.c
@@ -41,9 +41,7 @@ _pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...)
if (debug_p && !debug) return;
va_start(args, format);
if (syslogging) {
- openlog("pam_console_apply", LOG_CONS|LOG_PID, LOG_AUTHPRIV);
vsyslog(err, format, args);
- closelog();
}
else {
vfprintf(stderr, format, args);
@@ -52,12 +50,6 @@ _pam_log(pam_handle_t *pamh, int err, int debug_p, const char *format, ...)
va_end(args);
}
-static int
-pf_glob_errorfn(const char *epath, int eerrno)
-{
- return 0;
-}
-
static void
parse_files(void)
{
@@ -73,11 +65,10 @@ parse_files(void)
on system locale */
oldlocale = setlocale(LC_COLLATE, "C");
- rc = glob(PERMS_GLOB, GLOB_NOCHECK, pf_glob_errorfn, &globbuf);
+ rc = glob(PERMS_GLOB, GLOB_NOCHECK, NULL, &globbuf);
setlocale(LC_COLLATE, oldlocale);
- if (rc == GLOB_NOSPACE) {
+ if (rc)
return;
- }
for (i = 0; globbuf.gl_pathv[i] != NULL; i++) {
parse_file(globbuf.gl_pathv[i]);
@@ -130,6 +121,9 @@ main(int argc, char **argv)
}
}
+ if (syslogging)
+ openlog("pam_console_apply", LOG_CONS|LOG_PID, LOG_AUTH);
+
for (i = argc-1; i >= optind; i--) {
files = g_slist_prepend(files, argv[i]);
}
diff --git a/pam_console/pstack.c b/pam_console/pstack.c
new file mode 100644
index 0000000..a714c45
--- /dev/null
+++ b/pam_console/pstack.c
@@ -0,0 +1,87 @@
+/*
+ Plain stack implementation.
+ Copyright (C) 2001 Dmitry V. Levin <ldv@fandra.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include "pstack.h"
+
+struct plain_stack
+{
+ size_t allocated;
+ size_t used;
+ const char **memory;
+};
+
+STATIC pstack
+stack_alloc(void)
+{
+ return calloc(1, sizeof(struct plain_stack));
+}
+
+STATIC void
+stack_free(pstack s)
+{
+ if (s)
+ {
+ free(s->memory);
+ s->memory = 0;
+ free(s);
+ }
+}
+
+STATIC pstack
+stack_push(pstack s, const char *data)
+{
+ if (s->used == s->allocated)
+ {
+ size_t need =
+ (s->allocated ? (s->allocated << 1) : 2) *
+ sizeof(void *);
+ void *mem;
+
+ if (!need)
+ return 0;
+
+ mem = realloc(s->memory, need);
+ if (!mem)
+ return 0;
+
+ s->memory = (const char **) mem;
+ s->allocated = need / sizeof(void *);
+ }
+ s->memory[s->used++] = data;
+ return s;
+}
+
+STATIC const char *
+stack_pop(pstack s)
+{
+ return (s->used) ? s->memory[--s->used] : 0;
+}
+
+STATIC const char *
+stack_lookup(pstack s, const char *sample)
+{
+ size_t i;
+
+ for (i = 0; i < s->used; ++i)
+ if (!strcmp(sample, s->memory[i]))
+ return s->memory[i];
+ return 0;
+}
diff --git a/pam_console/pstack.h b/pam_console/pstack.h
new file mode 100644
index 0000000..e42b218
--- /dev/null
+++ b/pam_console/pstack.h
@@ -0,0 +1,17 @@
+#ifndef _PSTACK_H
+#define _PSTACK_H
+
+#ifndef STATIC
+#define STATIC
+#endif
+
+struct plain_stack;
+typedef struct plain_stack *pstack;
+
+STATIC pstack stack_alloc(void);
+STATIC void stack_free(pstack);
+STATIC pstack stack_push(pstack, const char *);
+STATIC const char *stack_pop(pstack);
+STATIC const char *stack_lookup(pstack, const char *);
+
+#endif /* _PSTACK_H */
diff --git a/pam_timestamp/pam_timestamp.c b/pam_timestamp/pam_timestamp.c
index 0804a06..91e3e37 100644
--- a/pam_timestamp/pam_timestamp.c
+++ b/pam_timestamp/pam_timestamp.c
@@ -345,7 +345,8 @@ verbose_success(pam_handle_t *pamh, int debug, int diff)
}
PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
struct stat st;
time_t interval = DEFAULT_TIMESTAMP_TIMEOUT;
@@ -527,13 +528,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
}
PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
char path[BUFLEN], subdir[BUFLEN], *mac, *text, *p;
size_t maclen;
@@ -632,7 +635,8 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
}
PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}