summaryrefslogtreecommitdiff
path: root/libpam/pam_misc.c
diff options
context:
space:
mode:
Diffstat (limited to 'libpam/pam_misc.c')
-rw-r--r--libpam/pam_misc.c360
1 files changed, 360 insertions, 0 deletions
diff --git a/libpam/pam_misc.c b/libpam/pam_misc.c
new file mode 100644
index 0000000..0e60727
--- /dev/null
+++ b/libpam/pam_misc.c
@@ -0,0 +1,360 @@
+/* pam_misc.c -- This is random stuff
+ *
+ * Copyright (c) Andrew G. Morgan <morgan@kernel.org> 2000-2003
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "pam_private.h"
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <ctype.h>
+
+char *_pam_StrTok(char *from, const char *format, char **next)
+/*
+ * this function is a variant of the standard strtok, it differs in that
+ * it takes an additional argument and doesn't nul terminate tokens until
+ * they are actually reached.
+ */
+{
+ char table[256], *end;
+ int i;
+
+ if (from == NULL && (from = *next) == NULL)
+ return from;
+
+ /* initialize table */
+ for (i=1; i<256; table[i++] = '\0');
+ for (i=0; format[i] ;
+ table[(unsigned char)format[i++]] = 'y');
+
+ /* look for first non-format char */
+ while (*from && table[(unsigned char)*from]) {
+ ++from;
+ }
+
+ if (*from == '[') {
+ /*
+ * special case, "[...]" is considered to be a single
+ * object. Note, however, if one of the format[] chars is
+ * '[' this single string will not be read correctly.
+ * Note, any '[' inside the outer "[...]" pair will survive.
+ * Note, the first ']' will terminate this string, but
+ * that "\]" will get compressed into "]". That is:
+ *
+ * "[..[..\]..]..." --> "..[..].."
+ */
+ char *to;
+ for (to=end=++from; *end && *end != ']'; ++to, ++end) {
+ if (*end == '\\' && end[1] == ']')
+ ++end;
+ if (to != end) {
+ *to = *end;
+ }
+ }
+ if (to != end) {
+ *to = '\0';
+ }
+ /* note, this string is stripped of its edges: "..." is what
+ remains */
+ } else if (*from) {
+ /* simply look for next blank char */
+ for (end=from; *end && !table[(unsigned char)*end]; ++end);
+ } else {
+ return (*next = NULL); /* no tokens left */
+ }
+
+ /* now terminate what we have */
+ if (*end)
+ *end++ = '\0';
+
+ /* indicate what it left */
+ if (*end) {
+ *next = end;
+ } else {
+ *next = NULL; /* have found last token */
+ }
+
+ /* return what we have */
+ return from;
+}
+
+/*
+ * Safe duplication of character strings. "Paranoid"; don't leave
+ * evidence of old token around for later stack analysis.
+ */
+
+char *_pam_strdup(const char *x)
+{
+ register char *new=NULL;
+
+ if (x != NULL) {
+ register int len;
+
+ len = strlen (x) + 1; /* length of string including NUL */
+ if ((new = malloc(len)) == NULL) {
+ len = 0;
+ pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory");
+ } else {
+ strcpy (new, x);
+ }
+ x = NULL;
+ }
+
+ return new; /* return the duplicate or NULL on error */
+}
+
+/*
+ * Safe duplication of memory buffers. "Paranoid"; don't leave
+ * evidence of old token around for later stack analysis.
+ */
+
+char *_pam_memdup(const char *x, int len)
+{
+ register char *new=NULL;
+
+ if (x != NULL) {
+ if ((new = malloc(len)) == NULL) {
+ len = 0;
+ pam_syslog(NULL, LOG_CRIT, "_pam_memdup: failed to get memory");
+ } else {
+ memcpy (new, x, len);
+ }
+ x = NULL;
+ }
+
+ return new; /* return the duplicate or NULL on error */
+}
+
+/* Generate argv, argc from s */
+/* caller must free(argv) */
+
+int _pam_mkargv(char *s, char ***argv, int *argc)
+{
+ int l;
+ int argvlen = 0;
+ char *sbuf, *sbuf_start;
+ char **our_argv = NULL;
+ char **argvbuf;
+ char *argvbufp;
+#ifdef PAM_DEBUG
+ int count=0;
+#endif
+
+ D(("_pam_mkargv called: %s",s));
+
+ *argc = 0;
+
+ l = strlen(s);
+ if (l) {
+ if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) {
+ pam_syslog(NULL, LOG_CRIT,
+ "pam_mkargv: null returned by _pam_strdup");
+ D(("arg NULL"));
+ } else {
+ /* Overkill on the malloc, but not large */
+ argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *));
+ if ((our_argv = argvbuf = malloc(argvlen)) == NULL) {
+ pam_syslog(NULL, LOG_CRIT,
+ "pam_mkargv: null returned by malloc");
+ } else {
+ char *tmp=NULL;
+
+ argvbufp = (char *) argvbuf + (l * sizeof(char *));
+ D(("[%s]",sbuf));
+ while ((sbuf = _pam_StrTok(sbuf, " \n\t", &tmp))) {
+ D(("arg #%d",++count));
+ D(("->[%s]",sbuf));
+ strcpy(argvbufp, sbuf);
+ D(("copied token"));
+ *argvbuf = argvbufp;
+ argvbufp += strlen(argvbufp) + 1;
+ D(("stepped in argvbufp"));
+ (*argc)++;
+ argvbuf++;
+ sbuf = NULL;
+ D(("loop again?"));
+ }
+ }
+ _pam_drop(sbuf_start);
+ }
+ }
+
+ *argv = our_argv;
+
+ D(("_pam_mkargv returned"));
+
+ return(argvlen);
+}
+
+/*
+ * this function is used to protect the modules from accidental or
+ * semi-mallicious harm that an application may do to confuse the API.
+ */
+
+void _pam_sanitize(pam_handle_t *pamh)
+{
+ int old_caller_is = pamh->caller_is;
+
+ /*
+ * this is for security. We reset the auth-tokens here.
+ */
+ __PAM_TO_MODULE(pamh);
+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
+ pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
+ pamh->caller_is = old_caller_is;
+}
+
+/*
+ * This function scans the array and replaces the _PAM_ACTION_UNDEF
+ * entries with the default action.
+ */
+
+void _pam_set_default_control(int *control_array, int default_action)
+{
+ int i;
+
+ for (i=0; i<_PAM_RETURN_VALUES; ++i) {
+ if (control_array[i] == _PAM_ACTION_UNDEF) {
+ control_array[i] = default_action;
+ }
+ }
+}
+
+/*
+ * This function is used to parse a control string. This string is a
+ * series of tokens of the following form:
+ *
+ * "[ ]*return_code[ ]*=[ ]*action/[ ]".
+ */
+
+#include "pam_tokens.h"
+
+void _pam_parse_control(int *control_array, char *tok)
+{
+ const char *error;
+ int ret;
+
+ while (*tok) {
+ int act, len;
+
+ /* skip leading space */
+ while (isspace((int)*tok) && *++tok);
+ if (!*tok)
+ break;
+
+ /* identify return code */
+ for (ret=0; ret<=_PAM_RETURN_VALUES; ++ret) {
+ len = strlen(_pam_token_returns[ret]);
+ if (!strncmp(_pam_token_returns[ret], tok, len)) {
+ break;
+ }
+ }
+ if (ret > _PAM_RETURN_VALUES || !*(tok += len)) {
+ error = "expecting return value";
+ goto parse_error;
+ }
+
+ /* observe '=' */
+ while (isspace((int)*tok) && *++tok);
+ if (!*tok || *tok++ != '=') {
+ error = "expecting '='";
+ goto parse_error;
+ }
+
+ /* skip leading space */
+ while (isspace((int)*tok) && *++tok);
+ if (!*tok) {
+ error = "expecting action";
+ goto parse_error;
+ }
+
+ /* observe action type */
+ for (act=0; act < (-(_PAM_ACTION_UNDEF)); ++act) {
+ len = strlen(_pam_token_actions[act]);
+ if (!strncmp(_pam_token_actions[act], tok, len)) {
+ act *= -1;
+ tok += len;
+ break;
+ }
+ }
+ if (act > 0) {
+ /*
+ * Either we have a number or we have hit an error. In
+ * principle, there is nothing to stop us accepting
+ * negative offsets. (Although we would have to think of
+ * another way of encoding the tokens.) However, I really
+ * think this would be both hard to administer and easily
+ * cause looping problems. So, for now, we will just
+ * allow forward jumps. (AGM 1998/1/7)
+ */
+ if (!isdigit((int)*tok)) {
+ error = "expecting jump number";
+ goto parse_error;
+ }
+ /* parse a number */
+ act = 0;
+ do {
+ act *= 10;
+ act += *tok - '0'; /* XXX - this assumes ascii behavior */
+ } while (*++tok && isdigit((int)*tok));
+ if (! act) {
+ /* we do not allow 0 jumps. There is a token ('ignore')
+ for that */
+ error = "expecting non-zero";
+ goto parse_error;
+ }
+ }
+
+ /* set control_array element */
+ if (ret != _PAM_RETURN_VALUES) {
+ control_array[ret] = act;
+ } else {
+ /* set the default to 'act' */
+ _pam_set_default_control(control_array, act);
+ }
+ }
+
+ /* that was a success */
+ return;
+
+parse_error:
+ /* treat everything as bad */
+ pam_syslog(NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok);
+ for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD);
+
+}