/* * Locates the policy file for a given service and reads the given chains * from it. * * Returns the number of policy entries which were found for the specified * service and facility, or -1 if a system error occurred or a syntax * error was encountered. */ static int openpam_load_chain(pam_handle_t *pamh, const char *service, pam_facility_t facility) { const char *p, **path; char filename[PATH_MAX]; size_t len; openpam_style_t style; int ret; ENTERS(facility < 0 ? "any" : pam_facility_name[facility]); /* either absolute or relative to cwd */ if (strchr(service, '/') != NULL) { if ((p = strrchr(service, '.')) != NULL && strcmp(p, ".conf") == 0) style = pam_conf_style; else style = pam_d_style; ret = openpam_load_file(pamh, service, facility, service, style); RETURNN(ret); } /* search standard locations */ for (path = openpam_policy_path; *path != NULL; ++path) { /* construct filename */ len = strlcpy(filename, *path, sizeof filename); if (filename[len - 1] == '/') { len = strlcat(filename, service, sizeof filename); if (len >= sizeof filename) { errno = ENAMETOOLONG; RETURNN(-1); } style = pam_d_style; } else { style = pam_conf_style; } ret = openpam_load_file(pamh, service, facility, filename, style); /* the file exists, but an error occurred */ if (ret == -1 && errno != ENOENT) RETURNN(ret); /* in pam.d style, an empty file counts as a hit */ if (ret == 0 && style == pam_d_style) RETURNN(ret); } /* no hit */ RETURNN(0); }
int openpam_findenv(pam_handle_t *pamh, const char *name, size_t len) { int i; ENTER(); if (pamh == NULL) RETURNN(-1); for (i = 0; i < pamh->env_count; ++i) if (strncmp(pamh->env[i], name, len) == 0 && pamh->env[i][len] == '=') RETURNN(i); RETURNN(-1); }
/* * Read the specified chains from the specified file. * * Returns 0 if the file exists but does not contain any matching lines. * * Returns -1 and sets errno to ENOENT if the file does not exist. * * Returns -1 and sets errno to some other non-zero value if the file * exists but is unsafe or unreadable, or an I/O error occurs. */ static int openpam_load_file(pam_handle_t *pamh, const char *service, pam_facility_t facility, const char *filename, openpam_style_t style) { FILE *f; int ret, serrno; /* attempt to open the file */ if ((f = fopen(filename, "r")) == NULL) { serrno = errno; openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_ERROR, "%s: %m", filename); errno = serrno; RETURNN(-1); } else { openpam_log(PAM_LOG_DEBUG, "found %s", filename); } /* verify type, ownership and permissions */ if (OPENPAM_FEATURE(VERIFY_POLICY_FILE) && openpam_check_desc_owner_perms(filename, fileno(f)) != 0) { /* already logged the cause */ serrno = errno; fclose(f); errno = serrno; RETURNN(-1); } /* parse the file */ ret = openpam_parse_chain(pamh, service, facility, f, filename, style); RETURNN(ret); }