From owner-p4-projects  Sun Jun 30 13:42:47 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0380F37B408; Sun, 30 Jun 2002 13:42:20 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 65F0C37B400
	for <perforce@freebsd.org>; Sun, 30 Jun 2002 13:42:18 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 03D8043E13
	for <perforce@freebsd.org>; Sun, 30 Jun 2002 13:42:18 -0700 (PDT)
	(envelope-from des@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g5UKgHJU030963
	for <perforce@freebsd.org>; Sun, 30 Jun 2002 13:42:17 -0700 (PDT)
	(envelope-from des@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g5UKgHaO030960
	for perforce@freebsd.org; Sun, 30 Jun 2002 13:42:17 -0700 (PDT)
Date: Sun, 30 Jun 2002 13:42:17 -0700 (PDT)
Message-Id: <200206302042.g5UKgHaO030960@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to des@freebsd.org using -f
From: Dag-Erling Smorgrav <des@FreeBSD.org>
Subject: PERFORCE change 13657 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=13657

Change 13657 by des@des.at.des.thinksec.com on 2002/06/30 13:41:59

	Implement the "binding" control flag (from Solaris 9)
	
	Sponsored by:	DARPA, NAI Labs

Affected files ...

.. //depot/projects/openpam/include/security/pam_constants.h#16 edit
.. //depot/projects/openpam/lib/openpam_configure.c#5 edit
.. //depot/projects/openpam/lib/openpam_dispatch.c#17 edit
.. //depot/projects/openpam/lib/openpam_impl.h#16 edit

Differences ...

==== //depot/projects/openpam/include/security/pam_constants.h#16 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_constants.h#15 $
+ * $P4: //depot/projects/openpam/include/security/pam_constants.h#16 $
  */
 
 #ifndef _PAM_CONSTANTS_H_INCLUDED

==== //depot/projects/openpam/lib/openpam_configure.c#5 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_configure.c#4 $
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $
  */
 
 #include <ctype.h>
@@ -150,6 +150,8 @@
 			flag = PAM_SUFFICIENT;
 		} else if (strcmp(p, "optional") == 0) {
 			flag = PAM_OPTIONAL;
+		} else if (strcmp(p, "binding") == 0) {
+			flag = PAM_BINDING;
 		} else {
 			openpam_log(PAM_LOG_ERROR,
 			    "%s: invalid control flag on line %d: '%s'",

==== //depot/projects/openpam/lib/openpam_dispatch.c#17 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#16 $
+ * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $
  */
 
 #include <sys/param.h>
@@ -109,13 +109,14 @@
 
 		if (r == PAM_IGNORE)
 			continue;
-		if (r == PAM_SUCCESS || r == PAM_NEW_AUTHTOK_REQD) {
+		if (r == PAM_SUCCESS) {
 			/*
 			 * For pam_setcred() and pam_chauthtok() with the
 			 * PAM_PRELIM_CHECK flag, treat "sufficient" as
 			 * "optional".
 			 */
-			if (chain->flag == PAM_SUFFICIENT && !fail &&
+			if ((chain->flag == PAM_SUFFICIENT ||
+			    chain->flag == PAM_BINDING) && !fail &&
 			    primitive != PAM_SM_SETCRED &&
 			    !(primitive == PAM_SM_CHAUTHTOK &&
 				(flags & PAM_PRELIM_CHECK)))
@@ -132,7 +133,8 @@
 		 */
 		if (err == 0)
 			err = r;
-		if (chain->flag == PAM_REQUIRED && !fail) {
+		if ((chain->flag == PAM_REQUIRED ||
+		    chain->flag == PAM_BINDING) && !fail) {
 			openpam_log(PAM_LOG_DEBUG, "required module failed");
 			fail = 1;
 			err = r;

==== //depot/projects/openpam/lib/openpam_impl.h#16 (text+ko) ====

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#15 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -48,7 +48,8 @@
 #define PAM_REQUISITE		2
 #define PAM_SUFFICIENT		3
 #define PAM_OPTIONAL		4
-#define PAM_NUM_CONTROLFLAGS	5
+#define PAM_BINDING		5
+#define PAM_NUM_CONTROLFLAGS	6
 
 /*
  * Chains

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message