From owner-p4-projects Sat Apr 6 7:42:52 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0EC7937B416; Sat, 6 Apr 2002 07:42:39 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 253EA37B404 for ; Sat, 6 Apr 2002 07:42:38 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g36Fgcb00431 for perforce@freebsd.org; Sat, 6 Apr 2002 07:42:38 -0800 (PST) (envelope-from des@freebsd.org) Date: Sat, 6 Apr 2002 07:42:38 -0800 (PST) Message-Id: <200204061542.g36Fgcb00431@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to des@freebsd.org using -f From: Dag-Erling Smorgrav Subject: PERFORCE change 9210 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9210 Change 9210 by des@des.at.des.thinksec.com on 2002/04/06 07:41:37 Check flags carefully, and add documentation. Sponsored by: DARPA, NAI Labs Affected files ... ... //depot/projects/openpam/lib/pam_authenticate.c#9 edit ... //depot/projects/openpam/lib/pam_chauthtok.c#10 edit Differences ... ==== //depot/projects/openpam/lib/pam_authenticate.c#9 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#9 $ */ #include @@ -53,6 +53,8 @@ { int pam_err; + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); pam_set_item(pamh, PAM_AUTHTOK, NULL); return (pam_err); @@ -65,3 +67,20 @@ * =pam_sm_authenticate * !PAM_IGNORE */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK + * Fail if the user's authentication token is null. + */ ==== //depot/projects/openpam/lib/pam_chauthtok.c#10 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#10 $ */ #include @@ -53,7 +53,7 @@ { int pam_err; - if (flags & PAM_PRELIM_CHECK || flags & PAM_UPDATE_AUTHTOK) + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags | PAM_PRELIM_CHECK); @@ -73,3 +73,17 @@ * !PAM_IGNORE * PAM_SYMBOL_ERR */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK + * Change only those authentication tokens that have expired. + */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message