Date: Sat, 6 Apr 2002 07:42:38 -0800 (PST) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 9210 for review Message-ID: <200204061542.g36Fgcb00431@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9210 Change 9210 by des@des.at.des.thinksec.com on 2002/04/06 07:41:37 Check flags carefully, and add documentation. Sponsored by: DARPA, NAI Labs Affected files ... ... //depot/projects/openpam/lib/pam_authenticate.c#9 edit ... //depot/projects/openpam/lib/pam_chauthtok.c#10 edit Differences ... ==== //depot/projects/openpam/lib/pam_authenticate.c#9 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#9 $ */ #include <sys/param.h> @@ -53,6 +53,8 @@ { int pam_err; + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); pam_set_item(pamh, PAM_AUTHTOK, NULL); return (pam_err); @@ -65,3 +67,20 @@ * =pam_sm_authenticate * !PAM_IGNORE */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK + * Fail if the user's authentication token is null. + */ ==== //depot/projects/openpam/lib/pam_chauthtok.c#10 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#10 $ */ #include <sys/param.h> @@ -53,7 +53,7 @@ { int pam_err; - if (flags & PAM_PRELIM_CHECK || flags & PAM_UPDATE_AUTHTOK) + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) return (PAM_SYMBOL_ERR); pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags | PAM_PRELIM_CHECK); @@ -73,3 +73,17 @@ * !PAM_IGNORE * PAM_SYMBOL_ERR */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK + * Change only those authentication tokens that have expired. + */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204061542.g36Fgcb00431>