pam: modules/pam_console/50-default.perms (NEW), modules/pam_conso...
baggins
baggins at pld-linux.org
Mon Feb 5 00:11:57 CET 2007
Author: baggins Date: Sun Feb 4 23:11:57 2007 GMT
Module: pam Tag: HEAD
---- Log message:
- latest, full version from Fedora
---- Files affected:
pam/modules/pam_console:
50-default.perms (NONE -> 1.1) (NEW), chmod.c (NONE -> 1.1) (NEW), chmod.h (NONE -> 1.1) (NEW), configfile.c (NONE -> 1.1) (NEW), configfile.h (NONE -> 1.1) (NEW), configfile.l (NONE -> 1.1) (NEW), configfile.y (NONE -> 1.1) (NEW), console.handlers (NONE -> 1.1) (NEW), console.handlers.5 (NONE -> 1.1) (NEW), console.perms (NONE -> 1.1) (NEW), console.perms.5 (NONE -> 1.1) (NEW), handlers.c (NONE -> 1.1) (NEW), handlers.h (NONE -> 1.1) (NEW), hashtable.c (NONE -> 1.1) (NEW), hashtable.h (NONE -> 1.1) (NEW), hashtable_private.h (NONE -> 1.1) (NEW), modechange.c (NONE -> 1.1) (NEW), modechange.h (NONE -> 1.1) (NEW), pam_console.8 (NONE -> 1.1) (NEW), pam_console.h (NONE -> 1.1) (NEW), pam_console_apply.8 (NONE -> 1.1) (NEW), pam_console_apply.c (NONE -> 1.1) (NEW), regerr.c (NONE -> 1.1) (NEW), sed-static (NONE -> 1.1) (NEW), .cvsignore (1.4 -> 1.5) , Makefile.am (1.9 -> 1.10) , README (1.1 -> 1.2) , console.apps.5 (1.1 -> 1.2) , pam_console.c (1.6 ->
1.7)
---- Diffs:
================================================================
Index: pam/modules/pam_console/50-default.perms
diff -u /dev/null pam/modules/pam_console/50-default.perms:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/50-default.perms Mon Feb 5 00:11:52 2007
@@ -0,0 +1,58 @@
+# device classes -- these are shell-style globs
+<floppy>=/dev/fd[0-1]* /dev/floppy* /mnt/floppy* /media/floppy*
+<sound>=/dev/dsp* /dev/audio* /dev/midi* /dev/mixer* /dev/sequencer* \
+ /dev/sound/* /dev/beep /dev/snd/* /dev/adsp*
+<cdrom>=/dev/cdrom* /dev/cdroms/* /dev/cdwriter* /mnt/cdrom* /media/cdrom*
+<pilot>=/dev/pilot
+<jaz>=/mnt/jaz* /media/jaz*
+<zip>=/mnt/pocketzip* /mnt/zip* /media/pocketzip* /media/zip* /dev/zip*
+<ls120>=/dev/ls120 /mnt/ls120* /media/ls120*
+<scanner>=/dev/scanner* /dev/usb/scanner*
+<rio500>=/dev/usb/rio500
+<camera>=/mnt/camera* /media/camera* /dev/usb/dc2xx* /dev/usb/mdc800*
+<memstick>=/mnt/memstick* /media/memstick*
+<flash>=/mnt/flash* /media/flash* /dev/flash*
+<diskonkey>=/mnt/diskonkey* /media/diskonkey*
+<rem_ide>=/mnt/microdrive* /media/microdrive*
+<fb>=/dev/fb /dev/fb[0-9]* /dev/fb/*
+<kbd>=/dev/kbd
+<joystick>=/dev/js[0-9]*
+<v4l>=/dev/video* /dev/radio* /dev/winradio* /dev/vtx* /dev/vbi* /dev/video/*
+<gpm>=/dev/gpmctl
+<dri>=/dev/nvidia* /dev/3dfx* /dev/dri/card*
+<mainboard>=/dev/apm_bios
+<pmu>=/dev/pmu
+<bluetooth>=/dev/rfcomm*
+<raw1394>=/dev/raw1394
+<irda>=/dev/ircomm*
+<dvb>=/dev/dvb/adapter*/*
+
+# permission definitions
+<console> 0660 <floppy> 0660 root.floppy
+<console> 0600 <sound> 0600 root.audio
+<console> 0600 <cdrom> 0660 root.disk
+<console> 0600 <pilot> 0660 root.ttyS
+<console> 0600 <jaz> 0660 root.disk
+<console> 0600 <zip> 0660 root.disk
+<console> 0600 <ls120> 0660 root.disk
+<console> 0600 <scanner> 0600 root
+<console> 0600 <camera> 0600 root.disk
+<console> 0600 <memstick> 0600 root.disk
+<console> 0600 <flash> 0600 root.disk
+<console> 0600 <diskonkey> 0660 root.disk
+<console> 0600 <rem_ide> 0660 root.disk
+<console> 0600 <fb> 0600 root.video
+<console> 0600 <kbd> 0600 root
+<console> 0600 <joystick> 0600 root.sys
+<console> 0600 <v4l> 0600 root.video
+<console> 0700 <gpm> 0700 root
+<console> 0600 <mainboard> 0600 root
+<console> 0600 <rio500> 0600 root.ttyS
+<console> 0600 <pmu> 0600 root
+<console> 0600 <bluetooth> 0600 root.ttyS
+<console> 0600 <raw1394> 0600 root.video
+<console> 0600 <irda> 0600 root.ttyS
+<console> 0600 <dvb> 0600 root.video
+
+<xconsole> 0600 /dev/console 0600 root.root
+<console> 0600 <dri> 0600 root.video
================================================================
Index: pam/modules/pam_console/chmod.c
diff -u /dev/null pam/modules/pam_console/chmod.c:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/chmod.c Mon Feb 5 00:11:52 2007
@@ -0,0 +1,240 @@
+/* This file is derived from chmod.c and stpcpy.c, included
+ in the GNU fileutils distribution. It has been changed to be a
+ library specifically for use within the Red Hat pam_console module.
+ Changes Copyright 1999,2001 Red Hat, Inc.
+ */
+
+/* chmod -- change permission modes of files
+ Copyright (C) 89, 90, 91, 95, 1996 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+#include "config.h"
+#include <errno.h>
+#include <glob.h>
+#include <fnmatch.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <mntent.h>
+#define NAMLEN(dirent) strlen((dirent)->d_name)
+
+#include "configfile.h"
+#include "chmod.h"
+#include "modechange.h"
+
+#define CLOSEDIR(d) closedir (d)
+
+#ifdef _D_NEED_STPCPY
+/* stpcpy.c -- copy a string and return pointer to end of new string
+ Copyright (C) 1989, 1990 Free Software Foundation.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+
+/* Copy SRC to DEST, returning the address of the terminating '\0' in DEST. */
+
+static char *
+stpcpy (char *dest, const char *src)
+{
+ while ((*dest++ = *src++) != '\0')
+ /* Do nothing. */ ;
+ return dest - 1;
+}
+#endif /* _D_NEED_STPCPY */
+
+/* end included files */
+
+static const char *fstab_filename = "/etc/fstab";
+
+static int change_via_fstab __P ((const char *dir,
+ const struct mode_change *changes,
+ uid_t user, gid_t group));
+
+/* Change the mode of FILE according to the list of operations CHANGES.
+ If DEREF_SYMLINK is nonzero and FILE is a symbolic link, change the
+ mode of the referenced file. If DEREF_SYMLINK is zero, ignore symbolic
+ links. Return 0 if successful, 1 if errors occurred. */
+
+static int
+change_file (const char *file, const struct mode_change *changes,
+ const int deref_symlink, uid_t user, gid_t group)
+{
+ struct stat file_stats;
+ unsigned short newmode;
+ int errors = 0;
+
+ if (lstat (file, &file_stats) == -1)
+ {
+ if (errno == ENOENT)
+ {
+ /* doesn't exist, check fstab */
+ errors |= change_via_fstab (file, changes, user, group);
+ return errors;
+ }
+ else
+ {
+ return 1;
+ }
+ }
+
+ if (S_ISLNK (file_stats.st_mode))
+ {
+ /* don't bother with dangling symlinks */
+ if (stat (file, &file_stats))
+ {
+ return 1;
+ }
+ }
+
+ newmode = mode_adjust (file_stats.st_mode, changes);
+
+ if (S_ISDIR (file_stats.st_mode))
+ errors |= change_via_fstab (file, changes, user, group);
+ else
+ {
+ if (newmode != (file_stats.st_mode & 07777))
+ {
+ if (chmod (file, (int) newmode) == -1)
+ {
+ errors = 1;
+ }
+ }
+ errors |= chown (file, user, group);
+ }
+
+ return errors;
+}
+
+void
+chmod_set_fstab(const char *fstab)
+{
+ fstab_filename = strdup(fstab);
+}
+
+
+/* If the directory spec given matches a filesystem listed in /etc/fstab,
+ * modify the device special associated with that filesystem. */
+static int
+change_via_fstab (const char *dir, const struct mode_change *changes,
+ uid_t user, gid_t group)
+{
+ int errors = 0;
+ FILE *fstab;
+ struct mntent *mntent;
+
+ fstab = setmntent(fstab_filename, "r");
+
+ if (fstab == NULL)
+ {
+ return 1;
+ }
+
+ for(mntent = getmntent(fstab); mntent != NULL; mntent = getmntent(fstab))
+ {
+ if(mntent->mnt_dir &&
+ mntent->mnt_fsname &&
+ (fnmatch(dir, mntent->mnt_dir, 0) == 0))
+ {
+ errors |= change_file(mntent->mnt_fsname, changes, TRUE, user, group);
+ }
+ }
+
+ endmntent(fstab);
+
+ return errors;
+}
+
+/* Parse the ASCII mode into a linked list
+ of `struct mode_change' and apply that to each file argument. */
+
+
+static int
+glob_errfn(const char *pathname, int theerr) {
+ /* silently ignore inaccessible files */
+ return 0;
+}
+
+#define DIE(n) {fprintf(stderr, "chmod failure\n"); return (n);}
+
+static int
+match_files(GSList *files, const char *filename) {
+
+ if (!files)
+ return 0; /* empty list matches */
+ for (; files; files = files->next) {
+ if (!fnmatch(files->data, filename, FNM_PATHNAME))
+ return 0;
+ }
+ return -1;
+}
+
+int
+chmod_files (const char *mode, uid_t user, gid_t group,
+ char *single_file, GSList *filelist, GSList *constraints)
+{
+ struct mode_change *changes;
+ int errors = 0;
+ glob_t result;
+ char *filename = NULL;
+ int flags = GLOB_NOCHECK;
+ int i, rc;
+
+ changes = mode_compile (mode,
+ MODE_MASK_EQUALS | MODE_MASK_PLUS | MODE_MASK_MINUS);
+ if (changes == MODE_INVALID) DIE(1)
+ else if (changes == MODE_MEMORY_EXHAUSTED) DIE(1)
+
+ for (; filelist; filelist = filelist->next)
+ {
+ filename = filelist->data;
+ rc = glob(filename, flags, glob_errfn, &result);
+ if (rc == GLOB_NOSPACE) DIE(1)
+ flags |= GLOB_APPEND;
+ }
+ if(single_file) {
+ rc = glob(single_file, flags, glob_errfn, &result);
+ if (rc == GLOB_NOSPACE) DIE(1)
+ }
+
+ for (i = 0; i < result.gl_pathc; i++) {
+ if (!match_files(constraints, result.gl_pathv[i])) {
+ errors |= change_file (result.gl_pathv[i], changes, 1, user, group);
+#if 0
+ _pam_log(LOG_DEBUG, TRUE,
+ "file %s (%d): mode %s\n", result.gl_pathv[i], user, mode);
+#endif
+ }
+ }
+
+ globfree(&result);
+
+ return (errors);
+}
================================================================
Index: pam/modules/pam_console/chmod.h
diff -u /dev/null pam/modules/pam_console/chmod.h:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/chmod.h Mon Feb 5 00:11:52 2007
@@ -0,0 +1,11 @@
+#include <unistd.h>
+
+#ifndef _CHMOD_H
+#define _CHMOD_H
+
+int
+chmod_files(const char *mode, uid_t user, gid_t group, char *fname, GSList *filelist, GSList *constraints);
+void
+chmod_set_fstab(const char *fstab);
+
+#endif /* _CHMOD_H */
================================================================
Index: pam/modules/pam_console/configfile.c
diff -u /dev/null pam/modules/pam_console/configfile.c:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/configfile.c Mon Feb 5 00:11:52 2007
@@ -0,0 +1,58 @@
+#include <string.h>
+#include <stdlib.h>
+#include "configfile.h"
+
+void *
+_do_malloc(size_t req)
+{
+ void *ret;
+ ret = malloc(req);
+ if (!ret) abort();
+ return ret;
+}
+
+GSList *
+g_slist_prepend(GSList *l, void *d)
+{
+ GSList *memb;
+ memb = _do_malloc(sizeof(*memb));
+ memb->next = l;
+ memb->data = d;
+ return memb;
+}
+
+GSList *
+g_slist_append(GSList *l, void *d)
+{
+ GSList *memb, *n;
+ memb = _do_malloc(sizeof(*memb));
+ memb->next = NULL;
+ memb->data = d;
+
+ if (l == NULL) {
+ return memb;
+ }
+
+ n = l;
+ while (n->next != NULL) {
+ n = n->next;
+ }
+ n->next = memb;
+
+ return l;
+}
+
+void
+g_slist_free(GSList *l)
+{
+ GSList *n;
+ while (l != NULL) {
+ n = l->next;
+ free(l);
+ l = n;
+ }
+}
+
+#include "configfile.lex.c"
+#include "configfile.tab.c"
+
================================================================
Index: pam/modules/pam_console/configfile.h
diff -u /dev/null pam/modules/pam_console/configfile.h:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/configfile.h Mon Feb 5 00:11:52 2007
@@ -0,0 +1,64 @@
+/* Copyright 1999, 2005 Red Hat, Inc.
+ * This software may be used under the terms of the GNU General Public
+ * License, available in the file COPYING accompanying this file.
+ */
+#ifndef _CONFIGFILE_H
+#define _CONFIGFILE_H
+#define STATIC static
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE (!FALSE)
+#endif
+
+/* GSList reimplementation */
+
+typedef struct GSList_s GSList;
+struct GSList_s {
+ void *data;
+ GSList *next;
+};
+
+typedef struct class_s class;
+struct class_s {
+ char* name;
+ GSList* list;
+};
+
+typedef struct config_s config;
+struct config_s {
+ class* console_class;
+ char* mode;
+ class* device_class;
+ char* revert_mode;
+ char* revert_owner;
+ char* revert_group;
+};
+
+GSList *
+g_slist_prepend(GSList *l, void *d);
+
+GSList *
+g_slist_append(GSList *l, void *d);
+
+void
+g_slist_free(GSList *l);
+
+void
+parse_file(const char *name);
+
+int
+check_console_name (const char *consolename);
+
+int
+set_permissions(const char *consolename, const char *username, GSList *files);
+
+int
+reset_permissions(const char *consolename, GSList *files);
+
+void *
+_do_malloc(size_t req);
+
+#endif /* _CONFIGFILE_H */
================================================================
Index: pam/modules/pam_console/configfile.l
diff -u /dev/null pam/modules/pam_console/configfile.l:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/configfile.l Mon Feb 5 00:11:52 2007
@@ -0,0 +1,66 @@
+%option noyywrap
+%{
+/* Copyright 1999,2000 Red Hat, Inc.
+ * This software may be used under the terms of the GNU General Public
+ * License, available in the file COPYING accompanying this file
+ */
+/* get around an apparant bug in bison; YYSTYPE not copied into config.tab.h */
+#define YYSTYPE void *
+#include "configfile.h"
+#include "configfile.tab.h"
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+
+#include "pam_console.h"
+
+static int lineno;
+static const char *filename;
+
+STATIC char *
+strip_slash(const char *);
+%}
+%%
+\n { lineno++; return EOL; }
+\\\n { lineno++; }
+ /* do not return EOL, eat up escaped newline */
+[ \t]+ /* ignore whitespace */
+\< { return OBRACKET; }
+\>= { return CBEQUALS; }
+\> { return CBRACKET; }
+([^\t\n #\<\>]|(\\#|\\\<|\\\>))+ { _pc_yylval=strip_slash(yytext); return STRING; }
+#.*\n { lineno++; return EOL; } /* ignore comments */
+%%
+
+static void
+lex_file (FILE *in) {
+ /* yy_flex_debug = 1; */
+ yyin = in;
+ lineno = 1;
+}
+
+static void
+lex_set_filename(const char *name) {
+ filename = name;
+}
+
+static int
+_pc_yyerror (const char *s) {
+ _pam_log(NULL, LOG_ERR, 0, "%s line %d: %s: at `%s'\n",
+ filename, lineno, s, (char *)_pc_yylval);
+ return 0;
+}
+
+STATIC char *
+strip_slash(const char *s) {
+ char *r, *t;
+
+ t = r = strdup(s);
+ while ((t = strchr(t, '\\')) != NULL) {
+ if (t[1] == '#' || t[1] == '<' || t[1] == '>') {
+ memmove(t, t+1, strlen(t));
+ }
+ t++;
+ }
+ return r;
+}
================================================================
Index: pam/modules/pam_console/configfile.y
diff -u /dev/null pam/modules/pam_console/configfile.y:1.1
--- /dev/null Mon Feb 5 00:11:57 2007
+++ pam/modules/pam_console/configfile.y Mon Feb 5 00:11:52 2007
@@ -0,0 +1,340 @@
+%{
+/* Copyright 1999,2000 Red Hat, Inc.
+ * This software may be used under the terms of the GNU General Public
+ * License, available in the file COPYING accompanying this file
+ */
+#define YYSTYPE void *
+
+#include <errno.h>
+#include <grp.h>
+#include <limits.h>
+#include <regex.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <chmod.h>
+#include <hashtable.h>
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+
+typedef struct hashtable GHashTable;
+
+static GHashTable *namespace = NULL;
+static GSList *configList = NULL;
+static GSList *configListEnd = NULL;
+static GSList *consoleClassList = NULL;
+static GSList *consoleClassListEnd = NULL;
+static const char *consoleNameCache = NULL;
+static GHashTable *consoleHash = NULL;
+
+static void
+do_yyerror(const char *format, ...);
+
+static void
+empty_class(class *c);
+
+static unsigned int
+str_hash(unsigned char *s)
+{
+ unsigned int hash = 5381;
+ int c;
+
+ while ((c = *s++))
+ hash = ((hash << 5) + hash) + c; /* hash * 33 + c */
+
+ return hash;
+}
+
+static int
+str_equal(void *a, void *b)
+{
+ return strcmp(a, b) == 0;
+}
+
+static unsigned int
+ptr_hash(void *p)
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/pam/modules/pam_console/.cvsignore?r1=1.4&r2=1.5&f=u
http://cvs.pld-linux.org/pam/modules/pam_console/Makefile.am?r1=1.9&r2=1.10&f=u
http://cvs.pld-linux.org/pam/modules/pam_console/README?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/pam/modules/pam_console/console.apps.5?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/pam/modules/pam_console/pam_console.c?r1=1.6&r2=1.7&f=u
More information about the pld-cvs-commit
mailing list