2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $Id: openpam_dynamic.c 607 2012-04-20 11:09:37Z des $
50 #include <security/pam_appl.h>
52 #include "openpam_impl.h"
55 #define RTLD_NOW RTLD_LAZY
61 * Perform sanity checks and attempt to load a module
66 try_dlopen(const char *modfn)
71 if ((fd = open(modfn, O_RDONLY)) < 0)
73 if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
74 openpam_check_desc_owner_perms(modfn, fd) != 0) {
78 if ((dlh = fdlopen(fd, RTLD_NOW)) == NULL) {
79 openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
89 try_dlopen(const char *modfn)
91 int check_module_file;
94 openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE,
96 if (check_module_file &&
97 openpam_check_path_owner_perms(modfn) != 0)
99 if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
100 openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
111 * Locate a dynamically linked module
115 openpam_dynamic(const char *path)
117 const pam_module_t *dlmodule;
118 pam_module_t *module;
126 /* Prepend the standard prefix if not an absolute pathname. */
128 prefix = OPENPAM_MODULES_DIR;
132 /* try versioned module first, then unversioned module */
133 if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
135 if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) {
136 *strrchr(vpath, '.') = '\0';
137 dlh = try_dlopen(vpath);
141 if ((module = calloc(1, sizeof *module)) == NULL)
143 if ((module->path = strdup(path)) == NULL)
146 dlmodule = dlsym(dlh, "_pam_module");
147 for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
149 module->func[i] = dlmodule->func[i];
152 (pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
154 * This openpam_log() call is a major source of
155 * log spam, and the cases that matter are caught
156 * and logged in openpam_dispatch(). This would
157 * be less problematic if dlerror() returned an
158 * error code so we could log an error only when
159 * dlsym() failed for a reason other than "no such
163 if (module->func[i] == NULL)
164 openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
165 path, pam_sm_func_name[i], dlerror());
180 openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);