6783069 libc must not use defread internally

4 files changed, 57 insertions, 53 deletions

diff --git a/usr/src/lib/pam_modules/authtok_check/authtok_check.c b/usr/src/lib/pam_modules/authtok_check/authtok_check.c
index f53a77e69b..9b2cacec7b 100644
--- a/usr/src/lib/pam_modules/authtok_check/authtok_check.c
+++ b/usr/src/lib/pam_modules/authtok_check/authtok_check.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <sys/types.h>
 #include <sys/varargs.h>
 #include <sys/param.h>
@@ -125,11 +122,11 @@ error(pam_handle_t *pamh, int flags, char *fmt, ...)
 }
 
 int
-defread_int(char *name, uint_t *ip)
+defread_int(char *name, uint_t *ip, void *defp)
 {
 	char *q;
 	int r = 0;
-	if ((q = defread(name)) != NULL) {
+	if ((q = defread_r(name, defp)) != NULL) {
 		if (!isdigit(*q)) {
 			syslog(LOG_ERR, "pam_authtok_check: %s contains "
 			    "non-integer value for %s: %s. "
@@ -156,6 +153,7 @@ get_passwd_defaults(pam_handle_t *pamh, char *user, struct pwdefaults *p)
 	attrlist attr[2];
 	int result;
 	char *progname;
+	void	*defp;
 
 	(void) pam_get_item(pamh, PAM_SERVICE, (void **)&progname);
 
@@ -175,74 +173,77 @@ get_passwd_defaults(pam_handle_t *pamh, char *user, struct pwdefaults *p)
 	p->mindigit = 0;
 	p->whitespace = B_TRUE;
 
-	if (defopen(PWADMIN) != 0)
+	if ((defp = defopen_r(PWADMIN)) == NULL)
 		return (PAM_SUCCESS);
 
-	(void) defread_int("PASSLENGTH=", &p->minlength);
+	(void) defread_int("PASSLENGTH=", &p->minlength, defp);
 
-	if ((q = defread("NAMECHECK=")) != NULL && strcasecmp(q, "NO") == 0)
+	if ((q = defread_r("NAMECHECK=", defp)) != NULL &&
+	    strcasecmp(q, "NO") == 0)
 		p->do_namecheck = B_FALSE;
 
-	if ((q = defread("DICTIONLIST=")) != NULL) {
+	if ((q = defread_r("DICTIONLIST=", defp)) != NULL) {
 		if ((p->dicts = strdup(q)) == NULL) {
 			syslog(LOG_ERR, "pam_authtok_check: out of memory");
-			(void) defopen(NULL);
+			defclose_r(defp);
 			return (PAM_BUF_ERR);
 
 		}
 		p->do_dictcheck = B_TRUE;
-	} else
+	} else {
 		p->dicts = NULL;
+	}
 
-	if ((q = defread("DICTIONDBDIR=")) != NULL) {
+	if ((q = defread_r("DICTIONDBDIR=", defp)) != NULL) {
 		if (strlcpy(p->db_location, q, sizeof (p->db_location)) >=
 		    sizeof (p->db_location)) {
 			syslog(LOG_ERR, "pam_authtok_check: value for "
 			    "DICTIONDBDIR too large.");
-			(void) defopen(NULL);
+			defclose_r(defp);
 			return (PAM_SYSTEM_ERR);
 		}
 		p->do_dictcheck = B_TRUE;
-	} else
+	} else {
 		(void) strlcpy(p->db_location, CRACK_DIR,
 		    sizeof (p->db_location));
+	}
 
-	(void) defread_int("MINDIFF=", &p->mindiff);
-	(void) defread_int("MINALPHA=", &p->minalpha);
-	(void) defread_int("MINUPPER=", &p->minupper);
-	(void) defread_int("MINLOWER=", &p->minlower);
-	if (defread_int("MINNONALPHA=", &p->minnonalpha))
+	(void) defread_int("MINDIFF=", &p->mindiff, defp);
+	(void) defread_int("MINALPHA=", &p->minalpha, defp);
+	(void) defread_int("MINUPPER=", &p->minupper, defp);
+	(void) defread_int("MINLOWER=", &p->minlower, defp);
+	if (defread_int("MINNONALPHA=", &p->minnonalpha, defp))
 		minnonalpha_defined = B_TRUE;
-	(void) defread_int("MAXREPEATS=", &p->maxrepeat);
+	(void) defread_int("MAXREPEATS=", &p->maxrepeat, defp);
 
-	if (defread_int("MINSPECIAL=", &p->minspecial)) {
+	if (defread_int("MINSPECIAL=", &p->minspecial, defp)) {
 		if (minnonalpha_defined) {
 			syslog(LOG_ERR, "pam_authtok_check: %s contains "
 			    "definition for MINNONALPHA and for MINSPECIAL. "
 			    "These options are mutually exclusive.", PWADMIN);
-			(void) defopen(NULL);
+			defclose_r(defp);
 			return (PAM_SYSTEM_ERR);
 		}
 		p->minnonalpha = 0;
 	}
 
-	if (defread_int("MINDIGIT=", &p->mindigit)) {
+	if (defread_int("MINDIGIT=", &p->mindigit, defp)) {
 		if (minnonalpha_defined) {
 			syslog(LOG_ERR, "pam_authtok_check: %s contains "
 			    "definition for MINNONALPHA and for MINDIGIT. "
 			    "These options are mutually exclusive.", PWADMIN);
-			(void) defopen(NULL);
+			defclose_r(defp);
 			return (PAM_SYSTEM_ERR);
 		}
 		p->minnonalpha = 0;
 	}
 
-	if ((q = defread("WHITESPACE=")) != NULL)
+	if ((q = defread_r("WHITESPACE=", defp)) != NULL)
 		p->whitespace =
 		    (strcasecmp(q, "no") == 0 || strcmp(q, "0") == 0)
 		    ? B_FALSE : B_TRUE;
 
-	(void) defopen(NULL);
+	defclose_r(defp);
 
 	/*
 	 * Determine the number of significant characters in a password
@@ -552,7 +553,7 @@ check_composition(char *pw, struct pwdefaults *pwdef, pam_handle_t *pamh,
 		    pwdef->minnonalpha) {
 			error(pamh, flags, errmsg, pwdef->minnonalpha,
 			    dgettext(TEXT_DOMAIN,
-				"numeric or special character(s)"));
+			    "numeric or special character(s)"));
 			ret = 1;
 			goto out;
 		}
diff --git a/usr/src/lib/pam_modules/unix_account/unix_acct.c b/usr/src/lib/pam_modules/unix_account/unix_acct.c
index d064fc6bdb..bbeadd98ef 100644
--- a/usr/src/lib/pam_modules/unix_account/unix_acct.c
+++ b/usr/src/lib/pam_modules/unix_account/unix_acct.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -61,8 +61,6 @@
 /*
  * Function Declarations
  */
-extern int		defopen(char *);
-extern char		*defread(char *);
 extern void		setusershell();
 extern int		_nfssys(int, void *);
 
@@ -188,12 +186,13 @@ perform_passwd_aging_check(
 	int	idledays = -1;
 	char	*ptr;
 	char	messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
+	void	*defp;
 
 
-	if (defopen(LOGINADMIN) == 0) {
-		if ((ptr = defread("IDLEWEEKS=")) != NULL)
+	if ((defp = defopen_r(LOGINADMIN)) != NULL) {
+		if ((ptr = defread_r("IDLEWEEKS=", defp)) != NULL)
 			idledays = 7 * atoi(ptr);
-		(void) defopen(NULL);
+		defclose_r(defp);
 	}
 
 	/*
diff --git a/usr/src/lib/pam_modules/unix_auth/unix_auth.c b/usr/src/lib/pam_modules/unix_auth/unix_auth.c
index d0e8992279..1fcda7e2b8 100644
--- a/usr/src/lib/pam_modules/unix_auth/unix_auth.c
+++ b/usr/src/lib/pam_modules/unix_auth/unix_auth.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -72,20 +72,21 @@ get_max_failed(char *user)
 	int do_lock = 0;
 	int retval = 0;
 	char *p;
+	void	*defp;
 
 	if ((uattr = getusernam(user)) != NULL)
 		val = kva_match(uattr->attr, USERATTR_LOCK_AFTER_RETRIES_KW);
 
-	if (val != NULL)
+	if (val != NULL) {
 		do_lock = (strcasecmp(val, "yes") == 0);
-	else if (defopen(AUTH_POLICY) == 0) {
+	} else if ((defp = defopen_r(AUTH_POLICY)) != NULL) {
 		int flags;
-		flags = defcntl(DC_GETFLAGS, 0);
+		flags = defcntl_r(DC_GETFLAGS, 0, defp);
 		TURNOFF(flags, DC_CASE);
-		(void) defcntl(DC_SETFLAGS, flags);
-		if ((p = defread("LOCK_AFTER_RETRIES=")) != NULL)
+		(void) defcntl_r(DC_SETFLAGS, flags, defp);
+		if ((p = defread_r("LOCK_AFTER_RETRIES=", defp)) != NULL)
 			do_lock = (strcasecmp(p, "yes") == 0);
-		(void) defopen(NULL);
+		defclose_r(defp);
 	}
 
 	if (uattr != NULL)
@@ -93,10 +94,10 @@ get_max_failed(char *user)
 
 	if (do_lock) {
 		retval = MAXTRYS;
-		if (defopen(LOGINADMIN) == 0) {
-			if ((p = defread("RETRIES=")) != NULL)
+		if ((defp = defopen_r(LOGINADMIN)) != NULL) {
+			if ((p = defread_r("RETRIES=", defp)) != NULL)
 				retval = atoi(p);
-			(void) defopen(NULL);
+			defclose_r(defp);
 		}
 	}
 
diff --git a/usr/src/lib/pam_modules/unix_cred/unix_cred.c b/usr/src/lib/pam_modules/unix_cred/unix_cred.c
index 305cbade9d..22256206ef 100644
--- a/usr/src/lib/pam_modules/unix_cred/unix_cred.c
+++ b/usr/src/lib/pam_modules/unix_cred/unix_cred.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -80,7 +80,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
  * fall back to the default, "defname".
  */
 static int
-getset(char *keyname, char *defname, userattr_t *ua, priv_set_t **res)
+getset(char *keyname, char *defname, userattr_t *ua, priv_set_t **res,
+    void *defp)
 {
 	char *str;
 	priv_set_t *tmp;
@@ -89,7 +90,7 @@ getset(char *keyname, char *defname, userattr_t *ua, priv_set_t **res)
 
 	if ((ua == NULL || ua->attr == NULL ||
 	    (str = kva_match(ua->attr, keyname)) == NULL) &&
-	    (str = defread(defname)) == NULL)
+	    (defp == NULL || (str = defread_r(defname, defp)) == NULL))
 		return (0);
 
 	len = strlen(str) + 1;
@@ -172,6 +173,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	char		*kvs;
 	struct passwd	pwd;
 	char		pwbuf[NSS_BUFLEN_PASSWD];
+	void		*defp;
 
 	for (i = 0; i < argc; i++) {
 		if (strcmp(argv[i], "debug") == 0)
@@ -529,12 +531,12 @@ adt_done:
 
 	ua = getusernam(user);
 
-	(void) defopen(AUTH_POLICY);
+	defp = defopen_r(AUTH_POLICY);
 
 	tset = def = lim = NULL;
 
-	if (getset(USERATTR_LIMPRIV_KW, DEF_LIMITPRIV, ua, &lim) != 0 ||
-	    getset(USERATTR_DFLTPRIV_KW, DEF_DFLTPRIV, ua, &def) != 0) {
+	if (getset(USERATTR_LIMPRIV_KW, DEF_LIMITPRIV, ua, &lim, defp) != 0 ||
+	    getset(USERATTR_DFLTPRIV_KW, DEF_DFLTPRIV, ua, &def, defp) != 0) {
 		ret = PAM_SYSTEM_ERR;
 		goto out;
 	}
@@ -596,7 +598,8 @@ adt_done:
 	(void) setpflags(PRIV_AWARE, 0);
 
 out:
-	(void) defopen(NULL);
+	if (defp != NULL)
+		defclose_r(defp);
 
 	if (ua != NULL)
 		free_userattr(ua);