diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-09-15 09:40:30 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2014-09-15 09:40:30 +0000 |
| commit | adf180b55c9bdbf02c7daf6a62bdecd3b7dd6cd6 (patch) | |
| tree | 0cabdf9c7495e0b4b28b66d5f485231bb928de81 /lib | |
| parent | 299a95c6b11a65ecaa8371d14fff8dffe393e091 (diff) | |
| download | src-adf180b55c9bdbf02c7daf6a62bdecd3b7dd6cd6.tar.gz src-adf180b55c9bdbf02c7daf6a62bdecd3b7dd6cd6.zip | |
Vendor import of OpenPAM Ourouparia.vendor/openpam/OUROUPARIA
Notes
Notes:
svn path=/vendor/openpam/dist/; revision=271612
svn path=/vendor/openpam/OUROUPARIA/; revision=271613; tag=vendor/openpam/OUROUPARIA
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/Makefile.in | 5 | ||||
| -rw-r--r-- | lib/libpam/Makefile.am | 6 | ||||
| -rw-r--r-- | lib/libpam/Makefile.in | 20 | ||||
| -rw-r--r-- | lib/libpam/openpam_configure.c | 42 | ||||
| -rw-r--r-- | lib/libpam/openpam_ctype.h | 2 | ||||
| -rw-r--r-- | lib/libpam/openpam_dispatch.c | 25 | ||||
| -rw-r--r-- | lib/libpam/openpam_strlset.c | 58 | ||||
| -rw-r--r-- | lib/libpam/openpam_strlset.h | 41 | ||||
| -rw-r--r-- | lib/libpam/openpam_ttyconv.c | 5 | ||||
| -rw-r--r-- | lib/libpam/pam_get_authtok.c | 10 |
11 files changed, 181 insertions, 35 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index ca8dbbee2e0d..9f2d21d7a44f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,3 +1,3 @@ -# $Id: Makefile.am 255365 2013-09-07 16:15:30Z des $ +# $Id: Makefile.am 714 2013-08-19 15:30:21Z des $ SUBDIRS = libpam diff --git a/lib/Makefile.in b/lib/Makefile.in index 3ea0f711e7d3..198e909926da 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -82,10 +82,7 @@ host_triplet = @host@ subdir = lib DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d diff --git a/lib/libpam/Makefile.am b/lib/libpam/Makefile.am index 99c37f00ee6b..a7781d656786 100644 --- a/lib/libpam/Makefile.am +++ b/lib/libpam/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $ +# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $ NULL = @@ -18,6 +18,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -44,9 +45,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ diff --git a/lib/libpam/Makefile.in b/lib/libpam/Makefile.in index b84d4793f05c..f2971163e0ed 100644 --- a/lib/libpam/Makefile.in +++ b/lib/libpam/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am 660 2013-03-11 15:08:52Z des $ +# $Id: Makefile.am 807 2014-09-09 09:41:32Z des $ VPATH = @srcdir@ @@ -85,10 +85,7 @@ subdir = lib/libpam DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp $(noinst_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -135,10 +132,10 @@ am_libpam_la_OBJECTS = openpam_asprintf.lo openpam_borrow_cred.lo \ openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \ openpam_readword.lo openpam_restore_cred.lo \ openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \ - openpam_strlcat.lo openpam_strlcpy.lo openpam_straddch.lo \ - openpam_subst.lo openpam_vasprintf.lo openpam_ttyconv.lo \ - pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \ - pam_close_session.lo pam_end.lo pam_error.lo \ + openpam_straddch.lo openpam_strlcat.lo openpam_strlcpy.lo \ + openpam_strlset.lo openpam_subst.lo openpam_vasprintf.lo \ + openpam_ttyconv.lo pam_acct_mgmt.lo pam_authenticate.lo \ + pam_chauthtok.lo pam_close_session.lo pam_end.lo pam_error.lo \ pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \ pam_get_user.lo pam_getenv.lo pam_getenvlist.lo pam_info.lo \ pam_open_session.lo pam_prompt.lo pam_putenv.lo \ @@ -349,6 +346,7 @@ noinst_HEADERS = \ openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h \ + openpam_strlset.h \ openpam_vasprintf.h libpam_la_SOURCES = \ @@ -375,9 +373,10 @@ libpam_la_SOURCES = \ openpam_set_option.c \ openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_strlcat.c \ openpam_strlcpy.c \ - openpam_straddch.c \ + openpam_strlset.c \ openpam_subst.c \ openpam_vasprintf.c \ openpam_ttyconv.c \ @@ -534,6 +533,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcat.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_strlset.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_vasprintf.Plo@am__quote@ diff --git a/lib/libpam/openpam_configure.c b/lib/libpam/openpam_configure.c index 1a43dc799da1..5a4ca620222f 100644 --- a/lib/libpam/openpam_configure.c +++ b/lib/libpam/openpam_configure.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2012 Dag-Erling Smørgrav + * Copyright (c) 2004-2014 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_configure.c 667 2013-03-17 14:24:00Z des $ + * $Id: openpam_configure.c 796 2014-06-03 21:30:08Z des $ */ #ifdef HAVE_CONFIG_H @@ -193,6 +193,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid facility", filename, lineno); + errno = EINVAL; goto fail; } if (facility != fclt && facility != PAM_FACILITY_ANY) { @@ -208,18 +209,28 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid service name", filename, lineno); + errno = EINVAL; goto fail; } if (wordv[i] != NULL) { openpam_log(PAM_LOG_ERROR, "%s(%d): garbage at end of line", filename, lineno); + errno = EINVAL; goto fail; } ret = openpam_load_chain(pamh, servicename, fclt); FREEV(wordc, wordv); - if (ret < 0) + if (ret < 0) { + /* + * Bogus errno, but this ensures that the + * outer loop does not just ignore the + * error and keep searching. + */ + if (errno == ENOENT) + errno = EINVAL; goto fail; + } continue; } @@ -229,6 +240,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid control flag", filename, lineno); + errno = EINVAL; goto fail; } @@ -238,6 +250,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid module name", filename, lineno); + errno = EINVAL; goto fail; } @@ -247,8 +260,11 @@ openpam_parse_chain(pam_handle_t *pamh, this->flag = ctlf; /* load module */ - if ((this->module = openpam_load_module(modulename)) == NULL) + if ((this->module = openpam_load_module(modulename)) == NULL) { + if (errno == ENOENT) + errno = ENOEXEC; goto fail; + } /* * The remaining items in wordv are the module's @@ -281,7 +297,11 @@ openpam_parse_chain(pam_handle_t *pamh, * The loop ended because openpam_readword() returned NULL, which * can happen for four different reasons: an I/O error (ferror(f) * is true), a memory allocation failure (ferror(f) is false, - * errno is non-zero) + * feof(f) is false, errno is non-zero), the file ended with an + * unterminated quote or backslash escape (ferror(f) is false, + * feof(f) is true, errno is non-zero), or the end of the file was + * reached without error (ferror(f) is false, feof(f) is true, + * errno is zero). */ if (ferror(f) || errno != 0) goto syserr; @@ -402,6 +422,9 @@ openpam_load_chain(pam_handle_t *pamh, } ret = openpam_load_file(pamh, service, facility, filename, style); + /* success */ + if (ret > 0) + RETURNN(ret); /* the file exists, but an error occurred */ if (ret == -1 && errno != ENOENT) RETURNN(ret); @@ -411,7 +434,8 @@ openpam_load_chain(pam_handle_t *pamh, } /* no hit */ - RETURNN(0); + errno = ENOENT; + RETURNN(-1); } /* @@ -432,8 +456,10 @@ openpam_configure(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "invalid service name"); RETURNC(PAM_SYSTEM_ERR); } - if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) - goto load_err; + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) { + if (errno != ENOENT) + goto load_err; + } for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { if (pamh->chains[fclt] != NULL) continue; diff --git a/lib/libpam/openpam_ctype.h b/lib/libpam/openpam_ctype.h index 38016227a687..d99d34b4dacf 100644 --- a/lib/libpam/openpam_ctype.h +++ b/lib/libpam/openpam_ctype.h @@ -26,7 +26,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ctype.h 666 2013-03-17 14:22:17Z des $ + * $Id: openpam_ctype.h 763 2014-02-26 16:29:16Z des $ */ #ifndef OPENPAM_CTYPE_H_INCLUDED diff --git a/lib/libpam/openpam_dispatch.c b/lib/libpam/openpam_dispatch.c index 0dcc73223ce3..5fa068f8e261 100644 --- a/lib/libpam/openpam_dispatch.c +++ b/lib/libpam/openpam_dispatch.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dispatch.c 649 2013-03-05 17:58:33Z des $ + * $Id: openpam_dispatch.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -63,7 +63,7 @@ openpam_dispatch(pam_handle_t *pamh, int flags) { pam_chain_t *chain; - int err, fail, r; + int err, fail, nsuccess, r; int debug; ENTER(); @@ -101,7 +101,9 @@ openpam_dispatch(pam_handle_t *pamh, } /* execute */ - for (err = fail = 0; chain != NULL; chain = chain->next) { + err = PAM_SUCCESS; + fail = nsuccess = 0; + for (; chain != NULL; chain = chain->next) { if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", chain->module->path, pam_sm_func_name[primitive]); @@ -126,7 +128,8 @@ openpam_dispatch(pam_handle_t *pamh, if (r == PAM_IGNORE) continue; - if (r == PAM_SUCCESS) { + if (r == PAM_SUCCESS) { + ++nsuccess; /* * For pam_setcred() and pam_chauthtok() with the * PAM_PRELIM_CHECK flag, treat "sufficient" as @@ -148,7 +151,7 @@ openpam_dispatch(pam_handle_t *pamh, * fail. If a required module fails, record the * return code from the first required module to fail. */ - if (err == 0) + if (err == PAM_SUCCESS) err = r; if ((chain->flag == PAM_REQUIRED || chain->flag == PAM_BINDING) && !fail) { @@ -170,6 +173,18 @@ openpam_dispatch(pam_handle_t *pamh, if (!fail && err != PAM_NEW_AUTHTOK_REQD) err = PAM_SUCCESS; + + /* + * Require the chain to be non-empty, and at least one module + * in the chain to be successful, so that we don't fail open. + */ + if (err == PAM_SUCCESS && nsuccess < 1) { + openpam_log(PAM_LOG_ERROR, + "all modules were unsuccessful for %s()", + pam_sm_func_name[primitive]); + err = PAM_SYSTEM_ERR; + } + RETURNC(err); } diff --git a/lib/libpam/openpam_strlset.c b/lib/libpam/openpam_strlset.c new file mode 100644 index 000000000000..2f4c4fa7e188 --- /dev/null +++ b/lib/libpam/openpam_strlset.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2011-2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlset.c 807 2014-09-09 09:41:32Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#ifndef HAVE_STRLSET + +#include <stddef.h> + +#include "openpam_strlset.h" + +/* + * like memset(3), but stops at the first NUL byte and NUL-terminates the + * result. Returns the number of bytes that were written, not including + * the terminating NUL. + */ +size_t +openpam_strlset(char *str, int ch, size_t size) +{ + size_t len; + + for (len = 0; *str && size > 1; ++len, --size) + *str++ = ch; + *str = '\0'; + return (++len); +} + +#endif diff --git a/lib/libpam/openpam_strlset.h b/lib/libpam/openpam_strlset.h new file mode 100644 index 000000000000..4bb0bb6404d0 --- /dev/null +++ b/lib/libpam/openpam_strlset.h @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlset.h 807 2014-09-09 09:41:32Z des $ + */ + +#ifndef OPENPAM_STRLSET_H_INCLUDED +#define OPENPAM_STRLSET_H_INCLUDED + +#ifndef HAVE_STRLSET +size_t openpam_strlset(char *, int, size_t); +#undef strlset +#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__) +#endif + +#endif diff --git a/lib/libpam/openpam_ttyconv.c b/lib/libpam/openpam_ttyconv.c index 01e61810ccff..d21320ca7228 100644 --- a/lib/libpam/openpam_ttyconv.c +++ b/lib/libpam/openpam_ttyconv.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ttyconv.c 688 2013-07-11 16:40:08Z des $ + * $Id: openpam_ttyconv.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -55,6 +55,7 @@ #include <security/pam_appl.h> #include "openpam_impl.h" +#include "openpam_strlset.h" int openpam_ttyconv_timeout = 0; @@ -366,7 +367,7 @@ openpam_ttyconv(int n, fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { - memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE); FREE(aresp[i].resp); } } diff --git a/lib/libpam/pam_get_authtok.c b/lib/libpam/pam_get_authtok.c index a0629341c22a..36382f5d8690 100644 --- a/lib/libpam/pam_get_authtok.c +++ b/lib/libpam/pam_get_authtok.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_authtok.c 670 2013-03-17 19:26:07Z des $ + * $Id: pam_get_authtok.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H @@ -48,6 +48,7 @@ #include <security/openpam.h> #include "openpam_impl.h" +#include "openpam_strlset.h" static const char authtok_prompt[] = "Password:"; static const char authtok_prompt_remote[] = "Password for %u@%h:"; @@ -140,16 +141,21 @@ pam_get_authtok(pam_handle_t *pamh, if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) + if (strcmp(resp, resp2) != 0) { + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); + } + strlset(resp2, 0, PAM_MAX_RESP_SIZE); FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); + strlset(resp, 0, PAM_MAX_RESP_SIZE); FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); |