merge r787,r830-r840,r845,r852-r853: build and packaging improvements

merge r854: silence all cast-qual warnings except in test suite


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/branches/nooath@855 185d5e19-27fe-0310-9dcf-9bff6b9f3609

CREDITS

@@ -21,6 +21,7 @@ ideas:
 	Christos Zoulas <christos@netbsd.org>
 	Daniel Richard G. <skunk@iskunk.org>
 	Darren J. Moffat <darren.moffat@sun.com>
+	Dimitry Andric <dim@freebsd.org>
 	Dmitry V. Levin <ldv@altlinux.org>
 	Don Lewis <truckman@freebsd.org>
 	Emmanuel Dreyfus <manu@netbsd.org>

README

@@ -7,19 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
 Solaris, at the expense of XSSO conformance and Linux-PAM
 compatibility.
 
-These are some of OpenPAM's features:
-
-   - Implements the complete PAM API as described in the original PAM
-     paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
-     except for mappings and secondary authentication.  Also
-     implements some extensions found in Solaris 9.
-
-   - Extends the API with several useful and time-saving functions.
-
-   - Performs strict checking of return values from service modules.
-
-   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
-     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
-     this will be made configurable in a future release.
-
 Please direct bug reports and inquiries to <des@des.no>.

autogen.des

@@ -10,6 +10,19 @@ set -ex
 # autoconf prior to 2.62 has issues with zsh 4.2 and newer
 export CONFIG_SHELL=/bin/sh
 
+# BullseyeCoverage needs to know exactly which compiler we're using
+if [ -z "$CC" -a -z "$CPP" -a -z "$CXX" ] ; then
+	if $(which clang clang++ >/dev/null) ; then
+		export CC=${CC:-clang}
+		export CPP=${CPP:-clang -E}
+		export CXX=${CXX:-clang++}
+	elif $(which gcc g++ >/dev/null) ; then
+		export CC=${CC:-gcc}
+		export CPP=${CPP:-gcc -E}
+		export CXX=${CXX:-g++}
+	fi
+fi
+
 ./configure \
 	--with-doc \
 	--with-pam-unix \

bin/openpam_dump_policy/Makefile.am

@@ -4,4 +4,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/libpam
 
 noinst_PROGRAMS = openpam_dump_policy
 openpam_dump_policy_SOURCES = openpam_dump_policy.c
+if WITH_SYSTEM_LIBPAM
+openpam_dump_policy_LDADD = $(SYSTEM_LIBPAM)
+else
 openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif

bin/pamtest/Makefile.am

@@ -4,6 +4,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = pamtest
 pamtest_SOURCES = pamtest.c
+if WITH_SYSTEM_LIBPAM
+pamtest_LDADD = $(SYSTEM_LIBPAM)
+else
 pamtest_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = pamtest.1

bin/su/Makefile.am

@@ -4,6 +4,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = su
 su_SOURCES = su.c
+if WITH_SYSTEM_LIBPAM
+su_LDADD = $(SYSTEM_LIBPAM)
+else
 su_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = su.1

configure.ac

@@ -79,6 +79,18 @@ AC_ARG_WITH(su,
     [with_su=no])
 AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
 
+AC_ARG_WITH(system-libpam,
+    AC_HELP_STRING([--with-system-libpam], [use system libpam]),
+    [],
+    [with_system_libpam=no])
+AM_CONDITIONAL([WITH_SYSTEM_LIBPAM], [test x"$with_system_libpam" = x"yes"])
+
+AC_ARG_WITH(system-liboath,
+    AC_HELP_STRING([--with-system-liboath], [use system liboath]),
+    [],
+    [with_system_liboath=no])
+AM_CONDITIONAL([WITH_SYSTEM_LIBOATH], [test x"$with_system_liboath" = x"yes"])
+
 AC_CHECK_HEADERS([crypt.h])
 
 AC_CHECK_FUNCS([asprintf vasprintf])
@@ -108,9 +120,23 @@ CRYPTO_LIBS="${LIBS}"
 LIBS="${saved_LIBS}"
 AC_SUBST(CRYPTO_LIBS)
 
+saved_LIBS="${LIBS}"
+LIBS=""
+AC_CHECK_LIB([pam], [pam_start])
+SYSTEM_LIBPAM="${LIBS}"
+LIBS="${saved_LIBS}"
+AC_SUBST(SYSTEM_LIBPAM)
+
+saved_LIBS="${LIBS}"
+LIBS=""
+AC_CHECK_LIB([oath], [oath_key_alloc])
+SYSTEM_LIBOATH="${LIBS}"
+LIBS="${saved_LIBS}"
+AC_SUBST(SYSTEM_LIBOATH)
+
 AC_ARG_ENABLE([developer-warnings],
     AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]),
-    [CFLAGS="${CFLAGS} -Wall -Wextra"])
+    [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"])
 AC_ARG_ENABLE([debugging-symbols],
     AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]),
     [CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
@@ -136,6 +162,5 @@ AC_CONFIG_FILES([
     modules/pam_unix/Makefile
     t/Makefile
 ])
-AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
 AC_CONFIG_FILES([mkpkgng],[chmod +x mkpkgng])
 AC_OUTPUT

doc/man/Makefile.am

@@ -65,6 +65,10 @@ EXTRA_DIST = openpam.man pam.man
 
 ALLCMAN = $(PMAN) $(MMAN) $(OMAN)
 GENMAN = $(ALLCMAN) openpam.3 pam.3
+endif
+
+ALLCMAN = $(PAMCMAN) $(OATHCMAN)
+GENMAN = $(ALLCMAN) $(PAMXMAN) $(OATHXMAN)
 
 dist_man3_MANS = $(GENMAN) pam_conv.3
 
@@ -75,6 +79,7 @@ CLEANFILES = $(GENMAN)
 GENDOC = $(top_srcdir)/misc/gendoc.pl
 
 LIBSRCDIR = $(top_srcdir)/lib/libpam
+endif
 
 VPATH = $(LIBSRCDIR) $(srcdir)
 

lib/Makefile.am

@@ -1,3 +1,7 @@
 # $Id$
 
-SUBDIRS = libpam
+SUBDIRS =
+
+if !WITH_SYSTEM_LIBPAM
+SUBDIRS += libpam
+endif

lib/libpam/Makefile.am

@@ -79,8 +79,8 @@ libpam_la_SOURCES = \
 	pam_vprompt.c \
 	$(NULL)
 
-libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
-libpam_la_LIBADD = @DL_LIBS@
+libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
+libpam_la_LIBADD = $(DL_LIBS)
 
 EXTRA_DIST = \
 	pam_authenticate_secondary.c \

lib/libpam/openpam_dispatch.c

@@ -117,7 +117,7 @@ openpam_dispatch(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
 			    pam_sm_func_name[primitive], chain->module->path);
 			r = (chain->module->func[primitive])(pamh, flags,
-			    chain->optc, (const char **)chain->optv);
+			    chain->optc, (const char **)(intptr_t)chain->optv);
 			pamh->current = NULL;
 			openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
 			    chain->module->path, pam_sm_func_name[primitive],

lib/libpam/openpam_load.c

@@ -84,6 +84,7 @@ openpam_load_module(const char *modulename)
 static void
 openpam_release_module(pam_module_t *module)
 {
+
 	if (module == NULL)
 		return;
 	if (module->dlh == NULL)
@@ -104,6 +105,7 @@ openpam_release_module(pam_module_t *module)
 static void
 openpam_destroy_chain(pam_chain_t *chain)
 {
+
 	if (chain == NULL)
 		return;
 	openpam_destroy_chain(chain->next);

misc/gendoc.pl

@@ -292,7 +292,7 @@ sub parse_source($) {
 	}
 	s/\s*=($func)\b\s*/\n.Fn $1\n/gs;
 	s/\s*=($argnames)\b\s*/\n.Fa $1\n/gs;
-	s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs;
+	s/\s*=((?:enum|struct|union) \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs;
 	s/\s*:([a-z][0-9a-z_]+)\b\s*/\n.Va $1\n/gs;
 	s/\s*;([a-z][0-9a-z_]+)\b\s*/\n.Dv $1\n/gs;
 	s/\s*=!([a-z][0-9a-z_]+)\b\s*/\n.Xr $1 3\n/gs;

mkpkgng.in

@@ -61,8 +61,6 @@ yesno() {
 # Locate source and build directory
 #
 srcdir="@abs_top_srcdir@"
-[ -f "$srcdir/include/security/openpam.h" ] || \
-    error "Unable to locate source directory."
 builddir="@abs_top_builddir@"
 cd "$srcdir"
 
@@ -83,7 +81,8 @@ if ! expr "$version" : "[0-9]{1,}$" >/dev/null ; then
 	svnversion="$(svnversion 2>&1)"
 	svnversion=$(expr "$svnversion" : '\([0-9][0-9]*\)[A-Z]\{0,1\}$')
 	if [ -n "$svnversion" ] ; then
-		version="$version-r${svnversion}"
+		package="$package-$version"
+		version="r$svnversion"
 	fi
 fi
 
@@ -114,6 +113,21 @@ set -e
 info "Installing into the temporary directory."
 $make install DESTDIR="$tmproot"
 
+#
+# Compress man pages
+#
+find $tmproot -type d -name 'man[0-9]' |
+while read mandir ; do
+	find $mandir -type f -name '*.[0-9]' |
+	while read manpage ; do
+		gzip "$manpage"
+	done
+	find $mandir -type l -name '*.[0-9]' |
+	while read manlink ; do
+		ln -s "$(readlink $manlink).gz" "$manlink.gz"
+	done
+done
+
 #
 # Generate stub manifest
 #
@@ -128,30 +142,27 @@ arch: $pkgabi
 www: @PACKAGE_URL@
 maintainer: @PACKAGE_BUGREPORT@
 prefix: @prefix@
-desc:
-  OpenPAM is an open source PAM library that focuses on simplicity,
-  correctness, and cleanliness.
-  
-  OpenPAM aims to gather the best features of Solaris PAM, XSSO and
-  Linux-PAM, plus some innovations of its own.  In areas where these
-  implementations disagree, OpenPAM tries to remain compatible with
-  Solaris, at the expense of XSSO conformance and Linux-PAM
-  compatibility.
-categories: local, security
+categories: [ local, security ]
 EOF
+cp "$srcdir/README" "$tmproot/+DESC"
 
 #
 # Generate file list
 #
 info "Generating the file list."
 (
-	echo "files:"
-	find -s "$tmproot" -type f | while read file ; do
-		[ "$file" = "$manifest" ] && continue
+	echo "files: {"
+	find -s "$tmproot@prefix@" -type f -or -type l | while read file ; do
+		case $file in
+		*.la)
+			continue
+			;;
+		esac
 		mode=$(stat -f%p "$file" | cut -c 3-)
 		file="${file#$tmproot}"
 		echo "  $file: { uname: root, gname: wheel, perm: $mode }"
 	done
+	echo "}"
 )>>"$manifest"
 
 #

modules/pam_deny/Makefile.am

@@ -1,7 +1,7 @@
 # $Id$
 
 if CUSTOM_MODULES_DIR
-moduledir = @OPENPAM_MODULES_DIR@
+moduledir = $(OPENPAM_MODULES_DIR)
 else
 moduledir = $(libdir)
 endif
@@ -10,6 +10,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 module_LTLIBRARIES = pam_deny.la
 
 pam_deny_la_SOURCES = pam_deny.c
-pam_deny_la_LDFLAGS = -no-undefined -module -version-info @LIB_MAJ@ \
+pam_deny_la_LDFLAGS = -no-undefined -module -version-info $(LIB_MAJ) \
 	-export-symbols-regex '^pam_sm_'
+if WITH_SYSTEM_LIBPAM
+pam_deny_la_LIBADD = $(SYSTEM_LIBPAM)
+else
 pam_deny_la_LIBADD = $(top_builddir)/lib/libpam/libpam.la
+endif

modules/pam_permit/Makefile.am

@@ -1,7 +1,7 @@
 # $Id$
 
 if CUSTOM_MODULES_DIR
-moduledir = @OPENPAM_MODULES_DIR@
+moduledir = $(OPENPAM_MODULES_DIR)
 else
 moduledir = $(libdir)
 endif
@@ -10,6 +10,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 module_LTLIBRARIES = pam_permit.la
 
 pam_permit_la_SOURCES = pam_permit.c
-pam_permit_la_LDFLAGS = -no-undefined -module -version-info @LIB_MAJ@ \
+pam_permit_la_LDFLAGS = -no-undefined -module -version-info $(LIB_MAJ) \
 	-export-symbols-regex '^pam_sm_'
+if WITH_SYSTEM_LIBPAM
+pam_permit_la_LIBADD = $(SYSTEM_LIBPAM)
+else
 pam_permit_la_LIBADD = $(top_builddir)/lib/libpam/libpam.la
+endif

modules/pam_unix/Makefile.am

@@ -1,7 +1,7 @@
 # $Id$
 
 if CUSTOM_MODULES_DIR
-moduledir = @OPENPAM_MODULES_DIR@
+moduledir = $(OPENPAM_MODULES_DIR)
 else
 moduledir = $(libdir)
 endif
@@ -10,6 +10,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 module_LTLIBRARIES = pam_unix.la
 
 pam_unix_la_SOURCES = pam_unix.c
-pam_unix_la_LDFLAGS = -no-undefined -module -version-info @LIB_MAJ@ \
+pam_unix_la_LDFLAGS = -no-undefined -module -version-info $(LIB_MAJ) \
 	-export-symbols-regex '^pam_sm_'
-pam_unix_la_LIBADD = $(top_builddir)/lib/libpam/libpam.la @CRYPT_LIBS@
+if WITH_SYSTEM_LIBPAM
+pam_unix_la_LIBADD = $(SYSTEM_LIBPAM)
+else
+pam_unix_la_LIBADD = $(top_builddir)/lib/libpam/libpam.la $(CRYPT_LIBS)
+endif

modules/pam_unix/pam_unix.c

@@ -74,7 +74,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 #endif
 	struct passwd *pwd;
 	const char *user;
-	char *crypt_password, *password;
+	const char *crypt_password, *password;
 	int pam_err, retry;
 
 	(void)argc;
@@ -98,7 +98,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	for (retry = 0; retry < 3; ++retry) {
 #ifdef OPENPAM
 		pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
-		    (const char **)&password, NULL);
+		    &password, NULL);
 #else
 		resp = NULL;
 		pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);

pamgdb.in

@@ -1,41 +0,0 @@
-#!/bin/sh
-#
-# $Id$
-#
-
-srcdir="@abs_top_srcdir@"
-builddir="@abs_top_builddir@"
-
-# Make sure we get the right version of libpam
-pam_libdir="${builddir}/lib/.libs"
-LD_LIBRARY_PATH="${pam_libdir}:${LD_LIBRARY_PATH}"
-LD_LIBRARY_PATH="${LD_LIBRARY_PATH%:}"
-export LD_LIBRARY_PATH
-
-# DWIM, assuming that the first positional argument is the name of the
-# program to debug rather than a gdb option.
-prog="$1"
-if expr "${prog}" : ".*/.*" >/dev/null ; then
-	# The first argument is an absolute or relative path.  There
-	# is a good chance that it points to the wrapper script
-	# generated by libtool rather than the actual binary.
-	altprog="${prog%/*}/.libs/${prog##*/}"
-	if [ -x "${altprog}" ] ; then
-		shift
-		set "${altprog}" "$@"
-	fi
-elif expr "${prog}" : "[a-z.-][a-z.-]*" >/dev/null ; then
-	# The first argument is just the name of the program.  Look for
-	# it in the build directory.
-	for libdir in $(find "${builddir}" -type d -name .libs -print) ; do
-		altprog="${libdir}/${prog}"
-		if [ -x "${altprog}" ] ; then
-			shift
-			set "${altprog}" "$@"
-			break
-		fi
-	done
-fi
-
-# Let's go!
-exec gdb "$@"

t/Makefile.am

@@ -16,4 +16,9 @@ check_LIBRARIES = libt.a
 libt_a_SOURCES = t_main.c t_file.c
 
 # link with libpam and libt
-LDADD = libt.a $(top_builddir)/lib/libpam/libpam.la
+LDADD = libt.a
+if WITH_SYSTEM_LIBPAM
+LDADD += $(SYSTEM_LIBPAM)
+else
+LDADD += $(top_builddir)/lib/libpam/libpam.la
+endif

t/t_openpam_ctype.c

@@ -94,7 +94,7 @@ T_OC(pfcs)
  * Boilerplate
  */
 
-const struct t_test *t_plan[] = {
+static const struct t_test *t_plan[] = {
 	T(t_oc_digit),
 	T(t_oc_xdigit),
 	T(t_oc_upper),

t/t_openpam_readlinev.c

@@ -223,6 +223,20 @@ T_FUNC(whitespace_before_comment, "whitespace before comment")
 	return (ret);
 }
 
+T_FUNC(line_continuation_within_whitespace, "line continuation within whitespace")
+{
+	struct t_file *tf;
+	int ret;
+
+	tf = t_fopen(NULL);
+	t_fprintf(tf, "%s \\\n %s\n", hello_world[0], hello_world[1]);
+	t_frewind(tf);
+	ret = orlv_expect(tf, hello_world, 2 /*lines*/, 0 /*eof*/) &&
+	    orlv_expect(tf, NULL, 0 /*lines*/, 1 /*eof*/);
+	t_fclose(tf);
+	return (ret);
+}
+
 
 /***************************************************************************
  * Simple words
@@ -288,13 +302,14 @@ T_FUNC(unterminated_line, "unterminated line")
  * Boilerplate
  */
 
-const struct t_test *t_plan[] = {
+static const struct t_test *t_plan[] = {
 	T(empty_input),
 	T(empty_line),
 	T(unterminated_empty_line),
 	T(whitespace),
 	T(comment),
 	T(whitespace_before_comment),
+	T(line_continuation_within_whitespace),
 
 	T(one_word),
 	T(two_words),

t/t_openpam_readword.c

@@ -895,9 +895,10 @@ T_FUNC(line_continuation_within_whitespace, "line continuation within whitespace
 	int ret;
 
 	tf = t_fopen(NULL);
-	t_fprintf(tf, " \\\n \n");
+	t_fprintf(tf, "hello \\\n world\n");
 	t_frewind(tf);
-	ret = orw_expect(tf, NULL, 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+	ret = orw_expect(tf, "hello", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+	    orw_expect(tf, "world", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
 	t_fclose(tf);
 	return (ret);
 }
@@ -908,10 +909,10 @@ T_FUNC(line_continuation_before_whitespace, "line continuation before whitespace
 	int ret;
 
 	tf = t_fopen(NULL);
-	t_fprintf(tf, "xyzzy\\\n \n");
+	t_fprintf(tf, "hello\\\n world\n");
 	t_frewind(tf);
-	ret = orw_expect(tf, "xyzzy", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
-	    orw_expect(tf, NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+	ret = orw_expect(tf, "hello", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+	    orw_expect(tf, "world", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
 	t_fclose(tf);
 	return (ret);
 }
@@ -922,9 +923,10 @@ T_FUNC(line_continuation_after_whitespace, "line continuation after whitespace")
 	int ret;
 
 	tf = t_fopen(NULL);
-	t_fprintf(tf, " \\\nxyzzy\n");
+	t_fprintf(tf, "hello \\\nworld\n");
 	t_frewind(tf);
-	ret = orw_expect(tf, "xyzzy", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+	ret = orw_expect(tf, "hello", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+	    orw_expect(tf, "world", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
 	t_fclose(tf);
 	return (ret);
 }
@@ -935,9 +937,9 @@ T_FUNC(line_continuation_within_word, "line continuation within word")
 	int ret;
 
 	tf = t_fopen(NULL);
-	t_fprintf(tf, "xyz\\\nzy\n");
+	t_fprintf(tf, "hello\\\nworld\n");
 	t_frewind(tf);
-	ret = orw_expect(tf, "xyzzy", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+	ret = orw_expect(tf, "helloworld", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
 	t_fclose(tf);
 	return (ret);
 }
@@ -947,7 +949,7 @@ T_FUNC(line_continuation_within_word, "line continuation within word")
  * Boilerplate
  */
 
-const struct t_test *t_plan[] = {
+static const struct t_test *t_plan[] = {
 	T(empty_input),
 	T(empty_line),
 	T(unterminated_line),