OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
590 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

276 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 7bcd5bb700 Split up the liboath header files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@655 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 14:10:09 +00:00
Dag-Erling Smørgrav 93a9982d45 Link with -lcrypto 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@654 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 19:03:59 +00:00
Dag-Erling Smørgrav 0da2f07cfb PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@649 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:58:33 +00:00
Dag-Erling Smørgrav a9a5497d3f Reorganize: 
- move libpam into lib/libpam
 - move the OATH code into lib/liboath
 - move oath.h into include/security
 - update all pointers


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:49:06 +00:00
Dag-Erling Smørgrav f8a727ec0c Always use openpam_straddch(3) to bootstrap the string, even if we 
have nothing to add to it.  This simplifies the code and fixes a bug
introduced in r553 where the first character in the string would
always be set to '\0', instead of only when bootstrapping.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@636 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:27:35 +00:00
Dag-Erling Smørgrav 75420a1e07 Simplify by using openpam_straddch(3) to bootstrap the string. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@635 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:58 +00:00
Dag-Erling Smørgrav 54d9167cea If ch == '\0', do not grow the string or advance the length counter, 
but do allocate a string if there is none to begin with.  This makes
it possible to use openpam_straddch(3) to preallocate the string (if
necessary) instead of manually calling malloc(3) or calloc(3) and
initializing size and len.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@634 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:10 +00:00
Dag-Erling Smørgrav 08f35bc290 Style nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@631 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 19:41:24 +00:00
Dag-Erling Smørgrav ff9ea1145d PAM_SYSTEM_ERR is permissible here. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@630 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-28 20:13:56 +00:00
Dag-Erling Smørgrav f70250359e Use AM_CPPFLAGS instead of INCLUDES. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@620 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 18:51:10 +00:00
Dag-Erling Smørgrav e15ecfaa9c I seem to have inadvertantly used a non-standard variation of the BSD 
license on code I wrote after the DARPA / NAI contract ended.  Change
all occurrences to the standard license.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@619 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 14:01:42 +00:00
Dag-Erling Smørgrav 2b555bb3d3 Move our strlcat() and strlcpy() implementations into .c files. 
Add asprintf() and vasprintf() for systems that don't have it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@616 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 15:18:16 +00:00
Dag-Erling Smørgrav 709f28793c Forgot to include openpam_cred.h in distribution. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@615 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 14:33:39 +00:00
Dag-Erling Smørgrav 0869153c0b Define struct pam_saved_cred in a separate header. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@613 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-06 11:44:21 +00:00
Dag-Erling Smørgrav d4aebe2ae9 Fix a boneheaded error in the option copying loop that remained undetected 
through months of testing only to show up within hours of release.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@611 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-05-26 22:57:11 +00:00
Dag-Erling Smørgrav 78ab63e094 More code that inexplicably builds on one dev box but not on others. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@607 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:09:37 +00:00
Dag-Erling Smørgrav fe17647fb8 Name include guards consistently. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@606 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:06:38 +00:00
Dag-Erling Smørgrav fcce2d8609 Before committing r594, I shortened the names of certain features, but I 
apparently didn't do it consistently.  For some reason, it built fine on
one of my dev machines, but nowhere else.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@604 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:04:05 +00:00
Dag-Erling Smørgrav be8d8c6c7b Don't forget to distribute openpam_features.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@602 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-15 17:31:15 +00:00
Dag-Erling Smørgrav 56adeeabf3 umm, it's usually a good idea to test before committing. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@601 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 20:37:45 +00:00
Dag-Erling Smørgrav 7ca68ffaec Separate the code that opens and validates the policy file from the code 
that searches for it.  If the service name contains a path separator
character, treat it is a relative or absolute path to the policy file.

This need to be documented either in pam.conf(5) or in pam_start(3) once
the feature mechanism is no longer experimental.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@600 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 16:11:39 +00:00
Dag-Erling Smørgrav 1c59e86945 nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@598 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 15:04:43 +00:00
Dag-Erling Smørgrav 1ca33ae86f Add proper documentation. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@597 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 15:00:10 +00:00
Dag-Erling Smørgrav cf9114a400 Add support for marking a function as deprecated or experimental. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@596 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 14:52:40 +00:00
Dag-Erling Smørgrav 312b5753a5 Add an experimental mechanism for enabling / disabling optional features. 
Use it to control policy and module file checks.  The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@594 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 14:18:41 +00:00
Dag-Erling Smørgrav 4c8082f73d Markup nits 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@588 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-08 11:52:25 +00:00
Dag-Erling Smørgrav 8c5bc6cb91 An escaped newline within a single-quoted string is a literal newline, 
but within a double-quoted string, it is a line continuation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@585 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-07 22:49:12 +00:00
Dag-Erling Smørgrav 3fdf34619c doc nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@579 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-06 01:06:17 +00:00
Dag-Erling Smørgrav 1db36adb17 As previously mentioned, move from 2-clause BSD to 3-clause BSD. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@578 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-06 00:45:59 +00:00
Dag-Erling Smørgrav 03ef7cd64d include openpam_ctype.h in distribution 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@570 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 15:32:53 +00:00
Dag-Erling Smørgrav eea3231ee1 A single space before the section title is OK. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@569 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:38:07 +00:00
Dag-Erling Smørgrav 89e4f8a9e7 Fix authorship 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@568 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:35:53 +00:00
Dag-Erling Smørgrav 3cba749dfe Fix backslashes within single-quoted strings (no escape function) 
Fix line continuation (newline is stripped, not quoted)
Further improve the documentation


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@567 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:32:51 +00:00
Dag-Erling Smørgrav 31950458f5 Add strlcat() for non-BSD systems. 
strlcpy() needs to be static.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@554 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-02 09:46:48 +00:00
Dag-Erling Smørgrav 3052dea7c0 Another bug uncovered by unit tests: 
If the first character encountered is a quote, immediately allocate a
single byte.  This way, if the word we've started reading is actually
an empty quoted string ('' or ""), we correctly return an empty string
instead of NULL.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@553 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 21:04:44 +00:00
Dag-Erling Smørgrav 49a4c1509e Fix a bug detected by the unit tests: to ensure consistent handling of 
trailing whitespace, openpam_readword() should *always* push back the
last character read (which is a no-op in the EOF case).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@550 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 20:45:19 +00:00
Dag-Erling Smørgrav 96357f3c52 Add an openpam_straddch() function that appends a character to a 
string, reallocating the string if necessary.

Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.

Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.

Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.

Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@547 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 15:01:21 +00:00
Dag-Erling Smørgrav d619fcb520 Through oversight, the PAM_LOG_LIBDEBUG case was left out in the 
version of openpam_log() that's actually used.  Internal debugging
messages therefore went to the default case and were logged as errors,
spamming /var/log/messages and the console.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@544 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:47:15 +00:00
Dag-Erling Smørgrav e29b3b276f Even though I now prefer the 2-clause BSD license, for practical 
reasons, it is easier to use the 3-clause BSD license even for new
additions to OpenPAM.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@543 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:11:34 +00:00
Dag-Erling Smørgrav f163a4b9df spelling 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@539 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 20:53:22 +00:00
Dag-Erling Smørgrav 783a383e4b Save errno before calling asprintf(), since asprintf() may touch errno, 
which will cause syslog() to log the wrong error message if the format
string contains %m.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@537 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 16:20:13 +00:00
Dag-Erling Smørgrav 74c787f664 Avoid underflow if *size == 0. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@536 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 15:34:19 +00:00
Dag-Erling Smørgrav 8e881dbdd7 Fix some embarassing typos introduced in the openpam_straddch() cleanup. 
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:55:19 +00:00
Dag-Erling Smørgrav be3bfed604 Clean up and document 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@533 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:25:43 +00:00
Dag-Erling Smørgrav b3a9a4792f Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@532 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:53 +00:00
Dag-Erling Smørgrav 2e479f3c12 Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@531 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:37 +00:00
Dag-Erling Smørgrav 42651f8d9b Add an internal function for appending a character to a dynamically 
allocated string, expanding the string if necessary.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@528 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:34:46 +00:00
Dag-Erling Smørgrav 7d5d2733f5 Rename sigset to the_sigset to avoid shadowing sigset(3). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@527 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:23:59 +00:00
Dag-Erling Smørgrav cf0963e668 Improve error messages by logging the full path of the module we tried 
to load rather than just the module name.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@525 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:45:09 +00:00
Dag-Erling Smørgrav c3d9f63b55 Fix a regression introduced by r487. The count was actually used to 
determine whether to stop searching for a policy.  After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.

While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors.  The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:29:48 +00:00