OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
836 Commits 3 Branches 10 Tags 1.9 MiB
Commit Graph

370 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 2efb7c4b01 Support (but ignore, for now) the issuer parameter. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@777 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 13:08:14 +00:00
Dag-Erling Smørgrav 75a6073d2c Encoder: 
- Return the desired length when the buffer is too small.

 - Annotate the switch so Bullseye doesn't complain about an uncovered
   default case.

Decoder:

 - The table approach was a good idea, but there was no way to tell the
   difference between a character that decodes as 0 and an invalid
   character.  Modify the tables so an invalid character is indicated
   by 0xff instead of 0x00.

 - Check that padding starts in a valid position.  Note that we still
   don't check for left-over bits.

 - The overflow test always failed, because we set *olen = len before
   comparing them.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@776 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 12:48:48 +00:00
Dag-Erling Smørgrav 183cc6d511 The dummy constants have moved to oath_constants.h. 
Add annotation macros for coverage analysis.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@774 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:51:08 +00:00
Dag-Erling Smørgrav 01809a1b48 Switch from uint8_t to char. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@772 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-09 11:45:05 +00:00
Dag-Erling Smørgrav 17144e7a5f Replace base{32,64}_decode() with table-driven implementations. The new 
code is less strict about padding, thus ensuring compatibility with
implementations which do not understand padding, such as MIME::Base32.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@771 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 17:54:58 +00:00
Dag-Erling Smørgrav 4645bc1762 Fix base{32,64}_decode(). The former handled padding incorrectly; the 
latter was derived from the former, and had a couple of copy-paste bugs
in addition to the padding bug.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@770 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-03-06 12:35:47 +00:00
Dag-Erling Smørgrav c7457cff15 Fix a bug in the is_upper() macro. 
Submitted by:	Larry Baird <lab@gta.com>


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@761 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-02-26 16:23:22 +00:00
Dag-Erling Smørgrav 9e9207fd5d Add is_xdigit() predicate. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@759 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-24 13:44:34 +00:00
Dag-Erling Smørgrav 3d0d4da447 Factor out and document oath_key_from_uri(). 
Implement percent-decoding of the key label.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@758 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-23 20:19:54 +00:00
Dag-Erling Smørgrav aec3988b2f Bump copyright 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@757 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-23 20:17:41 +00:00
Dag-Erling Smørgrav e8cd86aade - The key length is in bytes, not bits, so the correct default is 20 
and not 160 (which would actually overflow).  This should probably
  be a macro.
- Implement random key generation using OpenSSL's RAND_bytes(3).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@755 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-22 15:12:15 +00:00
Dag-Erling Smørgrav aa338bce81 Add oath_key_create(3) which creates an OATH key from scratch. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@752 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2014-01-20 10:47:10 +00:00
Dag-Erling Smørgrav 7b4ce30d8e Currently, openpam_policy_path is a hardcoded array of short strings, and 
filename is much larger than it needs to be.  However, this might not be
the case in the future.  To be safe, add a length check after strlcpy().
This should silence a Coverity warning about possible array overflow.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@745 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-21 23:22:48 +00:00
Dag-Erling Smørgrav 914a5b3708 caught_signal should be static; gcc doesn't seem to mind, whereas some 
clang versions (but not all) complain.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@742 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-09-07 19:25:57 +00:00
Dag-Erling Smørgrav ac8841d2bd Support storing the non-standard lastused parameter in a key URI. 
Also fix some default values.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@730 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-21 15:32:54 +00:00
Dag-Erling Smørgrav 0446934acb Keep track of when a TOTP key was last used and prevent reuse of the same 
sequence number.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@729 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-21 15:32:14 +00:00
Dag-Erling Smørgrav 3b992508b8 Use a dummy bit in the key structure instead of relying on the label. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@726 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-21 15:14:02 +00:00
Dag-Erling Smørgrav 01d54c2924 Use the defined constant. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@725 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-21 15:10:31 +00:00
Dag-Erling Smørgrav efa93c4a5f Don't log the text we read, it may contain sensitive information (such 
as an OATH OTP key, since liboath uses openpam_readline() to read the
keyfile)


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@703 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-16 11:57:54 +00:00
Dag-Erling Smørgrav 929ddb1bc3 Fixed flipped condition. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@699 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 17:15:35 +00:00
Dag-Erling Smørgrav fe081dbbfc Unfortunately, Linux doesn't have MAP_NOCORE. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@696 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 16:00:41 +00:00
Dag-Erling Smørgrav 88a91c2d02 Rename oath_dummy_key() to oath_key_dummy() and move it into its own file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@694 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:23:58 +00:00
Dag-Erling Smørgrav 066e2b91ff Record the last successful use of a TOTP key. Also add commented-out 
logic to prevent reuse of the same code or an earlier code within the
window, and make some minor type adjustments.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@693 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 15:21:31 +00:00
Dag-Erling Smørgrav 5847a34802 The --with-modules-dir configure option never quite worked, and became 
even more badly broken when the dynamic loader was rewritten in March.
Reimplement it the way it was always meant to work (but never did):

If --with-modules-dir was specified, modules will be installed in that
directory and the dynamic loader will look for them there.  If it was
not specified, modules will be installed in libdir and the dynamic
loader will use the standard search path (/usr/lib:/usr/local/lib).  In
both cases, a policy file can still name a module by its full path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@690 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-08-15 13:22:51 +00:00
Dag-Erling Smørgrav c9387115d9 Factor out oath_key_{alloc,free}() and implement wiring / locking. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@689 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-12 10:47:14 +00:00
Dag-Erling Smørgrav c05b6dd046 INFTIM is a BSDism; use -1 instead. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@688 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:40:08 +00:00
Dag-Erling Smørgrav 93d104bfd6 Reimplement, hopefully with marginally fewer bugs. There is an 
unfortunate amount of code duplication between the tty and non-tty
paths, but the alternative is greatly increased complexity.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@687 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:37:25 +00:00
Dag-Erling Smørgrav 3a53d5117b Document that openpam_log(3) saves and restores errno(2). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@686 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-07-11 16:36:02 +00:00
Dag-Erling Smørgrav 3ab09a4f26 OPENPAM_DEBUG (--enable-debug) has a double action: it enables the 
debugging macros, and sets the initial value of openpam_debug to 1.
This effectively gives the user a choice between no debugging at all,
or drowning in debugging messages from every part of the system.

Assuming that the primary use case for debugging is to allow admins to
troubleshoot their policies by adding the debug option to selected
pam.conf entries, remove the initialization of openpam_debug to 1.
This allows integrators to ship OpenPAM with OPENPAM_DEBUG defined
without spamming /var/log.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@684 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 15:44:32 +00:00
Dag-Erling Smørgrav a43b9256fc Log an error if open() failed for any other reason than ENOENT. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@683 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:49:59 +00:00
Dag-Erling Smørgrav 70d5d18643 Initialize has_ver and has_so to false, not true. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@682 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:48:29 +00:00
Dag-Erling Smørgrav 2fc7038ca4 Always restore errno before returning from openpam_log(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@681 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-04-14 14:36:05 +00:00
Dag-Erling Smørgrav 9f6bdd74f4 Clean up and simplify dummy key handling. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@679 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:38:58 +00:00
Dag-Erling Smørgrav 7da9af6602 Set a reasonable, hard limit on label length. This removes the need for 
a variable-length key structure (to accommodate a variable-length label)
and vastly simplifies key parsing.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@678 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-18 21:34:29 +00:00
Dag-Erling Smørgrav c1df418c6f comment nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@674 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 20:04:24 +00:00
Dag-Erling Smørgrav 794601a544 Make the .so suffix optional, so these three lines are now equivalent: 
auth	required	pam_unix.so.2	try_first_pass
auth	required	pam_unix.so	try_first_pass
auth	required	pam_unix	try_first_pass


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@672 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:42:33 +00:00
Dag-Erling Smørgrav d4ab77b35c Document the effect of module options (echo_pass, *_prompt etc) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@670 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 19:26:07 +00:00
Dag-Erling Smørgrav 32d5e093bd Remove unneeded #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@667 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:24:00 +00:00
Dag-Erling Smørgrav 3353ad06ce Add predicates for letters and digits. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@666 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 14:22:17 +00:00
Dag-Erling Smørgrav 0f25be4e42 unbreak static linking 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@664 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-17 10:56:15 +00:00
Dag-Erling Smørgrav 567ecaa2af Clean up the dynamic module loading code, and add support for the 
module path which was added in r695.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@662 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 16:33:27 +00:00
Dag-Erling Smørgrav 2b8f7a6154 nit: the argument is a module name, which may or may not be a path. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@661 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:44:22 +00:00
Dag-Erling Smørgrav fe2e691204 Use dlfunc() if available; if not, fake it in terms of dlsym(). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@660 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 15:08:52 +00:00
Dag-Erling Smørgrav 785bc19867 Move openpam_policy_path into openpam_constants.c, and add a corresponding 
openpam_module_path.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@659 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-11 14:10:13 +00:00
Dag-Erling Smørgrav 7bcd5bb700 Split up the liboath header files. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@655 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-06 14:10:09 +00:00
Dag-Erling Smørgrav 93a9982d45 Link with -lcrypto 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@654 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 19:03:59 +00:00
Dag-Erling Smørgrav 0da2f07cfb PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@649 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:58:33 +00:00
Dag-Erling Smørgrav a9a5497d3f Reorganize: 
- move libpam into lib/libpam
 - move the OATH code into lib/liboath
 - move oath.h into include/security
 - update all pointers


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-05 17:49:06 +00:00
Dag-Erling Smørgrav f8a727ec0c Always use openpam_straddch(3) to bootstrap the string, even if we 
have nothing to add to it.  This simplifies the code and fixes a bug
introduced in r553 where the first character in the string would
always be set to '\0', instead of only when bootstrapping.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@636 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:27:35 +00:00
Dag-Erling Smørgrav 75420a1e07 Simplify by using openpam_straddch(3) to bootstrap the string. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@635 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:58 +00:00
Dag-Erling Smørgrav 54d9167cea If ch == '\0', do not grow the string or advance the length counter, 
but do allocate a string if there is none to begin with.  This makes
it possible to use openpam_straddch(3) to preallocate the string (if
necessary) instead of manually calling malloc(3) or calloc(3) and
initializing size and len.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@634 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 23:23:10 +00:00
Dag-Erling Smørgrav 08f35bc290 Style nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@631 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-03-03 19:41:24 +00:00
Dag-Erling Smørgrav ff9ea1145d PAM_SYSTEM_ERR is permissible here. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@630 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-28 20:13:56 +00:00
Dag-Erling Smørgrav f70250359e Use AM_CPPFLAGS instead of INCLUDES. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@620 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 18:51:10 +00:00
Dag-Erling Smørgrav e15ecfaa9c I seem to have inadvertantly used a non-standard variation of the BSD 
license on code I wrote after the DARPA / NAI contract ended.  Change
all occurrences to the standard license.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@619 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2013-02-24 14:01:42 +00:00
Dag-Erling Smørgrav 2b555bb3d3 Move our strlcat() and strlcpy() implementations into .c files. 
Add asprintf() and vasprintf() for systems that don't have it.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@616 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 15:18:16 +00:00
Dag-Erling Smørgrav 709f28793c Forgot to include openpam_cred.h in distribution. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@615 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-07 14:33:39 +00:00
Dag-Erling Smørgrav 0869153c0b Define struct pam_saved_cred in a separate header. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@613 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-08-06 11:44:21 +00:00
Dag-Erling Smørgrav d4aebe2ae9 Fix a boneheaded error in the option copying loop that remained undetected 
through months of testing only to show up within hours of release.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@611 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-05-26 22:57:11 +00:00
Dag-Erling Smørgrav 78ab63e094 More code that inexplicably builds on one dev box but not on others. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@607 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:09:37 +00:00
Dag-Erling Smørgrav fe17647fb8 Name include guards consistently. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@606 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:06:38 +00:00
Dag-Erling Smørgrav fcce2d8609 Before committing r594, I shortened the names of certain features, but I 
apparently didn't do it consistently.  For some reason, it built fine on
one of my dev machines, but nowhere else.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@604 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-20 11:04:05 +00:00
Dag-Erling Smørgrav be8d8c6c7b Don't forget to distribute openpam_features.h. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@602 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-15 17:31:15 +00:00
Dag-Erling Smørgrav 56adeeabf3 umm, it's usually a good idea to test before committing. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@601 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 20:37:45 +00:00
Dag-Erling Smørgrav 7ca68ffaec Separate the code that opens and validates the policy file from the code 
that searches for it.  If the service name contains a path separator
character, treat it is a relative or absolute path to the policy file.

This need to be documented either in pam.conf(5) or in pam_start(3) once
the feature mechanism is no longer experimental.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@600 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 16:11:39 +00:00
Dag-Erling Smørgrav 1c59e86945 nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@598 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 15:04:43 +00:00
Dag-Erling Smørgrav 1ca33ae86f Add proper documentation. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@597 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 15:00:10 +00:00
Dag-Erling Smørgrav cf9114a400 Add support for marking a function as deprecated or experimental. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@596 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 14:52:40 +00:00
Dag-Erling Smørgrav 312b5753a5 Add an experimental mechanism for enabling / disabling optional features. 
Use it to control policy and module file checks.  The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@594 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-14 14:18:41 +00:00
Dag-Erling Smørgrav 4c8082f73d Markup nits 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@588 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-08 11:52:25 +00:00
Dag-Erling Smørgrav 8c5bc6cb91 An escaped newline within a single-quoted string is a literal newline, 
but within a double-quoted string, it is a line continuation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@585 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-07 22:49:12 +00:00
Dag-Erling Smørgrav 3fdf34619c doc nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@579 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-06 01:06:17 +00:00
Dag-Erling Smørgrav 1db36adb17 As previously mentioned, move from 2-clause BSD to 3-clause BSD. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@578 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-06 00:45:59 +00:00
Dag-Erling Smørgrav 03ef7cd64d include openpam_ctype.h in distribution 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@570 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 15:32:53 +00:00
Dag-Erling Smørgrav eea3231ee1 A single space before the section title is OK. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@569 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:38:07 +00:00
Dag-Erling Smørgrav 89e4f8a9e7 Fix authorship 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@568 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:35:53 +00:00
Dag-Erling Smørgrav 3cba749dfe Fix backslashes within single-quoted strings (no escape function) 
Fix line continuation (newline is stripped, not quoted)
Further improve the documentation


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@567 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-05 14:32:51 +00:00
Dag-Erling Smørgrav 31950458f5 Add strlcat() for non-BSD systems. 
strlcpy() needs to be static.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@554 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-02 09:46:48 +00:00
Dag-Erling Smørgrav 3052dea7c0 Another bug uncovered by unit tests: 
If the first character encountered is a quote, immediately allocate a
single byte.  This way, if the word we've started reading is actually
an empty quoted string ('' or ""), we correctly return an empty string
instead of NULL.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@553 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 21:04:44 +00:00
Dag-Erling Smørgrav 49a4c1509e Fix a bug detected by the unit tests: to ensure consistent handling of 
trailing whitespace, openpam_readword() should *always* push back the
last character read (which is a no-op in the EOF case).


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@550 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 20:45:19 +00:00
Dag-Erling Smørgrav 96357f3c52 Add an openpam_straddch() function that appends a character to a 
string, reallocating the string if necessary.

Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.

Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.

Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.

Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@547 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-04-01 15:01:21 +00:00
Dag-Erling Smørgrav d619fcb520 Through oversight, the PAM_LOG_LIBDEBUG case was left out in the 
version of openpam_log() that's actually used.  Internal debugging
messages therefore went to the default case and were logged as errors,
spamming /var/log/messages and the console.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@544 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:47:15 +00:00
Dag-Erling Smørgrav e29b3b276f Even though I now prefer the 2-clause BSD license, for practical 
reasons, it is easier to use the 3-clause BSD license even for new
additions to OpenPAM.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@543 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:11:34 +00:00
Dag-Erling Smørgrav f163a4b9df spelling 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@539 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 20:53:22 +00:00
Dag-Erling Smørgrav 783a383e4b Save errno before calling asprintf(), since asprintf() may touch errno, 
which will cause syslog() to log the wrong error message if the format
string contains %m.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@537 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 16:20:13 +00:00
Dag-Erling Smørgrav 74c787f664 Avoid underflow if *size == 0. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@536 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 15:34:19 +00:00
Dag-Erling Smørgrav 8e881dbdd7 Fix some embarassing typos introduced in the openpam_straddch() cleanup. 
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:55:19 +00:00
Dag-Erling Smørgrav be3bfed604 Clean up and document 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@533 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:25:43 +00:00
Dag-Erling Smørgrav b3a9a4792f Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@532 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:53 +00:00
Dag-Erling Smørgrav 2e479f3c12 Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@531 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:37 +00:00
Dag-Erling Smørgrav 42651f8d9b Add an internal function for appending a character to a dynamically 
allocated string, expanding the string if necessary.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@528 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:34:46 +00:00
Dag-Erling Smørgrav 7d5d2733f5 Rename sigset to the_sigset to avoid shadowing sigset(3). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@527 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:23:59 +00:00
Dag-Erling Smørgrav cf0963e668 Improve error messages by logging the full path of the module we tried 
to load rather than just the module name.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@525 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:45:09 +00:00
Dag-Erling Smørgrav c3d9f63b55 Fix a regression introduced by r487. The count was actually used to 
determine whether to stop searching for a policy.  After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.

While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors.  The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:29:48 +00:00
Dag-Erling Smørgrav 88a6cda1a1 Reluctantly document PAM_LOG_LIBDEBUG. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@523 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:15:24 +00:00
Dag-Erling Smørgrav b616ada557 Add another log level, PAM_LOG_LIBDEBUG, with a negative priority. It 
is currently equivalent to PAM_LOG_DEBUG, and is used only by the
library call tracing macros (ENTER*() and RETURN*()).  It should
eventually replace PAM_LOG_DEBUG throughout the library, except
perhaps for a few particularly interesting messages; PAM_LOG_DEBUG
will be reserved for modules.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@522 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:13:25 +00:00
Dag-Erling Smørgrav df3d585d08 Reduce log spam. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@521 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:03:18 +00:00
Dag-Erling Smørgrav 34c9fb6fd3 Only call dlerror() after dlsym() failed. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@520 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 23:57:31 +00:00
Dag-Erling Smørgrav 31e9142afc Verify that the target is a regular file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@519 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 23:50:03 +00:00
Dag-Erling Smørgrav 8c2f4c74b7 Use fdlopen(3) if it is available. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@516 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:26:34 +00:00