4063fef039Start writing unit tests for openpam_readlinev(). One of them fails, but I can't quite decide whether the code or the test is incorrect.
Dag-Erling Smørgrav
2012-04-03 20:13:38 +0000
28f7487e06This was actually a bad idea, because the test might produce warning or error messages that are shorter than what we printed.
Dag-Erling Smørgrav
2012-04-02 21:43:59 +0000
e9c697feb5In verbose mode, output the number and name of each test to stderr before running it. End it with a carriage return so that any actual output will overwrite it.
Dag-Erling Smørgrav
2012-04-02 09:59:53 +0000
3a2fec89e2Get rid of BSDisms
Dag-Erling Smørgrav
2012-04-02 09:54:09 +0000
31950458f5Add strlcat() for non-BSD systems. strlcpy() needs to be static.
Dag-Erling Smørgrav
2012-04-02 09:46:48 +0000
3052dea7c0Another bug uncovered by unit tests:
Dag-Erling Smørgrav
2012-04-01 21:04:44 +0000
9a14604cd2Start adding test cases involving quotes. The first two I could think of both fail...
Dag-Erling Smørgrav
2012-04-01 20:59:45 +0000
81455d2603Rename some tests, and test single and multiple whitespace separately.
Dag-Erling Smørgrav
2012-04-01 20:52:41 +0000
49a4c1509eFix a bug detected by the unit tests: to ensure consistent handling of trailing whitespace, openpam_readword() should *always* push back the last character read (which is a no-op in the EOF case).
Dag-Erling Smørgrav
2012-04-01 20:45:19 +0000
d7708b3ae5Always build and run the tests last so the results are more easily visible in the scrollback or build log.
Dag-Erling Smørgrav
2012-04-01 20:38:30 +0000
2baadb71eeAdd a handful of unit tests for openpam_readword(3). Note that one of them currently fails...
Dag-Erling Smørgrav
2012-04-01 20:34:59 +0000
96357f3c52Add an openpam_straddch() function that appends a character to a string, reallocating the string if necessary.
Dag-Erling Smørgrav
2012-04-01 15:01:21 +0000
54b6b546ddUpdate year
Dag-Erling Smørgrav
2012-03-31 23:13:20 +0000
8121567cf6More cases in which Fn should be used instead of Nm.
Dag-Erling Smørgrav
2012-03-31 23:12:54 +0000
d619fcb520Through oversight, the PAM_LOG_LIBDEBUG case was left out in the version of openpam_log() that's actually used. Internal debugging messages therefore went to the default case and were logged as errors, spamming /var/log/messages and the console.
Dag-Erling Smørgrav
2012-03-31 22:47:15 +0000
e29b3b276fEven though I now prefer the 2-clause BSD license, for practical reasons, it is easier to use the 3-clause BSD license even for new additions to OpenPAM.
Dag-Erling Smørgrav
2012-03-31 22:11:34 +0000
9857b1c9eaAdd support for custom sections, including a custom RETURN VALUES section which suppresses the auto-generated one.
Dag-Erling Smørgrav
2012-03-31 21:16:40 +0000
10215cdd1eOnly pull up punctuation which is followed by whitespace.
Dag-Erling Smørgrav
2012-03-31 21:15:44 +0000
98687ed638Use ".Fn foo" instead of ".Nm" for function names.
Dag-Erling Smørgrav
2012-03-31 20:53:50 +0000
103857f3c9Short program that converts a PAM policy to C code that creates static structures compatible with what openpam_configure() produces. Always build but never install (for now)
Dag-Erling Smørgrav
2012-03-31 17:04:29 +0000
783a383e4bSave errno before calling asprintf(), since asprintf() may touch errno, which will cause syslog() to log the wrong error message if the format string contains %m.
Dag-Erling Smørgrav
2012-03-31 16:20:13 +0000
8e881dbdd7Fix some embarassing typos introduced in the openpam_straddch() cleanup. Move prototype from "opempam_impl.h" to <security/openpam.h>. Generate openpam_straddch(3) man page.
Dag-Erling Smørgrav
2012-03-31 14:55:19 +0000
a7c9ef9a05Additional return value hackery.
Dag-Erling Smørgrav
2012-03-31 14:49:30 +0000
be3bfed604Clean up and document
Dag-Erling Smørgrav
2012-03-31 14:25:43 +0000
42651f8d9bAdd an internal function for appending a character to a dynamically allocated string, expanding the string if necessary.
Dag-Erling Smørgrav
2012-02-26 03:34:46 +0000
7d5d2733f5Rename sigset to the_sigset to avoid shadowing sigset(3).
Dag-Erling Smørgrav
2012-02-26 03:23:59 +0000
0a4f5e9af7Credit Don Lewis and Gleb Smirnoff for their assistance with tracking down the recent openpam_configure() and openpam_dynamic() issues.
Dag-Erling Smørgrav
2012-01-11 00:47:45 +0000
cf0963e668Improve error messages by logging the full path of the module we tried to load rather than just the module name.
Dag-Erling Smørgrav
2012-01-11 00:45:09 +0000
c3d9f63b55Fix a regression introduced by r487. The count was actually used to determine whether to stop searching for a policy. After r487, multiple policies for the same service would be concatenated, whereas the intention was that the one that came first in the policy path should eclipse the others.
Dag-Erling Smørgrav
2012-01-11 00:29:48 +0000
b616ada557Add another log level, PAM_LOG_LIBDEBUG, with a negative priority. It is currently equivalent to PAM_LOG_DEBUG, and is used only by the library call tracing macros (ENTER*() and RETURN*()). It should eventually replace PAM_LOG_DEBUG throughout the library, except perhaps for a few particularly interesting messages; PAM_LOG_DEBUG will be reserved for modules.
Dag-Erling Smørgrav
2012-01-11 00:13:25 +0000
996a845863Report an error if one of the modules in the chain does not implement the requested primitive. This is a significant change, but it should only affect poorly-written PAM modules, and the alternative is a potential fail-open situation.
Dag-Erling Smørgrav
2011-12-07 01:28:05 +0000
229c006c86Forgotten in previous commit: check the ownership and permissions of the policy file.
Dag-Erling Smørgrav
2011-11-22 12:07:03 +0000
1a4edb80d7Factor out and improve the module ownership / permission check, and add a similar (but race-proof) check for the policy file.
Dag-Erling Smørgrav
2011-11-22 11:51:50 +0000
2b025676c7Document increased input validation, and credit Sebastian Krahmer for bringing the issue to my attention.
Dag-Erling Smørgrav
2011-11-21 16:27:04 +0000
d98f755c25Refuse to load a module if it is owned by anyone else than root or the arbitrator or it is writable by group or other.
Dag-Erling Smørgrav
2011-11-20 02:28:15 +0000
b011e58526dst can't be const, you idiot.
Dag-Erling Smørgrav
2011-11-20 02:04:17 +0000
6a92548403Reorganize the headers and centralize the string tables.
Dag-Erling Smørgrav
2011-11-12 00:12:32 +0000
ff73a20a84Add a strlcpy(3) implementation.
Dag-Erling Smørgrav
2011-11-11 03:04:46 +0000
e8522c7fccAlways create optv, even if there are no options.
Dag-Erling Smørgrav
2011-11-05 20:50:15 +0000
c86a681052The count was never used, so ditch it and return plain PAM error codes instead.
Dag-Erling Smørgrav
2011-11-05 20:00:46 +0000
493804d19bFix a couple of bugs in the option string reassembly code.
Dag-Erling Smørgrav
2011-11-03 16:46:20 +0000
6835696a2aRevert large parts of r478. I had forgotten that the module arguments are actually passed to each service function in the classic (argc, argv) form. The only place where the compiler could have caught this used a type cast, and it did not show up in testing either because all of the modules I tested use openpam_get_option(3) instead of manipulating argv directly.
Dag-Erling Smørgrav
2011-11-03 16:33:02 +0000
c16faba34eThe include directive expects a service name, not a filename. While there, remember to check for trailing garbage.
Dag-Erling Smørgrav
2011-11-03 16:09:22 +0000
55f6a50684Major overhaul of the policy parser to support quoted option values. As a bonus, it should now be much easier to read and understand.
Dag-Erling Smørgrav
2011-11-03 15:39:18 +0000
d40a8fb860"facility" is more appropriate than "function class"
Dag-Erling Smørgrav
2011-11-03 15:30:03 +0000
9b234e1f88Provide strlcmp(3) internally on systems that don't already have it.
Dag-Erling Smørgrav
2011-11-03 15:29:24 +0000
f229d69d05Fix the case where match_word() matches the last word on the line. It would previously return 0 because it expected the next character after the matched word to be a space.
Dag-Erling Smørgrav
2011-11-03 10:56:10 +0000
ebccc4d687- Deduplicate the trailing-whitespace code. - Don't treat "\\\n" as whitespace. It's not what most people would expect, and the documentation doesn't mention it. - Improve the documentation a bit now that gendoc.pl supports bullet lists.
Dag-Erling Smørgrav
2011-11-03 10:48:25 +0000
fa542b0736Add a trailing slash if the user forgot it.
Dag-Erling Smørgrav
2011-11-02 16:17:40 +0000
956ef0df60If a module directory was specified on the configure command line, the OPENPAM_MODULES_DIR macro was defined in config.h in addition to CFLAGS. Place OPENPAM_MODULES_DIR unconditionally in config.h and remove it from CFLAGS.
Dag-Erling Smørgrav
2011-11-02 15:04:31 +0000