OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Commit Graph

  • 4063fef039 Start writing unit tests for openpam_readlinev(). One of them fails, but I can't quite decide whether the code or the test is incorrect. Dag-Erling Smørgrav 2012-04-03 20:13:38 +0000
  • ba1a5551d6 need config.h + missing printf() arguments + more tests Dag-Erling Smørgrav 2012-04-02 22:17:55 +0000
  • 73a3b34f32 Need config.h Dag-Erling Smørgrav 2012-04-02 22:06:24 +0000
  • b99998da9c Annotate t_verbose() Dag-Erling Smørgrav 2012-04-02 22:06:05 +0000
  • 28f7487e06 This was actually a bad idea, because the test might produce warning or error messages that are shorter than what we printed. Dag-Erling Smørgrav 2012-04-02 21:43:59 +0000
  • 94876a3695 whitespace nit Dag-Erling Smørgrav 2012-04-02 10:00:08 +0000
  • e9c697feb5 In verbose mode, output the number and name of each test to stderr before running it. End it with a carriage return so that any actual output will overwrite it. Dag-Erling Smørgrav 2012-04-02 09:59:53 +0000
  • 3a2fec89e2 Get rid of BSDisms Dag-Erling Smørgrav 2012-04-02 09:54:09 +0000
  • 31950458f5 Add strlcat() for non-BSD systems. strlcpy() needs to be static. Dag-Erling Smørgrav 2012-04-02 09:46:48 +0000
  • 3052dea7c0 Another bug uncovered by unit tests: Dag-Erling Smørgrav 2012-04-01 21:04:44 +0000
  • 9a14604cd2 Start adding test cases involving quotes. The first two I could think of both fail... Dag-Erling Smørgrav 2012-04-01 20:59:45 +0000
  • 81455d2603 Rename some tests, and test single and multiple whitespace separately. Dag-Erling Smørgrav 2012-04-01 20:52:41 +0000
  • 49a4c1509e Fix a bug detected by the unit tests: to ensure consistent handling of trailing whitespace, openpam_readword() should *always* push back the last character read (which is a no-op in the EOF case). Dag-Erling Smørgrav 2012-04-01 20:45:19 +0000
  • d7708b3ae5 Always build and run the tests last so the results are more easily visible in the scrollback or build log. Dag-Erling Smørgrav 2012-04-01 20:38:30 +0000
  • 2baadb71ee Add a handful of unit tests for openpam_readword(3). Note that one of them currently fails... Dag-Erling Smørgrav 2012-04-01 20:34:59 +0000
  • 96357f3c52 Add an openpam_straddch() function that appends a character to a string, reallocating the string if necessary. Dag-Erling Smørgrav 2012-04-01 15:01:21 +0000
  • 54b6b546dd Update year Dag-Erling Smørgrav 2012-03-31 23:13:20 +0000
  • 8121567cf6 More cases in which Fn should be used instead of Nm. Dag-Erling Smørgrav 2012-03-31 23:12:54 +0000
  • d619fcb520 Through oversight, the PAM_LOG_LIBDEBUG case was left out in the version of openpam_log() that's actually used. Internal debugging messages therefore went to the default case and were logged as errors, spamming /var/log/messages and the console. Dag-Erling Smørgrav 2012-03-31 22:47:15 +0000
  • e29b3b276f Even though I now prefer the 2-clause BSD license, for practical reasons, it is easier to use the 3-clause BSD license even for new additions to OpenPAM. Dag-Erling Smørgrav 2012-03-31 22:11:34 +0000
  • 9857b1c9ea Add support for custom sections, including a custom RETURN VALUES section which suppresses the auto-generated one. Dag-Erling Smørgrav 2012-03-31 21:16:40 +0000
  • 10215cdd1e Only pull up punctuation which is followed by whitespace. Dag-Erling Smørgrav 2012-03-31 21:15:44 +0000
  • 98687ed638 Use ".Fn foo" instead of ".Nm" for function names. Dag-Erling Smørgrav 2012-03-31 20:53:50 +0000
  • f163a4b9df spelling Dag-Erling Smørgrav 2012-03-31 20:53:22 +0000
  • 103857f3c9 Short program that converts a PAM policy to C code that creates static structures compatible with what openpam_configure() produces. Always build but never install (for now) Dag-Erling Smørgrav 2012-03-31 17:04:29 +0000
  • 783a383e4b Save errno before calling asprintf(), since asprintf() may touch errno, which will cause syslog() to log the wrong error message if the format string contains %m. Dag-Erling Smørgrav 2012-03-31 16:20:13 +0000
  • 74c787f664 Avoid underflow if *size == 0. Dag-Erling Smørgrav 2012-03-31 15:34:19 +0000
  • 8e881dbdd7 Fix some embarassing typos introduced in the openpam_straddch() cleanup. Move prototype from "opempam_impl.h" to <security/openpam.h>. Generate openpam_straddch(3) man page. Dag-Erling Smørgrav 2012-03-31 14:55:19 +0000
  • a7c9ef9a05 Additional return value hackery. Dag-Erling Smørgrav 2012-03-31 14:49:30 +0000
  • be3bfed604 Clean up and document Dag-Erling Smørgrav 2012-03-31 14:25:43 +0000
  • b3a9a4792f Redundant #include Dag-Erling Smørgrav 2012-03-31 14:24:53 +0000
  • 2e479f3c12 Redundant #include Dag-Erling Smørgrav 2012-03-31 14:24:37 +0000
  • 7d5093463e Expand $Id$ Dag-Erling Smørgrav 2012-03-31 13:44:51 +0000
  • aa8e257838 Ignore Emacs droppings Dag-Erling Smørgrav 2012-03-31 12:06:48 +0000
  • 42651f8d9b Add an internal function for appending a character to a dynamically allocated string, expanding the string if necessary. Dag-Erling Smørgrav 2012-02-26 03:34:46 +0000
  • 7d5d2733f5 Rename sigset to the_sigset to avoid shadowing sigset(3). Dag-Erling Smørgrav 2012-02-26 03:23:59 +0000
  • 0a4f5e9af7 Credit Don Lewis and Gleb Smirnoff for their assistance with tracking down the recent openpam_configure() and openpam_dynamic() issues. Dag-Erling Smørgrav 2012-01-11 00:47:45 +0000
  • cf0963e668 Improve error messages by logging the full path of the module we tried to load rather than just the module name. Dag-Erling Smørgrav 2012-01-11 00:45:09 +0000
  • c3d9f63b55 Fix a regression introduced by r487. The count was actually used to determine whether to stop searching for a policy. After r487, multiple policies for the same service would be concatenated, whereas the intention was that the one that came first in the policy path should eclipse the others. Dag-Erling Smørgrav 2012-01-11 00:29:48 +0000
  • 88a6cda1a1 Reluctantly document PAM_LOG_LIBDEBUG. Dag-Erling Smørgrav 2012-01-11 00:15:24 +0000
  • b616ada557 Add another log level, PAM_LOG_LIBDEBUG, with a negative priority. It is currently equivalent to PAM_LOG_DEBUG, and is used only by the library call tracing macros (ENTER*() and RETURN*()). It should eventually replace PAM_LOG_DEBUG throughout the library, except perhaps for a few particularly interesting messages; PAM_LOG_DEBUG will be reserved for modules. Dag-Erling Smørgrav 2012-01-11 00:13:25 +0000
  • df3d585d08 Reduce log spam. Dag-Erling Smørgrav 2012-01-11 00:03:18 +0000
  • 34c9fb6fd3 Only call dlerror() after dlsym() failed. Dag-Erling Smørgrav 2012-01-10 23:57:31 +0000
  • 31e9142afc Verify that the target is a regular file. Dag-Erling Smørgrav 2012-01-10 23:50:03 +0000
  • 407565fc1d The name of the default policy is (and always has been) "other", not "default". Dag-Erling Smørgrav 2012-01-10 22:38:13 +0000
  • 255c7f6727 Detect fdlopen(3) Dag-Erling Smørgrav 2012-01-10 21:26:49 +0000
  • 8c2f4c74b7 Use fdlopen(3) if it is available. Dag-Erling Smørgrav 2012-01-10 21:26:34 +0000
  • 8f8a8584fc Correct usage string Dag-Erling Smørgrav 2012-01-10 21:22:57 +0000
  • ca0b4cb0c7 Generate Trac-compatible wiki text for each release from HISTORY. Dag-Erling Smørgrav 2012-01-10 21:16:05 +0000
  • fb9c3dcdf5 Normalize whitespace Dag-Erling Smørgrav 2012-01-10 21:05:42 +0000
  • 298995257d Tag OpenPAM Lycopsida. Embarrassingly enough, I forgot to commit this before rolling the release. openpam-20111218 origin/tags/openpam-20111218 Dag-Erling Smørgrav 2012-01-10 20:44:42 +0000
  • 41bb288744 The only place RETURNP() is used returns a non-const pointer. Dag-Erling Smørgrav 2012-01-09 13:25:09 +0000
  • 596b3af085 Use a different default prompt if PAM_RHOST != PAM_HOST. Dag-Erling Smørgrav 2011-12-31 13:14:23 +0000
  • 8ec4a16273 Don't log an error message if the file does not exist. Dag-Erling Smørgrav 2011-12-22 17:18:53 +0000
  • 8372b71ce1 Add Matthias Drochner - I wish I'd remembered to do so before I rolled Lycopsida. Dag-Erling Smørgrav 2011-12-18 17:07:53 +0000
  • e630a92713 --with-doc defaults to yes Dag-Erling Smørgrav 2011-12-18 14:43:40 +0000
  • 59dc4aa601 Update release notes for Lycopsida Dag-Erling Smørgrav 2011-12-18 14:25:12 +0000
  • 3f02bd9df6 Set version number and release name Dag-Erling Smørgrav 2011-12-18 14:13:08 +0000
  • 4aca0ed827 Set release date Dag-Erling Smørgrav 2011-12-18 14:11:12 +0000
  • 95ed7f5d0c Style / consistency Dag-Erling Smørgrav 2011-12-18 14:00:33 +0000
  • dd498bc7ad Use openpam_check_path_owner_perms() Dag-Erling Smørgrav 2011-12-18 13:59:22 +0000
  • 996a845863 Report an error if one of the modules in the chain does not implement the requested primitive. This is a significant change, but it should only affect poorly-written PAM modules, and the alternative is a potential fail-open situation. Dag-Erling Smørgrav 2011-12-07 01:28:05 +0000
  • 229c006c86 Forgotten in previous commit: check the ownership and permissions of the policy file. Dag-Erling Smørgrav 2011-11-22 12:07:03 +0000
  • 1a4edb80d7 Factor out and improve the module ownership / permission check, and add a similar (but race-proof) check for the policy file. Dag-Erling Smørgrav 2011-11-22 11:51:50 +0000
  • 2b025676c7 Document increased input validation, and credit Sebastian Krahmer for bringing the issue to my attention. Dag-Erling Smørgrav 2011-11-21 16:27:04 +0000
  • b9f0b632da Validate the service name, closing an attack vector for programs like kcheckpass that let the user specify which policy to apply. See <URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>. Dag-Erling Smørgrav 2011-11-21 16:25:49 +0000
  • 026c898ec5 Disallow changing the service name. Dag-Erling Smørgrav 2011-11-21 16:20:45 +0000
  • 0e65fdb799 Document the module ownership / permissions test. Dag-Erling Smørgrav 2011-11-20 03:03:22 +0000
  • d9f7580763 nit Dag-Erling Smørgrav 2011-11-20 02:58:34 +0000
  • d98f755c25 Refuse to load a module if it is owned by anyone else than root or the arbitrator or it is writable by group or other. Dag-Erling Smørgrav 2011-11-20 02:28:15 +0000
  • b011e58526 dst can't be const, you idiot. Dag-Erling Smørgrav 2011-11-20 02:04:17 +0000
  • 6a92548403 Reorganize the headers and centralize the string tables. Dag-Erling Smørgrav 2011-11-12 00:12:32 +0000
  • ff73a20a84 Add a strlcpy(3) implementation. Dag-Erling Smørgrav 2011-11-11 03:04:46 +0000
  • e8522c7fcc Always create optv, even if there are no options. Dag-Erling Smørgrav 2011-11-05 20:50:15 +0000
  • c86a681052 The count was never used, so ditch it and return plain PAM error codes instead. Dag-Erling Smørgrav 2011-11-05 20:00:46 +0000
  • 2603985187 Document quoted option values. Dag-Erling Smørgrav 2011-11-03 16:58:05 +0000
  • 8b3eca4161 Document quoted option values. Dag-Erling Smørgrav 2011-11-03 16:57:37 +0000
  • ba7de9c9c6 Remove debugging code. Dag-Erling Smørgrav 2011-11-03 16:47:26 +0000
  • 493804d19b Fix a couple of bugs in the option string reassembly code. Dag-Erling Smørgrav 2011-11-03 16:46:20 +0000
  • 6835696a2a Revert large parts of r478. I had forgotten that the module arguments are actually passed to each service function in the classic (argc, argv) form. The only place where the compiler could have caught this used a type cast, and it did not show up in testing either because all of the modules I tested use openpam_get_option(3) instead of manipulating argv directly. Dag-Erling Smørgrav 2011-11-03 16:33:02 +0000
  • c16faba34e The include directive expects a service name, not a filename. While there, remember to check for trailing garbage. Dag-Erling Smørgrav 2011-11-03 16:09:22 +0000
  • 28c2e4049f past tense Dag-Erling Smørgrav 2011-11-03 15:55:56 +0000
  • b373991f87 namespace violation mumble mumble Dag-Erling Smørgrav 2011-11-03 15:40:15 +0000
  • 55f6a50684 Major overhaul of the policy parser to support quoted option values. As a bonus, it should now be much easier to read and understand. Dag-Erling Smørgrav 2011-11-03 15:39:18 +0000
  • 11b10d0991 Minor simplification. Dag-Erling Smørgrav 2011-11-03 15:30:34 +0000
  • d40a8fb860 "facility" is more appropriate than "function class" Dag-Erling Smørgrav 2011-11-03 15:30:03 +0000
  • 9b234e1f88 Provide strlcmp(3) internally on systems that don't already have it. Dag-Erling Smørgrav 2011-11-03 15:29:24 +0000
  • f229d69d05 Fix the case where match_word() matches the last word on the line. It would previously return 0 because it expected the next character after the matched word to be a space. Dag-Erling Smørgrav 2011-11-03 10:56:10 +0000
  • ebccc4d687 - Deduplicate the trailing-whitespace code. - Don't treat "\\\n" as whitespace. It's not what most people would expect, and the documentation doesn't mention it. - Improve the documentation a bit now that gendoc.pl supports bullet lists. Dag-Erling Smørgrav 2011-11-03 10:48:25 +0000
  • c20b753856 Remove commented-out code Dag-Erling Smørgrav 2011-11-03 09:46:52 +0000
  • 94ca0f4d08 Expand $Id$ Dag-Erling Smørgrav 2011-11-03 09:44:40 +0000
  • f0280932cb Rewrap Dag-Erling Smørgrav 2011-11-02 23:44:05 +0000
  • a3fc39b15b Mention pamtest(1). Dag-Erling Smørgrav 2011-11-02 23:43:54 +0000
  • e6545c355d Build pamtest. Dag-Erling Smørgrav 2011-11-02 23:42:51 +0000
  • e53b12a47e Add a tool for testing modules and policies. Dag-Erling Smørgrav 2011-11-02 23:42:21 +0000
  • dd2c21f7b6 Mention that the service function is called twice. Dag-Erling Smørgrav 2011-11-02 23:33:43 +0000
  • eed493316e Add support for bullet lists. Dag-Erling Smørgrav 2011-11-02 20:34:26 +0000
  • 85ca38e143 ignore openpam_subst.3 Dag-Erling Smørgrav 2011-11-02 20:00:31 +0000
  • fa542b0736 Add a trailing slash if the user forgot it. Dag-Erling Smørgrav 2011-11-02 16:17:40 +0000
  • 956ef0df60 If a module directory was specified on the configure command line, the OPENPAM_MODULES_DIR macro was defined in config.h in addition to CFLAGS. Place OPENPAM_MODULES_DIR unconditionally in config.h and remove it from CFLAGS. Dag-Erling Smørgrav 2011-11-02 15:04:31 +0000