diff options
author | des <des@FreeBSD.org> | 2012-05-26 17:10:16 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2012-05-26 17:10:16 +0000 |
commit | e591108b4ff3b509a90d50646dac489bd3586c83 (patch) | |
tree | 8db8bd736c680a375326928576df3d5395b6a4f3 | |
parent | 14a6c41ca7a3722b33e2208c83fb8b4a009b0ecf (diff) | |
parent | 4d990f74cc8d1f6788d9e35ce8ada48cc0b5f41f (diff) | |
download | FreeBSD-src-e591108b4ff3b509a90d50646dac489bd3586c83.zip FreeBSD-src-e591108b4ff3b509a90d50646dac489bd3586c83.tar.gz |
Update to OpenPAM Micrampelis.
114 files changed, 5799 insertions, 1070 deletions
diff --git a/contrib/openpam/CREDITS b/contrib/openpam/CREDITS index a003ac0..2725d88 100644 --- a/contrib/openpam/CREDITS +++ b/contrib/openpam/CREDITS @@ -16,16 +16,21 @@ ideas: Brian Fundakowski Feldman <green@freebsd.org> Christos Zoulas <christos@netbsd.org> Daniel Richard G. <skunk@iskunk.org> - Darren J. Moffat <Darren.Moffat@sun.com> + Darren J. Moffat <darren.moffat@sun.com> Dmitry V. Levin <ldv@altlinux.org> + Don Lewis <truckman@freebsd.org> Emmanuel Dreyfus <manu@netbsd.org> Eric Melville <eric@freebsd.org> - Gary Winiger <Gary.Winiger@sun.com> + Gary Winiger <gary.winiger@sun.com> + Gleb Smirnoff <glebius@freebsd.org> Hubert Feyrer <hubert@feyrer.de> + Jason Evans <jasone@freebsd.org> Joe Marcus Clarke <marcus@freebsd.org> Juli Mallett <jmallett@freebsd.org> Jörg Sonnenberger <joerg@britannica.bec.de> + Maëlle Lesage <lesage.maelle@gmail.com> Mark Murray <markm@freebsd.org> + Matthias Drochner <drochner@netbsd.org> Mike Petullo <mike@flyn.org> Mikhail Teterin <mi@aldan.algebra.com> Mikko Työläjärvi <mbsd@pacbell.net> @@ -38,4 +43,4 @@ ideas: Wojciech A. Koszek <wkoszek@freebsd.org> Yar Tikhiy <yar@freebsd.org> -$Id: CREDITS 498 2011-11-21 16:27:04Z des $ +$Id: CREDITS 587 2012-04-08 11:12:10Z des $ diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY index 81af9ea..3cc4c96 100644 --- a/contrib/openpam/HISTORY +++ b/contrib/openpam/HISTORY @@ -1,3 +1,51 @@ +OpenPAM Micrampelis 2012-05-26 + + - FEATURE: Add an openpam_readword(3) function which reads the next + word from an input stream, applying shell quoting and escaping + rules. Add numerous unit tests for openpam_readword(3). + + - FEATURE: Add an openpam_readlinev(3) function which uses the + openpam_readword(3) function to read words from an input stream one + at a time until it reaches an unquoted, unescaped newline, and + returns an array of those words. Add several unit tests for + openpam_readlinev(3). + + - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the + machine's hostname. This was implemented in Lycopsida but + inadvertantly left out of the release notes. + + - FEATURE: In pam_get_authtok(3), if neither the application nor the + module have specified a prompt and PAM_HOST and PAM_RHOST are both + defined but not equal, use a different default prompt that includes + PAM_USER and PAM_HOST. + + - ENHANCE: Rewrite the policy parser to used openpam_readlinev(), + which greatly simplifies the code. + + - ENHANCE: The previous implementation of the policy parser relied on + the openpam_readline(3) function, which (by design) munges + whitespace and understands neither quotes nor backslash escapes. + As a result of the aforementioned rewrite, whitespace, quotes and + backslash escapes in policy files are now handled in a consistent + and predictable manner. + + - ENHANCE: On platforms that have it, use fdlopen(3) to load modules. + This closes the race between the ownership / permission check and + the dlopen(3) call. + + - ENHANCE: Reduce the amount of pointless error messages generated + while searching for a module. + + - ENHANCE: Numerous documentation improvements, both in content and + formatting. + + - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed + OpenPAM's behavior when several policies exist for the same + service, from ignoring all but the first to concatenating them all. + Revert to the original behavior. + + - BUGFIX: Plug a memory leak in the policy parser. +============================================================================ OpenPAM Lycopsida 2011-12-18 - ENHANCE: removed static build autodetection, which didn't work @@ -269,7 +317,7 @@ OpenPAM Cinchona 2002-04-08 - ENHANCE: Add openpam_free_data(), a generic cleanup function for pam_set_data() consumers. ============================================================================ -OpenPAM Centaury 2002-03-14 +OpenPAM Centaury 2002-03-14 - BUGFIX: Add missing #include <string.h> to openpam_log.c. @@ -308,7 +356,7 @@ OpenPAM Celandine 2002-03-05 module with the same version number as the library itself to one with no version number at all. ============================================================================ -OpenPAM Cantaloupe 2002-02-22 +OpenPAM Cantaloupe 2002-02-22 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. @@ -338,7 +386,7 @@ OpenPAM Cantaloupe 2002-02-22 - ENHANCE: openpam_get_authtok() now respects the echo_pass, try_first_pass, and use_first_pass options. ============================================================================ -OpenPAM Caliopsis 2002-02-13 +OpenPAM Caliopsis 2002-02-13 Fixed a number of bugs in the previous release, including: - a number of bugs in and related to pam_[gs]et_item(3) @@ -349,8 +397,8 @@ Fixed a number of bugs in the previous release, including: - missing 'continue' in openpam_dispatch.c caused successes to be counted as failures ============================================================================ -OpenPAM Calamite 2002-02-09 +OpenPAM Calamite 2002-02-09 First (beta) release. ============================================================================ -$Id: HISTORY 504 2011-12-18 14:11:12Z des $ +$Id: HISTORY 609 2012-05-26 13:57:45Z des $ diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE index e6d4325..5119794 100644 --- a/contrib/openpam/LICENSE +++ b/contrib/openpam/LICENSE @@ -1,6 +1,6 @@ Copyright (c) 2002-2003 Networks Associates Technology, Inc. -Copyright (c) 2004-2011 Dag-Erling Smørgrav +Copyright (c) 2004-2012 Dag-Erling Smørgrav All rights reserved. This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,4 +32,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$Id: LICENSE 437 2011-09-13 12:00:13Z des $ +$Id: LICENSE 546 2012-03-31 23:13:20Z des $ diff --git a/contrib/openpam/Makefile.am b/contrib/openpam/Makefile.am index 96ed4ea..5c4fbf3 100644 --- a/contrib/openpam/Makefile.am +++ b/contrib/openpam/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $ +# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $ ACLOCAL_AMFLAGS = -I m4 @@ -8,6 +8,8 @@ if WITH_DOC SUBDIRS += doc endif +SUBDIRS += t + EXTRA_DIST = \ CREDITS \ HISTORY \ diff --git a/contrib/openpam/Makefile.in b/contrib/openpam/Makefile.in index 44624b8..3c0c783 100644 --- a/contrib/openpam/Makefile.in +++ b/contrib/openpam/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ -# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $ +# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -39,8 +39,8 @@ host_triplet = @host@ subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ - $(top_srcdir)/configure INSTALL config.guess config.sub \ - depcomp install-sh ltmain.sh missing + $(srcdir)/pamgdb.in $(top_srcdir)/configure INSTALL TODO \ + config.guess config.sub depcomp install-sh ltmain.sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ @@ -49,7 +49,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = pamgdb CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = @@ -67,7 +67,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = lib bin modules include doc +DIST_SUBDIRS = lib bin modules include doc t DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -222,7 +222,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = lib bin modules include $(am__append_1) +SUBDIRS = lib bin modules include $(am__append_1) t EXTRA_DIST = \ CREDITS \ HISTORY \ @@ -288,6 +288,8 @@ $(srcdir)/config.h.in: $(am__configure_deps) distclean-hdr: -rm -f config.h stamp-h1 +pamgdb: $(top_builddir)/config.status $(srcdir)/pamgdb.in + cd $(top_builddir) && $(SHELL) ./config.status $@ mostlyclean-libtool: -rm -f *.lo diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES index 71f7eb9..5364601 100644 --- a/contrib/openpam/RELNOTES +++ b/contrib/openpam/RELNOTES @@ -1,6 +1,6 @@ - Release notes for OpenPAM Lycopsida - =================================== + Release notes for OpenPAM Micrampelis + ===================================== This release corresponds to the code used in FreeBSD HEAD as of the release date, and is also expected to work on almost any POSIX-like @@ -19,6 +19,9 @@ intended for actual use, but rather to serve as examples for module or application developers. It also includes a command-line application (pamtest) which can be used to test policies and modules. +Unit tests for limited portions of the library can be found in the t +subdirectory. + Please direct bug reports and inquiries to <des@des.no>. -$Id: RELNOTES 506 2011-12-18 14:25:12Z des $ +$Id: RELNOTES 609 2012-05-26 13:57:45Z des $ diff --git a/contrib/openpam/TODO b/contrib/openpam/TODO new file mode 100644 index 0000000..2d0af16 --- /dev/null +++ b/contrib/openpam/TODO @@ -0,0 +1,13 @@ +Before the next release: + + - Complete the transition from PAM_LOG_DEBUG to PAM_LOG_LIBDEBUG. + +Whenever: + + - Implement mechanism to enable / disable optional features. Use it + to disable strict error checking so pamtest and unit tests can do + things that we don't allow in production. + + - Rewrite the module-loading code. + +$Id: TODO 592 2012-04-08 13:19:51Z des $ diff --git a/contrib/openpam/aclocal.m4 b/contrib/openpam/aclocal.m4 index c3aa435..99ed44a 100644 --- a/contrib/openpam/aclocal.m4 +++ b/contrib/openpam/aclocal.m4 @@ -22,8 +22,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -32,8 +32,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.]) m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -167,6 +167,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -652,7 +654,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -816,6 +818,7 @@ AC_DEFUN([LT_LANG], m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], @@ -837,6 +840,29 @@ m4_defun([_LT_LANG], ])# _LT_LANG +m4_ifndef([AC_PROG_GO], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], @@ -867,6 +893,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ], m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) @@ -969,7 +999,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -977,6 +1013,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ rm -rf libconftest.dylib* rm -f conftest.* fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no @@ -988,6 +1025,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF @@ -1005,7 +1043,9 @@ _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? - if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1050,8 +1090,8 @@ _LT_EOF ]) -# _LT_DARWIN_LINKER_FEATURES -# -------------------------- +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ @@ -1062,6 +1102,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi @@ -1345,14 +1387,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) CFLAGS="$SAVE_CFLAGS" fi ;; -sparc*-*solaris*) +*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" @@ -1429,13 +1484,13 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -1615,6 +1670,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=196608 ;; + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not @@ -1654,7 +1714,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do @@ -2200,7 +2260,7 @@ need_version=unknown case $host_os in aix3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH @@ -2209,7 +2269,7 @@ aix3*) ;; aix[[4-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes @@ -2274,7 +2334,7 @@ beos*) ;; bsdi[[45]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -2413,7 +2473,7 @@ m4_if([$1], [],[ ;; dgux*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' @@ -2466,17 +2526,18 @@ freebsd* | dragonfly*) ;; gnu*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" @@ -2537,7 +2598,7 @@ hpux9* | hpux10* | hpux11*) ;; interix[[3-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' @@ -2553,7 +2614,7 @@ irix5* | irix6* | nonstopux*) nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; @@ -2590,9 +2651,9 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2655,7 +2716,7 @@ netbsd*) ;; newsos6) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -2724,7 +2785,7 @@ rdos*) ;; solaris*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2749,7 +2810,7 @@ sunos4*) ;; sysv4 | sysv4.3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -2773,7 +2834,7 @@ sysv4 | sysv4.3*) sysv4*MP*) if test -d /usr/nec ;then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH @@ -2804,7 +2865,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2814,7 +2875,7 @@ tpf*) ;; uts4*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -3236,7 +3297,7 @@ irix5* | irix6* | nonstopux*) lt_cv_deplibs_check_method=pass_all ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -3656,6 +3717,7 @@ for ac_symprfx in "" "_"; do # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ @@ -4240,7 +4302,9 @@ m4_if([$1], [CXX], [ case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi ;; esac else @@ -4332,18 +4396,33 @@ m4_if([$1], [CXX], [ ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; esac ;; esac @@ -4503,7 +4582,9 @@ m4_if([$1], [CXX], [ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) ;; + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] @@ -4528,7 +4609,6 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -4779,8 +4859,7 @@ _LT_EOF xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ @@ -5075,6 +5154,7 @@ _LT_EOF # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' @@ -5172,7 +5252,6 @@ _LT_EOF fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes @@ -5614,9 +5693,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1], _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], - [[If ld is used when linking, flag to hardcode $libdir into a binary - during linking. This must work even if $libdir does not exist]]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], @@ -5770,7 +5846,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -6901,12 +6976,18 @@ public class foo { } }; _LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary @@ -7103,7 +7184,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7236,7 +7316,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7419,6 +7498,73 @@ CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler @@ -7488,6 +7634,13 @@ dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], @@ -8152,9 +8305,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) @@ -8326,15 +8494,15 @@ m4_define([lt_dict_filter], # @configure_input@ -# serial 3293 ltversion.m4 +# serial 3337 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4]) -m4_define([LT_PACKAGE_REVISION], [1.3293]) +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4' -macro_revision='1.3293' +[macro_version='2.4.2' +macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/contrib/openpam/bin/Makefile.am b/contrib/openpam/bin/Makefile.am index 78ebeaa..ec7a99e 100644 --- a/contrib/openpam/bin/Makefile.am +++ b/contrib/openpam/bin/Makefile.am @@ -1,6 +1,6 @@ -# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $ +# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $ -SUBDIRS = +SUBDIRS = openpam_dump_policy if WITH_PAMTEST SUBDIRS += pamtest diff --git a/contrib/openpam/bin/Makefile.in b/contrib/openpam/bin/Makefile.in index 4f6089d..3c11bbf 100644 --- a/contrib/openpam/bin/Makefile.in +++ b/contrib/openpam/bin/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ -# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $ +# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -63,7 +63,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = pamtest su +DIST_SUBDIRS = openpam_dump_policy pamtest su DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -207,7 +207,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUBDIRS = $(am__append_1) $(am__append_2) +SUBDIRS = openpam_dump_policy $(am__append_1) $(am__append_2) all: all-recursive .SUFFIXES: diff --git a/contrib/openpam/bin/openpam_dump_policy/Makefile.am b/contrib/openpam/bin/openpam_dump_policy/Makefile.am new file mode 100644 index 0000000..a5fda16 --- /dev/null +++ b/contrib/openpam/bin/openpam_dump_policy/Makefile.am @@ -0,0 +1,7 @@ +# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $ + +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib + +noinst_PROGRAMS = openpam_dump_policy +openpam_dump_policy_SOURCES = openpam_dump_policy.c +openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la diff --git a/contrib/openpam/bin/openpam_dump_policy/Makefile.in b/contrib/openpam/bin/openpam_dump_policy/Makefile.in new file mode 100644 index 0000000..54f09a4 --- /dev/null +++ b/contrib/openpam/bin/openpam_dump_policy/Makefile.in @@ -0,0 +1,474 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +noinst_PROGRAMS = openpam_dump_policy$(EXEEXT) +subdir = bin/openpam_dump_policy +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +PROGRAMS = $(noinst_PROGRAMS) +am_openpam_dump_policy_OBJECTS = openpam_dump_policy.$(OBJEXT) +openpam_dump_policy_OBJECTS = $(am_openpam_dump_policy_OBJECTS) +openpam_dump_policy_DEPENDENCIES = $(top_builddir)/lib/libpam.la +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(openpam_dump_policy_SOURCES) +DIST_SOURCES = $(openpam_dump_policy_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIBS = @DL_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib +openpam_dump_policy_SOURCES = openpam_dump_policy.c +openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +openpam_dump_policy$(EXEEXT): $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_DEPENDENCIES) + @rm -f openpam_dump_policy$(EXEEXT) + $(LINK) $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dump_policy.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstPROGRAMS ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/contrib/openpam/bin/openpam_dump_policy/openpam_dump_policy.c b/contrib/openpam/bin/openpam_dump_policy/openpam_dump_policy.c new file mode 100644 index 0000000..b65dbbd --- /dev/null +++ b/contrib/openpam/bin/openpam_dump_policy/openpam_dump_policy.c @@ -0,0 +1,202 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_dump_policy.c 582 2012-04-06 23:23:35Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +static char * +openpam_chain_name(const char *service, pam_facility_t fclt) +{ + const char *facility = pam_facility_name[fclt]; + char *name; + + if (asprintf(&name, "pam_%s_%s", service, facility) == -1) + return (NULL); + return (name); +} + +static char * +openpam_facility_index_name(pam_facility_t fclt) +{ + const char *facility = pam_facility_name[fclt]; + char *name, *p; + + if (asprintf(&name, "PAM_%s", facility) == -1) + return (NULL); + for (p = name + 4; *p; ++p) + *p = toupper(*p); + return (name); +} + +int +openpam_dump_chain(const char *name, pam_chain_t *chain) +{ + char *modname, **opt, *p; + int i; + + for (i = 0; chain != NULL; ++i, chain = chain->next) { + /* declare the module's struct pam_module */ + modname = strrchr(chain->module->path, '/'); + modname = strdup(modname ? modname : chain->module->path); + if (modname == NULL) + return (PAM_BUF_ERR); + for (p = modname; *p && *p != '.'; ++p) + /* nothing */ ; + *p = '\0'; + printf("extern struct pam_module %s_pam_module;\n", modname); + /* module arguments */ + printf("static char *%s_%d_optv[] = {\n", name, i); + for (opt = chain->optv; *opt; ++opt) { + printf("\t\""); + for (p = *opt; *p; ++p) { + if (isprint((unsigned char)*p) && *p != '"') + printf("%c", *p); + else + printf("\\x%02x", (unsigned char)*p); + } + printf("\",\n"); + } + printf("\tNULL,\n"); + printf("};\n"); + /* next module in chain */ + if (chain->next != NULL) + printf("static pam_chain_t %s_%d;\n", name, i + 1); + /* chain entry */ + printf("static pam_chain_t %s_%d = {\n", name, i); + printf("\t.module = &%s_pam_module,\n", modname); + printf("\t.flag = 0x%08x,\n", chain->flag); + printf("\t.optc = %d,\n", chain->optc); + printf("\t.optv = %s_%d_optv,\n", name, i); + if (chain->next) + printf("\t.next = &%s_%d,\n", name, i + 1); + else + printf("\t.next = NULL,\n"); + printf("};\n"); + free(modname); + } + return (PAM_SUCCESS); +} + +int +openpam_dump_policy(const char *service) +{ + pam_handle_t *pamh; + char *name; + int fclt, ret; + + if ((pamh = calloc(1, sizeof *pamh)) == NULL) + return (PAM_BUF_ERR); + if ((ret = openpam_configure(pamh, service)) != PAM_SUCCESS) + return (ret); + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) { + if ((name = openpam_chain_name(service, fclt)) == NULL) + return (PAM_BUF_ERR); + ret = openpam_dump_chain(name, pamh->chains[fclt]); + free(name); + if (ret != PAM_SUCCESS) + return (ret); + } + } + printf("static pam_policy_t pam_%s_policy = {\n", service); + printf("\t.service = \"%s\",\n", service); + printf("\t.chains = {\n"); + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if ((name = openpam_facility_index_name(fclt)) == NULL) + return (PAM_BUF_ERR); + printf("\t\t[%s] = ", name); + free(name); + if (pamh->chains[fclt] != NULL) { + if ((name = openpam_chain_name(service, fclt)) == NULL) + return (PAM_BUF_ERR); + printf("&%s_0,\n", name); + free(name); + } else { + printf("NULL,\n"); + } + } + printf("\t},\n"); + printf("};\n"); + free(pamh); + return (PAM_SUCCESS); +} + +static void +usage(void) +{ + + fprintf(stderr, "usage: openpam_dump_policy [-d] policy ...\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + int i, opt; + + while ((opt = getopt(argc, argv, "d")) != -1) + switch (opt) { + case 'd': + openpam_debug = 1; + break; + default: + usage(); + } + + argc -= optind; + argv += optind; + + if (argc < 1) + usage(); + + printf("#include <security/pam_appl.h>\n"); + printf("#include \"openpam_impl.h\"\n"); + for (i = 0; i < argc; ++i) + openpam_dump_policy(argv[i]); + printf("pam_policy_t *pam_embedded_policies[] = {\n"); + for (i = 0; i < argc; ++i) + printf("\t&pam_%s_policy,\n", argv[i]); + printf("\tNULL,\n"); + printf("};\n"); + exit(0); +} diff --git a/contrib/openpam/bin/pamtest/pamtest.1 b/contrib/openpam/bin/pamtest/pamtest.1 index 78e8353..5cf2e0c 100644 --- a/contrib/openpam/bin/pamtest/pamtest.1 +++ b/contrib/openpam/bin/pamtest/pamtest.1 @@ -10,6 +10,9 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -23,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: pamtest.1 471 2011-11-03 09:44:40Z des $ +.\" $Id: pamtest.1 610 2012-05-26 14:03:45Z des $ .\" -.Dd November 2, 2011 +.Dd May 26, 2012 .Dt PAMTEST 1 .Os .Sh NAME @@ -33,7 +36,7 @@ .Nd PAM policy tester .Sh SYNOPSYS .Nm -.Op Fl dksv +.Op Fl dkMPsv .Op Fl H Ar rhost .Op Fl h Ar host .Op Fl t Ar tty @@ -116,6 +119,11 @@ The default is to use the result of calling .Xr gethostname 3 . .It Fl k Keep going even if one of the commands fails. +.It Fl M +Disable path, ownership and permission checks on module files. +.It Fl P +Disable service name validation and path, ownership and permission +checks on policy files. .It Fl s Set the .Dv PAM_SILENT @@ -149,14 +157,14 @@ policy: pamtest -v system auth account change setcred open close unsetcred .Ed .Sh SEE ALSO -.Xr openpam 3 -.Xr pam 3 +.Xr openpam 3 , +.Xr pam 3 , .Xr pam.conf 5 .Sh AUTHORS The .Nm utility and this manual page were written by -.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +.An Dag-Erling Sm\(/orgrav Aq des@des.no . .Sh BUGS The .Nm diff --git a/contrib/openpam/bin/pamtest/pamtest.c b/contrib/openpam/bin/pamtest/pamtest.c index 0addfad..bfc612e 100644 --- a/contrib/openpam/bin/pamtest/pamtest.c +++ b/contrib/openpam/bin/pamtest/pamtest.c @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +27,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pamtest.c 472 2011-11-03 09:46:52Z des $ + * $Id: pamtest.c 595 2012-04-14 14:28:35Z des $ */ #ifdef HAVE_CONFIG_H @@ -261,8 +264,8 @@ static void usage(void) { - fprintf(stderr, "usage: pamtest [-dksv] %s\n", - "[-H rhost] [-h host] [-t tty] [-U ruser] [-u user] service"); + fprintf(stderr, "usage: pamtest %s service command ...\n", + "[-dkMPsv] [-H rhost] [-h host] [-t tty] [-U ruser] [-u user]"); exit(1); } @@ -297,7 +300,7 @@ main(int argc, char *argv[]) int pame; int opt; - while ((opt = getopt(argc, argv, "dH:h:kst:U:u:v")) != -1) + while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1) switch (opt) { case 'd': openpam_debug++; @@ -311,6 +314,14 @@ main(int argc, char *argv[]) case 'k': keepatit = 1; break; + case 'M': + openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0); + openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0); + break; + case 'P': + openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0); + openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0); + break; case 's': silent = PAM_SILENT; break; diff --git a/contrib/openpam/bin/su/su.1 b/contrib/openpam/bin/su/su.1 index 9a67ea3..2dc11bb 100644 --- a/contrib/openpam/bin/su/su.1 +++ b/contrib/openpam/bin/su/su.1 @@ -10,6 +10,9 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -23,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: su.1 458 2011-11-02 13:10:25Z des $ +.\" $Id: su.1 610 2012-05-26 14:03:45Z des $ .\" -.Dd November 2, 2011 +.Dd May 26, 2012 .Dt SU 1 .Os .Sh NAME @@ -53,10 +56,10 @@ The utility is provided with the OpenPAM library as a sample application and should not be used in production systems. .Sh SEE ALSO -.Xr openpam 3 +.Xr openpam 3 , .Xr pam 3 .Sh AUTHORS The .Nm utility and this manual page were written by -.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/config.h.in b/contrib/openpam/config.h.in index 3d16ce8..69f703c 100644 --- a/contrib/openpam/config.h.in +++ b/contrib/openpam/config.h.in @@ -9,6 +9,9 @@ /* Define to 1 if you have the <dlfcn.h> header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `fdlopen' function. */ +#undef HAVE_FDLOPEN + /* Define to 1 if you have the `fpurge' function. */ #undef HAVE_FPURGE @@ -36,6 +39,9 @@ /* Define to 1 if you have the <string.h> header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the `strlcat' function. */ +#undef HAVE_STRLCAT + /* Define to 1 if you have the `strlcmp' function. */ #undef HAVE_STRLCMP diff --git a/contrib/openpam/configure b/contrib/openpam/configure index fe13a93..5348d3f 100755 --- a/contrib/openpam/configure +++ b/contrib/openpam/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.ac Id: configure.ac 507 2011-12-18 14:43:40Z des . +# From configure.ac Id: configure.ac 610 2012-05-26 14:03:45Z des . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for OpenPAM 20111218. +# Generated by GNU Autoconf 2.68 for OpenPAM 20120526. # # Report bugs to <des@des.no>. # @@ -570,8 +570,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='OpenPAM' PACKAGE_TARNAME='openpam' -PACKAGE_VERSION='20111218' -PACKAGE_STRING='OpenPAM 20111218' +PACKAGE_VERSION='20120526' +PACKAGE_STRING='OpenPAM 20120526' PACKAGE_BUGREPORT='des@des.no' PACKAGE_URL='' @@ -1308,7 +1308,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures OpenPAM 20111218 to adapt to many kinds of systems. +\`configure' configures OpenPAM 20120526 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1378,7 +1378,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of OpenPAM 20111218:";; + short | recursive ) echo "Configuration of OpenPAM 20120526:";; esac cat <<\_ACEOF @@ -1405,7 +1405,7 @@ Optional Features: Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-pic try to use only PIC/non-PIC objects [default=use + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR @@ -1492,7 +1492,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -OpenPAM configure 20111218 +OpenPAM configure 20120526 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1861,7 +1861,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by OpenPAM $as_me 20111218, which was +It was created by OpenPAM $as_me 20120526, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2678,7 +2678,7 @@ fi # Define the identity of the package. PACKAGE='openpam' - VERSION='20111218' + VERSION='20120526' cat >>confdefs.h <<_ACEOF @@ -4631,8 +4631,8 @@ esac -macro_version='2.4' -macro_revision='1.3293' +macro_version='2.4.2' +macro_revision='1.3337' @@ -5347,6 +5347,11 @@ else lt_cv_sys_max_cmd_len=196608 ;; + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not @@ -5386,7 +5391,7 @@ else # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do @@ -5815,7 +5820,7 @@ irix5* | irix6* | nonstopux*) lt_cv_deplibs_check_method=pass_all ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -6455,13 +6460,13 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -6608,6 +6613,7 @@ for ac_symprfx in "" "_"; do # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ @@ -6996,7 +7002,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } CFLAGS="$SAVE_CFLAGS" fi ;; -sparc*-*solaris*) +*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 @@ -7007,7 +7013,20 @@ sparc*-*solaris*) case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" @@ -7647,7 +7666,13 @@ else $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 @@ -7658,6 +7683,7 @@ else fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if ${lt_cv_ld_exported_symbols_list+:} false; then : @@ -7690,6 +7716,7 @@ rm -f core conftest.err conftest.$ac_objext \ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 $as_echo_n "checking for -force_load linker flag... " >&6; } if ${lt_cv_ld_force_load+:} false; then : @@ -7711,7 +7738,9 @@ _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? - if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&5 @@ -7847,7 +7876,22 @@ fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : - withval=$with_pic; pic_mode="$withval" + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac else pic_mode=default fi @@ -7925,6 +7969,10 @@ LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + test -z "$LN_S" && LN_S="ln -s" @@ -8380,7 +8428,9 @@ lt_prog_compiler_static= case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 lt_prog_compiler_wl='-Xlinker ' - lt_prog_compiler_pic='-Xcompiler -fPIC' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi ;; esac else @@ -8471,18 +8521,33 @@ lt_prog_compiler_static= ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; esac ;; esac @@ -8844,7 +8909,6 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= - hardcode_libdir_flag_spec_ld= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported @@ -9094,8 +9158,7 @@ _LT_EOF xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' - hardcode_libdir_flag_spec= - hardcode_libdir_flag_spec_ld='-rpath $libdir' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ @@ -9474,6 +9537,7 @@ fi # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' @@ -9519,6 +9583,7 @@ fi hardcode_shlibpath_var=unsupported if test "$lt_cv_ld_force_load" = "yes"; then whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + else whole_archive_flag_spec='' fi @@ -9598,7 +9663,6 @@ fi fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' - hardcode_libdir_flag_spec_ld='+b $libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes @@ -10222,11 +10286,6 @@ esac - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } @@ -10316,7 +10375,7 @@ need_version=unknown case $host_os in aix3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH @@ -10325,7 +10384,7 @@ aix3*) ;; aix[4-9]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes @@ -10390,7 +10449,7 @@ beos*) ;; bsdi[45]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -10529,7 +10588,7 @@ darwin* | rhapsody*) ;; dgux*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' @@ -10582,17 +10641,18 @@ freebsd* | dragonfly*) ;; gnu*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" @@ -10653,7 +10713,7 @@ hpux9* | hpux10* | hpux11*) ;; interix[3-9]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' @@ -10669,7 +10729,7 @@ irix5* | irix6* | nonstopux*) nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; @@ -10706,9 +10766,9 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -10790,7 +10850,7 @@ netbsd*) ;; newsos6) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -10859,7 +10919,7 @@ rdos*) ;; solaris*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -10884,7 +10944,7 @@ sunos4*) ;; sysv4 | sysv4.3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -10908,7 +10968,7 @@ sysv4 | sysv4.3*) sysv4*MP*) if test -d /usr/nec ;then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH @@ -10939,7 +10999,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -10949,7 +11009,7 @@ tpf*) ;; uts4*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -11731,6 +11791,8 @@ CC="$lt_save_CC" + + ac_config_commands="$ac_config_commands libtool" @@ -11875,7 +11937,7 @@ fi done -for ac_func in fpurge strlcmp strlcpy +for ac_func in fdlopen fpurge strlcat strlcmp strlcpy do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -12006,7 +12068,9 @@ if test "${enable_werror+set}" = set; then : fi -ac_config_files="$ac_config_files bin/Makefile bin/pamtest/Makefile bin/su/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_unix/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile doc/Makefile doc/man/Makefile Makefile" +ac_config_files="$ac_config_files Makefile bin/Makefile bin/openpam_dump_policy/Makefile bin/pamtest/Makefile bin/su/Makefile doc/Makefile doc/man/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile modules/pam_unix/Makefile t/Makefile" + +ac_config_files="$ac_config_files pamgdb" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -12558,7 +12622,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by OpenPAM $as_me 20111218, which was +This file was extended by OpenPAM $as_me 20120526, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -12624,7 +12688,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -OpenPAM config.status 20111218 +OpenPAM config.status 20120526 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -12761,6 +12825,7 @@ pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' @@ -12843,7 +12908,6 @@ with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' -hardcode_libdir_flag_spec_ld='`$ECHO "$hardcode_libdir_flag_spec_ld" | $SED "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' @@ -12899,6 +12963,7 @@ _LTECHO_EOF' # Quote evaled strings. for var in SHELL \ ECHO \ +PATH_SEPARATOR \ SED \ GREP \ EGREP \ @@ -12949,7 +13014,6 @@ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ -hardcode_libdir_flag_spec_ld \ hardcode_libdir_separator \ exclude_expsyms \ include_expsyms \ @@ -13033,19 +13097,22 @@ do "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "bin/Makefile") CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;; + "bin/openpam_dump_policy/Makefile") CONFIG_FILES="$CONFIG_FILES bin/openpam_dump_policy/Makefile" ;; "bin/pamtest/Makefile") CONFIG_FILES="$CONFIG_FILES bin/pamtest/Makefile" ;; "bin/su/Makefile") CONFIG_FILES="$CONFIG_FILES bin/su/Makefile" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; "include/security/Makefile") CONFIG_FILES="$CONFIG_FILES include/security/Makefile" ;; "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; "modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;; - "modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;; "modules/pam_deny/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_deny/Makefile" ;; "modules/pam_permit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_permit/Makefile" ;; - "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; - "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;; - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;; + "t/Makefile") CONFIG_FILES="$CONFIG_FILES t/Makefile" ;; + "pamgdb") CONFIG_FILES="$CONFIG_FILES pamgdb" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac @@ -13757,8 +13824,8 @@ $as_echo X"$file" | # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -13812,6 +13879,9 @@ SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + # The host system. host_alias=$host_alias host=$host @@ -14113,10 +14183,6 @@ no_undefined_flag=$lt_no_undefined_flag # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec -# If ld is used when linking, flag to hardcode \$libdir into a binary -# during linking. This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld - # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator @@ -14367,6 +14433,7 @@ fi chmod +x "$ofile" ;; + "pamgdb":F) chmod +x pamgdb ;; esac done # for ac_tag diff --git a/contrib/openpam/configure.ac b/contrib/openpam/configure.ac index a7453b9..fb30726 100644 --- a/contrib/openpam/configure.ac +++ b/contrib/openpam/configure.ac @@ -1,8 +1,8 @@ -dnl $Id: configure.ac 507 2011-12-18 14:43:40Z des $ +dnl $Id: configure.ac 610 2012-05-26 14:03:45Z des $ AC_PREREQ([2.62]) -AC_REVISION([$Id: configure.ac 507 2011-12-18 14:43:40Z des $]) -AC_INIT([OpenPAM], [20111218], [des@des.no]) +AC_REVISION([$Id: configure.ac 610 2012-05-26 14:03:45Z des $]) +AC_INIT([OpenPAM], [20120526], [des@des.no]) AC_CONFIG_SRCDIR([lib/pam_start.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([foreign]) @@ -83,7 +83,7 @@ AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"]) AC_CHECK_HEADERS([crypt.h]) -AC_CHECK_FUNCS([fpurge strlcmp strlcpy]) +AC_CHECK_FUNCS([fdlopen fpurge strlcat strlcmp strlcpy]) saved_LIBS="${LIBS}" LIBS="" @@ -110,18 +110,21 @@ AC_ARG_ENABLE([werror], [CFLAGS="${CFLAGS} -Werror"]) AC_CONFIG_FILES([ + Makefile bin/Makefile + bin/openpam_dump_policy/Makefile bin/pamtest/Makefile bin/su/Makefile + doc/Makefile + doc/man/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile - modules/pam_unix/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile - doc/Makefile - doc/man/Makefile - Makefile + modules/pam_unix/Makefile + t/Makefile ]) +AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb]) AC_OUTPUT diff --git a/contrib/openpam/doc/man/Makefile.am b/contrib/openpam/doc/man/Makefile.am index 3d1b94b..4062a54 100644 --- a/contrib/openpam/doc/man/Makefile.am +++ b/contrib/openpam/doc/man/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $ +# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $ NULL = @@ -38,12 +38,17 @@ OMAN = \ openpam_borrow_cred.3 \ openpam_free_data.3 \ openpam_free_envlist.3 \ + openpam_get_feature.3 \ openpam_get_option.3 \ openpam_log.3 \ openpam_nullconv.3 \ openpam_readline.3 \ + openpam_readlinev.3 \ + openpam_readword.3 \ openpam_restore_cred.3 \ + openpam_set_feature.3 \ openpam_set_option.3 \ + openpam_straddch.3 \ openpam_subst.3 \ openpam_ttyconv.3 \ pam_error.3 \ @@ -68,17 +73,17 @@ CLEANFILES = $(ALLCMAN) openpam.3 pam.3 GENDOC = $(top_srcdir)/misc/gendoc.pl -SRCDIR = $(top_srcdir)/lib +LIBSRCDIR = $(top_srcdir)/lib -VPATH = $(SRCDIR) +VPATH = $(LIBSRCDIR) $(srcdir) SUFFIXES = .3 .c.3: $(GENDOC) perl -w $(GENDOC) $< -openpam.3: $(OMAN) $(GENDOC) openpam.man +openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man -pam.3: $(PMAN) $(GENDOC) pam.man +pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man diff --git a/contrib/openpam/doc/man/Makefile.in b/contrib/openpam/doc/man/Makefile.in index 91c9feb..298304d 100644 --- a/contrib/openpam/doc/man/Makefile.in +++ b/contrib/openpam/doc/man/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ -# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $ +# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -74,7 +74,7 @@ man5dir = $(mandir)/man5 NROFF = nroff MANS = $(dist_man3_MANS) $(dist_man5_MANS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -VPATH = $(SRCDIR) +VPATH = $(LIBSRCDIR) $(srcdir) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ @@ -232,12 +232,17 @@ OMAN = \ openpam_borrow_cred.3 \ openpam_free_data.3 \ openpam_free_envlist.3 \ + openpam_get_feature.3 \ openpam_get_option.3 \ openpam_log.3 \ openpam_nullconv.3 \ openpam_readline.3 \ + openpam_readlinev.3 \ + openpam_readword.3 \ openpam_restore_cred.3 \ + openpam_set_feature.3 \ openpam_set_option.3 \ + openpam_straddch.3 \ openpam_subst.3 \ openpam_ttyconv.3 \ pam_error.3 \ @@ -256,7 +261,7 @@ dist_man3_MANS = $(ALLCMAN) openpam.3 pam.3 pam_conv.3 dist_man5_MANS = pam.conf.5 CLEANFILES = $(ALLCMAN) openpam.3 pam.3 GENDOC = $(top_srcdir)/misc/gendoc.pl -SRCDIR = $(top_srcdir)/lib +LIBSRCDIR = $(top_srcdir)/lib SUFFIXES = .3 all: all-am @@ -536,10 +541,10 @@ uninstall-man: uninstall-man3 uninstall-man5 .c.3: $(GENDOC) perl -w $(GENDOC) $< -openpam.3: $(OMAN) $(GENDOC) openpam.man +openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man -pam.3: $(PMAN) $(GENDOC) pam.man +pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3 index c04a2aa..a3ff7fc 100644 --- a/contrib/openpam/doc/man/openpam.3 +++ b/contrib/openpam/doc/man/openpam.3 @@ -34,19 +34,24 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM 3 .Os .Sh NAME .Nm openpam_borrow_cred , .Nm openpam_free_data , .Nm openpam_free_envlist , +.Nm openpam_get_feature , .Nm openpam_get_option , .Nm openpam_log , .Nm openpam_nullconv , .Nm openpam_readline , +.Nm openpam_readlinev , +.Nm openpam_readword , .Nm openpam_restore_cred , +.Nm openpam_set_feature , .Nm openpam_set_option , +.Nm openpam_straddch , .Nm openpam_subst , .Nm openpam_ttyconv , .Nm pam_error , @@ -68,6 +73,8 @@ .Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" .Ft "void" .Fn openpam_free_envlist "char **envlist" +.Ft "int" +.Fn openpam_get_feature "int feature" "int *onoff" .Ft "const char *" .Fn openpam_get_option "pam_handle_t *pamh" "const char *option" .Ft "void" @@ -76,11 +83,19 @@ .Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Ft "char *" .Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Ft "char **" +.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp" +.Ft "char *" +.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp" .Ft "int" .Fn openpam_restore_cred "pam_handle_t *pamh" .Ft "int" +.Fn openpam_set_feature "int feature" "int onoff" +.Ft "int" .Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" .Ft "int" +.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch" +.Ft "int" .Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template" .Ft "int" .Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" @@ -117,12 +132,17 @@ standardization. .Xr openpam_borrow_cred 3 , .Xr openpam_free_data 3 , .Xr openpam_free_envlist 3 , +.Xr openpam_get_feature 3 , .Xr openpam_get_option 3 , .Xr openpam_log 3 , .Xr openpam_nullconv 3 , .Xr openpam_readline 3 , +.Xr openpam_readlinev 3 , +.Xr openpam_readword 3 , .Xr openpam_restore_cred 3 , +.Xr openpam_set_feature 3 , .Xr openpam_set_option 3 , +.Xr openpam_straddch 3 , .Xr openpam_subst 3 , .Xr openpam_ttyconv 3 , .Xr pam_error 3 , @@ -146,3 +166,6 @@ Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3 index 25780db..dd05b44 100644 --- a/contrib/openpam/doc/man/openpam_borrow_cred.3 +++ b/contrib/openpam/doc/man/openpam_borrow_cred.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_BORROW_CRED 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" .Sh DESCRIPTION The -.Nm +.Fn openpam_borrow_cred function saves the current credentials and switches to those of the user specified by its .Fa pwd @@ -62,7 +62,7 @@ The original credentials can be restored using .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_borrow_cred function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -81,15 +81,15 @@ System error. .Xr pam_strerror 3 .Sh STANDARDS The -.Nm +.Fn openpam_borrow_cred function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_borrow_cred +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3 index b32a345..4d9e0ee 100644 --- a/contrib/openpam/doc/man/openpam_free_data.3 +++ b/contrib/openpam/doc/man/openpam_free_data.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_FREE_DATA 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" .Sh DESCRIPTION The -.Nm +.Fn openpam_free_data function is a cleanup function suitable for passing to .Xr pam_set_data 3 . @@ -64,15 +64,15 @@ argument to .Xr pam_set_data 3 .Sh STANDARDS The -.Nm +.Fn openpam_free_data function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_free_data +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_free_envlist.3 b/contrib/openpam/doc/man/openpam_free_envlist.3 index 0c1976a..cf8c585 100644 --- a/contrib/openpam/doc/man/openpam_free_envlist.3 +++ b/contrib/openpam/doc/man/openpam_free_envlist.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_FREE_ENVLIST 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_free_envlist "char **envlist" .Sh DESCRIPTION The -.Nm +.Fn openpam_free_envlist function is a convenience function which frees all the environment variables in an environment list, and the list itself. @@ -62,12 +62,11 @@ It is suitable for freeing the return value from .Xr pam_getenvlist 3 .Sh STANDARDS The -.Nm +.Fn openpam_free_envlist function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the -.Fx -Project by -.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +.Fn openpam_free_envlist +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_get_feature.3 b/contrib/openpam/doc/man/openpam_get_feature.3 new file mode 100644 index 0000000..e63ef0c --- /dev/null +++ b/contrib/openpam/doc/man/openpam_get_feature.3 @@ -0,0 +1,105 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 26, 2012 +.Dt OPENPAM_GET_FEATURE 3 +.Os +.Sh NAME +.Nm openpam_get_feature +.Nd query the state of an optional feature +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_get_feature "int feature" "int *onoff" +.Sh DESCRIPTION +.Bf Sy +This function is experimental and may be modified or removed in a future release without further warning. +.Ef +.Pp +The +.Fn openpam_get_feature +function stores the current state of the +specified feature in the variable pointed to by its +.Fa onoff +argument. +.Pp +The following features are recognized: +.Bl -tag -width 18n +.It Dv OPENPAM_RESTRICT_SERVICE_NAME +Disallow path separators in service names. +This feature is enabled by default. +Disabling it allows the application to specify the path to +the desired policy file directly. +.It Dv OPENPAM_VERIFY_POLICY_FILE +Verify the ownership and permissions of the policy file +and the path leading up to it. +This feature is enabled by default. +.It Dv OPENPAM_RESTRICT_MODULE_NAME +Disallow path separators in module names. +This feature is disabled by default. +Enabling it prevents the use of modules in non-standard +locations. +.It Dv OPENPAM_VERIFY_MODULE_FILE +Verify the ownership and permissions of each loadable +module and the path leading up to it. +This feature is enabled by default. +.El +.Sh RETURN VALUES +The +.Fn openpam_get_feature +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.El +.Sh SEE ALSO +.Xr openpam_set_feature 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_get_feature +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_get_feature +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3 index d656612..68a6b2e 100644 --- a/contrib/openpam/doc/man/openpam_get_option.3 +++ b/contrib/openpam/doc/man/openpam_get_option.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_GET_OPTION 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_get_option "pam_handle_t *pamh" "const char *option" .Sh DESCRIPTION The -.Nm +.Fn openpam_get_option function returns the value of the specified option in the context of the currently executing service module, or .Dv NULL @@ -58,7 +58,7 @@ if the option is not set or no module is currently executing. .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_get_option function returns .Dv NULL on failure. @@ -67,15 +67,15 @@ on failure. .Xr pam 3 .Sh STANDARDS The -.Nm +.Fn openpam_get_option function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_get_option +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3 index adfc006..e5e3192 100644 --- a/contrib/openpam/doc/man/openpam_log.3 +++ b/contrib/openpam/doc/man/openpam_log.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_LOG 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_log "int level" "const char *fmt" "..." .Sh DESCRIPTION The -.Nm +.Fn openpam_log function logs messages using .Xr syslog 3 . It is primarily intended for internal use by the library and modules. @@ -60,6 +60,9 @@ The argument indicates the importance of the message. The following levels are defined: .Bl -tag -width 18n +.It Dv PAM_LOG_LIBDEBUG +Debugging messages. +For internal use only. .It Dv PAM_LOG_DEBUG Debugging messages. These messages are normally not logged unless the global @@ -101,15 +104,15 @@ corresponding arguments. .Xr syslog 3 .Sh STANDARDS The -.Nm +.Fn openpam_log function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_log +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3 index 1873cba..f5194d3 100644 --- a/contrib/openpam/doc/man/openpam_nullconv.3 +++ b/contrib/openpam/doc/man/openpam_nullconv.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_NULLCONV 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Sh DESCRIPTION The -.Nm +.Fn openpam_nullconv function is a null conversation function suitable for applications that want to use PAM but don't support interactive dialog with the user. @@ -71,7 +71,7 @@ try to query the user. .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_nullconv function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_CONV_ERR @@ -88,15 +88,15 @@ Conversation failure. .Xr pam_vprompt 3 .Sh STANDARDS The -.Nm +.Fn openpam_nullconv function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_nullconv +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_readline.3 b/contrib/openpam/doc/man/openpam_readline.3 index cf7ab47..32dd55b 100644 --- a/contrib/openpam/doc/man/openpam_readline.3 +++ b/contrib/openpam/doc/man/openpam_readline.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_READLINE 3 .Os .Sh NAME @@ -44,27 +44,32 @@ .Lb libpam .Sh SYNOPSIS .In sys/types.h +.In stdio.h .In security/pam_appl.h .In security/openpam.h .Ft "char *" .Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" .Sh DESCRIPTION +.Bf Sy +This function is deprecated and may be removed in a future release without further warning. The -.Nm +.Fn openpam_readlinev +function may be used to achieve similar results. +.Ef +.Pp +The +.Fn openpam_readline function reads a line from a file, and returns it in a NUL-terminated buffer allocated with .Xr malloc 3 . .Pp The -.Nm +.Fn openpam_readline function performs a certain amount of processing on the data it reads: .Bl -bullet .It -Comments (introduced by a hash sign) are stripped, as is leading and -trailing whitespace. -.It -Any amount of linear whitespace is collapsed to a single space. +Comments (introduced by a hash sign) are stripped. .It Blank lines are ignored. .It @@ -89,27 +94,28 @@ terminating NUL character) is stored in the variable it points to. The caller is responsible for releasing the returned buffer by passing it to .Xr free 3 . +.Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_readline function returns .Dv NULL on failure. .Sh SEE ALSO -.Xr free 3 , -.Xr malloc 3 , +.Xr openpam_readlinev 3 , +.Xr openpam_readword 3 , .Xr pam 3 .Sh STANDARDS The -.Nm +.Fn openpam_readline function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_readline +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_readlinev.3 b/contrib/openpam/doc/man/openpam_readlinev.3 new file mode 100644 index 0000000..f2ba1a6 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readlinev.3 @@ -0,0 +1,159 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 26, 2012 +.Dt OPENPAM_READLINEV 3 +.Os +.Sh NAME +.Nm openpam_readlinev +.Nd read a line from a file and split it into words +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In stdio.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char **" +.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp" +.Sh DESCRIPTION +The +.Fn openpam_readlinev +function reads a line from a file, splits it +into words according to the rules described in the +.Xr openpam_readword 3 +manual page, and returns a list of those words. +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +This includes quoted or escaped newline characters and the newline +character at the end of the line. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the number of words on the line is stored in the +variable to which it points. +.Sh RETURN VALUES +If successful, the +.Fn openpam_readlinev +function returns a pointer to a +dynamically allocated array of pointers to individual dynamically +allocated NUL-terminated strings, each containing a single word, in the +order in which they were encountered on the line. +The array is terminated by a +.Dv NULL +pointer. +.Pp +The caller is responsible for freeing both the array and the individual +strings by passing each of them to +.Xr free 3 . +.Pp +If the end of the line was reached before any words were read, +.Fn openpam_readlinev +returns a pointer to a dynamically allocated array +containing a single +.Dv NULL +pointer. +.Pp +The +.Fn openpam_readlinev +function can fail and return +.Dv NULL +for one of +four reasons: +.Bl -bullet +.It +The end of the file was reached before any words were read; +.Va errno +is +zero, +.Xr ferror 3 +returns zero, and +.Xr feof 3 +returns a non-zero value. +.It +The end of the file was reached while a quote or backslash escape +was in effect; +.Va errno +is set to +.Dv EINVAL , +.Xr ferror 3 +returns zero, and +.Xr feof 3 +returns a non-zero value. +.It +An error occurred while reading from the file; +.Va errno +is non-zero, +.Xr ferror 3 +returns a non-zero value and +.Xr feof 3 +returns zero. +.It +A +.Xr malloc 3 +or +.Xr realloc 3 +call failed; +.Va errno +is set to +.Dv ENOMEM , +.Xr ferror 3 +returns a non-zero value, and +.Xr feof 3 +may or may not return +a non-zero value. +.El +.Sh SEE ALSO +.Xr openpam_readline 3 , +.Xr openpam_readword 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_readlinev +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_readlinev +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_readword.3 b/contrib/openpam/doc/man/openpam_readword.3 new file mode 100644 index 0000000..6f5f58d --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readword.3 @@ -0,0 +1,152 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 26, 2012 +.Dt OPENPAM_READWORD 3 +.Os +.Sh NAME +.Nm openpam_readword +.Nd read a word from a file, respecting shell quoting rules +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In stdio.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char *" +.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp" +.Sh DESCRIPTION +The +.Fn openpam_readword +function reads the next word from a file, and +returns it in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +A word is a sequence of non-whitespace characters. +However, whitespace characters can be included in a word if quoted or +escaped according to the following rules: +.Bl -bullet +.It +An unescaped single or double quote introduces a quoted string, +which ends when the same quote character is encountered a second +time. +The quotes themselves are stripped. +.It +Within a single- or double-quoted string, all whitespace characters, +including the newline character, are preserved as-is. +.It +Outside a quoted string, a backslash escapes the next character, +which is preserved as-is, unless that character is a newline, in +which case it is discarded and reading continues at the beginning of +the next line as if the backslash and newline had not been there. +In all cases, the backslash itself is discarded. +.It +Within a single-quoted string, double quotes and backslashes are +preserved as-is. +.It +Within a double-quoted string, a single quote is preserved as-is, +and a backslash is preserved as-is unless used to escape a double +quote. +.El +.Pp +In addition, if the first non-whitespace character on the line is a +hash character (#), the rest of the line is discarded. +If a hash character occurs within a word, however, it is preserved +as-is. +A backslash at the end of a comment does cause line continuation. +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a quoted or escaped newline character is read. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the length of the word (after quotes and +backslashes have been removed) is stored in the variable it points to. +.Sh RETURN VALUES +If successful, the +.Fn openpam_readword +function returns a pointer to a +dynamically allocated NUL-terminated string containing the first word +encountered on the line. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . +.Pp +If +.Fn openpam_readword +reaches the end of the line or file before any +characters are copied to the word, it returns +.Dv NULL . +In the former +case, the newline is pushed back to the file. +.Pp +If +.Fn openpam_readword +reaches the end of the file while a quote or +backslash escape is in effect, it sets +.Va errno +to +.Dv EINVAL +and returns +.Dv NULL . +.Sh IMPLEMENTATION NOTES +The parsing rules are intended to be equivalent to the normal POSIX +shell quoting rules. +Any discrepancy is a bug and should be reported to the author along +with sample input that can be used to reproduce the error. +.Pp +.Sh SEE ALSO +.Xr openpam_readline 3 , +.Xr openpam_readlinev 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_readword +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_readword +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3 index 12ff8b8..d088ded 100644 --- a/contrib/openpam/doc/man/openpam_restore_cred.3 +++ b/contrib/openpam/doc/man/openpam_restore_cred.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_RESTORE_CRED 3 .Os .Sh NAME @@ -50,13 +50,13 @@ .Fn openpam_restore_cred "pam_handle_t *pamh" .Sh DESCRIPTION The -.Nm +.Fn openpam_restore_cred function restores the credentials saved by .Xr openpam_borrow_cred 3 . .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_restore_cred function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_NO_MODULE_DATA @@ -73,15 +73,15 @@ System error. .Xr pam_strerror 3 .Sh STANDARDS The -.Nm +.Fn openpam_restore_cred function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_restore_cred +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_set_feature.3 b/contrib/openpam/doc/man/openpam_set_feature.3 new file mode 100644 index 0000000..8356dec --- /dev/null +++ b/contrib/openpam/doc/man/openpam_set_feature.3 @@ -0,0 +1,87 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 26, 2012 +.Dt OPENPAM_SET_FEATURE 3 +.Os +.Sh NAME +.Nm openpam_set_feature +.Nd enable or disable an optional feature +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_set_feature "int feature" "int onoff" +.Sh DESCRIPTION +.Bf Sy +This function is experimental and may be modified or removed in a future release without further warning. +.Ef +.Pp +The +.Fn openpam_set_feature +function sets the state of the specified +feature to the value specified by the +.Fa onoff +argument. +See +.Xr openpam_get_feature 3 +for a list of recognized features. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_set_feature +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.El +.Sh SEE ALSO +.Xr openpam_get_feature 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_set_feature +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_set_feature +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3 index f186c00..b1e2267 100644 --- a/contrib/openpam/doc/man/openpam_set_option.3 +++ b/contrib/openpam/doc/man/openpam_set_option.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_SET_OPTION 3 .Os .Sh NAME @@ -50,13 +50,13 @@ .Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" .Sh DESCRIPTION The -.Nm +.Fn openpam_set_option function sets the specified option in the context of the currently executing service module. .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_set_option function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -70,15 +70,15 @@ System error. .Xr pam_strerror 3 .Sh STANDARDS The -.Nm +.Fn openpam_set_option function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_set_option +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/openpam_straddch.3 b/contrib/openpam/doc/man/openpam_straddch.3 new file mode 100644 index 0000000..c555824 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_straddch.3 @@ -0,0 +1,122 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 26, 2012 +.Dt OPENPAM_STRADDCH 3 +.Os +.Sh NAME +.Nm openpam_straddch +.Nd add a character to a string, expanding the buffer if needed +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch" +.Sh DESCRIPTION +The +.Fn openpam_straddch +function appends a character to a dynamically +allocated NUL-terminated buffer, reallocating the buffer as needed. +.Pp +The +.Fa str +argument points to a variable containing either a pointer to +an existing buffer or +.Dv NULL . +If the value of the variable pointed to by +.Fa str +is +.Dv NULL , +a new buffer +is allocated. +.Pp +The +.Fa size +and +.Fa len +argument point to variables used to hold the size +of the buffer and the length of the string it contains, respectively. +.Pp +If a new buffer is allocated or an existing buffer is reallocated to +make room for the additional character, +.Fa str +and +.Fa size +are updated +accordingly. +.Pp +The +.Fn openpam_straddch +function ensures that the buffer is always +NUL-terminated. +.Pp +If the +.Fn openpam_straddch +function is successful, it increments the +integer variable pointed to by +.Fa len +and returns 0. +Otherwise, it leaves the variables pointed to by +.Fa str , +.Fa size +and +.Fa len +unmodified, sets +.Va errno +to +.Dv ENOMEM +and returns -1. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_straddch +function returns 0 on success and -1 on failure. +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_straddch +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_straddch +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_subst.3 b/contrib/openpam/doc/man/openpam_subst.3 index 565b3e0..47297c9 100644 --- a/contrib/openpam/doc/man/openpam_subst.3 +++ b/contrib/openpam/doc/man/openpam_subst.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_SUBST 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template" .Sh DESCRIPTION The -.Nm +.Fn openpam_subst function expands a string, substituting PAM item values for all occurrences of specific substitution codes. The @@ -73,12 +73,12 @@ string, .Fa bufsize is updated to reflect the amount of space required to hold the entire string, and -.Nm +.Fn openpam_subst returns .Dv PAM_TRY_AGAIN . .Pp If -.Nm +.Fn openpam_subst fails for any other reason, the .Fa bufsize argument is @@ -112,10 +112,9 @@ Replaced by the current value of the .Dv PAM_USER item. .El -.Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_subst function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_SYSTEM_ERR @@ -131,12 +130,11 @@ Try again. .Xr pam_strerror 3 .Sh STANDARDS The -.Nm +.Fn openpam_subst function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the -.Fx -Project by -.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +.Fn openpam_subst +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3 index b2cd9d9..3e97cb4 100644 --- a/contrib/openpam/doc/man/openpam_ttyconv.3 +++ b/contrib/openpam/doc/man/openpam_ttyconv.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt OPENPAM_TTYCONV 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Sh DESCRIPTION The -.Nm +.Fn openpam_ttyconv function is a standard conversation function suitable for use on TTY devices. It should be adequate for the needs of most text-based interactive programs. .Pp The -.Nm +.Fn openpam_ttyconv function allows the application to specify a timeout for user input by setting the global integer variable .Va openpam_ttyconv_timeout @@ -65,7 +65,7 @@ to the length of the timeout in seconds. .Pp .Sh RETURN VALUES The -.Nm +.Fn openpam_ttyconv function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -83,15 +83,15 @@ System error. .Xr pam_vprompt 3 .Sh STANDARDS The -.Nm +.Fn openpam_ttyconv function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn openpam_ttyconv +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 index 11befcd..196a3c7 100644 --- a/contrib/openpam/doc/man/pam.3 +++ b/contrib/openpam/doc/man/pam.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM 3 .Os .Sh NAME @@ -291,3 +291,6 @@ Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/pam.conf.5 b/contrib/openpam/doc/man/pam.conf.5 index 3669f92..d5f80d5 100644 --- a/contrib/openpam/doc/man/pam.conf.5 +++ b/contrib/openpam/doc/man/pam.conf.5 @@ -26,9 +26,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: pam.conf.5 485 2011-11-03 16:57:37Z des $ +.\" $Id: pam.conf.5 610 2012-05-26 14:03:45Z des $ .\" -.Dd November 3, 2011 +.Dd May 26, 2012 .Dt PAM.CONF 5 .Os .Sh NAME @@ -50,7 +50,7 @@ decreasing order of preference: .Pp If none of these locations contains a policy for the given service, the -.Dv default +.Dq Dv other policy is used instead, if it exists. .Pp Entries in per-service policy files must be of one of the two forms @@ -177,5 +177,5 @@ DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Pp -This manual page was written by -.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 index 9410048..f79c464 100644 --- a/contrib/openpam/doc/man/pam_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_ACCT_MGMT 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_acct_mgmt function verifies and enforces account restrictions after the user has been authenticated. .Pp @@ -65,12 +65,12 @@ Fail if the user's authentication token is null. .El .Pp If any other bits are set, -.Nm +.Fn pam_acct_mgmt will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_acct_mgmt function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -104,11 +104,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_acct_mgmt +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 index 8263280..c521a38 100644 --- a/contrib/openpam/doc/man/pam_authenticate.3 +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_AUTHENTICATE 3 .Os .Sh NAME @@ -49,14 +49,14 @@ .Fn pam_authenticate "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_authenticate function attempts to authenticate the user associated with the pam context specified by the .Fa pamh argument. .Pp The application is free to call -.Nm +.Fn pam_authenticate as many times as it wishes, but some modules may maintain an internal retry counter and return @@ -75,12 +75,12 @@ Fail if the user's authentication token is null. .El .Pp If any other bits are set, -.Nm +.Fn pam_authenticate will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_authenticate function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -118,11 +118,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_authenticate +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 index 5823866..11647e7 100644 --- a/contrib/openpam/doc/man/pam_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_CHAUTHTOK 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_chauthtok "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_chauthtok function attempts to change the authentication token for the user associated with the pam context specified by the .Fa pamh @@ -67,12 +67,12 @@ Change only those authentication tokens that have expired. .El .Pp If any other bits are set, -.Nm +.Fn pam_chauthtok will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_chauthtok function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -110,11 +110,11 @@ Try again. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_chauthtok +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 index 43e4b03..dba62e8 100644 --- a/contrib/openpam/doc/man/pam_close_session.3 +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_CLOSE_SESSION 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_close_session "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_close_session function tears down the user session previously set up by .Xr pam_open_session 3 . @@ -64,12 +64,12 @@ Do not emit any messages. .El .Pp If any other bits are set, -.Nm +.Fn pam_close_session will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_close_session function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -100,11 +100,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_close_session +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3 index 6b6e697..a1b121b 100644 --- a/contrib/openpam/doc/man/pam_conv.3 +++ b/contrib/openpam/doc/man/pam_conv.3 @@ -32,9 +32,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: pam_conv.3 437 2011-09-13 12:00:13Z des $ +.\" $Id: pam_conv.3 610 2012-05-26 14:03:45Z des $ .\" -.Dd June 16, 2005 +.Dd May 26, 2012 .Dt PAM_CONV 3 .Os .Sh NAME @@ -181,3 +181,6 @@ the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq des@des.no . diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 index 66e2871..0d66912 100644 --- a/contrib/openpam/doc/man/pam_end.3 +++ b/contrib/openpam/doc/man/pam_end.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_END 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_end "pam_handle_t *pamh" "int status" .Sh DESCRIPTION The -.Nm +.Fn pam_end function terminates a PAM transaction and destroys the corresponding PAM context, releasing all resources allocated to it. .Pp @@ -57,11 +57,10 @@ The .Fa status argument should be set to the error code returned by the last API call before the call to -.Nm -. +.Fn pam_end . .Sh RETURN VALUES The -.Nm +.Fn pam_end function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_SYSTEM_ERR @@ -77,11 +76,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_end +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 index c957409..6767772 100644 --- a/contrib/openpam/doc/man/pam_error.3 +++ b/contrib/openpam/doc/man/pam_error.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_ERROR 3 .Os .Sh NAME @@ -49,13 +49,13 @@ .Fn pam_error "const pam_handle_t *pamh" "const char *fmt" "..." .Sh DESCRIPTION The -.Nm +.Fn pam_error function displays an error message through the intermediary of the given PAM context's conversation function. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_error function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -73,15 +73,15 @@ System error. .Xr pam_verror 3 .Sh STANDARDS The -.Nm +.Fn pam_error function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_error +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 index 7f0c804..84c133d 100644 --- a/contrib/openpam/doc/man/pam_get_authtok.3 +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GET_AUTHTOK 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" .Sh DESCRIPTION The -.Nm +.Fn pam_get_authtok function returns the cached authentication token, or prompts the user if no token is currently cached. Either way, a pointer to the authentication token is stored in the @@ -89,7 +89,7 @@ before it is passed to the conversation function. .Pp If -.Nm +.Fn pam_get_authtok is called from a module and the .Dv authtok_prompt / @@ -110,17 +110,17 @@ is set to and there is a non-null .Dv PAM_OLDAUTHTOK item, -.Nm +.Fn pam_get_authtok will ask the user to confirm the new token by retyping it. If there is a mismatch, -.Nm +.Fn pam_get_authtok will return .Dv PAM_TRY_AGAIN . .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_get_authtok function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -140,15 +140,15 @@ Try again. .Xr pam_strerror 3 .Sh STANDARDS The -.Nm +.Fn pam_get_authtok function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_get_authtok +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 index 49fae05..db4b723 100644 --- a/contrib/openpam/doc/man/pam_get_data.3 +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GET_DATA 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_get_data "const pam_handle_t *pamh" "const char *module_data_name" "const void **data" .Sh DESCRIPTION The -.Nm +.Fn pam_get_data function looks up the opaque object associated with the string specified by the .Fa module_data_name @@ -61,7 +61,7 @@ A pointer to the object is stored in the location pointed to by the .Fa data argument. If -.Nm +.Fn pam_get_data fails, the .Fa data argument is untouched. @@ -72,7 +72,7 @@ are useful for managing data that are meaningful only to a particular service module. .Sh RETURN VALUES The -.Nm +.Fn pam_get_data function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_NO_MODULE_DATA @@ -91,11 +91,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_get_data +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 index 1244a77..aaa1bad 100644 --- a/contrib/openpam/doc/man/pam_get_item.3 +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GET_ITEM 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_get_item "const pam_handle_t *pamh" "int item_type" "const void **item" .Sh DESCRIPTION The -.Nm +.Fn pam_get_item function stores a pointer to the item specified by the .Fa item_type @@ -60,7 +60,7 @@ The item is retrieved from the PAM context specified by the .Fa pamh argument. If -.Nm +.Fn pam_get_item fails, the .Fa item argument is untouched. @@ -107,7 +107,7 @@ for a description of .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_get_item function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_SYMBOL_ERR @@ -127,11 +127,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_get_item +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 index 8f3b426..448f418 100644 --- a/contrib/openpam/doc/man/pam_get_user.3 +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GET_USER 3 .Os .Sh NAME @@ -49,13 +49,13 @@ .Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" .Sh DESCRIPTION The -.Nm +.Fn pam_get_user function returns the name of the target user, as specified to .Xr pam_start 3 . If no user was specified, nor set using .Xr pam_set_item 3 , -.Nm +.Fn pam_get_user will prompt for a user name. Either way, a pointer to the user name is stored in the location pointed to by the @@ -80,7 +80,7 @@ before it is passed to the conversation function. .Pp If -.Nm +.Fn pam_get_user is called from a module and the .Dv user_prompt option is @@ -93,7 +93,7 @@ item. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_get_user function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -118,11 +118,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_get_user +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 index ebd2992..1f0df73 100644 --- a/contrib/openpam/doc/man/pam_getenv.3 +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GETENV 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_getenv "pam_handle_t *pamh" "const char *name" .Sh DESCRIPTION The -.Nm +.Fn pam_getenv function returns the value of an environment variable. Its semantics are similar to those of .Xr getenv 3 , @@ -58,7 +58,7 @@ context's environment list instead of the application's. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_getenv function returns .Dv NULL on failure. @@ -75,11 +75,11 @@ on failure. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_getenv +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 index a034c8e..9af3784 100644 --- a/contrib/openpam/doc/man/pam_getenvlist.3 +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_GETENVLIST 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_getenvlist "pam_handle_t *pamh" .Sh DESCRIPTION The -.Nm +.Fn pam_getenvlist function returns a copy of the given PAM context's environment list as a pointer to an array of strings. The last element in the array is @@ -77,7 +77,7 @@ after use: .Ed .Sh RETURN VALUES The -.Nm +.Fn pam_getenvlist function returns .Dv NULL on failure. @@ -96,11 +96,11 @@ on failure. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_getenvlist +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 index 08bf200..c08b574 100644 --- a/contrib/openpam/doc/man/pam_info.3 +++ b/contrib/openpam/doc/man/pam_info.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_INFO 3 .Os .Sh NAME @@ -49,13 +49,13 @@ .Fn pam_info "const pam_handle_t *pamh" "const char *fmt" "..." .Sh DESCRIPTION The -.Nm +.Fn pam_info function displays an informational message through the intermediary of the given PAM context's conversation function. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_info function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -73,15 +73,15 @@ System error. .Xr pam_vinfo 3 .Sh STANDARDS The -.Nm +.Fn pam_info function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_info +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 index 13811c7..1cde0e4 100644 --- a/contrib/openpam/doc/man/pam_open_session.3 +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_OPEN_SESSION 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_open_session "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_open_session sets up a user session for a previously authenticated user. The session should later be torn down by a call to @@ -65,12 +65,12 @@ Do not emit any messages. .El .Pp If any other bits are set, -.Nm +.Fn pam_open_session will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_open_session function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -101,11 +101,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_open_session +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 index 20574f2..0ff7742 100644 --- a/contrib/openpam/doc/man/pam_prompt.3 +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_PROMPT 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_prompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." .Sh DESCRIPTION The -.Nm +.Fn pam_prompt function constructs a message from the specified format string and arguments and passes it to the given PAM context's conversation function. @@ -67,7 +67,7 @@ for further details. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_prompt function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -85,15 +85,15 @@ System error. .Xr pam_vprompt 3 .Sh STANDARDS The -.Nm +.Fn pam_prompt function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_prompt +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 index e69816a..4e9c693 100644 --- a/contrib/openpam/doc/man/pam_putenv.3 +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_PUTENV 3 .Os .Sh NAME @@ -49,8 +49,8 @@ .Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" .Sh DESCRIPTION The -.Nm -function sets a environment variable. +.Fn pam_putenv +function sets an environment variable. Its semantics are similar to those of .Xr putenv 3 , but it modifies the PAM @@ -58,7 +58,7 @@ context's environment list instead of the application's. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_putenv function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -80,11 +80,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_putenv +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 index ce4d63d0..c02ae2e 100644 --- a/contrib/openpam/doc/man/pam_set_data.3 +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SET_DATA 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" .Sh DESCRIPTION The -.Nm +.Fn pam_set_data function associates a pointer to an opaque object with an arbitrary string specified by the .Fa module_data_name @@ -71,7 +71,7 @@ are useful for managing data that are meaningful only to a particular service module. .Sh RETURN VALUES The -.Nm +.Fn pam_set_data function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -90,11 +90,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_set_data +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 index 9f4e78d..668c4f3 100644 --- a/contrib/openpam/doc/man/pam_set_item.3 +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SET_ITEM 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" .Sh DESCRIPTION The -.Nm +.Fn pam_set_item function sets the item specified by the .Fa item_type argument to a copy of the object pointed to by the @@ -63,7 +63,7 @@ See for a list of recognized item types. .Sh RETURN VALUES The -.Nm +.Fn pam_set_item function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -84,11 +84,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_set_item +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 index 1e0a246..a4f8249 100644 --- a/contrib/openpam/doc/man/pam_setcred.3 +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SETCRED 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_setcred "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The -.Nm +.Fn pam_setcred function manages the application's credentials. .Pp The @@ -72,12 +72,12 @@ Refresh credentials. The latter four are mutually exclusive. .Pp If any other bits are set, -.Nm +.Fn pam_setcred will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The -.Nm +.Fn pam_setcred function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -113,11 +113,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_setcred +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 index 43906ef..e3b9c13 100644 --- a/contrib/openpam/doc/man/pam_setenv.3 +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SETENV 3 .Os .Sh NAME @@ -49,8 +49,8 @@ .Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" .Sh DESCRIPTION The -.Nm -function sets a environment variable. +.Fn pam_setenv +function sets an environment variable. Its semantics are similar to those of .Xr setenv 3 , but it modifies the PAM @@ -58,7 +58,7 @@ context's environment list instead of the application's. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_setenv function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -75,15 +75,15 @@ System error. .Xr setenv 3 .Sh STANDARDS The -.Nm +.Fn pam_setenv function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_setenv +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 index 22e1980..35dd05b 100644 --- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_ACCT_MGMT 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_acct_mgmt function is the service module's implementation of the .Xr pam_acct_mgmt 3 API function. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_acct_mgmt function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -94,11 +94,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_acct_mgmt +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3 index e41a70a..4c27bb7 100644 --- a/contrib/openpam/doc/man/pam_sm_authenticate.3 +++ b/contrib/openpam/doc/man/pam_sm_authenticate.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_AUTHENTICATE 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_authenticate function is the service module's implementation of the .Xr pam_authenticate 3 API function. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_authenticate function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -96,11 +96,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_authenticate +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3 index bc3f461..8e28b05 100644 --- a/contrib/openpam/doc/man/pam_sm_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_CHAUTHTOK 3 .Os .Sh NAME @@ -50,7 +50,7 @@ .Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_chauthtok function is the service module's implementation of the .Xr pam_chauthtok 3 @@ -67,7 +67,7 @@ with the flag set. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_chauthtok function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -106,11 +106,11 @@ Try again. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_chauthtok +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3 index 3b1f57e..bfb5d87 100644 --- a/contrib/openpam/doc/man/pam_sm_close_session.3 +++ b/contrib/openpam/doc/man/pam_sm_close_session.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_CLOSE_SESSION 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_close_session function is the service module's implementation of the .Xr pam_close_session 3 API function. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_close_session function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -88,11 +88,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_close_session +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3 index cdfe4d4..b92fb45 100644 --- a/contrib/openpam/doc/man/pam_sm_open_session.3 +++ b/contrib/openpam/doc/man/pam_sm_open_session.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_OPEN_SESSION 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_open_session function is the service module's implementation of the .Xr pam_open_session 3 API function. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_open_session function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -88,11 +88,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_open_session +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3 index 6d5c52f..19b192e 100644 --- a/contrib/openpam/doc/man/pam_sm_setcred.3 +++ b/contrib/openpam/doc/man/pam_sm_setcred.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_SM_SETCRED 3 .Os .Sh NAME @@ -50,14 +50,14 @@ .Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The -.Nm +.Fn pam_sm_setcred function is the service module's implementation of the .Xr pam_setcred 3 API function. .Sh RETURN VALUES The -.Nm +.Fn pam_sm_setcred function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT @@ -94,11 +94,11 @@ Unknown user. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_sm_setcred +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 index eaa9f05..4e28d3e 100644 --- a/contrib/openpam/doc/man/pam_start.3 +++ b/contrib/openpam/doc/man/pam_start.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_START 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" .Sh DESCRIPTION The -.Nm +.Fn pam_start function creates and initializes a PAM context. .Pp The @@ -78,7 +78,7 @@ for details. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_start function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -99,11 +99,11 @@ System error. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_start +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 index 9003102..5b24b68 100644 --- a/contrib/openpam/doc/man/pam_strerror.3 +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_STRERROR 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_strerror "const pam_handle_t *pamh" "int error_number" .Sh DESCRIPTION The -.Nm +.Fn pam_strerror function returns a pointer to a string containing a textual description of the error indicated by the .Fa error_number @@ -64,7 +64,7 @@ or .Dv NULL . .Sh RETURN VALUES The -.Nm +.Fn pam_strerror function returns .Dv NULL on failure. @@ -78,11 +78,11 @@ on failure. .Re .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_strerror +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 index 4987da3..d4a8cc5 100644 --- a/contrib/openpam/doc/man/pam_verror.3 +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_VERROR 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_verror "const pam_handle_t *pamh" "const char *fmt" "va_list ap" .Sh DESCRIPTION The -.Nm +.Fn pam_verror function passes its arguments to .Xr pam_vprompt 3 with a @@ -59,7 +59,7 @@ and discards the response. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_verror function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -77,15 +77,15 @@ System error. .Xr pam_vprompt 3 .Sh STANDARDS The -.Nm +.Fn pam_verror function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_verror +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 index c2ac5b0..3e10b50 100644 --- a/contrib/openpam/doc/man/pam_vinfo.3 +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_VINFO 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_vinfo "const pam_handle_t *pamh" "const char *fmt" "va_list ap" .Sh DESCRIPTION The -.Nm +.Fn pam_vinfo function passes its arguments to .Xr pam_vprompt 3 with a @@ -59,7 +59,7 @@ and discards the response. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_vinfo function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -77,15 +77,15 @@ System error. .Xr pam_vprompt 3 .Sh STANDARDS The -.Nm +.Fn pam_vinfo function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_vinfo +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 index 381008d..c3d8b32 100644 --- a/contrib/openpam/doc/man/pam_vprompt.3 +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -34,7 +34,7 @@ .\" .\" $Id$ .\" -.Dd December 18, 2011 +.Dd May 26, 2012 .Dt PAM_VPROMPT 3 .Os .Sh NAME @@ -49,7 +49,7 @@ .Fn pam_vprompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" .Sh DESCRIPTION The -.Nm +.Fn pam_vprompt function constructs a string from the .Fa fmt and @@ -93,7 +93,7 @@ If they do, they may be truncated. .Pp .Sh RETURN VALUES The -.Nm +.Fn pam_vprompt function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR @@ -114,15 +114,15 @@ System error. .Xr vsnprintf 3 .Sh STANDARDS The -.Nm +.Fn pam_vprompt function is an OpenPAM extension. .Sh AUTHORS The -.Nm -function and this manual page were developed for the +.Fn pam_vprompt +function and this manual page were +developed for the .Fx -Project by -ThinkSec AS and Network Associates Laboratories, the +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h index 0c896a4..4ba8b95 100644 --- a/contrib/openpam/include/security/openpam.h +++ b/contrib/openpam/include/security/openpam.h @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam.h 455 2011-10-29 18:31:11Z des $ + * $Id: openpam.h 605 2012-04-20 11:05:10Z des $ */ #ifndef SECURITY_OPENPAM_H_INCLUDED @@ -157,12 +157,49 @@ openpam_readline(FILE *_f, int *_lineno, size_t *_lenp) OPENPAM_NONNULL((1)); + +char ** +openpam_readlinev(FILE *_f, + int *_lineno, + int *_lenp) + OPENPAM_NONNULL((1)); + +char * +openpam_readword(FILE *_f, + int *_lineno, + size_t *_lenp) + OPENPAM_NONNULL((1)); #endif +int +openpam_straddch(char **_str, + size_t *_sizep, + size_t *_lenp, + int ch) + OPENPAM_NONNULL((1)); + +/* + * Enable / disable optional features + */ +enum { + OPENPAM_RESTRICT_SERVICE_NAME, + OPENPAM_VERIFY_POLICY_FILE, + OPENPAM_RESTRICT_MODULE_NAME, + OPENPAM_VERIFY_MODULE_FILE, + OPENPAM_NUM_FEATURES +}; + +int +openpam_set_feature(int _feature, int _onoff); + +int +openpam_get_feature(int _feature, int *_onoff); + /* * Log levels */ enum { + PAM_LOG_LIBDEBUG = -1, PAM_LOG_DEBUG, PAM_LOG_VERBOSE, PAM_LOG_NOTICE, @@ -196,8 +233,8 @@ _openpam_log(int _level, void openpam_log(int _level, const char *_format, - ...) - OPENPAM_FORMAT ((__printf__, 2, 3)) + ...) + OPENPAM_FORMAT ((__printf__, 2, 3)) OPENPAM_NONNULL((2)); #endif diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h index ed1c1de..d50d913 100644 --- a/contrib/openpam/include/security/openpam_version.h +++ b/contrib/openpam/include/security/openpam_version.h @@ -32,14 +32,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_version.h 505 2011-12-18 14:13:08Z des $ + * $Id: openpam_version.h 609 2012-05-26 13:57:45Z des $ */ #ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED #define SECURITY_OPENPAM_VERSION_H_INCLUDED #define OPENPAM -#define OPENPAM_VERSION 20111218 -#define OPENPAM_RELEASE "Lycopsida" +#define OPENPAM_VERSION 20120526 +#define OPENPAM_RELEASE "Micrampelis" #endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */ diff --git a/contrib/openpam/lib/Makefile.am b/contrib/openpam/lib/Makefile.am index 3a2e60e..9ce2d2f 100644 --- a/contrib/openpam/lib/Makefile.am +++ b/contrib/openpam/lib/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $ +# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $ NULL = @@ -8,8 +8,11 @@ lib_LTLIBRARIES = libpam.la noinst_HEADERS = \ openpam_constants.h \ + openpam_ctype.h \ openpam_debug.h \ + openpam_features.h \ openpam_impl.h \ + openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h @@ -20,17 +23,23 @@ libpam_la_SOURCES = \ openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ + openpam_features.c \ openpam_findenv.c \ openpam_free_data.c \ openpam_free_envlist.c \ + openpam_get_feature.c \ openpam_get_option.c \ openpam_load.c \ openpam_log.c \ openpam_nullconv.c \ openpam_readline.c \ + openpam_readlinev.c \ + openpam_readword.c \ openpam_restore_cred.c \ openpam_set_option.c \ + openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_subst.c \ openpam_ttyconv.c \ pam_acct_mgmt.c \ diff --git a/contrib/openpam/lib/Makefile.in b/contrib/openpam/lib/Makefile.in index 0052ce2..353fbab 100644 --- a/contrib/openpam/lib/Makefile.in +++ b/contrib/openpam/lib/Makefile.in @@ -15,7 +15,7 @@ @SET_MAKE@ -# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $ +# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $ VPATH = @srcdir@ @@ -76,11 +76,13 @@ am__objects_1 = am_libpam_la_OBJECTS = openpam_borrow_cred.lo \ openpam_check_owner_perms.lo openpam_configure.lo \ openpam_constants.lo openpam_dispatch.lo openpam_dynamic.lo \ - openpam_findenv.lo openpam_free_data.lo \ - openpam_free_envlist.lo openpam_get_option.lo openpam_load.lo \ - openpam_log.lo openpam_nullconv.lo openpam_readline.lo \ - openpam_restore_cred.lo openpam_set_option.lo \ - openpam_static.lo openpam_subst.lo openpam_ttyconv.lo \ + openpam_features.lo openpam_findenv.lo openpam_free_data.lo \ + openpam_free_envlist.lo openpam_get_feature.lo \ + openpam_get_option.lo openpam_load.lo openpam_log.lo \ + openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \ + openpam_readword.lo openpam_restore_cred.lo \ + openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \ + openpam_straddch.lo openpam_subst.lo openpam_ttyconv.lo \ pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \ pam_close_session.lo pam_end.lo pam_error.lo \ pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \ @@ -234,8 +236,11 @@ INCLUDES = -I$(top_srcdir)/include lib_LTLIBRARIES = libpam.la noinst_HEADERS = \ openpam_constants.h \ + openpam_ctype.h \ openpam_debug.h \ + openpam_features.h \ openpam_impl.h \ + openpam_strlcat.h \ openpam_strlcmp.h \ openpam_strlcpy.h @@ -246,17 +251,23 @@ libpam_la_SOURCES = \ openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ + openpam_features.c \ openpam_findenv.c \ openpam_free_data.c \ openpam_free_envlist.c \ + openpam_get_feature.c \ openpam_get_option.c \ openpam_load.c \ openpam_log.c \ openpam_nullconv.c \ openpam_readline.c \ + openpam_readlinev.c \ + openpam_readword.c \ openpam_restore_cred.c \ openpam_set_option.c \ + openpam_set_feature.c \ openpam_static.c \ + openpam_straddch.c \ openpam_subst.c \ openpam_ttyconv.c \ pam_acct_mgmt.c \ @@ -387,17 +398,23 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_constants.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dispatch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dynamic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_features.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_findenv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_data.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_envlist.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_feature.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_option.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_load.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_log.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_nullconv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readline.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readlinev.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readword.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_restore_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_feature.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_option.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_static.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_acct_mgmt.Plo@am__quote@ diff --git a/contrib/openpam/lib/openpam_check_owner_perms.c b/contrib/openpam/lib/openpam_check_owner_perms.c index 9d64ed6..d3b2ca9 100644 --- a/contrib/openpam/lib/openpam_check_owner_perms.c +++ b/contrib/openpam/lib/openpam_check_owner_perms.c @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +27,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $ + * $Id: openpam_check_owner_perms.c 543 2012-03-31 22:11:34Z des $ */ #ifdef HAVE_CONFIG_H @@ -67,6 +70,12 @@ openpam_check_desc_owner_perms(const char *name, int fd) errno = serrno; return (-1); } + if (!S_ISREG(sb.st_mode)) { + openpam_log(PAM_LOG_ERROR, + "%s: not a regular file", name); + errno = EINVAL; + return (-1); + } if ((sb.st_uid != root && sb.st_uid != arbitrator) || (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { openpam_log(PAM_LOG_ERROR, @@ -84,7 +93,7 @@ openpam_check_desc_owner_perms(const char *name, int fd) * up to it are owned by either root or the arbitrator and that they are * not writable by group or other. * - * Note that openpam_check_file_owner_perms() should be used instead if + * Note that openpam_check_desc_owner_perms() should be used instead if * possible to avoid a race between the ownership / permission check and * the actual open(). */ @@ -95,8 +104,9 @@ openpam_check_path_owner_perms(const char *path) uid_t root, arbitrator; char pathbuf[PATH_MAX]; struct stat sb; - int len, serrno; + int len, serrno, tip; + tip = 1; root = 0; arbitrator = geteuid(); if (realpath(path, pathbuf) == NULL) @@ -111,6 +121,12 @@ openpam_check_path_owner_perms(const char *path) } return (-1); } + if (tip && !S_ISREG(sb.st_mode)) { + openpam_log(PAM_LOG_ERROR, + "%s: not a regular file", pathbuf); + errno = EINVAL; + return (-1); + } if ((sb.st_uid != root && sb.st_uid != arbitrator) || (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { openpam_log(PAM_LOG_ERROR, @@ -120,6 +136,7 @@ openpam_check_path_owner_perms(const char *path) } while (--len > 0 && pathbuf[len] != '/') pathbuf[len] = '\0'; + tip = 0; } return (0); } diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c index bef7817..778bec8 100644 --- a/contrib/openpam/lib/openpam_configure.c +++ b/contrib/openpam/lib/openpam_configure.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2011 Dag-Erling Smørgrav + * Copyright (c) 2004-2012 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,13 +32,15 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_configure.c 500 2011-11-22 12:07:03Z des $ + * $Id: openpam_configure.c 601 2012-04-14 20:37:45Z des $ */ #ifdef HAVE_CONFIG_H # include "config.h" #endif +#include <sys/param.h> + #include <ctype.h> #include <errno.h> #include <stdio.h> @@ -48,389 +50,183 @@ #include <security/pam_appl.h> #include "openpam_impl.h" -#include "openpam_strlcmp.h" +#include "openpam_ctype.h" +#include "openpam_strlcat.h" +#include "openpam_strlcpy.h" static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); /* - * Evaluates to non-zero if the argument is a linear whitespace character. - */ -#define is_lws(ch) \ - (ch == ' ' || ch == '\t') - -/* - * Evaluates to non-zero if the argument is a printable ASCII character. - * Assumes that the execution character set is a superset of ASCII. - */ -#define is_p(ch) \ - (ch >= '!' && ch <= '~') - -/* - * Returns non-zero if the argument belongs to the POSIX Portable Filename - * Character Set. Assumes that the execution character set is a superset - * of ASCII. - */ -#define is_pfcs(ch) \ - ((ch >= '0' && ch <= '9') || \ - (ch >= 'A' && ch <= 'Z') || \ - (ch >= 'a' && ch <= 'z') || \ - ch == '.' || ch == '_' || ch == '-') - -/* - * Parse the service name. - * - * Returns the length of the service name, or 0 if the end of the string - * was reached or a disallowed non-whitespace character was encountered. + * Validate a service name. * - * If parse_service_name() is successful, it updates *service to point to - * the first character of the service name and *line to point one - * character past the end. If it reaches the end of the string, it - * updates *line to point to the terminating NUL character and leaves - * *service unmodified. In all other cases, it leaves both *line and - * *service unmodified. - * - * Allowed characters are all characters in the POSIX portable filename - * character set. + * Returns a non-zero value if the argument points to a NUL-terminated + * string consisting entirely of characters in the POSIX portable filename + * character set, excluding the path separator character. */ static int -parse_service_name(char **line, char **service) +valid_service_name(const char *name) { - char *b, *e; + const char *p; - for (b = *line; *b && is_lws(*b); ++b) - /* nothing */ ; - if (!*b) { - *line = b; - return (0); + if (OPENPAM_FEATURE(RESTRICT_SERVICE_NAME)) { + /* path separator not allowed */ + for (p = name; *p != '\0'; ++p) + if (!is_pfcs(*p)) + return (0); + } else { + /* path separator allowed */ + for (p = name; *p != '\0'; ++p) + if (!is_pfcs(*p) && *p != '/') + return (0); } - for (e = b; *e && !is_lws(*e); ++e) - if (!is_pfcs(*e)) - return (0); - if (e == b) - return (0); - *line = e; - *service = b; - return (e - b); + return (1); } /* * Parse the facility name. * - * Returns the corresponding pam_facility_t value, or -1 if the end of the - * string was reached, a disallowed non-whitespace character was - * encountered, or the first word was not a recognized facility name. - * - * If parse_facility_name() is successful, it updates *line to point one - * character past the end of the facility name. If it reaches the end of - * the string, it updates *line to point to the terminating NUL character. - * In all other cases, it leaves *line unmodified. + * Returns the corresponding pam_facility_t value, or -1 if the argument + * is not a valid facility name. */ static pam_facility_t -parse_facility_name(char **line) +parse_facility_name(const char *name) { - char *b, *e; int i; - for (b = *line; *b && is_lws(*b); ++b) - /* nothing */ ; - if (!*b) { - *line = b; - return ((pam_facility_t)-1); - } - for (e = b; *e && !is_lws(*e); ++e) - /* nothing */ ; - if (e == b) - return ((pam_facility_t)-1); for (i = 0; i < PAM_NUM_FACILITIES; ++i) - if (strlcmp(pam_facility_name[i], b, e - b) == 0) - break; - if (i == PAM_NUM_FACILITIES) - return ((pam_facility_t)-1); - *line = e; - return (i); -} - -/* - * Parse the word "include". - * - * If the next word on the line is "include", parse_include() updates - * *line to point one character past "include" and returns 1. Otherwise, - * it leaves *line unmodified and returns 0. - */ -static int -parse_include(char **line) -{ - char *b, *e; - - for (b = *line; *b && is_lws(*b); ++b) - /* nothing */ ; - if (!*b) { - *line = b; - return (-1); - } - for (e = b; *e && !is_lws(*e); ++e) - /* nothing */ ; - if (e == b) - return (0); - if (strlcmp("include", b, e - b) != 0) - return (0); - *line = e; - return (1); + if (strcmp(pam_facility_name[i], name) == 0) + return (i); + return ((pam_facility_t)-1); } /* * Parse the control flag. * - * Returns the corresponding pam_control_t value, or -1 if the end of the - * string was reached, a disallowed non-whitespace character was - * encountered, or the first word was not a recognized control flag. - * - * If parse_control_flag() is successful, it updates *line to point one - * character past the end of the control flag. If it reaches the end of - * the string, it updates *line to point to the terminating NUL character. - * In all other cases, it leaves *line unmodified. + * Returns the corresponding pam_control_t value, or -1 if the argument is + * not a valid control flag name. */ static pam_control_t -parse_control_flag(char **line) +parse_control_flag(const char *name) { - char *b, *e; int i; - for (b = *line; *b && is_lws(*b); ++b) - /* nothing */ ; - if (!*b) { - *line = b; - return ((pam_control_t)-1); - } - for (e = b; *e && !is_lws(*e); ++e) - /* nothing */ ; - if (e == b) - return ((pam_control_t)-1); for (i = 0; i < PAM_NUM_CONTROL_FLAGS; ++i) - if (strlcmp(pam_control_flag_name[i], b, e - b) == 0) - break; - if (i == PAM_NUM_CONTROL_FLAGS) - return ((pam_control_t)-1); - *line = e; - return (i); + if (strcmp(pam_control_flag_name[i], name) == 0) + return (i); + return ((pam_control_t)-1); } /* - * Parse a file name. - * - * Returns the length of the file name, or 0 if the end of the string was - * reached or a disallowed non-whitespace character was encountered. + * Validate a file name. * - * If parse_filename() is successful, it updates *filename to point to the - * first character of the filename and *line to point one character past - * the end. If it reaches the end of the string, it updates *line to - * point to the terminating NUL character and leaves *filename unmodified. - * In all other cases, it leaves both *line and *filename unmodified. - * - * Allowed characters are all characters in the POSIX portable filename - * character set, plus the path separator (forward slash). + * Returns a non-zero value if the argument points to a NUL-terminated + * string consisting entirely of characters in the POSIX portable filename + * character set, including the path separator character. */ static int -parse_filename(char **line, char **filename) +valid_module_name(const char *name) { - char *b, *e; - - for (b = *line; *b && is_lws(*b); ++b) - /* nothing */ ; - if (!*b) { - *line = b; - return (0); - } - for (e = b; *e && !is_lws(*e); ++e) - if (!is_pfcs(*e) && *e != '/') - return (0); - if (e == b) - return (0); - *line = e; - *filename = b; - return (e - b); -} + const char *p; -/* - * Parse an option. - * - * Returns a dynamically allocated string containing the next module - * option, or NULL if the end of the string was reached or a disallowed - * non-whitespace character was encountered. - * - * If parse_option() is successful, it updates *line to point one - * character past the end of the option. If it reaches the end of the - * string, it updates *line to point to the terminating NUL character. In - * all other cases, it leaves *line unmodified. - * - * If parse_option() fails to allocate memory, it will return NULL and set - * errno to a non-zero value. - * - * Allowed characters for option names are all characters in the POSIX - * portable filename character set. Allowed characters for option values - * are any printable non-whitespace characters. The option value may be - * quoted in either single or double quotes, in which case space - * characters and whichever quote character was not used are allowed. - * Note that the entire value must be quoted, not just part of it. - */ -static char * -parse_option(char **line) -{ - char *nb, *ne, *vb, *ve; - unsigned char q = 0; - char *option; - size_t size; - - errno = 0; - for (nb = *line; *nb && is_lws(*nb); ++nb) - /* nothing */ ; - if (!*nb) { - *line = nb; - return (NULL); - } - for (ne = nb; *ne && !is_lws(*ne) && *ne != '='; ++ne) - if (!is_pfcs(*ne)) - return (NULL); - if (ne == nb) - return (NULL); - if (*ne == '=') { - vb = ne + 1; - if (*vb == '"' || *vb == '\'') - q = *vb++; - for (ve = vb; - *ve && *ve != q && (is_p(*ve) || (q && is_lws(*ve))); - ++ve) - /* nothing */ ; - if (q && *ve != q) - /* non-printable character or missing endquote */ - return (NULL); - if (q && *(ve + 1) && !is_lws(*(ve + 1))) - /* garbage after value */ - return (NULL); + if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME)) { + /* path separator not allowed */ + for (p = name; *p != '\0'; ++p) + if (!is_pfcs(*p)) + return (0); } else { - vb = ve = ne; + /* path separator allowed */ + for (p = name; *p != '\0'; ++p) + if (!is_pfcs(*p) && *p != '/') + return (0); } - size = (ne - nb) + 1; - if (ve > vb) - size += (ve - vb) + 1; - if ((option = malloc(size)) == NULL) - return (NULL); - strncpy(option, nb, ne - nb); - if (ve > vb) { - option[ne - nb] = '='; - strncpy(option + (ne - nb) + 1, vb, ve - vb); - } - option[size - 1] = '\0'; - *line = q ? ve + 1 : ve; - return (option); -} - -/* - * Consume trailing whitespace. - * - * If there are no non-whitespace characters left on the line, parse_eol() - * updates *line to point at the terminating NUL character and returns 0. - * Otherwise, it leaves *line unmodified and returns a non-zero value. - */ -static int -parse_eol(char **line) -{ - char *p; - - for (p = *line; *p && is_lws(*p); ++p) - /* nothing */ ; - if (*p) - return ((unsigned char)*p); - *line = p; - return (0); + return (1); } typedef enum { pam_conf_style, pam_d_style } openpam_style_t; /* * Extracts given chains from a policy file. + * + * Returns the number of policy entries which were found for the specified + * service and facility, or -1 if a system error occurred or a syntax + * error was encountered. */ static int openpam_parse_chain(pam_handle_t *pamh, const char *service, pam_facility_t facility, + FILE *f, const char *filename, openpam_style_t style) { pam_chain_t *this, **next; pam_facility_t fclt; pam_control_t ctlf; - char *line0, *line, *str, *name; - char *option, **optv; - int len, lineno, ret; - FILE *f; + char *name, *servicename, *modulename; + int count, lineno, ret, serrno; + char **wordv, *word; + int i, wordc; - if ((f = fopen(filename, "r")) == NULL) { - openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, - "%s: %m", filename); - return (PAM_SUCCESS); - } - if (openpam_check_desc_owner_perms(filename, fileno(f)) != 0) { - fclose(f); - return (PAM_SYSTEM_ERR); - } + count = 0; this = NULL; name = NULL; lineno = 0; - while ((line0 = line = openpam_readline(f, &lineno, NULL)) != NULL) { - /* get service name if necessary */ - if (style == pam_conf_style) { - if ((len = parse_service_name(&line, &str)) == 0) { - openpam_log(PAM_LOG_NOTICE, - "%s(%d): invalid service name (ignored)", - filename, lineno); - FREE(line0); - continue; - } - if (strlcmp(service, str, len) != 0) { - FREE(line0); - continue; - } + wordc = 0; + wordv = NULL; + while ((wordv = openpam_readlinev(f, &lineno, &wordc)) != NULL) { + /* blank line? */ + if (wordc == 0) { + FREEV(wordc, wordv); + continue; } + i = 0; - /* get facility name */ - if ((fclt = parse_facility_name(&line)) == (pam_facility_t)-1) { + /* check service name if necessary */ + if (style == pam_conf_style && + strcmp(wordv[i++], service) != 0) { + FREEV(wordc, wordv); + continue; + } + + /* check facility name */ + if ((word = wordv[i++]) == NULL || + (fclt = parse_facility_name(word)) == (pam_facility_t)-1) { openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid facility", filename, lineno); goto fail; } if (facility != fclt && facility != PAM_FACILITY_ANY) { - FREE(line0); + FREEV(wordc, wordv); continue; } /* check for "include" */ - if (parse_include(&line)) { - if ((len = parse_service_name(&line, &str)) == 0) { + if ((word = wordv[i++]) != NULL && + strcmp(word, "include") == 0) { + if ((servicename = wordv[i++]) == NULL || + !valid_service_name(servicename)) { openpam_log(PAM_LOG_ERROR, - "%s(%d): missing or invalid filename", + "%s(%d): missing or invalid service name", filename, lineno); goto fail; } - if ((name = strndup(str, len)) == NULL) - goto syserr; - if (parse_eol(&line) != 0) { + if (wordv[i] != NULL) { openpam_log(PAM_LOG_ERROR, "%s(%d): garbage at end of line", filename, lineno); goto fail; } - ret = openpam_load_chain(pamh, name, fclt); - FREE(name); - if (ret != PAM_SUCCESS) + ret = openpam_load_chain(pamh, servicename, fclt); + FREEV(wordc, wordv); + if (ret < 0) goto fail; - FREE(line0); continue; } /* get control flag */ - if ((ctlf = parse_control_flag(&line)) == (pam_control_t)-1) { + if (word == NULL || /* same word we compared to "include" */ + (ctlf = parse_control_flag(word)) == (pam_control_t)-1) { openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid control flag", filename, lineno); @@ -438,73 +234,76 @@ openpam_parse_chain(pam_handle_t *pamh, } /* get module name */ - if ((len = parse_filename(&line, &str)) == 0) { + if ((modulename = wordv[i++]) == NULL || + !valid_module_name(modulename)) { openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid module name", filename, lineno); goto fail; } - if ((name = strndup(str, len)) == NULL) - goto syserr; /* allocate new entry */ if ((this = calloc(1, sizeof *this)) == NULL) goto syserr; this->flag = ctlf; - /* get module options */ - if ((this->optv = malloc(sizeof *optv)) == NULL) - goto syserr; - this->optc = 0; - while ((option = parse_option(&line)) != NULL) { - optv = realloc(this->optv, - (this->optc + 2) * sizeof *optv); - if (optv == NULL) - goto syserr; - this->optv = optv; - this->optv[this->optc++] = option; - } - this->optv[this->optc] = NULL; - if (*line != '\0') { - openpam_log(PAM_LOG_ERROR, - "%s(%d): syntax error in module options", - filename, lineno); - goto fail; - } - /* load module */ - this->module = openpam_load_module(name); - FREE(name); - if (this->module == NULL) + if ((this->module = openpam_load_module(modulename)) == NULL) goto fail; + /* + * The remaining items in wordv are the module's + * arguments. We could set this->optv = wordv + i, but + * then free(this->optv) wouldn't work. Instead, we free + * the words we've already consumed, shift the rest up, + * and clear the tail end of the array. + */ + this->optc = wordc - i; + for (i = 0; i < wordc - this->optc; ++i) { + FREE(wordv[i]); + wordv[i] = wordv[wordc - this->optc + i]; + wordv[wordc - this->optc + i] = NULL; + } + this->optv = wordv; + wordv = NULL; + wordc = 0; + /* hook it up */ for (next = &pamh->chains[fclt]; *next != NULL; next = &(*next)->next) /* nothing */ ; *next = this; this = NULL; - - /* next please... */ - FREE(line0); + ++count; } - if (!feof(f)) + /* + * The loop ended because openpam_readword() returned NULL, which + * can happen for four different reasons: an I/O error (ferror(f) + * is true), a memory allocation failure (ferror(f) is false, + * errno is non-zero) + */ + if (ferror(f) || errno != 0) goto syserr; + if (!feof(f)) + goto fail; fclose(f); - return (PAM_SUCCESS); + return (count); syserr: + serrno = errno; openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + errno = serrno; + /* fall through */ fail: - if (this && this->optc) { - while (this->optc--) - FREE(this->optv[this->optc]); - FREE(this->optv); - } + serrno = errno; + if (this && this->optc && this->optv) + FREEV(this->optc, this->optv); FREE(this); - FREE(line0); + FREEV(wordc, wordv); + FREE(wordv); FREE(name); fclose(f); - return (PAM_SYSTEM_ERR); + errno = serrno; + return (-1); } static const char *openpam_policy_path[] = { @@ -516,44 +315,110 @@ static const char *openpam_policy_path[] = { }; /* + * Read the specified chains from the specified file. + * + * Returns 0 if the file exists but does not contain any matching lines. + * + * Returns -1 and sets errno to ENOENT if the file does not exist. + * + * Returns -1 and sets errno to some other non-zero value if the file + * exists but is unsafe or unreadable, or an I/O error occurs. + */ +static int +openpam_load_file(pam_handle_t *pamh, + const char *service, + pam_facility_t facility, + const char *filename, + openpam_style_t style) +{ + FILE *f; + int ret, serrno; + + /* attempt to open the file */ + if ((f = fopen(filename, "r")) == NULL) { + serrno = errno; + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_ERROR, + "%s: %m", filename); + errno = serrno; + RETURNN(-1); + } else { + openpam_log(PAM_LOG_DEBUG, "found %s", filename); + } + + /* verify type, ownership and permissions */ + if (OPENPAM_FEATURE(VERIFY_POLICY_FILE) && + openpam_check_desc_owner_perms(filename, fileno(f)) != 0) { + /* already logged the cause */ + serrno = errno; + fclose(f); + errno = serrno; + RETURNN(-1); + } + + /* parse the file */ + ret = openpam_parse_chain(pamh, service, facility, + f, filename, style); + RETURNN(ret); +} + +/* * Locates the policy file for a given service and reads the given chains * from it. + * + * Returns the number of policy entries which were found for the specified + * service and facility, or -1 if a system error occurred or a syntax + * error was encountered. */ static int openpam_load_chain(pam_handle_t *pamh, const char *service, pam_facility_t facility) { - const char **path; - char *filename; + const char *p, **path; + char filename[PATH_MAX]; size_t len; + openpam_style_t style; int ret; - /* don't allow to escape from policy_path */ - if (strchr(service, '/')) { - openpam_log(PAM_LOG_ERROR, "invalid service name: %s", - service); - return (-PAM_SYSTEM_ERR); + ENTERS(facility < 0 ? "any" : pam_facility_name[facility]); + + /* either absolute or relative to cwd */ + if (strchr(service, '/') != NULL) { + if ((p = strrchr(service, '.')) != NULL && strcmp(p, ".conf") == 0) + style = pam_conf_style; + else + style = pam_d_style; + ret = openpam_load_file(pamh, service, facility, + service, style); + RETURNN(ret); } + /* search standard locations */ for (path = openpam_policy_path; *path != NULL; ++path) { - len = strlen(*path); - if ((*path)[len - 1] == '/') { - if (asprintf(&filename, "%s%s", *path, service) < 0) { - openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); - return (PAM_BUF_ERR); + /* construct filename */ + len = strlcpy(filename, *path, sizeof filename); + if (filename[len - 1] == '/') { + len = strlcat(filename, service, sizeof filename); + if (len >= sizeof filename) { + errno = ENAMETOOLONG; + RETURNN(-1); } - ret = openpam_parse_chain(pamh, service, facility, - filename, pam_d_style); - FREE(filename); + style = pam_d_style; } else { - ret = openpam_parse_chain(pamh, service, facility, - *path, pam_conf_style); + style = pam_conf_style; } - if (ret != PAM_SUCCESS) - return (ret); + ret = openpam_load_file(pamh, service, facility, + filename, style); + /* the file exists, but an error occurred */ + if (ret == -1 && errno != ENOENT) + RETURNN(ret); + /* in pam.d style, an empty file counts as a hit */ + if (ret == 0 && style == pam_d_style) + RETURNN(ret); } - return (PAM_SUCCESS); + + /* no hit */ + RETURNN(0); } /* @@ -567,25 +432,27 @@ openpam_configure(pam_handle_t *pamh, const char *service) { pam_facility_t fclt; - const char *p; + int serrno; - for (p = service; *p; ++p) - if (!is_pfcs(*p)) - return (PAM_SYSTEM_ERR); - - if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS) + ENTERS(service); + if (!valid_service_name(service)) { + openpam_log(PAM_LOG_ERROR, "invalid service name"); + RETURNC(PAM_SYSTEM_ERR); + } + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) goto load_err; - for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { if (pamh->chains[fclt] != NULL) continue; - if (openpam_load_chain(pamh, PAM_OTHER, fclt) != PAM_SUCCESS) + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) goto load_err; } - return (PAM_SUCCESS); + RETURNC(PAM_SUCCESS); load_err: + serrno = errno; openpam_clear_chains(pamh->chains); - return (PAM_SYSTEM_ERR); + errno = serrno; + RETURNC(PAM_SYSTEM_ERR); } /* diff --git a/contrib/openpam/lib/openpam_constants.h b/contrib/openpam/lib/openpam_constants.h index b923179..a7d6ce8 100644 --- a/contrib/openpam/lib/openpam_constants.h +++ b/contrib/openpam/lib/openpam_constants.h @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,11 +27,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_constants.h 491 2011-11-12 00:12:32Z des $ + * $Id: openpam_constants.h 606 2012-04-20 11:06:38Z des $ */ -#ifndef OPENPAM_CONSTANTS_INCLUDED -#define OPENPAM_CONSTANTS_INCLUDED +#ifndef OPENPAM_CONSTANTS_H_INCLUDED +#define OPENPAM_CONSTANTS_H_INCLUDED extern const char *pam_err_name[PAM_NUM_ERRORS]; extern const char *pam_item_name[PAM_NUM_ITEMS]; diff --git a/contrib/openpam/lib/openpam_ctype.h b/contrib/openpam/lib/openpam_ctype.h new file mode 100644 index 0000000..b3ec846 --- /dev/null +++ b/contrib/openpam/lib/openpam_ctype.h @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_ctype.h 578 2012-04-06 00:45:59Z des $ + */ + +#ifndef OPENPAM_CTYPE_H_INCLUDED +#define OPENPAM_CTYPE_H_INCLUDED + +/* + * Evaluates to non-zero if the argument is a linear whitespace character. + * For the purposes of this macro, the definition of linear whitespace is + * extended to include the form feed and carraige return characters. + */ +#define is_lws(ch) \ + (ch == ' ' || ch == '\t' || ch == '\f' || ch == '\r') + +/* + * Evaluates to non-zero if the argument is a whitespace character. + */ +#define is_ws(ch) \ + (is_lws(ch) || ch == '\n') + +/* + * Evaluates to non-zero if the argument is a printable ASCII character. + * Assumes that the execution character set is a superset of ASCII. + */ +#define is_p(ch) \ + (ch >= '!' && ch <= '~') + +/* + * Returns non-zero if the argument belongs to the POSIX Portable Filename + * Character Set. Assumes that the execution character set is a superset + * of ASCII. + */ +#define is_pfcs(ch) \ + ((ch >= '0' && ch <= '9') || \ + (ch >= 'A' && ch <= 'Z') || \ + (ch >= 'a' && ch <= 'z') || \ + ch == '.' || ch == '_' || ch == '-') + +#endif diff --git a/contrib/openpam/lib/openpam_debug.h b/contrib/openpam/lib/openpam_debug.h index ef2884d..050783e 100644 --- a/contrib/openpam/lib/openpam_debug.h +++ b/contrib/openpam/lib/openpam_debug.h @@ -32,60 +32,68 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_debug.h 491 2011-11-12 00:12:32Z des $ + * $Id: openpam_debug.h 606 2012-04-20 11:06:38Z des $ */ -#ifndef OPENPAM_DEBUG_INCLUDED -#define OPENPAM_DEBUG_INCLUDED +#ifndef OPENPAM_DEBUG_H_INCLUDED +#define OPENPAM_DEBUG_H_INCLUDED #ifdef OPENPAM_DEBUG -#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTER() openpam_log(PAM_LOG_LIBDEBUG, "entering") #define ENTERI(i) do { \ int i_ = (i); \ if (i_ > 0 && i_ < PAM_NUM_ITEMS) \ - openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", pam_item_name[i_]); \ else \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", i_); \ } while (0) #define ENTERN(n) do { \ int n_ = (n); \ - openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", n_); \ } while (0) #define ENTERS(s) do { \ const char *s_ = (s); \ if (s_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: NULL"); \ else \ - openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: '%s'", s_); \ } while (0) -#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define ENTERF(f) do { \ + int f_ = (f); \ + if (f_ >= 0 && f_ <= OPENPAM_NUM_FEATURES) \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", \ + openpam_features[f_].name); \ + else \ + openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", f_); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_LIBDEBUG, "returning") #define RETURNC(c) do { \ int c_ = (c); \ if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \ - openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning %s", pam_err_name[c_]); \ else \ - openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning %d!", c_); \ return (c_); \ } while (0) #define RETURNN(n) do { \ int n_ = (n); \ - openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning %d", n_); \ return (n_); \ } while (0) #define RETURNP(p) do { \ - const void *p_ = (p); \ + void *p_ = (p); \ if (p_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \ else \ - openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning %p", p_); \ return (p_); \ } while (0) #define RETURNS(s) do { \ const char *s_ = (s); \ if (s_ == NULL) \ - openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \ else \ - openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \ + openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", s_); \ return (s_); \ } while (0) #else @@ -93,6 +101,7 @@ #define ENTERI(i) #define ENTERN(n) #define ENTERS(s) +#define ENTERF(f) #define RETURNV() return #define RETURNC(c) return (c) #define RETURNN(n) return (n) diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c index d44174f..1dfc1ac 100644 --- a/contrib/openpam/lib/openpam_dynamic.c +++ b/contrib/openpam/lib/openpam_dynamic.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dynamic.c 502 2011-12-18 13:59:22Z des $ + * $Id: openpam_dynamic.c 607 2012-04-20 11:09:37Z des $ */ #ifdef HAVE_CONFIG_H @@ -40,6 +40,7 @@ #endif #include <dlfcn.h> +#include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> @@ -60,15 +61,50 @@ * Perform sanity checks and attempt to load a module */ +#ifdef HAVE_FDLOPEN static void * try_dlopen(const char *modfn) { + void *dlh; + int fd; - if (openpam_check_path_owner_perms(modfn) != 0) + if ((fd = open(modfn, O_RDONLY)) < 0) + return (NULL); + if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) && + openpam_check_desc_owner_perms(modfn, fd) != 0) { + close(fd); + return (NULL); + } + if ((dlh = fdlopen(fd, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror()); + close(fd); + errno = 0; + return (NULL); + } + close(fd); + return (dlh); +} +#else +static void * +try_dlopen(const char *modfn) +{ + int check_module_file; + void *dlh; + + openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE, + &check_module_file); + if (check_module_file && + openpam_check_path_owner_perms(modfn) != 0) + return (NULL); + if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror()); + errno = 0; return (NULL); - return (dlopen(modfn, RTLD_NOW)); + } + return (dlh); } - +#endif + /* * OpenPAM internal * @@ -100,9 +136,6 @@ openpam_dynamic(const char *path) *strrchr(vpath, '.') = '\0'; dlh = try_dlopen(vpath); } - serrno = errno; - FREE(vpath); - errno = serrno; if (dlh == NULL) goto err; if ((module = calloc(1, sizeof *module)) == NULL) @@ -112,19 +145,41 @@ openpam_dynamic(const char *path) module->dlh = dlh; dlmodule = dlsym(dlh, "_pam_module"); for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { - module->func[i] = dlmodule ? dlmodule->func[i] : - (pam_func_t)dlsym(dlh, pam_sm_func_name[i]); - if (module->func[i] == NULL) - openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", - path, pam_sm_func_name[i], dlerror()); + if (dlmodule) { + module->func[i] = dlmodule->func[i]; + } else { + module->func[i] = + (pam_func_t)dlsym(dlh, pam_sm_func_name[i]); + /* + * This openpam_log() call is a major source of + * log spam, and the cases that matter are caught + * and logged in openpam_dispatch(). This would + * be less problematic if dlerror() returned an + * error code so we could log an error only when + * dlsym() failed for a reason other than "no such + * symbol". + */ +#if 0 + if (module->func[i] == NULL) + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + path, pam_sm_func_name[i], dlerror()); +#endif + } } + FREE(vpath); return (module); buf_err: + serrno = errno; if (dlh != NULL) dlclose(dlh); FREE(module); + errno = serrno; err: - openpam_log(PAM_LOG_ERROR, "%m"); + serrno = errno; + if (errno != 0) + openpam_log(PAM_LOG_ERROR, "%s: %m", vpath); + FREE(vpath); + errno = serrno; return (NULL); } diff --git a/contrib/openpam/lib/openpam_features.c b/contrib/openpam/lib/openpam_features.c new file mode 100644 index 0000000..586fc2a --- /dev/null +++ b/contrib/openpam/lib/openpam_features.c @@ -0,0 +1,69 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_features.c 608 2012-05-17 16:00:13Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#define STRUCT_OPENPAM_FEATURE(name, descr, dflt) \ + [OPENPAM_##name] = { \ + "OPENPAM_" #name, \ + descr, \ + dflt \ + } + +struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = { + STRUCT_OPENPAM_FEATURE( + RESTRICT_SERVICE_NAME, + "Disallow path separators in service names", + 1 + ), + STRUCT_OPENPAM_FEATURE( + VERIFY_POLICY_FILE, + "Verify ownership and permissions of policy files", + 1 + ), + STRUCT_OPENPAM_FEATURE( + RESTRICT_MODULE_NAME, + "Disallow path separators in module names", + 0 + ), + STRUCT_OPENPAM_FEATURE( + VERIFY_MODULE_FILE, + "Verify ownership and permissions of module files", + 1 + ), +}; diff --git a/contrib/openpam/lib/openpam_features.h b/contrib/openpam/lib/openpam_features.h new file mode 100644 index 0000000..227b1a9 --- /dev/null +++ b/contrib/openpam/lib/openpam_features.h @@ -0,0 +1,48 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef OPENPAM_FEATURES_H_INCLUDED +#define OPENPAM_FEATURES_H_INCLUDED + +struct openpam_feature { + const char *name; + const char *desc; + int onoff; +}; + +extern struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES]; + +/* shortcut for internal use */ +#define OPENPAM_FEATURE(f) \ + openpam_features[OPENPAM_##f].onoff + +#endif diff --git a/contrib/openpam/lib/openpam_get_feature.c b/contrib/openpam/lib/openpam_get_feature.c new file mode 100644 index 0000000..b552357 --- /dev/null +++ b/contrib/openpam/lib/openpam_get_feature.c @@ -0,0 +1,99 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_get_feature.c 608 2012-05-17 16:00:13Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Query the state of an optional feature. + */ + +int +openpam_get_feature(int feature, int *onoff) +{ + + ENTERF(feature); + if (feature < 0 || feature >= OPENPAM_NUM_FEATURES) + RETURNC(PAM_SYMBOL_ERR); + *onoff = openpam_features[feature].onoff; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + */ + +/** + * EXPERIMENTAL + * + * The =openpam_get_feature function stores the current state of the + * specified feature in the variable pointed to by its =onoff argument. + * + * The following features are recognized: + * + * =OPENPAM_RESTRICT_SERVICE_NAME: + * Disallow path separators in service names. + * This feature is enabled by default. + * Disabling it allows the application to specify the path to + * the desired policy file directly. + * + * =OPENPAM_VERIFY_POLICY_FILE: + * Verify the ownership and permissions of the policy file + * and the path leading up to it. + * This feature is enabled by default. + * + * =OPENPAM_RESTRICT_MODULE_NAME: + * Disallow path separators in module names. + * This feature is disabled by default. + * Enabling it prevents the use of modules in non-standard + * locations. + * + * =OPENPAM_VERIFY_MODULE_FILE: + * Verify the ownership and permissions of each loadable + * module and the path leading up to it. + * This feature is enabled by default. + * + * + * >openpam_set_feature + * + * AUTHOR DES + */ diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c index b5faa87..1f62d21 100644 --- a/contrib/openpam/lib/openpam_get_option.c +++ b/contrib/openpam/lib/openpam_get_option.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_get_option.c 482 2011-11-03 16:33:02Z des $ + * $Id: openpam_get_option.c 531 2012-03-31 14:24:37Z des $ */ #ifdef HAVE_CONFIG_H @@ -44,7 +44,6 @@ #include <string.h> #include <security/pam_appl.h> -#include <security/openpam.h> #include "openpam_impl.h" diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h index ba4d455..9e8b45f 100644 --- a/contrib/openpam/lib/openpam_impl.h +++ b/contrib/openpam/lib/openpam_impl.h @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_impl.h 499 2011-11-22 11:51:50Z des $ + * $Id: openpam_impl.h 594 2012-04-14 14:18:41Z des $ */ #ifndef OPENPAM_IMPL_H_INCLUDED @@ -157,9 +157,23 @@ pam_module_t *openpam_static(const char *); #endif pam_module_t *openpam_dynamic(const char *); -#define FREE(p) do { free((p)); (p) = NULL; } while (0) +#define FREE(p) \ + do { \ + free(p); \ + (p) = NULL; \ + } while (0) + +#define FREEV(c, v) \ + do { \ + while (c) { \ + --(c); \ + FREE((v)[(c)]); \ + } \ + FREE(v); \ + } while (0) #include "openpam_constants.h" #include "openpam_debug.h" +#include "openpam_features.h" #endif diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c index 0eb8ea7..871d1a8 100644 --- a/contrib/openpam/lib/openpam_load.c +++ b/contrib/openpam/lib/openpam_load.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_load.c 491 2011-11-12 00:12:32Z des $ + * $Id: openpam_load.c 547 2012-04-01 15:01:21Z des $ */ #ifdef HAVE_CONFIG_H @@ -108,9 +108,7 @@ openpam_destroy_chain(pam_chain_t *chain) return; openpam_destroy_chain(chain->next); chain->next = NULL; - while (chain->optc--) - FREE(chain->optv[chain->optc]); - FREE(chain->optv); + FREEV(chain->optc, chain->optv); openpam_release_module(chain->module); chain->module = NULL; FREE(chain); diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c index 9e3d28b..2b89f6c 100644 --- a/contrib/openpam/lib/openpam_log.c +++ b/contrib/openpam/lib/openpam_log.c @@ -32,18 +32,17 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_log.c 437 2011-09-13 12:00:13Z des $ + * $Id: openpam_log.c 544 2012-03-31 22:47:15Z des $ */ #ifdef HAVE_CONFIG_H # include "config.h" #endif -#include <ctype.h> +#include <errno.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <syslog.h> #include <security/pam_appl.h> @@ -71,6 +70,7 @@ openpam_log(int level, const char *fmt, ...) int priority; switch (level) { + case PAM_LOG_LIBDEBUG: case PAM_LOG_DEBUG: if (!openpam_debug) return; @@ -100,8 +100,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...) va_list ap; char *format; int priority; + int serrno; switch (level) { + case PAM_LOG_LIBDEBUG: case PAM_LOG_DEBUG: if (!openpam_debug) return; @@ -119,10 +121,13 @@ _openpam_log(int level, const char *func, const char *fmt, ...) break; } va_start(ap, fmt); + serrno = errno; if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + errno = serrno; vsyslog(priority, format, ap); FREE(format); } else { + errno = serrno; vsyslog(priority, fmt, ap); } va_end(ap); @@ -137,6 +142,9 @@ _openpam_log(int level, const char *func, const char *fmt, ...) * The =level argument indicates the importance of the message. * The following levels are defined: * + * =PAM_LOG_LIBDEBUG: + * Debugging messages. + * For internal use only. * =PAM_LOG_DEBUG: * Debugging messages. * These messages are normally not logged unless the global diff --git a/contrib/openpam/lib/openpam_readline.c b/contrib/openpam/lib/openpam_readline.c index 9cc8cc1..014acfb 100644 --- a/contrib/openpam/lib/openpam_readline.c +++ b/contrib/openpam/lib/openpam_readline.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_readline.c 473 2011-11-03 10:48:25Z des $ + * $Id: openpam_readline.c 596 2012-04-14 14:52:40Z des $ */ #ifdef HAVE_CONFIG_H @@ -44,6 +44,7 @@ #include <stdlib.h> #include <security/pam_appl.h> + #include "openpam_impl.h" #define MIN_LINE_LENGTH 128 @@ -61,22 +62,11 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp) size_t len, size; int ch; - if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + if ((line = malloc(size = MIN_LINE_LENGTH)) == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); return (NULL); - size = MIN_LINE_LENGTH; + } len = 0; - -#define line_putch(ch) do { \ - if (len >= size - 1) { \ - char *tmp = realloc(line, size *= 2); \ - if (tmp == NULL) \ - goto fail; \ - line = tmp; \ - } \ - line[len++] = ch; \ - line[len] = '\0'; \ -} while (0) - for (;;) { ch = fgetc(f); /* strip comment */ @@ -105,26 +95,15 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp) /* done */ break; } - /* whitespace */ - if (isspace(ch)) { - /* ignore leading whitespace */ - /* collapse linear whitespace */ - if (len > 0 && line[len - 1] != ' ') - line_putch(' '); - continue; - } /* anything else */ - line_putch(ch); + if (openpam_straddch(&line, &size, &len, ch) != 0) + goto fail; } - - /* remove trailing whitespace */ - while (len > 0 && isspace((unsigned char)line[len - 1])) - --len; - line[len] = '\0'; if (len == 0) goto fail; if (lenp != NULL) *lenp = len; + openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", line); return (line); fail: FREE(line); @@ -132,16 +111,18 @@ fail: } /** + * DEPRECATED openpam_readlinev + * * The =openpam_readline function reads a line from a file, and returns it - * in a NUL-terminated buffer allocated with =malloc. + * in a NUL-terminated buffer allocated with =!malloc. * * The =openpam_readline function performs a certain amount of processing * on the data it reads: * - * - Comments (introduced by a hash sign) are stripped, as is leading and - * trailing whitespace. - * - Any amount of linear whitespace is collapsed to a single space. + * - Comments (introduced by a hash sign) are stripped. + * * - Blank lines are ignored. + * * - If a line ends in a backslash, the backslash is stripped and the * next line is appended. * @@ -152,5 +133,8 @@ fail: * terminating NUL character) is stored in the variable it points to. * * The caller is responsible for releasing the returned buffer by passing - * it to =free. + * it to =!free. + * + * >openpam_readlinev + * >openpam_readword */ diff --git a/contrib/openpam/lib/openpam_readlinev.c b/contrib/openpam/lib/openpam_readlinev.c new file mode 100644 index 0000000..5a43b61 --- /dev/null +++ b/contrib/openpam/lib/openpam_readlinev.c @@ -0,0 +1,156 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_readlinev.c 588 2012-04-08 11:52:25Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#define MIN_WORDV_SIZE 32 + +/* + * OpenPAM extension + * + * Read a line from a file and split it into words. + */ + +char ** +openpam_readlinev(FILE *f, int *lineno, int *lenp) +{ + char *word, **wordv, **tmp; + size_t wordlen, wordvsize; + int ch, serrno, wordvlen; + + wordvsize = MIN_WORDV_SIZE; + wordvlen = 0; + if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + errno = ENOMEM; + return (NULL); + } + wordv[wordvlen] = NULL; + while ((word = openpam_readword(f, lineno, &wordlen)) != NULL) { + if ((unsigned int)wordvlen + 1 >= wordvsize) { + /* need to expand the array */ + wordvsize *= 2; + tmp = realloc(wordv, wordvsize * sizeof *wordv); + if (tmp == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + errno = ENOMEM; + break; + } + wordv = tmp; + } + /* insert our word */ + wordv[wordvlen++] = word; + wordv[wordvlen] = NULL; + } + if (errno != 0) { + /* I/O error or out of memory */ + serrno = errno; + while (wordvlen--) + free(wordv[wordvlen]); + free(wordv); + errno = serrno; + return (NULL); + } + /* assert(!ferror(f)) */ + ch = fgetc(f); + /* assert(ch == EOF || ch == '\n') */ + if (ch == EOF && wordvlen == 0) { + free(wordv); + return (NULL); + } + if (ch == '\n' && lineno != NULL) + ++*lineno; + if (lenp != NULL) + *lenp = wordvlen; + return (wordv); +} + +/** + * The =openpam_readlinev function reads a line from a file, splits it + * into words according to the rules described in the =openpam_readword + * manual page, and returns a list of those words. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * This includes quoted or escaped newline characters and the newline + * character at the end of the line. + * + * If =lenp is not =NULL, the number of words on the line is stored in the + * variable to which it points. + * + * RETURN VALUES + * + * If successful, the =openpam_readlinev function returns a pointer to a + * dynamically allocated array of pointers to individual dynamically + * allocated NUL-terminated strings, each containing a single word, in the + * order in which they were encountered on the line. + * The array is terminated by a =NULL pointer. + * + * The caller is responsible for freeing both the array and the individual + * strings by passing each of them to =!free. + * + * If the end of the line was reached before any words were read, + * =openpam_readlinev returns a pointer to a dynamically allocated array + * containing a single =NULL pointer. + * + * The =openpam_readlinev function can fail and return =NULL for one of + * four reasons: + * + * - The end of the file was reached before any words were read; :errno is + * zero, =!ferror returns zero, and =!feof returns a non-zero value. + * + * - The end of the file was reached while a quote or backslash escape + * was in effect; :errno is set to =EINVAL, =!ferror returns zero, and + * =!feof returns a non-zero value. + * + * - An error occurred while reading from the file; :errno is non-zero, + * =!ferror returns a non-zero value and =!feof returns zero. + * + * - A =!malloc or =!realloc call failed; :errno is set to =ENOMEM, + * =!ferror returns a non-zero value, and =!feof may or may not return + * a non-zero value. + * + * >openpam_readline + * >openpam_readword + * + * AUTHOR DES + */ diff --git a/contrib/openpam/lib/openpam_readword.c b/contrib/openpam/lib/openpam_readword.c new file mode 100644 index 0000000..74a4d46 --- /dev/null +++ b/contrib/openpam/lib/openpam_readword.c @@ -0,0 +1,207 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_readword.c 588 2012-04-08 11:52:25Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" +#include "openpam_ctype.h" + +#define MIN_WORD_SIZE 32 + +/* + * OpenPAM extension + * + * Read a word from a file, respecting shell quoting rules. + */ + +char * +openpam_readword(FILE *f, int *lineno, size_t *lenp) +{ + char *word; + size_t size, len; + int ch, comment, escape, quote; + int serrno; + + errno = 0; + + /* skip initial whitespace */ + comment = 0; + while ((ch = getc(f)) != EOF && ch != '\n') { + if (ch == '#') + comment = 1; + if (!is_lws(ch) && !comment) + break; + } + if (ch == EOF) + return (NULL); + ungetc(ch, f); + if (ch == '\n') + return (NULL); + + word = NULL; + size = len = 0; + escape = quote = 0; + while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) { + if (ch == '\\' && !escape && quote != '\'') { + /* escape next character */ + escape = ch; + } else if ((ch == '\'' || ch == '"') && !quote && !escape) { + /* begin quote */ + quote = ch; + /* edge case: empty quoted string */ + if (word == NULL && (word = malloc(1)) == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + errno = ENOMEM; + return (NULL); + } + *word = '\0'; + size = 1; + } else if (ch == quote && !escape) { + /* end quote */ + quote = 0; + } else if (ch == '\n' && escape && quote != '\'') { + /* line continuation */ + escape = 0; + } else { + if (escape && quote && ch != '\\' && ch != quote && + openpam_straddch(&word, &size, &len, '\\') != 0) { + free(word); + errno = ENOMEM; + return (NULL); + } + if (openpam_straddch(&word, &size, &len, ch) != 0) { + free(word); + errno = ENOMEM; + return (NULL); + } + escape = 0; + } + if (lineno != NULL && ch == '\n') + ++*lineno; + } + if (ch == EOF && ferror(f)) { + serrno = errno; + free(word); + errno = serrno; + return (NULL); + } + if (ch == EOF && (escape || quote)) { + /* Missing escaped character or closing quote. */ + openpam_log(PAM_LOG_ERROR, "unexpected end of file"); + free(word); + errno = EINVAL; + return (NULL); + } + ungetc(ch, f); + if (lenp != NULL) + *lenp = len; + return (word); +} + +/** + * The =openpam_readword function reads the next word from a file, and + * returns it in a NUL-terminated buffer allocated with =!malloc. + * + * A word is a sequence of non-whitespace characters. + * However, whitespace characters can be included in a word if quoted or + * escaped according to the following rules: + * + * - An unescaped single or double quote introduces a quoted string, + * which ends when the same quote character is encountered a second + * time. + * The quotes themselves are stripped. + * + * - Within a single- or double-quoted string, all whitespace characters, + * including the newline character, are preserved as-is. + * + * - Outside a quoted string, a backslash escapes the next character, + * which is preserved as-is, unless that character is a newline, in + * which case it is discarded and reading continues at the beginning of + * the next line as if the backslash and newline had not been there. + * In all cases, the backslash itself is discarded. + * + * - Within a single-quoted string, double quotes and backslashes are + * preserved as-is. + * + * - Within a double-quoted string, a single quote is preserved as-is, + * and a backslash is preserved as-is unless used to escape a double + * quote. + * + * In addition, if the first non-whitespace character on the line is a + * hash character (#), the rest of the line is discarded. + * If a hash character occurs within a word, however, it is preserved + * as-is. + * A backslash at the end of a comment does cause line continuation. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a quoted or escaped newline character is read. + * + * If =lenp is not =NULL, the length of the word (after quotes and + * backslashes have been removed) is stored in the variable it points to. + * + * RETURN VALUES + * + * If successful, the =openpam_readword function returns a pointer to a + * dynamically allocated NUL-terminated string containing the first word + * encountered on the line. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =!free. + * + * If =openpam_readword reaches the end of the line or file before any + * characters are copied to the word, it returns =NULL. In the former + * case, the newline is pushed back to the file. + * + * If =openpam_readword reaches the end of the file while a quote or + * backslash escape is in effect, it sets :errno to =EINVAL and returns + * =NULL. + * + * IMPLEMENTATION NOTES + * + * The parsing rules are intended to be equivalent to the normal POSIX + * shell quoting rules. + * Any discrepancy is a bug and should be reported to the author along + * with sample input that can be used to reproduce the error. + * + * >openpam_readline + * >openpam_readlinev + * + * AUTHOR DES + */ diff --git a/contrib/openpam/lib/openpam_set_feature.c b/contrib/openpam/lib/openpam_set_feature.c new file mode 100644 index 0000000..4f6a4a5 --- /dev/null +++ b/contrib/openpam/lib/openpam_set_feature.c @@ -0,0 +1,75 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_set_feature.c 608 2012-05-17 16:00:13Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Enable or disable an optional feature. + */ + +int +openpam_set_feature(int feature, int onoff) +{ + + ENTERF(feature); + if (feature < 0 || feature >= OPENPAM_NUM_FEATURES) + RETURNC(PAM_SYMBOL_ERR); + openpam_features[feature].onoff = onoff; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + */ + +/** + * EXPERIMENTAL + * + * The =openpam_set_feature function sets the state of the specified + * feature to the value specified by the =onoff argument. + * See =openpam_get_feature for a list of recognized features. + * + * >openpam_get_feature + * + * AUTHOR DES + */ diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c index c7cb1c7..1712a71 100644 --- a/contrib/openpam/lib/openpam_set_option.c +++ b/contrib/openpam/lib/openpam_set_option.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_set_option.c 482 2011-11-03 16:33:02Z des $ + * $Id: openpam_set_option.c 532 2012-03-31 14:24:53Z des $ */ #ifdef HAVE_CONFIG_H @@ -46,7 +46,6 @@ #include <string.h> #include <security/pam_appl.h> -#include <security/openpam.h> #include "openpam_impl.h" diff --git a/contrib/openpam/lib/openpam_straddch.c b/contrib/openpam/lib/openpam_straddch.c new file mode 100644 index 0000000..9845cc6 --- /dev/null +++ b/contrib/openpam/lib/openpam_straddch.c @@ -0,0 +1,111 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_straddch.c 568 2012-04-05 14:35:53Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <errno.h> +#include <stdlib.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#define MIN_STR_SIZE 32 + +/* + * OpenPAM extension + * + * Add a character to a string, expanding the buffer if needed. + */ + +int +openpam_straddch(char **str, size_t *size, size_t *len, int ch) +{ + size_t tmpsize; + char *tmpstr; + + if (*str == NULL) { + /* initial allocation */ + tmpsize = MIN_STR_SIZE; + if ((tmpstr = malloc(tmpsize)) == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + errno = ENOMEM; + return (-1); + } + *str = tmpstr; + *size = tmpsize; + *len = 0; + } else if (*len + 1 >= *size) { + /* additional space required */ + tmpsize = *size * 2; + if ((tmpstr = realloc(*str, tmpsize)) == NULL) { + openpam_log(PAM_LOG_ERROR, "realloc(): %m"); + errno = ENOMEM; + return (-1); + } + *size = tmpsize; + *str = tmpstr; + } + (*str)[*len] = ch; + ++*len; + (*str)[*len] = '\0'; + return (0); +} + +/** + * The =openpam_straddch function appends a character to a dynamically + * allocated NUL-terminated buffer, reallocating the buffer as needed. + * + * The =str argument points to a variable containing either a pointer to + * an existing buffer or =NULL. + * If the value of the variable pointed to by =str is =NULL, a new buffer + * is allocated. + * + * The =size and =len argument point to variables used to hold the size + * of the buffer and the length of the string it contains, respectively. + * + * If a new buffer is allocated or an existing buffer is reallocated to + * make room for the additional character, =str and =size are updated + * accordingly. + * + * The =openpam_straddch function ensures that the buffer is always + * NUL-terminated. + * + * If the =openpam_straddch function is successful, it increments the + * integer variable pointed to by =len and returns 0. + * Otherwise, it leaves the variables pointed to by =str, =size and =len + * unmodified, sets :errno to =ENOMEM and returns -1. + * + * AUTHOR DES + */ diff --git a/contrib/openpam/lib/openpam_strlcat.h b/contrib/openpam/lib/openpam_strlcat.h new file mode 100644 index 0000000..1f26693 --- /dev/null +++ b/contrib/openpam/lib/openpam_strlcat.h @@ -0,0 +1,54 @@ +/*- + * Copyright (c) 2011 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: openpam_strlcat.h 578 2012-04-06 00:45:59Z des $ + */ + +#ifndef OPENPAM_STRLCAT_H_INCLUDED +#define OPENPAM_STRLCAT_H_INCLUDED + +#ifndef HAVE_STRLCAT +/* like strcat(3), but always NUL-terminates; returns strlen(src) */ +static size_t +strlcat(char *dst, const char *src, size_t size) +{ + size_t len; + + for (len = 0; *dst && size > 1; ++len, --size) + dst++; + for (; *src && size > 1; ++len, --size) + *dst++ = *src++; + *dst = '\0'; + while (*src) + ++len, ++src; + return (len); +} +#endif + +#endif diff --git a/contrib/openpam/lib/openpam_strlcmp.h b/contrib/openpam/lib/openpam_strlcmp.h index c692225..2a78e0f 100644 --- a/contrib/openpam/lib/openpam_strlcmp.h +++ b/contrib/openpam/lib/openpam_strlcmp.h @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +27,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_strlcmp.h 475 2011-11-03 15:29:24Z des $ + * $Id: openpam_strlcmp.h 578 2012-04-06 00:45:59Z des $ */ #ifndef OPENPAM_STRLCMP_H_INCLUDED diff --git a/contrib/openpam/lib/openpam_strlcpy.h b/contrib/openpam/lib/openpam_strlcpy.h index 921653b..9c65548 100644 --- a/contrib/openpam/lib/openpam_strlcpy.h +++ b/contrib/openpam/lib/openpam_strlcpy.h @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +27,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_strlcpy.h 492 2011-11-20 02:04:17Z des $ + * $Id: openpam_strlcpy.h 578 2012-04-06 00:45:59Z des $ */ #ifndef OPENPAM_STRLCPY_H_INCLUDED @@ -32,7 +35,7 @@ #ifndef HAVE_STRLCPY /* like strcpy(3), but always NUL-terminates; returns strlen(src) */ -size_t +static size_t strlcpy(char *dst, const char *src, size_t size) { size_t len; diff --git a/contrib/openpam/lib/openpam_subst.c b/contrib/openpam/lib/openpam_subst.c index d54b827..bab7a78 100644 --- a/contrib/openpam/lib/openpam_subst.c +++ b/contrib/openpam/lib/openpam_subst.c @@ -11,6 +11,9 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -24,7 +27,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_subst.c 461 2011-11-02 14:00:38Z des $ + * $Id: openpam_subst.c 543 2012-03-31 22:11:34Z des $ */ #ifdef HAVE_CONFIG_H diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c index ec078f4..14a324d 100644 --- a/contrib/openpam/lib/openpam_ttyconv.c +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_ttyconv.c 437 2011-09-13 12:00:13Z des $ + * $Id: openpam_ttyconv.c 527 2012-02-26 03:23:59Z des $ */ #ifdef HAVE_CONFIG_H @@ -69,17 +69,17 @@ prompt(const char *msg) { char buf[PAM_MAX_RESP_SIZE]; struct sigaction action, saved_action; - sigset_t saved_sigset, sigset; + sigset_t saved_sigset, the_sigset; unsigned int saved_alarm; int eof, error, fd; size_t len; char *retval; char ch; - sigemptyset(&sigset); - sigaddset(&sigset, SIGINT); - sigaddset(&sigset, SIGTSTP); - sigprocmask(SIG_SETMASK, &sigset, &saved_sigset); + sigemptyset(&the_sigset); + sigaddset(&the_sigset, SIGINT); + sigaddset(&the_sigset, SIGTSTP); + sigprocmask(SIG_SETMASK, &the_sigset, &saved_sigset); action.sa_handler = &timeout; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c index a0613ef..1a3aebc 100644 --- a/contrib/openpam/lib/pam_get_authtok.c +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_get_authtok.c 455 2011-10-29 18:31:11Z des $ + * $Id: pam_get_authtok.c 510 2011-12-31 13:14:23Z des $ */ #ifdef HAVE_CONFIG_H @@ -50,6 +50,7 @@ #include "openpam_impl.h" static const char authtok_prompt[] = "Password:"; +static const char authtok_prompt_remote[] = "Password for %u@%h:"; static const char oldauthtok_prompt[] = "Old Password:"; static const char newauthtok_prompt[] = "New Password:"; @@ -69,6 +70,7 @@ pam_get_authtok(pam_handle_t *pamh, size_t prompt_size; const void *oldauthtok, *prevauthtok, *promptp; const char *prompt_option, *default_prompt; + const void *lhost, *rhost; char *resp, *resp2; int pitem, r, style, twice; @@ -82,6 +84,14 @@ pam_get_authtok(pam_handle_t *pamh, pitem = PAM_AUTHTOK_PROMPT; prompt_option = "authtok_prompt"; default_prompt = authtok_prompt; + r = pam_get_item(pamh, PAM_RHOST, &rhost); + if (r == PAM_SUCCESS && rhost != NULL) { + r = pam_get_item(pamh, PAM_HOST, &lhost); + if (r == PAM_SUCCESS && lhost != NULL) { + if (strcmp(rhost, lhost) != 0) + default_prompt = authtok_prompt_remote; + } + } r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); if (r == PAM_SUCCESS && oldauthtok != NULL) { default_prompt = newauthtok_prompt; diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c index 369066d..e1f0bc3 100644 --- a/contrib/openpam/lib/pam_putenv.c +++ b/contrib/openpam/lib/pam_putenv.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_putenv.c 437 2011-09-13 12:00:13Z des $ + * $Id: pam_putenv.c 539 2012-03-31 20:53:22Z des $ */ #ifdef HAVE_CONFIG_H @@ -102,7 +102,7 @@ pam_putenv(pam_handle_t *pamh, */ /** - * The =pam_putenv function sets a environment variable. + * The =pam_putenv function sets an environment variable. * Its semantics are similar to those of =putenv, but it modifies the PAM * context's environment list instead of the application's. * diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c index fbe6a8f..6fd4c10 100644 --- a/contrib/openpam/lib/pam_setenv.c +++ b/contrib/openpam/lib/pam_setenv.c @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: pam_setenv.c 437 2011-09-13 12:00:13Z des $ + * $Id: pam_setenv.c 539 2012-03-31 20:53:22Z des $ */ #ifdef HAVE_CONFIG_H @@ -92,7 +92,7 @@ pam_setenv(pam_handle_t *pamh, */ /** - * The =pam_setenv function sets a environment variable. + * The =pam_setenv function sets an environment variable. * Its semantics are similar to those of =setenv, but it modifies the PAM * context's environment list instead of the application's. * diff --git a/contrib/openpam/ltmain.sh b/contrib/openpam/ltmain.sh index 6dfcfd5..16ddbf8 100755 --- a/contrib/openpam/ltmain.sh +++ b/contrib/openpam/ltmain.sh @@ -1,9 +1,9 @@ -# libtool (GNU libtool) 2.4 +# libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -41,6 +41,7 @@ # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) +# --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages @@ -69,7 +70,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4 +# $progname: (GNU libtool) 2.4.2 # automake: $automake_version # autoconf: $autoconf_version # @@ -79,9 +80,9 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4 +VERSION=2.4.2 TIMESTAMP="" -package_revision=1.3293 +package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -136,15 +137,10 @@ progpath="$0" : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} -: ${EGREP="grep -E"} -: ${FGREP="grep -F"} -: ${GREP="grep"} -: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -387,7 +383,7 @@ case $progpath in ;; *) save_IFS="$IFS" - IFS=: + IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break @@ -771,8 +767,8 @@ func_help () s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } @@ -1052,6 +1048,7 @@ opt_finish=false opt_help=false opt_help_all=false opt_silent=: +opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false @@ -1120,6 +1117,10 @@ esac opt_silent=false func_append preserve_args " $opt" ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" @@ -2089,7 +2090,7 @@ func_mode_compile () *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; @@ -3231,11 +3232,13 @@ func_mode_install () # Set up the ranlib parameters. oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $oldlib" 'exit $?' + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. @@ -3500,7 +3503,7 @@ static const void *lt_preloaded_setup() { # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; @@ -4015,14 +4018,17 @@ func_exec_program_core () # launches target application with the remaining arguments. func_exec_program () { - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac func_exec_program_core \${1+\"\$@\"} } @@ -5090,9 +5096,15 @@ void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' - + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' cat <<"EOF" } EOF @@ -5677,7 +5689,8 @@ func_mode_link () continue ;; - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6181,7 +6194,8 @@ func_mode_link () lib= found=no case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" @@ -6882,7 +6896,7 @@ func_mode_link () test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then - add_dir="-L$dir" + add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -7367,6 +7381,7 @@ func_mode_link () # which has an extra 1 added just for fun # case $version_type in + # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result @@ -7483,7 +7498,7 @@ func_mode_link () versuffix="$major.$revision" ;; - linux) + linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" @@ -8071,6 +8086,11 @@ EOF # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= @@ -8101,7 +8121,7 @@ EOF elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; - *) func_apped perm_rpath " $libdir" ;; + *) func_append perm_rpath " $libdir" ;; esac fi done @@ -8109,11 +8129,7 @@ EOF if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" - if test -n "$hardcode_libdir_flag_spec_ld"; then - eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" - else - eval dep_rpath=\"$hardcode_libdir_flag_spec\" - fi + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. @@ -9203,6 +9219,8 @@ EOF esac done fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" @@ -9312,7 +9330,8 @@ EOF *.la) func_basename "$deplib" name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" diff --git a/contrib/openpam/misc/gendoc.pl b/contrib/openpam/misc/gendoc.pl index 7b76672..4ce2d39 100644 --- a/contrib/openpam/misc/gendoc.pl +++ b/contrib/openpam/misc/gendoc.pl @@ -33,7 +33,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: gendoc.pl 465 2011-11-02 20:34:26Z des $ +# $Id: gendoc.pl 599 2012-04-14 15:06:41Z des $ # use strict; @@ -81,12 +81,15 @@ $COPYRIGHT = ".\\\"- .\\\""; %AUTHORS = ( - THINKSEC => "ThinkSec AS and Network Associates Laboratories, the + THINKSEC => "developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc.\\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program.", - DES => ".An Dag-Erling Sm\\(/orgrav Aq des\@FreeBSD.org .", + DES => "developed by +.An Dag-Erling Sm\\(/orgrav Aq des\@des.no .", ); %PAMERR = ( @@ -136,6 +139,9 @@ sub parse_source($) { my $inlist; my $intaglist; my $inliteral; + my $customrv; + my $deprecated; + my $experimental; my %xref; my @errors; my $author; @@ -154,10 +160,18 @@ sub parse_source($) { if ($source =~ m/^ \* NOPARSE\s*$/m); $author = 'THINKSEC'; - if ($source =~ s/^ \* AUTHOR\s+(.*?)\s*$//m) { + if ($source =~ s/^ \* AUTHOR\s+(\w*)\s*$//m) { $author = $1; } + if ($source =~ s/^ \* DEPRECATED\s*(\w*)\s*$//m) { + $deprecated = $1 // 0; + } + + if ($source =~ s/^ \* EXPERIMENTAL\s*$//m) { + $experimental = 1; + } + $func = $fn; $func =~ s,^(?:.*/)?([^/]+)\.c$,$1,; if ($source !~ m,\n \* ([\S ]+)\n \*/\n\n([\S ]+)\n$func\((.*?)\)\n\{,s) { @@ -195,7 +209,7 @@ sub parse_source($) { # separate argument names with | $argnames =~ s/\" \"/|/g; # and surround with () - $argnames =~ s/^\"(.*)\"$/($1)/; + $argnames =~ s/^\"(.*)\"$/$1/; # $argnames is now a regexp that matches argument names $inliteral = $inlist = $intaglist = 0; foreach (split("\n", $source)) { @@ -211,12 +225,19 @@ sub parse_source($) { s/\\(.)/$1/gs; if (m/^$/) { # paragraph separator + if ($inlist || $intaglist) { + # either a blank line between list items, or a blank + # line after the final list item. The latter case + # will be handled further down. + next; + } + if ($man =~ m/\n\.Sh [^\n]+\n$/s) { + # a blank line after a section header + next; + } if ($man ne "" && $man !~ m/\.Pp\n$/s) { if ($inliteral) { $man .= "\0\n"; - } elsif ($inlist || $intaglist) { - $man .= ".El\n.Pp\n"; - $inlist = $intaglist = 0; } else { $man .= ".Pp\n"; } @@ -229,6 +250,14 @@ sub parse_source($) { ++$xref{$sect}->{$page}; next; } + if (s/^([A-Z][0-9A-Z -]+)$/.Sh $1/) { + if ($1 eq "RETURN VALUES") { + $customrv = $1; + } + $man =~ s/\n\.Pp$/\n/s; + $man .= "$_\n"; + next; + } if (s/^\s+-\s+//) { # item in bullet list if ($inliteral) { @@ -286,11 +315,12 @@ sub parse_source($) { $man .= "$_\n"; next; } - s/\s*=$func\b\s*/\n.Nm\n/gs; - s/\s*=$argnames\b\s*/\n.Fa $1\n/gs; + s/\s*=($func)\b\s*/\n.Fn $1\n/gs; + s/\s*=($argnames)\b\s*/\n.Fa $1\n/gs; s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs; s/\s*:([a-z_]+)\b\s*/\n.Va $1\n/gs; s/\s*;([a-z_]+)\b\s*/\n.Dv $1\n/gs; + s/\s*=!([a-z_]+)\b\s*/\n.Xr $1 3\n/gs; while (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/s) { ++$xref{3}->{$1}; } @@ -311,7 +341,7 @@ sub parse_source($) { $inliteral = 0; } $man =~ s/\%/\\&\%/gs; - $man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([\.,:;-]\S*)\s*/$1 $2\n/gs; + $man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([.,:;-])\s+/$1 $2\n/gs; $man =~ s/\s*$/\n/gm; $man =~ s/\n+/\n/gs; $man =~ s/\0//gs; @@ -331,6 +361,9 @@ sub parse_source($) { 'xref' => \%xref, 'errors' => \@errors, 'author' => $author, + 'customrv' => $customrv, + 'deprecated' => $deprecated, + 'experimental' => $experimental, }; if ($source =~ m/^ \* NODOC\s*$/m) { $FUNCTIONS{$func}->{'nodoc'} = 1; @@ -437,49 +470,75 @@ sub gendoc($) { .Lb libpam .Sh SYNOPSIS .In sys/types.h -.In security/pam_appl.h +"; + if ($func->{'args'} =~ m/\bFILE \*\b/) { + $mdoc .= ".In stdio.h\n"; + } + $mdoc .= ".In security/pam_appl.h "; if ($func->{'name'} =~ m/_sm_/) { - $mdoc .= ".In security/pam_modules.h\n" + $mdoc .= ".In security/pam_modules.h\n"; } if ($func->{'name'} =~ m/openpam/) { - $mdoc .= ".In security/openpam.h\n" + $mdoc .= ".In security/openpam.h\n"; } $mdoc .= ".Ft \"$func->{'type'}\" .Fn $func->{'name'} $func->{'args'} .Sh DESCRIPTION -$func->{'man'} "; - if ($func->{'type'} eq "int") { + if (defined($func->{'deprecated'})) { + $mdoc .= ".Bf Sy\n" . + "This function is deprecated and may be removed " . + "in a future release without further warning.\n"; + if ($func->{'deprecated'}) { + $mdoc .= "The\n.Fn $func->{'deprecated'}\nfunction " . + "may be used to achieve similar results.\n"; + } + $mdoc .= ".Ef\n.Pp\n"; + } + if ($func->{'experimental'}) { + $mdoc .= ".Bf Sy\n" . + "This function is experimental and may be modified or removed " . + "in a future release without further warning.\n"; + $mdoc .= ".Ef\n.Pp\n"; + } + $mdoc .= "$func->{'man'}\n"; + my @errors = @{$func->{'errors'}}; + if ($func->{'customrv'}) { + # leave it + } elsif ($func->{'type'} eq "int" && @errors) { $mdoc .= ".Sh RETURN VALUES The -.Nm +.Fn $func->{'name'} function returns one of the following values: .Bl -tag -width 18n "; - my @errors = @{$func->{'errors'}}; - warn("$func->{'name'}(): no error specification\n") - unless(@errors); foreach (@errors) { $mdoc .= ".It Bq Er $_\n$PAMERR{$_}.\n"; } $mdoc .= ".El\n"; - } else { - if ($func->{'type'} =~ m/\*$/) { - $mdoc .= ".Sh RETURN VALUES + } elsif ($func->{'type'} eq "int") { + $mdoc .= ".Sh RETURN VALUES +The +.Fn $func->{'name'} +function returns 0 on success and -1 on failure. +"; + } elsif ($func->{'type'} =~ m/\*$/) { + $mdoc .= ".Sh RETURN VALUES The -.Nm +.Fn $func->{'name'} function returns .Dv NULL on failure. "; - } + } elsif ($func->{'type'} ne "void") { + warn("$func->{'name'}(): no error specification\n"); } $mdoc .= ".Sh SEE ALSO\n" . genxref($func->{'xref'}); $mdoc .= ".Sh STANDARDS\n"; if ($func->{'openpam'}) { $mdoc .= "The -.Nm +.Fn $func->{'name'} function is an OpenPAM extension. "; } else { @@ -491,10 +550,9 @@ function is an OpenPAM extension. } $mdoc .= ".Sh AUTHORS The -.Nm -function and this manual page were developed for the -.Fx -Project by\n" . $AUTHORS{$func->{'author'} // 'THINKSEC_DARPA'} . "\n"; +.Fn $func->{'name'} +function and this manual page were\n"; + $mdoc .= $AUTHORS{$func->{'author'} // 'THINKSEC_DARPA'} . "\n"; $fn = "$func->{'name'}.3"; if (open(FILE, ">", $fn)) { print(FILE $mdoc); @@ -608,6 +666,9 @@ Security Research Division of Network Associates, Inc.\\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\\(/orgrav Aq des\@des.no . "; close(FILE); } diff --git a/contrib/openpam/pamgdb.in b/contrib/openpam/pamgdb.in new file mode 100644 index 0000000..2ec2d65 --- /dev/null +++ b/contrib/openpam/pamgdb.in @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $Id: pamgdb.in 583 2012-04-07 18:56:13Z des $ +# + +srcdir="@abs_top_srcdir@" +builddir="@abs_top_builddir@" + +# Make sure we get the right version of libpam +pam_libdir="${builddir}/lib/.libs" +LD_LIBRARY_PATH="${pam_libdir}:${LD_LIBRARY_PATH}" +LD_LIBRARY_PATH="${LD_LIBRARY_PATH%:}" +export LD_LIBRARY_PATH + +# DWIM, assuming that the first positional argument is the name of the +# program to debug rather than a gdb option. +prog="$1" +if expr "${prog}" : ".*/.*" >/dev/null ; then + # The first argument is an absolute or relative path. There + # is a good chance that it points to the wrapper script + # generated by libtool rather than the actual binary. + altprog="${prog%/*}/.libs/${prog##*/}" + if [ -x "${altprog}" ] ; then + shift + set "${altprog}" "$@" + fi +elif expr "${prog}" : "[a-z.-][a-z.-]*" >/dev/null ; then + # The first argument is just the name of the program. Look for + # it in the build directory. + for libdir in $(find "${builddir}" -type d -name .libs -print) ; do + altprog="${libdir}/${prog}" + if [ -x "${altprog}" ] ; then + shift + set "${altprog}" "$@" + break + fi + done +fi + +# Let's go! +exec gdb "$@" diff --git a/contrib/openpam/t/Makefile.am b/contrib/openpam/t/Makefile.am new file mode 100644 index 0000000..a3f596d --- /dev/null +++ b/contrib/openpam/t/Makefile.am @@ -0,0 +1,16 @@ +# $Id: Makefile.am 572 2012-04-05 15:41:44Z des $ + +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib + +noinst_HEADERS = t.h + +# tests +TESTS = t_openpam_readword t_openpam_readlinev +check_PROGRAMS = $(TESTS) + +# libt - common support code +check_LIBRARIES = libt.a +libt_a_SOURCES = t_main.c + +# link with libpam and libt +LDADD = libt.a $(top_builddir)/lib/libpam.la diff --git a/contrib/openpam/t/Makefile.in b/contrib/openpam/t/Makefile.in new file mode 100644 index 0000000..e71618b --- /dev/null +++ b/contrib/openpam/t/Makefile.in @@ -0,0 +1,605 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $Id: Makefile.am 572 2012-04-05 15:41:44Z des $ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +TESTS = t_openpam_readword$(EXEEXT) t_openpam_readlinev$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) +subdir = t +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +ARFLAGS = cru +libt_a_AR = $(AR) $(ARFLAGS) +libt_a_LIBADD = +am_libt_a_OBJECTS = t_main.$(OBJEXT) +libt_a_OBJECTS = $(am_libt_a_OBJECTS) +am__EXEEXT_1 = t_openpam_readword$(EXEEXT) \ + t_openpam_readlinev$(EXEEXT) +t_openpam_readlinev_SOURCES = t_openpam_readlinev.c +t_openpam_readlinev_OBJECTS = t_openpam_readlinev.$(OBJEXT) +t_openpam_readlinev_LDADD = $(LDADD) +t_openpam_readlinev_DEPENDENCIES = libt.a \ + $(top_builddir)/lib/libpam.la +t_openpam_readword_SOURCES = t_openpam_readword.c +t_openpam_readword_OBJECTS = t_openpam_readword.$(OBJEXT) +t_openpam_readword_LDADD = $(LDADD) +t_openpam_readword_DEPENDENCIES = libt.a $(top_builddir)/lib/libpam.la +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libt_a_SOURCES) t_openpam_readlinev.c t_openpam_readword.c +DIST_SOURCES = $(libt_a_SOURCES) t_openpam_readlinev.c \ + t_openpam_readword.c +HEADERS = $(noinst_HEADERS) +ETAGS = etags +CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIBS = @DL_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib +noinst_HEADERS = t.h + +# libt - common support code +check_LIBRARIES = libt.a +libt_a_SOURCES = t_main.c + +# link with libpam and libt +LDADD = libt.a $(top_builddir)/lib/libpam.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign t/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign t/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkLIBRARIES: + -test -z "$(check_LIBRARIES)" || rm -f $(check_LIBRARIES) +libt.a: $(libt_a_OBJECTS) $(libt_a_DEPENDENCIES) + -rm -f libt.a + $(libt_a_AR) libt.a $(libt_a_OBJECTS) $(libt_a_LIBADD) + $(RANLIB) libt.a + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +t_openpam_readlinev$(EXEEXT): $(t_openpam_readlinev_OBJECTS) $(t_openpam_readlinev_DEPENDENCIES) + @rm -f t_openpam_readlinev$(EXEEXT) + $(LINK) $(t_openpam_readlinev_OBJECTS) $(t_openpam_readlinev_LDADD) $(LIBS) +t_openpam_readword$(EXEEXT): $(t_openpam_readword_OBJECTS) $(t_openpam_readword_DEPENDENCIES) + @rm -f t_openpam_readword$(EXEEXT) + $(LINK) $(t_openpam_readword_OBJECTS) $(t_openpam_readword_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_openpam_readlinev.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_openpam_readword.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ + echo "$$banner"; \ + test -z "$$skipped" || echo "$$skipped"; \ + test -z "$$report" || echo "$$report"; \ + echo "$$dashes$$std"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_LIBRARIES) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(HEADERS) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkLIBRARIES clean-checkPROGRAMS clean-generic \ + clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ + clean-checkLIBRARIES clean-checkPROGRAMS clean-generic \ + clean-libtool ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/contrib/openpam/t/t.h b/contrib/openpam/t/t.h new file mode 100644 index 0000000..4805b76 --- /dev/null +++ b/contrib/openpam/t/t.h @@ -0,0 +1,60 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: t.h 578 2012-04-06 00:45:59Z des $ + */ + +#ifndef T_H_INCLUDED +#define T_H_INCLUDED + +#include <security/openpam_attr.h> + +struct t_test { + int (*func)(void); + const char *desc; +}; + +#define T_FUNC(n, d) \ + static int t_ ## n ## _func(void); \ + static const struct t_test t_ ## n = \ + { t_ ## n ## _func, d }; \ + static int t_ ## n ## _func(void) + +#define T(n) \ + &t_ ## n + +extern const char *t_progname; + +const struct t_test **t_prepare(int, char **); +void t_cleanup(void); + +void t_verbose(const char *, ...) + OPENPAM_FORMAT((__printf__, 1, 2)); + +#endif diff --git a/contrib/openpam/t/t_main.c b/contrib/openpam/t/t_main.c new file mode 100644 index 0000000..6a29b0a --- /dev/null +++ b/contrib/openpam/t/t_main.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: t_main.c 578 2012-04-06 00:45:59Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <err.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "t.h" + +const char *t_progname; + +static int verbose; + +void +t_verbose(const char *fmt, ...) +{ + va_list ap; + + if (verbose) { + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + } +} + +static void +usage(void) +{ + + fprintf(stderr, "usage: [-v] %s\n", t_progname); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + const struct t_test **t_plan; + const char *desc; + int n, pass, fail; + int opt; + + if ((t_progname = strrchr(argv[0], '/')) != NULL) + t_progname++; /* one past the slash */ + else + t_progname = argv[0]; + + while ((opt = getopt(argc, argv, "v")) != -1) + switch (opt) { + case 'v': + verbose = 1; + break; + default: + usage(); + } + + argc -= optind; + argv += optind; + + /* prepare the test plan */ + if ((t_plan = t_prepare(argc, argv)) == NULL) + errx(1, "no plan\n"); + + /* count the tests */ + for (n = 0; t_plan[n] != NULL; ++n) + /* nothing */; + printf("1..%d\n", n); + + /* run the tests */ + for (n = pass = fail = 0; t_plan[n] != NULL; ++n) { + desc = t_plan[n]->desc ? t_plan[n]->desc : "no description"; + if ((*t_plan[n]->func)()) { + printf("ok %d - %s\n", n + 1, desc); + ++pass; + } else { + printf("not ok %d - %s\n", n + 1, desc); + ++fail; + } + } + + /* clean up and exit */ + t_cleanup(); + exit(fail > 0 ? 1 : 0); +} diff --git a/contrib/openpam/t/t_openpam_readlinev.c b/contrib/openpam/t/t_openpam_readlinev.c new file mode 100644 index 0000000..bb0ff90 --- /dev/null +++ b/contrib/openpam/t/t_openpam_readlinev.c @@ -0,0 +1,342 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: t_openpam_readlinev.c 581 2012-04-06 01:08:37Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" +#include "t.h" + +static char filename[1024]; +static FILE *f; + +/* + * Open the temp file and immediately unlink it so it doesn't leak in case + * of premature exit. + */ +static void +orlv_open(void) +{ + int fd; + + if ((fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600)) < 0) + err(1, "%s(): %s", __func__, filename); + if ((f = fdopen(fd, "r+")) == NULL) + err(1, "%s(): %s", __func__, filename); + if (unlink(filename) < 0) + err(1, "%s(): %s", __func__, filename); +} + +/* + * Write text to the temp file. + */ +static void +orlv_output(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf(f, fmt, ap); + va_end(ap); + if (ferror(f)) + err(1, "%s", filename); +} + +/* + * Rewind the temp file. + */ +static void +orlv_rewind(void) +{ + + errno = 0; + rewind(f); + if (errno != 0) + err(1, "%s(): %s", __func__, filename); +} + +/* + * Read a line from the temp file and verify that the result matches our + * expectations: whether a line was read at all, how many and which words + * it contained, how many lines were read (in case of quoted or escaped + * newlines) and whether we reached the end of the file. + */ +static int +orlv_expect(const char **expectedv, int lines, int eof) +{ + int expectedc, gotc, i, lineno = 0; + char **gotv; + + expectedc = 0; + if (expectedv != NULL) + while (expectedv[expectedc] != NULL) + ++expectedc; + gotv = openpam_readlinev(f, &lineno, &gotc); + if (ferror(f)) + err(1, "%s(): %s", __func__, filename); + if (expectedv != NULL && gotv == NULL) { + t_verbose("expected %d words, got nothing\n", expectedc); + return (0); + } + if (expectedv == NULL && gotv != NULL) { + t_verbose("expected nothing, got %d words\n", gotc); + FREEV(gotc, gotv); + return (0); + } + if (expectedv != NULL && gotv != NULL) { + if (expectedc != gotc) { + t_verbose("expected %d words, got %d\n", + expectedc, gotc); + FREEV(gotc, gotv); + return (0); + } + for (i = 0; i < gotc; ++i) { + if (strcmp(expectedv[i], gotv[i]) != 0) { + t_verbose("word %d: expected <<%s>>, " + "got <<%s>>\n", i, expectedv[i], gotv[i]); + FREEV(gotc, gotv); + return (0); + } + } + FREEV(gotc, gotv); + } + if (lineno != lines) { + t_verbose("expected to advance %d lines, advanced %d lines\n", + lines, lineno); + return (0); + } + if (eof && !feof(f)) { + t_verbose("expected EOF, but didn't get it\n"); + return (0); + } + if (!eof && feof(f)) { + t_verbose("didn't expect EOF, but got it anyway\n"); + return (0); + } + return (1); +} + +/* + * Close the temp file. + */ +void +orlv_close(void) +{ + + if (fclose(f) != 0) + err(1, "%s(): %s", __func__, filename); + f = NULL; +} + +/*************************************************************************** + * Commonly-used lines + */ + +static const char *empty[] = { + NULL +}; + +static const char *hello[] = { + "hello", + NULL +}; + +static const char *hello_world[] = { + "hello", + "world", + NULL +}; + + +/*************************************************************************** + * Lines without words + */ + +T_FUNC(empty_input, "empty input") +{ + int ret; + + orlv_open(); + ret = orlv_expect(NULL, 0 /*lines*/, 1 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(empty_line, "empty line") +{ + int ret; + + orlv_open(); + orlv_output("\n"); + orlv_rewind(); + ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(unterminated_empty_line, "unterminated empty line") +{ + int ret; + + orlv_open(); + orlv_output(" "); + orlv_rewind(); + ret = orlv_expect(NULL, 0 /*lines*/, 1 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(whitespace, "whitespace") +{ + int ret; + + orlv_open(); + orlv_output(" \n"); + orlv_rewind(); + ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(comment, "comment") +{ + int ret; + + orlv_open(); + orlv_output("# comment\n"); + orlv_rewind(); + ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(whitespace_before_comment, "whitespace before comment") +{ + int ret; + + orlv_open(); + orlv_output(" # comment\n"); + orlv_rewind(); + ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + + +/*************************************************************************** + * Simple words + */ + +T_FUNC(one_word, "one word") +{ + int ret; + + orlv_open(); + orlv_output("hello\n"); + orlv_rewind(); + ret = orlv_expect(hello, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(two_words, "two words") +{ + int ret; + + orlv_open(); + orlv_output("hello world\n"); + orlv_rewind(); + ret = orlv_expect(hello_world, 1 /*lines*/, 0 /*eof*/); + orlv_close(); + return (ret); +} + +T_FUNC(unterminated_line, "unterminated line") +{ + int ret; + + orlv_open(); + orlv_output("hello world"); + orlv_rewind(); + ret = orlv_expect(hello_world, 0 /*lines*/, 1 /*eof*/); + orlv_close(); + return (ret); +} + + +/*************************************************************************** + * Boilerplate + */ + +const struct t_test *t_plan[] = { + T(empty_input), + T(empty_line), + T(unterminated_empty_line), + T(whitespace), + T(comment), + T(whitespace_before_comment), + + T(one_word), + T(two_words), + T(unterminated_line), + + NULL +}; + +const struct t_test ** +t_prepare(int argc, char *argv[]) +{ + + (void)argc; + (void)argv; + snprintf(filename, sizeof filename, "%s.%d.tmp", t_progname, getpid()); + if (filename == NULL) + err(1, "asprintf()"); + return (t_plan); +} + +void +t_cleanup(void) +{ +} diff --git a/contrib/openpam/t/t_openpam_readword.c b/contrib/openpam/t/t_openpam_readword.c new file mode 100644 index 0000000..2135d8b --- /dev/null +++ b/contrib/openpam/t/t_openpam_readword.c @@ -0,0 +1,829 @@ +/*- + * Copyright (c) 2012 Dag-Erling Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: t_openpam_readword.c 584 2012-04-07 22:47:16Z des $ + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <err.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "t.h" + +static char filename[1024]; +static FILE *f; + +/* + * Open the temp file and immediately unlink it so it doesn't leak in case + * of premature exit. + */ +static void +orw_open(void) +{ + int fd; + + if ((fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600)) < 0) + err(1, "%s(): %s", __func__, filename); + if ((f = fdopen(fd, "r+")) == NULL) + err(1, "%s(): %s", __func__, filename); + if (unlink(filename) < 0) + err(1, "%s(): %s", __func__, filename); +} + +/* + * Write text to the temp file. + */ +static void +orw_output(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf(f, fmt, ap); + va_end(ap); + if (ferror(f)) + err(1, "%s", filename); +} + +/* + * Rewind the temp file. + */ +static void +orw_rewind(void) +{ + + errno = 0; + rewind(f); + if (errno != 0) + err(1, "%s(): %s", __func__, filename); +} + +/* + * Read a word from the temp file and verify that the result matches our + * expectations: whether a word was read at all, how many lines were read + * (in case of quoted or escaped newlines), whether we reached the end of + * the file and whether we reached the end of the line. + */ +static int +orw_expect(const char *expected, int lines, int eof, int eol) +{ + int ch, lineno = 0; + char *got; + size_t len; + + got = openpam_readword(f, &lineno, &len); + if (ferror(f)) + err(1, "%s(): %s", __func__, filename); + if (expected != NULL && got == NULL) { + t_verbose("expected <<%s>>, got nothing\n", expected); + return (0); + } + if (expected == NULL && got != NULL) { + t_verbose("expected nothing, got <<%s>>\n", got); + return (0); + } + if (expected != NULL && got != NULL && strcmp(expected, got) != 0) { + t_verbose("expected <<%s>>, got <<%s>>\n", expected, got); + return (0); + } + if (lineno != lines) { + t_verbose("expected to advance %d lines, advanced %d lines\n", + lines, lineno); + return (0); + } + if (eof && !feof(f)) { + t_verbose("expected EOF, but didn't get it\n"); + return (0); + } + if (!eof && feof(f)) { + t_verbose("didn't expect EOF, but got it anyway\n"); + return (0); + } + ch = fgetc(f); + if (ferror(f)) + err(1, "%s(): %s", __func__, filename); + if (eol && ch != '\n') { + t_verbose("expected EOL, but didn't get it\n"); + return (0); + } + if (!eol && ch == '\n') { + t_verbose("didn't expect EOL, but got it anyway\n"); + return (0); + } + if (ch != EOF) + ungetc(ch, f); + return (1); +} + +/* + * Close the temp file. + */ +void +orw_close(void) +{ + + if (fclose(f) != 0) + err(1, "%s(): %s", __func__, filename); + f = NULL; +} + + +/*************************************************************************** + * Lines without words + */ + +T_FUNC(empty_input, "empty input") +{ + int ret; + + orw_open(); + ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(empty_line, "empty line") +{ + int ret; + + orw_open(); + orw_output("\n"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(unterminated_line, "unterminated line") +{ + int ret; + + orw_open(); + orw_output(" "); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_whitespace, "single whitespace") +{ + int ret; + + orw_open(); + orw_output(" \n"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(multiple_whitespace, "multiple whitespace") +{ + int ret; + + orw_open(); + orw_output(" \t\r\n"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(comment, "comment") +{ + int ret; + + orw_open(); + orw_output("# comment\n"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(whitespace_before_comment, "whitespace before comment") +{ + int ret; + + orw_open(); + orw_output(" # comment\n"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + + +/*************************************************************************** + * Simple cases - no quotes or escapes + */ + +T_FUNC(single_word, "single word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output("%s\n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_whitespace_before_word, "single whitespace before word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output(" %s\n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(double_whitespace_before_word, "double whitespace before word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output(" %s\n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_whitespace_after_word, "single whitespace after word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output("%s \n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(double_whitespace_after_word, "double whitespace after word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output("%s \n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(comment_after_word, "comment after word") +{ + const char *word = "hello"; + int ret; + + orw_open(); + orw_output("%s # comment\n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(word_containing_hash, "word containing hash") +{ + const char *word = "hello#world"; + int ret; + + orw_open(); + orw_output("%s\n", word); + orw_rewind(); + ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(two_words, "two words") +{ + const char *word[] = { "hello", "world" }; + int ret; + + orw_open(); + orw_output("%s %s\n", word[0], word[1]); + orw_rewind(); + ret = orw_expect(word[0], 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect(word[1], 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + + +/*************************************************************************** + * Escapes + */ + +T_FUNC(naked_escape, "naked escape") +{ + int ret; + + orw_open(); + orw_output("\\"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_escape, "escaped escape") +{ + int ret; + + orw_open(); + orw_output("\\\\\n"); + orw_rewind(); + ret = orw_expect("\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_whitespace, "escaped whitespace") +{ + int ret; + + orw_open(); + orw_output("\\ \\\t \\\r \\\n\n"); + orw_rewind(); + ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + /* this last one is a line continuation */ + orw_expect(NULL, 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_newline_before_word, "escaped newline before word") +{ + int ret; + + orw_open(); + orw_output("\\\nhello world\n"); + orw_rewind(); + ret = orw_expect("hello", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_newline_within_word, "escaped newline within word") +{ + int ret; + + orw_open(); + orw_output("hello\\\nworld\n"); + orw_rewind(); + ret = orw_expect("helloworld", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_newline_after_word, "escaped newline after word") +{ + int ret; + + orw_open(); + orw_output("hello\\\n world\n"); + orw_rewind(); + ret = orw_expect("hello", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_letter, "escaped letter") +{ + int ret; + + orw_open(); + orw_output("\\z\n"); + orw_rewind(); + ret = orw_expect("z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + + +/*************************************************************************** + * Quotes + */ + +T_FUNC(naked_single_quote, "naked single quote") +{ + int ret; + + orw_open(); + orw_output("'"); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(naked_double_quote, "naked double quote") +{ + int ret; + + orw_open(); + orw_output("\""); + orw_rewind(); + ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(empty_single_quotes, "empty single quotes") +{ + int ret; + + orw_open(); + orw_output("''\n"); + orw_rewind(); + ret = orw_expect("", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(empty_double_quotes, "empty double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\"\n"); + orw_rewind(); + ret = orw_expect("", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_quotes_within_double_quotes, "single quotes within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"' '\"\n"); + orw_rewind(); + ret = orw_expect("' '", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(double_quotes_within_single_quotes, "double quotes within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\" \"'\n"); + orw_rewind(); + ret = orw_expect("\" \"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_quoted_whitespace, "single-quoted whitespace") +{ + int ret; + + orw_open(); + orw_output("' ' '\t' '\r' '\n'\n"); + orw_rewind(); + ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(double_quoted_whitespace, "double-quoted whitespace") +{ + int ret; + + orw_open(); + orw_output("\" \" \"\t\" \"\r\" \"\n\"\n"); + orw_rewind(); + ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(single_quoted_words, "single-quoted words") +{ + int ret; + + orw_open(); + orw_output("'hello world'\n"); + orw_rewind(); + ret = orw_expect("hello world", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(double_quoted_words, "double-quoted words") +{ + int ret; + + orw_open(); + orw_output("\"hello world\"\n"); + orw_rewind(); + ret = orw_expect("hello world", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + + +/*************************************************************************** + * Combinations of escape and quotes + */ + +T_FUNC(escaped_single_quote, + "escaped single quote") +{ + int ret; + + orw_open(); + orw_output("\\'\n"); + orw_rewind(); + ret = orw_expect("'", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_double_quote, + "escaped double quote") +{ + int ret; + + orw_open(); + orw_output("\\\"\n"); + orw_rewind(); + ret = orw_expect("\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_whitespace_within_single_quotes, + "escaped whitespace within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\\ ' '\\\t' '\\\r' '\\\n'\n"); + orw_rewind(); + ret = orw_expect("\\ ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\\\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\\\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\\\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_whitespace_within_double_quotes, + "escaped whitespace within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\\ \" \"\\\t\" \"\\\r\" \"\\\n\"\n"); + orw_rewind(); + ret = orw_expect("\\ ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\\\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + orw_expect("\\\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) && + /* this last one is a line continuation */ + orw_expect("", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_letter_within_single_quotes, + "escaped letter within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\\z'\n"); + orw_rewind(); + ret = orw_expect("\\z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_letter_within_double_quotes, + "escaped letter within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\\z\"\n"); + orw_rewind(); + ret = orw_expect("\\z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_escape_within_single_quotes, + "escaped escape within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\\\\'\n"); + orw_rewind(); + ret = orw_expect("\\\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_escape_within_double_quotes, + "escaped escape within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\\\\\"\n"); + orw_rewind(); + ret = orw_expect("\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_single_quote_within_single_quotes, + "escaped single quote within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\\''\n"); + orw_rewind(); + ret = orw_expect(NULL, 1 /*lines*/, 1 /*eof*/, 0 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_double_quote_within_single_quotes, + "escaped double quote within single quotes") +{ + int ret; + + orw_open(); + orw_output("'\\\"'\n"); + orw_rewind(); + ret = orw_expect("\\\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_single_quote_within_double_quotes, + "escaped single quote within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\\'\"\n"); + orw_rewind(); + ret = orw_expect("\\'", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + +T_FUNC(escaped_double_quote_within_double_quotes, + "escaped double quote within double quotes") +{ + int ret; + + orw_open(); + orw_output("\"\\\"\"\n"); + orw_rewind(); + ret = orw_expect("\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/); + orw_close(); + return (ret); +} + + +/*************************************************************************** + * Boilerplate + */ + +const struct t_test *t_plan[] = { + T(empty_input), + T(empty_line), + T(single_whitespace), + T(multiple_whitespace), + T(comment), + T(whitespace_before_comment), + + T(single_word), + T(single_whitespace_before_word), + T(double_whitespace_before_word), + T(single_whitespace_after_word), + T(double_whitespace_after_word), + T(comment_after_word), + T(word_containing_hash), + T(two_words), + + T(naked_escape), + T(escaped_escape), + T(escaped_whitespace), + T(escaped_newline_before_word), + T(escaped_newline_within_word), + T(escaped_newline_after_word), + T(escaped_letter), + + T(naked_single_quote), + T(naked_double_quote), + T(empty_single_quotes), + T(empty_double_quotes), + T(single_quotes_within_double_quotes), + T(double_quotes_within_single_quotes), + T(single_quoted_whitespace), + T(double_quoted_whitespace), + T(single_quoted_words), + T(double_quoted_words), + + T(escaped_single_quote), + T(escaped_double_quote), + T(escaped_whitespace_within_single_quotes), + T(escaped_whitespace_within_double_quotes), + T(escaped_letter_within_single_quotes), + T(escaped_letter_within_double_quotes), + T(escaped_escape_within_single_quotes), + T(escaped_escape_within_double_quotes), + T(escaped_single_quote_within_single_quotes), + T(escaped_double_quote_within_single_quotes), + T(escaped_single_quote_within_double_quotes), + T(escaped_double_quote_within_double_quotes), + + NULL +}; + +const struct t_test ** +t_prepare(int argc, char *argv[]) +{ + + (void)argc; + (void)argv; + snprintf(filename, sizeof filename, "%s.%d.tmp", t_progname, getpid()); + if (filename == NULL) + err(1, "asprintf()"); + return (t_plan); +} + +void +t_cleanup(void) +{ +} diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile index 1071e05..b57a38e 100644 --- a/lib/libpam/libpam/Makefile +++ b/lib/libpam/libpam/Makefile @@ -47,16 +47,22 @@ SRCS= openpam_borrow_cred.c \ openpam_constants.c \ openpam_dispatch.c \ openpam_dynamic.c \ + openpam_features.c \ openpam_findenv.c \ openpam_free_data.c \ openpam_free_envlist.c \ + openpam_get_feature.c \ openpam_get_option.c \ openpam_load.c \ openpam_log.c \ openpam_nullconv.c \ openpam_readline.c \ + openpam_readlinev.c \ + openpam_readword.c \ openpam_restore_cred.c \ + openpam_set_feature.c \ openpam_set_option.c \ + openpam_straddch.c \ openpam_subst.c \ openpam_ttyconv.c \ pam_acct_mgmt.c \ @@ -91,12 +97,17 @@ MAN= openpam.3 \ openpam_borrow_cred.3 \ openpam_free_data.3 \ openpam_free_envlist.3 \ + openpam_get_feature.3 \ openpam_get_option.3 \ openpam_log.3 \ openpam_nullconv.3 \ openpam_readline.3 \ + openpam_readlinev.3 \ + openpam_readword.3 \ openpam_restore_cred.3 \ + openpam_set_feature.3 \ openpam_set_option.3 \ + openpam_straddch.3 \ openpam_subst.3 \ openpam_ttyconv.3 \ pam.3 \ @@ -137,11 +148,13 @@ MAN= openpam.3 \ MLINKS= pam.conf.5 pam.d.5 CSTD?= c99 -WARNS?= 3 CFLAGS+= -I${.CURDIR} -I${OPENPAM}/include CFLAGS+= -DLIB_MAJ=${SHLIB_MAJOR} CFLAGS+= -DOPENPAM_MODULES_DIR='"${PAM_MOD_DIR:C/\/*$//}/"' -CFLAGS+= -DHAVE_FPURGE=1 -DHAVE_STRLCPY=1 +CFLAGS+= -DHAVE_FDLOPEN=1 +CFLAGS+= -DHAVE_FPURGE=1 +CFLAGS+= -DHAVE_STRLCAT=1 +CFLAGS+= -DHAVE_STRLCPY=1 HEADERS= security/openpam.h \ security/openpam_attr.h \ diff --git a/usr.bin/pamtest/Makefile b/usr.bin/pamtest/Makefile new file mode 100644 index 0000000..1968300 --- /dev/null +++ b/usr.bin/pamtest/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +OPENPAM= ${.CURDIR}/../../contrib/openpam +.PATH: ${OPENPAM}/include ${OPENPAM}/bin/pamtest + +PROG= pamtest +SRCS= pamtest.c +DPADD= ${LIBPAM} +LDADD= ${MINUSLPAM} + +.include <bsd.prog.mk> |