[SCM] pam wrapper repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Jan 8 12:23:02 UTC 2016
The branch, master has been updated
via 5d4184d pwrap: Wrap audit_open() to fix sshd
via 262bced Coverity: Remove deadcode
via 8eebf23 Coverity: Fix memory leak in libpamtest on error
via 658b631 python: Remove dead code in test_result_list_concat()
via 9b9eb66 tests: Fix a possible memory leak in pwrap_conv()
via e97bd79 tests: Do not dreference key before NULL check in string_in_list()
via 73f6fe7 cmake: Link pam_wrapper to libdl
via 62f284e doc: Also install pam_matrix manpage
via 95e65b2 cmake: Install pypamtest
via f2ca116 cmake: Find the python executable and site libs
via 0195f1e cmake: Add FindPythonSiteLibs.cmake
via 60079f6 cmake: Use python_add_module function
via 6ec9881 pwrap: Do not close negative fds in p_copy()
via 30ccd17 pwrap: Fix a resource leak in p_rmdirs()
via c0f5c53 pwrap: Add more debug messages if something goes wrong
via 20a8d76 pwrap: Do not fail on EOL in pwrap_clean_stale_dirs()
via 6349655 pwrap: Close the pidfile in pwrap_init()
via 75d05c9 pwrap: Add log message for directory cleanup
from 7267de3 py: Fix strict aliasing rules in initpypamtest()
https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5d4184db3f8ef11997385c0ebf582b5bc5c7bef3
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 18 11:10:53 2015 +0100
pwrap: Wrap audit_open() to fix sshd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 262bceddfcdc844aab550a6506f301c926ef30b6
Author: Jakub Hrozek <jakub.hrozek at posteo.se>
Date: Wed Dec 16 15:17:42 2015 +0100
Coverity: Remove deadcode
Signed-off-by: Jakub Hrozek <jakub.hrozek at posteo.se>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 8eebf23df143c8ce54af9db62439fca2103ecebb
Author: Jakub Hrozek <jakub.hrozek at posteo.se>
Date: Wed Dec 16 15:20:48 2015 +0100
Coverity: Fix memory leak in libpamtest on error
Signed-off-by: Jakub Hrozek <jakub.hrozek at posteo.se>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 658b63134f3d3831541fa58f7932d48a0b954d2e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:19:56 2015 +0100
python: Remove dead code in test_result_list_concat()
There is a NULL check already above and the XDECREF does not set the
object to NULL.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 9b9eb66df9510e099dabd490edd4457b821b2b4b
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:16:36 2015 +0100
tests: Fix a possible memory leak in pwrap_conv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit e97bd79fda87794219602fef441e62c2d7ea9255
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:13:59 2015 +0100
tests: Do not dreference key before NULL check in string_in_list()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 73f6fe75383130089bc663d1ae013c03e42840d9
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:02:43 2015 +0100
cmake: Link pam_wrapper to libdl
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 62f284e9ec40089c8c25cfb35c61a43bb519d293
Author: Jakub Hrozek <jakub.hrozek at posteo.se>
Date: Wed Dec 16 13:40:13 2015 +0100
doc: Also install pam_matrix manpage
Signed-off-by: Jakub Hrozek <jakub.hrozek at posteo.se>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 95e65b2e6b1db88d9680ee0b43a9884846fb71f7
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 10:48:14 2015 +0100
cmake: Install pypamtest
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit f2ca1160fa339c03a65c5affb4c321105e352437
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 10:36:22 2015 +0100
cmake: Find the python executable and site libs
This is needed to find the PYTHON_SITELIB directory for module
installation.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 0195f1ed67cae8643f992fc3e29f2336566995fd
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 10:29:29 2015 +0100
cmake: Add FindPythonSiteLibs.cmake
This adds support do discover PYTHON_SITELIB location.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 60079f686ecee2ce13be5ef0f95f3c77becae9af
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 10:16:32 2015 +0100
cmake: Use python_add_module function
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 6ec9881fb124db4a638ba7b759428822325b790c
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:24:13 2015 +0100
pwrap: Do not close negative fds in p_copy()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 30ccd171c97458d80d64a7f20a6f0ebf50297828
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 16 15:22:09 2015 +0100
pwrap: Fix a resource leak in p_rmdirs()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit c0f5c530b915451dc10881f486e0f98ca526db5d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 18 10:50:47 2015 +0100
pwrap: Add more debug messages if something goes wrong
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 20a8d7658f96c0bf11923ed786dc00a3ee0d3a63
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 18 10:50:29 2015 +0100
pwrap: Do not fail on EOL in pwrap_clean_stale_dirs()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 6349655cee54bb2f47748b21637e0ba9c45565ca
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 18 10:49:00 2015 +0100
pwrap: Close the pidfile in pwrap_init()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 75d05c9fbccdb1ac84913d03c4716a44392abfb0
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 18 10:26:14 2015 +0100
pwrap: Add log message for directory cleanup
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
CMakeLists.txt | 3 ++
cmake/Modules/FindPythonSiteLibs.cmake | 56 ++++++++++++++++++++++++++++++++++
doc/CMakeLists.txt | 5 +++
src/CMakeLists.txt | 2 +-
src/libpamtest.c | 21 ++++++++++---
src/pam_wrapper.c | 39 ++++++++++++++++++++---
src/python/CMakeLists.txt | 17 ++++++-----
src/python/pypamtest.c | 4 ---
tests/test_pam_wrapper.c | 15 +++++----
9 files changed, 135 insertions(+), 27 deletions(-)
create mode 100644 cmake/Modules/FindPythonSiteLibs.cmake
Changeset truncated at 500 lines:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4743c6b..8709a14 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,8 +45,11 @@ macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source buil
# Find out if we have threading available
set(CMAKE_THREAD_PREFER_PTHREADS ON)
find_package(Threads)
+
+find_package(PythonInterp)
set(Python_ADDITIONAL_VERSIONS 2.6 2.7 3.3 3.4)
find_package(PythonLibs)
+find_package(PythonSiteLibs)
# config.h checks
include(ConfigureChecks.cmake)
diff --git a/cmake/Modules/FindPythonSiteLibs.cmake b/cmake/Modules/FindPythonSiteLibs.cmake
new file mode 100644
index 0000000..ab2931e
--- /dev/null
+++ b/cmake/Modules/FindPythonSiteLibs.cmake
@@ -0,0 +1,56 @@
+#.rst:
+# FindPythonSiteLibs
+# --------------
+#
+# Find the location of python site libraries
+#
+# ::
+#
+# PYTHON_SITELIB = path to the sitelib install directory
+# PYTHON_SITEINC = path to the siteinc install directory
+#
+# Note that these variable do not have a prefix set. So you should for example
+# prepend the CMAKE_INSTALL_PREFIX.
+
+#=============================================================================
+# Copyright 2015 Andreas Schneider <asn at cryptomilk.org>
+#
+# Distributed under the OSI-approved BSD License (the "License");
+# see accompanying file Copyright.txt for details.
+#
+# This software is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the License for more information.
+#=============================================================================
+# (To distribute this file outside of CMake, substitute the full
+# License text for the above reference.)
+
+if (PYTHON_EXECUTABLE)
+ ### PYTHON_SITELIB
+ execute_process(
+ COMMAND
+ ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(plat_specific=True, prefix=''))"
+ OUTPUT_VARIABLE
+ PYTHON_SITELIB_OUTPUT_VARIABLE
+ RESULT_VARIABLE
+ PYTHON_SITELIB_RESULT_VARIABLE
+ OUTPUT_STRIP_TRAILING_WHITESPACE
+ )
+ if (NOT PYTHON_SITELIB_RESULT_VARIABLE)
+ file(TO_CMAKE_PATH "${PYTHON_SITELIB_OUTPUT_VARIABLE}" PYTHON_SITELIB)
+ endif ()
+
+ ### PYTHON_SITEINC
+ execute_process(
+ COMMAND
+ ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_inc; print(get_python_inc(plat_specific=True, prefix=''))"
+ OUTPUT_VARIABLE
+ PYTHON_SITEINC_OUTPUT_VARIABLE
+ RESULT_VARIABLE
+ PYTHON_SITEINC_RESULT_VARIABLE
+ OUTPUT_STRIP_TRAILING_WHITESPACE
+ )
+ if (NOT PYTHON_SITEINC_RESULT_VARIABLE)
+ file(TO_CMAKE_PATH "${PYTHON_SITEINC_OUTPUT_VARIABLE}" PYTHON_SITEINC)
+ endif ()
+endif (PYTHON_EXECUTABLE)
diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index 3faac8c..21850a5 100644
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -4,6 +4,11 @@ install(FILES
${MAN_INSTALL_DIR}/man1)
install(FILES
+ pam_matrix.8
+ DESTINATION
+ ${MAN_INSTALL_DIR}/man8)
+
+install(FILES
pam_get_items.8
DESTINATION
${MAN_INSTALL_DIR}/man8)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 80b19d3..713625b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -15,7 +15,7 @@ if (HAVE_OPENPAM)
list(APPEND PAM_WRAPPER_LIBRARIES pam)
endif (HAVE_OPENPAM)
-target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES})
+target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES} ${DLFCN_LIBRARY})
set_target_properties(
pam_wrapper
diff --git a/src/libpamtest.c b/src/libpamtest.c
index 6d6efc6..f99c2c7 100644
--- a/src/libpamtest.c
+++ b/src/libpamtest.c
@@ -191,6 +191,20 @@ static int add_to_reply(struct pam_response *reply, const char *str)
return PAM_SUCCESS;
}
+static void free_reply(struct pam_response *reply, int num_msg)
+{
+ int i;
+
+ if (reply == NULL) {
+ return;
+ }
+
+ for (i = 0; i < num_msg; i++) {
+ free(reply[i].resp);
+ }
+ free(reply);
+}
+
static int pamtest_simple_conv(int num_msg,
const struct pam_message **msgm,
struct pam_response **response,
@@ -226,7 +240,7 @@ static int pamtest_simple_conv(int num_msg,
if (prompt != NULL) {
ret = add_to_reply(&reply[ri], prompt);
if (ret != PAM_SUCCESS) {
- /* FIXME - free data? */
+ free_reply(reply, num_msg);
return ret;
}
} else {
@@ -241,6 +255,7 @@ static int pamtest_simple_conv(int num_msg,
prompt = (const char *) \
cctx->data->in_echo_on[cctx->echo_on_idx];
if (prompt == NULL) {
+ free_reply(reply, num_msg);
return PAM_CONV_ERR;
}
@@ -248,11 +263,9 @@ static int pamtest_simple_conv(int num_msg,
if (prompt != NULL) {
ret = add_to_reply(&reply[ri], prompt);
if (ret != PAM_SUCCESS) {
- /* FIXME - free data? */
+ free_reply(reply, num_msg);
return ret;
}
- } else {
- reply[ri].resp = NULL;
}
ri++;
}
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 662b8b1..9b27bc3 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -606,8 +606,12 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod
rc = 0;
out:
- close(srcfd);
- close(dstfd);
+ if (srcfd != -1) {
+ close(srcfd);
+ }
+ if (dstfd != -1) {
+ close(dstfd);
+ }
if (rc < 0) {
unlink(dst);
}
@@ -709,12 +713,18 @@ static void pwrap_clean_stale_dirs(const char *dir)
/* read the pidfile */
fd = open(pidfile, O_RDONLY);
if (fd < 0) {
+ PWRAP_LOG(PWRAP_LOG_ERROR,
+ "Failed to open pidfile %s - error: %s",
+ pidfile, strerror(errno));
return;
}
rc = read(fd, buf, sizeof(buf));
close(fd);
- if (rc <= 0) {
+ if (rc < 0) {
+ PWRAP_LOG(PWRAP_LOG_ERROR,
+ "Failed to read pidfile %s - error: %s",
+ pidfile, strerror(errno));
return;
}
@@ -722,6 +732,9 @@ static void pwrap_clean_stale_dirs(const char *dir)
tmp = strtol(buf, NULL, 10);
if (tmp == 0 || tmp > 0xFFFF || errno == ERANGE) {
+ PWRAP_LOG(PWRAP_LOG_ERROR,
+ "Failed to parse pid, buf=%s",
+ buf);
return;
}
@@ -729,6 +742,9 @@ static void pwrap_clean_stale_dirs(const char *dir)
rc = kill(pid, 0);
if (rc == -1) {
+ PWRAP_LOG(PWRAP_LOG_TRACE,
+ "Remove stale pam_wrapper dir: %s",
+ dir);
p_rmdirs(dir);
}
}
@@ -773,7 +789,8 @@ static void pwrap_init(void)
rc = lstat(tmp_config_dir, &sb);
if (rc == 0) {
PWRAP_LOG(PWRAP_LOG_TRACE,
- "Check pam_wrapper dir %s already exists",
+ "Check if pam_wrapper dir %s is a "
+ "stale directory",
tmp_config_dir);
pwrap_clean_stale_dirs(tmp_config_dir);
continue;
@@ -822,6 +839,7 @@ static void pwrap_init(void)
}
rc = fprintf(pidfile, "%d", getpid());
+ fclose(pidfile);
if (rc <= 0) {
p_rmdirs(pwrap.config_dir);
exit(1);
@@ -1497,6 +1515,18 @@ void pam_syslog(const pam_handle_t *pamh,
}
#endif
+/* This might be called by pam_end() running with sshd */
+int audit_open(void);
+int audit_open(void)
+{
+ /*
+ * Tell the application that the kernel doesn't
+ * have audit compiled in.
+ */
+ errno = EINVAL;
+ return -1;
+}
+
/****************************
* DESTRUCTOR
***************************/
@@ -1536,6 +1566,7 @@ static int p_rmdirs(const char *path)
len = strlen(path) + strlen(dp->d_name) + 2;
fname = malloc(len);
if (fname == NULL) {
+ closedir(d);
return -1;
}
snprintf(fname, len, "%s/%s", path, dp->d_name);
diff --git a/src/python/CMakeLists.txt b/src/python/CMakeLists.txt
index 75bd16f..108daae 100644
--- a/src/python/CMakeLists.txt
+++ b/src/python/CMakeLists.txt
@@ -4,11 +4,12 @@ include_directories(${CMAKE_BINARY_DIR})
include_directories(${pam_wrapper-headers_DIR})
include_directories(${PYTHON_INCLUDE_DIR})
-add_library(pypamtest MODULE pypamtest.c)
-target_link_libraries(pypamtest pamtest pam ${PYTHON_LIBRARY})
-
-set_target_properties(
- pypamtest
- PROPERTIES
- PREFIX "")
-
+python_add_module(pypamtest pypamtest.c)
+target_link_libraries(pypamtest pamtest)
+
+install(
+ TARGETS
+ pypamtest
+ DESTINATION
+ ${CMAKE_INSTALL_PREFIX}/${PYTHON_SITELIB}
+)
diff --git a/src/python/pypamtest.c b/src/python/pypamtest.c
index a773733..a1b3054 100644
--- a/src/python/pypamtest.c
+++ b/src/python/pypamtest.c
@@ -613,10 +613,6 @@ static PyObject *test_result_list_concat(PyObject *list,
delim_post);
#endif
Py_XDECREF(item);
- if (item == NULL) {
- PyMem_Free(res);
- return NULL;
- }
}
return res;
diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c
index c7837c9..c4093d7 100644
--- a/tests/test_pam_wrapper.c
+++ b/tests/test_pam_wrapper.c
@@ -91,6 +91,7 @@ static int pwrap_conv(int num_msg, const struct pam_message **msgm,
case PAM_PROMPT_ECHO_OFF:
password = (const char *) cdata->authtoks[cdata->authtok_index];
if (password == NULL) {
+ free(reply);
return PAM_CONV_ERR;
}
@@ -403,16 +404,18 @@ static void test_pam_env_functions(void **state)
static const char *string_in_list(char **list, const char *key)
{
- char key_eq[strlen(key)+1+1]; /* trailing NULL and '=' */
-
if (list == NULL || key == NULL) {
return NULL;
}
- snprintf(key_eq, sizeof(key_eq), "%s=", key);
- for (size_t i = 0; list[i] != NULL; i++) {
- if (strncmp(list[i], key_eq, sizeof(key_eq)-1) == 0) {
- return list[i] + sizeof(key_eq)-1;
+ if (strlen(key) > 0) {
+ char key_eq[strlen(key) + 1 + 1]; /* trailing = and '\0' */
+
+ snprintf(key_eq, sizeof(key_eq), "%s=", key);
+ for (size_t i = 0; list[i] != NULL; i++) {
+ if (strncmp(list[i], key_eq, sizeof(key_eq)-1) == 0) {
+ return list[i] + sizeof(key_eq)-1;
+ }
}
}
--
pam wrapper repository
More information about the samba-cvs
mailing list