[SCM] pam wrapper repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Mar 20 14:01:54 UTC 2020
The branch, master has been updated
via d247d7a Bump version to 1.1.0
via 2d4494e Rename ChangeLog file
via 779c61c gitingore: Ignore compile database
via 3fdd6ad tests: Fix pypamtest_test.py on BSD
via 70f44f4 pwrap: Set up a pthread_atfork() handler to not delete or config directory
via 84e0bd0 pwrap: Move the constructor to the end of the source file
via 85feb50 pwrap: Set initialised to false in the destructor
from ead5fb5 doc: Add generated pam_chatty.8 man page
https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d247d7a08640a5f228e3681051fb7fb08dddc613
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 19 13:09:49 2020 +0100
Bump version to 1.1.0
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2d4494e576034e2fe55099a1560a83b3f37f9b69
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 19 13:04:32 2020 +0100
Rename ChangeLog file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 779c61cd2ff149204586d3ace1f963e18739310c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 20 09:34:22 2020 +0100
gitingore: Ignore compile database
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3fdd6ad7fe83be27064a000bc6061b937cb39baa
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 20 12:22:30 2020 +0100
tests: Fix pypamtest_test.py on BSD
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 70f44f4b1f46ae51e63dc7607a67e74f35f7d756
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 20 12:06:58 2020 +0100
pwrap: Set up a pthread_atfork() handler to not delete or config directory
Python3 has some strange behavior. It forks a child which then exits.
This child calls the destructor which deletes our /tmp/pam.X directory.
As we later try to bind the symbol the directory is gone and we detected
and error which results in exit(-1).
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 84e0bd0530c3197d1aba37beb918f3815fa891ca
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 20 11:57:26 2020 +0100
pwrap: Move the constructor to the end of the source file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 85feb50228ddf97a1f2b1bc7941af63512a2d416
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 20 11:52:25 2020 +0100
pwrap: Set initialised to false in the destructor
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
ChangeLog => CHANGELOG | 6 +++++
CMakeLists.txt | 26 ++++++++++++--------
src/pam_wrapper.c | 64 +++++++++++++++++++++++++++++++++++++++----------
tests/pypamtest_test.py | 8 ++++++-
5 files changed, 81 insertions(+), 24 deletions(-)
rename ChangeLog => CHANGELOG (86%)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 0baa4fa..751772d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ cscope.*
tags
/build
/obj*
+compile_commands.json
diff --git a/ChangeLog b/CHANGELOG
similarity index 86%
rename from ChangeLog
rename to CHANGELOG
index f0a2c21..ac94d0f 100644
--- a/ChangeLog
+++ b/CHANGELOG
@@ -1,6 +1,12 @@
ChangeLog
==========
+version 1.1.0 (released 2020-03-20)
+ * Added support for pam_start_confdir()
+ * Added pam_chatty module
+ * Added gitlab CI support
+ * Fixed crash when a PAM module outputs too much data
+
version 1.0.7 (released 2018-09-26)
* Added support for running with AddressSanitizer
* Added logging for pam_set_items module
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 94d7146..216699f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,23 +11,29 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(pam_wrapper VERSION 1.0.7 LANGUAGES C)
+project(pam_wrapper VERSION 1.1.0 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
-# SOVERSION scheme: CURRENT.AGE.REVISION
+# SOVERSION scheme: MAJOR.MINOR.PATCH
# If there was an incompatible interface change:
-# Increment CURRENT. Set AGE and REVISION to 0
+# Increment MAJOR. Set MINOR and PATCH to 0
# If there was a compatible interface change:
-# Increment AGE. Set REVISION to 0
+# Increment MINOR. Set PATCH to 0
# If the source code was changed, but there were no interface changes:
-# Increment REVISION.
-set(LIBRARY_VERSION "0.0.4")
-set(LIBRARY_SOVERSION "0")
-
-set(PAMTEST_LIBRARY_VERSION "0.0.4")
-set(PAMTEST_LIBRARY_SOVERSION "0")
+# Increment PATCH.
+set(LIBRARY_VERSION_MAJOR 0)
+set(LIBRARY_VERSION_MINOR 0)
+set(LIBRARY_VERSION_PATCH 5)
+set(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
+set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR})
+
+set(PAMTEST_LIBRARY_VERSION_MAJOR 0)
+set(PAMTEST_LIBRARY_VERSION_MINOR 0)
+set(PAMTEST_LIBRARY_VERSION_PATCH 5)
+set(PAMTEST_LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
+set(PAMTEST_LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR})
# add definitions
include(DefinePlatformDefaults)
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 2a3a1d8..a02523b 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -36,6 +36,8 @@
#include <limits.h>
#include <ctype.h>
+#include <pthread.h>
+
#include <ftw.h>
#ifdef HAVE_SECURITY_PAM_APPL_H
@@ -1165,19 +1167,6 @@ bool pam_wrapper_enabled(void)
return pwrap.enabled;
}
-/****************************
- * CONSTRUCTOR
- ***************************/
-void pwrap_constructor(void)
-{
- /*
- * Here is safe place to call pwrap_init() and initialize data
- * for main process.
- */
- pwrap_init();
-}
-
-
#ifdef HAVE_OPENPAM
static int pwrap_openpam_start(const char *service_name,
const char *user,
@@ -1233,6 +1222,8 @@ static int pwrap_pam_start(const char *service_name,
const struct pam_conv *pam_conversation,
pam_handle_t **pamh)
{
+ pwrap_init();
+
PWRAP_LOG(PWRAP_LOG_TRACE,
"pam_start service=%s, user=%s",
service_name,
@@ -1778,6 +1769,52 @@ int cannot_audit(int x)
return 1;
}
+/****************************
+ * CONSTRUCTOR
+ ***************************/
+
+/*
+ * Handler executed before fork(2) processing starts.
+ */
+static void pwrap_thread_prepare(void)
+{
+}
+
+/*
+ * Handler that is executed in the parent process after fork(2) processing
+ * completes.
+ */
+static void pwrap_thread_parent(void)
+{
+}
+
+/*
+ * Handler that is executed in the child process after fork(2) processing
+ * completes.
+ */
+static void pwrap_thread_child(void)
+{
+ pwrap.initialised = false;
+}
+
+void pwrap_constructor(void)
+{
+ /*
+ * If we hold a lock and the application forks, then the child
+ * is not able to unlock the mutex and we are in a deadlock.
+ * This should prevent such deadlocks.
+ */
+ pthread_atfork(&pwrap_thread_prepare,
+ &pwrap_thread_parent,
+ &pwrap_thread_child);
+
+ /*
+ * Here is safe place to call pwrap_init() and initialize data
+ * for main process.
+ */
+ pwrap_init();
+}
+
/****************************
* DESTRUCTOR
***************************/
@@ -1873,6 +1910,7 @@ void pwrap_destructor(void)
if (!pwrap.initialised) {
return;
}
+ pwrap.initialised = false;
PWRAP_LOG(PWRAP_LOG_TRACE,
"destructor called for pam_wrapper dir %s",
diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py
index c4534bb..8461735 100755
--- a/tests/pypamtest_test.py
+++ b/tests/pypamtest_test.py
@@ -4,6 +4,7 @@ import unittest
import os
import sys
import os.path
+import platform
class PyPamTestCase(unittest.TestCase):
def assertPamTestResultEqual(self, test_result, err_list, info_list):
@@ -117,7 +118,12 @@ class PyPamTestRunTest(unittest.TestCase):
def test_run_failed_auth(self):
neo_password = "not-the-secret"
- tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=7) # PAM_AUTH_ERR
+ rv = 7 # PAM_AUTH_ERR
+
+ # On SRV4 the PAM_AUTH_ERR is 9
+ if ("BSD" in platform.system()):
+ rv = 9
+ tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=rv)
res = pypamtest.run_pamtest("neo", "matrix_py", [tc], [ neo_password ])
def test_run_chatty_auth(self):
--
pam wrapper repository
More information about the samba-cvs
mailing list