[SCM] pam wrapper repository - branch master updated

Andreas Schneider asn at samba.org
Fri Nov 10 14:31:09 UTC 2023 

The branch, master has been updated
       via  164d598 tests: Define PATH_MAX for Hurd.
       via  9023c89 doc/pam_matrix.8: Fix typo 'allows to'.
       via  7bd24b0 die quickly upon mkdir failure
      from  b223df9 Bump version to 1.1.5

https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 164d598f34da901cb9eb4fd164475ed38715341a
Author: Simon Josefsson <simon at josefsson.org>
Date:   Tue Aug 22 08:53:30 2023 +0200

    tests: Define PATH_MAX for Hurd.
    
    Signed-off-by: Simon Josefsson <simon at josefsson.org>
    Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
    Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>

commit 9023c89459d3ad1fe28d211a0da6b69e6f3f7d64
Author: Simon Josefsson <simon at josefsson.org>
Date:   Fri Aug 18 11:25:54 2023 +0200

    doc/pam_matrix.8: Fix typo 'allows to'.
    
    Signed-off-by: Simon Josefsson <simon at josefsson.org>
    Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
    Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>

commit 7bd24b0e54995da5f333575f97c9f1fa796fe0f1
Author: Jan Kundrát <jan.kundrat at cesnet.cz>
Date:   Mon Nov 6 18:34:58 2023 +0100

    die quickly upon mkdir failure
    
    We just had this failure in our CI system that's currently running just
    three PAM-wrapped tests in parallel. Since this is a classic TOCTOU race
    (albeit in a test code, and therefore with little to no security
    implications), the `mkdir` can fail, and when that happens it's much
    better to just die quickly rather than continuing as if nothing
    happened.
    
    Signed-off-by: Jan Kundrát <jan.kundrat at cesnet.cz>
    Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Andreas Schneider <asn at cryptomilk.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/pam_matrix.8         | 2 +-
 doc/pam_matrix.8.txt     | 2 +-
 src/modules/pam_matrix.c | 4 ++++
 src/pam_wrapper.c        | 2 ++
 4 files changed, 8 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/doc/pam_matrix.8 b/doc/pam_matrix.8
index 80d5190..23ba1fa 100644
--- a/doc/pam_matrix.8
+++ b/doc/pam_matrix.8
@@ -34,7 +34,7 @@ pam_matrix \- A PAM test module to retrieve module\-specific PAM items
 pam_matrix\&.so [\&...]
 .SH "DESCRIPTION"
 .sp
-Testing PAM application often requires to set up an authentication backend with as little effort as possible\&. The \fBpam_matrix\fR module allows to authenticate against a key\-value text file, provided by an option or with an environment variable\&.
+Testing PAM application often requires to set up an authentication backend with as little effort as possible\&. The \fBpam_matrix\fR module allows one to authenticate against a key\-value text file, provided by an option or with an environment variable\&.
 .SH "IMPORTANT"
 .sp
 pam_matrix is a \fBtest tool\fR\&. It should be considered completely insecure and never used outside test environments! As you\(cqll see when reading description of the options and actions, many of them don\(cqt make any sense in the real world and were added just to make tests possible\&.
diff --git a/doc/pam_matrix.8.txt b/doc/pam_matrix.8.txt
index fb54f05..b15b11a 100644
--- a/doc/pam_matrix.8.txt
+++ b/doc/pam_matrix.8.txt
@@ -14,7 +14,7 @@ pam_matrix.so [...]
 DESCRIPTION
 -----------
 Testing PAM application often requires to set up an authentication backend with
-as little effort as possible. The *pam_matrix* module allows to authenticate
+as little effort as possible. The *pam_matrix* module allows one to authenticate
 against a key-value text file, provided by an option or with an environment
 variable.
 
diff --git a/src/modules/pam_matrix.c b/src/modules/pam_matrix.c
index 6fb6a2f..cc6fbf3 100644
--- a/src/modules/pam_matrix.c
+++ b/src/modules/pam_matrix.c
@@ -33,6 +33,10 @@
 #include <time.h>
 #include <stdint.h>
 
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
 #ifndef discard_const
 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
 #endif
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index da2c738..66673f0 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -893,6 +893,7 @@ static void pwrap_init(void)
 		PWRAP_LOG(PWRAP_LOG_ERROR,
 			  "Failed to create pam_wrapper config dir: %s - %s",
 			  tmp_config_dir, strerror(errno));
+		exit(1);
 	}
 
 	/* Create file with the PID of the the process */
@@ -1121,6 +1122,7 @@ static void pwrap_init(void)
 		PWRAP_LOG(PWRAP_LOG_ERROR,
 			  "Failed to create pam_wrapper config dir: %s - %s",
 			  tmp_config_dir, strerror(errno));
+		exit(1);
 	}
 
 	/* Create file with the PID of the the process */


-- 
pam wrapper repository

More information about the samba-cvs mailing list