The branch, master has been updated via d247d7a Bump version to 1.1.0 via 2d4494e Rename ChangeLog file via 779c61c gitingore: Ignore compile database via 3fdd6ad tests: Fix pypamtest_test.py on BSD via 70f44f4 pwrap: Set up a pthread_atfork() handler to not delete or config directory via 84e0bd0 pwrap: Move the constructor to the end of the source file via 85feb50 pwrap: Set initialised to false in the destructor from ead5fb5 doc: Add generated pam_chatty.8 man page
https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d247d7a08640a5f228e3681051fb7fb08dddc613 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 19 13:09:49 2020 +0100 Bump version to 1.1.0 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 2d4494e576034e2fe55099a1560a83b3f37f9b69 Author: Andreas Schneider <a...@samba.org> Date: Thu Mar 19 13:04:32 2020 +0100 Rename ChangeLog file Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 779c61cd2ff149204586d3ace1f963e18739310c Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 20 09:34:22 2020 +0100 gitingore: Ignore compile database Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 3fdd6ad7fe83be27064a000bc6061b937cb39baa Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 20 12:22:30 2020 +0100 tests: Fix pypamtest_test.py on BSD Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 70f44f4b1f46ae51e63dc7607a67e74f35f7d756 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 20 12:06:58 2020 +0100 pwrap: Set up a pthread_atfork() handler to not delete or config directory Python3 has some strange behavior. It forks a child which then exits. This child calls the destructor which deletes our /tmp/pam.X directory. As we later try to bind the symbol the directory is gone and we detected and error which results in exit(-1). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 84e0bd0530c3197d1aba37beb918f3815fa891ca Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 20 11:57:26 2020 +0100 pwrap: Move the constructor to the end of the source file Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 85feb50228ddf97a1f2b1bc7941af63512a2d416 Author: Andreas Schneider <a...@samba.org> Date: Fri Mar 20 11:52:25 2020 +0100 pwrap: Set initialised to false in the destructor Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + ChangeLog => CHANGELOG | 6 +++++ CMakeLists.txt | 26 ++++++++++++-------- src/pam_wrapper.c | 64 +++++++++++++++++++++++++++++++++++++++---------- tests/pypamtest_test.py | 8 ++++++- 5 files changed, 81 insertions(+), 24 deletions(-) rename ChangeLog => CHANGELOG (86%) Changeset truncated at 500 lines: diff --git a/.gitignore b/.gitignore index 0baa4fa..751772d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ cscope.* tags /build /obj* +compile_commands.json diff --git a/ChangeLog b/CHANGELOG similarity index 86% rename from ChangeLog rename to CHANGELOG index f0a2c21..ac94d0f 100644 --- a/ChangeLog +++ b/CHANGELOG @@ -1,6 +1,12 @@ ChangeLog ========== +version 1.1.0 (released 2020-03-20) + * Added support for pam_start_confdir() + * Added pam_chatty module + * Added gitlab CI support + * Fixed crash when a PAM module outputs too much data + version 1.0.7 (released 2018-09-26) * Added support for running with AddressSanitizer * Added logging for pam_set_items module diff --git a/CMakeLists.txt b/CMakeLists.txt index 94d7146..216699f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -11,23 +11,29 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules") include(DefineCMakeDefaults) include(DefineCompilerFlags) -project(pam_wrapper VERSION 1.0.7 LANGUAGES C) +project(pam_wrapper VERSION 1.1.0 LANGUAGES C) # global needed variables set(APPLICATION_NAME ${PROJECT_NAME}) -# SOVERSION scheme: CURRENT.AGE.REVISION +# SOVERSION scheme: MAJOR.MINOR.PATCH # If there was an incompatible interface change: -# Increment CURRENT. Set AGE and REVISION to 0 +# Increment MAJOR. Set MINOR and PATCH to 0 # If there was a compatible interface change: -# Increment AGE. Set REVISION to 0 +# Increment MINOR. Set PATCH to 0 # If the source code was changed, but there were no interface changes: -# Increment REVISION. -set(LIBRARY_VERSION "0.0.4") -set(LIBRARY_SOVERSION "0") - -set(PAMTEST_LIBRARY_VERSION "0.0.4") -set(PAMTEST_LIBRARY_SOVERSION "0") +# Increment PATCH. +set(LIBRARY_VERSION_MAJOR 0) +set(LIBRARY_VERSION_MINOR 0) +set(LIBRARY_VERSION_PATCH 5) +set(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") +set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR}) + +set(PAMTEST_LIBRARY_VERSION_MAJOR 0) +set(PAMTEST_LIBRARY_VERSION_MINOR 0) +set(PAMTEST_LIBRARY_VERSION_PATCH 5) +set(PAMTEST_LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") +set(PAMTEST_LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR}) # add definitions include(DefinePlatformDefaults) diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 2a3a1d8..a02523b 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -36,6 +36,8 @@ #include <limits.h> #include <ctype.h> +#include <pthread.h> + #include <ftw.h> #ifdef HAVE_SECURITY_PAM_APPL_H @@ -1165,19 +1167,6 @@ bool pam_wrapper_enabled(void) return pwrap.enabled; } -/**************************** - * CONSTRUCTOR - ***************************/ -void pwrap_constructor(void) -{ - /* - * Here is safe place to call pwrap_init() and initialize data - * for main process. - */ - pwrap_init(); -} - - #ifdef HAVE_OPENPAM static int pwrap_openpam_start(const char *service_name, const char *user, @@ -1233,6 +1222,8 @@ static int pwrap_pam_start(const char *service_name, const struct pam_conv *pam_conversation, pam_handle_t **pamh) { + pwrap_init(); + PWRAP_LOG(PWRAP_LOG_TRACE, "pam_start service=%s, user=%s", service_name, @@ -1778,6 +1769,52 @@ int cannot_audit(int x) return 1; } +/**************************** + * CONSTRUCTOR + ***************************/ + +/* + * Handler executed before fork(2) processing starts. + */ +static void pwrap_thread_prepare(void) +{ +} + +/* + * Handler that is executed in the parent process after fork(2) processing + * completes. + */ +static void pwrap_thread_parent(void) +{ +} + +/* + * Handler that is executed in the child process after fork(2) processing + * completes. + */ +static void pwrap_thread_child(void) +{ + pwrap.initialised = false; +} + +void pwrap_constructor(void) +{ + /* + * If we hold a lock and the application forks, then the child + * is not able to unlock the mutex and we are in a deadlock. + * This should prevent such deadlocks. + */ + pthread_atfork(&pwrap_thread_prepare, + &pwrap_thread_parent, + &pwrap_thread_child); + + /* + * Here is safe place to call pwrap_init() and initialize data + * for main process. + */ + pwrap_init(); +} + /**************************** * DESTRUCTOR ***************************/ @@ -1873,6 +1910,7 @@ void pwrap_destructor(void) if (!pwrap.initialised) { return; } + pwrap.initialised = false; PWRAP_LOG(PWRAP_LOG_TRACE, "destructor called for pam_wrapper dir %s", diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py index c4534bb..8461735 100755 --- a/tests/pypamtest_test.py +++ b/tests/pypamtest_test.py @@ -4,6 +4,7 @@ import unittest import os import sys import os.path +import platform class PyPamTestCase(unittest.TestCase): def assertPamTestResultEqual(self, test_result, err_list, info_list): @@ -117,7 +118,12 @@ class PyPamTestRunTest(unittest.TestCase): def test_run_failed_auth(self): neo_password = "not-the-secret" - tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=7) # PAM_AUTH_ERR + rv = 7 # PAM_AUTH_ERR + + # On SRV4 the PAM_AUTH_ERR is 9 + if ("BSD" in platform.system()): + rv = 9 + tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=rv) res = pypamtest.run_pamtest("neo", "matrix_py", [tc], [ neo_password ]) def test_run_chatty_auth(self): -- pam wrapper repository