The branch, master has been updated via 5d4184d pwrap: Wrap audit_open() to fix sshd via 262bced Coverity: Remove deadcode via 8eebf23 Coverity: Fix memory leak in libpamtest on error via 658b631 python: Remove dead code in test_result_list_concat() via 9b9eb66 tests: Fix a possible memory leak in pwrap_conv() via e97bd79 tests: Do not dreference key before NULL check in string_in_list() via 73f6fe7 cmake: Link pam_wrapper to libdl via 62f284e doc: Also install pam_matrix manpage via 95e65b2 cmake: Install pypamtest via f2ca116 cmake: Find the python executable and site libs via 0195f1e cmake: Add FindPythonSiteLibs.cmake via 60079f6 cmake: Use python_add_module function via 6ec9881 pwrap: Do not close negative fds in p_copy() via 30ccd17 pwrap: Fix a resource leak in p_rmdirs() via c0f5c53 pwrap: Add more debug messages if something goes wrong via 20a8d76 pwrap: Do not fail on EOL in pwrap_clean_stale_dirs() via 6349655 pwrap: Close the pidfile in pwrap_init() via 75d05c9 pwrap: Add log message for directory cleanup from 7267de3 py: Fix strict aliasing rules in initpypamtest()
https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 5d4184db3f8ef11997385c0ebf582b5bc5c7bef3 Author: Andreas Schneider <a...@samba.org> Date: Fri Dec 18 11:10:53 2015 +0100 pwrap: Wrap audit_open() to fix sshd Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 262bceddfcdc844aab550a6506f301c926ef30b6 Author: Jakub Hrozek <jakub.hro...@posteo.se> Date: Wed Dec 16 15:17:42 2015 +0100 Coverity: Remove deadcode Signed-off-by: Jakub Hrozek <jakub.hro...@posteo.se> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 8eebf23df143c8ce54af9db62439fca2103ecebb Author: Jakub Hrozek <jakub.hro...@posteo.se> Date: Wed Dec 16 15:20:48 2015 +0100 Coverity: Fix memory leak in libpamtest on error Signed-off-by: Jakub Hrozek <jakub.hro...@posteo.se> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 658b63134f3d3831541fa58f7932d48a0b954d2e Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:19:56 2015 +0100 python: Remove dead code in test_result_list_concat() There is a NULL check already above and the XDECREF does not set the object to NULL. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 9b9eb66df9510e099dabd490edd4457b821b2b4b Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:16:36 2015 +0100 tests: Fix a possible memory leak in pwrap_conv() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit e97bd79fda87794219602fef441e62c2d7ea9255 Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:13:59 2015 +0100 tests: Do not dreference key before NULL check in string_in_list() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 73f6fe75383130089bc663d1ae013c03e42840d9 Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:02:43 2015 +0100 cmake: Link pam_wrapper to libdl Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 62f284e9ec40089c8c25cfb35c61a43bb519d293 Author: Jakub Hrozek <jakub.hro...@posteo.se> Date: Wed Dec 16 13:40:13 2015 +0100 doc: Also install pam_matrix manpage Signed-off-by: Jakub Hrozek <jakub.hro...@posteo.se> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 95e65b2e6b1db88d9680ee0b43a9884846fb71f7 Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 10:48:14 2015 +0100 cmake: Install pypamtest Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit f2ca1160fa339c03a65c5affb4c321105e352437 Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 10:36:22 2015 +0100 cmake: Find the python executable and site libs This is needed to find the PYTHON_SITELIB directory for module installation. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 0195f1ed67cae8643f992fc3e29f2336566995fd Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 10:29:29 2015 +0100 cmake: Add FindPythonSiteLibs.cmake This adds support do discover PYTHON_SITELIB location. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 60079f686ecee2ce13be5ef0f95f3c77becae9af Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 10:16:32 2015 +0100 cmake: Use python_add_module function Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 6ec9881fb124db4a638ba7b759428822325b790c Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:24:13 2015 +0100 pwrap: Do not close negative fds in p_copy() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 30ccd171c97458d80d64a7f20a6f0ebf50297828 Author: Andreas Schneider <a...@samba.org> Date: Wed Dec 16 15:22:09 2015 +0100 pwrap: Fix a resource leak in p_rmdirs() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit c0f5c530b915451dc10881f486e0f98ca526db5d Author: Andreas Schneider <a...@samba.org> Date: Fri Dec 18 10:50:47 2015 +0100 pwrap: Add more debug messages if something goes wrong Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 20a8d7658f96c0bf11923ed786dc00a3ee0d3a63 Author: Andreas Schneider <a...@samba.org> Date: Fri Dec 18 10:50:29 2015 +0100 pwrap: Do not fail on EOL in pwrap_clean_stale_dirs() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 6349655cee54bb2f47748b21637e0ba9c45565ca Author: Andreas Schneider <a...@samba.org> Date: Fri Dec 18 10:49:00 2015 +0100 pwrap: Close the pidfile in pwrap_init() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 75d05c9fbccdb1ac84913d03c4716a44392abfb0 Author: Andreas Schneider <a...@samba.org> Date: Fri Dec 18 10:26:14 2015 +0100 pwrap: Add log message for directory cleanup Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: CMakeLists.txt | 3 ++ cmake/Modules/FindPythonSiteLibs.cmake | 56 ++++++++++++++++++++++++++++++++++ doc/CMakeLists.txt | 5 +++ src/CMakeLists.txt | 2 +- src/libpamtest.c | 21 ++++++++++--- src/pam_wrapper.c | 39 ++++++++++++++++++++--- src/python/CMakeLists.txt | 17 ++++++----- src/python/pypamtest.c | 4 --- tests/test_pam_wrapper.c | 15 +++++---- 9 files changed, 135 insertions(+), 27 deletions(-) create mode 100644 cmake/Modules/FindPythonSiteLibs.cmake Changeset truncated at 500 lines: diff --git a/CMakeLists.txt b/CMakeLists.txt index 4743c6b..8709a14 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -45,8 +45,11 @@ macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source buil # Find out if we have threading available set(CMAKE_THREAD_PREFER_PTHREADS ON) find_package(Threads) + +find_package(PythonInterp) set(Python_ADDITIONAL_VERSIONS 2.6 2.7 3.3 3.4) find_package(PythonLibs) +find_package(PythonSiteLibs) # config.h checks include(ConfigureChecks.cmake) diff --git a/cmake/Modules/FindPythonSiteLibs.cmake b/cmake/Modules/FindPythonSiteLibs.cmake new file mode 100644 index 0000000..ab2931e --- /dev/null +++ b/cmake/Modules/FindPythonSiteLibs.cmake @@ -0,0 +1,56 @@ +#.rst: +# FindPythonSiteLibs +# -------------- +# +# Find the location of python site libraries +# +# :: +# +# PYTHON_SITELIB = path to the sitelib install directory +# PYTHON_SITEINC = path to the siteinc install directory +# +# Note that these variable do not have a prefix set. So you should for example +# prepend the CMAKE_INSTALL_PREFIX. + +#============================================================================= +# Copyright 2015 Andreas Schneider <a...@cryptomilk.org> +# +# Distributed under the OSI-approved BSD License (the "License"); +# see accompanying file Copyright.txt for details. +# +# This software is distributed WITHOUT ANY WARRANTY; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the License for more information. +#============================================================================= +# (To distribute this file outside of CMake, substitute the full +# License text for the above reference.) + +if (PYTHON_EXECUTABLE) + ### PYTHON_SITELIB + execute_process( + COMMAND + ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(plat_specific=True, prefix=''))" + OUTPUT_VARIABLE + PYTHON_SITELIB_OUTPUT_VARIABLE + RESULT_VARIABLE + PYTHON_SITELIB_RESULT_VARIABLE + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + if (NOT PYTHON_SITELIB_RESULT_VARIABLE) + file(TO_CMAKE_PATH "${PYTHON_SITELIB_OUTPUT_VARIABLE}" PYTHON_SITELIB) + endif () + + ### PYTHON_SITEINC + execute_process( + COMMAND + ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_inc; print(get_python_inc(plat_specific=True, prefix=''))" + OUTPUT_VARIABLE + PYTHON_SITEINC_OUTPUT_VARIABLE + RESULT_VARIABLE + PYTHON_SITEINC_RESULT_VARIABLE + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + if (NOT PYTHON_SITEINC_RESULT_VARIABLE) + file(TO_CMAKE_PATH "${PYTHON_SITEINC_OUTPUT_VARIABLE}" PYTHON_SITEINC) + endif () +endif (PYTHON_EXECUTABLE) diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index 3faac8c..21850a5 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -4,6 +4,11 @@ install(FILES ${MAN_INSTALL_DIR}/man1) install(FILES + pam_matrix.8 + DESTINATION + ${MAN_INSTALL_DIR}/man8) + +install(FILES pam_get_items.8 DESTINATION ${MAN_INSTALL_DIR}/man8) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 80b19d3..713625b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -15,7 +15,7 @@ if (HAVE_OPENPAM) list(APPEND PAM_WRAPPER_LIBRARIES pam) endif (HAVE_OPENPAM) -target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES}) +target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES} ${DLFCN_LIBRARY}) set_target_properties( pam_wrapper diff --git a/src/libpamtest.c b/src/libpamtest.c index 6d6efc6..f99c2c7 100644 --- a/src/libpamtest.c +++ b/src/libpamtest.c @@ -191,6 +191,20 @@ static int add_to_reply(struct pam_response *reply, const char *str) return PAM_SUCCESS; } +static void free_reply(struct pam_response *reply, int num_msg) +{ + int i; + + if (reply == NULL) { + return; + } + + for (i = 0; i < num_msg; i++) { + free(reply[i].resp); + } + free(reply); +} + static int pamtest_simple_conv(int num_msg, const struct pam_message **msgm, struct pam_response **response, @@ -226,7 +240,7 @@ static int pamtest_simple_conv(int num_msg, if (prompt != NULL) { ret = add_to_reply(&reply[ri], prompt); if (ret != PAM_SUCCESS) { - /* FIXME - free data? */ + free_reply(reply, num_msg); return ret; } } else { @@ -241,6 +255,7 @@ static int pamtest_simple_conv(int num_msg, prompt = (const char *) \ cctx->data->in_echo_on[cctx->echo_on_idx]; if (prompt == NULL) { + free_reply(reply, num_msg); return PAM_CONV_ERR; } @@ -248,11 +263,9 @@ static int pamtest_simple_conv(int num_msg, if (prompt != NULL) { ret = add_to_reply(&reply[ri], prompt); if (ret != PAM_SUCCESS) { - /* FIXME - free data? */ + free_reply(reply, num_msg); return ret; } - } else { - reply[ri].resp = NULL; } ri++; } diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 662b8b1..9b27bc3 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -606,8 +606,12 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod rc = 0; out: - close(srcfd); - close(dstfd); + if (srcfd != -1) { + close(srcfd); + } + if (dstfd != -1) { + close(dstfd); + } if (rc < 0) { unlink(dst); } @@ -709,12 +713,18 @@ static void pwrap_clean_stale_dirs(const char *dir) /* read the pidfile */ fd = open(pidfile, O_RDONLY); if (fd < 0) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to open pidfile %s - error: %s", + pidfile, strerror(errno)); return; } rc = read(fd, buf, sizeof(buf)); close(fd); - if (rc <= 0) { + if (rc < 0) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to read pidfile %s - error: %s", + pidfile, strerror(errno)); return; } @@ -722,6 +732,9 @@ static void pwrap_clean_stale_dirs(const char *dir) tmp = strtol(buf, NULL, 10); if (tmp == 0 || tmp > 0xFFFF || errno == ERANGE) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to parse pid, buf=%s", + buf); return; } @@ -729,6 +742,9 @@ static void pwrap_clean_stale_dirs(const char *dir) rc = kill(pid, 0); if (rc == -1) { + PWRAP_LOG(PWRAP_LOG_TRACE, + "Remove stale pam_wrapper dir: %s", + dir); p_rmdirs(dir); } } @@ -773,7 +789,8 @@ static void pwrap_init(void) rc = lstat(tmp_config_dir, &sb); if (rc == 0) { PWRAP_LOG(PWRAP_LOG_TRACE, - "Check pam_wrapper dir %s already exists", + "Check if pam_wrapper dir %s is a " + "stale directory", tmp_config_dir); pwrap_clean_stale_dirs(tmp_config_dir); continue; @@ -822,6 +839,7 @@ static void pwrap_init(void) } rc = fprintf(pidfile, "%d", getpid()); + fclose(pidfile); if (rc <= 0) { p_rmdirs(pwrap.config_dir); exit(1); @@ -1497,6 +1515,18 @@ void pam_syslog(const pam_handle_t *pamh, } #endif +/* This might be called by pam_end() running with sshd */ +int audit_open(void); +int audit_open(void) +{ + /* + * Tell the application that the kernel doesn't + * have audit compiled in. + */ + errno = EINVAL; + return -1; +} + /**************************** * DESTRUCTOR ***************************/ @@ -1536,6 +1566,7 @@ static int p_rmdirs(const char *path) len = strlen(path) + strlen(dp->d_name) + 2; fname = malloc(len); if (fname == NULL) { + closedir(d); return -1; } snprintf(fname, len, "%s/%s", path, dp->d_name); diff --git a/src/python/CMakeLists.txt b/src/python/CMakeLists.txt index 75bd16f..108daae 100644 --- a/src/python/CMakeLists.txt +++ b/src/python/CMakeLists.txt @@ -4,11 +4,12 @@ include_directories(${CMAKE_BINARY_DIR}) include_directories(${pam_wrapper-headers_DIR}) include_directories(${PYTHON_INCLUDE_DIR}) -add_library(pypamtest MODULE pypamtest.c) -target_link_libraries(pypamtest pamtest pam ${PYTHON_LIBRARY}) - -set_target_properties( - pypamtest - PROPERTIES - PREFIX "") - +python_add_module(pypamtest pypamtest.c) +target_link_libraries(pypamtest pamtest) + +install( + TARGETS + pypamtest + DESTINATION + ${CMAKE_INSTALL_PREFIX}/${PYTHON_SITELIB} +) diff --git a/src/python/pypamtest.c b/src/python/pypamtest.c index a773733..a1b3054 100644 --- a/src/python/pypamtest.c +++ b/src/python/pypamtest.c @@ -613,10 +613,6 @@ static PyObject *test_result_list_concat(PyObject *list, delim_post); #endif Py_XDECREF(item); - if (item == NULL) { - PyMem_Free(res); - return NULL; - } } return res; diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c index c7837c9..c4093d7 100644 --- a/tests/test_pam_wrapper.c +++ b/tests/test_pam_wrapper.c @@ -91,6 +91,7 @@ static int pwrap_conv(int num_msg, const struct pam_message **msgm, case PAM_PROMPT_ECHO_OFF: password = (const char *) cdata->authtoks[cdata->authtok_index]; if (password == NULL) { + free(reply); return PAM_CONV_ERR; } @@ -403,16 +404,18 @@ static void test_pam_env_functions(void **state) static const char *string_in_list(char **list, const char *key) { - char key_eq[strlen(key)+1+1]; /* trailing NULL and '=' */ - if (list == NULL || key == NULL) { return NULL; } - snprintf(key_eq, sizeof(key_eq), "%s=", key); - for (size_t i = 0; list[i] != NULL; i++) { - if (strncmp(list[i], key_eq, sizeof(key_eq)-1) == 0) { - return list[i] + sizeof(key_eq)-1; + if (strlen(key) > 0) { + char key_eq[strlen(key) + 1 + 1]; /* trailing = and '\0' */ + + snprintf(key_eq, sizeof(key_eq), "%s=", key); + for (size_t i = 0; list[i] != NULL; i++) { + if (strncmp(list[i], key_eq, sizeof(key_eq)-1) == 0) { + return list[i] + sizeof(key_eq)-1; + } } } -- pam wrapper repository