aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2012-05-26 14:23:18 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2012-05-26 14:23:18 +0000
commit55b76c4090c6a27c9bc8126a6fcfb7572e59041c (patch)
tree64307889a4ba20119258d81c0ac0b3060d7a10f0
parent9b171ba819bc3eef8f0063725b3b8aada84613e0 (diff)
downloadsrc-55b76c4090c6a27c9bc8126a6fcfb7572e59041c.tar.gz
src-55b76c4090c6a27c9bc8126a6fcfb7572e59041c.zip
Vendor import of OpenPAM Micrampelis.
Notes
Notes: svn path=/vendor/openpam/dist/; revision=236099
-rw-r--r--CREDITS11
-rw-r--r--HISTORY58
-rw-r--r--LICENSE4
-rw-r--r--Makefile.am4
-rw-r--r--Makefile.in14
-rw-r--r--RELNOTES9
-rw-r--r--TODO13
-rw-r--r--aclocal.m4272
-rw-r--r--bin/Makefile.am4
-rw-r--r--bin/Makefile.in6
-rw-r--r--bin/openpam_dump_policy/Makefile.am7
-rw-r--r--bin/openpam_dump_policy/Makefile.in474
-rw-r--r--bin/openpam_dump_policy/openpam_dump_policy.c202
-rw-r--r--bin/pamtest/pamtest.120
-rw-r--r--bin/pamtest/pamtest.c19
-rw-r--r--bin/su/su.111
-rw-r--r--config.h.in6
-rwxr-xr-xconfigure197
-rw-r--r--configure.ac19
-rw-r--r--doc/man/Makefile.am15
-rw-r--r--doc/man/Makefile.in15
-rw-r--r--doc/man/openpam.325
-rw-r--r--doc/man/openpam_borrow_cred.316
-rw-r--r--doc/man/openpam_free_data.314
-rw-r--r--doc/man/openpam_free_envlist.315
-rw-r--r--doc/man/openpam_get_feature.3105
-rw-r--r--doc/man/openpam_get_option.316
-rw-r--r--doc/man/openpam_log.317
-rw-r--r--doc/man/openpam_nullconv.316
-rw-r--r--doc/man/openpam_readline.336
-rw-r--r--doc/man/openpam_readlinev.3159
-rw-r--r--doc/man/openpam_readword.3152
-rw-r--r--doc/man/openpam_restore_cred.316
-rw-r--r--doc/man/openpam_set_feature.387
-rw-r--r--doc/man/openpam_set_option.316
-rw-r--r--doc/man/openpam_straddch.3122
-rw-r--r--doc/man/openpam_subst.322
-rw-r--r--doc/man/openpam_ttyconv.318
-rw-r--r--doc/man/pam.35
-rw-r--r--doc/man/pam.conf.510
-rw-r--r--doc/man/pam_acct_mgmt.316
-rw-r--r--doc/man/pam_authenticate.318
-rw-r--r--doc/man/pam_chauthtok.316
-rw-r--r--doc/man/pam_close_session.316
-rw-r--r--doc/man/pam_conv.37
-rw-r--r--doc/man/pam_end.317
-rw-r--r--doc/man/pam_error.316
-rw-r--r--doc/man/pam_get_authtok.322
-rw-r--r--doc/man/pam_get_data.316
-rw-r--r--doc/man/pam_get_item.316
-rw-r--r--doc/man/pam_get_user.318
-rw-r--r--doc/man/pam_getenv.314
-rw-r--r--doc/man/pam_getenvlist.314
-rw-r--r--doc/man/pam_info.316
-rw-r--r--doc/man/pam_open_session.316
-rw-r--r--doc/man/pam_prompt.316
-rw-r--r--doc/man/pam_putenv.316
-rw-r--r--doc/man/pam_set_data.314
-rw-r--r--doc/man/pam_set_item.314
-rw-r--r--doc/man/pam_setcred.316
-rw-r--r--doc/man/pam_setenv.318
-rw-r--r--doc/man/pam_sm_acct_mgmt.314
-rw-r--r--doc/man/pam_sm_authenticate.314
-rw-r--r--doc/man/pam_sm_chauthtok.314
-rw-r--r--doc/man/pam_sm_close_session.314
-rw-r--r--doc/man/pam_sm_open_session.314
-rw-r--r--doc/man/pam_sm_setcred.314
-rw-r--r--doc/man/pam_start.314
-rw-r--r--doc/man/pam_strerror.314
-rw-r--r--doc/man/pam_verror.316
-rw-r--r--doc/man/pam_vinfo.316
-rw-r--r--doc/man/pam_vprompt.316
-rw-r--r--include/security/openpam.h43
-rw-r--r--include/security/openpam_version.h6
-rw-r--r--lib/Makefile.am11
-rw-r--r--lib/Makefile.in29
-rw-r--r--lib/openpam_check_owner_perms.c23
-rw-r--r--lib/openpam_configure.c592
-rw-r--r--lib/openpam_constants.h9
-rw-r--r--lib/openpam_ctype.h68
-rw-r--r--lib/openpam_debug.h45
-rw-r--r--lib/openpam_dynamic.c81
-rw-r--r--lib/openpam_features.c69
-rw-r--r--lib/openpam_features.h48
-rw-r--r--lib/openpam_get_feature.c99
-rw-r--r--lib/openpam_get_option.c3
-rw-r--r--lib/openpam_impl.h18
-rw-r--r--lib/openpam_load.c6
-rw-r--r--lib/openpam_log.c14
-rw-r--r--lib/openpam_readline.c52
-rw-r--r--lib/openpam_readlinev.c156
-rw-r--r--lib/openpam_readword.c207
-rw-r--r--lib/openpam_set_feature.c75
-rw-r--r--lib/openpam_set_option.c3
-rw-r--r--lib/openpam_straddch.c111
-rw-r--r--lib/openpam_strlcat.h54
-rw-r--r--lib/openpam_strlcmp.h5
-rw-r--r--lib/openpam_strlcpy.h7
-rw-r--r--lib/openpam_subst.c5
-rw-r--r--lib/openpam_ttyconv.c12
-rw-r--r--lib/pam_get_authtok.c12
-rw-r--r--lib/pam_putenv.c4
-rw-r--r--lib/pam_setenv.c4
-rwxr-xr-xltmain.sh95
-rw-r--r--misc/gendoc.pl121
-rw-r--r--pamgdb.in41
-rw-r--r--t/Makefile.am16
-rw-r--r--t/Makefile.in605
-rw-r--r--t/t.h60
-rw-r--r--t/t_main.c119
-rw-r--r--t/t_openpam_readlinev.c342
-rw-r--r--t/t_openpam_readword.c829
112 files changed, 5775 insertions, 1063 deletions
diff --git a/CREDITS b/CREDITS
index a003ac0ad7df..2725d8888cb1 100644
--- a/CREDITS
+++ b/CREDITS
@@ -16,16 +16,21 @@ ideas:
Brian Fundakowski Feldman <green@freebsd.org>
Christos Zoulas <christos@netbsd.org>
Daniel Richard G. <skunk@iskunk.org>
- Darren J. Moffat <Darren.Moffat@sun.com>
+ Darren J. Moffat <darren.moffat@sun.com>
Dmitry V. Levin <ldv@altlinux.org>
+ Don Lewis <truckman@freebsd.org>
Emmanuel Dreyfus <manu@netbsd.org>
Eric Melville <eric@freebsd.org>
- Gary Winiger <Gary.Winiger@sun.com>
+ Gary Winiger <gary.winiger@sun.com>
+ Gleb Smirnoff <glebius@freebsd.org>
Hubert Feyrer <hubert@feyrer.de>
+ Jason Evans <jasone@freebsd.org>
Joe Marcus Clarke <marcus@freebsd.org>
Juli Mallett <jmallett@freebsd.org>
Jörg Sonnenberger <joerg@britannica.bec.de>
+ Maëlle Lesage <lesage.maelle@gmail.com>
Mark Murray <markm@freebsd.org>
+ Matthias Drochner <drochner@netbsd.org>
Mike Petullo <mike@flyn.org>
Mikhail Teterin <mi@aldan.algebra.com>
Mikko Työläjärvi <mbsd@pacbell.net>
@@ -38,4 +43,4 @@ ideas:
Wojciech A. Koszek <wkoszek@freebsd.org>
Yar Tikhiy <yar@freebsd.org>
-$Id: CREDITS 498 2011-11-21 16:27:04Z des $
+$Id: CREDITS 587 2012-04-08 11:12:10Z des $
diff --git a/HISTORY b/HISTORY
index 81af9eac5a0c..3cc4c96e0859 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1,3 +1,51 @@
+OpenPAM Micrampelis 2012-05-26
+
+ - FEATURE: Add an openpam_readword(3) function which reads the next
+ word from an input stream, applying shell quoting and escaping
+ rules. Add numerous unit tests for openpam_readword(3).
+
+ - FEATURE: Add an openpam_readlinev(3) function which uses the
+ openpam_readword(3) function to read words from an input stream one
+ at a time until it reaches an unquoted, unescaped newline, and
+ returns an array of those words. Add several unit tests for
+ openpam_readlinev(3).
+
+ - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
+ machine's hostname. This was implemented in Lycopsida but
+ inadvertantly left out of the release notes.
+
+ - FEATURE: In pam_get_authtok(3), if neither the application nor the
+ module have specified a prompt and PAM_HOST and PAM_RHOST are both
+ defined but not equal, use a different default prompt that includes
+ PAM_USER and PAM_HOST.
+
+ - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
+ which greatly simplifies the code.
+
+ - ENHANCE: The previous implementation of the policy parser relied on
+ the openpam_readline(3) function, which (by design) munges
+ whitespace and understands neither quotes nor backslash escapes.
+ As a result of the aforementioned rewrite, whitespace, quotes and
+ backslash escapes in policy files are now handled in a consistent
+ and predictable manner.
+
+ - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
+ This closes the race between the ownership / permission check and
+ the dlopen(3) call.
+
+ - ENHANCE: Reduce the amount of pointless error messages generated
+ while searching for a module.
+
+ - ENHANCE: Numerous documentation improvements, both in content and
+ formatting.
+
+ - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
+ OpenPAM's behavior when several policies exist for the same
+ service, from ignoring all but the first to concatenating them all.
+ Revert to the original behavior.
+
+ - BUGFIX: Plug a memory leak in the policy parser.
+============================================================================
OpenPAM Lycopsida 2011-12-18
- ENHANCE: removed static build autodetection, which didn't work
@@ -269,7 +317,7 @@ OpenPAM Cinchona 2002-04-08
- ENHANCE: Add openpam_free_data(), a generic cleanup function for
pam_set_data() consumers.
============================================================================
-OpenPAM Centaury 2002-03-14
+OpenPAM Centaury 2002-03-14
- BUGFIX: Add missing #include <string.h> to openpam_log.c.
@@ -308,7 +356,7 @@ OpenPAM Celandine 2002-03-05
module with the same version number as the library itself to one
with no version number at all.
============================================================================
-OpenPAM Cantaloupe 2002-02-22
+OpenPAM Cantaloupe 2002-02-22
- BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
@@ -338,7 +386,7 @@ OpenPAM Cantaloupe 2002-02-22
- ENHANCE: openpam_get_authtok() now respects the echo_pass,
try_first_pass, and use_first_pass options.
============================================================================
-OpenPAM Caliopsis 2002-02-13
+OpenPAM Caliopsis 2002-02-13
Fixed a number of bugs in the previous release, including:
- a number of bugs in and related to pam_[gs]et_item(3)
@@ -349,8 +397,8 @@ Fixed a number of bugs in the previous release, including:
- missing 'continue' in openpam_dispatch.c caused successes to be
counted as failures
============================================================================
-OpenPAM Calamite 2002-02-09
+OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
-$Id: HISTORY 504 2011-12-18 14:11:12Z des $
+$Id: HISTORY 609 2012-05-26 13:57:45Z des $
diff --git a/LICENSE b/LICENSE
index e6d4325809fb..511979487ae0 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-Copyright (c) 2004-2011 Dag-Erling Smørgrav
+Copyright (c) 2004-2012 Dag-Erling Smørgrav
All rights reserved.
This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,4 +32,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
-$Id: LICENSE 437 2011-09-13 12:00:13Z des $
+$Id: LICENSE 546 2012-03-31 23:13:20Z des $
diff --git a/Makefile.am b/Makefile.am
index 96ed4ea1d788..5c4fbf3f0a2a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $
+# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $
ACLOCAL_AMFLAGS = -I m4
@@ -8,6 +8,8 @@ if WITH_DOC
SUBDIRS += doc
endif
+SUBDIRS += t
+
EXTRA_DIST = \
CREDITS \
HISTORY \
diff --git a/Makefile.in b/Makefile.in
index 44624b8672aa..3c0c783f46fb 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
-# $Id: Makefile.am 428 2010-03-09 17:32:17Z des $
+# $Id: Makefile.am 549 2012-04-01 20:38:30Z des $
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@@ -39,8 +39,8 @@ host_triplet = @host@
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(top_srcdir)/configure INSTALL config.guess config.sub \
- depcomp install-sh ltmain.sh missing
+ $(srcdir)/pamgdb.in $(top_srcdir)/configure INSTALL TODO \
+ config.guess config.sub depcomp install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
@@ -49,7 +49,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = pamgdb
CONFIG_CLEAN_VPATH_FILES =
SOURCES =
DIST_SOURCES =
@@ -67,7 +67,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
distdir dist dist-all distcheck
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = lib bin modules include doc
+DIST_SUBDIRS = lib bin modules include doc t
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -222,7 +222,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = lib bin modules include $(am__append_1)
+SUBDIRS = lib bin modules include $(am__append_1) t
EXTRA_DIST = \
CREDITS \
HISTORY \
@@ -288,6 +288,8 @@ $(srcdir)/config.h.in: $(am__configure_deps)
distclean-hdr:
-rm -f config.h stamp-h1
+pamgdb: $(top_builddir)/config.status $(srcdir)/pamgdb.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
mostlyclean-libtool:
-rm -f *.lo
diff --git a/RELNOTES b/RELNOTES
index 71f7eb920739..536460158a0f 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,6 +1,6 @@
- Release notes for OpenPAM Lycopsida
- ===================================
+ Release notes for OpenPAM Micrampelis
+ =====================================
This release corresponds to the code used in FreeBSD HEAD as of the
release date, and is also expected to work on almost any POSIX-like
@@ -19,6 +19,9 @@ intended for actual use, but rather to serve as examples for module or
application developers. It also includes a command-line application
(pamtest) which can be used to test policies and modules.
+Unit tests for limited portions of the library can be found in the t
+subdirectory.
+
Please direct bug reports and inquiries to <des@des.no>.
-$Id: RELNOTES 506 2011-12-18 14:25:12Z des $
+$Id: RELNOTES 609 2012-05-26 13:57:45Z des $
diff --git a/TODO b/TODO
new file mode 100644
index 000000000000..2d0af16aa988
--- /dev/null
+++ b/TODO
@@ -0,0 +1,13 @@
+Before the next release:
+
+ - Complete the transition from PAM_LOG_DEBUG to PAM_LOG_LIBDEBUG.
+
+Whenever:
+
+ - Implement mechanism to enable / disable optional features. Use it
+ to disable strict error checking so pamtest and unit tests can do
+ things that we don't allow in production.
+
+ - Rewrite the module-loading code.
+
+$Id: TODO 592 2012-04-08 13:19:51Z des $
diff --git a/aclocal.m4 b/aclocal.m4
index c3aa435a1f16..99ed44a00270 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -22,8 +22,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is free software; the Free Software Foundation gives
@@ -32,8 +32,8 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
m4_define([_LT_COPYING], [dnl
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -167,6 +167,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl
AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
+dnl
_LT_DECL([], [host_alias], [0], [The host system])dnl
_LT_DECL([], [host], [0])dnl
_LT_DECL([], [host_os], [0])dnl
@@ -652,7 +654,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
configured by $[0], generated by m4_PACKAGE_STRING.
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2011 Free Software Foundation, Inc.
This config.lt script is free software; the Free Software Foundation
gives unlimited permision to copy, distribute and modify it."
@@ -816,6 +818,7 @@ AC_DEFUN([LT_LANG],
m4_case([$1],
[C], [_LT_LANG(C)],
[C++], [_LT_LANG(CXX)],
+ [Go], [_LT_LANG(GO)],
[Java], [_LT_LANG(GCJ)],
[Fortran 77], [_LT_LANG(F77)],
[Fortran], [_LT_LANG(FC)],
@@ -837,6 +840,29 @@ m4_defun([_LT_LANG],
])# _LT_LANG
+m4_ifndef([AC_PROG_GO], [
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_GO. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+m4_defun([AC_PROG_GO],
+[AC_LANG_PUSH(Go)dnl
+AC_ARG_VAR([GOC], [Go compiler command])dnl
+AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
+_AC_ARG_VAR_LDFLAGS()dnl
+AC_CHECK_TOOL(GOC, gccgo)
+if test -z "$GOC"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
+ fi
+fi
+if test -z "$GOC"; then
+ AC_CHECK_PROG(GOC, gccgo, gccgo, false)
+fi
+])#m4_defun
+])#m4_ifndef
+
+
# _LT_LANG_DEFAULT_CONFIG
# -----------------------
m4_defun([_LT_LANG_DEFAULT_CONFIG],
@@ -867,6 +893,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
m4_ifdef([LT_PROG_GCJ],
[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+AC_PROVIDE_IFELSE([AC_PROG_GO],
+ [LT_LANG(GO)],
+ [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
+
AC_PROVIDE_IFELSE([LT_PROG_RC],
[LT_LANG(RC)],
[m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
@@ -969,7 +999,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -977,6 +1013,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
rm -rf libconftest.dylib*
rm -f conftest.*
fi])
+
AC_CACHE_CHECK([for -exported_symbols_list linker flag],
[lt_cv_ld_exported_symbols_list],
[lt_cv_ld_exported_symbols_list=no
@@ -988,6 +1025,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
[lt_cv_ld_exported_symbols_list=no])
LDFLAGS="$save_LDFLAGS"
])
+
AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
[lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
@@ -1005,7 +1043,9 @@ _LT_EOF
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
- if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&AS_MESSAGE_LOG_FD
@@ -1050,8 +1090,8 @@ _LT_EOF
])
-# _LT_DARWIN_LINKER_FEATURES
-# --------------------------
+# _LT_DARWIN_LINKER_FEATURES([TAG])
+# ---------------------------------
# Checks for linker and compiler features on darwin
m4_defun([_LT_DARWIN_LINKER_FEATURES],
[
@@ -1062,6 +1102,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
_LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+ m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
+ [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=''
fi
@@ -1345,14 +1387,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if AC_TRY_EVAL(ac_compile); then
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -1429,13 +1484,13 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@@ -1615,6 +1670,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -1654,7 +1714,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@@ -2200,7 +2260,7 @@ need_version=unknown
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -2209,7 +2269,7 @@ aix3*)
;;
aix[[4-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -2274,7 +2334,7 @@ beos*)
;;
bsdi[[45]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -2413,7 +2473,7 @@ m4_if([$1], [],[
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -2466,17 +2526,18 @@ freebsd* | dragonfly*)
;;
gnu*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
haiku*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@@ -2537,7 +2598,7 @@ hpux9* | hpux10* | hpux11*)
;;
interix[[3-9]]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -2553,7 +2614,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -2590,9 +2651,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2655,7 +2716,7 @@ netbsd*)
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -2724,7 +2785,7 @@ rdos*)
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2749,7 +2810,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2773,7 +2834,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -2804,7 +2865,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -2814,7 +2875,7 @@ tpf*)
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -3236,7 +3297,7 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@@ -3656,6 +3717,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK ['"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -4240,7 +4302,9 @@ m4_if([$1], [CXX], [
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC'
+ if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
+ fi
;;
esac
else
@@ -4332,18 +4396,33 @@ m4_if([$1], [CXX], [
;;
*)
case `$CC -V 2>&1 | sed 5q` in
- *Sun\ F* | *Sun*Fortran*)
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)=''
;;
+ *Sun\ F* | *Sun*Fortran*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
;;
+ *Intel*\ [[CF]]*Compiler*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ *Portland\ Group*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
esac
;;
esac
@@ -4503,7 +4582,9 @@ m4_if([$1], [CXX], [
;;
cygwin* | mingw* | cegcc*)
case $cc_basename in
- cl*) ;;
+ cl*)
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ ;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
_LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
@@ -4528,7 +4609,6 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -4779,8 +4859,7 @@ _LT_EOF
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
@@ -5075,6 +5154,7 @@ _LT_EOF
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
@@ -5172,7 +5252,6 @@ _LT_EOF
fi
if test "$with_gnu_ld" = no; then
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
@@ -5614,9 +5693,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1],
_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
[Flag to hardcode $libdir into a binary during linking.
This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
- [[If ld is used when linking, flag to hardcode $libdir into a binary
- during linking. This must work even if $libdir does not exist]])
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
[Whether we need a single "-rpath" flag with a separated argument])
_LT_TAGDECL([], [hardcode_direct], [0],
@@ -5770,7 +5846,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
@@ -6901,12 +6976,18 @@ public class foo {
}
};
_LT_EOF
+], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
+package foo
+func foo() {
+}
+_LT_EOF
])
_lt_libdeps_save_CFLAGS=$CFLAGS
case "$CC $CFLAGS " in #(
*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
+*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
esac
dnl Parse the compiler output and extract the necessary
@@ -7103,7 +7184,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -7236,7 +7316,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
_LT_TAGVAR(hardcode_direct, $1)=no
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
_LT_TAGVAR(hardcode_libdir_separator, $1)=
_LT_TAGVAR(hardcode_minus_L, $1)=no
_LT_TAGVAR(hardcode_automatic, $1)=no
@@ -7419,6 +7498,73 @@ CFLAGS=$lt_save_CFLAGS
])# _LT_LANG_GCJ_CONFIG
+# _LT_LANG_GO_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Go compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GO_CONFIG],
+[AC_REQUIRE([LT_PROG_GO])dnl
+AC_LANG_SAVE
+
+# Source file extension for Go test sources.
+ac_ext=go
+
+# Object file extension for compiled Go test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="package main; func main() { }"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='package main; func main() { }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GOC-"gccgo"}
+CFLAGS=$GOFLAGS
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# Go did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_GO_CONFIG
+
+
# _LT_LANG_RC_CONFIG([TAG])
# -------------------------
# Ensure that the configuration variables for the Windows resource compiler
@@ -7488,6 +7634,13 @@ dnl aclocal-1.4 backwards compatibility:
dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+# LT_PROG_GO
+# ----------
+AC_DEFUN([LT_PROG_GO],
+[AC_CHECK_TOOL(GOC, gccgo,)
+])
+
+
# LT_PROG_RC
# ----------
AC_DEFUN([LT_PROG_RC],
@@ -8152,9 +8305,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
m4_define([_LT_WITH_PIC],
[AC_ARG_WITH([pic],
- [AS_HELP_STRING([--with-pic],
+ [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
- [pic_mode="$withval"],
+ [lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
[pic_mode=default])
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
@@ -8326,15 +8494,15 @@ m4_define([lt_dict_filter],
# @configure_input@
-# serial 3293 ltversion.m4
+# serial 3337 ltversion.m4
# This file is part of GNU Libtool
-m4_define([LT_PACKAGE_VERSION], [2.4])
-m4_define([LT_PACKAGE_REVISION], [1.3293])
+m4_define([LT_PACKAGE_VERSION], [2.4.2])
+m4_define([LT_PACKAGE_REVISION], [1.3337])
AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4'
-macro_revision='1.3293'
+[macro_version='2.4.2'
+macro_revision='1.3337'
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
_LT_DECL(, macro_revision, 0)
])
diff --git a/bin/Makefile.am b/bin/Makefile.am
index 78ebeaa5d8e2..ec7a99e06001 100644
--- a/bin/Makefile.am
+++ b/bin/Makefile.am
@@ -1,6 +1,6 @@
-# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $
+# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
-SUBDIRS =
+SUBDIRS = openpam_dump_policy
if WITH_PAMTEST
SUBDIRS += pamtest
diff --git a/bin/Makefile.in b/bin/Makefile.in
index 4f6089d07d89..3c11bbfa92f9 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
-# $Id: Makefile.am 467 2011-11-02 23:42:21Z des $
+# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@@ -63,7 +63,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
distdir
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = pamtest su
+DIST_SUBDIRS = openpam_dump_policy pamtest su
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -207,7 +207,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-SUBDIRS = $(am__append_1) $(am__append_2)
+SUBDIRS = openpam_dump_policy $(am__append_1) $(am__append_2)
all: all-recursive
.SUFFIXES:
diff --git a/bin/openpam_dump_policy/Makefile.am b/bin/openpam_dump_policy/Makefile.am
new file mode 100644
index 000000000000..a5fda16068bf
--- /dev/null
+++ b/bin/openpam_dump_policy/Makefile.am
@@ -0,0 +1,7 @@
+# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
+
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
+
+noinst_PROGRAMS = openpam_dump_policy
+openpam_dump_policy_SOURCES = openpam_dump_policy.c
+openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la
diff --git a/bin/openpam_dump_policy/Makefile.in b/bin/openpam_dump_policy/Makefile.in
new file mode 100644
index 000000000000..54f09a49baa0
--- /dev/null
+++ b/bin/openpam_dump_policy/Makefile.in
@@ -0,0 +1,474 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $Id: Makefile.am 538 2012-03-31 17:04:29Z des $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = openpam_dump_policy$(EXEEXT)
+subdir = bin/openpam_dump_policy
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_openpam_dump_policy_OBJECTS = openpam_dump_policy.$(OBJEXT)
+openpam_dump_policy_OBJECTS = $(am_openpam_dump_policy_OBJECTS)
+openpam_dump_policy_DEPENDENCIES = $(top_builddir)/lib/libpam.la
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(openpam_dump_policy_SOURCES)
+DIST_SOURCES = $(openpam_dump_policy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_MAJ = @LIB_MAJ@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
+openpam_dump_policy_SOURCES = openpam_dump_policy.c
+openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign bin/openpam_dump_policy/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+openpam_dump_policy$(EXEEXT): $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_DEPENDENCIES)
+ @rm -f openpam_dump_policy$(EXEEXT)
+ $(LINK) $(openpam_dump_policy_OBJECTS) $(openpam_dump_policy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dump_policy.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/bin/openpam_dump_policy/openpam_dump_policy.c b/bin/openpam_dump_policy/openpam_dump_policy.c
new file mode 100644
index 000000000000..b65dbbd0888c
--- /dev/null
+++ b/bin/openpam_dump_policy/openpam_dump_policy.c
@@ -0,0 +1,202 @@
+/*-
+ * Copyright (c) 2011 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_dump_policy.c 582 2012-04-06 23:23:35Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+static char *
+openpam_chain_name(const char *service, pam_facility_t fclt)
+{
+ const char *facility = pam_facility_name[fclt];
+ char *name;
+
+ if (asprintf(&name, "pam_%s_%s", service, facility) == -1)
+ return (NULL);
+ return (name);
+}
+
+static char *
+openpam_facility_index_name(pam_facility_t fclt)
+{
+ const char *facility = pam_facility_name[fclt];
+ char *name, *p;
+
+ if (asprintf(&name, "PAM_%s", facility) == -1)
+ return (NULL);
+ for (p = name + 4; *p; ++p)
+ *p = toupper(*p);
+ return (name);
+}
+
+int
+openpam_dump_chain(const char *name, pam_chain_t *chain)
+{
+ char *modname, **opt, *p;
+ int i;
+
+ for (i = 0; chain != NULL; ++i, chain = chain->next) {
+ /* declare the module's struct pam_module */
+ modname = strrchr(chain->module->path, '/');
+ modname = strdup(modname ? modname : chain->module->path);
+ if (modname == NULL)
+ return (PAM_BUF_ERR);
+ for (p = modname; *p && *p != '.'; ++p)
+ /* nothing */ ;
+ *p = '\0';
+ printf("extern struct pam_module %s_pam_module;\n", modname);
+ /* module arguments */
+ printf("static char *%s_%d_optv[] = {\n", name, i);
+ for (opt = chain->optv; *opt; ++opt) {
+ printf("\t\"");
+ for (p = *opt; *p; ++p) {
+ if (isprint((unsigned char)*p) && *p != '"')
+ printf("%c", *p);
+ else
+ printf("\\x%02x", (unsigned char)*p);
+ }
+ printf("\",\n");
+ }
+ printf("\tNULL,\n");
+ printf("};\n");
+ /* next module in chain */
+ if (chain->next != NULL)
+ printf("static pam_chain_t %s_%d;\n", name, i + 1);
+ /* chain entry */
+ printf("static pam_chain_t %s_%d = {\n", name, i);
+ printf("\t.module = &%s_pam_module,\n", modname);
+ printf("\t.flag = 0x%08x,\n", chain->flag);
+ printf("\t.optc = %d,\n", chain->optc);
+ printf("\t.optv = %s_%d_optv,\n", name, i);
+ if (chain->next)
+ printf("\t.next = &%s_%d,\n", name, i + 1);
+ else
+ printf("\t.next = NULL,\n");
+ printf("};\n");
+ free(modname);
+ }
+ return (PAM_SUCCESS);
+}
+
+int
+openpam_dump_policy(const char *service)
+{
+ pam_handle_t *pamh;
+ char *name;
+ int fclt, ret;
+
+ if ((pamh = calloc(1, sizeof *pamh)) == NULL)
+ return (PAM_BUF_ERR);
+ if ((ret = openpam_configure(pamh, service)) != PAM_SUCCESS)
+ return (ret);
+ for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
+ if (pamh->chains[fclt] != NULL) {
+ if ((name = openpam_chain_name(service, fclt)) == NULL)
+ return (PAM_BUF_ERR);
+ ret = openpam_dump_chain(name, pamh->chains[fclt]);
+ free(name);
+ if (ret != PAM_SUCCESS)
+ return (ret);
+ }
+ }
+ printf("static pam_policy_t pam_%s_policy = {\n", service);
+ printf("\t.service = \"%s\",\n", service);
+ printf("\t.chains = {\n");
+ for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
+ if ((name = openpam_facility_index_name(fclt)) == NULL)
+ return (PAM_BUF_ERR);
+ printf("\t\t[%s] = ", name);
+ free(name);
+ if (pamh->chains[fclt] != NULL) {
+ if ((name = openpam_chain_name(service, fclt)) == NULL)
+ return (PAM_BUF_ERR);
+ printf("&%s_0,\n", name);
+ free(name);
+ } else {
+ printf("NULL,\n");
+ }
+ }
+ printf("\t},\n");
+ printf("};\n");
+ free(pamh);
+ return (PAM_SUCCESS);
+}
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "usage: openpam_dump_policy [-d] policy ...\n");
+ exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+ int i, opt;
+
+ while ((opt = getopt(argc, argv, "d")) != -1)
+ switch (opt) {
+ case 'd':
+ openpam_debug = 1;
+ break;
+ default:
+ usage();
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc < 1)
+ usage();
+
+ printf("#include <security/pam_appl.h>\n");
+ printf("#include \"openpam_impl.h\"\n");
+ for (i = 0; i < argc; ++i)
+ openpam_dump_policy(argv[i]);
+ printf("pam_policy_t *pam_embedded_policies[] = {\n");
+ for (i = 0; i < argc; ++i)
+ printf("\t&pam_%s_policy,\n", argv[i]);
+ printf("\tNULL,\n");
+ printf("};\n");
+ exit(0);
+}
diff --git a/bin/pamtest/pamtest.1 b/bin/pamtest/pamtest.1
index 78e83537c31e..5cf2e0c51d9d 100644
--- a/bin/pamtest/pamtest.1
+++ b/bin/pamtest/pamtest.1
@@ -10,6 +10,9 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: pamtest.1 471 2011-11-03 09:44:40Z des $
+.\" $Id: pamtest.1 610 2012-05-26 14:03:45Z des $
.\"
-.Dd November 2, 2011
+.Dd May 26, 2012
.Dt PAMTEST 1
.Os
.Sh NAME
@@ -33,7 +36,7 @@
.Nd PAM policy tester
.Sh SYNOPSYS
.Nm
-.Op Fl dksv
+.Op Fl dkMPsv
.Op Fl H Ar rhost
.Op Fl h Ar host
.Op Fl t Ar tty
@@ -116,6 +119,11 @@ The default is to use the result of calling
.Xr gethostname 3 .
.It Fl k
Keep going even if one of the commands fails.
+.It Fl M
+Disable path, ownership and permission checks on module files.
+.It Fl P
+Disable service name validation and path, ownership and permission
+checks on policy files.
.It Fl s
Set the
.Dv PAM_SILENT
@@ -149,14 +157,14 @@ policy:
pamtest -v system auth account change setcred open close unsetcred
.Ed
.Sh SEE ALSO
-.Xr openpam 3
-.Xr pam 3
+.Xr openpam 3 ,
+.Xr pam 3 ,
.Xr pam.conf 5
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
.Sh BUGS
The
.Nm
diff --git a/bin/pamtest/pamtest.c b/bin/pamtest/pamtest.c
index 0addfad9a130..bfc612e72c13 100644
--- a/bin/pamtest/pamtest.c
+++ b/bin/pamtest/pamtest.c
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: pamtest.c 472 2011-11-03 09:46:52Z des $
+ * $Id: pamtest.c 595 2012-04-14 14:28:35Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -261,8 +264,8 @@ static void
usage(void)
{
- fprintf(stderr, "usage: pamtest [-dksv] %s\n",
- "[-H rhost] [-h host] [-t tty] [-U ruser] [-u user] service");
+ fprintf(stderr, "usage: pamtest %s service command ...\n",
+ "[-dkMPsv] [-H rhost] [-h host] [-t tty] [-U ruser] [-u user]");
exit(1);
}
@@ -297,7 +300,7 @@ main(int argc, char *argv[])
int pame;
int opt;
- while ((opt = getopt(argc, argv, "dH:h:kst:U:u:v")) != -1)
+ while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1)
switch (opt) {
case 'd':
openpam_debug++;
@@ -311,6 +314,14 @@ main(int argc, char *argv[])
case 'k':
keepatit = 1;
break;
+ case 'M':
+ openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0);
+ openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0);
+ break;
+ case 'P':
+ openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0);
+ openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0);
+ break;
case 's':
silent = PAM_SILENT;
break;
diff --git a/bin/su/su.1 b/bin/su/su.1
index 9a67ea3fec6c..2dc11bbb1b22 100644
--- a/bin/su/su.1
+++ b/bin/su/su.1
@@ -10,6 +10,9 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -23,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: su.1 458 2011-11-02 13:10:25Z des $
+.\" $Id: su.1 610 2012-05-26 14:03:45Z des $
.\"
-.Dd November 2, 2011
+.Dd May 26, 2012
.Dt SU 1
.Os
.Sh NAME
@@ -53,10 +56,10 @@ The
utility is provided with the OpenPAM library as a sample application
and should not be used in production systems.
.Sh SEE ALSO
-.Xr openpam 3
+.Xr openpam 3 ,
.Xr pam 3
.Sh AUTHORS
The
.Nm
utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/config.h.in b/config.h.in
index 3d16ce8e8dfc..69f703ca2556 100644
--- a/config.h.in
+++ b/config.h.in
@@ -9,6 +9,9 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
+/* Define to 1 if you have the `fdlopen' function. */
+#undef HAVE_FDLOPEN
+
/* Define to 1 if you have the `fpurge' function. */
#undef HAVE_FPURGE
@@ -36,6 +39,9 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
/* Define to 1 if you have the `strlcmp' function. */
#undef HAVE_STRLCMP
diff --git a/configure b/configure
index fe13a93697a1..5348d3f5a085 100755
--- a/configure
+++ b/configure
@@ -1,7 +1,7 @@
#! /bin/sh
-# From configure.ac Id: configure.ac 507 2011-12-18 14:43:40Z des .
+# From configure.ac Id: configure.ac 610 2012-05-26 14:03:45Z des .
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for OpenPAM 20111218.
+# Generated by GNU Autoconf 2.68 for OpenPAM 20120526.
#
# Report bugs to <des@des.no>.
#
@@ -570,8 +570,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='OpenPAM'
PACKAGE_TARNAME='openpam'
-PACKAGE_VERSION='20111218'
-PACKAGE_STRING='OpenPAM 20111218'
+PACKAGE_VERSION='20120526'
+PACKAGE_STRING='OpenPAM 20120526'
PACKAGE_BUGREPORT='des@des.no'
PACKAGE_URL=''
@@ -1308,7 +1308,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures OpenPAM 20111218 to adapt to many kinds of systems.
+\`configure' configures OpenPAM 20120526 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1378,7 +1378,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of OpenPAM 20111218:";;
+ short | recursive ) echo "Configuration of OpenPAM 20120526:";;
esac
cat <<\_ACEOF
@@ -1405,7 +1405,7 @@ Optional Features:
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-pic try to use only PIC/non-PIC objects [default=use
+ --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
@@ -1492,7 +1492,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-OpenPAM configure 20111218
+OpenPAM configure 20120526
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -1861,7 +1861,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by OpenPAM $as_me 20111218, which was
+It was created by OpenPAM $as_me 20120526, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -2678,7 +2678,7 @@ fi
# Define the identity of the package.
PACKAGE='openpam'
- VERSION='20111218'
+ VERSION='20120526'
cat >>confdefs.h <<_ACEOF
@@ -4631,8 +4631,8 @@ esac
-macro_version='2.4'
-macro_revision='1.3293'
+macro_version='2.4.2'
+macro_revision='1.3337'
@@ -5347,6 +5347,11 @@ else
lt_cv_sys_max_cmd_len=196608
;;
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
osf*)
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
@@ -5386,7 +5391,7 @@ else
# If test is not a shell built-in, we'll probably end up computing a
# maximum length that is only half of the actual maximum length, but
# we can't tell.
- while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
+ while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
test $i != 17 # 1/2 MB should be enough
do
@@ -5815,7 +5820,7 @@ irix5* | irix6* | nonstopux*)
lt_cv_deplibs_check_method=pass_all
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
lt_cv_deplibs_check_method=pass_all
;;
@@ -6455,13 +6460,13 @@ old_postuninstall_cmds=
if test -n "$RANLIB"; then
case $host_os in
openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
;;
*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
;;
esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
fi
case $host_os in
@@ -6608,6 +6613,7 @@ for ac_symprfx in "" "_"; do
# which start with @ or ?.
lt_cv_sys_global_symbol_pipe="$AWK '"\
" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
" \$ 0!~/External *\|/{next};"\
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
@@ -6996,7 +7002,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
CFLAGS="$SAVE_CFLAGS"
fi
;;
-sparc*-*solaris*)
+*-*solaris*)
# Find out which ABI we are using.
echo 'int i;' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@@ -7007,7 +7013,20 @@ sparc*-*solaris*)
case `/usr/bin/file conftest.o` in
*64-bit*)
case $lt_cv_prog_gnu_ld in
- yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ yes*)
+ case $host in
+ i?86-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD="${LD-ld}_sol2"
+ fi
+ ;;
*)
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
LD="${LD-ld} -64"
@@ -7647,7 +7666,13 @@ else
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
_lt_result=$?
- if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&5
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test $_lt_result -eq 0; then
lt_cv_apple_cc_single_mod=yes
else
cat conftest.err >&5
@@ -7658,6 +7683,7 @@ else
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
if ${lt_cv_ld_exported_symbols_list+:} false; then :
@@ -7690,6 +7716,7 @@ rm -f core conftest.err conftest.$ac_objext \
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
$as_echo_n "checking for -force_load linker flag... " >&6; }
if ${lt_cv_ld_force_load+:} false; then :
@@ -7711,7 +7738,9 @@ _LT_EOF
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
_lt_result=$?
- if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&5
+ elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
lt_cv_ld_force_load=yes
else
cat conftest.err >&5
@@ -7847,7 +7876,22 @@ fi
# Check whether --with-pic was given.
if test "${with_pic+set}" = set; then :
- withval=$with_pic; pic_mode="$withval"
+ withval=$with_pic; lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for lt_pkg in $withval; do
+ IFS="$lt_save_ifs"
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
else
pic_mode=default
fi
@@ -7925,6 +7969,10 @@ LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
test -z "$LN_S" && LN_S="ln -s"
@@ -8380,7 +8428,9 @@ lt_prog_compiler_static=
case $cc_basename in
nvcc*) # Cuda Compiler Driver 2.2
lt_prog_compiler_wl='-Xlinker '
- lt_prog_compiler_pic='-Xcompiler -fPIC'
+ if test -n "$lt_prog_compiler_pic"; then
+ lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+ fi
;;
esac
else
@@ -8471,18 +8521,33 @@ lt_prog_compiler_static=
;;
*)
case `$CC -V 2>&1 | sed 5q` in
- *Sun\ F* | *Sun*Fortran*)
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
# Sun Fortran 8.3 passes all unrecognized flags to the linker
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl=''
;;
+ *Sun\ F* | *Sun*Fortran*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Qoption ld '
+ ;;
*Sun\ C*)
# Sun C 5.9
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-Bstatic'
lt_prog_compiler_wl='-Wl,'
;;
+ *Intel*\ [CF]*Compiler*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ *Portland\ Group*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
esac
;;
esac
@@ -8844,7 +8909,6 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
hardcode_direct=no
hardcode_direct_absolute=no
hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld=
hardcode_libdir_separator=
hardcode_minus_L=no
hardcode_shlibpath_var=unsupported
@@ -9094,8 +9158,7 @@ _LT_EOF
xlf* | bgf* | bgxlf* | mpixlf*)
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec=
- hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
if test "x$supports_anon_versioning" = xyes; then
archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
@@ -9474,6 +9537,7 @@ fi
# The linker will not automatically build a static lib if we build a DLL.
# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
enable_shared_with_static_runtimes=yes
+ exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
# Don't use ranlib
old_postinstall_cmds='chmod 644 $oldlib'
@@ -9519,6 +9583,7 @@ fi
hardcode_shlibpath_var=unsupported
if test "$lt_cv_ld_force_load" = "yes"; then
whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
else
whole_archive_flag_spec=''
fi
@@ -9598,7 +9663,6 @@ fi
fi
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_flag_spec_ld='+b $libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
hardcode_direct_absolute=yes
@@ -10222,11 +10286,6 @@ esac
-
-
-
-
-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
$as_echo_n "checking dynamic linker characteristics... " >&6; }
@@ -10316,7 +10375,7 @@ need_version=unknown
case $host_os in
aix3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
shlibpath_var=LIBPATH
@@ -10325,7 +10384,7 @@ aix3*)
;;
aix[4-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
hardcode_into_libs=yes
@@ -10390,7 +10449,7 @@ beos*)
;;
bsdi[45]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
@@ -10529,7 +10588,7 @@ darwin* | rhapsody*)
;;
dgux*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
@@ -10582,17 +10641,18 @@ freebsd* | dragonfly*)
;;
gnu*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
hardcode_into_libs=yes
;;
haiku*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
dynamic_linker="$host_os runtime_loader"
@@ -10653,7 +10713,7 @@ hpux9* | hpux10* | hpux11*)
;;
interix[3-9]*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
@@ -10669,7 +10729,7 @@ irix5* | irix6* | nonstopux*)
nonstopux*) version_type=nonstopux ;;
*)
if test "$lt_cv_prog_gnu_ld" = yes; then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
else
version_type=irix
fi ;;
@@ -10706,9 +10766,9 @@ linux*oldld* | linux*aout* | linux*coff*)
dynamic_linker=no
;;
-# This must be Linux ELF.
+# This must be glibc/ELF.
linux* | k*bsd*-gnu | kopensolaris*-gnu)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -10790,7 +10850,7 @@ netbsd*)
;;
newsos6)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=yes
@@ -10859,7 +10919,7 @@ rdos*)
;;
solaris*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -10884,7 +10944,7 @@ sunos4*)
;;
sysv4 | sysv4.3*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -10908,7 +10968,7 @@ sysv4 | sysv4.3*)
sysv4*MP*)
if test -d /usr/nec ;then
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
soname_spec='$libname${shared_ext}.$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -10939,7 +10999,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
tpf*)
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
@@ -10949,7 +11009,7 @@ tpf*)
;;
uts4*)
- version_type=linux
+ version_type=linux # correct to gnu/linux during the next big refactor
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
@@ -11731,6 +11791,8 @@ CC="$lt_save_CC"
+
+
ac_config_commands="$ac_config_commands libtool"
@@ -11875,7 +11937,7 @@ fi
done
-for ac_func in fpurge strlcmp strlcpy
+for ac_func in fdlopen fpurge strlcat strlcmp strlcpy
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -12006,7 +12068,9 @@ if test "${enable_werror+set}" = set; then :
fi
-ac_config_files="$ac_config_files bin/Makefile bin/pamtest/Makefile bin/su/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_unix/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile doc/Makefile doc/man/Makefile Makefile"
+ac_config_files="$ac_config_files Makefile bin/Makefile bin/openpam_dump_policy/Makefile bin/pamtest/Makefile bin/su/Makefile doc/Makefile doc/man/Makefile include/Makefile include/security/Makefile lib/Makefile modules/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile modules/pam_unix/Makefile t/Makefile"
+
+ac_config_files="$ac_config_files pamgdb"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -12558,7 +12622,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by OpenPAM $as_me 20111218, which was
+This file was extended by OpenPAM $as_me 20120526, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -12624,7 +12688,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-OpenPAM config.status 20111218
+OpenPAM config.status 20120526
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@@ -12761,6 +12825,7 @@ pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
+PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
@@ -12843,7 +12908,6 @@ with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec_ld='`$ECHO "$hardcode_libdir_flag_spec_ld" | $SED "$delay_single_quote_subst"`'
hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
@@ -12899,6 +12963,7 @@ _LTECHO_EOF'
# Quote evaled strings.
for var in SHELL \
ECHO \
+PATH_SEPARATOR \
SED \
GREP \
EGREP \
@@ -12949,7 +13014,6 @@ with_gnu_ld \
allow_undefined_flag \
no_undefined_flag \
hardcode_libdir_flag_spec \
-hardcode_libdir_flag_spec_ld \
hardcode_libdir_separator \
exclude_expsyms \
include_expsyms \
@@ -13033,19 +13097,22 @@ do
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
"libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"bin/Makefile") CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;;
+ "bin/openpam_dump_policy/Makefile") CONFIG_FILES="$CONFIG_FILES bin/openpam_dump_policy/Makefile" ;;
"bin/pamtest/Makefile") CONFIG_FILES="$CONFIG_FILES bin/pamtest/Makefile" ;;
"bin/su/Makefile") CONFIG_FILES="$CONFIG_FILES bin/su/Makefile" ;;
+ "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+ "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;;
"include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
"include/security/Makefile") CONFIG_FILES="$CONFIG_FILES include/security/Makefile" ;;
"lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
"modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;;
- "modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;;
"modules/pam_deny/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_deny/Makefile" ;;
"modules/pam_permit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_permit/Makefile" ;;
- "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;;
+ "t/Makefile") CONFIG_FILES="$CONFIG_FILES t/Makefile" ;;
+ "pamgdb") CONFIG_FILES="$CONFIG_FILES pamgdb" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
@@ -13757,8 +13824,8 @@ $as_echo X"$file" |
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
#
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
-# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
-# Inc.
+# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# Written by Gordon Matzigkeit, 1996
#
# This file is part of GNU Libtool.
@@ -13812,6 +13879,9 @@ SHELL=$lt_SHELL
# An echo program that protects backslashes.
ECHO=$lt_ECHO
+# The PATH separator for the build system.
+PATH_SEPARATOR=$lt_PATH_SEPARATOR
+
# The host system.
host_alias=$host_alias
host=$host
@@ -14113,10 +14183,6 @@ no_undefined_flag=$lt_no_undefined_flag
# This must work even if \$libdir does not exist
hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-# If ld is used when linking, flag to hardcode \$libdir into a binary
-# during linking. This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
-
# Whether we need a single "-rpath" flag with a separated argument.
hardcode_libdir_separator=$lt_hardcode_libdir_separator
@@ -14367,6 +14433,7 @@ fi
chmod +x "$ofile"
;;
+ "pamgdb":F) chmod +x pamgdb ;;
esac
done # for ac_tag
diff --git a/configure.ac b/configure.ac
index a7453b994a47..fb30726a4d1b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,8 +1,8 @@
-dnl $Id: configure.ac 507 2011-12-18 14:43:40Z des $
+dnl $Id: configure.ac 610 2012-05-26 14:03:45Z des $
AC_PREREQ([2.62])
-AC_REVISION([$Id: configure.ac 507 2011-12-18 14:43:40Z des $])
-AC_INIT([OpenPAM], [20111218], [des@des.no])
+AC_REVISION([$Id: configure.ac 610 2012-05-26 14:03:45Z des $])
+AC_INIT([OpenPAM], [20120526], [des@des.no])
AC_CONFIG_SRCDIR([lib/pam_start.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([foreign])
@@ -83,7 +83,7 @@ AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
AC_CHECK_HEADERS([crypt.h])
-AC_CHECK_FUNCS([fpurge strlcmp strlcpy])
+AC_CHECK_FUNCS([fdlopen fpurge strlcat strlcmp strlcpy])
saved_LIBS="${LIBS}"
LIBS=""
@@ -110,18 +110,21 @@ AC_ARG_ENABLE([werror],
[CFLAGS="${CFLAGS} -Werror"])
AC_CONFIG_FILES([
+ Makefile
bin/Makefile
+ bin/openpam_dump_policy/Makefile
bin/pamtest/Makefile
bin/su/Makefile
+ doc/Makefile
+ doc/man/Makefile
include/Makefile
include/security/Makefile
lib/Makefile
modules/Makefile
- modules/pam_unix/Makefile
modules/pam_deny/Makefile
modules/pam_permit/Makefile
- doc/Makefile
- doc/man/Makefile
- Makefile
+ modules/pam_unix/Makefile
+ t/Makefile
])
+AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
AC_OUTPUT
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 3d1b94bb87b5..4062a54d54fb 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $
+# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $
NULL =
@@ -38,12 +38,17 @@ OMAN = \
openpam_borrow_cred.3 \
openpam_free_data.3 \
openpam_free_envlist.3 \
+ openpam_get_feature.3 \
openpam_get_option.3 \
openpam_log.3 \
openpam_nullconv.3 \
openpam_readline.3 \
+ openpam_readlinev.3 \
+ openpam_readword.3 \
openpam_restore_cred.3 \
+ openpam_set_feature.3 \
openpam_set_option.3 \
+ openpam_straddch.3 \
openpam_subst.3 \
openpam_ttyconv.3 \
pam_error.3 \
@@ -68,17 +73,17 @@ CLEANFILES = $(ALLCMAN) openpam.3 pam.3
GENDOC = $(top_srcdir)/misc/gendoc.pl
-SRCDIR = $(top_srcdir)/lib
+LIBSRCDIR = $(top_srcdir)/lib
-VPATH = $(SRCDIR)
+VPATH = $(LIBSRCDIR) $(srcdir)
SUFFIXES = .3
.c.3: $(GENDOC)
perl -w $(GENDOC) $<
-openpam.3: $(OMAN) $(GENDOC) openpam.man
+openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
-pam.3: $(PMAN) $(GENDOC) pam.man
+pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man
diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in
index 91c9febf6003..298304d0ec47 100644
--- a/doc/man/Makefile.in
+++ b/doc/man/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
-# $Id: Makefile.am 455 2011-10-29 18:31:11Z des $
+# $Id: Makefile.am 594 2012-04-14 14:18:41Z des $
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -74,7 +74,7 @@ man5dir = $(mandir)/man5
NROFF = nroff
MANS = $(dist_man3_MANS) $(dist_man5_MANS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-VPATH = $(SRCDIR)
+VPATH = $(LIBSRCDIR) $(srcdir)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AR = @AR@
@@ -232,12 +232,17 @@ OMAN = \
openpam_borrow_cred.3 \
openpam_free_data.3 \
openpam_free_envlist.3 \
+ openpam_get_feature.3 \
openpam_get_option.3 \
openpam_log.3 \
openpam_nullconv.3 \
openpam_readline.3 \
+ openpam_readlinev.3 \
+ openpam_readword.3 \
openpam_restore_cred.3 \
+ openpam_set_feature.3 \
openpam_set_option.3 \
+ openpam_straddch.3 \
openpam_subst.3 \
openpam_ttyconv.3 \
pam_error.3 \
@@ -256,7 +261,7 @@ dist_man3_MANS = $(ALLCMAN) openpam.3 pam.3 pam_conv.3
dist_man5_MANS = pam.conf.5
CLEANFILES = $(ALLCMAN) openpam.3 pam.3
GENDOC = $(top_srcdir)/misc/gendoc.pl
-SRCDIR = $(top_srcdir)/lib
+LIBSRCDIR = $(top_srcdir)/lib
SUFFIXES = .3
all: all-am
@@ -536,10 +541,10 @@ uninstall-man: uninstall-man3 uninstall-man5
.c.3: $(GENDOC)
perl -w $(GENDOC) $<
-openpam.3: $(OMAN) $(GENDOC) openpam.man
+openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
-pam.3: $(PMAN) $(GENDOC) pam.man
+pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/doc/man/openpam.3 b/doc/man/openpam.3
index c04a2aa9671d..a3ff7fc6ce2e 100644
--- a/doc/man/openpam.3
+++ b/doc/man/openpam.3
@@ -34,19 +34,24 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM 3
.Os
.Sh NAME
.Nm openpam_borrow_cred ,
.Nm openpam_free_data ,
.Nm openpam_free_envlist ,
+.Nm openpam_get_feature ,
.Nm openpam_get_option ,
.Nm openpam_log ,
.Nm openpam_nullconv ,
.Nm openpam_readline ,
+.Nm openpam_readlinev ,
+.Nm openpam_readword ,
.Nm openpam_restore_cred ,
+.Nm openpam_set_feature ,
.Nm openpam_set_option ,
+.Nm openpam_straddch ,
.Nm openpam_subst ,
.Nm openpam_ttyconv ,
.Nm pam_error ,
@@ -68,6 +73,8 @@
.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
.Ft "void"
.Fn openpam_free_envlist "char **envlist"
+.Ft "int"
+.Fn openpam_get_feature "int feature" "int *onoff"
.Ft "const char *"
.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
.Ft "void"
@@ -76,11 +83,19 @@
.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Ft "char *"
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
+.Ft "char **"
+.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp"
+.Ft "char *"
+.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp"
.Ft "int"
.Fn openpam_restore_cred "pam_handle_t *pamh"
.Ft "int"
+.Fn openpam_set_feature "int feature" "int onoff"
+.Ft "int"
.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
.Ft "int"
+.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch"
+.Ft "int"
.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template"
.Ft "int"
.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
@@ -117,12 +132,17 @@ standardization.
.Xr openpam_borrow_cred 3 ,
.Xr openpam_free_data 3 ,
.Xr openpam_free_envlist 3 ,
+.Xr openpam_get_feature 3 ,
.Xr openpam_get_option 3 ,
.Xr openpam_log 3 ,
.Xr openpam_nullconv 3 ,
.Xr openpam_readline 3 ,
+.Xr openpam_readlinev 3 ,
+.Xr openpam_readword 3 ,
.Xr openpam_restore_cred 3 ,
+.Xr openpam_set_feature 3 ,
.Xr openpam_set_option 3 ,
+.Xr openpam_straddch 3 ,
.Xr openpam_subst 3 ,
.Xr openpam_ttyconv 3 ,
.Xr pam_error 3 ,
@@ -146,3 +166,6 @@ Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
+.Pp
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_borrow_cred.3 b/doc/man/openpam_borrow_cred.3
index 25780dba4479..dd05b4430ce4 100644
--- a/doc/man/openpam_borrow_cred.3
+++ b/doc/man/openpam_borrow_cred.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_BORROW_CRED 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_borrow_cred
function saves the current credentials and
switches to those of the user specified by its
.Fa pwd
@@ -62,7 +62,7 @@ The original credentials can be restored using
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_borrow_cred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -81,15 +81,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_borrow_cred
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_borrow_cred
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_free_data.3 b/doc/man/openpam_free_data.3
index b32a34570741..4d9e0eeed065 100644
--- a/doc/man/openpam_free_data.3
+++ b/doc/man/openpam_free_data.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_FREE_DATA 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_free_data
function is a cleanup function suitable for
passing to
.Xr pam_set_data 3 .
@@ -64,15 +64,15 @@ argument to
.Xr pam_set_data 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_free_data
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_free_data
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_free_envlist.3 b/doc/man/openpam_free_envlist.3
index 0c1976a9129f..cf8c585539d8 100644
--- a/doc/man/openpam_free_envlist.3
+++ b/doc/man/openpam_free_envlist.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_FREE_ENVLIST 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_free_envlist "char **envlist"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_free_envlist
function is a convenience function which
frees all the environment variables in an environment list, and the
list itself.
@@ -62,12 +62,11 @@ It is suitable for freeing the return value from
.Xr pam_getenvlist 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_free_envlist
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
-.Fx
-Project by
-.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
+.Fn openpam_free_envlist
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_get_feature.3 b/doc/man/openpam_get_feature.3
new file mode 100644
index 000000000000..e63ef0cd6af8
--- /dev/null
+++ b/doc/man/openpam_get_feature.3
@@ -0,0 +1,105 @@
+.\"-
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd May 26, 2012
+.Dt OPENPAM_GET_FEATURE 3
+.Os
+.Sh NAME
+.Nm openpam_get_feature
+.Nd query the state of an optional feature
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In sys/types.h
+.In security/pam_appl.h
+.In security/openpam.h
+.Ft "int"
+.Fn openpam_get_feature "int feature" "int *onoff"
+.Sh DESCRIPTION
+.Bf Sy
+This function is experimental and may be modified or removed in a future release without further warning.
+.Ef
+.Pp
+The
+.Fn openpam_get_feature
+function stores the current state of the
+specified feature in the variable pointed to by its
+.Fa onoff
+argument.
+.Pp
+The following features are recognized:
+.Bl -tag -width 18n
+.It Dv OPENPAM_RESTRICT_SERVICE_NAME
+Disallow path separators in service names.
+This feature is enabled by default.
+Disabling it allows the application to specify the path to
+the desired policy file directly.
+.It Dv OPENPAM_VERIFY_POLICY_FILE
+Verify the ownership and permissions of the policy file
+and the path leading up to it.
+This feature is enabled by default.
+.It Dv OPENPAM_RESTRICT_MODULE_NAME
+Disallow path separators in module names.
+This feature is disabled by default.
+Enabling it prevents the use of modules in non-standard
+locations.
+.It Dv OPENPAM_VERIFY_MODULE_FILE
+Verify the ownership and permissions of each loadable
+module and the path leading up to it.
+This feature is enabled by default.
+.El
+.Sh RETURN VALUES
+The
+.Fn openpam_get_feature
+function returns one of the following values:
+.Bl -tag -width 18n
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
+.El
+.Sh SEE ALSO
+.Xr openpam_set_feature 3 ,
+.Xr pam 3 ,
+.Xr pam_strerror 3
+.Sh STANDARDS
+The
+.Fn openpam_get_feature
+function is an OpenPAM extension.
+.Sh AUTHORS
+The
+.Fn openpam_get_feature
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_get_option.3 b/doc/man/openpam_get_option.3
index d65661296922..68a6b2e77756 100644
--- a/doc/man/openpam_get_option.3
+++ b/doc/man/openpam_get_option.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_get_option
function returns the value of the specified
option in the context of the currently executing service module, or
.Dv NULL
@@ -58,7 +58,7 @@ if the option is not set or no module is currently executing.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_get_option
function returns
.Dv NULL
on failure.
@@ -67,15 +67,15 @@ on failure.
.Xr pam 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_get_option
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_get_option
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_log.3 b/doc/man/openpam_log.3
index adfc0061a86b..e5e3192c8ae8 100644
--- a/doc/man/openpam_log.3
+++ b/doc/man/openpam_log.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_LOG 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_log "int level" "const char *fmt" "..."
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_log
function logs messages using
.Xr syslog 3 .
It is primarily intended for internal use by the library and modules.
@@ -60,6 +60,9 @@ The
argument indicates the importance of the message.
The following levels are defined:
.Bl -tag -width 18n
+.It Dv PAM_LOG_LIBDEBUG
+Debugging messages.
+For internal use only.
.It Dv PAM_LOG_DEBUG
Debugging messages.
These messages are normally not logged unless the global
@@ -101,15 +104,15 @@ corresponding arguments.
.Xr syslog 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_log
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_log
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_nullconv.3 b/doc/man/openpam_nullconv.3
index 1873cba2ee38..f5194d38fff2 100644
--- a/doc/man/openpam_nullconv.3
+++ b/doc/man/openpam_nullconv.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_NULLCONV 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_nullconv
function is a null conversation function suitable
for applications that want to use PAM but don't support interactive
dialog with the user.
@@ -71,7 +71,7 @@ try to query the user.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_nullconv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_CONV_ERR
@@ -88,15 +88,15 @@ Conversation failure.
.Xr pam_vprompt 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_nullconv
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_nullconv
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_readline.3 b/doc/man/openpam_readline.3
index cf7ab47f53ff..32dd55b19f43 100644
--- a/doc/man/openpam_readline.3
+++ b/doc/man/openpam_readline.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_READLINE 3
.Os
.Sh NAME
@@ -44,27 +44,32 @@
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
+.In stdio.h
.In security/pam_appl.h
.In security/openpam.h
.Ft "char *"
.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp"
.Sh DESCRIPTION
+.Bf Sy
+This function is deprecated and may be removed in a future release without further warning.
The
-.Nm
+.Fn openpam_readlinev
+function may be used to achieve similar results.
+.Ef
+.Pp
+The
+.Fn openpam_readline
function reads a line from a file, and returns it
in a NUL-terminated buffer allocated with
.Xr malloc 3 .
.Pp
The
-.Nm
+.Fn openpam_readline
function performs a certain amount of processing
on the data it reads:
.Bl -bullet
.It
-Comments (introduced by a hash sign) are stripped, as is leading and
-trailing whitespace.
-.It
-Any amount of linear whitespace is collapsed to a single space.
+Comments (introduced by a hash sign) are stripped.
.It
Blank lines are ignored.
.It
@@ -89,27 +94,28 @@ terminating NUL character) is stored in the variable it points to.
The caller is responsible for releasing the returned buffer by passing
it to
.Xr free 3 .
+.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_readline
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
-.Xr free 3 ,
-.Xr malloc 3 ,
+.Xr openpam_readlinev 3 ,
+.Xr openpam_readword 3 ,
.Xr pam 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_readline
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_readline
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_readlinev.3 b/doc/man/openpam_readlinev.3
new file mode 100644
index 000000000000..f2ba1a6b775a
--- /dev/null
+++ b/doc/man/openpam_readlinev.3
@@ -0,0 +1,159 @@
+.\"-
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd May 26, 2012
+.Dt OPENPAM_READLINEV 3
+.Os
+.Sh NAME
+.Nm openpam_readlinev
+.Nd read a line from a file and split it into words
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In sys/types.h
+.In stdio.h
+.In security/pam_appl.h
+.In security/openpam.h
+.Ft "char **"
+.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp"
+.Sh DESCRIPTION
+The
+.Fn openpam_readlinev
+function reads a line from a file, splits it
+into words according to the rules described in the
+.Xr openpam_readword 3
+manual page, and returns a list of those words.
+.Pp
+If
+.Fa lineno
+is not
+.Dv NULL ,
+the integer variable it points to is
+incremented every time a newline character is read.
+This includes quoted or escaped newline characters and the newline
+character at the end of the line.
+.Pp
+If
+.Fa lenp
+is not
+.Dv NULL ,
+the number of words on the line is stored in the
+variable to which it points.
+.Sh RETURN VALUES
+If successful, the
+.Fn openpam_readlinev
+function returns a pointer to a
+dynamically allocated array of pointers to individual dynamically
+allocated NUL-terminated strings, each containing a single word, in the
+order in which they were encountered on the line.
+The array is terminated by a
+.Dv NULL
+pointer.
+.Pp
+The caller is responsible for freeing both the array and the individual
+strings by passing each of them to
+.Xr free 3 .
+.Pp
+If the end of the line was reached before any words were read,
+.Fn openpam_readlinev
+returns a pointer to a dynamically allocated array
+containing a single
+.Dv NULL
+pointer.
+.Pp
+The
+.Fn openpam_readlinev
+function can fail and return
+.Dv NULL
+for one of
+four reasons:
+.Bl -bullet
+.It
+The end of the file was reached before any words were read;
+.Va errno
+is
+zero,
+.Xr ferror 3
+returns zero, and
+.Xr feof 3
+returns a non-zero value.
+.It
+The end of the file was reached while a quote or backslash escape
+was in effect;
+.Va errno
+is set to
+.Dv EINVAL ,
+.Xr ferror 3
+returns zero, and
+.Xr feof 3
+returns a non-zero value.
+.It
+An error occurred while reading from the file;
+.Va errno
+is non-zero,
+.Xr ferror 3
+returns a non-zero value and
+.Xr feof 3
+returns zero.
+.It
+A
+.Xr malloc 3
+or
+.Xr realloc 3
+call failed;
+.Va errno
+is set to
+.Dv ENOMEM ,
+.Xr ferror 3
+returns a non-zero value, and
+.Xr feof 3
+may or may not return
+a non-zero value.
+.El
+.Sh SEE ALSO
+.Xr openpam_readline 3 ,
+.Xr openpam_readword 3 ,
+.Xr pam 3
+.Sh STANDARDS
+The
+.Fn openpam_readlinev
+function is an OpenPAM extension.
+.Sh AUTHORS
+The
+.Fn openpam_readlinev
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_readword.3 b/doc/man/openpam_readword.3
new file mode 100644
index 000000000000..6f5f58d34b7c
--- /dev/null
+++ b/doc/man/openpam_readword.3
@@ -0,0 +1,152 @@
+.\"-
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd May 26, 2012
+.Dt OPENPAM_READWORD 3
+.Os
+.Sh NAME
+.Nm openpam_readword
+.Nd read a word from a file, respecting shell quoting rules
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In sys/types.h
+.In stdio.h
+.In security/pam_appl.h
+.In security/openpam.h
+.Ft "char *"
+.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp"
+.Sh DESCRIPTION
+The
+.Fn openpam_readword
+function reads the next word from a file, and
+returns it in a NUL-terminated buffer allocated with
+.Xr malloc 3 .
+.Pp
+A word is a sequence of non-whitespace characters.
+However, whitespace characters can be included in a word if quoted or
+escaped according to the following rules:
+.Bl -bullet
+.It
+An unescaped single or double quote introduces a quoted string,
+which ends when the same quote character is encountered a second
+time.
+The quotes themselves are stripped.
+.It
+Within a single- or double-quoted string, all whitespace characters,
+including the newline character, are preserved as-is.
+.It
+Outside a quoted string, a backslash escapes the next character,
+which is preserved as-is, unless that character is a newline, in
+which case it is discarded and reading continues at the beginning of
+the next line as if the backslash and newline had not been there.
+In all cases, the backslash itself is discarded.
+.It
+Within a single-quoted string, double quotes and backslashes are
+preserved as-is.
+.It
+Within a double-quoted string, a single quote is preserved as-is,
+and a backslash is preserved as-is unless used to escape a double
+quote.
+.El
+.Pp
+In addition, if the first non-whitespace character on the line is a
+hash character (#), the rest of the line is discarded.
+If a hash character occurs within a word, however, it is preserved
+as-is.
+A backslash at the end of a comment does cause line continuation.
+.Pp
+If
+.Fa lineno
+is not
+.Dv NULL ,
+the integer variable it points to is
+incremented every time a quoted or escaped newline character is read.
+.Pp
+If
+.Fa lenp
+is not
+.Dv NULL ,
+the length of the word (after quotes and
+backslashes have been removed) is stored in the variable it points to.
+.Sh RETURN VALUES
+If successful, the
+.Fn openpam_readword
+function returns a pointer to a
+dynamically allocated NUL-terminated string containing the first word
+encountered on the line.
+.Pp
+The caller is responsible for releasing the returned buffer by passing
+it to
+.Xr free 3 .
+.Pp
+If
+.Fn openpam_readword
+reaches the end of the line or file before any
+characters are copied to the word, it returns
+.Dv NULL .
+In the former
+case, the newline is pushed back to the file.
+.Pp
+If
+.Fn openpam_readword
+reaches the end of the file while a quote or
+backslash escape is in effect, it sets
+.Va errno
+to
+.Dv EINVAL
+and returns
+.Dv NULL .
+.Sh IMPLEMENTATION NOTES
+The parsing rules are intended to be equivalent to the normal POSIX
+shell quoting rules.
+Any discrepancy is a bug and should be reported to the author along
+with sample input that can be used to reproduce the error.
+.Pp
+.Sh SEE ALSO
+.Xr openpam_readline 3 ,
+.Xr openpam_readlinev 3 ,
+.Xr pam 3
+.Sh STANDARDS
+The
+.Fn openpam_readword
+function is an OpenPAM extension.
+.Sh AUTHORS
+The
+.Fn openpam_readword
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_restore_cred.3 b/doc/man/openpam_restore_cred.3
index 12ff8b823af8..d088ded59180 100644
--- a/doc/man/openpam_restore_cred.3
+++ b/doc/man/openpam_restore_cred.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_RESTORE_CRED 3
.Os
.Sh NAME
@@ -50,13 +50,13 @@
.Fn openpam_restore_cred "pam_handle_t *pamh"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_restore_cred
function restores the credentials saved by
.Xr openpam_borrow_cred 3 .
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_restore_cred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_NO_MODULE_DATA
@@ -73,15 +73,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_restore_cred
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_restore_cred
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_set_feature.3 b/doc/man/openpam_set_feature.3
new file mode 100644
index 000000000000..8356dec6118f
--- /dev/null
+++ b/doc/man/openpam_set_feature.3
@@ -0,0 +1,87 @@
+.\"-
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd May 26, 2012
+.Dt OPENPAM_SET_FEATURE 3
+.Os
+.Sh NAME
+.Nm openpam_set_feature
+.Nd enable or disable an optional feature
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In sys/types.h
+.In security/pam_appl.h
+.In security/openpam.h
+.Ft "int"
+.Fn openpam_set_feature "int feature" "int onoff"
+.Sh DESCRIPTION
+.Bf Sy
+This function is experimental and may be modified or removed in a future release without further warning.
+.Ef
+.Pp
+The
+.Fn openpam_set_feature
+function sets the state of the specified
+feature to the value specified by the
+.Fa onoff
+argument.
+See
+.Xr openpam_get_feature 3
+for a list of recognized features.
+.Pp
+.Sh RETURN VALUES
+The
+.Fn openpam_set_feature
+function returns one of the following values:
+.Bl -tag -width 18n
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
+.El
+.Sh SEE ALSO
+.Xr openpam_get_feature 3 ,
+.Xr pam 3 ,
+.Xr pam_strerror 3
+.Sh STANDARDS
+The
+.Fn openpam_set_feature
+function is an OpenPAM extension.
+.Sh AUTHORS
+The
+.Fn openpam_set_feature
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_set_option.3 b/doc/man/openpam_set_option.3
index f186c000d8b1..b1e2267c99b3 100644
--- a/doc/man/openpam_set_option.3
+++ b/doc/man/openpam_set_option.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME
@@ -50,13 +50,13 @@
.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_set_option
function sets the specified option in the
context of the currently executing service module.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_set_option
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -70,15 +70,15 @@ System error.
.Xr pam_strerror 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_set_option
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_set_option
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/openpam_straddch.3 b/doc/man/openpam_straddch.3
new file mode 100644
index 000000000000..c55582477ed5
--- /dev/null
+++ b/doc/man/openpam_straddch.3
@@ -0,0 +1,122 @@
+.\"-
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd May 26, 2012
+.Dt OPENPAM_STRADDCH 3
+.Os
+.Sh NAME
+.Nm openpam_straddch
+.Nd add a character to a string, expanding the buffer if needed
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In sys/types.h
+.In security/pam_appl.h
+.In security/openpam.h
+.Ft "int"
+.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch"
+.Sh DESCRIPTION
+The
+.Fn openpam_straddch
+function appends a character to a dynamically
+allocated NUL-terminated buffer, reallocating the buffer as needed.
+.Pp
+The
+.Fa str
+argument points to a variable containing either a pointer to
+an existing buffer or
+.Dv NULL .
+If the value of the variable pointed to by
+.Fa str
+is
+.Dv NULL ,
+a new buffer
+is allocated.
+.Pp
+The
+.Fa size
+and
+.Fa len
+argument point to variables used to hold the size
+of the buffer and the length of the string it contains, respectively.
+.Pp
+If a new buffer is allocated or an existing buffer is reallocated to
+make room for the additional character,
+.Fa str
+and
+.Fa size
+are updated
+accordingly.
+.Pp
+The
+.Fn openpam_straddch
+function ensures that the buffer is always
+NUL-terminated.
+.Pp
+If the
+.Fn openpam_straddch
+function is successful, it increments the
+integer variable pointed to by
+.Fa len
+and returns 0.
+Otherwise, it leaves the variables pointed to by
+.Fa str ,
+.Fa size
+and
+.Fa len
+unmodified, sets
+.Va errno
+to
+.Dv ENOMEM
+and returns -1.
+.Pp
+.Sh RETURN VALUES
+The
+.Fn openpam_straddch
+function returns 0 on success and -1 on failure.
+.Sh SEE ALSO
+.Xr pam 3 ,
+.Xr pam_strerror 3
+.Sh STANDARDS
+The
+.Fn openpam_straddch
+function is an OpenPAM extension.
+.Sh AUTHORS
+The
+.Fn openpam_straddch
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_subst.3 b/doc/man/openpam_subst.3
index 565b3e07091d..47297c92ccec 100644
--- a/doc/man/openpam_subst.3
+++ b/doc/man/openpam_subst.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_SUBST 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_subst
function expands a string, substituting PAM item
values for all occurrences of specific substitution codes.
The
@@ -73,12 +73,12 @@ string,
.Fa bufsize
is updated to reflect the amount of space required to
hold the entire string, and
-.Nm
+.Fn openpam_subst
returns
.Dv PAM_TRY_AGAIN .
.Pp
If
-.Nm
+.Fn openpam_subst
fails for any other reason, the
.Fa bufsize
argument is
@@ -112,10 +112,9 @@ Replaced by the current value of the
.Dv PAM_USER
item.
.El
-.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_subst
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYSTEM_ERR
@@ -131,12 +130,11 @@ Try again.
.Xr pam_strerror 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_subst
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
-.Fx
-Project by
-.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
+.Fn openpam_subst
+function and this manual page were
+developed by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/openpam_ttyconv.3 b/doc/man/openpam_ttyconv.3
index b2cd9d9dc94e..3e97cb4b3d68 100644
--- a/doc/man/openpam_ttyconv.3
+++ b/doc/man/openpam_ttyconv.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Sh DESCRIPTION
The
-.Nm
+.Fn openpam_ttyconv
function is a standard conversation function
suitable for use on TTY devices.
It should be adequate for the needs of most text-based interactive
programs.
.Pp
The
-.Nm
+.Fn openpam_ttyconv
function allows the application to specify a
timeout for user input by setting the global integer variable
.Va openpam_ttyconv_timeout
@@ -65,7 +65,7 @@ to the length of the timeout in seconds.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn openpam_ttyconv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -83,15 +83,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
-.Nm
+.Fn openpam_ttyconv
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn openpam_ttyconv
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam.3 b/doc/man/pam.3
index 11befcda528f..196a3c75cb90 100644
--- a/doc/man/pam.3
+++ b/doc/man/pam.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM 3
.Os
.Sh NAME
@@ -291,3 +291,6 @@ Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
+.Pp
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/pam.conf.5 b/doc/man/pam.conf.5
index 3669f927f988..d5f80d57a181 100644
--- a/doc/man/pam.conf.5
+++ b/doc/man/pam.conf.5
@@ -26,9 +26,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: pam.conf.5 485 2011-11-03 16:57:37Z des $
+.\" $Id: pam.conf.5 610 2012-05-26 14:03:45Z des $
.\"
-.Dd November 3, 2011
+.Dd May 26, 2012
.Dt PAM.CONF 5
.Os
.Sh NAME
@@ -50,7 +50,7 @@ decreasing order of preference:
.Pp
If none of these locations contains a policy for the given service,
the
-.Dv default
+.Dq Dv other
policy is used instead, if it exists.
.Pp
Entries in per-service policy files must be of one of the two forms
@@ -177,5 +177,5 @@ DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Pp
-This manual page was written by
-.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3
index 94100484fb35..f79c4646c4c5 100644
--- a/doc/man/pam_acct_mgmt.3
+++ b/doc/man/pam_acct_mgmt.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_acct_mgmt
function verifies and enforces account restrictions
after the user has been authenticated.
.Pp
@@ -65,12 +65,12 @@ Fail if the user's authentication token is null.
.El
.Pp
If any other bits are set,
-.Nm
+.Fn pam_acct_mgmt
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_acct_mgmt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -104,11 +104,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_acct_mgmt
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3
index 8263280f0977..c521a388ba26 100644
--- a/doc/man/pam_authenticate.3
+++ b/doc/man/pam_authenticate.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME
@@ -49,14 +49,14 @@
.Fn pam_authenticate "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_authenticate
function attempts to authenticate the user
associated with the pam context specified by the
.Fa pamh
argument.
.Pp
The application is free to call
-.Nm
+.Fn pam_authenticate
as many times as it
wishes, but some modules may maintain an internal retry counter and
return
@@ -75,12 +75,12 @@ Fail if the user's authentication token is null.
.El
.Pp
If any other bits are set,
-.Nm
+.Fn pam_authenticate
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_authenticate
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -118,11 +118,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_authenticate
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3
index 5823866928b1..11647e7ad0b2 100644
--- a/doc/man/pam_chauthtok.3
+++ b/doc/man/pam_chauthtok.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_chauthtok "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_chauthtok
function attempts to change the authentication token
for the user associated with the pam context specified by the
.Fa pamh
@@ -67,12 +67,12 @@ Change only those authentication tokens that have expired.
.El
.Pp
If any other bits are set,
-.Nm
+.Fn pam_chauthtok
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_chauthtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -110,11 +110,11 @@ Try again.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_chauthtok
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_close_session.3 b/doc/man/pam_close_session.3
index 43e4b0392ce1..dba62e816afe 100644
--- a/doc/man/pam_close_session.3
+++ b/doc/man/pam_close_session.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_close_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_close_session
function tears down the user session previously
set up by
.Xr pam_open_session 3 .
@@ -64,12 +64,12 @@ Do not emit any messages.
.El
.Pp
If any other bits are set,
-.Nm
+.Fn pam_close_session
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_close_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -100,11 +100,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_close_session
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3
index 6b6e697b0632..a1b121b101c1 100644
--- a/doc/man/pam_conv.3
+++ b/doc/man/pam_conv.3
@@ -32,9 +32,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: pam_conv.3 437 2011-09-13 12:00:13Z des $
+.\" $Id: pam_conv.3 610 2012-05-26 14:03:45Z des $
.\"
-.Dd June 16, 2005
+.Dd May 26, 2012
.Dt PAM_CONV 3
.Os
.Sh NAME
@@ -181,3 +181,6 @@ the Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
+.Pp
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\(/orgrav Aq des@des.no .
diff --git a/doc/man/pam_end.3 b/doc/man/pam_end.3
index 66e2871c0da2..0d669125beab 100644
--- a/doc/man/pam_end.3
+++ b/doc/man/pam_end.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_END 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_end "pam_handle_t *pamh" "int status"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_end
function terminates a PAM transaction and destroys the
corresponding PAM context, releasing all resources allocated to it.
.Pp
@@ -57,11 +57,10 @@ The
.Fa status
argument should be set to the error code returned by the
last API call before the call to
-.Nm
-.
+.Fn pam_end .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_end
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYSTEM_ERR
@@ -77,11 +76,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_end
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3
index c957409c8b83..6767772b574b 100644
--- a/doc/man/pam_error.3
+++ b/doc/man/pam_error.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_ERROR 3
.Os
.Sh NAME
@@ -49,13 +49,13 @@
.Fn pam_error "const pam_handle_t *pamh" "const char *fmt" "..."
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_error
function displays an error message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_error
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -73,15 +73,15 @@ System error.
.Xr pam_verror 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_error
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_error
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_get_authtok.3 b/doc/man/pam_get_authtok.3
index 7f0c8049aac9..84c133dd52a3 100644
--- a/doc/man/pam_get_authtok.3
+++ b/doc/man/pam_get_authtok.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_get_authtok
function returns the cached authentication token,
or prompts the user if no token is currently cached.
Either way, a pointer to the authentication token is stored in the
@@ -89,7 +89,7 @@ before it is
passed to the conversation function.
.Pp
If
-.Nm
+.Fn pam_get_authtok
is called from a module and the
.Dv authtok_prompt
/
@@ -110,17 +110,17 @@ is set to
and there is a non-null
.Dv PAM_OLDAUTHTOK
item,
-.Nm
+.Fn pam_get_authtok
will ask the user to confirm the new token by
retyping it.
If there is a mismatch,
-.Nm
+.Fn pam_get_authtok
will return
.Dv PAM_TRY_AGAIN .
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_get_authtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -140,15 +140,15 @@ Try again.
.Xr pam_strerror 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_get_authtok
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_get_authtok
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_get_data.3 b/doc/man/pam_get_data.3
index 49fae056cf01..db4b723cf7aa 100644
--- a/doc/man/pam_get_data.3
+++ b/doc/man/pam_get_data.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GET_DATA 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_get_data "const pam_handle_t *pamh" "const char *module_data_name" "const void **data"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_get_data
function looks up the opaque object associated with
the string specified by the
.Fa module_data_name
@@ -61,7 +61,7 @@ A pointer to the object is stored in the location pointed to by the
.Fa data
argument.
If
-.Nm
+.Fn pam_get_data
fails, the
.Fa data
argument is untouched.
@@ -72,7 +72,7 @@ are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_get_data
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_NO_MODULE_DATA
@@ -91,11 +91,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_get_data
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3
index 1244a77a9ee3..aaa1badd7f7f 100644
--- a/doc/man/pam_get_item.3
+++ b/doc/man/pam_get_item.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_get_item "const pam_handle_t *pamh" "int item_type" "const void **item"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_get_item
function stores a pointer to the item specified by
the
.Fa item_type
@@ -60,7 +60,7 @@ The item is retrieved from the PAM context specified by the
.Fa pamh
argument.
If
-.Nm
+.Fn pam_get_item
fails, the
.Fa item
argument is untouched.
@@ -107,7 +107,7 @@ for a description of
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_get_item
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_SYMBOL_ERR
@@ -127,11 +127,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_get_item
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_get_user.3 b/doc/man/pam_get_user.3
index 8f3b426a6619..448f41898b86 100644
--- a/doc/man/pam_get_user.3
+++ b/doc/man/pam_get_user.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GET_USER 3
.Os
.Sh NAME
@@ -49,13 +49,13 @@
.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_get_user
function returns the name of the target user, as
specified to
.Xr pam_start 3 .
If no user was specified, nor set using
.Xr pam_set_item 3 ,
-.Nm
+.Fn pam_get_user
will prompt for a user name.
Either way, a pointer to the user name is stored in the location
pointed to by the
@@ -80,7 +80,7 @@ before it is
passed to the conversation function.
.Pp
If
-.Nm
+.Fn pam_get_user
is called from a module and the
.Dv user_prompt
option is
@@ -93,7 +93,7 @@ item.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_get_user
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -118,11 +118,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_get_user
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3
index ebd2992f1e94..1f0df73f2db2 100644
--- a/doc/man/pam_getenv.3
+++ b/doc/man/pam_getenv.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GETENV 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_getenv
function returns the value of an environment variable.
Its semantics are similar to those of
.Xr getenv 3 ,
@@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_getenv
function returns
.Dv NULL
on failure.
@@ -75,11 +75,11 @@ on failure.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_getenv
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3
index a034c8e3cc04..9af378459b44 100644
--- a/doc/man/pam_getenvlist.3
+++ b/doc/man/pam_getenvlist.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_getenvlist "pam_handle_t *pamh"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_getenvlist
function returns a copy of the given PAM context's
environment list as a pointer to an array of strings.
The last element in the array is
@@ -77,7 +77,7 @@ after use:
.Ed
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_getenvlist
function returns
.Dv NULL
on failure.
@@ -96,11 +96,11 @@ on failure.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_getenvlist
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3
index 08bf200de530..c08b5748c6e2 100644
--- a/doc/man/pam_info.3
+++ b/doc/man/pam_info.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_INFO 3
.Os
.Sh NAME
@@ -49,13 +49,13 @@
.Fn pam_info "const pam_handle_t *pamh" "const char *fmt" "..."
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_info
function displays an informational message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_info
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -73,15 +73,15 @@ System error.
.Xr pam_vinfo 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_info
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_info
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_open_session.3 b/doc/man/pam_open_session.3
index 13811c7d2977..1cde0e43712d 100644
--- a/doc/man/pam_open_session.3
+++ b/doc/man/pam_open_session.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_open_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_open_session
sets up a user session for a previously
authenticated user.
The session should later be torn down by a call to
@@ -65,12 +65,12 @@ Do not emit any messages.
.El
.Pp
If any other bits are set,
-.Nm
+.Fn pam_open_session
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_open_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -101,11 +101,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_open_session
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3
index 20574f2321eb..0ff7742b7fc7 100644
--- a/doc/man/pam_prompt.3
+++ b/doc/man/pam_prompt.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_PROMPT 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_prompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_prompt
function constructs a message from the specified format
string and arguments and passes it to the given PAM context's
conversation function.
@@ -67,7 +67,7 @@ for further details.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_prompt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -85,15 +85,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_prompt
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_prompt
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3
index e69816a0b767..4e9c6938e69e 100644
--- a/doc/man/pam_putenv.3
+++ b/doc/man/pam_putenv.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_PUTENV 3
.Os
.Sh NAME
@@ -49,8 +49,8 @@
.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue"
.Sh DESCRIPTION
The
-.Nm
-function sets a environment variable.
+.Fn pam_putenv
+function sets an environment variable.
Its semantics are similar to those of
.Xr putenv 3 ,
but it modifies the PAM
@@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_putenv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -80,11 +80,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_putenv
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_set_data.3 b/doc/man/pam_set_data.3
index ce4d63d06142..c02ae2ef6ee4 100644
--- a/doc/man/pam_set_data.3
+++ b/doc/man/pam_set_data.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SET_DATA 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_set_data
function associates a pointer to an opaque object
with an arbitrary string specified by the
.Fa module_data_name
@@ -71,7 +71,7 @@ are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_set_data
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -90,11 +90,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_set_data
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3
index 9f4e78d9aa0f..668c4f39ff0c 100644
--- a/doc/man/pam_set_item.3
+++ b/doc/man/pam_set_item.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_set_item
function sets the item specified by the
.Fa item_type
argument to a copy of the object pointed to by the
@@ -63,7 +63,7 @@ See
for a list of recognized item types.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_set_item
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -84,11 +84,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_set_item
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_setcred.3 b/doc/man/pam_setcred.3
index 1e0a2460028d..a4f82493f7c6 100644
--- a/doc/man/pam_setcred.3
+++ b/doc/man/pam_setcred.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SETCRED 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_setcred "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_setcred
function manages the application's credentials.
.Pp
The
@@ -72,12 +72,12 @@ Refresh credentials.
The latter four are mutually exclusive.
.Pp
If any other bits are set,
-.Nm
+.Fn pam_setcred
will return
.Dv PAM_SYMBOL_ERR .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_setcred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -113,11 +113,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_setcred
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_setenv.3 b/doc/man/pam_setenv.3
index 43906efd1cce..e3b9c131e280 100644
--- a/doc/man/pam_setenv.3
+++ b/doc/man/pam_setenv.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SETENV 3
.Os
.Sh NAME
@@ -49,8 +49,8 @@
.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
.Sh DESCRIPTION
The
-.Nm
-function sets a environment variable.
+.Fn pam_setenv
+function sets an environment variable.
Its semantics are similar to those of
.Xr setenv 3 ,
but it modifies the PAM
@@ -58,7 +58,7 @@ context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_setenv
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -75,15 +75,15 @@ System error.
.Xr setenv 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_setenv
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_setenv
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_acct_mgmt.3 b/doc/man/pam_sm_acct_mgmt.3
index 22e1980d8e8f..35dd05bb5c0f 100644
--- a/doc/man/pam_sm_acct_mgmt.3
+++ b/doc/man/pam_sm_acct_mgmt.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_acct_mgmt
function is the service module's implementation
of the
.Xr pam_acct_mgmt 3
API function.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_acct_mgmt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -94,11 +94,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_acct_mgmt
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_authenticate.3 b/doc/man/pam_sm_authenticate.3
index e41a70ab0c4c..4c27bb76019e 100644
--- a/doc/man/pam_sm_authenticate.3
+++ b/doc/man/pam_sm_authenticate.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_authenticate
function is the service module's
implementation of the
.Xr pam_authenticate 3
API function.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_authenticate
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -96,11 +96,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_authenticate
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_chauthtok.3 b/doc/man/pam_sm_chauthtok.3
index bc3f461b7a50..8e28b05f9919 100644
--- a/doc/man/pam_sm_chauthtok.3
+++ b/doc/man/pam_sm_chauthtok.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME
@@ -50,7 +50,7 @@
.Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_chauthtok
function is the service module's implementation
of the
.Xr pam_chauthtok 3
@@ -67,7 +67,7 @@ with the
flag set.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_chauthtok
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -106,11 +106,11 @@ Try again.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_chauthtok
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_close_session.3 b/doc/man/pam_sm_close_session.3
index 3b1f57e075bc..bfb5d87ee323 100644
--- a/doc/man/pam_sm_close_session.3
+++ b/doc/man/pam_sm_close_session.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_close_session
function is the service module's
implementation of the
.Xr pam_close_session 3
API function.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_close_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -88,11 +88,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_close_session
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_open_session.3 b/doc/man/pam_sm_open_session.3
index cdfe4d412557..b92fb45b1b10 100644
--- a/doc/man/pam_sm_open_session.3
+++ b/doc/man/pam_sm_open_session.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_open_session
function is the service module's
implementation of the
.Xr pam_open_session 3
API function.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_open_session
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -88,11 +88,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_open_session
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_sm_setcred.3 b/doc/man/pam_sm_setcred.3
index 6d5c52fc1690..19b192e21785 100644
--- a/doc/man/pam_sm_setcred.3
+++ b/doc/man/pam_sm_setcred.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME
@@ -50,14 +50,14 @@
.Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_sm_setcred
function is the service module's implementation of
the
.Xr pam_setcred 3
API function.
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_sm_setcred
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
@@ -94,11 +94,11 @@ Unknown user.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_sm_setcred
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_start.3 b/doc/man/pam_start.3
index eaa9f0571c67..4e28d3e57bf4 100644
--- a/doc/man/pam_start.3
+++ b/doc/man/pam_start.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_START 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_start
function creates and initializes a PAM context.
.Pp
The
@@ -78,7 +78,7 @@ for details.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_start
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -99,11 +99,11 @@ System error.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_start
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3
index 900310284835..5b24b68e8a07 100644
--- a/doc/man/pam_strerror.3
+++ b/doc/man/pam_strerror.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_STRERROR 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_strerror "const pam_handle_t *pamh" "int error_number"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_strerror
function returns a pointer to a string containing a
textual description of the error indicated by the
.Fa error_number
@@ -64,7 +64,7 @@ or
.Dv NULL .
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_strerror
function returns
.Dv NULL
on failure.
@@ -78,11 +78,11 @@ on failure.
.Re
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_strerror
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_verror.3 b/doc/man/pam_verror.3
index 4987da30f988..d4a8cc54862e 100644
--- a/doc/man/pam_verror.3
+++ b/doc/man/pam_verror.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_VERROR 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_verror "const pam_handle_t *pamh" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_verror
function passes its arguments to
.Xr pam_vprompt 3
with a
@@ -59,7 +59,7 @@ and discards the response.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_verror
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -77,15 +77,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_verror
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_verror
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_vinfo.3 b/doc/man/pam_vinfo.3
index c2ac5b0c4d39..3e10b508a9c1 100644
--- a/doc/man/pam_vinfo.3
+++ b/doc/man/pam_vinfo.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_VINFO 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_vinfo "const pam_handle_t *pamh" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_vinfo
function passes its arguments to
.Xr pam_vprompt 3
with a
@@ -59,7 +59,7 @@ and discards the response.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_vinfo
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -77,15 +77,15 @@ System error.
.Xr pam_vprompt 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_vinfo
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_vinfo
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/doc/man/pam_vprompt.3 b/doc/man/pam_vprompt.3
index 381008d7a99e..c3d8b325827b 100644
--- a/doc/man/pam_vprompt.3
+++ b/doc/man/pam_vprompt.3
@@ -34,7 +34,7 @@
.\"
.\" $Id$
.\"
-.Dd December 18, 2011
+.Dd May 26, 2012
.Dt PAM_VPROMPT 3
.Os
.Sh NAME
@@ -49,7 +49,7 @@
.Fn pam_vprompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
The
-.Nm
+.Fn pam_vprompt
function constructs a string from the
.Fa fmt
and
@@ -93,7 +93,7 @@ If they do, they may be truncated.
.Pp
.Sh RETURN VALUES
The
-.Nm
+.Fn pam_vprompt
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
@@ -114,15 +114,15 @@ System error.
.Xr vsnprintf 3
.Sh STANDARDS
The
-.Nm
+.Fn pam_vprompt
function is an OpenPAM extension.
.Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
+.Fn pam_vprompt
+function and this manual page were
+developed for the
.Fx
-Project by
-ThinkSec AS and Network Associates Laboratories, the
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
diff --git a/include/security/openpam.h b/include/security/openpam.h
index 0c896a480a96..4ba8b95fa0fc 100644
--- a/include/security/openpam.h
+++ b/include/security/openpam.h
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam.h 455 2011-10-29 18:31:11Z des $
+ * $Id: openpam.h 605 2012-04-20 11:05:10Z des $
*/
#ifndef SECURITY_OPENPAM_H_INCLUDED
@@ -157,12 +157,49 @@ openpam_readline(FILE *_f,
int *_lineno,
size_t *_lenp)
OPENPAM_NONNULL((1));
+
+char **
+openpam_readlinev(FILE *_f,
+ int *_lineno,
+ int *_lenp)
+ OPENPAM_NONNULL((1));
+
+char *
+openpam_readword(FILE *_f,
+ int *_lineno,
+ size_t *_lenp)
+ OPENPAM_NONNULL((1));
#endif
+int
+openpam_straddch(char **_str,
+ size_t *_sizep,
+ size_t *_lenp,
+ int ch)
+ OPENPAM_NONNULL((1));
+
+/*
+ * Enable / disable optional features
+ */
+enum {
+ OPENPAM_RESTRICT_SERVICE_NAME,
+ OPENPAM_VERIFY_POLICY_FILE,
+ OPENPAM_RESTRICT_MODULE_NAME,
+ OPENPAM_VERIFY_MODULE_FILE,
+ OPENPAM_NUM_FEATURES
+};
+
+int
+openpam_set_feature(int _feature, int _onoff);
+
+int
+openpam_get_feature(int _feature, int *_onoff);
+
/*
* Log levels
*/
enum {
+ PAM_LOG_LIBDEBUG = -1,
PAM_LOG_DEBUG,
PAM_LOG_VERBOSE,
PAM_LOG_NOTICE,
@@ -196,8 +233,8 @@ _openpam_log(int _level,
void
openpam_log(int _level,
const char *_format,
- ...)
- OPENPAM_FORMAT ((__printf__, 2, 3))
+ ...)
+ OPENPAM_FORMAT ((__printf__, 2, 3))
OPENPAM_NONNULL((2));
#endif
diff --git a/include/security/openpam_version.h b/include/security/openpam_version.h
index ed1c1de69f50..d50d91368954 100644
--- a/include/security/openpam_version.h
+++ b/include/security/openpam_version.h
@@ -32,14 +32,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_version.h 505 2011-12-18 14:13:08Z des $
+ * $Id: openpam_version.h 609 2012-05-26 13:57:45Z des $
*/
#ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
#define SECURITY_OPENPAM_VERSION_H_INCLUDED
#define OPENPAM
-#define OPENPAM_VERSION 20111218
-#define OPENPAM_RELEASE "Lycopsida"
+#define OPENPAM_VERSION 20120526
+#define OPENPAM_RELEASE "Micrampelis"
#endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 3a2e60ec8c7b..9ce2d2f5bc1e 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $
+# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $
NULL =
@@ -8,8 +8,11 @@ lib_LTLIBRARIES = libpam.la
noinst_HEADERS = \
openpam_constants.h \
+ openpam_ctype.h \
openpam_debug.h \
+ openpam_features.h \
openpam_impl.h \
+ openpam_strlcat.h \
openpam_strlcmp.h \
openpam_strlcpy.h
@@ -20,17 +23,23 @@ libpam_la_SOURCES = \
openpam_constants.c \
openpam_dispatch.c \
openpam_dynamic.c \
+ openpam_features.c \
openpam_findenv.c \
openpam_free_data.c \
openpam_free_envlist.c \
+ openpam_get_feature.c \
openpam_get_option.c \
openpam_load.c \
openpam_log.c \
openpam_nullconv.c \
openpam_readline.c \
+ openpam_readlinev.c \
+ openpam_readword.c \
openpam_restore_cred.c \
openpam_set_option.c \
+ openpam_set_feature.c \
openpam_static.c \
+ openpam_straddch.c \
openpam_subst.c \
openpam_ttyconv.c \
pam_acct_mgmt.c \
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 0052ce286e3e..353fbaba9b64 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -15,7 +15,7 @@
@SET_MAKE@
-# $Id: Makefile.am 499 2011-11-22 11:51:50Z des $
+# $Id: Makefile.am 602 2012-04-15 17:31:15Z des $
VPATH = @srcdir@
@@ -76,11 +76,13 @@ am__objects_1 =
am_libpam_la_OBJECTS = openpam_borrow_cred.lo \
openpam_check_owner_perms.lo openpam_configure.lo \
openpam_constants.lo openpam_dispatch.lo openpam_dynamic.lo \
- openpam_findenv.lo openpam_free_data.lo \
- openpam_free_envlist.lo openpam_get_option.lo openpam_load.lo \
- openpam_log.lo openpam_nullconv.lo openpam_readline.lo \
- openpam_restore_cred.lo openpam_set_option.lo \
- openpam_static.lo openpam_subst.lo openpam_ttyconv.lo \
+ openpam_features.lo openpam_findenv.lo openpam_free_data.lo \
+ openpam_free_envlist.lo openpam_get_feature.lo \
+ openpam_get_option.lo openpam_load.lo openpam_log.lo \
+ openpam_nullconv.lo openpam_readline.lo openpam_readlinev.lo \
+ openpam_readword.lo openpam_restore_cred.lo \
+ openpam_set_option.lo openpam_set_feature.lo openpam_static.lo \
+ openpam_straddch.lo openpam_subst.lo openpam_ttyconv.lo \
pam_acct_mgmt.lo pam_authenticate.lo pam_chauthtok.lo \
pam_close_session.lo pam_end.lo pam_error.lo \
pam_get_authtok.lo pam_get_data.lo pam_get_item.lo \
@@ -234,8 +236,11 @@ INCLUDES = -I$(top_srcdir)/include
lib_LTLIBRARIES = libpam.la
noinst_HEADERS = \
openpam_constants.h \
+ openpam_ctype.h \
openpam_debug.h \
+ openpam_features.h \
openpam_impl.h \
+ openpam_strlcat.h \
openpam_strlcmp.h \
openpam_strlcpy.h
@@ -246,17 +251,23 @@ libpam_la_SOURCES = \
openpam_constants.c \
openpam_dispatch.c \
openpam_dynamic.c \
+ openpam_features.c \
openpam_findenv.c \
openpam_free_data.c \
openpam_free_envlist.c \
+ openpam_get_feature.c \
openpam_get_option.c \
openpam_load.c \
openpam_log.c \
openpam_nullconv.c \
openpam_readline.c \
+ openpam_readlinev.c \
+ openpam_readword.c \
openpam_restore_cred.c \
openpam_set_option.c \
+ openpam_set_feature.c \
openpam_static.c \
+ openpam_straddch.c \
openpam_subst.c \
openpam_ttyconv.c \
pam_acct_mgmt.c \
@@ -387,17 +398,23 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_constants.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dispatch.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_dynamic.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_features.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_findenv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_data.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_free_envlist.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_feature.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_get_option.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_load.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_log.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_nullconv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readline.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readlinev.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_readword.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_restore_cred.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_feature.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_set_option.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_static.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_straddch.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_subst.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openpam_ttyconv.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_acct_mgmt.Plo@am__quote@
diff --git a/lib/openpam_check_owner_perms.c b/lib/openpam_check_owner_perms.c
index 9d64ed6e8b3a..d3b2ca98596b 100644
--- a/lib/openpam_check_owner_perms.c
+++ b/lib/openpam_check_owner_perms.c
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des $
+ * $Id: openpam_check_owner_perms.c 543 2012-03-31 22:11:34Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -67,6 +70,12 @@ openpam_check_desc_owner_perms(const char *name, int fd)
errno = serrno;
return (-1);
}
+ if (!S_ISREG(sb.st_mode)) {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: not a regular file", name);
+ errno = EINVAL;
+ return (-1);
+ }
if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
(sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
openpam_log(PAM_LOG_ERROR,
@@ -84,7 +93,7 @@ openpam_check_desc_owner_perms(const char *name, int fd)
* up to it are owned by either root or the arbitrator and that they are
* not writable by group or other.
*
- * Note that openpam_check_file_owner_perms() should be used instead if
+ * Note that openpam_check_desc_owner_perms() should be used instead if
* possible to avoid a race between the ownership / permission check and
* the actual open().
*/
@@ -95,8 +104,9 @@ openpam_check_path_owner_perms(const char *path)
uid_t root, arbitrator;
char pathbuf[PATH_MAX];
struct stat sb;
- int len, serrno;
+ int len, serrno, tip;
+ tip = 1;
root = 0;
arbitrator = geteuid();
if (realpath(path, pathbuf) == NULL)
@@ -111,6 +121,12 @@ openpam_check_path_owner_perms(const char *path)
}
return (-1);
}
+ if (tip && !S_ISREG(sb.st_mode)) {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: not a regular file", pathbuf);
+ errno = EINVAL;
+ return (-1);
+ }
if ((sb.st_uid != root && sb.st_uid != arbitrator) ||
(sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
openpam_log(PAM_LOG_ERROR,
@@ -120,6 +136,7 @@ openpam_check_path_owner_perms(const char *path)
}
while (--len > 0 && pathbuf[len] != '/')
pathbuf[len] = '\0';
+ tip = 0;
}
return (0);
}
diff --git a/lib/openpam_configure.c b/lib/openpam_configure.c
index d395565aefd4..778bec899961 100644
--- a/lib/openpam_configure.c
+++ b/lib/openpam_configure.c
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2012 Dag-Erling Smørgrav
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,13 +32,15 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_configure.c 500 2011-11-22 12:07:03Z des $
+ * $Id: openpam_configure.c 601 2012-04-14 20:37:45Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
+#include <sys/param.h>
+
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
@@ -48,389 +50,183 @@
#include <security/pam_appl.h>
#include "openpam_impl.h"
-#include "openpam_strlcmp.h"
+#include "openpam_ctype.h"
+#include "openpam_strlcat.h"
+#include "openpam_strlcpy.h"
static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t);
/*
- * Evaluates to non-zero if the argument is a linear whitespace character.
- */
-#define is_lws(ch) \
- (ch == ' ' || ch == '\t')
-
-/*
- * Evaluates to non-zero if the argument is a printable ASCII character.
- * Assumes that the execution character set is a superset of ASCII.
- */
-#define is_p(ch) \
- (ch >= '!' && ch <= '~')
-
-/*
- * Returns non-zero if the argument belongs to the POSIX Portable Filename
- * Character Set. Assumes that the execution character set is a superset
- * of ASCII.
- */
-#define is_pfcs(ch) \
- ((ch >= '0' && ch <= '9') || \
- (ch >= 'A' && ch <= 'Z') || \
- (ch >= 'a' && ch <= 'z') || \
- ch == '.' || ch == '_' || ch == '-')
-
-/*
- * Parse the service name.
- *
- * Returns the length of the service name, or 0 if the end of the string
- * was reached or a disallowed non-whitespace character was encountered.
+ * Validate a service name.
*
- * If parse_service_name() is successful, it updates *service to point to
- * the first character of the service name and *line to point one
- * character past the end. If it reaches the end of the string, it
- * updates *line to point to the terminating NUL character and leaves
- * *service unmodified. In all other cases, it leaves both *line and
- * *service unmodified.
- *
- * Allowed characters are all characters in the POSIX portable filename
- * character set.
+ * Returns a non-zero value if the argument points to a NUL-terminated
+ * string consisting entirely of characters in the POSIX portable filename
+ * character set, excluding the path separator character.
*/
static int
-parse_service_name(char **line, char **service)
+valid_service_name(const char *name)
{
- char *b, *e;
+ const char *p;
- for (b = *line; *b && is_lws(*b); ++b)
- /* nothing */ ;
- if (!*b) {
- *line = b;
- return (0);
+ if (OPENPAM_FEATURE(RESTRICT_SERVICE_NAME)) {
+ /* path separator not allowed */
+ for (p = name; *p != '\0'; ++p)
+ if (!is_pfcs(*p))
+ return (0);
+ } else {
+ /* path separator allowed */
+ for (p = name; *p != '\0'; ++p)
+ if (!is_pfcs(*p) && *p != '/')
+ return (0);
}
- for (e = b; *e && !is_lws(*e); ++e)
- if (!is_pfcs(*e))
- return (0);
- if (e == b)
- return (0);
- *line = e;
- *service = b;
- return (e - b);
+ return (1);
}
/*
* Parse the facility name.
*
- * Returns the corresponding pam_facility_t value, or -1 if the end of the
- * string was reached, a disallowed non-whitespace character was
- * encountered, or the first word was not a recognized facility name.
- *
- * If parse_facility_name() is successful, it updates *line to point one
- * character past the end of the facility name. If it reaches the end of
- * the string, it updates *line to point to the terminating NUL character.
- * In all other cases, it leaves *line unmodified.
+ * Returns the corresponding pam_facility_t value, or -1 if the argument
+ * is not a valid facility name.
*/
static pam_facility_t
-parse_facility_name(char **line)
+parse_facility_name(const char *name)
{
- char *b, *e;
int i;
- for (b = *line; *b && is_lws(*b); ++b)
- /* nothing */ ;
- if (!*b) {
- *line = b;
- return ((pam_facility_t)-1);
- }
- for (e = b; *e && !is_lws(*e); ++e)
- /* nothing */ ;
- if (e == b)
- return ((pam_facility_t)-1);
for (i = 0; i < PAM_NUM_FACILITIES; ++i)
- if (strlcmp(pam_facility_name[i], b, e - b) == 0)
- break;
- if (i == PAM_NUM_FACILITIES)
- return ((pam_facility_t)-1);
- *line = e;
- return (i);
-}
-
-/*
- * Parse the word "include".
- *
- * If the next word on the line is "include", parse_include() updates
- * *line to point one character past "include" and returns 1. Otherwise,
- * it leaves *line unmodified and returns 0.
- */
-static int
-parse_include(char **line)
-{
- char *b, *e;
-
- for (b = *line; *b && is_lws(*b); ++b)
- /* nothing */ ;
- if (!*b) {
- *line = b;
- return (-1);
- }
- for (e = b; *e && !is_lws(*e); ++e)
- /* nothing */ ;
- if (e == b)
- return (0);
- if (strlcmp("include", b, e - b) != 0)
- return (0);
- *line = e;
- return (1);
+ if (strcmp(pam_facility_name[i], name) == 0)
+ return (i);
+ return ((pam_facility_t)-1);
}
/*
* Parse the control flag.
*
- * Returns the corresponding pam_control_t value, or -1 if the end of the
- * string was reached, a disallowed non-whitespace character was
- * encountered, or the first word was not a recognized control flag.
- *
- * If parse_control_flag() is successful, it updates *line to point one
- * character past the end of the control flag. If it reaches the end of
- * the string, it updates *line to point to the terminating NUL character.
- * In all other cases, it leaves *line unmodified.
+ * Returns the corresponding pam_control_t value, or -1 if the argument is
+ * not a valid control flag name.
*/
static pam_control_t
-parse_control_flag(char **line)
+parse_control_flag(const char *name)
{
- char *b, *e;
int i;
- for (b = *line; *b && is_lws(*b); ++b)
- /* nothing */ ;
- if (!*b) {
- *line = b;
- return ((pam_control_t)-1);
- }
- for (e = b; *e && !is_lws(*e); ++e)
- /* nothing */ ;
- if (e == b)
- return ((pam_control_t)-1);
for (i = 0; i < PAM_NUM_CONTROL_FLAGS; ++i)
- if (strlcmp(pam_control_flag_name[i], b, e - b) == 0)
- break;
- if (i == PAM_NUM_CONTROL_FLAGS)
- return ((pam_control_t)-1);
- *line = e;
- return (i);
+ if (strcmp(pam_control_flag_name[i], name) == 0)
+ return (i);
+ return ((pam_control_t)-1);
}
/*
- * Parse a file name.
- *
- * Returns the length of the file name, or 0 if the end of the string was
- * reached or a disallowed non-whitespace character was encountered.
+ * Validate a file name.
*
- * If parse_filename() is successful, it updates *filename to point to the
- * first character of the filename and *line to point one character past
- * the end. If it reaches the end of the string, it updates *line to
- * point to the terminating NUL character and leaves *filename unmodified.
- * In all other cases, it leaves both *line and *filename unmodified.
- *
- * Allowed characters are all characters in the POSIX portable filename
- * character set, plus the path separator (forward slash).
+ * Returns a non-zero value if the argument points to a NUL-terminated
+ * string consisting entirely of characters in the POSIX portable filename
+ * character set, including the path separator character.
*/
static int
-parse_filename(char **line, char **filename)
+valid_module_name(const char *name)
{
- char *b, *e;
-
- for (b = *line; *b && is_lws(*b); ++b)
- /* nothing */ ;
- if (!*b) {
- *line = b;
- return (0);
- }
- for (e = b; *e && !is_lws(*e); ++e)
- if (!is_pfcs(*e) && *e != '/')
- return (0);
- if (e == b)
- return (0);
- *line = e;
- *filename = b;
- return (e - b);
-}
+ const char *p;
-/*
- * Parse an option.
- *
- * Returns a dynamically allocated string containing the next module
- * option, or NULL if the end of the string was reached or a disallowed
- * non-whitespace character was encountered.
- *
- * If parse_option() is successful, it updates *line to point one
- * character past the end of the option. If it reaches the end of the
- * string, it updates *line to point to the terminating NUL character. In
- * all other cases, it leaves *line unmodified.
- *
- * If parse_option() fails to allocate memory, it will return NULL and set
- * errno to a non-zero value.
- *
- * Allowed characters for option names are all characters in the POSIX
- * portable filename character set. Allowed characters for option values
- * are any printable non-whitespace characters. The option value may be
- * quoted in either single or double quotes, in which case space
- * characters and whichever quote character was not used are allowed.
- * Note that the entire value must be quoted, not just part of it.
- */
-static char *
-parse_option(char **line)
-{
- char *nb, *ne, *vb, *ve;
- unsigned char q = 0;
- char *option;
- size_t size;
-
- errno = 0;
- for (nb = *line; *nb && is_lws(*nb); ++nb)
- /* nothing */ ;
- if (!*nb) {
- *line = nb;
- return (NULL);
- }
- for (ne = nb; *ne && !is_lws(*ne) && *ne != '='; ++ne)
- if (!is_pfcs(*ne))
- return (NULL);
- if (ne == nb)
- return (NULL);
- if (*ne == '=') {
- vb = ne + 1;
- if (*vb == '"' || *vb == '\'')
- q = *vb++;
- for (ve = vb;
- *ve && *ve != q && (is_p(*ve) || (q && is_lws(*ve)));
- ++ve)
- /* nothing */ ;
- if (q && *ve != q)
- /* non-printable character or missing endquote */
- return (NULL);
- if (q && *(ve + 1) && !is_lws(*(ve + 1)))
- /* garbage after value */
- return (NULL);
+ if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME)) {
+ /* path separator not allowed */
+ for (p = name; *p != '\0'; ++p)
+ if (!is_pfcs(*p))
+ return (0);
} else {
- vb = ve = ne;
+ /* path separator allowed */
+ for (p = name; *p != '\0'; ++p)
+ if (!is_pfcs(*p) && *p != '/')
+ return (0);
}
- size = (ne - nb) + 1;
- if (ve > vb)
- size += (ve - vb) + 1;
- if ((option = malloc(size)) == NULL)
- return (NULL);
- strncpy(option, nb, ne - nb);
- if (ve > vb) {
- option[ne - nb] = '=';
- strncpy(option + (ne - nb) + 1, vb, ve - vb);
- }
- option[size - 1] = '\0';
- *line = q ? ve + 1 : ve;
- return (option);
-}
-
-/*
- * Consume trailing whitespace.
- *
- * If there are no non-whitespace characters left on the line, parse_eol()
- * updates *line to point at the terminating NUL character and returns 0.
- * Otherwise, it leaves *line unmodified and returns a non-zero value.
- */
-static int
-parse_eol(char **line)
-{
- char *p;
-
- for (p = *line; *p && is_lws(*p); ++p)
- /* nothing */ ;
- if (*p)
- return ((unsigned char)*p);
- *line = p;
- return (0);
+ return (1);
}
typedef enum { pam_conf_style, pam_d_style } openpam_style_t;
/*
* Extracts given chains from a policy file.
+ *
+ * Returns the number of policy entries which were found for the specified
+ * service and facility, or -1 if a system error occurred or a syntax
+ * error was encountered.
*/
static int
openpam_parse_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility,
+ FILE *f,
const char *filename,
openpam_style_t style)
{
pam_chain_t *this, **next;
pam_facility_t fclt;
pam_control_t ctlf;
- char *line, *str, *name;
- char *option, **optv;
- int len, lineno, ret;
- FILE *f;
+ char *name, *servicename, *modulename;
+ int count, lineno, ret, serrno;
+ char **wordv, *word;
+ int i, wordc;
- if ((f = fopen(filename, "r")) == NULL) {
- openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
- "%s: %m", filename);
- return (PAM_SUCCESS);
- }
- if (openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
- fclose(f);
- return (PAM_SYSTEM_ERR);
- }
+ count = 0;
this = NULL;
name = NULL;
lineno = 0;
- while ((line = openpam_readline(f, &lineno, NULL)) != NULL) {
- /* get service name if necessary */
- if (style == pam_conf_style) {
- if ((len = parse_service_name(&line, &str)) == 0) {
- openpam_log(PAM_LOG_NOTICE,
- "%s(%d): invalid service name (ignored)",
- filename, lineno);
- FREE(line);
- continue;
- }
- if (strlcmp(service, str, len) != 0) {
- FREE(line);
- continue;
- }
+ wordc = 0;
+ wordv = NULL;
+ while ((wordv = openpam_readlinev(f, &lineno, &wordc)) != NULL) {
+ /* blank line? */
+ if (wordc == 0) {
+ FREEV(wordc, wordv);
+ continue;
+ }
+ i = 0;
+
+ /* check service name if necessary */
+ if (style == pam_conf_style &&
+ strcmp(wordv[i++], service) != 0) {
+ FREEV(wordc, wordv);
+ continue;
}
- /* get facility name */
- if ((fclt = parse_facility_name(&line)) == (pam_facility_t)-1) {
+ /* check facility name */
+ if ((word = wordv[i++]) == NULL ||
+ (fclt = parse_facility_name(word)) == (pam_facility_t)-1) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid facility",
filename, lineno);
goto fail;
}
if (facility != fclt && facility != PAM_FACILITY_ANY) {
- FREE(line);
+ FREEV(wordc, wordv);
continue;
}
/* check for "include" */
- if (parse_include(&line)) {
- if ((len = parse_service_name(&line, &str)) == 0) {
+ if ((word = wordv[i++]) != NULL &&
+ strcmp(word, "include") == 0) {
+ if ((servicename = wordv[i++]) == NULL ||
+ !valid_service_name(servicename)) {
openpam_log(PAM_LOG_ERROR,
- "%s(%d): missing or invalid filename",
+ "%s(%d): missing or invalid service name",
filename, lineno);
goto fail;
}
- if ((name = strndup(str, len)) == NULL)
- goto syserr;
- if (parse_eol(&line) != 0) {
+ if (wordv[i] != NULL) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): garbage at end of line",
filename, lineno);
goto fail;
}
- ret = openpam_load_chain(pamh, name, fclt);
- FREE(name);
- if (ret != PAM_SUCCESS)
+ ret = openpam_load_chain(pamh, servicename, fclt);
+ FREEV(wordc, wordv);
+ if (ret < 0)
goto fail;
- FREE(line);
continue;
}
/* get control flag */
- if ((ctlf = parse_control_flag(&line)) == (pam_control_t)-1) {
+ if (word == NULL || /* same word we compared to "include" */
+ (ctlf = parse_control_flag(word)) == (pam_control_t)-1) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid control flag",
filename, lineno);
@@ -438,73 +234,76 @@ openpam_parse_chain(pam_handle_t *pamh,
}
/* get module name */
- if ((len = parse_filename(&line, &str)) == 0) {
+ if ((modulename = wordv[i++]) == NULL ||
+ !valid_module_name(modulename)) {
openpam_log(PAM_LOG_ERROR,
"%s(%d): missing or invalid module name",
filename, lineno);
goto fail;
}
- if ((name = strndup(str, len)) == NULL)
- goto syserr;
/* allocate new entry */
if ((this = calloc(1, sizeof *this)) == NULL)
goto syserr;
this->flag = ctlf;
- /* get module options */
- if ((this->optv = malloc(sizeof *optv)) == NULL)
- goto syserr;
- this->optc = 0;
- while ((option = parse_option(&line)) != NULL) {
- optv = realloc(this->optv,
- (this->optc + 2) * sizeof *optv);
- if (optv == NULL)
- goto syserr;
- this->optv = optv;
- this->optv[this->optc++] = option;
- }
- this->optv[this->optc] = NULL;
- if (*line != '\0') {
- openpam_log(PAM_LOG_ERROR,
- "%s(%d): syntax error in module options",
- filename, lineno);
- goto fail;
- }
-
/* load module */
- this->module = openpam_load_module(name);
- FREE(name);
- if (this->module == NULL)
+ if ((this->module = openpam_load_module(modulename)) == NULL)
goto fail;
+ /*
+ * The remaining items in wordv are the module's
+ * arguments. We could set this->optv = wordv + i, but
+ * then free(this->optv) wouldn't work. Instead, we free
+ * the words we've already consumed, shift the rest up,
+ * and clear the tail end of the array.
+ */
+ this->optc = wordc - i;
+ for (i = 0; i < wordc - this->optc; ++i) {
+ FREE(wordv[i]);
+ wordv[i] = wordv[wordc - this->optc + i];
+ wordv[wordc - this->optc + i] = NULL;
+ }
+ this->optv = wordv;
+ wordv = NULL;
+ wordc = 0;
+
/* hook it up */
for (next = &pamh->chains[fclt]; *next != NULL;
next = &(*next)->next)
/* nothing */ ;
*next = this;
this = NULL;
-
- /* next please... */
- FREE(line);
+ ++count;
}
- if (!feof(f))
+ /*
+ * The loop ended because openpam_readword() returned NULL, which
+ * can happen for four different reasons: an I/O error (ferror(f)
+ * is true), a memory allocation failure (ferror(f) is false,
+ * errno is non-zero)
+ */
+ if (ferror(f) || errno != 0)
goto syserr;
+ if (!feof(f))
+ goto fail;
fclose(f);
- return (PAM_SUCCESS);
+ return (count);
syserr:
+ serrno = errno;
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
+ errno = serrno;
+ /* fall through */
fail:
- if (this && this->optc) {
- while (this->optc--)
- FREE(this->optv[this->optc]);
- FREE(this->optv);
- }
+ serrno = errno;
+ if (this && this->optc && this->optv)
+ FREEV(this->optc, this->optv);
FREE(this);
- FREE(line);
+ FREEV(wordc, wordv);
+ FREE(wordv);
FREE(name);
fclose(f);
- return (PAM_SYSTEM_ERR);
+ errno = serrno;
+ return (-1);
}
static const char *openpam_policy_path[] = {
@@ -516,37 +315,110 @@ static const char *openpam_policy_path[] = {
};
/*
+ * Read the specified chains from the specified file.
+ *
+ * Returns 0 if the file exists but does not contain any matching lines.
+ *
+ * Returns -1 and sets errno to ENOENT if the file does not exist.
+ *
+ * Returns -1 and sets errno to some other non-zero value if the file
+ * exists but is unsafe or unreadable, or an I/O error occurs.
+ */
+static int
+openpam_load_file(pam_handle_t *pamh,
+ const char *service,
+ pam_facility_t facility,
+ const char *filename,
+ openpam_style_t style)
+{
+ FILE *f;
+ int ret, serrno;
+
+ /* attempt to open the file */
+ if ((f = fopen(filename, "r")) == NULL) {
+ serrno = errno;
+ openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_ERROR,
+ "%s: %m", filename);
+ errno = serrno;
+ RETURNN(-1);
+ } else {
+ openpam_log(PAM_LOG_DEBUG, "found %s", filename);
+ }
+
+ /* verify type, ownership and permissions */
+ if (OPENPAM_FEATURE(VERIFY_POLICY_FILE) &&
+ openpam_check_desc_owner_perms(filename, fileno(f)) != 0) {
+ /* already logged the cause */
+ serrno = errno;
+ fclose(f);
+ errno = serrno;
+ RETURNN(-1);
+ }
+
+ /* parse the file */
+ ret = openpam_parse_chain(pamh, service, facility,
+ f, filename, style);
+ RETURNN(ret);
+}
+
+/*
* Locates the policy file for a given service and reads the given chains
* from it.
+ *
+ * Returns the number of policy entries which were found for the specified
+ * service and facility, or -1 if a system error occurred or a syntax
+ * error was encountered.
*/
static int
openpam_load_chain(pam_handle_t *pamh,
const char *service,
pam_facility_t facility)
{
- const char **path;
- char *filename;
+ const char *p, **path;
+ char filename[PATH_MAX];
size_t len;
+ openpam_style_t style;
int ret;
+ ENTERS(facility < 0 ? "any" : pam_facility_name[facility]);
+
+ /* either absolute or relative to cwd */
+ if (strchr(service, '/') != NULL) {
+ if ((p = strrchr(service, '.')) != NULL && strcmp(p, ".conf") == 0)
+ style = pam_conf_style;
+ else
+ style = pam_d_style;
+ ret = openpam_load_file(pamh, service, facility,
+ service, style);
+ RETURNN(ret);
+ }
+
+ /* search standard locations */
for (path = openpam_policy_path; *path != NULL; ++path) {
- len = strlen(*path);
- if ((*path)[len - 1] == '/') {
- if (asprintf(&filename, "%s%s", *path, service) < 0) {
- openpam_log(PAM_LOG_ERROR, "asprintf(): %m");
- return (PAM_BUF_ERR);
+ /* construct filename */
+ len = strlcpy(filename, *path, sizeof filename);
+ if (filename[len - 1] == '/') {
+ len = strlcat(filename, service, sizeof filename);
+ if (len >= sizeof filename) {
+ errno = ENAMETOOLONG;
+ RETURNN(-1);
}
- ret = openpam_parse_chain(pamh, service, facility,
- filename, pam_d_style);
- FREE(filename);
+ style = pam_d_style;
} else {
- ret = openpam_parse_chain(pamh, service, facility,
- *path, pam_conf_style);
+ style = pam_conf_style;
}
- if (ret != PAM_SUCCESS)
- return (ret);
+ ret = openpam_load_file(pamh, service, facility,
+ filename, style);
+ /* the file exists, but an error occurred */
+ if (ret == -1 && errno != ENOENT)
+ RETURNN(ret);
+ /* in pam.d style, an empty file counts as a hit */
+ if (ret == 0 && style == pam_d_style)
+ RETURNN(ret);
}
- return (PAM_SUCCESS);
+
+ /* no hit */
+ RETURNN(0);
}
/*
@@ -560,25 +432,27 @@ openpam_configure(pam_handle_t *pamh,
const char *service)
{
pam_facility_t fclt;
- const char *p;
+ int serrno;
- for (p = service; *p; ++p)
- if (!is_pfcs(*p))
- return (PAM_SYSTEM_ERR);
-
- if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS)
+ ENTERS(service);
+ if (!valid_service_name(service)) {
+ openpam_log(PAM_LOG_ERROR, "invalid service name");
+ RETURNC(PAM_SYSTEM_ERR);
+ }
+ if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
goto load_err;
-
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
if (pamh->chains[fclt] != NULL)
continue;
- if (openpam_load_chain(pamh, PAM_OTHER, fclt) != PAM_SUCCESS)
+ if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
goto load_err;
}
- return (PAM_SUCCESS);
+ RETURNC(PAM_SUCCESS);
load_err:
+ serrno = errno;
openpam_clear_chains(pamh->chains);
- return (PAM_SYSTEM_ERR);
+ errno = serrno;
+ RETURNC(PAM_SYSTEM_ERR);
}
/*
diff --git a/lib/openpam_constants.h b/lib/openpam_constants.h
index b92317938c1d..a7d6ce8dd7d7 100644
--- a/lib/openpam_constants.h
+++ b/lib/openpam_constants.h
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,11 +27,11 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_constants.h 491 2011-11-12 00:12:32Z des $
+ * $Id: openpam_constants.h 606 2012-04-20 11:06:38Z des $
*/
-#ifndef OPENPAM_CONSTANTS_INCLUDED
-#define OPENPAM_CONSTANTS_INCLUDED
+#ifndef OPENPAM_CONSTANTS_H_INCLUDED
+#define OPENPAM_CONSTANTS_H_INCLUDED
extern const char *pam_err_name[PAM_NUM_ERRORS];
extern const char *pam_item_name[PAM_NUM_ITEMS];
diff --git a/lib/openpam_ctype.h b/lib/openpam_ctype.h
new file mode 100644
index 000000000000..b3ec84689970
--- /dev/null
+++ b/lib/openpam_ctype.h
@@ -0,0 +1,68 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_ctype.h 578 2012-04-06 00:45:59Z des $
+ */
+
+#ifndef OPENPAM_CTYPE_H_INCLUDED
+#define OPENPAM_CTYPE_H_INCLUDED
+
+/*
+ * Evaluates to non-zero if the argument is a linear whitespace character.
+ * For the purposes of this macro, the definition of linear whitespace is
+ * extended to include the form feed and carraige return characters.
+ */
+#define is_lws(ch) \
+ (ch == ' ' || ch == '\t' || ch == '\f' || ch == '\r')
+
+/*
+ * Evaluates to non-zero if the argument is a whitespace character.
+ */
+#define is_ws(ch) \
+ (is_lws(ch) || ch == '\n')
+
+/*
+ * Evaluates to non-zero if the argument is a printable ASCII character.
+ * Assumes that the execution character set is a superset of ASCII.
+ */
+#define is_p(ch) \
+ (ch >= '!' && ch <= '~')
+
+/*
+ * Returns non-zero if the argument belongs to the POSIX Portable Filename
+ * Character Set. Assumes that the execution character set is a superset
+ * of ASCII.
+ */
+#define is_pfcs(ch) \
+ ((ch >= '0' && ch <= '9') || \
+ (ch >= 'A' && ch <= 'Z') || \
+ (ch >= 'a' && ch <= 'z') || \
+ ch == '.' || ch == '_' || ch == '-')
+
+#endif
diff --git a/lib/openpam_debug.h b/lib/openpam_debug.h
index ef2884d68255..050783e49369 100644
--- a/lib/openpam_debug.h
+++ b/lib/openpam_debug.h
@@ -32,60 +32,68 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_debug.h 491 2011-11-12 00:12:32Z des $
+ * $Id: openpam_debug.h 606 2012-04-20 11:06:38Z des $
*/
-#ifndef OPENPAM_DEBUG_INCLUDED
-#define OPENPAM_DEBUG_INCLUDED
+#ifndef OPENPAM_DEBUG_H_INCLUDED
+#define OPENPAM_DEBUG_H_INCLUDED
#ifdef OPENPAM_DEBUG
-#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
+#define ENTER() openpam_log(PAM_LOG_LIBDEBUG, "entering")
#define ENTERI(i) do { \
int i_ = (i); \
if (i_ > 0 && i_ < PAM_NUM_ITEMS) \
- openpam_log(PAM_LOG_DEBUG, "entering: %s", pam_item_name[i_]); \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", pam_item_name[i_]); \
else \
- openpam_log(PAM_LOG_DEBUG, "entering: %d", i_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", i_); \
} while (0)
#define ENTERN(n) do { \
int n_ = (n); \
- openpam_log(PAM_LOG_DEBUG, "entering: %d", n_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", n_); \
} while (0)
#define ENTERS(s) do { \
const char *s_ = (s); \
if (s_ == NULL) \
- openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: NULL"); \
else \
- openpam_log(PAM_LOG_DEBUG, "entering: '%s'", s_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: '%s'", s_); \
} while (0)
-#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
+#define ENTERF(f) do { \
+ int f_ = (f); \
+ if (f_ >= 0 && f_ <= OPENPAM_NUM_FEATURES) \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", \
+ openpam_features[f_].name); \
+ else \
+ openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", f_); \
+} while (0)
+#define RETURNV() openpam_log(PAM_LOG_LIBDEBUG, "returning")
#define RETURNC(c) do { \
int c_ = (c); \
if (c_ >= 0 && c_ < PAM_NUM_ERRORS) \
- openpam_log(PAM_LOG_DEBUG, "returning %s", pam_err_name[c_]); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning %s", pam_err_name[c_]); \
else \
- openpam_log(PAM_LOG_DEBUG, "returning %d!", c_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning %d!", c_); \
return (c_); \
} while (0)
#define RETURNN(n) do { \
int n_ = (n); \
- openpam_log(PAM_LOG_DEBUG, "returning %d", n_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning %d", n_); \
return (n_); \
} while (0)
#define RETURNP(p) do { \
- const void *p_ = (p); \
+ void *p_ = (p); \
if (p_ == NULL) \
- openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \
else \
- openpam_log(PAM_LOG_DEBUG, "returning %p", p_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning %p", p_); \
return (p_); \
} while (0)
#define RETURNS(s) do { \
const char *s_ = (s); \
if (s_ == NULL) \
- openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \
else \
- openpam_log(PAM_LOG_DEBUG, "returning '%s'", s_); \
+ openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", s_); \
return (s_); \
} while (0)
#else
@@ -93,6 +101,7 @@
#define ENTERI(i)
#define ENTERN(n)
#define ENTERS(s)
+#define ENTERF(f)
#define RETURNV() return
#define RETURNC(c) return (c)
#define RETURNN(n) return (n)
diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c
index d44174fbe8e8..1dfc1ac43eb8 100644
--- a/lib/openpam_dynamic.c
+++ b/lib/openpam_dynamic.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_dynamic.c 502 2011-12-18 13:59:22Z des $
+ * $Id: openpam_dynamic.c 607 2012-04-20 11:09:37Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -40,6 +40,7 @@
#endif
#include <dlfcn.h>
+#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -60,15 +61,50 @@
* Perform sanity checks and attempt to load a module
*/
+#ifdef HAVE_FDLOPEN
static void *
try_dlopen(const char *modfn)
{
+ void *dlh;
+ int fd;
- if (openpam_check_path_owner_perms(modfn) != 0)
+ if ((fd = open(modfn, O_RDONLY)) < 0)
+ return (NULL);
+ if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
+ openpam_check_desc_owner_perms(modfn, fd) != 0) {
+ close(fd);
+ return (NULL);
+ }
+ if ((dlh = fdlopen(fd, RTLD_NOW)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
+ close(fd);
+ errno = 0;
+ return (NULL);
+ }
+ close(fd);
+ return (dlh);
+}
+#else
+static void *
+try_dlopen(const char *modfn)
+{
+ int check_module_file;
+ void *dlh;
+
+ openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE,
+ &check_module_file);
+ if (check_module_file &&
+ openpam_check_path_owner_perms(modfn) != 0)
+ return (NULL);
+ if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
+ errno = 0;
return (NULL);
- return (dlopen(modfn, RTLD_NOW));
+ }
+ return (dlh);
}
-
+#endif
+
/*
* OpenPAM internal
*
@@ -100,9 +136,6 @@ openpam_dynamic(const char *path)
*strrchr(vpath, '.') = '\0';
dlh = try_dlopen(vpath);
}
- serrno = errno;
- FREE(vpath);
- errno = serrno;
if (dlh == NULL)
goto err;
if ((module = calloc(1, sizeof *module)) == NULL)
@@ -112,19 +145,41 @@ openpam_dynamic(const char *path)
module->dlh = dlh;
dlmodule = dlsym(dlh, "_pam_module");
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
- module->func[i] = dlmodule ? dlmodule->func[i] :
- (pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
- if (module->func[i] == NULL)
- openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
- path, pam_sm_func_name[i], dlerror());
+ if (dlmodule) {
+ module->func[i] = dlmodule->func[i];
+ } else {
+ module->func[i] =
+ (pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
+ /*
+ * This openpam_log() call is a major source of
+ * log spam, and the cases that matter are caught
+ * and logged in openpam_dispatch(). This would
+ * be less problematic if dlerror() returned an
+ * error code so we could log an error only when
+ * dlsym() failed for a reason other than "no such
+ * symbol".
+ */
+#if 0
+ if (module->func[i] == NULL)
+ openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
+ path, pam_sm_func_name[i], dlerror());
+#endif
+ }
}
+ FREE(vpath);
return (module);
buf_err:
+ serrno = errno;
if (dlh != NULL)
dlclose(dlh);
FREE(module);
+ errno = serrno;
err:
- openpam_log(PAM_LOG_ERROR, "%m");
+ serrno = errno;
+ if (errno != 0)
+ openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);
+ FREE(vpath);
+ errno = serrno;
return (NULL);
}
diff --git a/lib/openpam_features.c b/lib/openpam_features.c
new file mode 100644
index 000000000000..586fc2a57305
--- /dev/null
+++ b/lib/openpam_features.c
@@ -0,0 +1,69 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_features.c 608 2012-05-17 16:00:13Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#define STRUCT_OPENPAM_FEATURE(name, descr, dflt) \
+ [OPENPAM_##name] = { \
+ "OPENPAM_" #name, \
+ descr, \
+ dflt \
+ }
+
+struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
+ STRUCT_OPENPAM_FEATURE(
+ RESTRICT_SERVICE_NAME,
+ "Disallow path separators in service names",
+ 1
+ ),
+ STRUCT_OPENPAM_FEATURE(
+ VERIFY_POLICY_FILE,
+ "Verify ownership and permissions of policy files",
+ 1
+ ),
+ STRUCT_OPENPAM_FEATURE(
+ RESTRICT_MODULE_NAME,
+ "Disallow path separators in module names",
+ 0
+ ),
+ STRUCT_OPENPAM_FEATURE(
+ VERIFY_MODULE_FILE,
+ "Verify ownership and permissions of module files",
+ 1
+ ),
+};
diff --git a/lib/openpam_features.h b/lib/openpam_features.h
new file mode 100644
index 000000000000..227b1a9f729c
--- /dev/null
+++ b/lib/openpam_features.h
@@ -0,0 +1,48 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef OPENPAM_FEATURES_H_INCLUDED
+#define OPENPAM_FEATURES_H_INCLUDED
+
+struct openpam_feature {
+ const char *name;
+ const char *desc;
+ int onoff;
+};
+
+extern struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES];
+
+/* shortcut for internal use */
+#define OPENPAM_FEATURE(f) \
+ openpam_features[OPENPAM_##f].onoff
+
+#endif
diff --git a/lib/openpam_get_feature.c b/lib/openpam_get_feature.c
new file mode 100644
index 000000000000..b552357c58d4
--- /dev/null
+++ b/lib/openpam_get_feature.c
@@ -0,0 +1,99 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_get_feature.c 608 2012-05-17 16:00:13Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "openpam_impl.h"
+
+/*
+ * OpenPAM extension
+ *
+ * Query the state of an optional feature.
+ */
+
+int
+openpam_get_feature(int feature, int *onoff)
+{
+
+ ENTERF(feature);
+ if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
+ RETURNC(PAM_SYMBOL_ERR);
+ *onoff = openpam_features[feature].onoff;
+ RETURNC(PAM_SUCCESS);
+}
+
+/*
+ * Error codes:
+ *
+ * PAM_SYMBOL_ERR
+ */
+
+/**
+ * EXPERIMENTAL
+ *
+ * The =openpam_get_feature function stores the current state of the
+ * specified feature in the variable pointed to by its =onoff argument.
+ *
+ * The following features are recognized:
+ *
+ * =OPENPAM_RESTRICT_SERVICE_NAME:
+ * Disallow path separators in service names.
+ * This feature is enabled by default.
+ * Disabling it allows the application to specify the path to
+ * the desired policy file directly.
+ *
+ * =OPENPAM_VERIFY_POLICY_FILE:
+ * Verify the ownership and permissions of the policy file
+ * and the path leading up to it.
+ * This feature is enabled by default.
+ *
+ * =OPENPAM_RESTRICT_MODULE_NAME:
+ * Disallow path separators in module names.
+ * This feature is disabled by default.
+ * Enabling it prevents the use of modules in non-standard
+ * locations.
+ *
+ * =OPENPAM_VERIFY_MODULE_FILE:
+ * Verify the ownership and permissions of each loadable
+ * module and the path leading up to it.
+ * This feature is enabled by default.
+ *
+ *
+ * >openpam_set_feature
+ *
+ * AUTHOR DES
+ */
diff --git a/lib/openpam_get_option.c b/lib/openpam_get_option.c
index b5faa878fd46..1f62d218ebfc 100644
--- a/lib/openpam_get_option.c
+++ b/lib/openpam_get_option.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_get_option.c 482 2011-11-03 16:33:02Z des $
+ * $Id: openpam_get_option.c 531 2012-03-31 14:24:37Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -44,7 +44,6 @@
#include <string.h>
#include <security/pam_appl.h>
-#include <security/openpam.h>
#include "openpam_impl.h"
diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h
index ba4d45558a96..9e8b45f6d55c 100644
--- a/lib/openpam_impl.h
+++ b/lib/openpam_impl.h
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_impl.h 499 2011-11-22 11:51:50Z des $
+ * $Id: openpam_impl.h 594 2012-04-14 14:18:41Z des $
*/
#ifndef OPENPAM_IMPL_H_INCLUDED
@@ -157,9 +157,23 @@ pam_module_t *openpam_static(const char *);
#endif
pam_module_t *openpam_dynamic(const char *);
-#define FREE(p) do { free((p)); (p) = NULL; } while (0)
+#define FREE(p) \
+ do { \
+ free(p); \
+ (p) = NULL; \
+ } while (0)
+
+#define FREEV(c, v) \
+ do { \
+ while (c) { \
+ --(c); \
+ FREE((v)[(c)]); \
+ } \
+ FREE(v); \
+ } while (0)
#include "openpam_constants.h"
#include "openpam_debug.h"
+#include "openpam_features.h"
#endif
diff --git a/lib/openpam_load.c b/lib/openpam_load.c
index 0eb8ea7d9c29..871d1a8c057c 100644
--- a/lib/openpam_load.c
+++ b/lib/openpam_load.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_load.c 491 2011-11-12 00:12:32Z des $
+ * $Id: openpam_load.c 547 2012-04-01 15:01:21Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -108,9 +108,7 @@ openpam_destroy_chain(pam_chain_t *chain)
return;
openpam_destroy_chain(chain->next);
chain->next = NULL;
- while (chain->optc--)
- FREE(chain->optv[chain->optc]);
- FREE(chain->optv);
+ FREEV(chain->optc, chain->optv);
openpam_release_module(chain->module);
chain->module = NULL;
FREE(chain);
diff --git a/lib/openpam_log.c b/lib/openpam_log.c
index 9e3d28b5b42d..2b89f6c6d7d1 100644
--- a/lib/openpam_log.c
+++ b/lib/openpam_log.c
@@ -32,18 +32,17 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_log.c 437 2011-09-13 12:00:13Z des $
+ * $Id: openpam_log.c 544 2012-03-31 22:47:15Z des $
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
-#include <ctype.h>
+#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <syslog.h>
#include <security/pam_appl.h>
@@ -71,6 +70,7 @@ openpam_log(int level, const char *fmt, ...)
int priority;
switch (level) {
+ case PAM_LOG_LIBDEBUG:
case PAM_LOG_DEBUG:
if (!openpam_debug)
return;
@@ -100,8 +100,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
va_list ap;
char *format;
int priority;
+ int serrno;
switch (level) {
+ case PAM_LOG_LIBDEBUG:
case PAM_LOG_DEBUG:
if (!openpam_debug)
return;
@@ -119,10 +121,13 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
break;
}
va_start(ap, fmt);
+ serrno = errno;
if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
+ errno = serrno;
vsyslog(priority, format, ap);
FREE(format);
} else {
+ errno = serrno;
vsyslog(priority, fmt, ap);
}
va_end(ap);
@@ -137,6 +142,9 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
* The =level argument indicates the importance of the message.
* The following levels are defined:
*
+ * =PAM_LOG_LIBDEBUG:
+ * Debugging messages.
+ * For internal use only.
* =PAM_LOG_DEBUG:
* Debugging messages.
* These messages are normally not logged unless the global
diff --git a/lib/openpam_readline.c b/lib/openpam_readline.c
index 9cc8cc107c45..014acfb2c1cf 100644
--- a/lib/openpam_readline.c
+++ b/lib/openpam_readline.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_readline.c 473 2011-11-03 10:48:25Z des $
+ * $Id: openpam_readline.c 596 2012-04-14 14:52:40Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -44,6 +44,7 @@
#include <stdlib.h>
#include <security/pam_appl.h>
+
#include "openpam_impl.h"
#define MIN_LINE_LENGTH 128
@@ -61,22 +62,11 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
size_t len, size;
int ch;
- if ((line = malloc(MIN_LINE_LENGTH)) == NULL)
+ if ((line = malloc(size = MIN_LINE_LENGTH)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
return (NULL);
- size = MIN_LINE_LENGTH;
+ }
len = 0;
-
-#define line_putch(ch) do { \
- if (len >= size - 1) { \
- char *tmp = realloc(line, size *= 2); \
- if (tmp == NULL) \
- goto fail; \
- line = tmp; \
- } \
- line[len++] = ch; \
- line[len] = '\0'; \
-} while (0)
-
for (;;) {
ch = fgetc(f);
/* strip comment */
@@ -105,26 +95,15 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
/* done */
break;
}
- /* whitespace */
- if (isspace(ch)) {
- /* ignore leading whitespace */
- /* collapse linear whitespace */
- if (len > 0 && line[len - 1] != ' ')
- line_putch(' ');
- continue;
- }
/* anything else */
- line_putch(ch);
+ if (openpam_straddch(&line, &size, &len, ch) != 0)
+ goto fail;
}
-
- /* remove trailing whitespace */
- while (len > 0 && isspace((unsigned char)line[len - 1]))
- --len;
- line[len] = '\0';
if (len == 0)
goto fail;
if (lenp != NULL)
*lenp = len;
+ openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", line);
return (line);
fail:
FREE(line);
@@ -132,16 +111,18 @@ fail:
}
/**
+ * DEPRECATED openpam_readlinev
+ *
* The =openpam_readline function reads a line from a file, and returns it
- * in a NUL-terminated buffer allocated with =malloc.
+ * in a NUL-terminated buffer allocated with =!malloc.
*
* The =openpam_readline function performs a certain amount of processing
* on the data it reads:
*
- * - Comments (introduced by a hash sign) are stripped, as is leading and
- * trailing whitespace.
- * - Any amount of linear whitespace is collapsed to a single space.
+ * - Comments (introduced by a hash sign) are stripped.
+ *
* - Blank lines are ignored.
+ *
* - If a line ends in a backslash, the backslash is stripped and the
* next line is appended.
*
@@ -152,5 +133,8 @@ fail:
* terminating NUL character) is stored in the variable it points to.
*
* The caller is responsible for releasing the returned buffer by passing
- * it to =free.
+ * it to =!free.
+ *
+ * >openpam_readlinev
+ * >openpam_readword
*/
diff --git a/lib/openpam_readlinev.c b/lib/openpam_readlinev.c
new file mode 100644
index 000000000000..5a43b61f36f2
--- /dev/null
+++ b/lib/openpam_readlinev.c
@@ -0,0 +1,156 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_readlinev.c 588 2012-04-08 11:52:25Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#define MIN_WORDV_SIZE 32
+
+/*
+ * OpenPAM extension
+ *
+ * Read a line from a file and split it into words.
+ */
+
+char **
+openpam_readlinev(FILE *f, int *lineno, int *lenp)
+{
+ char *word, **wordv, **tmp;
+ size_t wordlen, wordvsize;
+ int ch, serrno, wordvlen;
+
+ wordvsize = MIN_WORDV_SIZE;
+ wordvlen = 0;
+ if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ errno = ENOMEM;
+ return (NULL);
+ }
+ wordv[wordvlen] = NULL;
+ while ((word = openpam_readword(f, lineno, &wordlen)) != NULL) {
+ if ((unsigned int)wordvlen + 1 >= wordvsize) {
+ /* need to expand the array */
+ wordvsize *= 2;
+ tmp = realloc(wordv, wordvsize * sizeof *wordv);
+ if (tmp == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ errno = ENOMEM;
+ break;
+ }
+ wordv = tmp;
+ }
+ /* insert our word */
+ wordv[wordvlen++] = word;
+ wordv[wordvlen] = NULL;
+ }
+ if (errno != 0) {
+ /* I/O error or out of memory */
+ serrno = errno;
+ while (wordvlen--)
+ free(wordv[wordvlen]);
+ free(wordv);
+ errno = serrno;
+ return (NULL);
+ }
+ /* assert(!ferror(f)) */
+ ch = fgetc(f);
+ /* assert(ch == EOF || ch == '\n') */
+ if (ch == EOF && wordvlen == 0) {
+ free(wordv);
+ return (NULL);
+ }
+ if (ch == '\n' && lineno != NULL)
+ ++*lineno;
+ if (lenp != NULL)
+ *lenp = wordvlen;
+ return (wordv);
+}
+
+/**
+ * The =openpam_readlinev function reads a line from a file, splits it
+ * into words according to the rules described in the =openpam_readword
+ * manual page, and returns a list of those words.
+ *
+ * If =lineno is not =NULL, the integer variable it points to is
+ * incremented every time a newline character is read.
+ * This includes quoted or escaped newline characters and the newline
+ * character at the end of the line.
+ *
+ * If =lenp is not =NULL, the number of words on the line is stored in the
+ * variable to which it points.
+ *
+ * RETURN VALUES
+ *
+ * If successful, the =openpam_readlinev function returns a pointer to a
+ * dynamically allocated array of pointers to individual dynamically
+ * allocated NUL-terminated strings, each containing a single word, in the
+ * order in which they were encountered on the line.
+ * The array is terminated by a =NULL pointer.
+ *
+ * The caller is responsible for freeing both the array and the individual
+ * strings by passing each of them to =!free.
+ *
+ * If the end of the line was reached before any words were read,
+ * =openpam_readlinev returns a pointer to a dynamically allocated array
+ * containing a single =NULL pointer.
+ *
+ * The =openpam_readlinev function can fail and return =NULL for one of
+ * four reasons:
+ *
+ * - The end of the file was reached before any words were read; :errno is
+ * zero, =!ferror returns zero, and =!feof returns a non-zero value.
+ *
+ * - The end of the file was reached while a quote or backslash escape
+ * was in effect; :errno is set to =EINVAL, =!ferror returns zero, and
+ * =!feof returns a non-zero value.
+ *
+ * - An error occurred while reading from the file; :errno is non-zero,
+ * =!ferror returns a non-zero value and =!feof returns zero.
+ *
+ * - A =!malloc or =!realloc call failed; :errno is set to =ENOMEM,
+ * =!ferror returns a non-zero value, and =!feof may or may not return
+ * a non-zero value.
+ *
+ * >openpam_readline
+ * >openpam_readword
+ *
+ * AUTHOR DES
+ */
diff --git a/lib/openpam_readword.c b/lib/openpam_readword.c
new file mode 100644
index 000000000000..74a4d462ce44
--- /dev/null
+++ b/lib/openpam_readword.c
@@ -0,0 +1,207 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_readword.c 588 2012-04-08 11:52:25Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+#include "openpam_ctype.h"
+
+#define MIN_WORD_SIZE 32
+
+/*
+ * OpenPAM extension
+ *
+ * Read a word from a file, respecting shell quoting rules.
+ */
+
+char *
+openpam_readword(FILE *f, int *lineno, size_t *lenp)
+{
+ char *word;
+ size_t size, len;
+ int ch, comment, escape, quote;
+ int serrno;
+
+ errno = 0;
+
+ /* skip initial whitespace */
+ comment = 0;
+ while ((ch = getc(f)) != EOF && ch != '\n') {
+ if (ch == '#')
+ comment = 1;
+ if (!is_lws(ch) && !comment)
+ break;
+ }
+ if (ch == EOF)
+ return (NULL);
+ ungetc(ch, f);
+ if (ch == '\n')
+ return (NULL);
+
+ word = NULL;
+ size = len = 0;
+ escape = quote = 0;
+ while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
+ if (ch == '\\' && !escape && quote != '\'') {
+ /* escape next character */
+ escape = ch;
+ } else if ((ch == '\'' || ch == '"') && !quote && !escape) {
+ /* begin quote */
+ quote = ch;
+ /* edge case: empty quoted string */
+ if (word == NULL && (word = malloc(1)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ errno = ENOMEM;
+ return (NULL);
+ }
+ *word = '\0';
+ size = 1;
+ } else if (ch == quote && !escape) {
+ /* end quote */
+ quote = 0;
+ } else if (ch == '\n' && escape && quote != '\'') {
+ /* line continuation */
+ escape = 0;
+ } else {
+ if (escape && quote && ch != '\\' && ch != quote &&
+ openpam_straddch(&word, &size, &len, '\\') != 0) {
+ free(word);
+ errno = ENOMEM;
+ return (NULL);
+ }
+ if (openpam_straddch(&word, &size, &len, ch) != 0) {
+ free(word);
+ errno = ENOMEM;
+ return (NULL);
+ }
+ escape = 0;
+ }
+ if (lineno != NULL && ch == '\n')
+ ++*lineno;
+ }
+ if (ch == EOF && ferror(f)) {
+ serrno = errno;
+ free(word);
+ errno = serrno;
+ return (NULL);
+ }
+ if (ch == EOF && (escape || quote)) {
+ /* Missing escaped character or closing quote. */
+ openpam_log(PAM_LOG_ERROR, "unexpected end of file");
+ free(word);
+ errno = EINVAL;
+ return (NULL);
+ }
+ ungetc(ch, f);
+ if (lenp != NULL)
+ *lenp = len;
+ return (word);
+}
+
+/**
+ * The =openpam_readword function reads the next word from a file, and
+ * returns it in a NUL-terminated buffer allocated with =!malloc.
+ *
+ * A word is a sequence of non-whitespace characters.
+ * However, whitespace characters can be included in a word if quoted or
+ * escaped according to the following rules:
+ *
+ * - An unescaped single or double quote introduces a quoted string,
+ * which ends when the same quote character is encountered a second
+ * time.
+ * The quotes themselves are stripped.
+ *
+ * - Within a single- or double-quoted string, all whitespace characters,
+ * including the newline character, are preserved as-is.
+ *
+ * - Outside a quoted string, a backslash escapes the next character,
+ * which is preserved as-is, unless that character is a newline, in
+ * which case it is discarded and reading continues at the beginning of
+ * the next line as if the backslash and newline had not been there.
+ * In all cases, the backslash itself is discarded.
+ *
+ * - Within a single-quoted string, double quotes and backslashes are
+ * preserved as-is.
+ *
+ * - Within a double-quoted string, a single quote is preserved as-is,
+ * and a backslash is preserved as-is unless used to escape a double
+ * quote.
+ *
+ * In addition, if the first non-whitespace character on the line is a
+ * hash character (#), the rest of the line is discarded.
+ * If a hash character occurs within a word, however, it is preserved
+ * as-is.
+ * A backslash at the end of a comment does cause line continuation.
+ *
+ * If =lineno is not =NULL, the integer variable it points to is
+ * incremented every time a quoted or escaped newline character is read.
+ *
+ * If =lenp is not =NULL, the length of the word (after quotes and
+ * backslashes have been removed) is stored in the variable it points to.
+ *
+ * RETURN VALUES
+ *
+ * If successful, the =openpam_readword function returns a pointer to a
+ * dynamically allocated NUL-terminated string containing the first word
+ * encountered on the line.
+ *
+ * The caller is responsible for releasing the returned buffer by passing
+ * it to =!free.
+ *
+ * If =openpam_readword reaches the end of the line or file before any
+ * characters are copied to the word, it returns =NULL. In the former
+ * case, the newline is pushed back to the file.
+ *
+ * If =openpam_readword reaches the end of the file while a quote or
+ * backslash escape is in effect, it sets :errno to =EINVAL and returns
+ * =NULL.
+ *
+ * IMPLEMENTATION NOTES
+ *
+ * The parsing rules are intended to be equivalent to the normal POSIX
+ * shell quoting rules.
+ * Any discrepancy is a bug and should be reported to the author along
+ * with sample input that can be used to reproduce the error.
+ *
+ * >openpam_readline
+ * >openpam_readlinev
+ *
+ * AUTHOR DES
+ */
diff --git a/lib/openpam_set_feature.c b/lib/openpam_set_feature.c
new file mode 100644
index 000000000000..4f6a4a5c92c7
--- /dev/null
+++ b/lib/openpam_set_feature.c
@@ -0,0 +1,75 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_set_feature.c 608 2012-05-17 16:00:13Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "openpam_impl.h"
+
+/*
+ * OpenPAM extension
+ *
+ * Enable or disable an optional feature.
+ */
+
+int
+openpam_set_feature(int feature, int onoff)
+{
+
+ ENTERF(feature);
+ if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
+ RETURNC(PAM_SYMBOL_ERR);
+ openpam_features[feature].onoff = onoff;
+ RETURNC(PAM_SUCCESS);
+}
+
+/*
+ * Error codes:
+ *
+ * PAM_SYMBOL_ERR
+ */
+
+/**
+ * EXPERIMENTAL
+ *
+ * The =openpam_set_feature function sets the state of the specified
+ * feature to the value specified by the =onoff argument.
+ * See =openpam_get_feature for a list of recognized features.
+ *
+ * >openpam_get_feature
+ *
+ * AUTHOR DES
+ */
diff --git a/lib/openpam_set_option.c b/lib/openpam_set_option.c
index c7cb1c7c416d..1712a718ec4c 100644
--- a/lib/openpam_set_option.c
+++ b/lib/openpam_set_option.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_set_option.c 482 2011-11-03 16:33:02Z des $
+ * $Id: openpam_set_option.c 532 2012-03-31 14:24:53Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -46,7 +46,6 @@
#include <string.h>
#include <security/pam_appl.h>
-#include <security/openpam.h>
#include "openpam_impl.h"
diff --git a/lib/openpam_straddch.c b/lib/openpam_straddch.c
new file mode 100644
index 000000000000..9845cc610a93
--- /dev/null
+++ b/lib/openpam_straddch.c
@@ -0,0 +1,111 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_straddch.c 568 2012-04-05 14:35:53Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#define MIN_STR_SIZE 32
+
+/*
+ * OpenPAM extension
+ *
+ * Add a character to a string, expanding the buffer if needed.
+ */
+
+int
+openpam_straddch(char **str, size_t *size, size_t *len, int ch)
+{
+ size_t tmpsize;
+ char *tmpstr;
+
+ if (*str == NULL) {
+ /* initial allocation */
+ tmpsize = MIN_STR_SIZE;
+ if ((tmpstr = malloc(tmpsize)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ errno = ENOMEM;
+ return (-1);
+ }
+ *str = tmpstr;
+ *size = tmpsize;
+ *len = 0;
+ } else if (*len + 1 >= *size) {
+ /* additional space required */
+ tmpsize = *size * 2;
+ if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "realloc(): %m");
+ errno = ENOMEM;
+ return (-1);
+ }
+ *size = tmpsize;
+ *str = tmpstr;
+ }
+ (*str)[*len] = ch;
+ ++*len;
+ (*str)[*len] = '\0';
+ return (0);
+}
+
+/**
+ * The =openpam_straddch function appends a character to a dynamically
+ * allocated NUL-terminated buffer, reallocating the buffer as needed.
+ *
+ * The =str argument points to a variable containing either a pointer to
+ * an existing buffer or =NULL.
+ * If the value of the variable pointed to by =str is =NULL, a new buffer
+ * is allocated.
+ *
+ * The =size and =len argument point to variables used to hold the size
+ * of the buffer and the length of the string it contains, respectively.
+ *
+ * If a new buffer is allocated or an existing buffer is reallocated to
+ * make room for the additional character, =str and =size are updated
+ * accordingly.
+ *
+ * The =openpam_straddch function ensures that the buffer is always
+ * NUL-terminated.
+ *
+ * If the =openpam_straddch function is successful, it increments the
+ * integer variable pointed to by =len and returns 0.
+ * Otherwise, it leaves the variables pointed to by =str, =size and =len
+ * unmodified, sets :errno to =ENOMEM and returns -1.
+ *
+ * AUTHOR DES
+ */
diff --git a/lib/openpam_strlcat.h b/lib/openpam_strlcat.h
new file mode 100644
index 000000000000..1f266936be43
--- /dev/null
+++ b/lib/openpam_strlcat.h
@@ -0,0 +1,54 @@
+/*-
+ * Copyright (c) 2011 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: openpam_strlcat.h 578 2012-04-06 00:45:59Z des $
+ */
+
+#ifndef OPENPAM_STRLCAT_H_INCLUDED
+#define OPENPAM_STRLCAT_H_INCLUDED
+
+#ifndef HAVE_STRLCAT
+/* like strcat(3), but always NUL-terminates; returns strlen(src) */
+static size_t
+strlcat(char *dst, const char *src, size_t size)
+{
+ size_t len;
+
+ for (len = 0; *dst && size > 1; ++len, --size)
+ dst++;
+ for (; *src && size > 1; ++len, --size)
+ *dst++ = *src++;
+ *dst = '\0';
+ while (*src)
+ ++len, ++src;
+ return (len);
+}
+#endif
+
+#endif
diff --git a/lib/openpam_strlcmp.h b/lib/openpam_strlcmp.h
index c692225d7f8d..2a78e0f67666 100644
--- a/lib/openpam_strlcmp.h
+++ b/lib/openpam_strlcmp.h
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_strlcmp.h 475 2011-11-03 15:29:24Z des $
+ * $Id: openpam_strlcmp.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_STRLCMP_H_INCLUDED
diff --git a/lib/openpam_strlcpy.h b/lib/openpam_strlcpy.h
index 921653b6e9cc..9c6554834830 100644
--- a/lib/openpam_strlcpy.h
+++ b/lib/openpam_strlcpy.h
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_strlcpy.h 492 2011-11-20 02:04:17Z des $
+ * $Id: openpam_strlcpy.h 578 2012-04-06 00:45:59Z des $
*/
#ifndef OPENPAM_STRLCPY_H_INCLUDED
@@ -32,7 +35,7 @@
#ifndef HAVE_STRLCPY
/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
-size_t
+static size_t
strlcpy(char *dst, const char *src, size_t size)
{
size_t len;
diff --git a/lib/openpam_subst.c b/lib/openpam_subst.c
index d54b8270daf4..bab7a785faa9 100644
--- a/lib/openpam_subst.c
+++ b/lib/openpam_subst.c
@@ -11,6 +11,9 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -24,7 +27,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_subst.c 461 2011-11-02 14:00:38Z des $
+ * $Id: openpam_subst.c 543 2012-03-31 22:11:34Z des $
*/
#ifdef HAVE_CONFIG_H
diff --git a/lib/openpam_ttyconv.c b/lib/openpam_ttyconv.c
index ec078f418044..14a324d59ed3 100644
--- a/lib/openpam_ttyconv.c
+++ b/lib/openpam_ttyconv.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: openpam_ttyconv.c 437 2011-09-13 12:00:13Z des $
+ * $Id: openpam_ttyconv.c 527 2012-02-26 03:23:59Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -69,17 +69,17 @@ prompt(const char *msg)
{
char buf[PAM_MAX_RESP_SIZE];
struct sigaction action, saved_action;
- sigset_t saved_sigset, sigset;
+ sigset_t saved_sigset, the_sigset;
unsigned int saved_alarm;
int eof, error, fd;
size_t len;
char *retval;
char ch;
- sigemptyset(&sigset);
- sigaddset(&sigset, SIGINT);
- sigaddset(&sigset, SIGTSTP);
- sigprocmask(SIG_SETMASK, &sigset, &saved_sigset);
+ sigemptyset(&the_sigset);
+ sigaddset(&the_sigset, SIGINT);
+ sigaddset(&the_sigset, SIGTSTP);
+ sigprocmask(SIG_SETMASK, &the_sigset, &saved_sigset);
action.sa_handler = &timeout;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
diff --git a/lib/pam_get_authtok.c b/lib/pam_get_authtok.c
index a0613eff9cbe..1a3aebc81093 100644
--- a/lib/pam_get_authtok.c
+++ b/lib/pam_get_authtok.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: pam_get_authtok.c 455 2011-10-29 18:31:11Z des $
+ * $Id: pam_get_authtok.c 510 2011-12-31 13:14:23Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -50,6 +50,7 @@
#include "openpam_impl.h"
static const char authtok_prompt[] = "Password:";
+static const char authtok_prompt_remote[] = "Password for %u@%h:";
static const char oldauthtok_prompt[] = "Old Password:";
static const char newauthtok_prompt[] = "New Password:";
@@ -69,6 +70,7 @@ pam_get_authtok(pam_handle_t *pamh,
size_t prompt_size;
const void *oldauthtok, *prevauthtok, *promptp;
const char *prompt_option, *default_prompt;
+ const void *lhost, *rhost;
char *resp, *resp2;
int pitem, r, style, twice;
@@ -82,6 +84,14 @@ pam_get_authtok(pam_handle_t *pamh,
pitem = PAM_AUTHTOK_PROMPT;
prompt_option = "authtok_prompt";
default_prompt = authtok_prompt;
+ r = pam_get_item(pamh, PAM_RHOST, &rhost);
+ if (r == PAM_SUCCESS && rhost != NULL) {
+ r = pam_get_item(pamh, PAM_HOST, &lhost);
+ if (r == PAM_SUCCESS && lhost != NULL) {
+ if (strcmp(rhost, lhost) != 0)
+ default_prompt = authtok_prompt_remote;
+ }
+ }
r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
if (r == PAM_SUCCESS && oldauthtok != NULL) {
default_prompt = newauthtok_prompt;
diff --git a/lib/pam_putenv.c b/lib/pam_putenv.c
index 369066d8ea9c..e1f0bc35e29c 100644
--- a/lib/pam_putenv.c
+++ b/lib/pam_putenv.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: pam_putenv.c 437 2011-09-13 12:00:13Z des $
+ * $Id: pam_putenv.c 539 2012-03-31 20:53:22Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -102,7 +102,7 @@ pam_putenv(pam_handle_t *pamh,
*/
/**
- * The =pam_putenv function sets a environment variable.
+ * The =pam_putenv function sets an environment variable.
* Its semantics are similar to those of =putenv, but it modifies the PAM
* context's environment list instead of the application's.
*
diff --git a/lib/pam_setenv.c b/lib/pam_setenv.c
index fbe6a8f1b6f8..6fd4c1001e83 100644
--- a/lib/pam_setenv.c
+++ b/lib/pam_setenv.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: pam_setenv.c 437 2011-09-13 12:00:13Z des $
+ * $Id: pam_setenv.c 539 2012-03-31 20:53:22Z des $
*/
#ifdef HAVE_CONFIG_H
@@ -92,7 +92,7 @@ pam_setenv(pam_handle_t *pamh,
*/
/**
- * The =pam_setenv function sets a environment variable.
+ * The =pam_setenv function sets an environment variable.
* Its semantics are similar to those of =setenv, but it modifies the PAM
* context's environment list instead of the application's.
*
diff --git a/ltmain.sh b/ltmain.sh
index 6dfcfd58a90c..16ddbf884b67 100755
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -1,9 +1,9 @@
-# libtool (GNU libtool) 2.4
+# libtool (GNU libtool) 2.4.2
# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
-# 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
# This is free software; see the source for copying conditions. There is NO
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -41,6 +41,7 @@
# --quiet, --silent don't print informational messages
# --no-quiet, --no-silent
# print informational messages (default)
+# --no-warn don't display warning messages
# --tag=TAG use configuration variables from tag TAG
# -v, --verbose print more informational messages than default
# --no-verbose don't print the extra informational messages
@@ -69,7 +70,7 @@
# compiler: $LTCC
# compiler flags: $LTCFLAGS
# linker: $LD (gnu? $with_gnu_ld)
-# $progname: (GNU libtool) 2.4
+# $progname: (GNU libtool) 2.4.2
# automake: $automake_version
# autoconf: $autoconf_version
#
@@ -79,9 +80,9 @@
PROGRAM=libtool
PACKAGE=libtool
-VERSION=2.4
+VERSION=2.4.2
TIMESTAMP=""
-package_revision=1.3293
+package_revision=1.3337
# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
@@ -136,15 +137,10 @@ progpath="$0"
: ${CP="cp -f"}
test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
-: ${EGREP="grep -E"}
-: ${FGREP="grep -F"}
-: ${GREP="grep"}
-: ${LN_S="ln -s"}
: ${MAKE="make"}
: ${MKDIR="mkdir"}
: ${MV="mv -f"}
: ${RM="rm -f"}
-: ${SED="sed"}
: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
: ${Xsed="$SED -e 1s/^X//"}
@@ -387,7 +383,7 @@ case $progpath in
;;
*)
save_IFS="$IFS"
- IFS=:
+ IFS=${PATH_SEPARATOR-:}
for progdir in $PATH; do
IFS="$save_IFS"
test -x "$progdir/$progname" && break
@@ -771,8 +767,8 @@ func_help ()
s*\$LTCFLAGS*'"$LTCFLAGS"'*
s*\$LD*'"$LD"'*
s/\$with_gnu_ld/'"$with_gnu_ld"'/
- s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
- s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
p
d
}
@@ -1052,6 +1048,7 @@ opt_finish=false
opt_help=false
opt_help_all=false
opt_silent=:
+opt_warning=:
opt_verbose=:
opt_silent=false
opt_verbose=false
@@ -1120,6 +1117,10 @@ esac
opt_silent=false
func_append preserve_args " $opt"
;;
+ --no-warning|--no-warn)
+ opt_warning=false
+func_append preserve_args " $opt"
+ ;;
--no-verbose)
opt_verbose=false
func_append preserve_args " $opt"
@@ -2089,7 +2090,7 @@ func_mode_compile ()
*.[cCFSifmso] | \
*.ada | *.adb | *.ads | *.asm | \
*.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
- *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup)
+ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
func_xform "$libobj"
libobj=$func_xform_result
;;
@@ -3231,11 +3232,13 @@ func_mode_install ()
# Set up the ranlib parameters.
oldlib="$destdir/$name"
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
if test -n "$stripme" && test -n "$old_striplib"; then
- func_show_eval "$old_striplib $oldlib" 'exit $?'
+ func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
fi
# Do each command in the postinstall commands.
@@ -3500,7 +3503,7 @@ static const void *lt_preloaded_setup() {
# linked before any other PIC object. But we must not use
# pic_flag when linking with -static. The problem exists in
# FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
- *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
*-*-hpux*)
pic_flag_for_symtable=" $pic_flag" ;;
@@ -4015,14 +4018,17 @@ func_exec_program_core ()
# launches target application with the remaining arguments.
func_exec_program ()
{
- for lt_wr_arg
- do
- case \$lt_wr_arg in
- --lt-*) ;;
- *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
- esac
- shift
- done
+ case \" \$* \" in
+ *\\ --lt-*)
+ for lt_wr_arg
+ do
+ case \$lt_wr_arg in
+ --lt-*) ;;
+ *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
+ esac
+ shift
+ done ;;
+ esac
func_exec_program_core \${1+\"\$@\"}
}
@@ -5090,9 +5096,15 @@ void lt_dump_script (FILE* f)
{
EOF
func_emit_wrapper yes |
- $SED -e 's/\([\\"]\)/\\\1/g' \
- -e 's/^/ fputs ("/' -e 's/$/\\n", f);/'
-
+ $SED -n -e '
+s/^\(.\{79\}\)\(..*\)/\1\
+\2/
+h
+s/\([\\"]\)/\\\1/g
+s/$/\\n/
+s/\([^\n]*\).*/ fputs ("\1", f);/p
+g
+D'
cat <<"EOF"
}
EOF
@@ -5677,7 +5689,8 @@ func_mode_link ()
continue
;;
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
func_append compiler_flags " $arg"
func_append compile_command " $arg"
func_append finalize_command " $arg"
@@ -6181,7 +6194,8 @@ func_mode_link ()
lib=
found=no
case $deplib in
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
if test "$linkmode,$pass" = "prog,link"; then
compile_deplibs="$deplib $compile_deplibs"
finalize_deplibs="$deplib $finalize_deplibs"
@@ -6882,7 +6896,7 @@ func_mode_link ()
test "$hardcode_direct_absolute" = no; then
add="$dir/$linklib"
elif test "$hardcode_minus_L" = yes; then
- add_dir="-L$dir"
+ add_dir="-L$absdir"
# Try looking first in the location we're being installed to.
if test -n "$inst_prefix_dir"; then
case $libdir in
@@ -7367,6 +7381,7 @@ func_mode_link ()
# which has an extra 1 added just for fun
#
case $version_type in
+ # correct linux to gnu/linux during the next big refactor
darwin|linux|osf|windows|none)
func_arith $number_major + $number_minor
current=$func_arith_result
@@ -7483,7 +7498,7 @@ func_mode_link ()
versuffix="$major.$revision"
;;
- linux)
+ linux) # correct to gnu/linux during the next big refactor
func_arith $current - $age
major=.$func_arith_result
versuffix="$major.$age.$revision"
@@ -8071,6 +8086,11 @@ EOF
# Test again, we may have decided not to build it any more
if test "$build_libtool_libs" = yes; then
+ # Remove ${wl} instances when linking with ld.
+ # FIXME: should test the right _cmds variable.
+ case $archive_cmds in
+ *\$LD\ *) wl= ;;
+ esac
if test "$hardcode_into_libs" = yes; then
# Hardcode the library paths
hardcode_libdirs=
@@ -8101,7 +8121,7 @@ EOF
elif test -n "$runpath_var"; then
case "$perm_rpath " in
*" $libdir "*) ;;
- *) func_apped perm_rpath " $libdir" ;;
+ *) func_append perm_rpath " $libdir" ;;
esac
fi
done
@@ -8109,11 +8129,7 @@ EOF
if test -n "$hardcode_libdir_separator" &&
test -n "$hardcode_libdirs"; then
libdir="$hardcode_libdirs"
- if test -n "$hardcode_libdir_flag_spec_ld"; then
- eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
- else
- eval dep_rpath=\"$hardcode_libdir_flag_spec\"
- fi
+ eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
fi
if test -n "$runpath_var" && test -n "$perm_rpath"; then
# We should set the runpath_var.
@@ -9203,6 +9219,8 @@ EOF
esac
done
fi
+ func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+ tool_oldlib=$func_to_tool_file_result
eval cmds=\"$old_archive_cmds\"
func_len " $cmds"
@@ -9312,7 +9330,8 @@ EOF
*.la)
func_basename "$deplib"
name="$func_basename_result"
- eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ func_resolve_sysroot "$deplib"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
test -z "$libdir" && \
func_fatal_error "\`$deplib' is not a valid libtool archive"
func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
diff --git a/misc/gendoc.pl b/misc/gendoc.pl
index 7b766728e872..4ce2d39fad9e 100644
--- a/misc/gendoc.pl
+++ b/misc/gendoc.pl
@@ -33,7 +33,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $Id: gendoc.pl 465 2011-11-02 20:34:26Z des $
+# $Id: gendoc.pl 599 2012-04-14 15:06:41Z des $
#
use strict;
@@ -81,12 +81,15 @@ $COPYRIGHT = ".\\\"-
.\\\"";
%AUTHORS = (
- THINKSEC => "ThinkSec AS and Network Associates Laboratories, the
+ THINKSEC => "developed for the
+.Fx
+Project by ThinkSec AS and Network Associates Laboratories, the
Security Research Division of Network Associates, Inc.\\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.",
- DES => ".An Dag-Erling Sm\\(/orgrav Aq des\@FreeBSD.org .",
+ DES => "developed by
+.An Dag-Erling Sm\\(/orgrav Aq des\@des.no .",
);
%PAMERR = (
@@ -136,6 +139,9 @@ sub parse_source($) {
my $inlist;
my $intaglist;
my $inliteral;
+ my $customrv;
+ my $deprecated;
+ my $experimental;
my %xref;
my @errors;
my $author;
@@ -154,10 +160,18 @@ sub parse_source($) {
if ($source =~ m/^ \* NOPARSE\s*$/m);
$author = 'THINKSEC';
- if ($source =~ s/^ \* AUTHOR\s+(.*?)\s*$//m) {
+ if ($source =~ s/^ \* AUTHOR\s+(\w*)\s*$//m) {
$author = $1;
}
+ if ($source =~ s/^ \* DEPRECATED\s*(\w*)\s*$//m) {
+ $deprecated = $1 // 0;
+ }
+
+ if ($source =~ s/^ \* EXPERIMENTAL\s*$//m) {
+ $experimental = 1;
+ }
+
$func = $fn;
$func =~ s,^(?:.*/)?([^/]+)\.c$,$1,;
if ($source !~ m,\n \* ([\S ]+)\n \*/\n\n([\S ]+)\n$func\((.*?)\)\n\{,s) {
@@ -195,7 +209,7 @@ sub parse_source($) {
# separate argument names with |
$argnames =~ s/\" \"/|/g;
# and surround with ()
- $argnames =~ s/^\"(.*)\"$/($1)/;
+ $argnames =~ s/^\"(.*)\"$/$1/;
# $argnames is now a regexp that matches argument names
$inliteral = $inlist = $intaglist = 0;
foreach (split("\n", $source)) {
@@ -211,12 +225,19 @@ sub parse_source($) {
s/\\(.)/$1/gs;
if (m/^$/) {
# paragraph separator
+ if ($inlist || $intaglist) {
+ # either a blank line between list items, or a blank
+ # line after the final list item. The latter case
+ # will be handled further down.
+ next;
+ }
+ if ($man =~ m/\n\.Sh [^\n]+\n$/s) {
+ # a blank line after a section header
+ next;
+ }
if ($man ne "" && $man !~ m/\.Pp\n$/s) {
if ($inliteral) {
$man .= "\0\n";
- } elsif ($inlist || $intaglist) {
- $man .= ".El\n.Pp\n";
- $inlist = $intaglist = 0;
} else {
$man .= ".Pp\n";
}
@@ -229,6 +250,14 @@ sub parse_source($) {
++$xref{$sect}->{$page};
next;
}
+ if (s/^([A-Z][0-9A-Z -]+)$/.Sh $1/) {
+ if ($1 eq "RETURN VALUES") {
+ $customrv = $1;
+ }
+ $man =~ s/\n\.Pp$/\n/s;
+ $man .= "$_\n";
+ next;
+ }
if (s/^\s+-\s+//) {
# item in bullet list
if ($inliteral) {
@@ -286,11 +315,12 @@ sub parse_source($) {
$man .= "$_\n";
next;
}
- s/\s*=$func\b\s*/\n.Nm\n/gs;
- s/\s*=$argnames\b\s*/\n.Fa $1\n/gs;
+ s/\s*=($func)\b\s*/\n.Fn $1\n/gs;
+ s/\s*=($argnames)\b\s*/\n.Fa $1\n/gs;
s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs;
s/\s*:([a-z_]+)\b\s*/\n.Va $1\n/gs;
s/\s*;([a-z_]+)\b\s*/\n.Dv $1\n/gs;
+ s/\s*=!([a-z_]+)\b\s*/\n.Xr $1 3\n/gs;
while (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/s) {
++$xref{3}->{$1};
}
@@ -311,7 +341,7 @@ sub parse_source($) {
$inliteral = 0;
}
$man =~ s/\%/\\&\%/gs;
- $man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([\.,:;-]\S*)\s*/$1 $2\n/gs;
+ $man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([.,:;-])\s+/$1 $2\n/gs;
$man =~ s/\s*$/\n/gm;
$man =~ s/\n+/\n/gs;
$man =~ s/\0//gs;
@@ -331,6 +361,9 @@ sub parse_source($) {
'xref' => \%xref,
'errors' => \@errors,
'author' => $author,
+ 'customrv' => $customrv,
+ 'deprecated' => $deprecated,
+ 'experimental' => $experimental,
};
if ($source =~ m/^ \* NODOC\s*$/m) {
$FUNCTIONS{$func}->{'nodoc'} = 1;
@@ -437,49 +470,75 @@ sub gendoc($) {
.Lb libpam
.Sh SYNOPSIS
.In sys/types.h
-.In security/pam_appl.h
+";
+ if ($func->{'args'} =~ m/\bFILE \*\b/) {
+ $mdoc .= ".In stdio.h\n";
+ }
+ $mdoc .= ".In security/pam_appl.h
";
if ($func->{'name'} =~ m/_sm_/) {
- $mdoc .= ".In security/pam_modules.h\n"
+ $mdoc .= ".In security/pam_modules.h\n";
}
if ($func->{'name'} =~ m/openpam/) {
- $mdoc .= ".In security/openpam.h\n"
+ $mdoc .= ".In security/openpam.h\n";
}
$mdoc .= ".Ft \"$func->{'type'}\"
.Fn $func->{'name'} $func->{'args'}
.Sh DESCRIPTION
-$func->{'man'}
";
- if ($func->{'type'} eq "int") {
+ if (defined($func->{'deprecated'})) {
+ $mdoc .= ".Bf Sy\n" .
+ "This function is deprecated and may be removed " .
+ "in a future release without further warning.\n";
+ if ($func->{'deprecated'}) {
+ $mdoc .= "The\n.Fn $func->{'deprecated'}\nfunction " .
+ "may be used to achieve similar results.\n";
+ }
+ $mdoc .= ".Ef\n.Pp\n";
+ }
+ if ($func->{'experimental'}) {
+ $mdoc .= ".Bf Sy\n" .
+ "This function is experimental and may be modified or removed " .
+ "in a future release without further warning.\n";
+ $mdoc .= ".Ef\n.Pp\n";
+ }
+ $mdoc .= "$func->{'man'}\n";
+ my @errors = @{$func->{'errors'}};
+ if ($func->{'customrv'}) {
+ # leave it
+ } elsif ($func->{'type'} eq "int" && @errors) {
$mdoc .= ".Sh RETURN VALUES
The
-.Nm
+.Fn $func->{'name'}
function returns one of the following values:
.Bl -tag -width 18n
";
- my @errors = @{$func->{'errors'}};
- warn("$func->{'name'}(): no error specification\n")
- unless(@errors);
foreach (@errors) {
$mdoc .= ".It Bq Er $_\n$PAMERR{$_}.\n";
}
$mdoc .= ".El\n";
- } else {
- if ($func->{'type'} =~ m/\*$/) {
- $mdoc .= ".Sh RETURN VALUES
+ } elsif ($func->{'type'} eq "int") {
+ $mdoc .= ".Sh RETURN VALUES
+The
+.Fn $func->{'name'}
+function returns 0 on success and -1 on failure.
+";
+ } elsif ($func->{'type'} =~ m/\*$/) {
+ $mdoc .= ".Sh RETURN VALUES
The
-.Nm
+.Fn $func->{'name'}
function returns
.Dv NULL
on failure.
";
- }
+ } elsif ($func->{'type'} ne "void") {
+ warn("$func->{'name'}(): no error specification\n");
}
$mdoc .= ".Sh SEE ALSO\n" . genxref($func->{'xref'});
$mdoc .= ".Sh STANDARDS\n";
if ($func->{'openpam'}) {
$mdoc .= "The
-.Nm
+.Fn $func->{'name'}
function is an OpenPAM extension.
";
} else {
@@ -491,10 +550,9 @@ function is an OpenPAM extension.
}
$mdoc .= ".Sh AUTHORS
The
-.Nm
-function and this manual page were developed for the
-.Fx
-Project by\n" . $AUTHORS{$func->{'author'} // 'THINKSEC_DARPA'} . "\n";
+.Fn $func->{'name'}
+function and this manual page were\n";
+ $mdoc .= $AUTHORS{$func->{'author'} // 'THINKSEC_DARPA'} . "\n";
$fn = "$func->{'name'}.3";
if (open(FILE, ">", $fn)) {
print(FILE $mdoc);
@@ -608,6 +666,9 @@ Security Research Division of Network Associates, Inc.\\& under
DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
+.Pp
+The OpenPAM library is maintained by
+.An Dag-Erling Sm\\(/orgrav Aq des\@des.no .
";
close(FILE);
}
diff --git a/pamgdb.in b/pamgdb.in
new file mode 100644
index 000000000000..2ec2d65adc4d
--- /dev/null
+++ b/pamgdb.in
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# $Id: pamgdb.in 583 2012-04-07 18:56:13Z des $
+#
+
+srcdir="@abs_top_srcdir@"
+builddir="@abs_top_builddir@"
+
+# Make sure we get the right version of libpam
+pam_libdir="${builddir}/lib/.libs"
+LD_LIBRARY_PATH="${pam_libdir}:${LD_LIBRARY_PATH}"
+LD_LIBRARY_PATH="${LD_LIBRARY_PATH%:}"
+export LD_LIBRARY_PATH
+
+# DWIM, assuming that the first positional argument is the name of the
+# program to debug rather than a gdb option.
+prog="$1"
+if expr "${prog}" : ".*/.*" >/dev/null ; then
+ # The first argument is an absolute or relative path. There
+ # is a good chance that it points to the wrapper script
+ # generated by libtool rather than the actual binary.
+ altprog="${prog%/*}/.libs/${prog##*/}"
+ if [ -x "${altprog}" ] ; then
+ shift
+ set "${altprog}" "$@"
+ fi
+elif expr "${prog}" : "[a-z.-][a-z.-]*" >/dev/null ; then
+ # The first argument is just the name of the program. Look for
+ # it in the build directory.
+ for libdir in $(find "${builddir}" -type d -name .libs -print) ; do
+ altprog="${libdir}/${prog}"
+ if [ -x "${altprog}" ] ; then
+ shift
+ set "${altprog}" "$@"
+ break
+ fi
+ done
+fi
+
+# Let's go!
+exec gdb "$@"
diff --git a/t/Makefile.am b/t/Makefile.am
new file mode 100644
index 000000000000..a3f596d90748
--- /dev/null
+++ b/t/Makefile.am
@@ -0,0 +1,16 @@
+# $Id: Makefile.am 572 2012-04-05 15:41:44Z des $
+
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
+
+noinst_HEADERS = t.h
+
+# tests
+TESTS = t_openpam_readword t_openpam_readlinev
+check_PROGRAMS = $(TESTS)
+
+# libt - common support code
+check_LIBRARIES = libt.a
+libt_a_SOURCES = t_main.c
+
+# link with libpam and libt
+LDADD = libt.a $(top_builddir)/lib/libpam.la
diff --git a/t/Makefile.in b/t/Makefile.in
new file mode 100644
index 000000000000..e71618bd5e83
--- /dev/null
+++ b/t/Makefile.in
@@ -0,0 +1,605 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $Id: Makefile.am 572 2012-04-05 15:41:44Z des $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS = t_openpam_readword$(EXEEXT) t_openpam_readlinev$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = t
+DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+ARFLAGS = cru
+libt_a_AR = $(AR) $(ARFLAGS)
+libt_a_LIBADD =
+am_libt_a_OBJECTS = t_main.$(OBJEXT)
+libt_a_OBJECTS = $(am_libt_a_OBJECTS)
+am__EXEEXT_1 = t_openpam_readword$(EXEEXT) \
+ t_openpam_readlinev$(EXEEXT)
+t_openpam_readlinev_SOURCES = t_openpam_readlinev.c
+t_openpam_readlinev_OBJECTS = t_openpam_readlinev.$(OBJEXT)
+t_openpam_readlinev_LDADD = $(LDADD)
+t_openpam_readlinev_DEPENDENCIES = libt.a \
+ $(top_builddir)/lib/libpam.la
+t_openpam_readword_SOURCES = t_openpam_readword.c
+t_openpam_readword_OBJECTS = t_openpam_readword.$(OBJEXT)
+t_openpam_readword_LDADD = $(LDADD)
+t_openpam_readword_DEPENDENCIES = libt.a $(top_builddir)/lib/libpam.la
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libt_a_SOURCES) t_openpam_readlinev.c t_openpam_readword.c
+DIST_SOURCES = $(libt_a_SOURCES) t_openpam_readlinev.c \
+ t_openpam_readword.c
+HEADERS = $(noinst_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_MAJ = @LIB_MAJ@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
+noinst_HEADERS = t.h
+
+# libt - common support code
+check_LIBRARIES = libt.a
+libt_a_SOURCES = t_main.c
+
+# link with libpam and libt
+LDADD = libt.a $(top_builddir)/lib/libpam.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign t/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign t/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkLIBRARIES:
+ -test -z "$(check_LIBRARIES)" || rm -f $(check_LIBRARIES)
+libt.a: $(libt_a_OBJECTS) $(libt_a_DEPENDENCIES)
+ -rm -f libt.a
+ $(libt_a_AR) libt.a $(libt_a_OBJECTS) $(libt_a_LIBADD)
+ $(RANLIB) libt.a
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+t_openpam_readlinev$(EXEEXT): $(t_openpam_readlinev_OBJECTS) $(t_openpam_readlinev_DEPENDENCIES)
+ @rm -f t_openpam_readlinev$(EXEEXT)
+ $(LINK) $(t_openpam_readlinev_OBJECTS) $(t_openpam_readlinev_LDADD) $(LIBS)
+t_openpam_readword$(EXEEXT): $(t_openpam_readword_OBJECTS) $(t_openpam_readword_DEPENDENCIES)
+ @rm -f t_openpam_readword$(EXEEXT)
+ $(LINK) $(t_openpam_readword_OBJECTS) $(t_openpam_readword_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_main.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_openpam_readlinev.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_openpam_readword.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_LIBRARIES) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-checkLIBRARIES clean-checkPROGRAMS clean-generic \
+ clean-libtool ctags distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/t/t.h b/t/t.h
new file mode 100644
index 000000000000..4805b76af092
--- /dev/null
+++ b/t/t.h
@@ -0,0 +1,60 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: t.h 578 2012-04-06 00:45:59Z des $
+ */
+
+#ifndef T_H_INCLUDED
+#define T_H_INCLUDED
+
+#include <security/openpam_attr.h>
+
+struct t_test {
+ int (*func)(void);
+ const char *desc;
+};
+
+#define T_FUNC(n, d) \
+ static int t_ ## n ## _func(void); \
+ static const struct t_test t_ ## n = \
+ { t_ ## n ## _func, d }; \
+ static int t_ ## n ## _func(void)
+
+#define T(n) \
+ &t_ ## n
+
+extern const char *t_progname;
+
+const struct t_test **t_prepare(int, char **);
+void t_cleanup(void);
+
+void t_verbose(const char *, ...)
+ OPENPAM_FORMAT((__printf__, 1, 2));
+
+#endif
diff --git a/t/t_main.c b/t/t_main.c
new file mode 100644
index 000000000000..6a29b0a4fda6
--- /dev/null
+++ b/t/t_main.c
@@ -0,0 +1,119 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: t_main.c 578 2012-04-06 00:45:59Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <err.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "t.h"
+
+const char *t_progname;
+
+static int verbose;
+
+void
+t_verbose(const char *fmt, ...)
+{
+ va_list ap;
+
+ if (verbose) {
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ }
+}
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "usage: [-v] %s\n", t_progname);
+ exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+ const struct t_test **t_plan;
+ const char *desc;
+ int n, pass, fail;
+ int opt;
+
+ if ((t_progname = strrchr(argv[0], '/')) != NULL)
+ t_progname++; /* one past the slash */
+ else
+ t_progname = argv[0];
+
+ while ((opt = getopt(argc, argv, "v")) != -1)
+ switch (opt) {
+ case 'v':
+ verbose = 1;
+ break;
+ default:
+ usage();
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ /* prepare the test plan */
+ if ((t_plan = t_prepare(argc, argv)) == NULL)
+ errx(1, "no plan\n");
+
+ /* count the tests */
+ for (n = 0; t_plan[n] != NULL; ++n)
+ /* nothing */;
+ printf("1..%d\n", n);
+
+ /* run the tests */
+ for (n = pass = fail = 0; t_plan[n] != NULL; ++n) {
+ desc = t_plan[n]->desc ? t_plan[n]->desc : "no description";
+ if ((*t_plan[n]->func)()) {
+ printf("ok %d - %s\n", n + 1, desc);
+ ++pass;
+ } else {
+ printf("not ok %d - %s\n", n + 1, desc);
+ ++fail;
+ }
+ }
+
+ /* clean up and exit */
+ t_cleanup();
+ exit(fail > 0 ? 1 : 0);
+}
diff --git a/t/t_openpam_readlinev.c b/t/t_openpam_readlinev.c
new file mode 100644
index 000000000000..bb0ff90089e1
--- /dev/null
+++ b/t/t_openpam_readlinev.c
@@ -0,0 +1,342 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: t_openpam_readlinev.c 581 2012-04-06 01:08:37Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "openpam_impl.h"
+#include "t.h"
+
+static char filename[1024];
+static FILE *f;
+
+/*
+ * Open the temp file and immediately unlink it so it doesn't leak in case
+ * of premature exit.
+ */
+static void
+orlv_open(void)
+{
+ int fd;
+
+ if ((fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600)) < 0)
+ err(1, "%s(): %s", __func__, filename);
+ if ((f = fdopen(fd, "r+")) == NULL)
+ err(1, "%s(): %s", __func__, filename);
+ if (unlink(filename) < 0)
+ err(1, "%s(): %s", __func__, filename);
+}
+
+/*
+ * Write text to the temp file.
+ */
+static void
+orlv_output(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vfprintf(f, fmt, ap);
+ va_end(ap);
+ if (ferror(f))
+ err(1, "%s", filename);
+}
+
+/*
+ * Rewind the temp file.
+ */
+static void
+orlv_rewind(void)
+{
+
+ errno = 0;
+ rewind(f);
+ if (errno != 0)
+ err(1, "%s(): %s", __func__, filename);
+}
+
+/*
+ * Read a line from the temp file and verify that the result matches our
+ * expectations: whether a line was read at all, how many and which words
+ * it contained, how many lines were read (in case of quoted or escaped
+ * newlines) and whether we reached the end of the file.
+ */
+static int
+orlv_expect(const char **expectedv, int lines, int eof)
+{
+ int expectedc, gotc, i, lineno = 0;
+ char **gotv;
+
+ expectedc = 0;
+ if (expectedv != NULL)
+ while (expectedv[expectedc] != NULL)
+ ++expectedc;
+ gotv = openpam_readlinev(f, &lineno, &gotc);
+ if (ferror(f))
+ err(1, "%s(): %s", __func__, filename);
+ if (expectedv != NULL && gotv == NULL) {
+ t_verbose("expected %d words, got nothing\n", expectedc);
+ return (0);
+ }
+ if (expectedv == NULL && gotv != NULL) {
+ t_verbose("expected nothing, got %d words\n", gotc);
+ FREEV(gotc, gotv);
+ return (0);
+ }
+ if (expectedv != NULL && gotv != NULL) {
+ if (expectedc != gotc) {
+ t_verbose("expected %d words, got %d\n",
+ expectedc, gotc);
+ FREEV(gotc, gotv);
+ return (0);
+ }
+ for (i = 0; i < gotc; ++i) {
+ if (strcmp(expectedv[i], gotv[i]) != 0) {
+ t_verbose("word %d: expected <<%s>>, "
+ "got <<%s>>\n", i, expectedv[i], gotv[i]);
+ FREEV(gotc, gotv);
+ return (0);
+ }
+ }
+ FREEV(gotc, gotv);
+ }
+ if (lineno != lines) {
+ t_verbose("expected to advance %d lines, advanced %d lines\n",
+ lines, lineno);
+ return (0);
+ }
+ if (eof && !feof(f)) {
+ t_verbose("expected EOF, but didn't get it\n");
+ return (0);
+ }
+ if (!eof && feof(f)) {
+ t_verbose("didn't expect EOF, but got it anyway\n");
+ return (0);
+ }
+ return (1);
+}
+
+/*
+ * Close the temp file.
+ */
+void
+orlv_close(void)
+{
+
+ if (fclose(f) != 0)
+ err(1, "%s(): %s", __func__, filename);
+ f = NULL;
+}
+
+/***************************************************************************
+ * Commonly-used lines
+ */
+
+static const char *empty[] = {
+ NULL
+};
+
+static const char *hello[] = {
+ "hello",
+ NULL
+};
+
+static const char *hello_world[] = {
+ "hello",
+ "world",
+ NULL
+};
+
+
+/***************************************************************************
+ * Lines without words
+ */
+
+T_FUNC(empty_input, "empty input")
+{
+ int ret;
+
+ orlv_open();
+ ret = orlv_expect(NULL, 0 /*lines*/, 1 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(empty_line, "empty line")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output("\n");
+ orlv_rewind();
+ ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(unterminated_empty_line, "unterminated empty line")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output(" ");
+ orlv_rewind();
+ ret = orlv_expect(NULL, 0 /*lines*/, 1 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(whitespace, "whitespace")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output(" \n");
+ orlv_rewind();
+ ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(comment, "comment")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output("# comment\n");
+ orlv_rewind();
+ ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(whitespace_before_comment, "whitespace before comment")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output(" # comment\n");
+ orlv_rewind();
+ ret = orlv_expect(empty, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Simple words
+ */
+
+T_FUNC(one_word, "one word")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output("hello\n");
+ orlv_rewind();
+ ret = orlv_expect(hello, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(two_words, "two words")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output("hello world\n");
+ orlv_rewind();
+ ret = orlv_expect(hello_world, 1 /*lines*/, 0 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+T_FUNC(unterminated_line, "unterminated line")
+{
+ int ret;
+
+ orlv_open();
+ orlv_output("hello world");
+ orlv_rewind();
+ ret = orlv_expect(hello_world, 0 /*lines*/, 1 /*eof*/);
+ orlv_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Boilerplate
+ */
+
+const struct t_test *t_plan[] = {
+ T(empty_input),
+ T(empty_line),
+ T(unterminated_empty_line),
+ T(whitespace),
+ T(comment),
+ T(whitespace_before_comment),
+
+ T(one_word),
+ T(two_words),
+ T(unterminated_line),
+
+ NULL
+};
+
+const struct t_test **
+t_prepare(int argc, char *argv[])
+{
+
+ (void)argc;
+ (void)argv;
+ snprintf(filename, sizeof filename, "%s.%d.tmp", t_progname, getpid());
+ if (filename == NULL)
+ err(1, "asprintf()");
+ return (t_plan);
+}
+
+void
+t_cleanup(void)
+{
+}
diff --git a/t/t_openpam_readword.c b/t/t_openpam_readword.c
new file mode 100644
index 000000000000..2135d8ba2868
--- /dev/null
+++ b/t/t_openpam_readword.c
@@ -0,0 +1,829 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in this position and unchanged.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: t_openpam_readword.c 584 2012-04-07 22:47:16Z des $
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "t.h"
+
+static char filename[1024];
+static FILE *f;
+
+/*
+ * Open the temp file and immediately unlink it so it doesn't leak in case
+ * of premature exit.
+ */
+static void
+orw_open(void)
+{
+ int fd;
+
+ if ((fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600)) < 0)
+ err(1, "%s(): %s", __func__, filename);
+ if ((f = fdopen(fd, "r+")) == NULL)
+ err(1, "%s(): %s", __func__, filename);
+ if (unlink(filename) < 0)
+ err(1, "%s(): %s", __func__, filename);
+}
+
+/*
+ * Write text to the temp file.
+ */
+static void
+orw_output(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ vfprintf(f, fmt, ap);
+ va_end(ap);
+ if (ferror(f))
+ err(1, "%s", filename);
+}
+
+/*
+ * Rewind the temp file.
+ */
+static void
+orw_rewind(void)
+{
+
+ errno = 0;
+ rewind(f);
+ if (errno != 0)
+ err(1, "%s(): %s", __func__, filename);
+}
+
+/*
+ * Read a word from the temp file and verify that the result matches our
+ * expectations: whether a word was read at all, how many lines were read
+ * (in case of quoted or escaped newlines), whether we reached the end of
+ * the file and whether we reached the end of the line.
+ */
+static int
+orw_expect(const char *expected, int lines, int eof, int eol)
+{
+ int ch, lineno = 0;
+ char *got;
+ size_t len;
+
+ got = openpam_readword(f, &lineno, &len);
+ if (ferror(f))
+ err(1, "%s(): %s", __func__, filename);
+ if (expected != NULL && got == NULL) {
+ t_verbose("expected <<%s>>, got nothing\n", expected);
+ return (0);
+ }
+ if (expected == NULL && got != NULL) {
+ t_verbose("expected nothing, got <<%s>>\n", got);
+ return (0);
+ }
+ if (expected != NULL && got != NULL && strcmp(expected, got) != 0) {
+ t_verbose("expected <<%s>>, got <<%s>>\n", expected, got);
+ return (0);
+ }
+ if (lineno != lines) {
+ t_verbose("expected to advance %d lines, advanced %d lines\n",
+ lines, lineno);
+ return (0);
+ }
+ if (eof && !feof(f)) {
+ t_verbose("expected EOF, but didn't get it\n");
+ return (0);
+ }
+ if (!eof && feof(f)) {
+ t_verbose("didn't expect EOF, but got it anyway\n");
+ return (0);
+ }
+ ch = fgetc(f);
+ if (ferror(f))
+ err(1, "%s(): %s", __func__, filename);
+ if (eol && ch != '\n') {
+ t_verbose("expected EOL, but didn't get it\n");
+ return (0);
+ }
+ if (!eol && ch == '\n') {
+ t_verbose("didn't expect EOL, but got it anyway\n");
+ return (0);
+ }
+ if (ch != EOF)
+ ungetc(ch, f);
+ return (1);
+}
+
+/*
+ * Close the temp file.
+ */
+void
+orw_close(void)
+{
+
+ if (fclose(f) != 0)
+ err(1, "%s(): %s", __func__, filename);
+ f = NULL;
+}
+
+
+/***************************************************************************
+ * Lines without words
+ */
+
+T_FUNC(empty_input, "empty input")
+{
+ int ret;
+
+ orw_open();
+ ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(empty_line, "empty line")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\n");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(unterminated_line, "unterminated line")
+{
+ int ret;
+
+ orw_open();
+ orw_output(" ");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_whitespace, "single whitespace")
+{
+ int ret;
+
+ orw_open();
+ orw_output(" \n");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(multiple_whitespace, "multiple whitespace")
+{
+ int ret;
+
+ orw_open();
+ orw_output(" \t\r\n");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(comment, "comment")
+{
+ int ret;
+
+ orw_open();
+ orw_output("# comment\n");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(whitespace_before_comment, "whitespace before comment")
+{
+ int ret;
+
+ orw_open();
+ orw_output(" # comment\n");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Simple cases - no quotes or escapes
+ */
+
+T_FUNC(single_word, "single word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output("%s\n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_whitespace_before_word, "single whitespace before word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output(" %s\n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(double_whitespace_before_word, "double whitespace before word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output(" %s\n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_whitespace_after_word, "single whitespace after word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output("%s \n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(double_whitespace_after_word, "double whitespace after word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output("%s \n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(comment_after_word, "comment after word")
+{
+ const char *word = "hello";
+ int ret;
+
+ orw_open();
+ orw_output("%s # comment\n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect(NULL, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(word_containing_hash, "word containing hash")
+{
+ const char *word = "hello#world";
+ int ret;
+
+ orw_open();
+ orw_output("%s\n", word);
+ orw_rewind();
+ ret = orw_expect(word, 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(two_words, "two words")
+{
+ const char *word[] = { "hello", "world" };
+ int ret;
+
+ orw_open();
+ orw_output("%s %s\n", word[0], word[1]);
+ orw_rewind();
+ ret = orw_expect(word[0], 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect(word[1], 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Escapes
+ */
+
+T_FUNC(naked_escape, "naked escape")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_escape, "escaped escape")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\\\\n");
+ orw_rewind();
+ ret = orw_expect("\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_whitespace, "escaped whitespace")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\ \\\t \\\r \\\n\n");
+ orw_rewind();
+ ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ /* this last one is a line continuation */
+ orw_expect(NULL, 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_newline_before_word, "escaped newline before word")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\\nhello world\n");
+ orw_rewind();
+ ret = orw_expect("hello", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_newline_within_word, "escaped newline within word")
+{
+ int ret;
+
+ orw_open();
+ orw_output("hello\\\nworld\n");
+ orw_rewind();
+ ret = orw_expect("helloworld", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_newline_after_word, "escaped newline after word")
+{
+ int ret;
+
+ orw_open();
+ orw_output("hello\\\n world\n");
+ orw_rewind();
+ ret = orw_expect("hello", 1 /*lines*/, 0 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_letter, "escaped letter")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\z\n");
+ orw_rewind();
+ ret = orw_expect("z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Quotes
+ */
+
+T_FUNC(naked_single_quote, "naked single quote")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(naked_double_quote, "naked double quote")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"");
+ orw_rewind();
+ ret = orw_expect(NULL, 0 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(empty_single_quotes, "empty single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("''\n");
+ orw_rewind();
+ ret = orw_expect("", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(empty_double_quotes, "empty double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\"\n");
+ orw_rewind();
+ ret = orw_expect("", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_quotes_within_double_quotes, "single quotes within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"' '\"\n");
+ orw_rewind();
+ ret = orw_expect("' '", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(double_quotes_within_single_quotes, "double quotes within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\" \"'\n");
+ orw_rewind();
+ ret = orw_expect("\" \"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_quoted_whitespace, "single-quoted whitespace")
+{
+ int ret;
+
+ orw_open();
+ orw_output("' ' '\t' '\r' '\n'\n");
+ orw_rewind();
+ ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(double_quoted_whitespace, "double-quoted whitespace")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\" \" \"\t\" \"\r\" \"\n\"\n");
+ orw_rewind();
+ ret = orw_expect(" ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(single_quoted_words, "single-quoted words")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'hello world'\n");
+ orw_rewind();
+ ret = orw_expect("hello world", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(double_quoted_words, "double-quoted words")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"hello world\"\n");
+ orw_rewind();
+ ret = orw_expect("hello world", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Combinations of escape and quotes
+ */
+
+T_FUNC(escaped_single_quote,
+ "escaped single quote")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\'\n");
+ orw_rewind();
+ ret = orw_expect("'", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_double_quote,
+ "escaped double quote")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\\\"\n");
+ orw_rewind();
+ ret = orw_expect("\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_whitespace_within_single_quotes,
+ "escaped whitespace within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\\ ' '\\\t' '\\\r' '\\\n'\n");
+ orw_rewind();
+ ret = orw_expect("\\ ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\\\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\\\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\\\n", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_whitespace_within_double_quotes,
+ "escaped whitespace within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\\ \" \"\\\t\" \"\\\r\" \"\\\n\"\n");
+ orw_rewind();
+ ret = orw_expect("\\ ", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\\\t", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ orw_expect("\\\r", 0 /*lines*/, 0 /*eof*/, 0 /*eol*/) &&
+ /* this last one is a line continuation */
+ orw_expect("", 1 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_letter_within_single_quotes,
+ "escaped letter within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\\z'\n");
+ orw_rewind();
+ ret = orw_expect("\\z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_letter_within_double_quotes,
+ "escaped letter within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\\z\"\n");
+ orw_rewind();
+ ret = orw_expect("\\z", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_escape_within_single_quotes,
+ "escaped escape within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\\\\'\n");
+ orw_rewind();
+ ret = orw_expect("\\\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_escape_within_double_quotes,
+ "escaped escape within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\\\\\"\n");
+ orw_rewind();
+ ret = orw_expect("\\", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_single_quote_within_single_quotes,
+ "escaped single quote within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\\''\n");
+ orw_rewind();
+ ret = orw_expect(NULL, 1 /*lines*/, 1 /*eof*/, 0 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_double_quote_within_single_quotes,
+ "escaped double quote within single quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("'\\\"'\n");
+ orw_rewind();
+ ret = orw_expect("\\\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_single_quote_within_double_quotes,
+ "escaped single quote within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\\'\"\n");
+ orw_rewind();
+ ret = orw_expect("\\'", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+T_FUNC(escaped_double_quote_within_double_quotes,
+ "escaped double quote within double quotes")
+{
+ int ret;
+
+ orw_open();
+ orw_output("\"\\\"\"\n");
+ orw_rewind();
+ ret = orw_expect("\"", 0 /*lines*/, 0 /*eof*/, 1 /*eol*/);
+ orw_close();
+ return (ret);
+}
+
+
+/***************************************************************************
+ * Boilerplate
+ */
+
+const struct t_test *t_plan[] = {
+ T(empty_input),
+ T(empty_line),
+ T(single_whitespace),
+ T(multiple_whitespace),
+ T(comment),
+ T(whitespace_before_comment),
+
+ T(single_word),
+ T(single_whitespace_before_word),
+ T(double_whitespace_before_word),
+ T(single_whitespace_after_word),
+ T(double_whitespace_after_word),
+ T(comment_after_word),
+ T(word_containing_hash),
+ T(two_words),
+
+ T(naked_escape),
+ T(escaped_escape),
+ T(escaped_whitespace),
+ T(escaped_newline_before_word),
+ T(escaped_newline_within_word),
+ T(escaped_newline_after_word),
+ T(escaped_letter),
+
+ T(naked_single_quote),
+ T(naked_double_quote),
+ T(empty_single_quotes),
+ T(empty_double_quotes),
+ T(single_quotes_within_double_quotes),
+ T(double_quotes_within_single_quotes),
+ T(single_quoted_whitespace),
+ T(double_quoted_whitespace),
+ T(single_quoted_words),
+ T(double_quoted_words),
+
+ T(escaped_single_quote),
+ T(escaped_double_quote),
+ T(escaped_whitespace_within_single_quotes),
+ T(escaped_whitespace_within_double_quotes),
+ T(escaped_letter_within_single_quotes),
+ T(escaped_letter_within_double_quotes),
+ T(escaped_escape_within_single_quotes),
+ T(escaped_escape_within_double_quotes),
+ T(escaped_single_quote_within_single_quotes),
+ T(escaped_double_quote_within_single_quotes),
+ T(escaped_single_quote_within_double_quotes),
+ T(escaped_double_quote_within_double_quotes),
+
+ NULL
+};
+
+const struct t_test **
+t_prepare(int argc, char *argv[])
+{
+
+ (void)argc;
+ (void)argv;
+ snprintf(filename, sizeof filename, "%s.%d.tmp", t_progname, getpid());
+ if (filename == NULL)
+ err(1, "asprintf()");
+ return (t_plan);
+}
+
+void
+t_cleanup(void)
+{
+}