summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CONTRIBUTING5
-rw-r--r--COPYING2
-rw-r--r--DCO37
-rw-r--r--doc/index.html11
-rw-r--r--src/include/pamela/pamela.h18
-rw-r--r--src/pamela/pam_set_item.c4
-rw-r--r--src/pamela/pam_start.c2
-rw-r--r--src/pamela/pamela_startf.c2
-rw-r--r--src/pamela/pamelad.c2
9 files changed, 65 insertions, 18 deletions
diff --git a/CONTRIBUTING b/CONTRIBUTING
new file mode 100644
index 0000000..6279422
--- /dev/null
+++ b/CONTRIBUTING
@@ -0,0 +1,5 @@
+ Please add a Signed-Off-By: line at the end of your commit,
+which certifies that you have the right and authority to pass
+it on as an open-source patch, as explicited in the Developer's
+Certificate of Origin available in this project's DCO file,
+or at https://developercertificate.org/
diff --git a/COPYING b/COPYING
index 898f9cb..04c41fb 100644
--- a/COPYING
+++ b/COPYING
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2020 Laurent Bercot <ska-skaware@skarnet.org>
+Copyright (c) 2018-2021 Laurent Bercot <ska-skaware@skarnet.org>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
diff --git a/DCO b/DCO
new file mode 100644
index 0000000..8201f99
--- /dev/null
+++ b/DCO
@@ -0,0 +1,37 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+(c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+(d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
diff --git a/doc/index.html b/doc/index.html
index d1b756d..080032d 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -63,7 +63,7 @@ for privilege elevation.
that supports Linux-PAM - (so, probably a Linux system) </li>
<li> GNU make, version 3.81 or later </li>
<li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
-2.9.2.0 or later. It's a build-time requirement and a run-time
+2.11.0.0 or later. It's a build-time requirement and a run-time
requirement. </li>
<li> <a href="http://www.linux-pam.org/">Linux-PAM</a> version 1.3.0
or later. It's a build-time requirement and a run-time requirement. </li>
@@ -80,7 +80,12 @@ or later. It's a build-time requirement and a run-time requirement. </li>
<ul>
<li> <!-- The current released version of pamela is <a href="pamela-0.0.1.0.tar.gz">0.0.1.0</a>. -->
- pamela is a work in progress: there is no numbered version yet. </li>
+ pamela is in maintenance mode; there is no numbered version, and it is
+unfortunately likely that there will never be one. Given how most PAM-using
+projects are written, chances are that pamela will not help; sanitizing PAM
+is really more about changing the programming habits of its users to use
+component isolation than it is about actual isolation software.
+</li>
<li> You can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/pamela/">pamela
git repository</a>:
@@ -137,7 +142,7 @@ public interface to Linux-PAM</a> is implemented by the pamela library. </li>
<ul>
<li> <tt>pamela</tt> is discussed on the
-<a href="//skarnet.org/lists.html#skaware">skaware</a> mailing-list. </li>
+<a href="//skarnet.org/lists/#skaware">skaware</a> mailing-list. </li>
</ul>
</body>
diff --git a/src/include/pamela/pamela.h b/src/include/pamela/pamela.h
index ce5a971..58fccc6 100644
--- a/src/include/pamela/pamela.h
+++ b/src/include/pamela/pamela.h
@@ -24,8 +24,8 @@
/* pam_fail_delay */
-typedef void pamela_pam_delay_func_t (int, unsigned int, void *) ;
-typedef pamela_pam_delay_func_t *pamela_pam_delay_func_t_ref ;
+typedef void pamela_pam_delay_func (int, unsigned int, void *) ;
+typedef pamela_pam_delay_func *pamela_pam_delay_func_ref ;
/* Conversations */
@@ -46,8 +46,8 @@ struct pamela_pam_response_s
extern void pamela_pam_response_free (pamela_pam_response_t *, uint32_t) ;
-typedef int pamela_pam_conv_func_t (int, pamela_pam_message_t const **, pamela_pam_response_t **, void *) ;
-typedef pamela_pam_conv_func_t *pamela_pam_conv_func_t_ref ;
+typedef int pamela_pam_conv_func (int, pamela_pam_message_t const **, pamela_pam_response_t **, void *) ;
+typedef pamela_pam_conv_func *pamela_pam_conv_func_ref ;
/* Client handle */
@@ -55,11 +55,11 @@ typedef pamela_pam_conv_func_t *pamela_pam_conv_func_t_ref ;
typedef struct pamela_s pamela_t, *pamela_t_ref ;
struct pamela_s
{
- textmessage_receiver_t in ;
- textmessage_sender_t out ;
+ textmessage_receiver in ;
+ textmessage_sender out ;
pid_t pid ;
- pamela_pam_delay_func_t_ref delayfn ;
- pamela_pam_conv_func_t_ref convfn ;
+ pamela_pam_delay_func_ref delayfn ;
+ pamela_pam_conv_func_ref convfn ;
void *aux ;
char inbuf[PAMELA_BUFSIZE] ;
} ;
@@ -70,7 +70,7 @@ extern pamela_t const pamela_zero ;
/* User-facing functions */
-extern int pamela_startf (pamela_t *, char const *, char const *, pamela_pam_conv_func_t_ref, void *) ;
+extern int pamela_startf (pamela_t *, char const *, char const *, pamela_pam_conv_func_ref, void *) ;
extern void pamela_end (pamela_t *) ;
extern int pamela_strerror (pamela_t *, unsigned char, stralloc *) ;
extern int pamela_getenvlist (pamela_t *, stralloc *) ;
diff --git a/src/pamela/pam_set_item.c b/src/pamela/pam_set_item.c
index 03e08c0..f3c145e 100644
--- a/src/pamela/pam_set_item.c
+++ b/src/pamela/pam_set_item.c
@@ -33,13 +33,13 @@ int pam_set_item (pam_handle_t *pamh, int item_type, void const *item)
case PAM_FAIL_DELAY :
{
int e ;
- pamh->handle.delayfn = (pamela_pam_delay_func_t_ref)item ;
+ pamh->handle.delayfn = (pamela_pam_delay_func_ref)item ;
e = pamela_op(&pamh->handle, PAMELA_OP_SETFAILDELAY, 0) ;
if (e != PAM_SUCCESS) return e ;
break ;
}
case PAM_CONV :
- pamh->handle.convfn = (pamela_pam_conv_func_t_ref)item ;
+ pamh->handle.convfn = (pamela_pam_conv_func_ref)item ;
break ;
case PAM_XAUTHDATA :
return xauthdata_pack_and_set(&pamh->handle, (struct pam_xauth_data const *)item) ;
diff --git a/src/pamela/pam_start.c b/src/pamela/pam_start.c
index 3847080..9206c64 100644
--- a/src/pamela/pam_start.c
+++ b/src/pamela/pam_start.c
@@ -23,7 +23,7 @@ int pam_start (char const *service_name, char const *user, struct pam_conv const
a->flagerrcached = a->flagenvcached = 0 ;
for (unsigned int i = 0 ; i < _PAM_RETURN_VALUES ; i++) a->err[i] = stralloc_zero ;
for (unsigned int i = 0 ; i < PAM_ITEM_MAX ; i++) a->item[i] = stralloc_zero ;
- e = pamela_startf(&a->handle, service_name, user, pam_conversation && pam_conversation->conv ? (pamela_pam_conv_func_t_ref)pam_conversation->conv : &pamela_dummy_conv, pam_conversation ? pam_conversation->appdata_ptr : 0) ;
+ e = pamela_startf(&a->handle, service_name, user, pam_conversation && pam_conversation->conv ? (pamela_pam_conv_func_ref)pam_conversation->conv : &pamela_dummy_conv, pam_conversation ? pam_conversation->appdata_ptr : 0) ;
if (e)
{
free(a) ;
diff --git a/src/pamela/pamela_startf.c b/src/pamela/pamela_startf.c
index 4d7ff46..9e054d6 100644
--- a/src/pamela/pamela_startf.c
+++ b/src/pamela/pamela_startf.c
@@ -8,7 +8,7 @@
#include <pamela/config.h>
#include <pamela/pamela.h>
-int pamela_startf (pamela_t *a, char const *service_name, char const *user, pamela_pam_conv_func_t_ref convfn, void *aux)
+int pamela_startf (pamela_t *a, char const *service_name, char const *user, pamela_pam_conv_func_ref convfn, void *aux)
{
char const *argv[4] = { PAMELA_LIBEXECPREFIX "pamelad", service_name, user, 0 } ;
int fd[2] ;
diff --git a/src/pamela/pamelad.c b/src/pamela/pamelad.c
index 42a08fe..617ca24 100644
--- a/src/pamela/pamelad.c
+++ b/src/pamela/pamelad.c
@@ -315,7 +315,7 @@ int main (int argc, char const *const *argv)
if (argc < 3) strerr_dieusage(100, USAGE) ;
if (ndelay_on(0) < 0) strerr_diefu2sys(111, "ndelay_on ", "0") ;
if (ndelay_on(1) < 0) strerr_diefu2sys(111, "ndelay_on ", "1") ;
- if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ;
+ if (!sig_altignore(SIGPIPE)) strerr_diefu1sys(111, "ignore SIGPIPE") ;
if (!getgid())
{