diff options
-rw-r--r-- | CONTRIBUTING | 5 | ||||
-rw-r--r-- | COPYING | 2 | ||||
-rw-r--r-- | DCO | 37 | ||||
-rw-r--r-- | doc/index.html | 11 | ||||
-rw-r--r-- | src/include/pamela/pamela.h | 18 | ||||
-rw-r--r-- | src/pamela/pam_set_item.c | 4 | ||||
-rw-r--r-- | src/pamela/pam_start.c | 2 | ||||
-rw-r--r-- | src/pamela/pamela_startf.c | 2 | ||||
-rw-r--r-- | src/pamela/pamelad.c | 2 |
9 files changed, 65 insertions, 18 deletions
diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..6279422 --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,5 @@ + Please add a Signed-Off-By: line at the end of your commit, +which certifies that you have the right and authority to pass +it on as an open-source patch, as explicited in the Developer's +Certificate of Origin available in this project's DCO file, +or at https://developercertificate.org/ @@ -1,4 +1,4 @@ -Copyright (c) 2018-2020 Laurent Bercot <ska-skaware@skarnet.org> +Copyright (c) 2018-2021 Laurent Bercot <ska-skaware@skarnet.org> Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -0,0 +1,37 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +1 Letterman Drive +Suite D4700 +San Francisco, CA, 94129 + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. diff --git a/doc/index.html b/doc/index.html index d1b756d..080032d 100644 --- a/doc/index.html +++ b/doc/index.html @@ -63,7 +63,7 @@ for privilege elevation. that supports Linux-PAM - (so, probably a Linux system) </li> <li> GNU make, version 3.81 or later </li> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version -2.9.2.0 or later. It's a build-time requirement and a run-time +2.11.0.0 or later. It's a build-time requirement and a run-time requirement. </li> <li> <a href="http://www.linux-pam.org/">Linux-PAM</a> version 1.3.0 or later. It's a build-time requirement and a run-time requirement. </li> @@ -80,7 +80,12 @@ or later. It's a build-time requirement and a run-time requirement. </li> <ul> <li> <!-- The current released version of pamela is <a href="pamela-0.0.1.0.tar.gz">0.0.1.0</a>. --> - pamela is a work in progress: there is no numbered version yet. </li> + pamela is in maintenance mode; there is no numbered version, and it is +unfortunately likely that there will never be one. Given how most PAM-using +projects are written, chances are that pamela will not help; sanitizing PAM +is really more about changing the programming habits of its users to use +component isolation than it is about actual isolation software. +</li> <li> You can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/pamela/">pamela git repository</a>: @@ -137,7 +142,7 @@ public interface to Linux-PAM</a> is implemented by the pamela library. </li> <ul> <li> <tt>pamela</tt> is discussed on the -<a href="//skarnet.org/lists.html#skaware">skaware</a> mailing-list. </li> +<a href="//skarnet.org/lists/#skaware">skaware</a> mailing-list. </li> </ul> </body> diff --git a/src/include/pamela/pamela.h b/src/include/pamela/pamela.h index ce5a971..58fccc6 100644 --- a/src/include/pamela/pamela.h +++ b/src/include/pamela/pamela.h @@ -24,8 +24,8 @@ /* pam_fail_delay */ -typedef void pamela_pam_delay_func_t (int, unsigned int, void *) ; -typedef pamela_pam_delay_func_t *pamela_pam_delay_func_t_ref ; +typedef void pamela_pam_delay_func (int, unsigned int, void *) ; +typedef pamela_pam_delay_func *pamela_pam_delay_func_ref ; /* Conversations */ @@ -46,8 +46,8 @@ struct pamela_pam_response_s extern void pamela_pam_response_free (pamela_pam_response_t *, uint32_t) ; -typedef int pamela_pam_conv_func_t (int, pamela_pam_message_t const **, pamela_pam_response_t **, void *) ; -typedef pamela_pam_conv_func_t *pamela_pam_conv_func_t_ref ; +typedef int pamela_pam_conv_func (int, pamela_pam_message_t const **, pamela_pam_response_t **, void *) ; +typedef pamela_pam_conv_func *pamela_pam_conv_func_ref ; /* Client handle */ @@ -55,11 +55,11 @@ typedef pamela_pam_conv_func_t *pamela_pam_conv_func_t_ref ; typedef struct pamela_s pamela_t, *pamela_t_ref ; struct pamela_s { - textmessage_receiver_t in ; - textmessage_sender_t out ; + textmessage_receiver in ; + textmessage_sender out ; pid_t pid ; - pamela_pam_delay_func_t_ref delayfn ; - pamela_pam_conv_func_t_ref convfn ; + pamela_pam_delay_func_ref delayfn ; + pamela_pam_conv_func_ref convfn ; void *aux ; char inbuf[PAMELA_BUFSIZE] ; } ; @@ -70,7 +70,7 @@ extern pamela_t const pamela_zero ; /* User-facing functions */ -extern int pamela_startf (pamela_t *, char const *, char const *, pamela_pam_conv_func_t_ref, void *) ; +extern int pamela_startf (pamela_t *, char const *, char const *, pamela_pam_conv_func_ref, void *) ; extern void pamela_end (pamela_t *) ; extern int pamela_strerror (pamela_t *, unsigned char, stralloc *) ; extern int pamela_getenvlist (pamela_t *, stralloc *) ; diff --git a/src/pamela/pam_set_item.c b/src/pamela/pam_set_item.c index 03e08c0..f3c145e 100644 --- a/src/pamela/pam_set_item.c +++ b/src/pamela/pam_set_item.c @@ -33,13 +33,13 @@ int pam_set_item (pam_handle_t *pamh, int item_type, void const *item) case PAM_FAIL_DELAY : { int e ; - pamh->handle.delayfn = (pamela_pam_delay_func_t_ref)item ; + pamh->handle.delayfn = (pamela_pam_delay_func_ref)item ; e = pamela_op(&pamh->handle, PAMELA_OP_SETFAILDELAY, 0) ; if (e != PAM_SUCCESS) return e ; break ; } case PAM_CONV : - pamh->handle.convfn = (pamela_pam_conv_func_t_ref)item ; + pamh->handle.convfn = (pamela_pam_conv_func_ref)item ; break ; case PAM_XAUTHDATA : return xauthdata_pack_and_set(&pamh->handle, (struct pam_xauth_data const *)item) ; diff --git a/src/pamela/pam_start.c b/src/pamela/pam_start.c index 3847080..9206c64 100644 --- a/src/pamela/pam_start.c +++ b/src/pamela/pam_start.c @@ -23,7 +23,7 @@ int pam_start (char const *service_name, char const *user, struct pam_conv const a->flagerrcached = a->flagenvcached = 0 ; for (unsigned int i = 0 ; i < _PAM_RETURN_VALUES ; i++) a->err[i] = stralloc_zero ; for (unsigned int i = 0 ; i < PAM_ITEM_MAX ; i++) a->item[i] = stralloc_zero ; - e = pamela_startf(&a->handle, service_name, user, pam_conversation && pam_conversation->conv ? (pamela_pam_conv_func_t_ref)pam_conversation->conv : &pamela_dummy_conv, pam_conversation ? pam_conversation->appdata_ptr : 0) ; + e = pamela_startf(&a->handle, service_name, user, pam_conversation && pam_conversation->conv ? (pamela_pam_conv_func_ref)pam_conversation->conv : &pamela_dummy_conv, pam_conversation ? pam_conversation->appdata_ptr : 0) ; if (e) { free(a) ; diff --git a/src/pamela/pamela_startf.c b/src/pamela/pamela_startf.c index 4d7ff46..9e054d6 100644 --- a/src/pamela/pamela_startf.c +++ b/src/pamela/pamela_startf.c @@ -8,7 +8,7 @@ #include <pamela/config.h> #include <pamela/pamela.h> -int pamela_startf (pamela_t *a, char const *service_name, char const *user, pamela_pam_conv_func_t_ref convfn, void *aux) +int pamela_startf (pamela_t *a, char const *service_name, char const *user, pamela_pam_conv_func_ref convfn, void *aux) { char const *argv[4] = { PAMELA_LIBEXECPREFIX "pamelad", service_name, user, 0 } ; int fd[2] ; diff --git a/src/pamela/pamelad.c b/src/pamela/pamelad.c index 42a08fe..617ca24 100644 --- a/src/pamela/pamelad.c +++ b/src/pamela/pamelad.c @@ -315,7 +315,7 @@ int main (int argc, char const *const *argv) if (argc < 3) strerr_dieusage(100, USAGE) ; if (ndelay_on(0) < 0) strerr_diefu2sys(111, "ndelay_on ", "0") ; if (ndelay_on(1) < 0) strerr_diefu2sys(111, "ndelay_on ", "1") ; - if (sig_ignore(SIGPIPE) < 0) strerr_diefu1sys(111, "ignore SIGPIPE") ; + if (!sig_altignore(SIGPIPE)) strerr_diefu1sys(111, "ignore SIGPIPE") ; if (!getgid()) { |