diff options
Diffstat (limited to 'libpam/include')
| -rw-r--r-- | libpam/include/meson.build | 3 | ||||
| -rw-r--r-- | libpam/include/pam_i18n.h | 17 | ||||
| -rw-r--r-- | libpam/include/pam_inline.h | 36 | ||||
| -rw-r--r-- | libpam/include/security/_pam_macros.h | 84 | ||||
| -rw-r--r-- | libpam/include/security/_pam_types.h | 2 | ||||
| -rw-r--r-- | libpam/include/security/meson.build | 10 | ||||
| -rw-r--r-- | libpam/include/test_assert.h | 9 |
7 files changed, 124 insertions, 37 deletions
diff --git a/libpam/include/meson.build b/libpam/include/meson.build new file mode 100644 index 00000000..1bf46f3b --- /dev/null +++ b/libpam/include/meson.build @@ -0,0 +1,3 @@ +configure_file(output: 'config.h', configuration: cdata) + +subdir('security') diff --git a/libpam/include/pam_i18n.h b/libpam/include/pam_i18n.h new file mode 100644 index 00000000..85a21219 --- /dev/null +++ b/libpam/include/pam_i18n.h @@ -0,0 +1,17 @@ +#ifndef PAM_I18N_H +#define PAM_I18N_H + +#ifdef ENABLE_NLS + +# include <libintl.h> +# define _(msgid) dgettext(PACKAGE, msgid) +# define N_(msgid) msgid + +#else + +# define _(msgid) (msgid) +# define N_(msgid) msgid + +#endif /* ENABLE_NLS */ + +#endif /* PAM_I18N_H */ diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h index 7721c0b7..cc302248 100644 --- a/libpam/include/pam_inline.h +++ b/libpam/include/pam_inline.h @@ -45,6 +45,26 @@ #define PAM_ARRAY_SIZE(a_) (sizeof(a_) / sizeof((a_)[0]) + PAM_MUST_BE_ARRAY(a_)) /* + * Zero-extend a signed integer type to unsigned long long. + */ +# define zero_extend_signed_to_ull(v_) \ + (sizeof(v_) == sizeof(char) ? (unsigned long long) (unsigned char) (v_) : \ + sizeof(v_) == sizeof(short) ? (unsigned long long) (unsigned short) (v_) : \ + sizeof(v_) == sizeof(int) ? (unsigned long long) (unsigned int) (v_) : \ + sizeof(v_) == sizeof(long) ? (unsigned long long) (unsigned long) (v_) : \ + (unsigned long long) (v_)) + +/* + * Sign-extend an unsigned integer type to long long. + */ +# define sign_extend_unsigned_to_ll(v_) \ + (sizeof(v_) == sizeof(char) ? (long long) (signed char) (v_) : \ + sizeof(v_) == sizeof(short) ? (long long) (signed short) (v_) : \ + sizeof(v_) == sizeof(int) ? (long long) (signed int) (v_) : \ + sizeof(v_) == sizeof(long) ? (long long) (signed long) (v_) : \ + (long long) (v_)) + +/* * Returns NULL if STR does not start with PREFIX, * or a pointer to the first char in STR after PREFIX. * The length of PREFIX is specified by PREFIX_LEN. @@ -82,7 +102,7 @@ pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix static inline void pam_overwrite_n(void *ptr, size_t len) { if (ptr) - memset_explicit(ptr, len); + memset_explicit(ptr, '\0', len); } #elif defined HAVE_EXPLICIT_BZERO static inline void pam_overwrite_n(void *ptr, size_t len) @@ -175,4 +195,18 @@ pam_read_passwords(int fd, int npass, char **passwords) return i; } +static inline int +pam_consttime_streq(const char *userinput, const char *secret) { + volatile const char *u = userinput, *s = secret; + volatile int ret = 0; + + do { + ret |= *u ^ *s; + + s += !!*s; + } while (*u++ != '\0'); + + return ret == 0; +} + #endif /* PAM_INLINE_H */ diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h index b5129d2a..d01f51f5 100644 --- a/libpam/include/security/_pam_macros.h +++ b/libpam/include/security/_pam_macros.h @@ -21,21 +21,21 @@ * override the memory. */ -#define _pam_overwrite(x) \ -do { \ - PAM_DEPRECATED register char *__xx__; \ - if ((__xx__=(x))) \ - while (*__xx__) \ - *__xx__++ = '\0'; \ +#define _pam_overwrite(x) \ +do { \ + PAM_DEPRECATED register char *xx_; \ + if ((xx_=(x))) \ + while (*xx_) \ + *xx_++ = '\0'; \ } while (0) -#define _pam_overwrite_n(x,n) \ -do { \ - PAM_DEPRECATED register char *__xx__; \ - register unsigned int __i__ = 0; \ - if ((__xx__=(x))) \ - for (;__i__<n; __i__++) \ - __xx__[__i__] = 0; \ +#define _pam_overwrite_n(x,n) \ +do { \ + PAM_DEPRECATED register char *xx_; \ + register unsigned int i_ = 0; \ + if ((xx_=(x))) \ + for (;i_<(n); i_++) \ + xx_[i_] = 0; \ } while (0) /* @@ -44,28 +44,25 @@ do { \ #define _pam_drop(X) \ do { \ - if (X) { \ - free(X); \ - X=NULL; \ - } \ + free(X); \ + (X)=NULL; \ } while (0) /* - * WARNING: Do NOT use this macro, as it does not reliable override the memory. + * WARNING: Do NOT use this macro, as it does not reliably override the memory. */ #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ -do { \ - PAM_DEPRECATED int reply_i; \ - \ - for (reply_i=0; reply_i<replies; ++reply_i) { \ - if (reply[reply_i].resp) { \ - _pam_overwrite(reply[reply_i].resp); \ - free(reply[reply_i].resp); \ - } \ - } \ - if (reply) \ - free(reply); \ +do { \ + PAM_DEPRECATED int reply_i; \ + \ + for (reply_i=0; reply_i<(replies); ++reply_i) { \ + if ((reply)[reply_i].resp) { \ + _pam_overwrite((reply)[reply_i].resp); \ + free((reply)[reply_i].resp); \ + } \ + } \ + free(reply); \ } while (0) /* some debugging code */ @@ -97,8 +94,25 @@ do { \ #define _PAM_LOGFILE "/var/run/pam-debug.log" #endif -static void _pam_output_debug_info(const char *file, const char *fn - , const int line) +#ifdef PAM_NO_HEADER_FUNCTIONS +UNUSED +extern void _pam_output_debug_info(const char *file, const char *fn + , const int line); +UNUSED +PAM_FORMAT((printf, 1, 2)) +extern void _pam_output_debug(const char *format, ...); +#else +#ifdef PAM_DEBUG_C +#define PAM_DEBUG_SCOPE +#else +#define PAM_DEBUG_SCOPE static +#endif + +#ifdef UNUSED +UNUSED +#endif +PAM_DEBUG_SCOPE void _pam_output_debug_info(const char *file, const char *fn + , const int line) { FILE *logfile; int must_close = 1, fd; @@ -123,7 +137,11 @@ static void _pam_output_debug_info(const char *file, const char *fn fclose(logfile); } -static void _pam_output_debug(const char *format, ...) +#ifdef UNUSED +UNUSED +#endif +PAM_FORMAT((printf, 1, 2)) +PAM_DEBUG_SCOPE void _pam_output_debug(const char *format, ...) { va_list args; FILE *logfile; @@ -153,6 +171,8 @@ static void _pam_output_debug(const char *format, ...) va_end(args); } +#undef PAM_DEBUG_SCOPE +#endif #define D(x) do { \ _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h index 4d6909e8..f2d3e204 100644 --- a/libpam/include/security/_pam_types.h +++ b/libpam/include/security/_pam_types.h @@ -22,7 +22,7 @@ typedef struct pam_handle pam_handle_t; /* Major and minor version number of the Linux-PAM package. Use these macros to test for features in specific releases. */ #define __LINUX_PAM__ 1 -#define __LINUX_PAM_MINOR__ 0 +#define __LINUX_PAM_MINOR__ 7 /* ----------------- The Linux-PAM return values ------------------ */ diff --git a/libpam/include/security/meson.build b/libpam/include/security/meson.build new file mode 100644 index 00000000..1a712c9f --- /dev/null +++ b/libpam/include/security/meson.build @@ -0,0 +1,10 @@ +install_headers([ + '_pam_compat.h', + '_pam_macros.h', + '_pam_types.h', + 'pam_appl.h', + 'pam_ext.h', + 'pam_modules.h', + 'pam_modutil.h', + ], + install_dir: includedir) diff --git a/libpam/include/test_assert.h b/libpam/include/test_assert.h index 9d30d62f..879f5814 100644 --- a/libpam/include/test_assert.h +++ b/libpam/include/test_assert.h @@ -7,10 +7,9 @@ #ifndef TEST_ASSERT_H # define TEST_ASSERT_H -# ifdef HAVE_CONFIG_H -# include <config.h> -# endif +# include <config.h> +# include <limits.h> # include <stdio.h> # include <stdlib.h> @@ -52,4 +51,8 @@ ASSERT_((expected_), #expected_, >=, (seen_), #seen_) \ /* End of ASSERT_LT definition. */ +# ifndef PATH_MAX +# define PATH_MAX 4096 +# endif + #endif /* TEST_ASSERT_H */ |