6 files changed, 201 insertions, 2 deletions

diff --git a/libpam/include/pam_cc_compat.h b/libpam/include/pam_cc_compat.h
new file mode 100644
index 00000000..69190368
--- /dev/null
+++ b/libpam/include/pam_cc_compat.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#ifndef PAM_CC_COMPAT_H
+#define PAM_CC_COMPAT_H
+
+#include "config.h"
+#include <security/_pam_types.h>
+
+#if defined __clang__ && defined __clang_major__ && defined __clang_minor__
+# define PAM_CLANG_PREREQ(maj, min)					\
+	((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min))
+#else
+# define PAM_CLANG_PREREQ(maj, min)	0
+#endif
+
+#if PAM_GNUC_PREREQ(2, 7)
+# define PAM_ATTRIBUTE_ALIGNED(arg)	__attribute__((__aligned__(arg)))
+#else
+# define PAM_ATTRIBUTE_ALIGNED(arg)	/* empty */
+#endif
+
+#if PAM_GNUC_PREREQ(4, 6)
+# define DIAG_PUSH_IGNORE_CAST_QUAL					\
+	_Pragma("GCC diagnostic push");					\
+	_Pragma("GCC diagnostic ignored \"-Wcast-qual\"")
+# define DIAG_POP_IGNORE_CAST_QUAL					\
+	_Pragma("GCC diagnostic pop")
+# define DIAG_PUSH_IGNORE_CAST_ALIGN					\
+	_Pragma("GCC diagnostic push");					\
+	_Pragma("GCC diagnostic ignored \"-Wcast-align\"")
+# define DIAG_POP_IGNORE_CAST_ALIGN					\
+	_Pragma("GCC diagnostic pop")
+#elif PAM_CLANG_PREREQ(2, 6)
+# define DIAG_PUSH_IGNORE_CAST_QUAL					\
+	_Pragma("clang diagnostic push");				\
+	_Pragma("clang diagnostic ignored \"-Wcast-qual\"")
+# define DIAG_POP_IGNORE_CAST_QUAL					\
+	_Pragma("clang diagnostic pop")
+# define DIAG_PUSH_IGNORE_CAST_ALIGN					\
+	_Pragma("clang diagnostic push");				\
+	_Pragma("clang diagnostic ignored \"-Wcast-align\"")
+# define DIAG_POP_IGNORE_CAST_ALIGN					\
+	_Pragma("clang diagnostic pop")
+#else
+# define DIAG_PUSH_IGNORE_CAST_QUAL	/* empty */
+# define DIAG_POP_IGNORE_CAST_QUAL	/* empty */
+# define DIAG_PUSH_IGNORE_CAST_ALIGN	/* empty */
+# define DIAG_POP_IGNORE_CAST_ALIGN	/* empty */
+#endif
+
+/*
+ * Evaluates to
+ * 1, if the given two types are known to be the same
+ * 0, otherwise.
+ */
+#if PAM_GNUC_PREREQ(3, 0)
+# define PAM_IS_SAME_TYPE(x_, y_)					\
+	__builtin_types_compatible_p(__typeof__(x_), __typeof__(y_))
+#else
+/* Cannot tell whether these types are the same.  */
+# define PAM_IS_SAME_TYPE(x_, y_)	0
+#endif
+
+#endif /* PAM_CC_COMPAT_H */
diff --git a/libpam/include/pam_inline.h b/libpam/include/pam_inline.h
new file mode 100644
index 00000000..ec05fe43
--- /dev/null
+++ b/libpam/include/pam_inline.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ *
+ * Handy inline functions and macros providing some convenient functionality
+ * to libpam and its modules.
+ */
+
+#ifndef PAM_INLINE_H
+#define PAM_INLINE_H
+
+#include "pam_cc_compat.h"
+#include <string.h>
+
+/*
+ * Evaluates to
+ * - a syntax error if the argument is 0,
+ * 0, otherwise.
+ */
+#define PAM_FAIL_BUILD_ON_ZERO(e_)	(sizeof(int[-1 + 2 * !!(e_)]) * 0)
+
+/*
+ * Evaluates to
+ * 1, if the given type is known to be a non-array type
+ * 0, otherwise.
+ */
+#define PAM_IS_NOT_ARRAY(a_)		PAM_IS_SAME_TYPE((a_), &(a_)[0])
+
+/*
+ * Evaluates to
+ * - a syntax error if the argument is not an array,
+ * 0, otherwise.
+ */
+#define PAM_MUST_BE_ARRAY(a_)		PAM_FAIL_BUILD_ON_ZERO(!PAM_IS_NOT_ARRAY(a_))
+
+/* Evaluates to the number of elements in the specified array.  */
+#define PAM_ARRAY_SIZE(a_)		(sizeof(a_) / sizeof((a_)[0]) + PAM_MUST_BE_ARRAY(a_))
+
+/*
+ * Returns NULL if STR does not start with PREFIX,
+ * or a pointer to the first char in STR after PREFIX.
+ * The length of PREFIX is specified by PREFIX_LEN.
+ */
+static inline const char *
+pam_str_skip_prefix_len(const char *str, const char *prefix, size_t prefix_len)
+{
+	return strncmp(str, prefix, prefix_len) ? NULL : str + prefix_len;
+}
+
+#define pam_str_skip_prefix(str_, prefix_)	\
+	pam_str_skip_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_))
+
+/*
+ * Returns NULL if STR does not start with PREFIX
+ * (ignoring the case of the characters),
+ * or a pointer to the first char in STR after PREFIX.
+ * The length of PREFIX is specified by PREFIX_LEN.
+ */
+static inline const char *
+pam_str_skip_icase_prefix_len(const char *str, const char *prefix, size_t prefix_len)
+{
+	return strncasecmp(str, prefix, prefix_len) ? NULL : str + prefix_len;
+}
+
+#define pam_str_skip_icase_prefix(str_, prefix_)	\
+	pam_str_skip_icase_prefix_len((str_), (prefix_), sizeof(prefix_) - 1 + PAM_MUST_BE_ARRAY(prefix_))
+
+#endif /* PAM_INLINE_H */
diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h
index 2d684bce..2abb7ee5 100644
--- a/libpam/include/security/_pam_types.h
+++ b/libpam/include/security/_pam_types.h
@@ -41,7 +41,7 @@ typedef struct pam_handle pam_handle_t;
 				/* can not retrieve authentication */
 				/* information  */
 #define PAM_USER_UNKNOWN 10	/* User not known to the underlying */
-				/* authenticaiton module */
+				/* authentication module */
 #define PAM_MAXTRIES 11		/* An authentication service has */
 				/* maintained a retry count which has */
 				/* been reached.  No further retries */
@@ -50,7 +50,7 @@ typedef struct pam_handle pam_handle_t;
 				/* This is normally returned if the */
 				/* machine security policies require */
 				/* that the password should be changed */
-				/* beccause the password is NULL or it */
+				/* because the password is NULL or it */
 				/* has aged */
 #define PAM_ACCT_EXPIRED 13	/* User account has expired */
 #define PAM_SESSION_ERR 14	/* Can not make/remove an entry for */
diff --git a/libpam/include/security/pam_appl.h b/libpam/include/security/pam_appl.h
index d4172c69..cf97a493 100644
--- a/libpam/include/security/pam_appl.h
+++ b/libpam/include/security/pam_appl.h
@@ -24,6 +24,11 @@ pam_start(const char *service_name, const char *user,
 	  const struct pam_conv *pam_conversation,
 	  pam_handle_t **pamh);
 
+extern int PAM_NONNULL((1,3,5))
+pam_start_confdir(const char *service_name, const char *user,
+		  const struct pam_conv *pam_conversation,
+		  const char *confdir, pam_handle_t **pamh);
+
 extern int PAM_NONNULL((1))
 pam_end(pam_handle_t *pamh, int pam_status);
 
diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h
index 4ce8c552..3a6aec6a 100644
--- a/libpam/include/security/pam_modutil.h
+++ b/libpam/include/security/pam_modutil.h
@@ -142,6 +142,12 @@ pam_modutil_sanitize_helper_fds(pam_handle_t *pamh,
 				enum pam_modutil_redirect_fd redirect_stdout,
 				enum pam_modutil_redirect_fd redirect_stderr);
 
+/* lookup a value for key in login.defs file or similar key value format */
+extern char * PAM_NONNULL((1,2,3))
+pam_modutil_search_key(pam_handle_t *pamh,
+		       const char *file_name,
+		       const char *key);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/libpam/include/test_assert.h b/libpam/include/test_assert.h
new file mode 100644
index 00000000..9d30d62f
--- /dev/null
+++ b/libpam/include/test_assert.h
@@ -0,0 +1,55 @@
+/*
+ * Assert definitions for tests.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#ifndef TEST_ASSERT_H
+# define TEST_ASSERT_H
+
+# ifdef HAVE_CONFIG_H
+#  include <config.h>
+# endif
+
+# include <stdio.h>
+# include <stdlib.h>
+
+# define ASSERT_(expected_, expected_str_, op_, seen_, seen_str_)		\
+	do {									\
+		__typeof__(expected_) e_ = (expected_);				\
+		__typeof__(seen_) s_ = (seen_);					\
+		if (e_ op_ s_) break;						\
+		fprintf(stderr,							\
+			"%s:%d: Assertion failed: %s (%#lx) %s %s (%#lx)\n",	\
+			__FILE__, __LINE__,					\
+			(expected_str_), (unsigned long) e_, #op_,		\
+			(seen_str_), (unsigned long) s_);			\
+		abort();							\
+	} while (0)								\
+/* End of ASSERT_ definition.  */
+
+# define ASSERT_EQ(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, ==, (seen_), #seen_)			\
+/* End of ASSERT_EQ definition.  */
+
+# define ASSERT_NE(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, !=, (seen_), #seen_)			\
+/* End of ASSERT_NE definition.  */
+
+# define ASSERT_LT(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, <, (seen_), #seen_)			\
+/* End of ASSERT_LT definition.  */
+
+# define ASSERT_LE(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, <=, (seen_), #seen_)			\
+/* End of ASSERT_LT definition.  */
+
+# define ASSERT_GT(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, >, (seen_), #seen_)			\
+/* End of ASSERT_LT definition.  */
+
+# define ASSERT_GE(expected_, seen_)						\
+	ASSERT_((expected_), #expected_, >=, (seen_), #seen_)			\
+/* End of ASSERT_LT definition.  */
+
+#endif /* TEST_ASSERT_H */