Commit Graph

218 Commits

Author SHA1 Message Date
fox
113ec9c52a lib/libpam: Fix the possible -Werror=stringop-truncation
Replace strncpy(3) with the safer strlcpy(3) and adjust the code.

Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.

Reviewed by: kamil@, christos@
2020-06-12 01:20:32 +00:00
rin
6ce10d32d6 Fix fallout from NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES changes;
libpam.a fails to load any modules and does not work at all.

At the moment, openpam_load.c at least must be compiled with and without
OPENPAM_STATIC_MODULES for static and shared libraries, respectively.

Therefore, use CSHLIBFLAGS again, in order to build objects for static and
shared libraries separately.

This may be ugly, but seems better for me than adding further hacks in
libpam/libpam/Makefile, which is already complicated enough...
2020-05-23 00:43:33 +00:00
christos
4b08ec2333 Fix the vax build and explain why... 2020-05-01 21:58:16 +00:00
riastradh
0f6461fb7e Reverse sense of NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES.
This avoids leaking NO_STATIC_MODULES into the public header, which
has led to considerable confusion and workarounds in pkgrsc.

PR security/39313
PR security/55216

ok christos
2020-04-29 02:16:56 +00:00
christos
793e7dfe1f Add debugging commented out. 2020-03-03 00:46:06 +00:00
christos
a2362fee00 Redo the sshsk_sign() stuff properly, but putting the helper in libssh.so 2020-03-01 20:59:52 +00:00
christos
30dba8ff06 Add the sign client part. 2020-03-01 14:50:43 +00:00
christos
36f537f56c This takes a provider now 2020-02-27 03:25:08 +00:00
christos
53702d90ff one more level down 2020-02-27 02:56:46 +00:00
mrg
046701c57b probably fix previous: it wants mod.mk's PARSEDIR/.., not ../..,
so it picks up the libpam/Makefile.inc.
2020-02-27 00:02:56 +00:00
christos
65b3e3c5b8 Handle pam modules that are not in this subtree. 2020-02-26 19:33:30 +00:00
christos
e404e1832c there is no potential overflow anymore (thanks Kamil) 2020-02-07 23:28:59 +00:00
christos
73c6a60ccf stop using sprintf and check for buffer overflow. 2020-02-07 22:13:35 +00:00
reed
030d4fb522 Simply Subsection headers
There was a formatting issue with mandoc showing the
literal "Ss" macros. I reported this bug to mandoc since groff
didn't have same formatting. It was recommended to simplify
the formatting due to the weird feature.
Note because of this for groff I didn't use the Ux macro but spelled
out UNIX literally for these subsection headers
(since the macro reset the subsection formatting which was why
the Ss macro was repeated before to reactivate it).
2019-12-23 17:51:57 +00:00
mrg
69f9039379 use GCC_NO_CAST_FUNCTION_TYPE. 2019-10-13 21:24:37 +00:00
mrg
de11d87641 introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION    -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION  -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW    -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE   -Wno-cast-function-type (GCC 8)

use these to turn off warnings for most GCC-8 complaints.  many
of these are false positives, most of the real bugs are already
commited, or are yet to come.


we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
2019-10-13 07:28:04 +00:00
kre
5dc161e026 Only exclude gcc-8 warnings if the gcc we're using is gcc>=8 2019-10-10 02:39:07 +00:00
kre
bab7747200 Only exclude gcc-8 warnings when the gcc we're using is gcc>=8 2019-10-10 02:35:45 +00:00
christos
b15dac3ccb don't warn for strncpy wtmp fields, they are not NUL terminated. 2019-10-09 22:05:35 +00:00
christos
cc33d2efa6 no error for function cast 2019-10-09 22:05:09 +00:00
mlelstv
8137552a24 Fix key loading logic and add log message when rejecting an unencrypted key. 2019-06-01 07:15:39 +00:00
christos
8ea42f66ff adjust to new libssh api. 2018-08-26 08:54:03 +00:00
joerg
ed9315c55a Improve type safety by using the correct enum values. 2018-05-16 13:55:39 +00:00
christos
9cbfe7dcb3 fix and use the macro. 2018-04-07 19:28:32 +00:00
christos
04bd018918 function grew an extra argument now. 2018-04-07 13:57:12 +00:00
christos
0c048d5af5 switch everyone to openssl.old 2018-02-04 03:19:51 +00:00
wiz
01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
riastradh
ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
christos
6b9cab4173 Bump version 2017-05-06 19:52:25 +00:00
christos
f804baf730 Adapt to the new API. 2015-04-04 02:51:10 +00:00
joerg
bc885fd55c When building with clang, make warnings about NULL checks of parameters
with attribute nonnull non-fatal.
2014-10-25 00:57:59 +00:00
christos
71012c8f3e pam library has moved and new files 2014-10-24 18:27:41 +00:00
riastradh
6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
joerg
0d337fe4e9 Remove tautological check. 2014-02-27 18:09:38 +00:00
joerg
a97560b644 Annotate logit to provide transitive format string checks. 2014-01-07 02:07:43 +00:00
christos
9778b180e3 Fix incorrect types 2013-12-29 22:54:58 +00:00
christos
e49015f507 warns 6 2013-12-28 18:04:18 +00:00
christos
8cf33d7f2e avoid using freed pointers and non-format strings 2013-12-28 18:04:03 +00:00
christos
c9a970f03f updates for new version 2013-12-27 20:11:50 +00:00
mrg
5ff07852c5 remove useless variable 2013-10-19 22:57:46 +00:00
wiz
a09cadcf91 Whitespace and markup improvements.
Bump date for previous.
2013-08-20 22:44:37 +00:00
perseant
3b0849f66f Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with "passwd".
2013-08-20 22:07:44 +00:00
wiz
a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
dholland
0980ff6f74 add missing word 2013-06-23 01:44:22 +00:00
christos
fd65ca0108 use login_getpwclass() everywhere for consistency. 2013-06-20 20:54:52 +00:00
christos
7244ad5836 adjust for new openpam 2013-04-06 02:20:49 +00:00
christos
e9da35f00c remove unneeded change 2012-01-28 21:54:26 +00:00
christos
f83bdef67a Use -X so that the link-set symbols are not stripped. 2012-01-28 21:34:22 +00:00
jnemeth
01f3bfcec8 PR/45877 - Geoff C. Wing -- openpam modules need to be owned by root 2012-01-27 08:45:10 +00:00
drochner
2a0c9a37dc pull in from FreeBSD rev.1.41: Narrow the use of user credentials.
(call pam_get_authtok() with caller's rights rather than user's)
2012-01-06 14:04:02 +00:00