In order to avoid some warning messages, do not
ignore the code returned by some functions.
Change-Id: Ie01fa98b54010d566fb5b980b001d58989ef9a67
Reviewed-on: https://gerrit.openafs.org/12298
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The pam module we provide is only useful in kaserver-like environments,
and as such should not be installed when the user has requested to
not have kauth.
Change-Id: I9b336593e34cedfd6e8c2210f3798575d115d2d6
Reviewed-on: http://gerrit.openafs.org/11466
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
Our use of libtool for building the pam modules resulted in shared
objects which had dependencies on liboafs_auth.so and liboafs_kauth.so,
neither of which are installed.
We still need some way to resolve those dependencies at link time, and
a dependency on libafsauthent.so seems ill-advised to insert into the
pam stack, so we are left with only the option of directly linking in
the requisite functionality. Fortunately, almost all of the requisite
convenience libraries of PIC objects already exist to meet the
requirements of libafsrpc and libafsauthent; the only exception is
from the auth module. Here, we require a new convenience library,
because the pam_afs.krb.so module includes its own version of ktc.o,
compiled with AFS_KERBEROS_ENV defined, yet the pam_afs.so module
requiers a ktc.o compiled without AFS_KERBEROS_ENV defined. The
convenience library from the auth module can only include one version,
and would therefore be wrong for the other. As such, create the new
libpam_auth.la archive from the BASE_objs in src/auth, and manually
compile ktc.lo and ktc_krb.lo as needed for the pam modules.
As for libafsrpc and libafsauthent, the convenience libraries included
from other parts of the tree belong in LT_objs, not LT_deps, because
they are contributing actual content to be included in the resulting
library; they are not library dependencies of the output of this module.
Change-Id: I5292718a5494710d166043fd08ad07269ff9fdf2
Reviewed-on: http://gerrit.openafs.org/11463
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
The conversion of pam/ to use libtool introduced references to
file names with LT_CCRULE that are not subject to make's vpath
searching.
Sprinkle ${srcdir} accordingly to fix the build.
Change-Id: Ia500fe2a57813fdd93ca1767e243fd947d6b8e1e
Reviewed-on: http://gerrit.openafs.org/9677
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Build the pam_afs and pam_afs.krb modules using libtool, so they
fit in with the rest of the new build infrastructure.
This requires some additonal symbol exports from auth and kauth,
which are included
Change-Id: I97a130ba69216cd63ba388f2aaabe830a0c4543f
Reviewed-on: http://gerrit.openafs.org/8900
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Casting NULL shouldn't be necessary in most cases. Eliminate this
in favor of shorter lines and consistency. Function pointers, variadic
arguments should still be cast.
Change-Id: Ibcd67378556e45c2b24f7aa85a4d73c72cd88e02
Reviewed-on: http://gerrit.openafs.org/8151
Reviewed-by: Garrett Wollman <wollman@csail.mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Use libtool to assemble the libafsrpc shared and static libraries
from objects built with libtool in each of the directories that
contribute to the library (fsint, rx, rxkad, comerr, util, rxstat,
sys and lwp).
Each source directory controls which objects are built into the shared
library by making a libafsrpc_<dir> libtool convenience directory. These
convenience directories are then merged together to produce the
libafsrpc library.
Change-Id: I330aeb8df4c237b408a298826363eea7357339ce
Reviewed-on: http://gerrit.openafs.org/8072
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This patch futher improves our usage of assert() and friends. The
intention is to bring clarity to which forms of assert are used in
which situations, and to solve the problem of assert(X), or
osi_Assert(X) being used in a situation where X has side-effects.
It introduces two new assertion macros opr_Assert() and opr_Verify(),
and clarifies the usage of osi_Assert() and assert().
*) opr_Assert is a direct equivalent of assert(), with the exception
that its output can be redirected to a log file when used in server
code. It is the preferred version of assert for libraries, and server
side code. Note that whilst opr_Assert doesn't currently become a
no-op when NDEBUG is defined, the intention is that it will do so at
some point in the future.
*) opr_Verify(X) asserts if the value of X is false. Unlike assert()
it will always run X, regardless of whether the value is checked or
not. The eventual intention is that when NDEBUG is defined,
opr_Verify(X) => X
*) osi_Assert is an assertion macro intended for use in kernel code,
or in mixed kernel/userland code. When code is built for userspace,
osi_Assert(X) => opr_Assert(X)
*) assert is the system's own assert macro. It should only be used
in client code. Whilst a header (opr_assert.h) is provided to map
assert() to opr_Assert(), its use is discouraged
Change-Id: Ie6d61305686bdc7193cc8690e6f4fbe363211faf
Reviewed-on: http://gerrit.openafs.org/5395
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
"password" is known to be null at this point. Use "prompt_password"
which is obviously the one intended.
Change-Id: I4ab566f93c4978438df2c2875d619177ad8f5bdd
Reviewed-on: http://gerrit.openafs.org/7892
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
uid_t is unsigned, so checking to see if it is less than 0 is a bit
redundant.
Remove the checks to silence a warning from clang.
Change-Id: I5ae429247d328b3320063b4c035f6e5bb101620b
Reviewed-on: http://gerrit.openafs.org/7079
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
All of the LOG_MASK() checks are performing bitwise operations, and so
should be using '&', not && (which will always be true, providing
logmask is non-zero)
Caught by clang's new error messages
Change-Id: Idce9229b7351adc6c15279c94e1cc1e7fc45596e
Reviewed-on: http://gerrit.openafs.org/7078
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Add the capability to do a "pretty" build, where we output something
like " CC /path/to/foo.o" to build foo.o, instead of the entire
compiler invocation, similarly to how the Linux kernel build appears.
Add the "pretty" building for CC and LD rules.
This also prints out some helpful information when a command fails,
which can sometimes otherwise be annoying to figure out post-mortem.
To enable the pretty building, make with V=0. To output everything
that is actually run with V=0, make with 'V=0 Q=' .
Note that this does not work with all makes, since not all makes will
propagate command-line-specified variables to sub-makes without -e.
Non-working makes include /usr/ccs/bin/make on HP-UX and Solaris.
However, GNU make will work, as will /usr/xpg4/bin/make on Solaris.
Change-Id: Idce0afffe7d5be88b0743ec3f926a52efb1a6a74
Reviewed-on: http://gerrit.openafs.org/4486
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Darwin doesn't have a getpassphrase function. Fix the PAM test to
use getpass, in the same way as we do for lots of other platforms.
Change-Id: Ib252174ac1356a8975a9187b252d4fe0246d5d39
Reviewed-on: http://gerrit.openafs.org/5372
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Our included configuration has a perfectly fine .c.o rule, so don't
override it in this Makefile, as all that does is produce a warning at
build time
Change-Id: If8d37f50932124ef0adef64ec23d81e646da337a
Reviewed-on: http://gerrit.openafs.org/5371
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Fix a few cases of set but unused variables.
Change-Id: I0a3e0906dbc708e2449121f3de1726d7055efc27
Reviewed-on: http://gerrit.openafs.org/5173
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
in the new lwp/pthread/shared universe, well, we have the
opportunity to be correct. and we chose to do it entirely wrong.
we're building a shared object. use the right rules. we need
to add some CFLAGS for PAM. do that using MODULE_CFLAGS instead
of just building a whole new CCRULE
Change-Id: Ie3e3c5ba902e5364cfa99d4dbd1b5b7fd4451127
Reviewed-on: http://gerrit.openafs.org/5153
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
don't define variables on platforms we won't use them on
do prototype functions we call. basically, we compile with warnings
enabled now, so, fix everything so we *can*.
Change-Id: I749f27c227ac70c58ccc68f1548f8274f10e3587
Reviewed-on: http://gerrit.openafs.org/5154
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Remove support for all Solaris and SunOS platforms prior to Solaris 8,
since Solaris 7 reached end-of-life in August of 2008. Remove all
non-documentation references to sunx86_57 and earlier, sun4x_57 and
earlier, and AFS_SUN57_ENV and earlier.
References to AFS_SUN58_ENV have been changed to AFS_SUN5_ENV where
appropriate, and AFS_SUN5_ENV now implies Solaris 8.
AFS_SUN57_64BIT_ENV has been renamed to AFS_SUN5_64BIT_ENV.
Change-Id: Ia64ce7da7bfc685fa28a5119c51ec740625456e3
Reviewed-on: http://gerrit.openafs.org/4888
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Move the definitions of the INSTALL_* variables out to
Makefile.config rather than replicating them in each file.
Change-Id: I5f74dcbf544a93716994418bee3be2c51a2a82d0
Reviewed-on: http://gerrit.openafs.org/4781
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
In some code branches, the PAM code "torches" a password by zeroing
it. However, it does this through a const pointer which we otherwise
know is not actually const. Make sure we get better type checking by
doing this through a non-const pointer.
Change-Id: Ibdb4c7b98baf964a8efdf0e8a9882f8ab29e22af
Reviewed-on: http://gerrit.openafs.org/4554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
afs_setcred.c gets the "password" pointer from pam_get_data, which
always gives a const pointer (unlike pam_get_item used in afs_auth.c
&c, which sometimes gives a const or not-const pointer, depending on
the PAM implementation).
So, declare password const, to get better type checking.
Change-Id: Ic34ffa54bf0bcc19c8ed3cddc9ee1384ee2dd8f0
Reviewed-on: http://gerrit.openafs.org/4553
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Commit 78d1f8d8 expanded the use of PAM_CONST and introduced many
new warnings on Linux where pam expects "const" arguments.
This clears up the warnings by doing the following:
- Cast "user" to char * when kalling ka* functions
- Change the signature of pam_afs_prompt and pam_afs_printf to use
PAM_CONST
- Use a separate non-const password pointer for pam_afs_prompt
Change-Id: I460e1d1ca763f0aea5edcdaa208b9d4b8299ded0
Reviewed-on: http://gerrit.openafs.org/4487
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Some callers of pam_get_item et al were just casting their argument to
a const void **. Some PAM implementations (Linux) want a const void**,
but others (Solaris) do not. Use the PAM_CONST symbol already defined
by autoconf to declare or cast the relevant variable const or not as
appropriate.
Change-Id: I81c7863797396eb146b78ffbb2586e4f3a1e854e
Reviewed-on: http://gerrit.openafs.org/4470
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The POSIX getpwnam_r can yield a NULL struct passwd pointer even when
the returned error code is 0 (in particular, when the requested entry
is not found). Just add a check for a null upwd to make sure we don't
dereference a NULL pointer.
Change-Id: I00e8d6c53e8228f468c984010695b798f5dcf999
Reviewed-on: http://gerrit.openafs.org/4469
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
_POSIX_PTHREAD_SEMANTICS is now always defined for Solaris, which
means we get a POSIX-conforming getpwnam_r, which takes 5 arguments.
So, add Solaris to the list of platforms that use a POSIX getpwnam_r.
Change-Id: I1ad12420f56cf39816d94a8e9c9740436100134b
Reviewed-on: http://gerrit.openafs.org/4468
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Remove headers which are provided by libroken, and reorder header
includes so that they're a bit a more legible.
Change-Id: I9a8c2d588eb00d1315c660faa485037cef2f8e6d
Reviewed-on: http://gerrit.openafs.org/4401
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
This change removes all of the local crypto use in userspace, in
favour of using our shiny new afshcrypto library.
Change-Id: Iac21b42e49bac424cc28c449a31f2da44121b7e5
Reviewed-on: http://gerrit.openafs.org/2577
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Rework the unix build system so that we support taking CFLAGS and
LDFLAGS from the command line, and don't replace them with our own
settings. Also, take the opportunity to bring some sanity and
consistency into our Makefiles.
The standard Makefile.config now defines rules for LWP, pthreaded
and shared library builds. The CFLAGS settings for these are
called LWP_CFLAGS, PTH_CFLAGS and SHD_CFLAGS, respectively.
Similarly named variables are provided for LDFLAGS.
A module may select to use a particular build type for its suffix
rule by including either Makefile.lwp, Makefile.pthread or
Makefile.shared from src/config. This creates an appropriate .c.o
suffix rule, defines AFS_CFLAGS and AFS_LDFLAGS as appropriate, and
creates two rules AFS_CCRULE and AFS_LDRULE, which can be used to
build, and link objects. For example:
foo.o: foo.c
$(AFS_CCRULE) foo.c
foo: foo.o
$(AFS_LDRULE) foo.o
If a you wish to override the CFLAGS or LDFLAGS for an object build
using these rules (or through the .c.o suffix rule) you can do so,
by defining CFLAGS_<object> or LDFLAGS_<object>. For example:
CFLAGS_foo.o= -DDEBUG
LDFLAGS_foo = -ldebugging
A module may also alter the behaviour of the compile and link steps
module wide by defining MODULE_CFLAGS or MODULE_LDFLAGS.
This functionality is now used throughout the tree:
*) Suffix rules are used wherever possible, removing a number of
unecessary build rules.
*) All link steps are replaced with AFS_LDRULE
*) All standard compile steps are replaced with AFS_CCRULE
*) Unusal compile steps are defined, as far as possible, int
terms of the LWP_ PTH_ and SHD_ variables.
*) The use of $? has been removed entirely, as it makes it
impossible to provide build rules with dependency information
Change-Id: If76207e45da402a0ed9d7c1bdbe83c58c911a4f2
Reviewed-on: http://gerrit.openafs.org/2896
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
change things so we conform with the usual prototype for main()
Change-Id: Ia3bfe6bb1b135fdba53ccca1650b0b7223108a27
Reviewed-on: http://gerrit.openafs.org/2850
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This change implements the new, XDR based, SetTokenEx pioctl. This
pioctl permits sending multiple tokens, of multiple types, into the
kernel in a single pioctl call. This patch provides a kernel
implementation of the pioctl, and a new library function
ktc_SetTokenEx, which will use either the new pioctl, or fall back
to the old one should SetTokenEx not be available.
Change-Id: Id1e2903e078c549f5675e3d2ecdf53a9bb33f5e9
Reviewed-on: http://gerrit.openafs.org/2582
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This change removes the need to maintain two forms of symbol export
lists, instead generating the simpler lists required by AIX and Mac OS X
from the more complex Linux and Solaris mapfile. It can only handle
simple mapfiles at present, any more complex files (for example, those
which contain versioning information) will require changes to the
translation script. The now unused .exp files are removed, and a
dependency on the .map file added to the library build line.
This change adds support for export lists to Darwin for the first time.
Doing so identified a number of symbols in libafsrpc that are required
by libafsauthent, which were not being exported. Export these symbols,
and bump the minor revision of the shared library.
Change-Id: Ibd1d02bb89b85500dc2a010e6cde1f4b81efe050
Reviewed-on: http://gerrit.openafs.org/1831
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Clear up a few more warnings in the pam code. The changes here
are very similar to the ones in the previous patch and use
the same configure test:
- use PAM_CONST to conditionally declare pam_message as const
- cast a few arguments to putenv, which expects a non-const pointer
Change-Id: I6c98623c35f4453f34c1d48b8b7d6ff1bfbc1e0c
Reviewed-on: http://gerrit.openafs.org/1116
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The second parameter to pam_conv() should be a const pointer on
recent systems. Make it so to eliminate a couple of warnings.
A configure test is added to deal with some systems where pam_conv()
might not be const.
Cast a few assignments to cell_ptr in afs_auth.c and afs_setcred.c
since the argv parameter is const.
Change-Id: I5757310c94a6f26ca7dab656edaa416d16e32e2a
Reviewed-on: http://gerrit.openafs.org/847
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
ka_UserAuthenticateGeneral expects an afs_int32 pointer for the
password_expires argument. A (long *) was used in afs_auth.c,
generating a few warnings.
Change-Id: Iafc92e72022644ff23c642e801d51bd4387afa88
Reviewed-on: http://gerrit.openafs.org/803
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The problems were
* wrong location of Makefile.version-CML
* lots of omissions of "$?" in favor of actual file names in Makefiles
* wrong dependencies in pam/Makefile.in
The latter now point to TOP_INCDIR. Still, ktc.c could not be built
from src/pam (buildtree), as include "..." would not work on generated
headers. Therefore, it uses include <...> where appropriate now.
Reviewed-on: http://gerrit.openafs.org/http://gerrit.openafs.org/155
Tested-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Make things build on MacOS 10.6 again. Don't break 10.5 build.
Fix an error in the MacOS port which was left from previous head.
Reviewed-on: http://gerrit.openafs.org/96
Verified-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Link the PAM modules against libafsauthent_pic and libafsrpc_pic instead
of the large collection of LWP AFS libraries so that they are always
built PIC, even on platforms that don't normally build everything PIC.
This also uses the pthread-aware version of the AFS routines on platforms
that support it, avoiding conflict problems between LWP in PAM modules
and pthread in a calling application.
Build a separate copy of ktc.krb.o in the pam directory for pam_afs.krb
since there is no AFS_KERBEROS_ENV-aware version of libafsauthent.
Enable the PAM module build by default on x86_64-linux now that it's
properly built PIC and can compile.
Stop ignoring build failures in the PAM modules if they're configured to
build. On platforms where they should not be built, they should be
excluded in acinclude.m4.
Reviewed-on: http://gerrit.openafs.org/65
Verified-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The move to git means that we can no longer populate the RCSID
macro in the way that it was used with CVS. This patch simply
removes the macro from every file, except where it contains
information from upstream (and it's in a comment).
Reviewed-on: http://gerrit.openafs.org/14
Verified-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Now we're in git we don't need any cvsignore files any more...
Reviewed-on: http://gerrit.openafs.org/1
Verified-by: Derrick Brashear <shadow@gmail.com>
Reviewed-by: Derrick Brashear <shadow@gmail.com>
LICENSE IPL10
FIXES 124709
curpag needs to know about kernel constructs (getpagvalue on AIX, onegroup
versus two group on linux) and on aix 5.1 simply can't work. add a new pioctl
and use it to simply ask the kernel what the current pag is
