diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-06-08 16:10:19 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2021-06-08 16:10:19 +0200 |
commit | b139d20c0e599ac394db0f70d563263d6fbb68d3 (patch) | |
tree | da5167740ddaed9472e47925426fee4c3b0a54cd | |
parent | ff383ef1a8ab732269621a50fa4f42a4974872ce (diff) | |
parent | 0294977b5458ee2c0ba77b6b2b94fb4a4d6a1310 (diff) | |
download | libpam-freerdp2-b139d20c0e599ac394db0f70d563263d6fbb68d3.tar.gz libpam-freerdp2-b139d20c0e599ac394db0f70d563263d6fbb68d3.tar.bz2 libpam-freerdp2-b139d20c0e599ac394db0f70d563263d6fbb68d3.zip |
Attributes GH PR #2: https://github.com/ArcticaProject/libpam-freerdp2/pull/2
-rw-r--r-- | .build.yml | 107 | ||||
-rw-r--r-- | .travis.yml | 43 | ||||
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/freerdp2-auth-check.c | 10 | ||||
-rw-r--r-- | src/pam-freerdp2.c | 8 | ||||
-rw-r--r-- | tests/mock_guest.c | 25 | ||||
-rw-r--r-- | tests/mock_pam.c | 62 | ||||
-rw-r--r-- | tests/mock_pam.h | 1 |
8 files changed, 214 insertions, 43 deletions
diff --git a/.build.yml b/.build.yml new file mode 100644 index 0000000..be14505 --- /dev/null +++ b/.build.yml @@ -0,0 +1,107 @@ +######################################################### +# THE FOLLOWING LINES IS USED BY docker-build +########################################################## +requires: + archlinux: + # Useful URL: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libpam-freerdp2 + - clang + - gcc + - git + - make + - startup-notification + - which + # FIXME: add missing build-dependencies + + debian: + # Useful URL: https://salsa.debian.org/debian-remote-team/libpam-freerdp2 + - autopoint + - clang + - clang-tools + - g++ + - cppcheck + - git + - make + - libtool + - freerdp2-dev + - libgtest-dev + - libpam0g-dev + - pkg-config + + ubuntu: + - autopoint + - clang + - clang-tools + - g++ + - git + - make + - libtool + - freerdp2-dev + - libgtest-dev + - libpam0g-dev + - pkg-config + +variables: + - 'CHECKERS=" + -enable-checker deadcode.DeadStores + -enable-checker alpha.deadcode.UnreachableCode + -enable-checker alpha.core.CastSize + -enable-checker alpha.core.CastToStruct + -enable-checker alpha.core.IdenticalExpr + -enable-checker alpha.core.SizeofPtr + -enable-checker alpha.security.ArrayBoundV2 + -enable-checker alpha.security.MallocOverflow + -enable-checker alpha.security.ReturnPtrRange + -enable-checker alpha.unix.SimpleStream + -enable-checker alpha.unix.cstring.BufferOverlap + -enable-checker alpha.unix.cstring.NotNullTerminated + -enable-checker alpha.unix.cstring.OutOfBounds + -enable-checker alpha.core.FixedAddr + -enable-checker security.insecureAPI.strcpy"' + +build_scripts: + - if [ ${DISTRO_NAME} == "debian" ];then + - export CFLAGS+=" -Wsign-compare -Wunused-parameter" + - cppcheck --enable=warning,style,performance,portability,information,missingInclude . + - fi + - + - if [ -e ./autogen.sh ]; then + - NOCONFIGURE=1 ./autogen.sh + - scan-build $CHECKERS ./configure --prefix=/usr --enable-gtk-doc --enable-compile-warnings=maximum + - elif [ -e ./CMakeLists.txt ]; then + - if [ ${DISTRO_NAME} == "debian" ];then + - scan-build $CHECKERS cmake . -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_VERBOSE_MAKEFILE=ON -DENABLE_TESTS=ON + - else + - scan-build $CHECKERS cmake . -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_VERBOSE_MAKEFILE=ON + - fi + - elif [ -e ./configure.ac ]; then + - autoreconf -vfi + - scan-build $CHECKERS ./configure --prefix=/usr --enable-gtk-doc --enable-compile-warnings=maximum + - else + - exit 1 + - fi + - + - if [ $CPU_COUNT -gt 1 ]; then + - if [ ${DISTRO_NAME} == "debian" ];then + - scan-build $CHECKERS --keep-cc --use-cc=clang --use-c++=clang++ -o html-report make -j $CPU_COUNT + - make clean + - fi + - scan-build $CHECKERS --keep-cc -o html-report make -j $CPU_COUNT + - else + - if [ ${DISTRO_NAME} == "debian" ];then + - scan-build $CHECKERS --keep-cc --use-cc=clang --use-c++=clang++ -o html-report make + - make clean + - fi + - scan-build $CHECKERS --keep-cc -o html-report make + - fi + +after_scripts: + - if [ ${BUILD_TYPE} == "scripts" ];then + - XVFB_RUN="$(which xvfb-run || true)" + - if [ ${DISTRO_NAME} == "debian" ];then + - if [ -e ./autogen.sh ] || [ -e ./configure.ac ]; then + - ${XVFB_RUN} make check + - elif [ -e ./CMakeLists.txt ]; then + - ${XVFB_RUN} env CTEST_OUTPUT_ON_FAILURE=1 make test + - fi + - fi + - fi diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..6ebac89 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,43 @@ +# vim: set ts=2 sts=2 sw=2 expandtab : +dist: bionic +language: shell +os: linux + +arch: + - amd64 + - ppc64le + +services: + - docker + +addons: + apt: + packages: + - python3-pip + - python3-setuptools + +before_install: + # let's use the Ayatana Indicators project's docker build script... + - curl -Ls -o docker-build https://github.com/AyatanaIndicators/ayatana-dev-scripts/raw/master/travis/docker-build + - chmod +x docker-build + +install: + - pip3 install wheel + - pip3 install PyGithub + - ./docker-build --name ${DISTRO} --config .build.yml --install + +script: + - ./docker-build --name ${DISTRO} --verbose --config .build.yml --build scripts + +env: +# temp disable of archlinux builds, see https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/56 +# - DISTRO="archlinux:latest" + - DISTRO="debian:testing" + - DISTRO="debian:stable" +# - DISTRO="ubuntu:rolling" + - DISTRO="ubuntu:focal" + +jobs: + exclude: + - env: DISTRO="archlinux:latest" + arch: ppc64le diff --git a/src/Makefile.am b/src/Makefile.am index 581b080..ab3deed 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -44,6 +44,7 @@ freerdp2_auth_check_SOURCES = \ $(NULL) freerdp2_auth_check_CFLAGS = \ + -Wall -Werror \ $(FREERDP2_CFLAGS) \ $(WINPR2_CFLAGS) \ $(COVERAGE_CFLAGS) \ diff --git a/src/freerdp2-auth-check.c b/src/freerdp2-auth-check.c index 04558fb..ab3b1fd 100644 --- a/src/freerdp2-auth-check.c +++ b/src/freerdp2-auth-check.c @@ -24,31 +24,31 @@ BOOL -auth_context_new (freerdp * instance, rdpContext * context) +auth_context_new (freerdp __attribute__((unused)) *instance, rdpContext __attribute__((unused)) *context) { return TRUE; } void -auth_context_free (freerdp * instance, rdpContext * context) +auth_context_free (freerdp __attribute__((unused)) *instance, rdpContext __attribute__((unused)) *context) { return; } BOOL -auth_pre_connect (freerdp * instance) +auth_pre_connect (freerdp __attribute__((unused)) *instance) { return TRUE; } BOOL -auth_post_connect (freerdp * instance) +auth_post_connect (freerdp __attribute__((unused)) *instance) { return TRUE; } int -main (int argc, char * argv[]) +main (int argc, char *argv[]) { char password[512]; if (argc != 4) { diff --git a/src/pam-freerdp2.c b/src/pam-freerdp2.c index 18a4c18..593dde5 100644 --- a/src/pam-freerdp2.c +++ b/src/pam-freerdp2.c @@ -240,7 +240,7 @@ get_item (pam_handle_t * pamh, int type) /* Authenticate. We need to make sure we have a user account, that there are remote accounts and then verify them with FreeRDP */ PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate (pam_handle_t *pamh, int __attribute__((unused)) flags, int __attribute__((unused)) argc, const char __attribute__((unused)) **argv) { char * username = NULL; char * password = NULL; @@ -305,7 +305,7 @@ pid_t session_pid = 0; give the credentials to the session itself so that it can startup the xfreerdp viewer for the login */ PAM_EXTERN int -pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv) +pam_sm_open_session (pam_handle_t *pamh, int __attribute__((unused)) flags, int __attribute__((unused)) argc, const char __attribute__((unused)) **argv) { char * username = NULL; char * password = NULL; @@ -372,7 +372,7 @@ done: /* Close Session. Make sure our little guy has died so he doesn't become a zombie and eat things. */ PAM_EXTERN int -pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session (pam_handle_t *pamh, int __attribute__((unused)) flags, int __attribute__((unused)) argc, const char __attribute__((unused)) **argv) { if (session_pid == 0) { return PAM_IGNORE; @@ -452,7 +452,7 @@ unpriveleged_kill (struct passwd * pwdent) /* LightDM likes to have this function around, but we don't need it as we don't have a token hanging around. */ PAM_EXTERN int -pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv) +pam_sm_setcred (pam_handle_t __attribute__((unused)) *pamh, int __attribute__((unused)) flags, int __attribute__((unused)) argc, const char __attribute__((unused)) **argv) { return PAM_SUCCESS; } diff --git a/tests/mock_guest.c b/tests/mock_guest.c index 7673995..4d10bfb 100644 --- a/tests/mock_guest.c +++ b/tests/mock_guest.c @@ -22,39 +22,44 @@ static struct passwd guest = { "guest", "/tmp", "/bin/true" }; struct passwd * -getpwnam (const char *username) +getpwnam (const char __attribute__((unused)) *username) { return &guest; } int -setgroups(size_t size, const gid_t *list) +setgroups(size_t __attribute__((unused)) size, + const gid_t __attribute__((unused)) *list) { errno = EPERM; return -1; } int -setgid(gid_t gid) +setgid(gid_t __attribute__((unused)) gid) { return 0; } int -setuid(uid_t uid) +setuid(uid_t __attribute__((unused)) uid) { return 0; } int -setegid(gid_t gid) +setegid(gid_t __attribute__((unused)) gid) { return 0; } int -seteuid(uid_t uid) +seteuid(uid_t __attribute__((unused)) uid) { return 0; } -int chmod(const char *path, mode_t mode) +int chmod(const char __attribute__((unused)) *path, + mode_t __attribute__((unused)) mode) { return 0; } -int chown(const char *path, uid_t owner, gid_t group) +int chown(const char __attribute__((unused)) *path, + uid_t __attribute__((unused)) owner, + gid_t __attribute__((unused)) group) { return 0; } -int execvp(const char *file, char *const argv[]) +int execvp(const char __attribute__((unused)) *file, + char __attribute__((unused)) *const argv[]) { return 0; } @@ -84,7 +89,7 @@ socket_sucker () serv_addr.sun_family = AF_UNIX; - int printsize = snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home, ".freerdp2-socket"); + unsigned long int printsize = (unsigned long int)snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home, ".freerdp2-socket"); if (printsize > sizeof(serv_addr.sun_path) - 1 || printsize < 0) { return -1; } diff --git a/tests/mock_pam.c b/tests/mock_pam.c index ce57973..f32d95f 100644 --- a/tests/mock_pam.c +++ b/tests/mock_pam.c @@ -19,37 +19,44 @@ struct pam_handle { /* note: the other fields have been omitted */ }; -int fake_conv (int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) +int fake_conv (int __attribute__((unused)) num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void __attribute__((unused)) *appdata_ptr) { struct pam_response *response = NULL; response = malloc (sizeof (struct pam_response)); - if (response == NULL) + if (response == NULL) { return PAM_BUF_ERR; + } response->resp_retcode = 0; - if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_GUESTLOGIN) == 0) + if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_GUESTLOGIN) == 0) { response->resp = strdup ("guest"); /* IMPORTANT: this needs to be in /etc/passwd */ - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_USER) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_USER) == 0) { response->resp = strdup ("ruser"); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_HOST) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_HOST) == 0) { response->resp = strdup ("protocol://rhost/dummy"); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_PASSWORD) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_PASSWORD) == 0) { response->resp = strdup ("password"); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_DOMAIN) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_DOMAIN) == 0) { response->resp = strdup ("domain"); - else + } else { + free(response); return PAM_SYMBOL_ERR; /* leaks... */ + } *resp = response; return PAM_SUCCESS; } -int fake_conv_empty_password (int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) +int fake_conv_empty_password (int __attribute__((unused)) num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void __attribute__((unused)) *appdata_ptr) { struct pam_response *response = NULL; response = malloc (sizeof (struct pam_response)); @@ -59,18 +66,20 @@ int fake_conv_empty_password (int num_msg, const struct pam_message **msg, response->resp_retcode = 0; - if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_GUESTLOGIN) == 0) + if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_GUESTLOGIN) == 0) { response->resp = strdup ("guest"); /* IMPORTANT: this needs to be in /etc/passwd */ - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_USER) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_USER) == 0) { response->resp = strdup ("ruser"); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_HOST) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_HOST) == 0) { response->resp = strdup ("protocol://rhost/dummy"); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_PASSWORD) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_PASSWORD) == 0) { response->resp = strdup (""); - else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_DOMAIN) == 0) + } else if (strcmp((*msg)->msg, PAM_FREERDP2_PROMPT_DOMAIN) == 0) { response->resp = strdup ("domain"); - else + } else { + free(response); return PAM_SYMBOL_ERR; /* leaks... */ + } *resp = response; @@ -109,20 +118,22 @@ int PAM_NONNULL((1)) pam_get_item (const pam_handle_t *pamh, int type, const voi if (pamh == NULL) return PAM_SYSTEM_ERR; - if (type == PAM_CONV) + if (type == PAM_CONV) { *value = pamh->conv; - else if (pamh->item[type] != NULL) + } else if (pamh->item[type] != NULL) { *value = pamh->item[type]; - else + } else { *value = NULL; /* will result in a prompt conversation */ + } return PAM_SUCCESS; } int PAM_NONNULL((1)) pam_set_item (pam_handle_t *pamh, int type, const void *value) { - if (pamh == NULL) + if (pamh == NULL) { return PAM_SYSTEM_ERR; + } void **slot, *tmp; size_t nsize, osize; @@ -130,10 +141,12 @@ int PAM_NONNULL((1)) pam_set_item (pam_handle_t *pamh, int type, const void *val slot = &pamh->item[type]; osize = nsize = 0; - if (*slot != NULL) + if (*slot != NULL) { osize = strlen((const char *)*slot) + 1; - if (value != NULL) + } + if (value != NULL) { nsize = strlen((const char *)value) + 1; + } if (*slot != NULL) { memset(*slot, 0xd0, osize); @@ -141,8 +154,9 @@ int PAM_NONNULL((1)) pam_set_item (pam_handle_t *pamh, int type, const void *val } if (value != NULL) { - if ((tmp = malloc(nsize)) == NULL) + if ((tmp = malloc(nsize)) == NULL) { return PAM_BUF_ERR; + } memcpy(tmp, value, nsize); } else { tmp = NULL; diff --git a/tests/mock_pam.h b/tests/mock_pam.h index 7fe0467..df837df 100644 --- a/tests/mock_pam.h +++ b/tests/mock_pam.h @@ -11,6 +11,7 @@ #define __MOCK_PAM_H__ #define LIBPAM_COMPILE +#include <security/_pam_types.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> #include <security/pam_appl.h> |