| < pam-afs-session Manual Page | Russ Allbery > Software > pam-afs-session | pam-afs-session Change Summary > |
General:
Providing a way to pass command-line arguments to the aklog program would be nice, even if not strictly necessary. If set in krb5.conf, one should be able to just use spaces. PAM options will require some other workaround (maybe using ! to separate arguments or something).
PAM API:
Fix error logging levels to comply with the Linux PAM recommendations. Currently, all errors are logged at LOG_ERR level. malloc failures and other system resource failures should be logged at LOG_CRIT.
Tighter verification that all of our flags are valid might be a good idea.
Build System:
It would be very nice to use Automake to match my other projects, but getting the flags right for building a PAM module while fighting with Libtool is unappealing. Maybe it won't be that bad, or maybe I can convince Automake to generate a shared object using the flags I figured out without using Libtool.
Code Cleanup:
The PAM option parsing is repetitive code that involves counting the lengths of strings. It should be possible to replace most of it with some carefully-chosen macros.
The PAM option parsing code could do a binary search on a table of option strings rather than checking each one in turn, although the performance and cleanliness gain may not be worth the effort.
All of the option parsing code does not deal clealy with failure to allocate memory. Generally, we just don't set the parameter. This may not always be safe, or may lead to unexpected behavior. We should always check memory allocation failures and abort PAM if we see any. Unfortunately, the profile library doesn't return errors on memory allocation failure, which makes this mostly futile until there's a better profile library API.
Add portability glue for a missing or broken vsnprintf.
Tests:
Add a test suite. If the user already has an AFS token, it should be fairly straightforward to test PAG creation. Testing running an external token program based on KRB5CCNAME is very straightforward. Testing ticket cache destruction probably requires that the tester already have a ticket cache. We can fake a k_hasafs() failure by selectively linking object files with a fake implementation.
| < pam-afs-session Manual Page | Russ Allbery > Software > pam-afs-session | pam-afs-session Change Summary > |