[arch-commits] Commit in pam_wrapper/repos (3 files)

Felix Yan felixonmars at archlinux.org
Thu Nov 12 19:19:28 UTC 2020


    Date: Thursday, November 12, 2020 @ 19:19:28
  Author: felixonmars
Revision: 400701

archrelease: copy trunk to staging-x86_64

Added:
  pam_wrapper/repos/staging-x86_64/
  pam_wrapper/repos/staging-x86_64/2.patch
    (from rev 400700, pam_wrapper/trunk/2.patch)
  pam_wrapper/repos/staging-x86_64/PKGBUILD
    (from rev 400700, pam_wrapper/trunk/PKGBUILD)

----------+
 2.patch  | 2779 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD |   51 +
 2 files changed, 2830 insertions(+)

Copied: pam_wrapper/repos/staging-x86_64/2.patch (from rev 400700, pam_wrapper/trunk/2.patch)
===================================================================
--- staging-x86_64/2.patch	                        (rev 0)
+++ staging-x86_64/2.patch	2020-11-12 19:19:28 UTC (rev 400701)
@@ -0,0 +1,2779 @@
+From bbaa361c0424f8a04492a13481965fe010149228 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Thu, 28 Feb 2019 12:58:28 +0100
+Subject: [PATCH 01/27] cpack: Do not package pyc files
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CPackConfig.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CPackConfig.cmake b/CPackConfig.cmake
+index 88caa30..2b27461 100644
+--- a/CPackConfig.cmake
++++ b/CPackConfig.cmake
+@@ -19,7 +19,7 @@ set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSIO
+ 
+ ### source generator
+ set(CPACK_SOURCE_GENERATOR "TGZ")
+-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]svn/;/[.]git/;.gitignore;/build*;/obj*;tags;cscope.*")
++set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]svn/;/[.]git/;.gitignore;/build*;/obj*;tags;cscope.*;*.pyc")
+ set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
+ 
+ set(CPACK_PACKAGE_INSTALL_DIRECTORY "pam_wrapper")
+-- 
+2.24.1
+
+
+From d544f9452563f515ef2a9be637d3444ea0ee2c63 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 15 Nov 2019 09:34:03 +0100
+Subject: [PATCH 02/27] pwrap: Add support for running with Sanitizers
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ src/pam_wrapper.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
+index 48d2c2a..7ae26d1 100644
+--- a/src/pam_wrapper.c
++++ b/src/pam_wrapper.c
+@@ -300,15 +300,25 @@ static void *pwrap_load_lib_handle(enum pwrap_lib lib)
+ 	void *handle = NULL;
+ 
+ #ifdef RTLD_DEEPBIND
+-	const char *env = getenv("LD_PRELOAD");
++	const char *env_preload = getenv("LD_PRELOAD");
++	const char *env_deepbind = getenv("UID_WRAPPER_DISABLE_DEEPBIND");
++	bool enable_deepbind = true;
+ 
+ 	/* Don't do a deepbind if we run with libasan */
+-	if (env != NULL && strlen(env) < PATH_MAX) {
+-		const char *p = strstr(env, "libasan.so");
+-		if (p == NULL) {
+-			flags |= RTLD_DEEPBIND;
++	if (env_preload != NULL && strlen(env_preload) < 1024) {
++		const char *p = strstr(env_preload, "libasan.so");
++		if (p != NULL) {
++			enable_deepbind = false;
+ 		}
+ 	}
++
++	if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
++		enable_deepbind = false;
++	}
++
++	if (enable_deepbind) {
++		flags |= RTLD_DEEPBIND;
++	}
+ #endif
+ 
+ 	switch (lib) {
+-- 
+2.24.1
+
+
+From f8ddaaf66f38b7a9ca01d10471b8baa4bb618c55 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 15 Nov 2019 09:39:21 +0100
+Subject: [PATCH 03/27] cmake: Add checks for getprogname() and getexecname()
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ ConfigureChecks.cmake | 2 ++
+ config.h.cmake        | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index 3148c23..0286eff 100644
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -45,6 +45,8 @@ check_include_file(security/pam_ext.h HAVE_SECURITY_PAM_EXT_H)
+ check_function_exists(strncpy HAVE_STRNCPY)
+ check_function_exists(vsnprintf HAVE_VSNPRINTF)
+ check_function_exists(snprintf HAVE_SNPRINTF)
++check_function_exists(getprogname HAVE_GETPROGNAME)
++check_function_exists(getexecname HAVE_GETEXECNAME)
+ 
+ check_prototype_definition(pam_vprompt
+     "int pam_vprompt(const pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, va_list _ap)"
+diff --git a/config.h.cmake b/config.h.cmake
+index d587f84..0b18d43 100644
+--- a/config.h.cmake
++++ b/config.h.cmake
+@@ -29,6 +29,8 @@
+ #cmakedefine HAVE_PAM_VPROMPT_CONST 1
+ #cmakedefine HAVE_PAM_PROMPT_CONST 1
+ #cmakedefine HAVE_PAM_STRERROR_CONST 1
++#cmakedefine HAVE_GETPROGNAME 1
++#cmakedefine HAVE_GETEXECNAME 1
+ 
+ /*************************** LIBRARIES ***************************/
+ #cmakedefine PAM_LIBRARY "${PAM_LIBRARY}"
+-- 
+2.24.1
+
+
+From 44b4f008ac6d8356dc6809f03e6ecc71dc1557ff Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 15 Nov 2019 09:40:04 +0100
+Subject: [PATCH 04/27] pwrap: Improve logging
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ src/pam_wrapper.c | 47 +++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 33 insertions(+), 14 deletions(-)
+
+diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
+index 7ae26d1..d7802fb 100644
+--- a/src/pam_wrapper.c
++++ b/src/pam_wrapper.c
+@@ -97,6 +97,19 @@
+  * LOGGING
+  *****************/
+ 
++#ifndef HAVE_GETPROGNAME
++static const char *getprogname(void)
++{
++#if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME)
++	return program_invocation_short_name;
++#elif defined(HAVE_GETEXECNAME)
++	return getexecname();
++#else
++	return NULL;
++#endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */
++}
++#endif /* HAVE_GETPROGNAME */
++
+ enum pwrap_dbglvl_e {
+ 	PWRAP_LOG_ERROR = 0,
+ 	PWRAP_LOG_WARN,
+@@ -123,6 +136,7 @@ static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl,
+ 	const char *d;
+ 	unsigned int lvl = 0;
+ 	const char *prefix = "PWRAP";
++	const char *progname = getprogname();
+ 
+ 	d = getenv("PAM_WRAPPER_DEBUGLEVEL");
+ 	if (d != NULL) {
+@@ -136,24 +150,29 @@ static void pwrap_vlog(enum pwrap_dbglvl_e dbglvl,
+ 	vsnprintf(buffer, sizeof(buffer), format, args);
+ 
+ 	switch (dbglvl) {
+-	case PWRAP_LOG_ERROR:
+-		prefix = "PWRAP_ERROR";
+-		break;
+-	case PWRAP_LOG_WARN:
+-		prefix = "PWRAP_WARN";
+-		break;
+-	case PWRAP_LOG_DEBUG:
+-		prefix = "PWRAP_DEBUG";
+-		break;
+-	case PWRAP_LOG_TRACE:
+-		prefix = "PWRAP_TRACE";
+-		break;
++		case PWRAP_LOG_ERROR:
++			prefix = "PWRAP_ERROR";
++			break;
++		case PWRAP_LOG_WARN:
++			prefix = "PWRAP_WARN";
++			break;
++		case PWRAP_LOG_DEBUG:
++			prefix = "PWRAP_DEBUG";
++			break;
++		case PWRAP_LOG_TRACE:
++			prefix = "PWRAP_TRACE";
++			break;
++	}
++
++	if (progname == NULL) {
++		progname = "<unknown>";
+ 	}
+ 
+ 	fprintf(stderr,
+-		"%s(%d) - %s: %s\n",
++		"%s[%s (%u)] - %s: %s\n",
+ 		prefix,
+-		(int)getpid(),
++		progname,
++		(unsigned int)getpid(),
+ 		function,
+ 		buffer);
+ }
+-- 
+2.24.1
+
+
+From 491615f2aeda7a57c7389a151d9d9e06f231822c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 15 Nov 2019 09:45:22 +0100
+Subject: [PATCH 05/27] pwrap: Use a define in pso_copy()
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ src/pam_wrapper.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
+index d7802fb..8997e36 100644
+--- a/src/pam_wrapper.c
++++ b/src/pam_wrapper.c
+@@ -779,12 +779,13 @@ static void pwrap_clean_stale_dirs(const char *dir)
+ 
+ static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode)
+ {
++#define PSO_COPY_READ_SIZE 9
+ 	int srcfd = -1;
+ 	int dstfd = -1;
+ 	int rc = -1;
+ 	ssize_t bread, bwritten;
+ 	struct stat sb;
+-	char buf[10];
++	char buf[PSO_COPY_READ_SIZE + 1];
+ 	int cmp;
+ 	size_t to_read;
+ 	bool found_slash;
+@@ -831,10 +832,10 @@ static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t m
+ 		to_read = 1;
+ 		if (!found_slash && buf[0] == '/') {
+ 			found_slash = true;
+-			to_read = 9;
++			to_read = PSO_COPY_READ_SIZE;
+ 		}
+ 
+-		if (found_slash && bread == 9) {
++		if (found_slash && bread == PSO_COPY_READ_SIZE) {
+ 			cmp = memcmp(buf, "etc/pam.d", 9);
+ 			if (cmp == 0) {
+ 				memcpy(buf, pdir + 1, 9);
+@@ -869,6 +870,7 @@ out:
+ 	}
+ 
+ 	return rc;
++#undef PSO_COPY_READ_SIZE
+ }
+ 
+ static void pwrap_init(void)
+-- 
+2.24.1
+
+
+From e4db7c3b2341181d4e8c11b4b05f0d43631b2c90 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 15 Nov 2019 09:58:27 +0100
+Subject: [PATCH 06/27] pwrap: Fix pso_copy to work with libpam.so.0.84.2
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ src/pam_wrapper.c | 31 +++++++++++++++++++++++++++----
+ 1 file changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
+index 8997e36..043c00e 100644
+--- a/src/pam_wrapper.c
++++ b/src/pam_wrapper.c
+@@ -779,13 +779,14 @@ static void pwrap_clean_stale_dirs(const char *dir)
+ 
+ static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode)
+ {
+-#define PSO_COPY_READ_SIZE 9
++#define PSO_COPY_READ_SIZE 16
+ 	int srcfd = -1;
+ 	int dstfd = -1;
+ 	int rc = -1;
+ 	ssize_t bread, bwritten;
+ 	struct stat sb;
+ 	char buf[PSO_COPY_READ_SIZE + 1];
++	size_t pso_copy_read_size = PSO_COPY_READ_SIZE;
+ 	int cmp;
+ 	size_t to_read;
+ 	bool found_slash;
+@@ -832,13 +833,35 @@ static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t m
+ 		to_read = 1;
+ 		if (!found_slash && buf[0] == '/') {
+ 			found_slash = true;
+-			to_read = PSO_COPY_READ_SIZE;
++			to_read = pso_copy_read_size;
+ 		}
+ 
+ 		if (found_slash && bread == PSO_COPY_READ_SIZE) {
+-			cmp = memcmp(buf, "etc/pam.d", 9);
++			cmp = memcmp(buf, "usr/etc/pam.d/%s", 16);
+ 			if (cmp == 0) {
+-				memcpy(buf, pdir + 1, 9);
++				char tmp[16] = {0};
++
++				snprintf(tmp, sizeof(tmp), "%s/%%s", pdir + 1);
++
++				memcpy(buf, tmp, 12);
++				memset(&buf[12], '\0', 4);
++
++				/*
++				 * If we found this string, we need to reduce
++				 * the read size to not miss, the next one.
++				 */
++				pso_copy_read_size = 13;
++			} else {
++				cmp = memcmp(buf, "usr/etc/pam.d", 13);
++				if (cmp == 0) {
++					memcpy(buf, pdir + 1, 9);
++					memset(&buf[9], '\0', 4);
++				} else {
++					cmp = memcmp(buf, "etc/pam.d", 9);
++					if (cmp == 0) {
++						memcpy(buf, pdir + 1, 9);
++					}
++				}
+ 			}
+ 			found_slash = false;
+ 		}
+-- 
+2.24.1
+
+
+From 373edd673417657b5c26b181ff39958e6636b6a9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 12:48:58 +0100
+Subject: [PATCH 07/27] doc: Document PAM_WRAPPER_DISABLE_DEEPBIND
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ doc/pam_wrapper.1     | 19 +++++++++++++++----
+ doc/pam_wrapper.1.txt |  8 +++++++-
+ 2 files changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/doc/pam_wrapper.1 b/doc/pam_wrapper.1
+index 3536c82..686724c 100644
+--- a/doc/pam_wrapper.1
++++ b/doc/pam_wrapper.1
+@@ -1,13 +1,13 @@
+ '\" t
+ .\"     Title: pam_wrapper
+-.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+-.\" Generator: DocBook XSL Stylesheets v1.79.0 <http://docbook.sf.net/>
+-.\"      Date: 2017-04-06
++.\"    Author: The Samba Team
++.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
++.\"      Date: 2020-01-31
+ .\"    Manual: \ \&
+ .\"    Source: \ \&
+ .\"  Language: English
+ .\"
+-.TH "PAM_WRAPPER" "1" "2017\-04\-06" "\ \&" "\ \&"
++.TH "PAM_WRAPPER" "1" "2020\-01\-31" "\ \&" "\ \&"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -109,6 +109,11 @@ By default pam logs will go to the pam_wrapper DEBUG log level and will not be s
+ .RS 4
+ If this option is set to 1, then pam_wrapper won\(cqt delete its temporary directories\&. Mostly useful for pam_wrapper development\&.
+ .RE
++.PP
++\fBPAM_WRAPPER_DISABLE_DEEPBIND\fR
++.RS 4
++This allows you to disable deep binding in pam_wrapper\&. This is useful for running valgrind tools or sanitizers like (address, undefined, thread)\&.
++.RE
+ .SH "EXAMPLE"
+ .sp
+ A service file for pam_wrapper should look like this:
+@@ -132,3 +137,9 @@ LD_PRELOAD=\&./libpam_wrapper\&.so PAM_WRAPPER=1 PAM_WRAPPER_SERVICE_DIR=\&./pam
+ .SH "PAM_MATRIX"
+ .sp
+ We offer a module to make testing of PAM applications easier\&. You find more information in the pam_matrix(8) manpage\&.
++.SH "AUTHOR"
++.PP
++\fBThe Samba Team\fR
++.RS 4
++Author.
++.RE
+diff --git a/doc/pam_wrapper.1.txt b/doc/pam_wrapper.1.txt
+index 1e93fba..9ef8236 100644
+--- a/doc/pam_wrapper.1.txt
++++ b/doc/pam_wrapper.1.txt
+@@ -1,6 +1,7 @@
+ pam_wrapper(1)
+ ==============
+-:revdate: 2017-04-06
++:author: The Samba Team
++:revdate: 2020-01-31
+ 
+ NAME
+ ----
+@@ -63,6 +64,11 @@ variable to 1.
+ If this option is set to 1, then pam_wrapper won't delete its temporary
+ directories. Mostly useful for pam_wrapper development.
+ 
++*PAM_WRAPPER_DISABLE_DEEPBIND*::
++
++This allows you to disable deep binding in pam_wrapper. This is useful for
++running valgrind tools or sanitizers like (address, undefined, thread).
++
+ EXAMPLE
+ -------
+ 
+-- 
+2.24.1
+
+
+From 079ff217ec67e0d3621927b710046b11a8a6e885 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:03:33 +0100
+Subject: [PATCH 08/27] README: Rename to a markdown file
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CPackConfig.cmake   | 2 +-
+ README => README.md | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+ rename README => README.md (75%)
+
+diff --git a/CPackConfig.cmake b/CPackConfig.cmake
+index 2b27461..ca9b22a 100644
+--- a/CPackConfig.cmake
++++ b/CPackConfig.cmake
+@@ -4,7 +4,7 @@
+ ### general settings
+ set(CPACK_PACKAGE_NAME ${APPLICATION_NAME})
+ set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "The pam_wrapper")
+-set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_SOURCE_DIR}/README")
++set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_SOURCE_DIR}/README.md")
+ set(CPACK_PACKAGE_VENDOR "Samba Team")
+ set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME})
+ set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/LICENSE")
+diff --git a/README b/README.md
+similarity index 75%
+rename from README
+rename to README.md
+index ebc22a8..e0c820b 100644
+--- a/README
++++ b/README.md
+@@ -1,18 +1,18 @@
+ PAM_WRAPPER
+ ===========
+ 
+-This is a wrapper for testing pam modules.
++A tool to test PAM applications and PAM modules
+ 
+ DESCRIPTION
+ -----------
+ 
+ More details can be found in the manpage:
+ 
+-  man -l ./doc/pam_wrapper.1
++    man -l ./doc/pam_wrapper.1
+ 
+ or the raw text version:
+ 
+-  less ./doc/pam_wrapper.1.txt
++    less ./doc/pam_wrapper.1.txt
+ 
+ For installation instructions please take a look at the README.install file.
+ 
+-- 
+2.24.1
+
+
+From 0ab9bb6564475a4df316496abb442e89e510626e Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 12:59:31 +0100
+Subject: [PATCH 09/27] cmake: Require at least cmake 3.5.0
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt        | 13 ++++---------
+ CPackConfig.cmake     |  9 +++------
+ ConfigureChecks.cmake | 14 +++++---------
+ config.h.cmake        |  9 ++-------
+ pam_wrapper.pc.cmake  |  4 ++--
+ 5 files changed, 16 insertions(+), 33 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3b0f148..fe635a9 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -1,17 +1,12 @@
+-project(pam_wrapper C)
+-
+ # Required cmake version
+-cmake_minimum_required(VERSION 2.8.0)
++cmake_minimum_required(VERSION 3.5.0)
++cmake_policy(SET CMP0048 NEW)
++
++project(pam_wrapper VERSION 1.0.7 LANGUAGES C)
+ 
+ # global needed variables
+ set(APPLICATION_NAME ${PROJECT_NAME})
+ 
+-set(APPLICATION_VERSION_MAJOR "1")
+-set(APPLICATION_VERSION_MINOR "0")
+-set(APPLICATION_VERSION_PATCH "7")
+-
+-set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
+-
+ # SOVERSION scheme: CURRENT.AGE.REVISION
+ #   If there was an incompatible interface change:
+ #     Increment CURRENT. Set AGE and REVISION to 0
+diff --git a/CPackConfig.cmake b/CPackConfig.cmake
+index ca9b22a..6081d8f 100644
+--- a/CPackConfig.cmake
++++ b/CPackConfig.cmake
+@@ -2,7 +2,7 @@
+ # http://www.cmake.org/Wiki/CMake:CPackConfiguration
+ 
+ ### general settings
+-set(CPACK_PACKAGE_NAME ${APPLICATION_NAME})
++set(CPACK_PACKAGE_NAME ${PROJECT_NAME})
+ set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "The pam_wrapper")
+ set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_SOURCE_DIR}/README.md")
+ set(CPACK_PACKAGE_VENDOR "Samba Team")
+@@ -11,10 +11,7 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/LICENSE")
+ 
+ 
+ ### versions
+-set(CPACK_PACKAGE_VERSION_MAJOR "${APPLICATION_VERSION_MAJOR}")
+-set(CPACK_PACKAGE_VERSION_MINOR "${APPLICATION_VERSION_MINOR}")
+-set(CPACK_PACKAGE_VERSION_PATCH "${APPLICATION_VERSION_PATCH}")
+-set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
++set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
+ 
+ 
+ ### source generator
+@@ -24,6 +21,6 @@ set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSIO
+ 
+ set(CPACK_PACKAGE_INSTALL_DIRECTORY "pam_wrapper")
+ 
+-set(CPACK_PACKAGE_FILE_NAME ${APPLICATION_NAME}-${CPACK_PACKAGE_VERSION})
++set(CPACK_PACKAGE_FILE_NAME ${PROJECT_NAME}-${CPACK_PACKAGE_VERSION})
+ 
+ include(CPack)
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index 0286eff..ce4a7e5 100644
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -7,15 +7,11 @@ include(CheckStructHasMember)
+ include(CheckPrototypeDefinition)
+ include(TestBigEndian)
+ 
+-set(PACKAGE ${APPLICATION_NAME})
+-set(VERSION ${APPLICATION_VERSION})
+-set(DATADIR ${DATA_INSTALL_DIR})
+-set(LIBDIR ${LIB_INSTALL_DIR})
+-set(PLUGINDIR "${PLUGIN_INSTALL_DIR}-${LIBRARY_SOVERSION}")
+-set(SYSCONFDIR ${SYSCONF_INSTALL_DIR})
+-
+-set(BINARYDIR ${CMAKE_BINARY_DIR})
+-set(SOURCEDIR ${CMAKE_SOURCE_DIR})
++set(PACKAGE ${PROJECT_NAME})
++set(VERSION ${PROJECT_VERSION})
++
++set(BINARYDIR ${pam_wrapper_BINARY_DIR})
++set(SOURCEDIR ${pam_wrapper_SOURCE_DIR})
+ 
+ function(COMPILER_DUMPVERSION _OUTPUT_VERSION)
+     # Remove whitespaces from the argument.
+diff --git a/config.h.cmake b/config.h.cmake
+index 0b18d43..7e4451d 100644
+--- a/config.h.cmake
++++ b/config.h.cmake
+@@ -1,14 +1,9 @@
+ /* Name of package */
+-#cmakedefine PACKAGE "${APPLICATION_NAME}"
++#cmakedefine PACKAGE "${PROJECT_NAME}"
+ 
+ /* Version number of package */
+-#cmakedefine VERSION "${APPLICATION_VERSION}"
++#cmakedefine VERSION "${PROJECT_VERSION}"
+ 
+-#cmakedefine LOCALEDIR "${LOCALE_INSTALL_DIR}"
+-#cmakedefine DATADIR "${DATADIR}"
+-#cmakedefine LIBDIR "${LIBDIR}"
+-#cmakedefine PLUGINDIR "${PLUGINDIR}"
+-#cmakedefine SYSCONFDIR "${SYSCONFDIR}"
+ #cmakedefine BINARYDIR "${BINARYDIR}"
+ #cmakedefine SOURCEDIR "${SOURCEDIR}"
+ 
+diff --git a/pam_wrapper.pc.cmake b/pam_wrapper.pc.cmake
+index c1f407b..a3abf8e 100644
+--- a/pam_wrapper.pc.cmake
++++ b/pam_wrapper.pc.cmake
+@@ -1,6 +1,6 @@
+ modules=@LIB_INSTALL_DIR@/pam_wrapper
+ 
+-Name: @APPLICATION_NAME@
++Name: @PROJECT_NAME@
+ Description: The pam_wrapper library
+-Version: @APPLICATION_VERSION@
++Version: @PROJECT_VERSION@
+ Libs: @LIB_INSTALL_DIR@/@PAM_WRAPPER_LIB@
+-- 
+2.24.1
+
+
+From 774ea4c9154b04ff6cf9fe6dfa30861d1242ff0a Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:06:13 +0100
+Subject: [PATCH 10/27] cmake: Update cmake defaults
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt                                |  4 ----
+ cmake/Modules/DefineCMakeDefaults.cmake       | 19 +++++++------------
+ .../Modules/MacroEnsureOutOfSourceBuild.cmake | 17 -----------------
+ 3 files changed, 7 insertions(+), 33 deletions(-)
+ delete mode 100644 cmake/Modules/MacroEnsureOutOfSourceBuild.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index fe635a9..6d75231 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -33,10 +33,6 @@ include(DefineInstallationPaths)
+ include(DefineOptions.cmake)
+ include(CPackConfig.cmake)
+ 
+-# disallow in-source build
+-include(MacroEnsureOutOfSourceBuild)
+-macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source build. Please create a separate build directory and run 'cmake /path/to/${PROJECT_NAME} [options]' there.")
+-
+ # Find out if we have threading available
+ set(CMAKE_THREAD_PREFER_PTHREADS ON)
+ find_package(Threads)
+diff --git a/cmake/Modules/DefineCMakeDefaults.cmake b/cmake/Modules/DefineCMakeDefaults.cmake
+index 22eda6f..9fb034f 100644
+--- a/cmake/Modules/DefineCMakeDefaults.cmake
++++ b/cmake/Modules/DefineCMakeDefaults.cmake
+@@ -14,17 +14,12 @@ set(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)
+ # since cmake 2.4.0
+ set(CMAKE_COLOR_MAKEFILE ON)
+ 
+-# Define the generic version of the libraries here
+-set(GENERIC_LIB_VERSION "0.1.0")
+-set(GENERIC_LIB_SOVERSION "0")
+-
+-# Set the default build type to release with debug info
+-if (NOT CMAKE_BUILD_TYPE)
+-  set(CMAKE_BUILD_TYPE RelWithDebInfo
+-    CACHE STRING
+-      "Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel."
+-  )
+-endif (NOT CMAKE_BUILD_TYPE)
+-
+ # Create the compile command database for clang by default
+ set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
++
++# Always build with -fPIC
++set(CMAKE_POSITION_INDEPENDENT_CODE ON)
++
++# Avoid source tree pollution
++set(CMAKE_DISABLE_SOURCE_CHANGES ON)
++set(CMAKE_DISABLE_IN_SOURCE_BUILD ON)
+diff --git a/cmake/Modules/MacroEnsureOutOfSourceBuild.cmake b/cmake/Modules/MacroEnsureOutOfSourceBuild.cmake
+deleted file mode 100644
+index a2e9480..0000000
+--- a/cmake/Modules/MacroEnsureOutOfSourceBuild.cmake
++++ /dev/null
+@@ -1,17 +0,0 @@
+-# - MACRO_ENSURE_OUT_OF_SOURCE_BUILD(<errorMessage>)
+-# MACRO_ENSURE_OUT_OF_SOURCE_BUILD(<errorMessage>)
+-
+-# Copyright (c) 2006, Alexander Neundorf, <neundorf at kde.org>
+-#
+-# Redistribution and use is allowed according to the terms of the BSD license.
+-# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+-
+-macro (MACRO_ENSURE_OUT_OF_SOURCE_BUILD _errorMessage)
+-
+-   string(COMPARE EQUAL "${CMAKE_SOURCE_DIR}" "${CMAKE_BINARY_DIR}" _insource)
+-   if (_insource)
+-     message(SEND_ERROR "${_errorMessage}")
+-     message(FATAL_ERROR "Remove the file CMakeCache.txt in ${CMAKE_SOURCE_DIR} first.")
+-   endif (_insource)
+-
+-endmacro (MACRO_ENSURE_OUT_OF_SOURCE_BUILD)
+-- 
+2.24.1
+
+
+From ab1372199122a3cb0123c4d1e4a8d55604d1e85e Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:16:45 +0100
+Subject: [PATCH 11/27] cmake: Improve checks for compiler flags
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt                            |   2 +-
+ CompilerChecks.cmake                      | 114 ++++++++++++++++++++++
+ DefineOptions.cmake                       |   1 +
+ cmake/Modules/AddCCompilerFlag.cmake      |  21 ++++
+ cmake/Modules/CheckCCompilerFlagSSP.cmake |  36 +++++--
+ cmake/Modules/DefineCompilerFlags.cmake   |  78 ---------------
+ src/CMakeLists.txt                        |   5 +
+ src/python/python2/CMakeLists.txt         |   2 +
+ src/python/python3/CMakeLists.txt         |   2 +
+ 9 files changed, 175 insertions(+), 86 deletions(-)
+ create mode 100644 CompilerChecks.cmake
+ create mode 100644 cmake/Modules/AddCCompilerFlag.cmake
+ delete mode 100644 cmake/Modules/DefineCompilerFlags.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6d75231..608f94f 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -28,10 +28,10 @@ set(CMAKE_MODULE_PATH
+ # add definitions
+ include(DefineCMakeDefaults)
+ include(DefinePlatformDefaults)
+-include(DefineCompilerFlags)
+ include(DefineInstallationPaths)
+ include(DefineOptions.cmake)
+ include(CPackConfig.cmake)
++include(CompilerChecks.cmake)
+ 
+ # Find out if we have threading available
+ set(CMAKE_THREAD_PREFER_PTHREADS ON)
+diff --git a/CompilerChecks.cmake b/CompilerChecks.cmake
+new file mode 100644
+index 0000000..4fa1a83
+--- /dev/null
++++ b/CompilerChecks.cmake
+@@ -0,0 +1,114 @@
++include(AddCCompilerFlag)
++include(CheckCCompilerFlagSSP)
++
++if (UNIX)
++    #
++    # Check for -Werror turned on if possible
++    #
++    # This will prevent that compiler flags are detected incorrectly.
++    #
++    check_c_compiler_flag("-Werror" REQUIRED_FLAGS_WERROR)
++    if (REQUIRED_FLAGS_WERROR)
++        set(CMAKE_REQUIRED_FLAGS "-Werror")
++
++        if (PICKY_DEVELOPER)
++            list(APPEND SUPPORTED_COMPILER_FLAGS "-Werror")
++        endif()
++    endif()
++
++    add_c_compiler_flag("-std=gnu99" SUPPORTED_COMPILER_FLAGS)
++    #add_c_compiler_flag("-Wpedantic" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wall" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wshadow" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wmissing-prototypes" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wcast-align" SUPPORTED_COMPILER_FLAGS)
++    #add_c_compiler_flag("-Wcast-qual" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=address" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wstrict-prototypes" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=strict-prototypes" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wwrite-strings" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=write-strings" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror-implicit-function-declaration" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wpointer-arith" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=pointer-arith" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wdeclaration-after-statement" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=declaration-after-statement" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wreturn-type" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=return-type" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wuninitialized" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=uninitialized" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wimplicit-fallthrough" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=strict-overflow" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wstrict-overflow=2" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Wno-format-zero-length" SUPPORTED_COMPILER_FLAGS)
++
++    check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT)
++    if (REQUIRED_FLAGS_WFORMAT)
++        list(APPEND SUPPORTED_COMPILER_FLAGS "-Wformat")
++        set(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -Wformat")
++    endif()
++    add_c_compiler_flag("-Wformat-security" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("-Werror=format-security" SUPPORTED_COMPILER_FLAGS)
++
++    # Allow zero for a variadic macro argument
++    string(TOLOWER "${CMAKE_C_COMPILER_ID}" _C_COMPILER_ID)
++    if ("${_C_COMPILER_ID}" STREQUAL "clang")
++        add_c_compiler_flag("-Wno-gnu-zero-variadic-macro-arguments" SUPPORTED_COMPILER_FLAGS)
++    endif()
++
++    add_c_compiler_flag("-fno-common" SUPPORTED_COMPILER_FLAGS)
++
++    if (CMAKE_BUILD_TYPE)
++        string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
++        if (CMAKE_BUILD_TYPE_LOWER MATCHES (release|relwithdebinfo|minsizerel))
++            add_c_compiler_flag("-Wp,-D_FORTIFY_SOURCE=2" SUPPORTED_COMPILER_FLAGS)
++        endif()
++    endif()
++
++    if (NOT SOLARIS)
++        check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
++        if (WITH_STACK_PROTECTOR_STRONG)
++            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
++            # This is needed as Solaris has a seperate libssp
++            if (SOLARIS)
++                list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
++            endif()
++        else (WITH_STACK_PROTECTOR_STRONG)
++            check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
++            if (WITH_STACK_PROTECTOR)
++                list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
++                # This is needed as Solaris has a seperate libssp
++                if (SOLARIS)
++                    list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
++                endif()
++            endif()
++        endif (WITH_STACK_PROTECTOR_STRONG)
++
++        check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
++        if (WITH_STACK_CLASH_PROTECTION)
++            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
++        endif()
++    endif()
++
++    if (PICKY_DEVELOPER)
++        add_c_compiler_flag("-Wno-error=deprecated-declarations" SUPPORTED_COMPILER_FLAGS)
++        add_c_compiler_flag("-Wno-error=tautological-compare" SUPPORTED_COMPILER_FLAGS)
++    endif()
++
++    # Unset CMAKE_REQUIRED_FLAGS
++    unset(CMAKE_REQUIRED_FLAGS)
++endif()
++
++if (MSVC)
++    add_c_compiler_flag("/D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("/D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT=1" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("/D _CRT_NONSTDC_NO_WARNINGS=1" SUPPORTED_COMPILER_FLAGS)
++    add_c_compiler_flag("/D _CRT_SECURE_NO_WARNINGS=1" SUPPORTED_COMPILER_FLAGS)
++endif()
++
++if (SUPPORTED_COMPILER_FLAGS)
++    set(DEFAULT_C_COMPILE_FLAGS ${SUPPORTED_COMPILER_FLAGS} CACHE INTERNAL "Default C Compiler Flags" FORCE)
++endif()
++if (SUPPORTED_LINKER_FLAGS)
++    set(DEFAULT_LINK_FLAGS ${SUPPORTED_LINKER_FLAGS} CACHE INTERNAL "Default C Linker Flags" FORCE)
++endif()
+diff --git a/DefineOptions.cmake b/DefineOptions.cmake
+index 6030e79..8fc654d 100644
+--- a/DefineOptions.cmake
++++ b/DefineOptions.cmake
+@@ -1 +1,2 @@
+ option(UNIT_TESTING "Build with unit tests" OFF)
++option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
+diff --git a/cmake/Modules/AddCCompilerFlag.cmake b/cmake/Modules/AddCCompilerFlag.cmake
+new file mode 100644
+index 0000000..c24c215
+--- /dev/null
++++ b/cmake/Modules/AddCCompilerFlag.cmake
+@@ -0,0 +1,21 @@
++#
++# add_c_compiler_flag("-Werror" SUPPORTED_CFLAGS)
++#
++# Copyright (c) 2018      Andreas Schneider <asn at cryptomilk.org>
++#
++# Redistribution and use is allowed according to the terms of the BSD license.
++# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
++
++include(CheckCCompilerFlag)
++
++macro(add_c_compiler_flag _COMPILER_FLAG _OUTPUT_VARIABLE)
++    string(TOUPPER ${_COMPILER_FLAG} _COMPILER_FLAG_NAME)
++    string(REGEX REPLACE "^-" "" _COMPILER_FLAG_NAME "${_COMPILER_FLAG_NAME}")
++    string(REGEX REPLACE "(-|=|\ )" "_" _COMPILER_FLAG_NAME "${_COMPILER_FLAG_NAME}")
++
++    check_c_compiler_flag("${_COMPILER_FLAG}" WITH_${_COMPILER_FLAG_NAME}_FLAG)
++    if (WITH_${_COMPILER_FLAG_NAME}_FLAG)
++        #string(APPEND ${_OUTPUT_VARIABLE} "${_COMPILER_FLAG} ")
++        list(APPEND ${_OUTPUT_VARIABLE} ${_COMPILER_FLAG})
++    endif()
++endmacro()
+diff --git a/cmake/Modules/CheckCCompilerFlagSSP.cmake b/cmake/Modules/CheckCCompilerFlagSSP.cmake
+index 2fe4395..eeaf4fc 100644
+--- a/cmake/Modules/CheckCCompilerFlagSSP.cmake
++++ b/cmake/Modules/CheckCCompilerFlagSSP.cmake
+@@ -15,12 +15,34 @@
+ # Redistribution and use is allowed according to the terms of the BSD license.
+ # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+ 
+-
++# Requires cmake 3.10
++#include_guard(GLOBAL)
+ include(CheckCSourceCompiles)
++include(CMakeCheckCompilerFlagCommonPatterns)
++
++macro(CHECK_C_COMPILER_FLAG_SSP _FLAG _RESULT)
++   set(SAFE_CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS}")
++   set(CMAKE_REQUIRED_FLAGS "${_FLAG}")
++
++   # Normalize locale during test compilation.
++   set(_CheckCCompilerFlag_LOCALE_VARS LC_ALL LC_MESSAGES LANG)
++   foreach(v ${_CheckCCompilerFlag_LOCALE_VARS})
++     set(_CheckCCompilerFlag_SAVED_${v} "$ENV{${v}}")
++     set(ENV{${v}} C)
++   endforeach()
++
++   CHECK_COMPILER_FLAG_COMMON_PATTERNS(_CheckCCompilerFlag_COMMON_PATTERNS)
++   check_c_source_compiles("int main(int argc, char **argv) { char buffer[256]; return buffer[argc]=0;}"
++                           ${_RESULT}
++                           # Some compilers do not fail with a bad flag
++                           FAIL_REGEX "command line option .* is valid for .* but not for C" # GNU
++                           ${_CheckCCompilerFlag_COMMON_PATTERNS})
++   foreach(v ${_CheckCCompilerFlag_LOCALE_VARS})
++     set(ENV{${v}} ${_CheckCCompilerFlag_SAVED_${v}})
++     unset(_CheckCCompilerFlag_SAVED_${v})
++   endforeach()
++   unset(_CheckCCompilerFlag_LOCALE_VARS)
++   unset(_CheckCCompilerFlag_COMMON_PATTERNS)
+ 
+-function(CHECK_C_COMPILER_FLAG_SSP _FLAG _RESULT)
+-   set(SAFE_CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS}")
+-   set(CMAKE_REQUIRED_DEFINITIONS "${_FLAG}")
+-   check_c_source_compiles("int main(int argc, char **argv) { char buffer[256]; return buffer[argc]=0;}" ${_RESULT})
+-   set(CMAKE_REQUIRED_DEFINITIONS "${SAFE_CMAKE_REQUIRED_DEFINITIONS}")
+-endfunction(CHECK_C_COMPILER_FLAG_SSP)
++   set(CMAKE_REQUIRED_FLAGS "${SAFE_CMAKE_REQUIRED_FLAGS}")
++endmacro(CHECK_C_COMPILER_FLAG_SSP)
+diff --git a/cmake/Modules/DefineCompilerFlags.cmake b/cmake/Modules/DefineCompilerFlags.cmake
+deleted file mode 100644
+index e3cd6a1..0000000
+--- a/cmake/Modules/DefineCompilerFlags.cmake
++++ /dev/null
+@@ -1,78 +0,0 @@
+-# define system dependent compiler flags
+-
+-include(CheckCCompilerFlag)
+-include(CheckCCompilerFlagSSP)
+-
+-if (UNIX AND NOT WIN32)
+-    #
+-    # Define GNUCC compiler flags
+-    #
+-    if (${CMAKE_C_COMPILER_ID} MATCHES "(GNU|Clang)")
+-
+-        # add -Wconversion ?
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -pedantic -pedantic-errors")
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wshadow -Wmissing-prototypes -Wdeclaration-after-statement")
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wunused -Wfloat-equal -Wpointer-arith -Wwrite-strings -Wformat-security")
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-format-attribute")
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_GNU_SOURCE")
+-
+-        # with -fPIC
+-        check_c_compiler_flag("-fPIC" WITH_FPIC)
+-        if (WITH_FPIC)
+-            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+-        endif (WITH_FPIC)
+-
+-        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
+-        if (WITH_STACK_PROTECTOR)
+-            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
+-        endif (WITH_STACK_PROTECTOR)
+-
+-        if (CMAKE_BUILD_TYPE)
+-            string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+-            if (CMAKE_BUILD_TYPE_LOWER MATCHES (release|relwithdebinfo|minsizerel))
+-                check_c_compiler_flag("-Wp,-D_FORTIFY_SOURCE=2" WITH_FORTIFY_SOURCE)
+-                if (WITH_FORTIFY_SOURCE)
+-                    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wp,-D_FORTIFY_SOURCE=2")
+-                endif (WITH_FORTIFY_SOURCE)
+-            endif()
+-        endif()
+-    endif (${CMAKE_C_COMPILER_ID} MATCHES "(GNU|Clang)")
+-
+-    #
+-    # Check for large filesystem support
+-    #
+-    if (CMAKE_SIZEOF_VOID_P MATCHES "8")
+-        # with large file support
+-        execute_process(
+-            COMMAND
+-                getconf LFS64_CFLAGS
+-            OUTPUT_VARIABLE
+-                _lfs_CFLAGS
+-            ERROR_QUIET
+-            OUTPUT_STRIP_TRAILING_WHITESPACE
+-        )
+-    else (CMAKE_SIZEOF_VOID_P MATCHES "8")
+-        # with large file support
+-        execute_process(
+-            COMMAND
+-                getconf LFS_CFLAGS
+-            OUTPUT_VARIABLE
+-                _lfs_CFLAGS
+-            ERROR_QUIET
+-            OUTPUT_STRIP_TRAILING_WHITESPACE
+-        )
+-    endif (CMAKE_SIZEOF_VOID_P MATCHES "8")
+-    if (_lfs_CFLAGS)
+-        string(REGEX REPLACE "[\r\n]" " " "${_lfs_CFLAGS}" "${${_lfs_CFLAGS}}")
+-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_lfs_CFLAGS}")
+-    endif (_lfs_CFLAGS)
+-
+-endif (UNIX AND NOT WIN32)
+-
+-if (MSVC)
+-    # Use secure functions by defaualt and suppress warnings about
+-    #"deprecated" functions
+-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES=1")
+-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /D _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_COUNT=1")
+-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /D _CRT_NONSTDC_NO_WARNINGS=1 /D _CRT_SECURE_NO_WARNINGS=1")
+-endif (MSVC)
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index e3a1efd..6d70f39 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -17,6 +17,9 @@ endif (HAVE_OPENPAM)
+ 
+ target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES} ${DLFCN_LIBRARY})
+ 
++target_compile_options(pam_wrapper
++                       PRIVATE ${DEFAULT_C_COMPILE_FLAGS} -D_GNU_SOURCE=1)
++
+ set_target_properties(
+   pam_wrapper
+     PROPERTIES
+@@ -57,6 +60,8 @@ add_library(pamtest SHARED
+             ${pamtest_HEADERS}
+ )
+ target_link_libraries(pamtest ${PAM_LIBRARIES})
++target_compile_options(pamtest
++                       PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+ 
+ set_target_properties(pamtest
+     PROPERTIES
+diff --git a/src/python/python2/CMakeLists.txt b/src/python/python2/CMakeLists.txt
+index 02b4063..faba210 100644
+--- a/src/python/python2/CMakeLists.txt
++++ b/src/python/python2/CMakeLists.txt
+@@ -34,6 +34,8 @@ if (PYTHON2_INCLUDE_DIR AND PYTHON2_LIBRARY AND PYTHON2_SITELIB)
+ 
+     python_add_module(python2-pamtest ${pypamtest_SOURCE_DIR}/pypamtest.c)
+     target_link_libraries(python2-pamtest pamtest ${PYTHON2_LIBRARY})
++    target_compile_options(python2-pamtest
++                           PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+     set_target_properties(python2-pamtest PROPERTIES OUTPUT_NAME "pypamtest")
+ 
+     install(TARGETS
+diff --git a/src/python/python3/CMakeLists.txt b/src/python/python3/CMakeLists.txt
+index 1a61303..a27e90d 100644
+--- a/src/python/python3/CMakeLists.txt
++++ b/src/python/python3/CMakeLists.txt
+@@ -34,6 +34,8 @@ if (PYTHON3_INCLUDE_DIR AND PYTHON3_LIBRARY AND PYTHON3_SITELIB)
+ 
+     python_add_module(python3-pamtest ${pypamtest_SOURCE_DIR}/pypamtest.c)
+     target_link_libraries(python3-pamtest pamtest ${PYTHON3_LIBRARY})
++    target_compile_options(python3-pamtest
++                           PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+     set_target_properties(python3-pamtest PROPERTIES OUTPUT_NAME "pypamtest")
+ 
+     install(TARGETS
+-- 
+2.24.1
+
+
+From 409b19821e0b8c8ed8ab20bab821190364d3fc8f Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:19:41 +0100
+Subject: [PATCH 12/27] cmake: Move compiler flags to new file
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt                          | 15 +++++++++------
+ cmake/Modules/AddCMockaTest.cmake       |  7 -------
+ cmake/Modules/DefineCompilerFlags.cmake | 13 +++++++++++++
+ 3 files changed, 22 insertions(+), 13 deletions(-)
+ create mode 100644 cmake/Modules/DefineCompilerFlags.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 608f94f..a69a908 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -2,6 +2,15 @@
+ cmake_minimum_required(VERSION 3.5.0)
+ cmake_policy(SET CMP0048 NEW)
+ 
++# Specify search path for CMake modules to be loaded by include()
++# and find_package()
++list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
++
++# Add defaults for cmake
++# Those need to be set before the project() call.
++include(DefineCMakeDefaults)
++include(DefineCompilerFlags)
++
+ project(pam_wrapper VERSION 1.0.7 LANGUAGES C)
+ 
+ # global needed variables
+@@ -20,13 +29,7 @@ set(LIBRARY_SOVERSION "0")
+ set(PAMTEST_LIBRARY_VERSION "0.0.4")
+ set(PAMTEST_LIBRARY_SOVERSION "0")
+ 
+-# where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
+-set(CMAKE_MODULE_PATH
+-  ${CMAKE_SOURCE_DIR}/cmake/Modules
+-)
+-
+ # add definitions
+-include(DefineCMakeDefaults)
+ include(DefinePlatformDefaults)
+ include(DefineInstallationPaths)
+ include(DefineOptions.cmake)
+diff --git a/cmake/Modules/AddCMockaTest.cmake b/cmake/Modules/AddCMockaTest.cmake
+index b2d1ca8..6a34e76 100644
+--- a/cmake/Modules/AddCMockaTest.cmake
++++ b/cmake/Modules/AddCMockaTest.cmake
+@@ -9,13 +9,6 @@
+ enable_testing()
+ include(CTest)
+ 
+-if(CMAKE_COMPILER_IS_GNUCC AND NOT MINGW)
+-    set(CMAKE_C_FLAGS_PROFILING "-g -O0 -Wall -W -Wshadow -Wunused-variable -Wunused-parameter -Wunused-function -Wunused -Wno-system-headers -Wwrite-strings -fprofile-arcs -ftest-coverage" CACHE STRING "Profiling Compiler Flags")
+-    set(CMAKE_SHARED_LINKER_FLAGS_PROFILING " -fprofile-arcs -ftest-coverage" CACHE STRING "Profiling Linker Flags")
+-    set(CMAKE_MODULE_LINKER_FLAGS_PROFILING " -fprofile-arcs -ftest-coverage" CACHE STRING "Profiling Linker Flags")
+-    set(CMAKE_EXEC_LINKER_FLAGS_PROFILING " -fprofile-arcs -ftest-coverage" CACHE STRING "Profiling Linker Flags")
+-endif(CMAKE_COMPILER_IS_GNUCC AND NOT MINGW)
+-
+ function (ADD_CMOCKA_TEST _testName _testSource)
+     add_executable(${_testName} ${_testSource})
+     target_link_libraries(${_testName} ${ARGN})
+diff --git a/cmake/Modules/DefineCompilerFlags.cmake b/cmake/Modules/DefineCompilerFlags.cmake
+new file mode 100644
+index 0000000..4edb6d9
+--- /dev/null
++++ b/cmake/Modules/DefineCompilerFlags.cmake
+@@ -0,0 +1,13 @@
++if (UNIX AND NOT WIN32)
++    # Activate with: -DCMAKE_BUILD_TYPE=Profiling
++    set(CMAKE_C_FLAGS_PROFILING "-O0 -g -fprofile-arcs -ftest-coverage"
++        CACHE STRING "Flags used by the C compiler during PROFILING builds.")
++    set(CMAKE_CXX_FLAGS_PROFILING "-O0 -g -fprofile-arcs -ftest-coverage"
++        CACHE STRING "Flags used by the CXX compiler during PROFILING builds.")
++    set(CMAKE_SHARED_LINKER_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during PROFILING builds.")
++    set(CMAKE_MODULE_LINKER_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during PROFILING builds.")
++    set(CMAKE_EXEC_LINKER_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage"
++        CACHE STRING "Flags used by the linker during PROFILING builds.")
++endif()
+-- 
+2.24.1
+
+
+From 540fa3e220ac51cc9d2205fc9e7562939ccae981 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:22:50 +0100
+Subject: [PATCH 13/27] cmake: Look for cmocka 1.1.0 at least
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index a69a908..7d9bb42 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -49,7 +49,7 @@ add_subdirectory(src)
+ add_subdirectory(include)
+ 
+ if (UNIT_TESTING)
+-    find_package(CMocka REQUIRED)
++    find_package(CMocka 1.1.0 REQUIRED)
+     include(AddCMockaTest)
+     add_subdirectory(tests)
+ endif (UNIT_TESTING)
+-- 
+2.24.1
+
+
+From 3fa08f9ad0687569ce0f226b28624a6e2c63f2ee Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:25:59 +0100
+Subject: [PATCH 14/27] cmake: Update add_cmocka_test()
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ cmake/Modules/AddCMockaTest.cmake | 141 ++++++++++++++++++++++++++++--
+ tests/CMakeLists.txt              |   5 +-
+ 2 files changed, 138 insertions(+), 8 deletions(-)
+
+diff --git a/cmake/Modules/AddCMockaTest.cmake b/cmake/Modules/AddCMockaTest.cmake
+index 6a34e76..498ced8 100644
+--- a/cmake/Modules/AddCMockaTest.cmake
++++ b/cmake/Modules/AddCMockaTest.cmake
+@@ -1,16 +1,143 @@
+-# - ADD_CHECK_TEST(test_name test_source linklib1 ... linklibN)
+-
++#
+ # Copyright (c) 2007      Daniel Gollub <dgollub at suse.de>
+-# Copyright (c) 2007-2010 Andreas Schneider <asn at cynapses.org>
++# Copyright (c) 2007-2018 Andreas Schneider <asn at cryptomilk.org>
++# Copyright (c) 2018      Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
+ #
+ # Redistribution and use is allowed according to the terms of the BSD license.
+ # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+ 
++#.rst:
++# AddCMockaTest
++# -------------
++#
++# This file provides a function to add a test
++#
++# Functions provided
++# ------------------
++#
++# ::
++#
++#   add_cmocka_test(target_name
++#                   SOURCES src1 src2 ... srcN
++#                   [COMPILE_OPTIONS opt1 opt2 ... optN]
++#                   [LINK_LIBRARIES lib1 lib2 ... libN]
++#                   [LINK_OPTIONS lopt1 lop2 .. loptN]
++#                  )
++#
++# ``target_name``:
++#   Required, expects the name of the test which will be used to define a target
++#
++# ``SOURCES``:
++#   Required, expects one or more source files names
++#
++# ``COMPILE_OPTIONS``:
++#   Optional, expects one or more options to be passed to the compiler
++#
++# ``LINK_LIBRARIES``:
++#   Optional, expects one or more libraries to be linked with the test
++#   executable.
++#
++# ``LINK_OPTIONS``:
++#   Optional, expects one or more options to be passed to the linker
++#
++#
++# Example:
++#
++# .. code-block:: cmake
++#
++#   add_cmocka_test(my_test
++#                   SOURCES my_test.c other_source.c
++#                   COMPILE_OPTIONS -g -Wall
++#                   LINK_LIBRARIES mylib
++#                   LINK_OPTIONS -Wl,--enable-syscall-fixup
++#                  )
++#
++# Where ``my_test`` is the name of the test, ``my_test.c`` and
++# ``other_source.c`` are sources for the binary, ``-g -Wall`` are compiler
++# options to be used, ``mylib`` is a target of a library to be linked, and
++# ``-Wl,--enable-syscall-fixup`` is an option passed to the linker.
++#
++
+ enable_testing()
+ include(CTest)
+ 
+-function (ADD_CMOCKA_TEST _testName _testSource)
+-    add_executable(${_testName} ${_testSource})
+-    target_link_libraries(${_testName} ${ARGN})
+-    add_test(${_testName} ${CMAKE_CURRENT_BINARY_DIR}/${_testName})
++if (CMAKE_CROSSCOMPILING)
++    if (WIN32)
++        find_program(WINE_EXECUTABLE
++                     NAMES wine)
++        set(TARGET_SYSTEM_EMULATOR ${WINE_EXECUTABLE} CACHE INTERNAL "")
++    endif()
++endif()
++
++function(ADD_CMOCKA_TEST _TARGET_NAME)
++
++    set(one_value_arguments
++    )
++
++    set(multi_value_arguments
++        SOURCES
++        COMPILE_OPTIONS
++        LINK_LIBRARIES
++        LINK_OPTIONS
++    )
++
++    cmake_parse_arguments(_add_cmocka_test
++        ""
++        "${one_value_arguments}"
++        "${multi_value_arguments}"
++        ${ARGN}
++    )
++
++    if (NOT DEFINED _add_cmocka_test_SOURCES)
++        message(FATAL_ERROR "No sources provided for target ${_TARGET_NAME}")
++    endif()
++
++    add_executable(${_TARGET_NAME} ${_add_cmocka_test_SOURCES})
++
++    if (DEFINED _add_cmocka_test_COMPILE_OPTIONS)
++        target_compile_options(${_TARGET_NAME}
++            PRIVATE ${_add_cmocka_test_COMPILE_OPTIONS}
++        )
++    endif()
++
++    if (DEFINED _add_cmocka_test_LINK_LIBRARIES)
++        target_link_libraries(${_TARGET_NAME}
++            PRIVATE ${_add_cmocka_test_LINK_LIBRARIES}
++        )
++    endif()
++
++    if (DEFINED _add_cmocka_test_LINK_OPTIONS)
++        set_target_properties(${_TARGET_NAME}
++            PROPERTIES LINK_FLAGS
++            ${_add_cmocka_test_LINK_OPTIONS}
++        )
++    endif()
++
++    add_test(${_TARGET_NAME}
++        ${TARGET_SYSTEM_EMULATOR} ${_TARGET_NAME}
++    )
++
+ endfunction (ADD_CMOCKA_TEST)
++
++function(ADD_CMOCKA_TEST_ENVIRONMENT _TARGET_NAME)
++    if (WIN32 OR CYGWIN OR MINGW OR MSVC)
++        file(TO_NATIVE_PATH "${cmocka-library_BINARY_DIR}" CMOCKA_DLL_PATH)
++
++        if (TARGET_SYSTEM_EMULATOR)
++            set(DLL_PATH_ENV "WINEPATH=${CMOCKA_DLL_PATH};$ENV{WINEPATH}")
++        else()
++            set(DLL_PATH_ENV "PATH=${CMOCKA_DLL_PATH};$ENV{PATH}")
++        endif()
++        #
++        # IMPORTANT NOTE: The set_tests_properties(), below, internally
++        # stores its name/value pairs with a semicolon delimiter.
++        # because of this we must protect the semicolons in the path
++        #
++        string(REPLACE ";" "\\;" DLL_PATH_ENV "${DLL_PATH_ENV}")
++
++        set_tests_properties(${_TARGET_NAME}
++                             PROPERTIES
++                                ENVIRONMENT
++                                    "${DLL_PATH_ENV}")
++    endif()
++endfunction()
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 997c15e..e40341d 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -40,7 +40,10 @@ set(TEST_LIBRARIES
+     ${PAM_LIBRARIES}
+ )
+ 
+-add_cmocka_test(test_pam_wrapper test_pam_wrapper.c ${TEST_LIBRARIES})
++add_cmocka_test(test_pam_wrapper
++                SOURCES test_pam_wrapper.c
++                COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
++                LINK_LIBRARIES ${TEST_LIBRARIES})
+ set_property(
+     TEST
+         test_pam_wrapper
+-- 
+2.24.1
+
+
+From 9e7cb4964f07d136ba6f34ec8556b488fb469ede Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:21:06 +0100
+Subject: [PATCH 15/27] cmake: Add AddressSanitizer and UndefinedSanitizer
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ cmake/Modules/DefineCompilerFlags.cmake | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/cmake/Modules/DefineCompilerFlags.cmake b/cmake/Modules/DefineCompilerFlags.cmake
+index 4edb6d9..3277b99 100644
+--- a/cmake/Modules/DefineCompilerFlags.cmake
++++ b/cmake/Modules/DefineCompilerFlags.cmake
+@@ -10,4 +10,28 @@ if (UNIX AND NOT WIN32)
+         CACHE STRING "Flags used by the linker during the creation of shared libraries during PROFILING builds.")
+     set(CMAKE_EXEC_LINKER_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage"
+         CACHE STRING "Flags used by the linker during PROFILING builds.")
++
++    # Activate with: -DCMAKE_BUILD_TYPE=AddressSanitizer
++    set(CMAKE_C_FLAGS_ADDRESSSANITIZER "-g -O1 -fsanitize=address -fno-omit-frame-pointer"
++        CACHE STRING "Flags used by the C compiler during ADDRESSSANITIZER builds.")
++    set(CMAKE_CXX_FLAGS_ADDRESSSANITIZER "-g -O1 -fsanitize=address -fno-omit-frame-pointer"
++        CACHE STRING "Flags used by the CXX compiler during ADDRESSSANITIZER builds.")
++    set(CMAKE_SHARED_LINKER_FLAGS_ADDRESSSANITIZER "-fsanitize=address"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during ADDRESSSANITIZER builds.")
++    set(CMAKE_MODULE_LINKER_FLAGS_ADDRESSSANITIZER "-fsanitize=address"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during ADDRESSSANITIZER builds.")
++    set(CMAKE_EXEC_LINKER_FLAGS_ADDRESSSANITIZER "-fsanitize=address"
++        CACHE STRING "Flags used by the linker during ADDRESSSANITIZER builds.")
++
++    # Activate with: -DCMAKE_BUILD_TYPE=UndefinedSanitizer
++    set(CMAKE_C_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
++        CACHE STRING "Flags used by the C compiler during UNDEFINEDSANITIZER builds.")
++    set(CMAKE_CXX_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
++        CACHE STRING "Flags used by the CXX compiler during UNDEFINEDSANITIZER builds.")
++    set(CMAKE_SHARED_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during UNDEFINEDSANITIZER builds.")
++    set(CMAKE_MODULE_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
++        CACHE STRING "Flags used by the linker during the creation of shared libraries during UNDEFINEDSANITIZER builds.")
++    set(CMAKE_EXEC_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
++        CACHE STRING "Flags used by the linker during UNDEFINEDSANITIZER builds.")
+ endif()
+-- 
+2.24.1
+
+
+From 93d2b76e86b249838bcb700d15b3846f2415494d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:32:46 +0100
+Subject: [PATCH 16/27] cmake: Support running the tests with AddressSanitizer
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ tests/CMakeLists.txt | 62 ++++++++++++++++++++++++++++++--------------
+ 1 file changed, 43 insertions(+), 19 deletions(-)
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index e40341d..494e511 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -22,12 +22,46 @@ configure_file(services/matrix_py.in ${CMAKE_CURRENT_BINARY_DIR}/services/matrix
+ 
+ configure_file(services/pwrap_get_set.in ${CMAKE_CURRENT_BINARY_DIR}/services/pwrap_get_set @ONLY)
+ 
+-if (OSX)
+-	set(TEST_ENVIRONMENT DYLD_FORCE_FLAT_NAMESPACE=1;DYLD_INSERT_LIBRARIES=${PAM_WRAPPER_LOCATION};PAM_WRAPPER=1;PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/services})
+-	add_definitions(-DOSX)
+-else ()
+-	set(TEST_ENVIRONMENT LD_PRELOAD=${PAM_WRAPPER_LOCATION};PAM_WRAPPER=1;PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/services)
+-endif ()
++function(ADD_CMOCKA_TEST_ENVIRONMENT _TEST_NAME)
++    if (CMAKE_BUILD_TYPE)
++        string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
++        if (CMAKE_BUILD_TYPE_LOWER STREQUAL "addresssanitizer")
++            find_library(ASAN_LIBRARY
++                         NAMES asan)
++            if (NOT ASAN_LIBRARY)
++                foreach(version RANGE 10 1)
++                    if (NOT ASAN_LIBRARY)
++                        find_library(ASAN_LIBRARY libasan.so.${version})
++                    endif()
++                endforeach()
++            endif()
++        endif()
++    endif()
++
++    if (ASAN_LIBRARY)
++        list(APPEND PRELOAD_LIBRARIES ${ASAN_LIBRARY})
++    endif()
++    list(APPEND PRELOAD_LIBRARIES ${PAM_WRAPPER_LOCATION})
++
++    if (OSX)
++        set(TORTURE_ENVIRONMENT "DYLD_FORCE_FLAT_NAMESPACE=1;DYLD_INSERT_LIBRARIES=${RESOLV_WRAPPER_LOCATION}:${SOCKET_WRAPPER_LIBRARY}")
++    else ()
++        string(REPLACE ";" ":" _TMP_ENV "${PRELOAD_LIBRARIES}")
++        set(TORTURE_ENVIRONMENT "LD_PRELOAD=${_TMP_ENV}")
++    endif()
++
++    list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER=1)
++    list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/services)
++
++    foreach(_arg ${ARGN})
++        list(APPEND TORTURE_ENVIRONMENT ${_arg})
++    endforeach()
++
++    set_property(TEST
++                    ${_TEST_NAME}
++                PROPERTY
++                    ENVIRONMENT "${TORTURE_ENVIRONMENT}")
++endfunction()
+ 
+ set(PAM_LIBRARIES pam)
+ if (HAVE_PAM_MISC)
+@@ -44,11 +78,7 @@ add_cmocka_test(test_pam_wrapper
+                 SOURCES test_pam_wrapper.c
+                 COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
+                 LINK_LIBRARIES ${TEST_LIBRARIES})
+-set_property(
+-    TEST
+-        test_pam_wrapper
+-    PROPERTY
+-        ENVIRONMENT ${TEST_ENVIRONMENT})
++add_cmocka_test_environment(test_pam_wrapper)
+ 
+ if (PYTHON2_EXECUTABLE)
+     add_test(NAME
+@@ -56,10 +86,7 @@ if (PYTHON2_EXECUTABLE)
+              COMMAND
+                 ${PYTHON2_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
+ 
+-    set_property(TEST
+-                    py2pamtest_test
+-                 PROPERTY
+-                    ENVIRONMENT ${TEST_ENVIRONMENT})
++    add_cmocka_test_environment(py2pamtest_test)
+ endif()
+ 
+ if (PYTHON3_EXECUTABLE)
+@@ -68,8 +95,5 @@ if (PYTHON3_EXECUTABLE)
+              COMMAND
+                 ${PYTHON3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
+ 
+-    set_property(TEST
+-                    py3pamtest_test
+-                 PROPERTY
+-                    ENVIRONMENT ${TEST_ENVIRONMENT})
++    add_cmocka_test_environment(py3pamtest_test)
+ endif()
+-- 
+2.24.1
+
+
+From 4ee0477380500ef911b64acc36b118d053854f0d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:41:35 +0100
+Subject: [PATCH 17/27] cmake: Use target_include_directories()
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt             |  2 +-
+ src/CMakeLists.txt         | 23 ++++++++++++-----------
+ src/modules/CMakeLists.txt |  4 ++++
+ tests/CMakeLists.txt       | 11 ++++-------
+ 4 files changed, 21 insertions(+), 19 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 7d9bb42..61be71a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -45,8 +45,8 @@ include(ConfigureChecks.cmake)
+ configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
+ 
+ # check subdirectories
+-add_subdirectory(src)
+ add_subdirectory(include)
++add_subdirectory(src)
+ 
+ if (UNIT_TESTING)
+     find_package(CMocka 1.1.0 REQUIRED)
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 6d70f39..45e6a81 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -1,12 +1,14 @@
+ project(libpam_wrapper C)
+ 
+-include_directories(${CMAKE_BINARY_DIR})
+-
+ ###########################################################
+ ### pam_wrapper
+ ###########################################################
+ 
+ add_library(pam_wrapper SHARED pam_wrapper.c)
++target_include_directories(pam_wrapper
++                           PRIVATE
++                               ${pam_wrapper-headers_SOURCE_DIR}
++                               ${pam_wrapper_BINARY_DIR})
+ 
+ set(PAM_WRAPPER_LIBRARIES
+ 	${PAMWRAP_REQUIRED_LIBRARIES}
+@@ -45,20 +47,19 @@ set(pamtest_SOURCES
+     libpamtest.c
+ )
+ 
+-set(pamtest_HEADERS
+-    ${CMAKE_SOURCE_DIR}/include/libpamtest.h
+-)
+-include_directories(${CMAKE_SOURCE_DIR}/include)
+-
+ set(PAM_LIBRARIES pam)
+ if (HAVE_PAM_MISC)
+ 	list(APPEND PAM_LIBRARIES pam_misc)
+ endif (HAVE_PAM_MISC)
+ 
+-add_library(pamtest SHARED
+-            ${pamtest_SOURCES}
+-            ${pamtest_HEADERS}
+-)
++add_library(pamtest SHARED ${pamtest_SOURCES})
++target_include_directories(pamtest
++                           PRIVATE
++                               ${pam_wrapper_BINARY_DIR}
++                           PUBLIC
++                               $<BUILD_INTERFACE:${pam_wrapper-headers_SOURCE_DIR}>
++                               $<INSTALL_INTERFACE:include>)
++
+ target_link_libraries(pamtest ${PAM_LIBRARIES})
+ target_compile_options(pamtest
+                        PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+diff --git a/src/modules/CMakeLists.txt b/src/modules/CMakeLists.txt
+index 8e13a0b..43ed16d 100644
+--- a/src/modules/CMakeLists.txt
++++ b/src/modules/CMakeLists.txt
+@@ -12,6 +12,10 @@ set(PWRAP_PRIVATE_LIBRARIES
+ 
+ foreach(_PAM_MODULE ${PAM_MODULES})
+ 	add_library(${_PAM_MODULE} MODULE ${_PAM_MODULE}.c)
++    target_include_directories(${_PAM_MODULE}
++                               PRIVATE
++                                   ${pam_wrapper-headers_SOURCE_DIR}
++                                   ${pam_wrapper_BINARY_DIR})
+ 	set_property(TARGET ${_PAM_MODULE} PROPERTY PREFIX "")
+ 
+ 	target_link_libraries(${_PAM_MODULE}
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 494e511..60b41c8 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -1,12 +1,5 @@
+ project(tests C)
+ 
+-include_directories(
+-  ${CMAKE_BINARY_DIR}
+-  ${CMAKE_CURRENT_SOURCE_DIR}
+-  ${CMOCKA_INCLUDE_DIR}
+-  ${CMAKE_SOURCE_DIR}/include
+-)
+-
+ set(PAM_MATRIX_PATH "${CMAKE_BINARY_DIR}/src/modules/pam_matrix.so")
+ 
+ configure_file(services/matrix.in ${CMAKE_CURRENT_BINARY_DIR}/services/matrix @ONLY)
+@@ -78,6 +71,10 @@ add_cmocka_test(test_pam_wrapper
+                 SOURCES test_pam_wrapper.c
+                 COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
+                 LINK_LIBRARIES ${TEST_LIBRARIES})
++target_include_directories(test_pam_wrapper
++                           PRIVATE
++                               ${CMOCKA_INCLUDE_DIR}
++                               ${pam_wrapper_BINARY_DIR})
+ add_cmocka_test_environment(test_pam_wrapper)
+ 
+ if (PYTHON2_EXECUTABLE)
+-- 
+2.24.1
+
+
+From 39e4c428226690a7acd1862e4c1407ffe5343dc8 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:47:37 +0100
+Subject: [PATCH 18/27] cmake: Use GNUInstallDirs
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt                              |  10 +-
+ cmake/Modules/DefineInstallationPaths.cmake | 109 --------------------
+ include/CMakeLists.txt                      |  11 +-
+ libpamtest-config.cmake.in                  |   4 +-
+ pam_wrapper-config.cmake.in                 |   4 +-
+ pam_wrapper.pc.cmake                        |   4 +-
+ src/CMakeLists.txt                          |  17 ++-
+ src/modules/CMakeLists.txt                  |   7 +-
+ 8 files changed, 23 insertions(+), 143 deletions(-)
+ delete mode 100644 cmake/Modules/DefineInstallationPaths.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 61be71a..de402f0 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -31,7 +31,7 @@ set(PAMTEST_LIBRARY_SOVERSION "0")
+ 
+ # add definitions
+ include(DefinePlatformDefaults)
+-include(DefineInstallationPaths)
++include(GNUInstallDirs)
+ include(DefineOptions.cmake)
+ include(CPackConfig.cmake)
+ include(CompilerChecks.cmake)
+@@ -62,7 +62,7 @@ install(
+   FILES
+     ${CMAKE_CURRENT_BINARY_DIR}/pam_wrapper.pc
+   DESTINATION
+-    ${LIB_INSTALL_DIR}/pkgconfig
++    ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+   COMPONENT
+     pkgconfig
+ )
+@@ -72,7 +72,7 @@ install(
+   FILES
+     ${CMAKE_CURRENT_BINARY_DIR}/libpamtest.pc
+   DESTINATION
+-    ${LIB_INSTALL_DIR}/pkgconfig
++    ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+   COMPONENT
+     pkgconfig
+ )
+@@ -85,7 +85,7 @@ install(
+         ${CMAKE_CURRENT_BINARY_DIR}/pam_wrapper-config-version.cmake
+         ${CMAKE_CURRENT_BINARY_DIR}/pam_wrapper-config.cmake
+     DESTINATION
+-        ${CMAKE_INSTALL_DIR}/pam_wrapper
++        ${CMAKE_INSTALL_LIBDIR}/cmake/pam_wrapper
+     COMPONENT
+         devel
+ )
+@@ -100,7 +100,7 @@ install(
+         ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config.cmake
+         ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config-version.cmake
+     DESTINATION
+-        ${CMAKE_INSTALL_DIR}/libpamtest
++        ${CMAKE_INSTALL_LIBDIR}/cmake/libpamtest
+     COMPONENT
+         devel
+ )
+diff --git a/cmake/Modules/DefineInstallationPaths.cmake b/cmake/Modules/DefineInstallationPaths.cmake
+deleted file mode 100644
+index 88e08ca..0000000
+--- a/cmake/Modules/DefineInstallationPaths.cmake
++++ /dev/null
+@@ -1,109 +0,0 @@
+-if (UNIX OR OS2)
+-  IF (NOT APPLICATION_NAME)
+-    MESSAGE(STATUS "${PROJECT_NAME} is used as APPLICATION_NAME")
+-    SET(APPLICATION_NAME ${PROJECT_NAME})
+-  ENDIF (NOT APPLICATION_NAME)
+-
+-  # Suffix for Linux
+-  SET(LIB_SUFFIX
+-    CACHE STRING "Define suffix of directory name (32/64)"
+-  )
+-
+-  SET(EXEC_INSTALL_PREFIX
+-    "${CMAKE_INSTALL_PREFIX}"
+-    CACHE PATH  "Base directory for executables and libraries"
+-  )
+-  SET(SHARE_INSTALL_PREFIX
+-    "${CMAKE_INSTALL_PREFIX}/share"
+-    CACHE PATH "Base directory for files which go to share/"
+-  )
+-  SET(DATA_INSTALL_PREFIX
+-    "${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}"
+-    CACHE PATH "The parent directory where applications can install their data")
+-
+-  # The following are directories where stuff will be installed to
+-  SET(BIN_INSTALL_DIR
+-    "${EXEC_INSTALL_PREFIX}/bin"
+-    CACHE PATH "The ${APPLICATION_NAME} binary install dir (default prefix/bin)"
+-  )
+-  SET(SBIN_INSTALL_DIR
+-    "${EXEC_INSTALL_PREFIX}/sbin"
+-    CACHE PATH "The ${APPLICATION_NAME} sbin install dir (default prefix/sbin)"
+-  )
+-  SET(LIB_INSTALL_DIR
+-    "${EXEC_INSTALL_PREFIX}/lib${LIB_SUFFIX}"
+-    CACHE PATH "The subdirectory relative to the install prefix where libraries will be installed (default is prefix/lib)"
+-  )
+-  SET(LIBEXEC_INSTALL_DIR
+-    "${EXEC_INSTALL_PREFIX}/libexec"
+-    CACHE PATH "The subdirectory relative to the install prefix where libraries will be installed (default is prefix/libexec)"
+-  )
+-  SET(PLUGIN_INSTALL_DIR
+-    "${LIB_INSTALL_DIR}/${APPLICATION_NAME}"
+-    CACHE PATH "The subdirectory relative to the install prefix where plugins will be installed (default is prefix/lib/${APPLICATION_NAME})"
+-  )
+-  SET(INCLUDE_INSTALL_DIR
+-    "${CMAKE_INSTALL_PREFIX}/include"
+-    CACHE PATH "The subdirectory to the header prefix (default prefix/include)"
+-  )
+-
+-  set(CMAKE_INSTALL_DIR
+-    "${LIB_INSTALL_DIR}/cmake"
+-    CACHE PATH "The subdirectory to install cmake config files")
+-
+-  SET(DATA_INSTALL_DIR
+-    "${DATA_INSTALL_PREFIX}"
+-    CACHE PATH "The parent directory where applications can install their data (default prefix/share/${APPLICATION_NAME})"
+-  )
+-  SET(HTML_INSTALL_DIR
+-    "${DATA_INSTALL_PREFIX}/doc/HTML"
+-    CACHE PATH "The HTML install dir for documentation (default data/doc/html)"
+-  )
+-  SET(ICON_INSTALL_DIR
+-    "${DATA_INSTALL_PREFIX}/icons"
+-    CACHE PATH "The icon install dir (default data/icons/)"
+-  )
+-  SET(SOUND_INSTALL_DIR
+-    "${DATA_INSTALL_PREFIX}/sounds"
+-    CACHE PATH "The install dir for sound files (default data/sounds)"
+-  )
+-
+-  SET(LOCALE_INSTALL_DIR
+-    "${SHARE_INSTALL_PREFIX}/locale"
+-    CACHE PATH "The install dir for translations (default prefix/share/locale)"
+-  )
+-
+-  SET(XDG_APPS_DIR
+-    "${SHARE_INSTALL_PREFIX}/applications/"
+-    CACHE PATH "The XDG apps dir"
+-  )
+-  SET(XDG_DIRECTORY_DIR
+-    "${SHARE_INSTALL_PREFIX}/desktop-directories"
+-    CACHE PATH "The XDG directory"
+-  )
+-
+-  SET(SYSCONF_INSTALL_DIR
+-    "${EXEC_INSTALL_PREFIX}/etc"
+-    CACHE PATH "The ${APPLICATION_NAME} sysconfig install dir (default prefix/etc)"
+-  )
+-  SET(MAN_INSTALL_DIR
+-    "${SHARE_INSTALL_PREFIX}/man"
+-    CACHE PATH "The ${APPLICATION_NAME} man install dir (default prefix/man)"
+-  )
+-  SET(INFO_INSTALL_DIR
+-    "${SHARE_INSTALL_PREFIX}/info"
+-    CACHE PATH "The ${APPLICATION_NAME} info install dir (default prefix/info)"
+-  )
+-else()
+-  # Same same
+-  set(BIN_INSTALL_DIR "bin" CACHE PATH "-")
+-  set(SBIN_INSTALL_DIR "sbin" CACHE PATH "-")
+-  set(LIB_INSTALL_DIR "lib${LIB_SUFFIX}" CACHE PATH "-")
+-  set(INCLUDE_INSTALL_DIR "include" CACHE PATH "-")
+-  set(CMAKE_INSTALL_DIR "CMake" CACHE PATH "-")
+-  set(PLUGIN_INSTALL_DIR "plugins" CACHE PATH "-")
+-  set(HTML_INSTALL_DIR "doc/HTML" CACHE PATH "-")
+-  set(ICON_INSTALL_DIR "icons" CACHE PATH "-")
+-  set(SOUND_INSTALL_DIR "soudns" CACHE PATH "-")
+-  set(LOCALE_INSTALL_DIR "lang" CACHE PATH "-")
+-endif ()
+diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
+index 5eaaba6..252afec 100644
+--- a/include/CMakeLists.txt
++++ b/include/CMakeLists.txt
+@@ -4,11 +4,6 @@ set(libpamtest_HDRS
+   libpamtest.h
+ )
+ 
+-install(
+-  FILES
+-    ${libpamtest_HDRS}
+-  DESTINATION
+-    ${INCLUDE_INSTALL_DIR}
+-  COMPONENT
+-    headers
+-)
++install(FILES ${libpamtest_HDRS}
++        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
++        COMPONENT headers)
+diff --git a/libpamtest-config.cmake.in b/libpamtest-config.cmake.in
+index 3b8f841..f883d3d 100644
+--- a/libpamtest-config.cmake.in
++++ b/libpamtest-config.cmake.in
+@@ -7,5 +7,5 @@ else()
+     set(LIBPAMTEST_INCLUDE_DIR @INCLUDE_INSTALL_DIR@)
+ endif()
+ 
+-set(LIBPAMTEST_LIBRARY @LIB_INSTALL_DIR@/@LIBPAMTEST_LIBRARY_NAME@)
+-set(LIBPAMTEST_LIBRARIES @LIB_INSTALL_DIR@/@LIBPAMTEST_LIBRARY_NAME@)
++set(LIBPAMTEST_LIBRARY @CMAKE_INSTALL_LIBDIR@/@LIBPAMTEST_LIBRARY_NAME@)
++set(LIBPAMTEST_LIBRARIES @CMAKE_INSTALL_LIBDIR@/@LIBPAMTEST_LIBRARY_NAME@)
+diff --git a/pam_wrapper-config.cmake.in b/pam_wrapper-config.cmake.in
+index a681007..c93b661 100644
+--- a/pam_wrapper-config.cmake.in
++++ b/pam_wrapper-config.cmake.in
+@@ -1,2 +1,2 @@
+-set(PAM_WRAPPER_LIBRARY @LIB_INSTALL_DIR@/@PAM_WRAPPER_LIB@)
+-set(PAM_WRAPPER_MODULE_DIR @LIB_INSTALL_DIR@/@PROJECT_NAME@)
++set(PAM_WRAPPER_LIBRARY @CMAKE_INSTALL_LIBDIR@/@PAM_WRAPPER_LIB@)
++set(PAM_WRAPPER_MODULE_DIR @CMAKE_INSTALL_LIBDIR@/@PROJECT_NAME@)
+diff --git a/pam_wrapper.pc.cmake b/pam_wrapper.pc.cmake
+index a3abf8e..587a54c 100644
+--- a/pam_wrapper.pc.cmake
++++ b/pam_wrapper.pc.cmake
+@@ -1,6 +1,6 @@
+-modules=@LIB_INSTALL_DIR@/pam_wrapper
++modules=@CMAKE_INSTALL_LIBDIR@/pam_wrapper
+ 
+ Name: @PROJECT_NAME@
+ Description: The pam_wrapper library
+ Version: @PROJECT_VERSION@
+-Libs: @LIB_INSTALL_DIR@/@PAM_WRAPPER_LIB@
++Libs: @CMAKE_INSTALL_LIBDIR@/@PAM_WRAPPER_LIB@
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index 45e6a81..d2110a8 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -31,13 +31,10 @@ set_target_properties(
+         ${LIBRARY_SOVERSION}
+ )
+ 
+-install(
+-  TARGETS
+-    pam_wrapper
+-  RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+-  LIBRARY DESTINATION ${LIB_INSTALL_DIR}
+-  ARCHIVE DESTINATION ${LIB_INSTALL_DIR}
+-)
++install(TARGETS pam_wrapper
++        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
++        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
++        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+ 
+ ###########################################################
+ ### libpamtest
+@@ -70,9 +67,9 @@ set_target_properties(pamtest
+         SOVERSION ${LIBRARY_SOVERSION})
+ 
+ install(TARGETS pamtest
+-    RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+-    LIBRARY DESTINATION ${LIB_INSTALL_DIR}
+-    ARCHIVE DESTINATION ${LIB_INSTALL_DIR})
++        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
++        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
++        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+ 
+ add_subdirectory(modules)
+ add_subdirectory(python)
+diff --git a/src/modules/CMakeLists.txt b/src/modules/CMakeLists.txt
+index 43ed16d..e7b2604 100644
+--- a/src/modules/CMakeLists.txt
++++ b/src/modules/CMakeLists.txt
+@@ -7,9 +7,6 @@ if (HAVE_PAM_MISC)
+ 	list(APPEND PAM_LIBRARIES pam_misc)
+ endif (HAVE_PAM_MISC)
+ 
+-set(PWRAP_PRIVATE_LIBRARIES
+-	${LIB_INSTALL_DIR}/pam_wrapper)
+-
+ foreach(_PAM_MODULE ${PAM_MODULES})
+ 	add_library(${_PAM_MODULE} MODULE ${_PAM_MODULE}.c)
+     target_include_directories(${_PAM_MODULE}
+@@ -24,7 +21,7 @@ foreach(_PAM_MODULE ${PAM_MODULES})
+ 	install(
+ 		TARGETS
+ 			${_PAM_MODULE}
+-		LIBRARY DESTINATION ${PWRAP_PRIVATE_LIBRARIES}
+-		ARCHIVE DESTINATION ${PWRAP_PRIVATE_LIBRARIES})
++		LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}/pam_wrapper
++		ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}/pam_wrapper)
+ endforeach()
+ 
+-- 
+2.24.1
+
+
+From 45691a21c8f9eddfa599f66ac9298345afdc9f80 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 13:59:52 +0100
+Subject: [PATCH 19/27] cmake: Write new cmake config files
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ CMakeLists.txt                    | 26 +++++++++++---------------
+ libpamtest-config.cmake.in        | 11 -----------
+ src/CMakeLists.txt                |  5 +++++
+ src/python/python2/CMakeLists.txt |  2 +-
+ src/python/python3/CMakeLists.txt |  2 +-
+ 5 files changed, 18 insertions(+), 28 deletions(-)
+ delete mode 100644 libpamtest-config.cmake.in
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index de402f0..7d646da 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -78,7 +78,11 @@ install(
+ )
+ 
+ # cmake config files
+-configure_file(pam_wrapper-config-version.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/pam_wrapper-config-version.cmake @ONLY)
++include(CMakePackageConfigHelpers)
++
++write_basic_package_version_file(pam_wrapper-config-version.cmake
++                                 COMPATIBILITY
++                                     AnyNewerVersion)
+ configure_file(pam_wrapper-config.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/pam_wrapper-config.cmake @ONLY)
+ install(
+     FILES
+@@ -90,19 +94,11 @@ install(
+         devel
+ )
+ 
+-set(LIBPAMTEST_LIBRARY_NAME ${CMAKE_SHARED_LIBRARY_PREFIX}pamtest${CMAKE_SHARED_LIBRARY_SUFFIX})
+-
+-configure_file(libpamtest-config.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config.cmake @ONLY)
+-configure_file(libpamtest-config-version.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config-version.cmake @ONLY)
+-
+-install(
+-    FILES
+-        ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config.cmake
+-        ${CMAKE_CURRENT_BINARY_DIR}/libpamtest-config-version.cmake
+-    DESTINATION
+-        ${CMAKE_INSTALL_LIBDIR}/cmake/libpamtest
+-    COMPONENT
+-        devel
+-)
++write_basic_package_version_file(pamtest-config-version.cmake
++                                 COMPATIBILITY
++                                     AnyNewerVersion)
++install(FILES ${CMAKE_CURRENT_BINARY_DIR}/pamtest-config-version.cmake
++        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/pamtest
++        COMPONENT devel)
+ 
+ add_subdirectory(doc)
+diff --git a/libpamtest-config.cmake.in b/libpamtest-config.cmake.in
+deleted file mode 100644
+index f883d3d..0000000
+--- a/libpamtest-config.cmake.in
++++ /dev/null
+@@ -1,11 +0,0 @@
+-get_filename_component(LIBPAMTEST_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+-
+-if (EXISTS "${LIBPAMTEST_CMAKE_DIR}/CMakeCache.txt")
+-    # In build tree
+-    include(${LIBPAMTEST_CMAKE_DIR}/libpamtest-build-tree-settings.cmake)
+-else()
+-    set(LIBPAMTEST_INCLUDE_DIR @INCLUDE_INSTALL_DIR@)
+-endif()
+-
+-set(LIBPAMTEST_LIBRARY @CMAKE_INSTALL_LIBDIR@/@LIBPAMTEST_LIBRARY_NAME@)
+-set(LIBPAMTEST_LIBRARIES @CMAKE_INSTALL_LIBDIR@/@LIBPAMTEST_LIBRARY_NAME@)
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index d2110a8..0cf366a 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -56,6 +56,7 @@ target_include_directories(pamtest
+                            PUBLIC
+                                $<BUILD_INTERFACE:${pam_wrapper-headers_SOURCE_DIR}>
+                                $<INSTALL_INTERFACE:include>)
++add_library(pamtest::pamtest ALIAS pamtest)
+ 
+ target_link_libraries(pamtest ${PAM_LIBRARIES})
+ target_compile_options(pamtest
+@@ -67,9 +68,13 @@ set_target_properties(pamtest
+         SOVERSION ${LIBRARY_SOVERSION})
+ 
+ install(TARGETS pamtest
++        EXPORT pamtest-config
+         RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+         LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+         ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
++install(EXPORT pamtest-config
++        NAMESPACE pamtest::
++        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/pamtest)
+ 
+ add_subdirectory(modules)
+ add_subdirectory(python)
+diff --git a/src/python/python2/CMakeLists.txt b/src/python/python2/CMakeLists.txt
+index faba210..d0b0ed2 100644
+--- a/src/python/python2/CMakeLists.txt
++++ b/src/python/python2/CMakeLists.txt
+@@ -33,7 +33,7 @@ if (PYTHON2_INCLUDE_DIR AND PYTHON2_LIBRARY AND PYTHON2_SITELIB)
+     include_directories(${PYTHON2_INCLUDE_DIR})
+ 
+     python_add_module(python2-pamtest ${pypamtest_SOURCE_DIR}/pypamtest.c)
+-    target_link_libraries(python2-pamtest pamtest ${PYTHON2_LIBRARY})
++    target_link_libraries(python2-pamtest pamtest::pamtest ${PYTHON2_LIBRARY})
+     target_compile_options(python2-pamtest
+                            PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+     set_target_properties(python2-pamtest PROPERTIES OUTPUT_NAME "pypamtest")
+diff --git a/src/python/python3/CMakeLists.txt b/src/python/python3/CMakeLists.txt
+index a27e90d..7890d53 100644
+--- a/src/python/python3/CMakeLists.txt
++++ b/src/python/python3/CMakeLists.txt
+@@ -33,7 +33,7 @@ if (PYTHON3_INCLUDE_DIR AND PYTHON3_LIBRARY AND PYTHON3_SITELIB)
+     include_directories(${PYTHON3_INCLUDE_DIR})
+ 
+     python_add_module(python3-pamtest ${pypamtest_SOURCE_DIR}/pypamtest.c)
+-    target_link_libraries(python3-pamtest pamtest ${PYTHON3_LIBRARY})
++    target_link_libraries(python3-pamtest pamtest::pamtest ${PYTHON3_LIBRARY})
+     target_compile_options(python3-pamtest
+                            PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+     set_target_properties(python3-pamtest PROPERTIES OUTPUT_NAME "pypamtest")
+-- 
+2.24.1
+
+
+From 282d67eb4dbdbf3aa9b7f344609c2e5f221cbe19 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 14:57:44 +0100
+Subject: [PATCH 20/27] cmake: Do not run python tests with AddressSanitizer
+
+It will complain about python malloc and fail.
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ tests/CMakeLists.txt | 37 ++++++++++++++++++++++++-------------
+ 1 file changed, 24 insertions(+), 13 deletions(-)
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index 60b41c8..d22c272 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -77,20 +77,31 @@ target_include_directories(test_pam_wrapper
+                                ${pam_wrapper_BINARY_DIR})
+ add_cmocka_test_environment(test_pam_wrapper)
+ 
+-if (PYTHON2_EXECUTABLE)
+-    add_test(NAME
+-                py2pamtest_test
+-             COMMAND
+-                ${PYTHON2_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
+-
+-    add_cmocka_test_environment(py2pamtest_test)
++# Do not run python tests with AddressSanitizer
++set(RUN_PYTHON_TESTS ON)
++if (CMAKE_BUILD_TYPE)
++    string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
++    if (CMAKE_BUILD_TYPE_LOWER STREQUAL "addresssanitizer")
++        set(RUN_PYTHON_TESTS OFF)
++    endif()
+ endif()
+ 
+-if (PYTHON3_EXECUTABLE)
+-    add_test(NAME
+-                py3pamtest_test
+-             COMMAND
+-                ${PYTHON3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
++if (RUN_PYTHON_TESTS)
++    if (PYTHON2_EXECUTABLE)
++        add_test(NAME
++                    py2pamtest_test
++                 COMMAND
++                    ${PYTHON2_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
++
++        add_cmocka_test_environment(py2pamtest_test)
++    endif()
++
++    if (PYTHON3_EXECUTABLE)
++        add_test(NAME
++                    py3pamtest_test
++                 COMMAND
++                    ${PYTHON3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/pypamtest_test.py)
+ 
+-    add_cmocka_test_environment(py3pamtest_test)
++        add_cmocka_test_environment(py3pamtest_test)
++    endif()
+ endif()
+-- 
+2.24.1
+
+
+From d91085c98095e2a061889620bd87c661fb995a8b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Fri, 31 Jan 2020 14:01:27 +0100
+Subject: [PATCH 21/27] gitlab-ci: Setup CI for pam_wrapper
+
+Signed-off-by: Andreas Schneider <asn at samba.org>
+---
+ .gitlab-ci.yml | 210 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 210 insertions(+)
+ create mode 100644 .gitlab-ci.yml
+
+diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
+new file mode 100644
+index 0000000..440521d
+--- /dev/null
++++ b/.gitlab-ci.yml
+@@ -0,0 +1,210 @@
++variables:
++  GIT_DEPTH: 3
++  BUILD_IMAGES_PROJECT: cmocka/gitlab-build-images
++  FEDORA_BUILD: buildenv-fedora
++  CENTOS7_BUILD: buildenv-centos7
++  TUMBLEWEED_BUILD: buildenv-tumbleweed
++
++centos7/x86_64:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake3
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++fedora/x86_64:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_INSTALL_PREFIX=/tmp/local
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure && make install
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++fedora/address-sanitizer:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_BUILD_TYPE=AddressSanitizer
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++fedora/undefined-sanitizer:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_BUILD_TYPE=UndefinedSanitizer
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON ..
++    && make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++fedora/csbuild:
++  variables:
++    GIT_DEPTH: 20
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
++  script:
++  - |
++    if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then
++        export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~15")
++    fi
++
++    # Check if the commit exists in this branch
++    # This is not the case for a force push
++    git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~15")
++
++    export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA"
++
++  - csbuild
++    --build-dir=obj-csbuild
++    --prep-cmd="cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON @SRCDIR@"
++    --build-cmd "make clean && make -j$(nproc)"
++    --git-commit-range $CI_COMMIT_RANGE
++    --color
++    --print-current --print-fixed
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj-csbuild/
++
++freebsd/x86_64:
++  image:
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make && ctest --output-on-failure
++  tags:
++  - freebsd
++  except:
++  - tags
++  only:
++  - branches at cwrap/pam_wrapper
++  - branches at cryptomilk/pam_wrapper
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++tumbleweed/x86_64/gcc:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++tumbleweed/x86_64/gcc7:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++tumbleweed/x86_64/clang:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
++  script:
++  - mkdir -p obj && cd obj && cmake
++    -DCMAKE_BUILD_TYPE=RelWithDebInfo
++    -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    make -j$(nproc) && ctest --output-on-failure
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/
++
++tumbleweed/static-analysis:
++  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
++  script:
++  - export CCC_CC=clang
++  - export CCC_CXX=clang++
++  - mkdir -p obj && cd obj && scan-build cmake
++    -DCMAKE_BUILD_TYPE=Debug
++    -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
++    -DPICKY_DEVELOPER=ON
++    -DUNIT_TESTING=ON .. &&
++    scan-build --status-bugs -o scan make -j$(nproc)
++  tags:
++  - shared
++  except:
++  - tags
++  artifacts:
++    expire_in: 1 week
++    when: on_failure
++    paths:
++      - obj/scan
+-- 
+2.24.1
+
+
+From fd5b3606293cdcc4a13b26c06422a2c65df3e424 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Mon, 20 Jan 2020 18:35:40 +0100
+Subject: [PATCH 22/27] python: Fix typos
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ src/python/pypamtest.c  | 4 ++--
+ tests/pypamtest_test.py | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/python/pypamtest.c b/src/python/pypamtest.c
+index 905c652..4147364 100644
+--- a/src/python/pypamtest.c
++++ b/src/python/pypamtest.c
+@@ -303,7 +303,7 @@ set_pypamtest_exception(PyObject *exc,
+ 
+ 	if (test_repr[0] != '\0' && failed != NULL) {
+ 		PyErr_Format(exc,
+-			     "Error [%d]: Test case %s retured [%d]",
++			     "Error [%d]: Test case %s returned [%d]",
+ 			     perr, test_repr, failed->op_rv);
+ 	} else {
+ 		obj = Py_BuildValue(discard_const_p(char, "(i,s)"),
+@@ -906,7 +906,7 @@ static int py_tc_list_to_cstruct_list(PyObject *py_test_list,
+ PyDoc_STRVAR(RunPamTest__doc__,
+ "Run PAM tests\n\n"
+ "This function runs PAM test cases and reports result\n"
+-"Paramaters:\n"
++"Parameters:\n"
+ "service: The PAM service to use in the conversation (string)\n"
+ "username: The user to run PAM conversation as\n"
+ "test_list: Sequence of pypamtest.TestCase objects\n"
+diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py
+index 32ef65d..ed12a71 100755
+--- a/tests/pypamtest_test.py
++++ b/tests/pypamtest_test.py
+@@ -127,7 +127,7 @@ class PyPamTestRunTest(unittest.TestCase):
+         self.assertRaisesRegexp(pypamtest.PamTestError,
+                                 "Error \[2\]: Test case { pam_operation \[0\] "
+                                 "expected_rv \[0\] flags \[0\] } "
+-                                "retured \[\d\]",
++                                "returned \[\d\]",
+                                 pypamtest.run_pamtest,
+                                 "neo", "matrix_py", [tc], [ neo_password ])
+ 
+-- 
+2.24.1
+
+
+From 95ae410aa234472b5bc9acafc938e881411d47a0 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Wed, 22 Jan 2020 11:49:31 +0100
+Subject: [PATCH 23/27] python: Add failure test
+
+We only had successful pam tests, add a failing one, and check that it
+fails.
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ tests/pypamtest_test.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py
+index ed12a71..030f01a 100755
+--- a/tests/pypamtest_test.py
++++ b/tests/pypamtest_test.py
+@@ -115,6 +115,11 @@ class PyPamTestRunTest(unittest.TestCase):
+         self.assertSequenceEqual(res.info, (u'Authentication succeeded',))
+         self.assertSequenceEqual(res.errors, ())
+ 
++    def test_run_failed_auth(self):
++        neo_password = "not-the-secret"
++        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=7) # PAM_AUTH_ERR
++        res = pypamtest.run_pamtest("neo", "matrix_py", [tc], [ neo_password ])
++
+     def test_repr(self):
+         tc = pypamtest.TestCase(pypamtest.PAMTEST_CHAUTHTOK, 1, 2)
+         r = repr(tc)
+-- 
+2.24.1
+
+
+From c1ee2a115e1c7206327b7ba3a978404b68630a8d Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Wed, 22 Jan 2020 11:50:37 +0100
+Subject: [PATCH 24/27] python: Fix crash when the PAM module outputs too much
+ data
+
+This code expected each input (whether echo on or echo off input),
+to generate at most one info or error output, which is obviously not
+correct. A PAM module with external inputs can throw dozens of messages
+and warnings even if the only expected input is a password.
+
+Allocate those placeholder arrays to be as big as possible to accomodate
+chatty PAM modules.
+
+Closes: https://bugzilla.samba.org/show_bug.cgi?id=14245
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ src/python/pypamtest.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/python/pypamtest.c b/src/python/pypamtest.c
+index 4147364..8de05e9 100644
+--- a/src/python/pypamtest.c
++++ b/src/python/pypamtest.c
+@@ -852,8 +852,8 @@ static int fill_conv_data(PyObject *py_echo_off,
+ 		return ENOMEM;
+ 	}
+ 
+-	conv_data->out_info = new_conv_list(conv_count);
+-	conv_data->out_err = new_conv_list(conv_count);
++	conv_data->out_info = new_conv_list(PAM_CONV_MSG_MAX);
++	conv_data->out_err = new_conv_list(PAM_CONV_MSG_MAX);
+ 	if (conv_data->out_info == NULL || conv_data->out_err == NULL) {
+ 		free_conv_data(conv_data);
+ 		return ENOMEM;
+-- 
+2.24.1
+
+
+From 76dc4f82279fe030d562b90d634465f53cca7ec3 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Wed, 22 Jan 2020 12:17:03 +0100
+Subject: [PATCH 25/27] modules: Add pam_chatty module
+
+Add a simple PAM module that will output "num_lines" lines of PAM info
+and/or error output.
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ src/modules/CMakeLists.txt |   2 +-
+ src/modules/pam_chatty.c   | 178 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 179 insertions(+), 1 deletion(-)
+ create mode 100644 src/modules/pam_chatty.c
+
+diff --git a/src/modules/CMakeLists.txt b/src/modules/CMakeLists.txt
+index e7b2604..93bb7d2 100644
+--- a/src/modules/CMakeLists.txt
++++ b/src/modules/CMakeLists.txt
+@@ -1,6 +1,6 @@
+ project(pam_wrapper-modules C)
+ 
+-set(PAM_MODULES pam_matrix pam_get_items pam_set_items)
++set(PAM_MODULES pam_matrix pam_get_items pam_set_items pam_chatty)
+ 
+ set(PAM_LIBRARIES pam)
+ if (HAVE_PAM_MISC)
+diff --git a/src/modules/pam_chatty.c b/src/modules/pam_chatty.c
+new file mode 100644
+index 0000000..45513fa
+--- /dev/null
++++ b/src/modules/pam_chatty.c
+@@ -0,0 +1,178 @@
++/*
++ * Copyright (c) 2015 Andreas Schneider <asn at samba.org>
++ * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek at posteo.se>
++ * Copyright (c) 2020 Bastien Nocera <hadess at hadess.net>
++ *
++ * This program is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "config.h"
++
++#include <sys/param.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#include <pwd.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <stdint.h>
++#include <string.h>
++#include <unistd.h>
++#include <ctype.h>
++#include <errno.h>
++#include <time.h>
++#include <stdint.h>
++
++#ifndef discard_const
++#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
++#endif
++
++#ifndef discard_const_p
++#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
++#endif
++
++#ifdef HAVE_SECURITY_PAM_APPL_H
++#include <security/pam_appl.h>
++#endif
++#ifdef HAVE_SECURITY_PAM_MODULES_H
++#include <security/pam_modules.h>
++#endif
++#ifdef HAVE_SECURITY_PAM_EXT_H
++#include <security/pam_ext.h>
++#endif
++
++#include "pwrap_compat.h"
++
++#define VERBOSE_KEY	"verbose"
++#define ERROR_KEY	"error"
++#define INFO_KEY	"info"
++#define NUM_LINES_KEY	"num_lines="
++
++#define DEFAULT_NUM_LINES 3
++
++/* We only return up to 16 messages from the PAM conversation.
++ * Value from src/python/pypamtest.c */
++#define PAM_CONV_MSG_MAX        16
++
++#define PAM_CHATTY_FLG_VERBOSE	(1 << 0)
++#define PAM_CHATTY_FLG_ERROR	(1 << 1)
++#define PAM_CHATTY_FLG_INFO	(1 << 1)
++
++#ifndef discard_const
++#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
++#endif
++
++#ifndef discard_const_p
++#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
++#endif
++
++static int pam_chatty_conv(pam_handle_t *pamh,
++			   const int msg_style,
++			   const char *msg)
++{
++	int ret;
++	const struct pam_conv *conv;
++	const struct pam_message *mesg[1];
++	struct pam_response *r;
++	struct pam_message *pam_msg;
++
++	ret = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
++	if (ret != PAM_SUCCESS) {
++		return ret;
++	}
++
++	pam_msg = malloc(sizeof(struct pam_message));
++	if (pam_msg == NULL) {
++		return PAM_BUF_ERR;
++	}
++
++	pam_msg->msg_style = msg_style;
++	pam_msg->msg = discard_const_p(char, msg);
++
++	mesg[0] = (const struct pam_message *) pam_msg;
++	ret = conv->conv(1, mesg, &r, conv->appdata_ptr);
++	free(pam_msg);
++
++	return ret;
++}
++
++/* Evaluate command line arguments and store info about them in the
++ * pam_matrix context
++ */
++static unsigned int parse_args(int argc,
++			       const char *argv[],
++			       unsigned int *num_lines)
++{
++	unsigned int flags = 0;
++
++	*num_lines = DEFAULT_NUM_LINES;
++
++	for (; argc-- > 0; ++argv) {
++		if (strncmp(*argv, NUM_LINES_KEY, strlen(NUM_LINES_KEY)) == 0) {
++			if (*(*argv+strlen(NUM_LINES_KEY)) != '\0') {
++				*num_lines = atoi(*argv+strlen(NUM_LINES_KEY));
++				if (*num_lines <= DEFAULT_NUM_LINES)
++					*num_lines = DEFAULT_NUM_LINES;
++				if (*num_lines > PAM_CONV_MSG_MAX)
++					*num_lines = PAM_CONV_MSG_MAX;
++			}
++		} else if (strncmp(*argv, VERBOSE_KEY,
++				   strlen(VERBOSE_KEY)) == 0) {
++			flags |= PAM_CHATTY_FLG_VERBOSE;
++		} else if (strncmp(*argv, ERROR_KEY,
++				   strlen(ERROR_KEY)) == 0) {
++			flags |= PAM_CHATTY_FLG_ERROR;
++		} else if (strncmp(*argv, INFO_KEY,
++				   strlen(INFO_KEY)) == 0) {
++			flags |= PAM_CHATTY_FLG_INFO;
++		}
++	}
++
++	return flags;
++}
++
++PAM_EXTERN int
++pam_sm_authenticate(pam_handle_t *pamh, int flags,
++		    int argc, const char *argv[])
++{
++	unsigned int optflags, num_lines;
++
++	(void) flags;	/* unused */
++
++	optflags = parse_args (argc, argv, &num_lines);
++	if (!(optflags & PAM_CHATTY_FLG_VERBOSE))
++		return PAM_SUCCESS;
++
++	if (optflags & PAM_CHATTY_FLG_INFO) {
++		unsigned int i;
++
++		for (i = 0; i < num_lines; i++) {
++			pam_chatty_conv(pamh,
++					PAM_TEXT_INFO,
++					"Authentication succeeded");
++		}
++	}
++
++	if (optflags & PAM_CHATTY_FLG_ERROR) {
++		unsigned int i;
++
++		for (i = 0; i < num_lines; i++) {
++			pam_chatty_conv(pamh,
++					PAM_ERROR_MSG,
++					"Authentication generated an error");
++		}
++	}
++
++	return PAM_SUCCESS;
++}
+-- 
+2.24.1
+
+
+From d7ff5a6b6dabb14da18e3597667913cb32e6183e Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Wed, 22 Jan 2020 12:21:05 +0100
+Subject: [PATCH 26/27] tests: Add service file for chatty module
+
+So we can test it.
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ tests/CMakeLists.txt     | 3 +++
+ tests/services/chatty.in | 1 +
+ 2 files changed, 4 insertions(+)
+ create mode 100644 tests/services/chatty.in
+
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index d22c272..de8da05 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -15,6 +15,9 @@ configure_file(services/matrix_py.in ${CMAKE_CURRENT_BINARY_DIR}/services/matrix
+ 
+ configure_file(services/pwrap_get_set.in ${CMAKE_CURRENT_BINARY_DIR}/services/pwrap_get_set @ONLY)
+ 
++set(PAM_CHATTY_PATH "${CMAKE_BINARY_DIR}/src/modules/pam_chatty.so")
++configure_file(services/chatty.in ${CMAKE_CURRENT_BINARY_DIR}/services/chatty @ONLY)
++
+ function(ADD_CMOCKA_TEST_ENVIRONMENT _TEST_NAME)
+     if (CMAKE_BUILD_TYPE)
+         string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+diff --git a/tests/services/chatty.in b/tests/services/chatty.in
+new file mode 100644
+index 0000000..0099b50
+--- /dev/null
++++ b/tests/services/chatty.in
+@@ -0,0 +1 @@
++auth		required	@PAM_CHATTY_PATH@ verbose num_lines=16 info error
+-- 
+2.24.1
+
+
+From 0697da3592fdfe45a02123e98b47c0a37c32f15c Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess at hadess.net>
+Date: Wed, 22 Jan 2020 12:22:30 +0100
+Subject: [PATCH 27/27] tests: Add test for verbose PAM modules
+
+Signed-off-by: Bastien Nocera <hadess at hadess.net>
+---
+ tests/pypamtest_test.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py
+index 030f01a..c4534bb 100755
+--- a/tests/pypamtest_test.py
++++ b/tests/pypamtest_test.py
+@@ -120,6 +120,11 @@ class PyPamTestRunTest(unittest.TestCase):
+         tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE, expected_rv=7) # PAM_AUTH_ERR
+         res = pypamtest.run_pamtest("neo", "matrix_py", [tc], [ neo_password ])
+ 
++    def test_run_chatty_auth(self):
++        neo_password = "secret"
++        tc = pypamtest.TestCase(pypamtest.PAMTEST_AUTHENTICATE)
++        res = pypamtest.run_pamtest("neo", "chatty", [tc], [ neo_password ])
++
+     def test_repr(self):
+         tc = pypamtest.TestCase(pypamtest.PAMTEST_CHAUTHTOK, 1, 2)
+         r = repr(tc)
+-- 
+2.24.1
+

Copied: pam_wrapper/repos/staging-x86_64/PKGBUILD (from rev 400700, pam_wrapper/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2020-11-12 19:19:28 UTC (rev 400701)
@@ -0,0 +1,51 @@
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+
+pkgname=pam_wrapper
+pkgver=1.0.7
+pkgrel=2
+pkgdesc="Tool to test PAM applications and PAM modules"
+url="https://cwrap.org/pam_wrapper.html"
+arch=(x86_64)
+license=(GPL3)
+depends=(pam python)
+makedepends=(git cmake cmocka doxygen graphviz)
+provides=(libpam_wrapper.so libpamtest.so)
+_commit=61283c98a49204b7bc4d2750fe506e877e31a214  # tags/pam_wrapper-1.0.7^0
+source=("git://git.samba.org/pam_wrapper.git#commit=$_commit"
+        2.patch)
+sha256sums=('SKIP'
+            '105e114a986fe25e20fb58539b6b7a878af8d71211fa88cb66132fd6b88fb7dc')
+
+pkgver() {
+  cd $pkgname
+  git describe --tags | sed 's/^pam_wrapper-//;s/_/./g;s/-/+/g'
+}
+
+prepare() {
+  cd $pkgname
+
+  # https://gitlab.com/cwrap/pam_wrapper/-/merge_requests/2
+  git apply -3 ../2.patch
+}
+
+build() {
+  cmake -H$pkgname -Bbuild \
+    -DCMAKE_BUILD_TYPE=None \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DMAN_INSTALL_DIR=/usr/share/man \
+    -DUNIT_TESTING=true
+  cmake --build build
+  cmake --build build --target doc
+}
+
+check() {
+  cmake --build build --target test
+}
+
+package() {
+  DESTDIR="$pkgdir" cmake --build build --target install
+
+  mkdir -p "$pkgdir/usr/share/doc"
+  cp -a build/doc/html "$pkgdir/usr/share/doc/$pkgname"
+  cp -a build/doc/man/man3 "$pkgdir/usr/share/man"
+}



More information about the arch-commits mailing list