for chains that are still empty after the requested policy was loaded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
1. Finish a comment which was meant to describe the four different
termination conditions for the loop in openpam_parse_chain() but
ended in mid-sentence.
2. Ensure that errno is consistently set to EINVAL if a syntax error
is encountered in the policy file.
3. If openpam_load_module() fails because the module could not be
loaded, set errno to ENOEXEC instead of ENOENT. This closes a hole
where a missing module or a typo in a module name would cause the
corresponding chain to fail open. Normally, if the policy exists
but cannot be loaded, openpam_load_chain() will return an error,
and openpam_configure() will discard any partially constructed
chains. However, openpam_load_chain() interprets ENOENT to mean
that the policy was not found, so it does not immediately return an
error, the partially-loaded chain is not discarded, and the policy
is incorrectly considered to have been successfully loaded.
4. Ensure that errors encountered while parsing an included policy are
correctly propagated to the original policy, and that ENOENT while
processing an include directive is a hard error, not a soft error.
CVE-2014-3879
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
filename is much larger than it needs to be. However, this might not be
the case in the future. To be safe, add a length check after strlcpy().
This should silence a Coverity warning about possible array overflow.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@745 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- move libpam into lib/libpam
- move the OATH code into lib/liboath
- move oath.h into include/security
- update all pointers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609