OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
644 commits 3 branches 10 tags 1.9 MiB
Commit graph

644 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dag-Erling Smørgrav
8ec4a16273 Don't log an error message if the file does not exist. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@509 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-22 17:18:53 +00:00
Dag-Erling Smørgrav
8372b71ce1 Add Matthias Drochner - I wish I'd remembered to do so before I rolled 
Lycopsida.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@508 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 17:07:53 +00:00
Dag-Erling Smørgrav
e630a92713 --with-doc defaults to yes 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@507 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:43:40 +00:00
Dag-Erling Smørgrav
59dc4aa601 Update release notes for Lycopsida 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@506 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:25:12 +00:00
Dag-Erling Smørgrav
3f02bd9df6 Set version number and release name 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@505 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:13:08 +00:00
Dag-Erling Smørgrav
4aca0ed827 Set release date 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@504 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:11:12 +00:00
Dag-Erling Smørgrav
95ed7f5d0c Style / consistency 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@503 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:00:33 +00:00
Dag-Erling Smørgrav
dd498bc7ad Use openpam_check_path_owner_perms() 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@502 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 13:59:22 +00:00
Dag-Erling Smørgrav
996a845863 Report an error if one of the modules in the chain does not implement 
the requested primitive.  This is a significant change, but it should
only affect poorly-written PAM modules, and the alternative is a
potential fail-open situation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-07 01:28:05 +00:00
Dag-Erling Smørgrav
229c006c86 Forgotten in previous commit: check the ownership and permissions of the 
policy file.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@500 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-22 12:07:03 +00:00
Dag-Erling Smørgrav
1a4edb80d7 Factor out and improve the module ownership / permission check, and add 
a similar (but race-proof) check for the policy file.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@499 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-22 11:51:50 +00:00
Dag-Erling Smørgrav
2b025676c7 Document increased input validation, and credit Sebastian Krahmer for 
bringing the issue to my attention.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@498 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:27:04 +00:00
Dag-Erling Smørgrav
b9f0b632da Validate the service name, closing an attack vector for programs like 
kcheckpass that let the user specify which policy to apply.  See
<URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@497 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:25:49 +00:00
Dag-Erling Smørgrav
026c898ec5 Disallow changing the service name. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@496 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:20:45 +00:00
Dag-Erling Smørgrav
0e65fdb799 Document the module ownership / permissions test. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@495 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-20 03:03:22 +00:00
Dag-Erling Smørgrav
d9f7580763 nit 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@494 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-20 02:58:34 +00:00
Dag-Erling Smørgrav
d98f755c25 Refuse to load a module if it is owned by anyone else than root or the 
arbitrator or it is writable by group or other.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@493 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-20 02:28:15 +00:00
Dag-Erling Smørgrav
b011e58526 dst can't be const, you idiot. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@492 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-20 02:04:17 +00:00
Dag-Erling Smørgrav
6a92548403 Reorganize the headers and centralize the string tables. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@491 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-12 00:12:32 +00:00
Dag-Erling Smørgrav
ff73a20a84 Add a strlcpy(3) implementation. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@490 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-11 03:04:46 +00:00
Dag-Erling Smørgrav
e8522c7fcc Always create optv, even if there are no options. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@488 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-05 20:50:15 +00:00
Dag-Erling Smørgrav
c86a681052 The count was never used, so ditch it and return plain PAM error codes 
instead.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@487 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-05 20:00:46 +00:00
Dag-Erling Smørgrav
2603985187 Document quoted option values. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@486 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:58:05 +00:00
Dag-Erling Smørgrav
8b3eca4161 Document quoted option values. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@485 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:57:37 +00:00
Dag-Erling Smørgrav
ba7de9c9c6 Remove debugging code. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@484 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:47:26 +00:00
Dag-Erling Smørgrav
493804d19b Fix a couple of bugs in the option string reassembly code. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@483 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:46:20 +00:00
Dag-Erling Smørgrav
6835696a2a Revert large parts of r478. I had forgotten that the module arguments 
are actually passed to each service function in the classic (argc,
argv) form.  The only place where the compiler could have caught this
used a type cast, and it did not show up in testing either because all
of the modules I tested use openpam_get_option(3) instead of
manipulating argv directly.

The cleaned-up policy parsing code remains in place, but options are
once more stored as strings, pretty much the way they appear in the
policy file, except that quotes are stripped.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@482 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:33:02 +00:00
Dag-Erling Smørgrav
c16faba34e The include directive expects a service name, not a filename. 
While there, remember to check for trailing garbage.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@481 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 16:09:22 +00:00
Dag-Erling Smørgrav
28c2e4049f past tense 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@480 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:55:56 +00:00
Dag-Erling Smørgrav
b373991f87 namespace violation mumble mumble 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@479 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:40:15 +00:00
Dag-Erling Smørgrav
55f6a50684 Major overhaul of the policy parser to support quoted option values. As a 
bonus, it should now be much easier to read and understand.

This also changes the way options are stored: they are now stored as a list
of { key, value } pairs rather than "key=value" strings.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@478 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:39:18 +00:00
Dag-Erling Smørgrav
11b10d0991 Minor simplification. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@477 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:30:34 +00:00
Dag-Erling Smørgrav
d40a8fb860 "facility" is more appropriate than "function class" 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@476 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:30:03 +00:00
Dag-Erling Smørgrav
9b234e1f88 Provide strlcmp(3) internally on systems that don't already have it. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@475 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 15:29:24 +00:00
Dag-Erling Smørgrav
f229d69d05 Fix the case where match_word() matches the last word on the line. It 
would previously return 0 because it expected the next character after
the matched word to be a space.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@474 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 10:56:10 +00:00
Dag-Erling Smørgrav
ebccc4d687 - Deduplicate the trailing-whitespace code. 
- Don't treat "\\\n" as whitespace.  It's not what most people would
  expect, and the documentation doesn't mention it.
- Improve the documentation a bit now that gendoc.pl supports bullet
  lists.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@473 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 10:48:25 +00:00
Dag-Erling Smørgrav
c20b753856 Remove commented-out code 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@472 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 09:46:52 +00:00
Dag-Erling Smørgrav
94ca0f4d08 Expand $Id$ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@471 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-03 09:44:40 +00:00
Dag-Erling Smørgrav
f0280932cb Rewrap 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@470 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 23:44:05 +00:00
Dag-Erling Smørgrav
a3fc39b15b Mention pamtest(1). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@469 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 23:43:54 +00:00
Dag-Erling Smørgrav
e6545c355d Build pamtest. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@468 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 23:42:51 +00:00
Dag-Erling Smørgrav
e53b12a47e Add a tool for testing modules and policies. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@467 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 23:42:21 +00:00
Dag-Erling Smørgrav
dd2c21f7b6 Mention that the service function is called twice. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@466 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 23:33:43 +00:00
Dag-Erling Smørgrav
eed493316e Add support for bullet lists. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@465 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 20:34:26 +00:00
Dag-Erling Smørgrav
85ca38e143 ignore openpam_subst.3 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@464 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 20:00:31 +00:00
Dag-Erling Smørgrav
fa542b0736 Add a trailing slash if the user forgot it. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@463 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 16:17:40 +00:00
Dag-Erling Smørgrav
956ef0df60 If a module directory was specified on the configure command line, the 
OPENPAM_MODULES_DIR macro was defined in config.h in addition to
CFLAGS.  Place OPENPAM_MODULES_DIR unconditionally in config.h and
remove it from CFLAGS.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@462 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 15:04:31 +00:00
Dag-Erling Smørgrav
a1be39bf2d Fix namespace violations in local variables used to prevent double 
evaluation in macros.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@461 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 14:00:38 +00:00
Dag-Erling Smørgrav
0eae3f21c1 Fix namespace violations in some symbols which have external linkage but 
are not part of the API.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@460 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 13:56:03 +00:00
Dag-Erling Smørgrav
8799ff11b9 Eliminate a potential double evaluation in one of the tracing macros. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@459 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-02 13:50:56 +00:00