version of openpam_log() that's actually used. Internal debugging
messages therefore went to the default case and were logged as errors,
spamming /var/log/messages and the console.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@544 185d5e19-27fe-0310-9dcf-9bff6b9f3609
reasons, it is easier to use the 3-clause BSD license even for new
additions to OpenPAM.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@543 185d5e19-27fe-0310-9dcf-9bff6b9f3609
which will cause syslog() to log the wrong error message if the format
string contains %m.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@537 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
determine whether to stop searching for a policy. After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.
While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors. The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
is currently equivalent to PAM_LOG_DEBUG, and is used only by the
library call tracing macros (ENTER*() and RETURN*()). It should
eventually replace PAM_LOG_DEBUG throughout the library, except
perhaps for a few particularly interesting messages; PAM_LOG_DEBUG
will be reserved for modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@522 185d5e19-27fe-0310-9dcf-9bff6b9f3609
the requested primitive. This is a significant change, but it should
only affect poorly-written PAM modules, and the alternative is a
potential fail-open situation.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609
are actually passed to each service function in the classic (argc,
argv) form. The only place where the compiler could have caught this
used a type cast, and it did not show up in testing either because all
of the modules I tested use openpam_get_option(3) instead of
manipulating argv directly.
The cleaned-up policy parsing code remains in place, but options are
once more stored as strings, pretty much the way they appear in the
policy file, except that quotes are stripped.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@482 185d5e19-27fe-0310-9dcf-9bff6b9f3609
bonus, it should now be much easier to read and understand.
This also changes the way options are stored: they are now stored as a list
of { key, value } pairs rather than "key=value" strings.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@478 185d5e19-27fe-0310-9dcf-9bff6b9f3609
would previously return 0 because it expected the next character after
the matched word to be a space.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@474 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- Don't treat "\\\n" as whitespace. It's not what most people would
expect, and the documentation doesn't mention it.
- Improve the documentation a bit now that gendoc.pl supports bullet
lists.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@473 185d5e19-27fe-0310-9dcf-9bff6b9f3609
OPENPAM_MODULES_DIR macro was defined in config.h in addition to
CFLAGS. Place OPENPAM_MODULES_DIR unconditionally in config.h and
remove it from CFLAGS.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@462 185d5e19-27fe-0310-9dcf-9bff6b9f3609