for chains that are still empty after the requested policy was loaded.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@862 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Use it to control policy and module file checks. The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@594 185d5e19-27fe-0310-9dcf-9bff6b9f3609
string, reallocating the string if necessary.
Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.
Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.
Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.
Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@547 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
is currently equivalent to PAM_LOG_DEBUG, and is used only by the
library call tracing macros (ENTER*() and RETURN*()). It should
eventually replace PAM_LOG_DEBUG throughout the library, except
perhaps for a few particularly interesting messages; PAM_LOG_DEBUG
will be reserved for modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@522 185d5e19-27fe-0310-9dcf-9bff6b9f3609
codes in a string with the values of selected PAM items. Use it for
prompts.
Furthermore, modify pam_get_user(3) and pam_get_authtok(3) to look for
module options named {user,authtok,oldauthtok}_prompt, as appropriate.
If found, these options take precedence over both the caller's prompt
and the PAM_{USER,AUTHTOK,OLDAUTHTOK}_PROMPT items. The usefulness of
these options is somewhat limited by the fact that the policy file
parser does not support quoted strings; that's next on the todo list.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@455 185d5e19-27fe-0310-9dcf-9bff6b9f3609
doesn't work at all on some platforms. Instead of trying to figure it out
ourselves, rely on the user to specify it on the compiler command line.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@418 185d5e19-27fe-0310-9dcf-9bff6b9f3609
compatibility in the process, but only for OpenPAM-specific features)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@401 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Use attributes for publicly exported functions.
Submitted by: "Dmitry V. Levin" <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@318 185d5e19-27fe-0310-9dcf-9bff6b9f3609
handling considerably simpler, eliminating the need for setjmp(3) and
evil global variables.
Portions submitted by: Dmitry V. Levin <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@264 185d5e19-27fe-0310-9dcf-9bff6b9f3609
reporting: error messages relating to policy files now include line
numbers, and the parser will warn about invalid facility names.
Also fix an off-by-one bug in the option handling code.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@241 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This reduces the amount of changes needed to adopt modules written
for Linux-PAM.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@111 185d5e19-27fe-0310-9dcf-9bff6b9f3609
user credentials) and openpam_free_data() (generic cleanup function
for pam_set_data() consumers)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@106 185d5e19-27fe-0310-9dcf-9bff6b9f3609
what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@100 185d5e19-27fe-0310-9dcf-9bff6b9f3609
support for module versioning. OpenPAM will prefer a PAM module with
the same version number as the library itself to one with no version
number at all.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@87 185d5e19-27fe-0310-9dcf-9bff6b9f3609
linker set for cosmetic reasons.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@70 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move OpenPAM API extensions into <security/openpam.h> to avoid
namespace pollution for apps or modules that do not use them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@39 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to reduce the chance of every running into a naming conflict.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609
function name, and wrap it in a macro called openpam_log().
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@13 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Prototype it in the new <security/openpam.h> header. Move the
prototype for openpam_log() there too (as well as the log level
constants) so modules and applications can use it if they want to.
Have lib/openpam.h include <security/openpam.h>.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@9 185d5e19-27fe-0310-9dcf-9bff6b9f3609