directory which was specified at configure time.
Inspired by: NetBSD
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@308 185d5e19-27fe-0310-9dcf-9bff6b9f3609
apparently isn't present on some platforms (e.g. Solaris 8)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@281 185d5e19-27fe-0310-9dcf-9bff6b9f3609
final argument as void ** rather than const void **, but having seen
the strict aliasing warnings gcc generates at higher -O levels, it
makes a lot more sense. Change the prototype and definition back to
what the XSSO specifies, and make the necessary changes to avoid
warnings in code that calls pam_get_data().
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@277 185d5e19-27fe-0310-9dcf-9bff6b9f3609
thinking (or smoking) at the time. Really fix it this time.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@275 185d5e19-27fe-0310-9dcf-9bff6b9f3609
handling considerably simpler, eliminating the need for setjmp(3) and
evil global variables.
Portions submitted by: Dmitry V. Levin <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@264 185d5e19-27fe-0310-9dcf-9bff6b9f3609
address some related style issues.
Submitted by: Dmitry V. Levin <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@262 185d5e19-27fe-0310-9dcf-9bff6b9f3609
have to check that the item isn't NULL.
Submitted by: marcus
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@258 185d5e19-27fe-0310-9dcf-9bff6b9f3609
loader, reducing the number of times each file is read. Also fix
a few minor nits (such as making facility names and control flags
case insensitive like they are in Solaris).
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@243 185d5e19-27fe-0310-9dcf-9bff6b9f3609
reporting: error messages relating to policy files now include line
numbers, and the parser will warn about invalid facility names.
Also fix an off-by-one bug in the option handling code.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@241 185d5e19-27fe-0310-9dcf-9bff6b9f3609
immediately overwritten), replace all use of free(3) with a macro
that clears the pointer after freeing the memory it pointed to.
Suggested by: Dmitry V. Levin <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@232 185d5e19-27fe-0310-9dcf-9bff6b9f3609
change the copyright date on generated man pages from 2002 to 2001-2003
since work on this part of OpenPAM started in late 2001.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@221 185d5e19-27fe-0310-9dcf-9bff6b9f3609
on all platforms, notably OpenBSD).
Submitted by: Mike Petullo <mike@flyn.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@216 185d5e19-27fe-0310-9dcf-9bff6b9f3609
module which has the "debug" option, and disable it upon return.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@210 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This allows modules etc. to emit PAM_LOG_DEBUG messages independently
of whether libpam was compiled with -DDEBUG.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@209 185d5e19-27fe-0310-9dcf-9bff6b9f3609
avoid a warning about assigning void * to a function pointer.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@208 185d5e19-27fe-0310-9dcf-9bff6b9f3609
complained that it didn't work. Make it return a pointer to the
actual value of the requested environment variable.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@204 185d5e19-27fe-0310-9dcf-9bff6b9f3609
effects as arguments to macros. Also impose some sort of consistency
in the naming of variables that hold error codes.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@203 185d5e19-27fe-0310-9dcf-9bff6b9f3609
a debugging message and fail.
If the effective uid is non-zero but identical to the target uid,
save the current credentials and return without doing anything else.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@201 185d5e19-27fe-0310-9dcf-9bff6b9f3609
as if the user had just pressed enter.
Obtained from: TrustedBSD
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@192 185d5e19-27fe-0310-9dcf-9bff6b9f3609
service module. Use that information to generate a much better
error message when indirect recursion is detected.
Instrument openpam_dispatch()'s entry and exit points.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@186 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Add a member to the pam_handle structure indicating which primitive
is currently executing.
Add a ton of debugging macros.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@185 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Try to emulate Solaris more closely.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@158 185d5e19-27fe-0310-9dcf-9bff6b9f3609
extensions). Also add a page about the conversation system, and
remove that information from the pam_start page.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@153 185d5e19-27fe-0310-9dcf-9bff6b9f3609
use it to fill the gaps in incomplete policies as well as to replace
missing ones.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@137 185d5e19-27fe-0310-9dcf-9bff6b9f3609
later detect if it hasn't been touched.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@130 185d5e19-27fe-0310-9dcf-9bff6b9f3609
user credentials) and openpam_free_data() (generic cleanup function
for pam_set_data() consumers)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@106 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to prompt the user, prompt her twice and compare the responses.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@105 185d5e19-27fe-0310-9dcf-9bff6b9f3609
what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@100 185d5e19-27fe-0310-9dcf-9bff6b9f3609
unbreaks the pam_ldap module.
Based on a patch by Joe Marcus Clarke <marcus@marcuscom.com>.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@98 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- Don't log dlopen() failures, since they're rarely interesting;
instead, log a failure if no module was found at all.
- When loading a versioned module, store its logical name in the
module structure rather than its physical name, since it will be
looked up by its logical name if it's needed again.
- Initialize module->next->prev when adding a module to the cache.
- Set modules to NULL when releasing the last module in the cache.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@94 185d5e19-27fe-0310-9dcf-9bff6b9f3609
support for module versioning. OpenPAM will prefer a PAM module with
the same version number as the library itself to one with no version
number at all.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@87 185d5e19-27fe-0310-9dcf-9bff6b9f3609
supported setting new options. Add support for unsetting options
and changing the value of existing options.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@85 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK
flag is set.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@81 185d5e19-27fe-0310-9dcf-9bff6b9f3609
and add timeout functionality (defaults to off).
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@72 185d5e19-27fe-0310-9dcf-9bff6b9f3609
linker set for cosmetic reasons.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@70 185d5e19-27fe-0310-9dcf-9bff6b9f3609
check that the pam_conv structure it returns is not NULL.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@57 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Don't forget to fill the pam_conv structure after allocating it.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@55 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Accept PAM_SUCCESS and PAM_ABORT as valid return codes, even though
the normal code path will not call _openpam_check_error_code() if
the module returns one of them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@53 185d5e19-27fe-0310-9dcf-9bff6b9f3609
buffer by exactly one character. Add some slack.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@52 185d5e19-27fe-0310-9dcf-9bff6b9f3609
one newline character.
If DEBUG is defined, echo the log message to STDERR.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@51 185d5e19-27fe-0310-9dcf-9bff6b9f3609
last character of a configuration line.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@49 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move OpenPAM API extensions into <security/openpam.h> to avoid
namespace pollution for apps or modules that do not use them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@39 185d5e19-27fe-0310-9dcf-9bff6b9f3609
of an object rather than a type.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@35 185d5e19-27fe-0310-9dcf-9bff6b9f3609
that lists modules that don't implement the required functionality.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@33 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to reduce the chance of every running into a naming conflict.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Replace the "dispatching" flag with a pam_chain_t pointer. It is set
to point at the currently executing module right before calling the
module, and cleared right after the module returns. Note that this
isn't intended to prevent reentrancy in multi-threaded applications,
but simply to prevent modules from using the application interface.
When recursion is detected, return PAM_ABORT rather than
PAM_SYSTEM_ERR, since this is a programmatical error rather than
a runtime one.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@25 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to restructure it later on.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@21 185d5e19-27fe-0310-9dcf-9bff6b9f3609
detect and prevent indirect recursion.
Fail immediately if the requested chain is empty.
If a module couldn't be loaded, or doesn't provide the requested
service, treat it as a normal failure instead of terminating the
chain. (Solaris actually ignores this condition!)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@20 185d5e19-27fe-0310-9dcf-9bff6b9f3609
required. Although style(9) doesn't say anything about it, this
seems to be the preferred form.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@19 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Clear environment.
Use pam_set_item() rather than free() to clear items so they get
properly clobbered.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@18 185d5e19-27fe-0310-9dcf-9bff6b9f3609
function name, and wrap it in a macro called openpam_log().
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@13 185d5e19-27fe-0310-9dcf-9bff6b9f3609
in the error message. Avoid logging it twice.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@12 185d5e19-27fe-0310-9dcf-9bff6b9f3609
#include that I hadn't spotted since it wasn't getting compiled.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@11 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Prototype it in the new <security/openpam.h> header. Move the
prototype for openpam_log() there too (as well as the log level
constants) so modules and applications can use it if they want to.
Have lib/openpam.h include <security/openpam.h>.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@9 185d5e19-27fe-0310-9dcf-9bff6b9f3609
The basics (pam_start(), pam_end(), pam_strerror(), item-,
data- and environment-related functions and the six PAM
primitives) are implemented. A stub is provided for
pam_get_user(), which is not yet implemented. Stubs are also
provided for XSSO mapping and secondary authentication, though
they are not built and will probably not be implemented for
quite some time.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@1 185d5e19-27fe-0310-9dcf-9bff6b9f3609