user credentials) and openpam_free_data() (generic cleanup function
for pam_set_data() consumers)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@106 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to prompt the user, prompt her twice and compare the responses.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@105 185d5e19-27fe-0310-9dcf-9bff6b9f3609
what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@100 185d5e19-27fe-0310-9dcf-9bff6b9f3609
unbreaks the pam_ldap module.
Based on a patch by Joe Marcus Clarke <marcus@marcuscom.com>.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@98 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- Don't log dlopen() failures, since they're rarely interesting;
instead, log a failure if no module was found at all.
- When loading a versioned module, store its logical name in the
module structure rather than its physical name, since it will be
looked up by its logical name if it's needed again.
- Initialize module->next->prev when adding a module to the cache.
- Set modules to NULL when releasing the last module in the cache.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@94 185d5e19-27fe-0310-9dcf-9bff6b9f3609
support for module versioning. OpenPAM will prefer a PAM module with
the same version number as the library itself to one with no version
number at all.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@87 185d5e19-27fe-0310-9dcf-9bff6b9f3609
supported setting new options. Add support for unsetting options
and changing the value of existing options.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@85 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK
flag is set.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@81 185d5e19-27fe-0310-9dcf-9bff6b9f3609
and add timeout functionality (defaults to off).
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@72 185d5e19-27fe-0310-9dcf-9bff6b9f3609
linker set for cosmetic reasons.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@70 185d5e19-27fe-0310-9dcf-9bff6b9f3609
check that the pam_conv structure it returns is not NULL.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@57 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Don't forget to fill the pam_conv structure after allocating it.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@55 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Accept PAM_SUCCESS and PAM_ABORT as valid return codes, even though
the normal code path will not call _openpam_check_error_code() if
the module returns one of them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@53 185d5e19-27fe-0310-9dcf-9bff6b9f3609
buffer by exactly one character. Add some slack.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@52 185d5e19-27fe-0310-9dcf-9bff6b9f3609
one newline character.
If DEBUG is defined, echo the log message to STDERR.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@51 185d5e19-27fe-0310-9dcf-9bff6b9f3609
last character of a configuration line.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@49 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Move OpenPAM API extensions into <security/openpam.h> to avoid
namespace pollution for apps or modules that do not use them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@39 185d5e19-27fe-0310-9dcf-9bff6b9f3609
of an object rather than a type.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@35 185d5e19-27fe-0310-9dcf-9bff6b9f3609
that lists modules that don't implement the required functionality.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@33 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to reduce the chance of every running into a naming conflict.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Replace the "dispatching" flag with a pam_chain_t pointer. It is set
to point at the currently executing module right before calling the
module, and cleared right after the module returns. Note that this
isn't intended to prevent reentrancy in multi-threaded applications,
but simply to prevent modules from using the application interface.
When recursion is detected, return PAM_ABORT rather than
PAM_SYSTEM_ERR, since this is a programmatical error rather than
a runtime one.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@25 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to restructure it later on.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@21 185d5e19-27fe-0310-9dcf-9bff6b9f3609
detect and prevent indirect recursion.
Fail immediately if the requested chain is empty.
If a module couldn't be loaded, or doesn't provide the requested
service, treat it as a normal failure instead of terminating the
chain. (Solaris actually ignores this condition!)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@20 185d5e19-27fe-0310-9dcf-9bff6b9f3609
required. Although style(9) doesn't say anything about it, this
seems to be the preferred form.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@19 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Clear environment.
Use pam_set_item() rather than free() to clear items so they get
properly clobbered.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@18 185d5e19-27fe-0310-9dcf-9bff6b9f3609
function name, and wrap it in a macro called openpam_log().
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@13 185d5e19-27fe-0310-9dcf-9bff6b9f3609
in the error message. Avoid logging it twice.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@12 185d5e19-27fe-0310-9dcf-9bff6b9f3609
#include that I hadn't spotted since it wasn't getting compiled.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@11 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Prototype it in the new <security/openpam.h> header. Move the
prototype for openpam_log() there too (as well as the log level
constants) so modules and applications can use it if they want to.
Have lib/openpam.h include <security/openpam.h>.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@9 185d5e19-27fe-0310-9dcf-9bff6b9f3609
The basics (pam_start(), pam_end(), pam_strerror(), item-,
data- and environment-related functions and the six PAM
primitives) are implemented. A stub is provided for
pam_get_user(), which is not yet implemented. Stubs are also
provided for XSSO mapping and secondary authentication, though
they are not built and will probably not be implemented for
quite some time.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@1 185d5e19-27fe-0310-9dcf-9bff6b9f3609