- move libpam into lib/libpam
- move the OATH code into lib/liboath
- move oath.h into include/security
- update all pointers
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@646 185d5e19-27fe-0310-9dcf-9bff6b9f3609
through months of testing only to show up within hours of release.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@611 185d5e19-27fe-0310-9dcf-9bff6b9f3609
that searches for it. If the service name contains a path separator
character, treat it is a relative or absolute path to the policy file.
This need to be documented either in pam.conf(5) or in pam_start(3) once
the feature mechanism is no longer experimental.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@600 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Use it to control policy and module file checks. The default settings
correspond to the current behavior: disallow path separators in policy
names, but allow them in module names; verify ownership and permissions
for both policy files and modules.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@594 185d5e19-27fe-0310-9dcf-9bff6b9f3609
string, reallocating the string if necessary.
Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.
Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.
Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.
Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@547 185d5e19-27fe-0310-9dcf-9bff6b9f3609
determine whether to stop searching for a policy. After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.
While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors. The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
are actually passed to each service function in the classic (argc,
argv) form. The only place where the compiler could have caught this
used a type cast, and it did not show up in testing either because all
of the modules I tested use openpam_get_option(3) instead of
manipulating argv directly.
The cleaned-up policy parsing code remains in place, but options are
once more stored as strings, pretty much the way they appear in the
policy file, except that quotes are stripped.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@482 185d5e19-27fe-0310-9dcf-9bff6b9f3609
bonus, it should now be much easier to read and understand.
This also changes the way options are stored: they are now stored as a list
of { key, value } pairs rather than "key=value" strings.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@478 185d5e19-27fe-0310-9dcf-9bff6b9f3609
would previously return 0 because it expected the next character after
the matched word to be a space.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@474 185d5e19-27fe-0310-9dcf-9bff6b9f3609
header, as it may define symbols which modify the behaviour of those headers.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@416 185d5e19-27fe-0310-9dcf-9bff6b9f3609
loader, reducing the number of times each file is read. Also fix
a few minor nits (such as making facility names and control flags
case insensitive like they are in Solaris).
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@243 185d5e19-27fe-0310-9dcf-9bff6b9f3609
reporting: error messages relating to policy files now include line
numbers, and the parser will warn about invalid facility names.
Also fix an off-by-one bug in the option handling code.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@241 185d5e19-27fe-0310-9dcf-9bff6b9f3609
immediately overwritten), replace all use of free(3) with a macro
that clears the pointer after freeing the memory it pointed to.
Suggested by: Dmitry V. Levin <ldv@altlinux.org>
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@232 185d5e19-27fe-0310-9dcf-9bff6b9f3609
use it to fill the gaps in incomplete policies as well as to replace
missing ones.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@137 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Dag-Erling Smørgrav