Dag-Erling Smørgrav
95ed7f5d0c
Style / consistency
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@503 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-12-18 14:00:33 +00:00
Dag-Erling Smørgrav
dd498bc7ad
Use openpam_check_path_owner_perms()
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@502 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-12-18 13:59:22 +00:00
Dag-Erling Smørgrav
996a845863
Report an error if one of the modules in the chain does not implement
...
the requested primitive. This is a significant change, but it should
only affect poorly-written PAM modules, and the alternative is a
potential fail-open situation.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-12-07 01:28:05 +00:00
Dag-Erling Smørgrav
229c006c86
Forgotten in previous commit: check the ownership and permissions of the
...
policy file.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@500 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-22 12:07:03 +00:00
Dag-Erling Smørgrav
1a4edb80d7
Factor out and improve the module ownership / permission check, and add
...
a similar (but race-proof) check for the policy file.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@499 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-22 11:51:50 +00:00
Dag-Erling Smørgrav
b9f0b632da
Validate the service name, closing an attack vector for programs like
...
kcheckpass that let the user specify which policy to apply. See
<URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html >.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@497 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-21 16:25:49 +00:00
Dag-Erling Smørgrav
026c898ec5
Disallow changing the service name.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@496 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-21 16:20:45 +00:00
Dag-Erling Smørgrav
d9f7580763
nit
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@494 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-20 02:58:34 +00:00
Dag-Erling Smørgrav
d98f755c25
Refuse to load a module if it is owned by anyone else than root or the
...
arbitrator or it is writable by group or other.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@493 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-20 02:28:15 +00:00
Dag-Erling Smørgrav
b011e58526
dst can't be const, you idiot.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@492 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-20 02:04:17 +00:00
Dag-Erling Smørgrav
6a92548403
Reorganize the headers and centralize the string tables.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@491 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-12 00:12:32 +00:00
Dag-Erling Smørgrav
ff73a20a84
Add a strlcpy(3) implementation.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@490 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-11 03:04:46 +00:00
Dag-Erling Smørgrav
e8522c7fcc
Always create optv, even if there are no options.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@488 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-05 20:50:15 +00:00
Dag-Erling Smørgrav
c86a681052
The count was never used, so ditch it and return plain PAM error codes
...
instead.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@487 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-05 20:00:46 +00:00
Dag-Erling Smørgrav
ba7de9c9c6
Remove debugging code.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@484 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 16:47:26 +00:00
Dag-Erling Smørgrav
493804d19b
Fix a couple of bugs in the option string reassembly code.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@483 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 16:46:20 +00:00
Dag-Erling Smørgrav
6835696a2a
Revert large parts of r478. I had forgotten that the module arguments
...
are actually passed to each service function in the classic (argc,
argv) form. The only place where the compiler could have caught this
used a type cast, and it did not show up in testing either because all
of the modules I tested use openpam_get_option(3) instead of
manipulating argv directly.
The cleaned-up policy parsing code remains in place, but options are
once more stored as strings, pretty much the way they appear in the
policy file, except that quotes are stripped.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@482 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 16:33:02 +00:00
Dag-Erling Smørgrav
c16faba34e
The include directive expects a service name, not a filename.
...
While there, remember to check for trailing garbage.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@481 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 16:09:22 +00:00
Dag-Erling Smørgrav
b373991f87
namespace violation mumble mumble
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@479 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 15:40:15 +00:00
Dag-Erling Smørgrav
55f6a50684
Major overhaul of the policy parser to support quoted option values. As a
...
bonus, it should now be much easier to read and understand.
This also changes the way options are stored: they are now stored as a list
of { key, value } pairs rather than "key=value" strings.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@478 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 15:39:18 +00:00
Dag-Erling Smørgrav
11b10d0991
Minor simplification.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@477 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 15:30:34 +00:00
Dag-Erling Smørgrav
9b234e1f88
Provide strlcmp(3) internally on systems that don't already have it.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@475 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 15:29:24 +00:00
Dag-Erling Smørgrav
f229d69d05
Fix the case where match_word() matches the last word on the line. It
...
would previously return 0 because it expected the next character after
the matched word to be a space.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@474 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 10:56:10 +00:00
Dag-Erling Smørgrav
ebccc4d687
- Deduplicate the trailing-whitespace code.
...
- Don't treat "\\\n" as whitespace. It's not what most people would
expect, and the documentation doesn't mention it.
- Improve the documentation a bit now that gendoc.pl supports bullet
lists.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@473 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-03 10:48:25 +00:00
Dag-Erling Smørgrav
dd2c21f7b6
Mention that the service function is called twice.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@466 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-02 23:33:43 +00:00
Dag-Erling Smørgrav
956ef0df60
If a module directory was specified on the configure command line, the
...
OPENPAM_MODULES_DIR macro was defined in config.h in addition to
CFLAGS. Place OPENPAM_MODULES_DIR unconditionally in config.h and
remove it from CFLAGS.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@462 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-02 15:04:31 +00:00
Dag-Erling Smørgrav
a1be39bf2d
Fix namespace violations in local variables used to prevent double
...
evaluation in macros.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@461 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-02 14:00:38 +00:00
Dag-Erling Smørgrav
0eae3f21c1
Fix namespace violations in some symbols which have external linkage but
...
are not part of the API.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@460 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-02 13:56:03 +00:00
Dag-Erling Smørgrav
8799ff11b9
Eliminate a potential double evaluation in one of the tracing macros.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@459 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-11-02 13:50:56 +00:00
Dag-Erling Smørgrav
81b5c45be2
Add a new API function, openpam_subst(3), which replaces substitution
...
codes in a string with the values of selected PAM items. Use it for
prompts.
Furthermore, modify pam_get_user(3) and pam_get_authtok(3) to look for
module options named {user,authtok,oldauthtok}_prompt, as appropriate.
If found, these options take precedence over both the caller's prompt
and the PAM_{USER,AUTHTOK,OLDAUTHTOK}_PROMPT items. The usefulness of
these options is somewhat limited by the fact that the policy file
parser does not support quoted strings; that's next on the todo list.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@455 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-10-29 18:31:11 +00:00
Dag-Erling Smørgrav
b66176bb02
This was written long after the DARPA contract ended.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@447 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-10-22 02:47:36 +00:00
Dag-Erling Smørgrav
874f75e8f4
Document that the item argument (for pam_get_item(3)) and the data
...
argument (for pam_get_data(3)) are untouched if the function fails.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@444 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-10-22 01:03:23 +00:00
Dag-Erling Smørgrav
6970f8c093
We already have PAM_USER, PAM_RUSER and PAM_RHOST. Add PAM_HOST for
...
the sake of completeness. It is automatically set in pam_start(3).
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@443 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-10-22 01:01:39 +00:00
Dag-Erling Smørgrav
16844f8456
Update copyright and release notes.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@437 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-09-13 12:00:13 +00:00
Dag-Erling Smørgrav
b4871fa6dc
Update copyright dates.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@435 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2010-03-10 11:38:49 +00:00
Dag-Erling Smørgrav
385eb53d63
Add support for dynamic modules that contain a struct pam_module.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@433 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2010-03-10 11:34:36 +00:00
Dag-Erling Smørgrav
2a4b841f25
-lfoo goes in LIBADD, not LDFLAGS.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@429 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2010-03-09 17:51:29 +00:00
Dag-Erling Smørgrav
45c15a555d
Portability tip.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@427 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2010-03-09 17:15:39 +00:00
Dag-Erling Smørgrav
0726eb9f8e
Fix doc: pam_strerror() ignores pamh.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@426 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2010-03-09 16:56:40 +00:00
Dag-Erling Smørgrav
1f70254313
Fix double-UTF
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@423 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2009-10-29 17:08:38 +00:00
Dag-Erling Smørgrav
e9776bfa73
Convert everything to UTF-8.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@422 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2009-10-18 22:19:57 +00:00
Dag-Erling Smørgrav
5a523baf2b
Update copyright
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@420 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2009-06-12 19:12:42 +00:00
Dag-Erling Smørgrav
d8194fe11a
Indentation nits
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@419 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-12-22 14:55:47 +00:00
Dag-Erling Smørgrav
9f0d6d6267
Update copyright, and coincidentially root out the last remaining vestige
...
of iso-8859-1 in favor of utf-8.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@417 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-02-14 18:36:22 +00:00
Dag-Erling Smørgrav
ba75190ad0
Convert to correct config.h idiom. We must include it before any other
...
header, as it may define symbols which modify the behaviour of those headers.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@416 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-02-14 18:33:24 +00:00
Dag-Erling Smørgrav
d0bf52fbb1
Remove a few more namespace violations. Only one remains, which we can't
...
remove that without breaking binary compatibility.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@415 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-02-14 18:24:25 +00:00
Dag-Erling Smørgrav
8865782b1d
Un-screwup the debugging code. Now the "debug" keyword will work even
...
if OPENPAM_DEBUG is not defined (doing so generates far more debugging
information than you will ever want)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@414 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-02-14 18:06:26 +00:00
Dag-Erling Smørgrav
e42d5a34a3
I must have been drunk when I committed r380, because the cast for isspace()
...
is wrong, and I knew it...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@413 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2008-02-01 13:17:39 +00:00
Dag-Erling Smørgrav
fd5e5d917d
Update copyright.
...
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@408 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2007-12-21 11:36:24 +00:00
Dag-Erling Smørgrav
911d657644
Get rid of the module cache; it serves little purpose, and makes OpenPAM
...
thread-unsafe.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@403 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2007-11-28 12:29:08 +00:00