the requested primitive. This is a significant change, but it should
only affect poorly-written PAM modules, and the alternative is a
potential fail-open situation.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609
header, as it may define symbols which modify the behaviour of those headers.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@416 185d5e19-27fe-0310-9dcf-9bff6b9f3609
if OPENPAM_DEBUG is not defined (doing so generates far more debugging
information than you will ever want)
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@414 185d5e19-27fe-0310-9dcf-9bff6b9f3609
change the copyright date on generated man pages from 2002 to 2001-2003
since work on this part of OpenPAM started in late 2001.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@221 185d5e19-27fe-0310-9dcf-9bff6b9f3609
module which has the "debug" option, and disable it upon return.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@210 185d5e19-27fe-0310-9dcf-9bff6b9f3609
service module. Use that information to generate a much better
error message when indirect recursion is detected.
Instrument openpam_dispatch()'s entry and exit points.
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@186 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Try to emulate Solaris more closely.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@158 185d5e19-27fe-0310-9dcf-9bff6b9f3609
- "sufficient" should not terminate the chain if the PAM_PRELIM_CHECK
flag is set.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@81 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Accept PAM_SUCCESS and PAM_ABORT as valid return codes, even though
the normal code path will not call _openpam_check_error_code() if
the module returns one of them.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@53 185d5e19-27fe-0310-9dcf-9bff6b9f3609
that lists modules that don't implement the required functionality.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@33 185d5e19-27fe-0310-9dcf-9bff6b9f3609
to reduce the chance of every running into a naming conflict.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@32 185d5e19-27fe-0310-9dcf-9bff6b9f3609
Replace the "dispatching" flag with a pam_chain_t pointer. It is set
to point at the currently executing module right before calling the
module, and cleared right after the module returns. Note that this
isn't intended to prevent reentrancy in multi-threaded applications,
but simply to prevent modules from using the application interface.
When recursion is detected, return PAM_ABORT rather than
PAM_SYSTEM_ERR, since this is a programmatical error rather than
a runtime one.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@25 185d5e19-27fe-0310-9dcf-9bff6b9f3609
detect and prevent indirect recursion.
Fail immediately if the requested chain is empty.
If a module couldn't be loaded, or doesn't provide the requested
service, treat it as a normal failure instead of terminating the
chain. (Solaris actually ignores this condition!)
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@20 185d5e19-27fe-0310-9dcf-9bff6b9f3609
The basics (pam_start(), pam_end(), pam_strerror(), item-,
data- and environment-related functions and the six PAM
primitives) are implemented. A stub is provided for
pam_get_user(), which is not yet implemented. Stubs are also
provided for XSSO mapping and secondary authentication, though
they are not built and will probably not be implemented for
quite some time.
Sponsored by: DARPA, NAI Labs
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@1 185d5e19-27fe-0310-9dcf-9bff6b9f3609