OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
829 commits 3 branches 10 tags 1.9 MiB
Commit graph

829 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dag-Erling Smørgrav
8121567cf6 More cases in which Fn should be used instead of Nm. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@545 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 23:12:54 +00:00
Dag-Erling Smørgrav
d619fcb520 Through oversight, the PAM_LOG_LIBDEBUG case was left out in the 
version of openpam_log() that's actually used.  Internal debugging
messages therefore went to the default case and were logged as errors,
spamming /var/log/messages and the console.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@544 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:47:15 +00:00
Dag-Erling Smørgrav
e29b3b276f Even though I now prefer the 2-clause BSD license, for practical 
reasons, it is easier to use the 3-clause BSD license even for new
additions to OpenPAM.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@543 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 22:11:34 +00:00
Dag-Erling Smørgrav
9857b1c9ea Add support for custom sections, including a custom RETURN VALUES 
section which suppresses the auto-generated one.

Allow blank lines between list items.

If the name of a cross-referenced function is preceded by an
exclamation mark, leave it out of the SEE ALSO section.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@542 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 21:16:40 +00:00
Dag-Erling Smørgrav
10215cdd1e Only pull up punctuation which is followed by whitespace. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@541 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 21:15:44 +00:00
Dag-Erling Smørgrav
98687ed638 Use ".Fn foo" instead of ".Nm" for function names. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@540 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 20:53:50 +00:00
Dag-Erling Smørgrav
f163a4b9df spelling 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@539 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 20:53:22 +00:00
Dag-Erling Smørgrav
103857f3c9 Short program that converts a PAM policy to C code that creates static 
structures compatible with what openpam_configure() produces.
Always build but never install (for now)


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@538 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 17:04:29 +00:00
Dag-Erling Smørgrav
783a383e4b Save errno before calling asprintf(), since asprintf() may touch errno, 
which will cause syslog() to log the wrong error message if the format
string contains %m.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@537 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 16:20:13 +00:00
Dag-Erling Smørgrav
74c787f664 Avoid underflow if *size == 0. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@536 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 15:34:19 +00:00
Dag-Erling Smørgrav
8e881dbdd7 Fix some embarassing typos introduced in the openpam_straddch() cleanup. 
Move prototype from "opempam_impl.h" to <security/openpam.h>.
Generate openpam_straddch(3) man page.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@535 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:55:19 +00:00
Dag-Erling Smørgrav
a7c9ef9a05 Additional return value hackery. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@534 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:49:30 +00:00
Dag-Erling Smørgrav
be3bfed604 Clean up and document 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@533 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:25:43 +00:00
Dag-Erling Smørgrav
b3a9a4792f Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@532 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:53 +00:00
Dag-Erling Smørgrav
2e479f3c12 Redundant #include 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@531 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 14:24:37 +00:00
Dag-Erling Smørgrav
7d5093463e Expand $Id$ 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@530 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 13:44:51 +00:00
Dag-Erling Smørgrav
aa8e257838 Ignore Emacs droppings 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@529 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-03-31 12:06:48 +00:00
Dag-Erling Smørgrav
42651f8d9b Add an internal function for appending a character to a dynamically 
allocated string, expanding the string if necessary.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@528 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:34:46 +00:00
Dag-Erling Smørgrav
7d5d2733f5 Rename sigset to the_sigset to avoid shadowing sigset(3). 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@527 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-02-26 03:23:59 +00:00
Dag-Erling Smørgrav
0a4f5e9af7 Credit Don Lewis and Gleb Smirnoff for their assistance with tracking 
down the recent openpam_configure() and openpam_dynamic() issues.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@526 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:47:45 +00:00
Dag-Erling Smørgrav
cf0963e668 Improve error messages by logging the full path of the module we tried 
to load rather than just the module name.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@525 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:45:09 +00:00
Dag-Erling Smørgrav
c3d9f63b55 Fix a regression introduced by r487. The count was actually used to 
determine whether to stop searching for a policy.  After r487,
multiple policies for the same service would be concatenated, whereas
the intention was that the one that came first in the policy path
should eclipse the others.

While there, take the time to reorganize the front end of the policy
loading code, both to clarify the logic and to produce better log
messages in case of errors.  The most important change is that
openpam_load_chain() now opens and vets the policy file before calling
openpam_parse_chain(), so it is better able to distinguish between
errors relating to the file itself and errors relating to its
contents.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@524 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:29:48 +00:00
Dag-Erling Smørgrav
88a6cda1a1 Reluctantly document PAM_LOG_LIBDEBUG. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@523 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:15:24 +00:00
Dag-Erling Smørgrav
b616ada557 Add another log level, PAM_LOG_LIBDEBUG, with a negative priority. It 
is currently equivalent to PAM_LOG_DEBUG, and is used only by the
library call tracing macros (ENTER*() and RETURN*()).  It should
eventually replace PAM_LOG_DEBUG throughout the library, except
perhaps for a few particularly interesting messages; PAM_LOG_DEBUG
will be reserved for modules.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@522 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:13:25 +00:00
Dag-Erling Smørgrav
df3d585d08 Reduce log spam. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@521 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-11 00:03:18 +00:00
Dag-Erling Smørgrav
34c9fb6fd3 Only call dlerror() after dlsym() failed. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@520 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 23:57:31 +00:00
Dag-Erling Smørgrav
31e9142afc Verify that the target is a regular file. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@519 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 23:50:03 +00:00
Dag-Erling Smørgrav
407565fc1d The name of the default policy is (and always has been) "other", not 
"default".


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@518 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 22:38:13 +00:00
Dag-Erling Smørgrav
255c7f6727 Detect fdlopen(3) 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@517 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:26:49 +00:00
Dag-Erling Smørgrav
8c2f4c74b7 Use fdlopen(3) if it is available. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@516 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:26:34 +00:00
Dag-Erling Smørgrav
8f8a8584fc Correct usage string 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@515 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:22:57 +00:00
Dag-Erling Smørgrav
ca0b4cb0c7 Generate Trac-compatible wiki text for each release from HISTORY. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@514 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:16:05 +00:00
Dag-Erling Smørgrav
fb9c3dcdf5 Normalize whitespace 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@513 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-10 21:05:42 +00:00
Dag-Erling Smørgrav
41bb288744 The only place RETURNP() is used returns a non-const pointer. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@511 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2012-01-09 13:25:09 +00:00
Dag-Erling Smørgrav
596b3af085 Use a different default prompt if PAM_RHOST != PAM_HOST. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@510 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-31 13:14:23 +00:00
Dag-Erling Smørgrav
8ec4a16273 Don't log an error message if the file does not exist. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@509 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-22 17:18:53 +00:00
Dag-Erling Smørgrav
8372b71ce1 Add Matthias Drochner - I wish I'd remembered to do so before I rolled 
Lycopsida.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@508 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 17:07:53 +00:00
Dag-Erling Smørgrav
e630a92713 --with-doc defaults to yes 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@507 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:43:40 +00:00
Dag-Erling Smørgrav
59dc4aa601 Update release notes for Lycopsida 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@506 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:25:12 +00:00
Dag-Erling Smørgrav
3f02bd9df6 Set version number and release name 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@505 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:13:08 +00:00
Dag-Erling Smørgrav
4aca0ed827 Set release date 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@504 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:11:12 +00:00
Dag-Erling Smørgrav
95ed7f5d0c Style / consistency 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@503 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 14:00:33 +00:00
Dag-Erling Smørgrav
dd498bc7ad Use openpam_check_path_owner_perms() 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@502 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-18 13:59:22 +00:00
Dag-Erling Smørgrav
996a845863 Report an error if one of the modules in the chain does not implement 
the requested primitive.  This is a significant change, but it should
only affect poorly-written PAM modules, and the alternative is a
potential fail-open situation.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-12-07 01:28:05 +00:00
Dag-Erling Smørgrav
229c006c86 Forgotten in previous commit: check the ownership and permissions of the 
policy file.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@500 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-22 12:07:03 +00:00
Dag-Erling Smørgrav
1a4edb80d7 Factor out and improve the module ownership / permission check, and add 
a similar (but race-proof) check for the policy file.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@499 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-22 11:51:50 +00:00
Dag-Erling Smørgrav
2b025676c7 Document increased input validation, and credit Sebastian Krahmer for 
bringing the issue to my attention.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@498 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:27:04 +00:00
Dag-Erling Smørgrav
b9f0b632da Validate the service name, closing an attack vector for programs like 
kcheckpass that let the user specify which policy to apply.  See
<URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@497 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:25:49 +00:00
Dag-Erling Smørgrav
026c898ec5 Disallow changing the service name. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@496 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-21 16:20:45 +00:00
Dag-Erling Smørgrav
0e65fdb799 Document the module ownership / permissions test. 
git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@495 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 2011-11-20 03:03:22 +00:00