OpenPAM is an open source PAM library that focuses on simplicity, correctness, and cleanliness.
https://openpam.org/
7dbd5c38b7
1. Finish a comment which was meant to describe the four different termination conditions for the loop in openpam_parse_chain() but ended in mid-sentence. 2. Ensure that errno is consistently set to EINVAL if a syntax error is encountered in the policy file. 3. If openpam_load_module() fails because the module could not be loaded, set errno to ENOEXEC instead of ENOENT. This closes a hole where a missing module or a typo in a module name would cause the corresponding chain to fail open. Normally, if the policy exists but cannot be loaded, openpam_load_chain() will return an error, and openpam_configure() will discard any partially constructed chains. However, openpam_load_chain() interprets ENOENT to mean that the policy was not found, so it does not immediately return an error, the partially-loaded chain is not discarded, and the policy is incorrectly considered to have been successfully loaded. 4. Ensure that errors encountered while parsing an included policy are correctly propagated to the original policy, and that ENOENT while processing an include directive is a hard error, not a soft error. CVE-2014-3879 git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609 |
||
---|---|---|
bin | ||
doc | ||
include | ||
lib | ||
misc | ||
modules | ||
t | ||
CREDITS | ||
HISTORY | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
README | ||
RELNOTES | ||
TODO | ||
autogen.des | ||
autogen.sh | ||
configure.ac | ||
mkpkgng.in | ||
pamgdb.in |
README
OpenPAM is an open source PAM library that focuses on simplicity, correctness, and cleanliness. OpenPAM aims to gather the best features of Solaris PAM, XSSO and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility. These are some of OpenPAM's features: - Implements the complete PAM API as described in the original PAM paper and in OSF-RFC 86.0; this corresponds to the full XSSO API except for mappings and secondary authentication. Also implements some extensions found in Solaris 9. - Extends the API with several useful and time-saving functions. - Performs strict checking of return values from service modules. - Reads configuration from /etc/pam.d/, /etc/pam.conf, /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order; this will be made configurable in a future release. Please direct bug reports and inquiries to <des@des.no>. $Id$