Table of Contents
OpenPAM Micrampelis
Known errata:
- Configuration parsing
- Policy loading
- Line continuation
- Application-provided login and password prompts
- Memory leak in pam_set_item()
OpenPAM Micrampelis was released on 2012-05-26.
-
FEATURE Add an
openpam_readword(3)
function which reads the next word from an input stream, applying shell quoting and escaping rules. Add numerous unit tests foropenpam_readword(3)
. -
FEATURE Add an
openpam_readlinev(3)
function which uses theopenpam_readword(3)
function to read words from an input stream one at a time until it reaches an unquoted, unescaped newline, and returns an array of those words. Add several unit tests foropenpam_readlinev(3)
. -
FEATURE Add a
PAM_HOST
item whichpam_start(3)
initializes to the machine's hostname. This was implemented in Lycopsida but inadvertantly left out of the release notes. -
FEATURE In
pam_get_authtok(3)
, if neither the application nor the module have specified a prompt andPAM_HOST
andPAM_RHOST
are both defined but not equal, use a different default prompt that includesPAM_USER
andPAM_HOST
. -
ENHANCE Rewrite the policy parser to used
openpam_readlinev()
, which greatly simplifies the code. -
ENHANCE The previous implementation of the policy parser relied on the
openpam_readline(3)
function, which (by design) munges whitespace and understands neither quotes nor backslash escapes. As a result of the aforementioned rewrite, whitespace, quotes and backslash escapes in policy files are now handled in a consistent and predictable manner. -
ENHANCE On platforms that have it, use
fdlopen(3)
to load modules. This closes the race between the ownership / permission check and thedlopen(3)
call. -
ENHANCE Reduce the amount of pointless error messages generated while searching for a module.
-
ENHANCE Numerous documentation improvements, both in content and formatting.
-
BUGFIX A patch incorporated in Lycopsida inadvertantly changed OpenPAM's behavior when several policies exist for the same service, from ignoring all but the first to concatenating them all. Revert to the original behavior.
-
BUGFIX Plug a memory leak in the policy parser.