Up to [cvs.NetBSD.org] / src / external / bsd / openpam / dist / doc / man
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
merge openpam ximenia
Import ximenia (last was tabebuia) - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with expect scripts. - BUGFIX: In openpam_set_option(3), when removing an option, properly decrement the option count. - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the template.
Merge changes from current as of 20200406
resolve conflicts
OpenPAM Tabebuia 2019-02-24 - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in OpenPAM Radula. - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
Sync with HEAD
merge conflicts
OpenPAM Resedacea 2017-04-30 - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in OpenPAM Radula, as it breaks common error-handling constructs. - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the dispatcher when the required service function could not be found. - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is NULL in API functions that have a NULL check. - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and PAM_BAD_CONSTANT error codes for situations where we previously incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant had been passed to an API function. - ENHANCE: Improve the RETURN VALUES section in API man pages, especially for functions that cannot fail, which were incorrectly documented as returning -1 on failure. ============================================================================ OpenPAM Radula 2017-02-19 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and pam_get_user(3) from using application-provided custom prompts. - BUGFIX: Plug a memory leak in pam_set_item(3). - BUGFIX: Plug a potential memory leak in openpam_readlinev(3). - BUGFIX: In openpam_readword(3), support line continuations within whitespace. - ENHANCE: Add a feature flag to control fallback to "other" policy. - ENHANCE: Add a pam_return(8) module which returns an arbitrary code specified in the module options. - ENHANCE: More and better unit tests.
Pull up following revision(s) (requested by christos in ticket #826): external/bsd/openpam/dist/CREDITS: up to 1.1.1.4 external/bsd/openpam/dist/HISTORY: up to 1.1.1.4 external/bsd/openpam/dist/INSTALL: up to 1.1.1.4 external/bsd/openpam/dist/LICENSE: up to 1.1.1.4 external/bsd/openpam/dist/Makefile.am: up to 1.1.1.4 external/bsd/openpam/dist/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/README: up to 1.1.1.4 external/bsd/openpam/dist/RELNOTES: up to 1.1.1.4 external/bsd/openpam/dist/TODO: up to 1.1.1.3 external/bsd/openpam/dist/aclocal.m4: up to 1.1.1.4 external/bsd/openpam/dist/autogen.sh: up to 1.1.1.4 external/bsd/openpam/dist/bin/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/bin/openpam_dump_policy/Makefile.in: up to 1.1.1.3 external/bsd/openpam/dist/bin/openpam_dump_policy/openpam_dump_policy.c: up to 1.1.1.3 external/bsd/openpam/dist/bin/pamtest/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/bin/pamtest/pamtest.1: up to 1.7 external/bsd/openpam/dist/bin/su/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/bin/su/su.1: up to 1.7 external/bsd/openpam/dist/config.h.in: up to 1.1.1.4 external/bsd/openpam/dist/configure: up to 1.1.1.4 external/bsd/openpam/dist/configure.ac: up to 1.1.1.4 external/bsd/openpam/dist/doc/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/doc/man/Makefile.in: up to 1.1.1.5 external/bsd/openpam/dist/doc/man/openpam.3: up to 1.9 external/bsd/openpam/dist/doc/man/openpam_borrow_cred.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_free_data.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_free_envlist.3: up to 1.7 external/bsd/openpam/dist/doc/man/openpam_get_feature.3: up to 1.5 external/bsd/openpam/dist/doc/man/openpam_get_option.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_log.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_nullconv.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_readline.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_readlinev.3: up to 1.5 external/bsd/openpam/dist/doc/man/openpam_readword.3: up to 1.5 external/bsd/openpam/dist/doc/man/openpam_restore_cred.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_set_feature.3: up to 1.5 external/bsd/openpam/dist/doc/man/openpam_set_option.3: up to 1.6 external/bsd/openpam/dist/doc/man/openpam_straddch.3: up to 1.5 external/bsd/openpam/dist/doc/man/openpam_subst.3: up to 1.7 external/bsd/openpam/dist/doc/man/openpam_ttyconv.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam.3: up to 1.9 external/bsd/openpam/dist/doc/man/pam.conf.5: up to 1.8 external/bsd/openpam/dist/doc/man/pam_acct_mgmt.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_authenticate.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_chauthtok.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_close_session.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_conv.3: up to 1.7 external/bsd/openpam/dist/doc/man/pam_end.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_error.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_get_authtok.3: up to 1.7 external/bsd/openpam/dist/doc/man/pam_get_data.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_get_item.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_get_user.3: up to 1.7 external/bsd/openpam/dist/doc/man/pam_getenv.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_getenvlist.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_info.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_open_session.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_prompt.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_putenv.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_set_data.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_set_item.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_setcred.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_setenv.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_acct_mgmt.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_authenticate.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_chauthtok.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_close_session.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_open_session.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_sm_setcred.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_start.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_strerror.3: up to 1.7 external/bsd/openpam/dist/doc/man/pam_verror.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_vinfo.3: up to 1.6 external/bsd/openpam/dist/doc/man/pam_vprompt.3: up to 1.6 external/bsd/openpam/dist/include/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/include/security/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/include/security/openpam_version.h: up to 1.5 external/bsd/openpam/dist/lib/Makefile.am: up to 1.1.1.5 external/bsd/openpam/dist/lib/Makefile.in: up to 1.1.1.5 external/bsd/openpam/dist/lib/libpam/Makefile.am: up to 1.1.1.1 external/bsd/openpam/dist/lib/libpam/Makefile.in: up to 1.1.1.1 external/bsd/openpam/dist/lib/libpam/openpam_asprintf.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_asprintf.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_borrow_cred.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_check_owner_perms.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_configure.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_constants.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_constants.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_cred.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_ctype.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_debug.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_dispatch.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_dlfunc.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_dynamic.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_features.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_features.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_findenv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_free_data.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_free_envlist.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_get_feature.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_get_option.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_impl.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_load.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_log.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_nullconv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_readline.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_readlinev.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_readword.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_restore_cred.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_set_feature.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_set_option.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_static.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_straddch.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlcat.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlcat.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlcmp.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlcpy.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlcpy.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlset.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_strlset.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_subst.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_ttyconv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_vasprintf.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/openpam_vasprintf.h: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_acct_mgmt.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_authenticate.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_authenticate_secondary.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_chauthtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_close_session.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_end.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_error.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_authtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_data.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_item.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_mapped_authtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_mapped_username.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_get_user.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_getenv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_getenvlist.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_info.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_open_session.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_prompt.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_putenv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_set_data.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_set_item.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_set_mapped_authtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_set_mapped_username.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_setcred.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_setenv.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_acct_mgmt.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_authenticate.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_authenticate_secondary.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_chauthtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_close_session.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_get_mapped_authtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_get_mapped_username.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_open_session.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_set_mapped_authtok.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_set_mapped_username.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_sm_setcred.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_start.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_strerror.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_verror.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_vinfo.c: up to 1.2 external/bsd/openpam/dist/lib/libpam/pam_vprompt.c: up to 1.2 external/bsd/openpam/dist/lib/openpam_asprintf.c delete external/bsd/openpam/dist/lib/openpam_asprintf.h delete external/bsd/openpam/dist/lib/openpam_borrow_cred.c delete external/bsd/openpam/dist/lib/openpam_check_owner_perms.c delete external/bsd/openpam/dist/lib/openpam_configure.c delete external/bsd/openpam/dist/lib/openpam_constants.c delete external/bsd/openpam/dist/lib/openpam_constants.h delete external/bsd/openpam/dist/lib/openpam_cred.h delete external/bsd/openpam/dist/lib/openpam_ctype.h delete external/bsd/openpam/dist/lib/openpam_debug.h delete external/bsd/openpam/dist/lib/openpam_dispatch.c delete external/bsd/openpam/dist/lib/openpam_dlfunc.h delete external/bsd/openpam/dist/lib/openpam_dynamic.c delete external/bsd/openpam/dist/lib/openpam_features.c delete external/bsd/openpam/dist/lib/openpam_features.h delete external/bsd/openpam/dist/lib/openpam_findenv.c delete external/bsd/openpam/dist/lib/openpam_free_data.c delete external/bsd/openpam/dist/lib/openpam_free_envlist.c delete external/bsd/openpam/dist/lib/openpam_get_feature.c delete external/bsd/openpam/dist/lib/openpam_get_option.c delete external/bsd/openpam/dist/lib/openpam_impl.h delete external/bsd/openpam/dist/lib/openpam_load.c delete external/bsd/openpam/dist/lib/openpam_log.c delete external/bsd/openpam/dist/lib/openpam_nullconv.c delete external/bsd/openpam/dist/lib/openpam_readline.c delete external/bsd/openpam/dist/lib/openpam_readlinev.c delete external/bsd/openpam/dist/lib/openpam_readword.c delete external/bsd/openpam/dist/lib/openpam_restore_cred.c delete external/bsd/openpam/dist/lib/openpam_set_feature.c delete external/bsd/openpam/dist/lib/openpam_set_option.c delete external/bsd/openpam/dist/lib/openpam_static.c delete external/bsd/openpam/dist/lib/openpam_straddch.c delete external/bsd/openpam/dist/lib/openpam_strlcat.c delete external/bsd/openpam/dist/lib/openpam_strlcat.h delete external/bsd/openpam/dist/lib/openpam_strlcmp.h delete external/bsd/openpam/dist/lib/openpam_strlcpy.c delete external/bsd/openpam/dist/lib/openpam_strlcpy.h delete external/bsd/openpam/dist/lib/openpam_subst.c delete external/bsd/openpam/dist/lib/openpam_ttyconv.c delete external/bsd/openpam/dist/lib/openpam_vasprintf.c delete external/bsd/openpam/dist/lib/openpam_vasprintf.h delete external/bsd/openpam/dist/lib/pam_acct_mgmt.c delete external/bsd/openpam/dist/lib/pam_authenticate.c delete external/bsd/openpam/dist/lib/pam_authenticate_secondary.c delete external/bsd/openpam/dist/lib/pam_chauthtok.c delete external/bsd/openpam/dist/lib/pam_close_session.c delete external/bsd/openpam/dist/lib/pam_end.c delete external/bsd/openpam/dist/lib/pam_error.c delete external/bsd/openpam/dist/lib/pam_get_authtok.c delete external/bsd/openpam/dist/lib/pam_get_data.c delete external/bsd/openpam/dist/lib/pam_get_item.c delete external/bsd/openpam/dist/lib/pam_get_mapped_authtok.c delete external/bsd/openpam/dist/lib/pam_get_mapped_username.c delete external/bsd/openpam/dist/lib/pam_get_user.c delete external/bsd/openpam/dist/lib/pam_getenv.c delete external/bsd/openpam/dist/lib/pam_getenvlist.c delete external/bsd/openpam/dist/lib/pam_info.c delete external/bsd/openpam/dist/lib/pam_open_session.c delete external/bsd/openpam/dist/lib/pam_prompt.c delete external/bsd/openpam/dist/lib/pam_putenv.c delete external/bsd/openpam/dist/lib/pam_set_data.c delete external/bsd/openpam/dist/lib/pam_set_item.c delete external/bsd/openpam/dist/lib/pam_set_mapped_authtok.c delete external/bsd/openpam/dist/lib/pam_set_mapped_username.c delete external/bsd/openpam/dist/lib/pam_setcred.c delete external/bsd/openpam/dist/lib/pam_setenv.c delete external/bsd/openpam/dist/lib/pam_sm_acct_mgmt.c delete external/bsd/openpam/dist/lib/pam_sm_authenticate.c delete external/bsd/openpam/dist/lib/pam_sm_authenticate_secondary.c delete external/bsd/openpam/dist/lib/pam_sm_chauthtok.c delete external/bsd/openpam/dist/lib/pam_sm_close_session.c delete external/bsd/openpam/dist/lib/pam_sm_get_mapped_authtok.c delete external/bsd/openpam/dist/lib/pam_sm_get_mapped_username.c delete external/bsd/openpam/dist/lib/pam_sm_open_session.c delete external/bsd/openpam/dist/lib/pam_sm_set_mapped_authtok.c delete external/bsd/openpam/dist/lib/pam_sm_set_mapped_username.c delete external/bsd/openpam/dist/lib/pam_sm_setcred.c delete external/bsd/openpam/dist/lib/pam_start.c delete external/bsd/openpam/dist/lib/pam_strerror.c delete external/bsd/openpam/dist/lib/pam_verror.c delete external/bsd/openpam/dist/lib/pam_vinfo.c delete external/bsd/openpam/dist/lib/pam_vprompt.c delete external/bsd/openpam/dist/ltmain.sh: up to 1.1.1.3 external/bsd/openpam/dist/m4/libtool.m4 delete external/bsd/openpam/dist/m4/ltoptions.m4 delete external/bsd/openpam/dist/m4/ltsugar.m4 delete external/bsd/openpam/dist/m4/ltversion.m4 delete external/bsd/openpam/dist/m4/lt~obsolete.m4 delete external/bsd/openpam/dist/mkpkgng.in: up to 1.1.1.2 external/bsd/openpam/dist/modules/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/modules/pam_deny/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/modules/pam_permit/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/modules/pam_unix/Makefile.in: up to 1.1.1.4 external/bsd/openpam/dist/pamgdb.in: up to 1.1.1.3 external/bsd/openpam/dist/t/Makefile.am: up to 1.1.1.3 external/bsd/openpam/dist/t/Makefile.in: up to 1.1.1.3 external/bsd/openpam/dist/t/t.h: up to 1.1.1.3 external/bsd/openpam/dist/t/t_file.c: up to 1.1.1.2 external/bsd/openpam/dist/t/t_main.c: up to 1.1.1.3 external/bsd/openpam/dist/t/t_openpam_ctype.c: up to 1.1.1.1 external/bsd/openpam/dist/t/t_openpam_readlinev.c: up to 1.2 external/bsd/openpam/dist/t/t_openpam_readword.c: up to 1.2 external/bsd/openpam/openpam2netbsd: up to 1.3 lib/libpam/libpam/Makefile: revision 1.17 OpenPAM Ourouparia 2014-09-12 - ENHANCE: When executing a chain, require at least one service function to succeed. This mitigates fail-open scenarios caused by misconfigurations or missing modules. - ENHANCE: Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed. - BUGFIX: Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario. (CVE-2014-3879) - FEATURE: Add a search path for modules. This was implemented in Nummularia but inadvertently left out of the release notes. - BUGFIX: The is_upper() predicate only accepted the letter A as an upper-case character instead of the entire A-Z range. As a result, service and module names containing upper-case letters other than A would be rejected. -- pam library has moved and new files
fix conflicts
merge conflicts
OpenPAM Ourouparia 2014-09-12 - ENHANCE: When executing a chain, require at least one service function to succeed. This mitigates fail-open scenarios caused by misconfigurations or missing modules. - ENHANCE: Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed. - BUGFIX: Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario. (CVE-2014-3879) - FEATURE: Add a search path for modules. This was implemented in Nummularia but inadvertently left out of the release notes. - BUGFIX: The is_upper() predicate only accepted the letter A as an upper-case character instead of the entire A-Z range. As a result, service and module names containing upper-case letters other than A would be rejected.
Rebase to HEAD as of a few days ago.
sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
merge conflicts
Import openpam-20130907
resync from head
merge conflicts
Import openpam-20120526
sync with head
file openpam_set_option.3 was added on branch yamt-pagecache on 2012-04-17 00:03:56 +0000
apply our changes.
from sourceforge ENHANCE: removed static build autodetection, which didn't work anyway. Use an explicit, user-specified preprocessor variable instead. ENHANCE: cleaned up the documentation a bit. ENHANCE: added openpam_subst(3), allowing certain PAM items to be embedded in strings such as prompts. Apply it to the prompts used by pam_get_user(3) and pam_get_authtok(3). ENHANCE: added support for the user_prompt, authtok_prompt and oldauthtok_prompt module options, which override the prompts passed by the module to pam_set_user(3) and pam_get_authtok(3). ENHANCE: rewrote the policy parser to support quoted option values. ENHANCE: added pamtest(1), a tool for testing modules and policies. ENHANCE: added code to check the ownership and permissions of a module before loading it. ENHANCE: added / improved input validation in many cases, including the policy file and some function arguments.
Initial revision