| #
024a2e8c |
| 30-Jun-2023 |
christos <christos@NetBSD.org> |
Import ximenia (last was tabebuia)
- BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
expect scripts.
- BUGFIX: In openpam_set_option(3), when removing an option, properly
decrem
Import ximenia (last was tabebuia)
- BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
expect scripts.
- BUGFIX: In openpam_set_option(3), when removing an option, properly
decrement the option count.
- BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
template.
show more ...
|
| #
77513ecf |
| 15-Dec-2019 |
christos <christos@NetBSD.org> |
OpenPAM Tabebuia 2019-02-24
- BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
OpenPAM Radula.
- ENHANCE: Add unit tests for p
OpenPAM Tabebuia 2019-02-24
- BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
OpenPAM Radula.
- ENHANCE: Add unit tests for pam_{get,put,set}env(3).
show more ...
|
| #
5ca12230 |
| 06-May-2017 |
christos <christos@NetBSD.org> |
OpenPAM Resedacea 2017-04-30
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMB
OpenPAM Resedacea 2017-04-30
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
dispatcher when the required service function could not be found.
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
NULL in API functions that have a NULL check.
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
PAM_BAD_CONSTANT error codes for situations where we previously
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
had been passed to an API function.
- ENHANCE: Improve the RETURN VALUES section in API man pages,
especially for functions that cannot fail, which were incorrectly
documented as returning -1 on failure.
============================================================================
OpenPAM Radula 2017-02-19
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
pam_get_user(3) from using application-provided custom prompts.
- BUGFIX: Plug a memory leak in pam_set_item(3).
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
- BUGFIX: In openpam_readword(3), support line continuations within
whitespace.
- ENHANCE: Add a feature flag to control fallback to "other" policy.
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
code specified in the module options.
- ENHANCE: More and better unit tests.
show more ...
|
| #
76e8c542 |
| 24-Oct-2014 |
christos <christos@NetBSD.org> |
OpenPAM Ourouparia 2014-09-12
- ENHANCE: When executing a chain, require at least one service
function to succeed. This mitigates fail-open scenario
OpenPAM Ourouparia 2014-09-12
- ENHANCE: When executing a chain, require at least one service
function to succeed. This mitigates fail-open scenarios caused by
misconfigurations or missing modules.
- ENHANCE: Make sure to overwrite buffers which may have contained an
authentication token when they're no longer needed.
- BUGFIX: Under certain circumstances, specifying a non-existent
module (or misspelling the name of a module) in a policy could
result in a fail-open scenario. (CVE-2014-3879)
- FEATURE: Add a search path for modules. This was implemented in
Nummularia but inadvertently left out of the release notes.
- BUGFIX: The is_upper() predicate only accepted the letter A as an
upper-case character instead of the entire A-Z range. As a result,
service and module names containing upper-case letters other than A
would be rejected.
show more ...
|
| #
0bbc3b9f |
| 27-Dec-2013 |
christos <christos@NetBSD.org> |
Import openpam-20130907
|
| #
23e44a77 |
| 06-Apr-2013 |
christos <christos@NetBSD.org> |
Import openpam-20120526
|
| #
44269bb5 |
| 25-Dec-2011 |
christos <christos@NetBSD.org> |
from sourceforge
ENHANCE: removed static build autodetection, which didn't work anyway.
Use an explicit, user-specified preprocessor variable instead.
ENHANCE: cleaned up the documentation a bit.
from sourceforge
ENHANCE: removed static build autodetection, which didn't work anyway.
Use an explicit, user-specified preprocessor variable instead.
ENHANCE: cleaned up the documentation a bit.
ENHANCE: added openpam_subst(3), allowing certain PAM items to be embedded
in strings such as prompts. Apply it to the prompts used by
pam_get_user(3) and pam_get_authtok(3).
ENHANCE: added support for the user_prompt, authtok_prompt and
oldauthtok_prompt module options, which override the prompts passed
by the module to pam_set_user(3) and pam_get_authtok(3).
ENHANCE: rewrote the policy parser to support quoted option values.
ENHANCE: added pamtest(1), a tool for testing modules and policies.
ENHANCE: added code to check the ownership and permissions of a module before
loading it.
ENHANCE: added / improved input validation in many cases, including the policy
file and some function arguments.
show more ...
|