Commit adf180b5 authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

Vendor import of OpenPAM Ourouparia.

parent 299a95c6
......@@ -15,6 +15,8 @@ directly or indirectly, with patches, criticism, suggestions, or
ideas:
Andrew Morgan <morgan@transmeta.com>
Ankita Pal <pal.ankita.ankita@gmail.com>
Baptiste Daroussin <bapt@freebsd.org>
Brian Fundakowski Feldman <green@freebsd.org>
Christos Zoulas <christos@netbsd.org>
Daniel Richard G. <skunk@iskunk.org>
......@@ -25,6 +27,7 @@ ideas:
Eric Melville <eric@freebsd.org>
Espen Grøndahl <espegro@usit.uio.no>
Gary Winiger <gary.winiger@sun.com>
Gavin Atkinson <gavin@freebsd.org>
Gleb Smirnoff <glebius@freebsd.org>
Hubert Feyrer <hubert@feyrer.de>
Jason Evans <jasone@freebsd.org>
......@@ -46,5 +49,3 @@ ideas:
Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Wojciech A. Koszek <wkoszek@freebsd.org>
Yar Tikhiy <yar@freebsd.org>
$Id: CREDITS 648 2013-03-05 17:54:27Z des $
OpenPAM Ourouparia 2014-09-12
- ENHANCE: When executing a chain, require at least one service
function to succeed. This mitigates fail-open scenarios caused by
misconfigurations or missing modules.
- ENHANCE: Make sure to overwrite buffers which may have contained an
authentication token when they're no longer needed.
- BUGFIX: Under certain circumstances, specifying a non-existent
module (or misspelling the name of a module) in a policy could
result in a fail-open scenario. (CVE-2014-3879)
- FEATURE: Add a search path for modules. This was implemented in
Nummularia but inadvertently left out of the release notes.
- BUGFIX: The is_upper() predicate only accepted the letter A as an
upper-case character instead of the entire A-Z range. As a result,
service and module names containing upper-case letters other than A
would be rejected.
============================================================================
OpenPAM Nummularia 2013-09-07
- ENHANCE: Rewrite the dynamic loader to improve readability and
......@@ -97,7 +118,7 @@ OpenPAM Lycopsida 2011-12-18
module before loading it.
- ENHANCE: added / improved input validation in many cases, including
the policy file and some function arguments.
the policy file and some function arguments. (CVE-2011-4122)
============================================================================
OpenPAM Hydrangea 2007-12-21
......@@ -427,5 +448,3 @@ Fixed a number of bugs in the previous release, including:
OpenPAM Calamite 2002-02-09
First (beta) release.
============================================================================
$Id: HISTORY 737 2013-09-07 12:53:55Z des $
......@@ -54,5 +54,3 @@
directory:
# make install
$Id: INSTALL 648 2013-03-05 17:54:27Z des $
......@@ -31,5 +31,3 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
$Id: LICENSE 648 2013-03-05 17:54:27Z des $
# $Id: Makefile.am 623 2013-02-25 07:24:51Z des $
# $Id: Makefile.am 816 2014-09-12 07:50:22Z des $
ACLOCAL_AMFLAGS = -I m4
......
......@@ -14,7 +14,7 @@
@SET_MAKE@
# $Id: Makefile.am 623 2013-02-25 07:24:51Z des $
# $Id: Makefile.am 816 2014-09-12 07:50:22Z des $
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
......@@ -84,13 +84,10 @@ subdir = .
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) \
$(srcdir)/config.h.in $(srcdir)/pamgdb.in $(srcdir)/mkpkgng.in \
INSTALL README TODO compile config.guess config.sub depcomp \
install-sh missing ltmain.sh
INSTALL README TODO compile config.guess config.sub install-sh \
missing ltmain.sh
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
......
......@@ -23,5 +23,3 @@ These are some of OpenPAM's features:
this will be made configurable in a future release.
Please direct bug reports and inquiries to <des@des.no>.
$Id: README 648 2013-03-05 17:54:27Z des $
Release notes for OpenPAM Nummularia
====================================
Release notes for OpenPAM Ourouparia
====================================
This release corresponds to the code used in FreeBSD HEAD as of the
release date, and is also expected to work on almost any POSIX-like
......@@ -20,5 +20,3 @@ The distribution consists of the following components:
- Unit tests for limited portions of the libraries.
Please direct bug reports and inquiries to <des@des.no>.
$Id: RELNOTES 741 2013-09-07 13:34:02Z des $
......@@ -13,5 +13,3 @@ Before the next release:
wrapper for) openpam_log() which respects the PAM_SILENT flag and
the no_warn module option. This would eliminate the need for
FreeBSD's _pam_verbose_error().
$Id: TODO 736 2013-09-07 12:52:42Z des $
This diff is collapsed.
#!/bin/sh
#
# $Id: autogen.sh 709 2013-08-18 14:47:20Z des $
# $Id: autogen.sh 815 2014-09-12 07:47:27Z des $
#
aclocal -I m4
libtoolize --copy --force
autoheader
automake -a -c --foreign
automake --add-missing --copy --foreign
autoconf
......@@ -84,10 +84,7 @@ host_triplet = @host@
subdir = bin
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
......
......@@ -85,10 +85,7 @@ subdir = bin/openpam_dump_policy
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
......
......@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: openpam_dump_policy.c 648 2013-03-05 17:54:27Z des $
* $Id: openpam_dump_policy.c 798 2014-06-10 21:28:14Z des $
*/
#ifdef HAVE_CONFIG_H
......@@ -64,7 +64,7 @@ openpam_facility_index_name(pam_facility_t fclt)
if (asprintf(&name, "PAM_%s", facility) == -1)
return (NULL);
for (p = name + 4; *p; ++p)
*p = toupper(*p);
*p = toupper((unsigned char)*p);
return (name);
}
......
......@@ -85,10 +85,7 @@ subdir = bin/pamtest
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp $(dist_man1_MANS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
......
......@@ -26,15 +26,15 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: pamtest.1 741 2013-09-07 13:34:02Z des $
.\" $Id: pamtest.1 816 2014-09-12 07:50:22Z des $
.\"
.Dd September 7, 2013
.Dd September 12, 2014
.Dt PAMTEST 1
.Os
.Sh NAME
.Nm pamtest
.Nd PAM policy tester
.Sh SYNOPSYS
.Sh SYNOPSIS
.Nm
.Op Fl dkMPsv
.Op Fl H Ar rhost
......
......@@ -85,10 +85,7 @@ subdir = bin/su
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/depcomp $(dist_man1_MANS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
......
......@@ -26,15 +26,15 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: su.1 741 2013-09-07 13:34:02Z des $
.\" $Id: su.1 816 2014-09-12 07:50:22Z des $
.\"
.Dd September 7, 2013
.Dd September 12, 2014
.Dt SU 1
.Os
.Sh NAME
.Nm su
.Nd switch user identity
.Sh SYNOPSYS
.Sh SYNOPSIS
.Nm
.Op Ar login Op Ar ...
.Sh DESCRIPTION
......
......@@ -60,6 +60,9 @@
/* Define to 1 if you have the `strlcpy' function. */
#undef HAVE_STRLCPY
/* Define to 1 if you have the `strlset' function. */
#undef HAVE_STRLSET
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
......
#! /bin/sh
# From configure.ac Id: configure.ac 741 2013-09-07 13:34:02Z des .
# From configure.ac Id: configure.ac 816 2014-09-12 07:50:22Z des .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for OpenPAM 20130907.
# Generated by GNU Autoconf 2.69 for OpenPAM 20140912.
#
# Report bugs to <des@des.no>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='OpenPAM'
PACKAGE_TARNAME='openpam'
PACKAGE_VERSION='20130907'
PACKAGE_STRING='OpenPAM 20130907'
PACKAGE_VERSION='20140912'
PACKAGE_STRING='OpenPAM 20140912'
PACKAGE_BUGREPORT='des@des.no'
PACKAGE_URL='http://www.openpam.org/'
......@@ -1335,7 +1335,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures OpenPAM 20130907 to adapt to many kinds of systems.
\`configure' configures OpenPAM 20140912 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1405,7 +1405,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of OpenPAM 20130907:";;
short | recursive ) echo "Configuration of OpenPAM 20140912:";;
esac
cat <<\_ACEOF
......@@ -1524,7 +1524,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
OpenPAM configure 20130907
OpenPAM configure 20140912
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -1893,7 +1893,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by OpenPAM $as_me 20130907, which was
It was created by OpenPAM $as_me 20140912, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -2758,7 +2758,7 @@ fi
# Define the identity of the package.
PACKAGE='openpam'
VERSION='20130907'
VERSION='20140912'
cat >>confdefs.h <<_ACEOF
......@@ -8454,10 +8454,6 @@ _lt_linker_boilerplate=`cat conftest.err`
$RM -r conftest*
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
## the running order or otherwise move them around unless you know exactly
## what you are doing...
if test -n "$compiler"; then
lt_prog_compiler_no_builtin_flag=
......@@ -12181,7 +12177,7 @@ _ACEOF
fi
done
for ac_func in strlcat strlcmp strlcpy
for ac_func in strlcat strlcmp strlcpy strlset
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
......@@ -12918,7 +12914,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by OpenPAM $as_me 20130907, which was
This file was extended by OpenPAM $as_me 20140912, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -12985,7 +12981,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
OpenPAM config.status 20130907
OpenPAM config.status 20140912
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment