diff options
author | Steve Langasek <steve.langasek@canonical.com> | 2022-08-16 22:06:15 -0700 |
---|---|---|
committer | Steve Langasek <steve.langasek@canonical.com> | 2022-08-16 22:06:15 -0700 |
commit | 99d0d1c5c4f07332daa86e73981267a761bc966e (patch) | |
tree | a56fe41110023676d7082028cbaa47ca4b6e6164 /modules/pam_localuser | |
parent | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff) | |
parent | 40f7d85f3736d058c26de1dafa4fed46de7d75ef (diff) |
New upstream version 1.5.2
Diffstat (limited to 'modules/pam_localuser')
-rw-r--r-- | modules/pam_localuser/Makefile.in | 34 | ||||
-rw-r--r-- | modules/pam_localuser/pam_localuser.8 | 4 | ||||
-rw-r--r-- | modules/pam_localuser/pam_localuser.c | 86 |
3 files changed, 23 insertions, 101 deletions
diff --git a/modules/pam_localuser/Makefile.in b/modules/pam_localuser/Makefile.in index 81aa2789..9f1526f2 100644 --- a/modules/pam_localuser/Makefile.in +++ b/modules/pam_localuser/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -97,18 +97,21 @@ host_triplet = @host@ check_PROGRAMS = tst-pam_localuser-retval$(EXEEXT) subdir = modules/pam_localuser ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ @@ -379,6 +382,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -423,6 +427,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -436,6 +443,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ @@ -455,7 +464,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -502,8 +510,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -514,6 +520,7 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_HMAC = @STRINGPARAM_HMAC@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ @@ -563,7 +570,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -571,9 +577,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -583,6 +586,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -933,7 +937,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 index 65e49990..724ab543 100644 --- a/modules/pam_localuser/pam_localuser.8 +++ b/modules/pam_localuser/pam_localuser.8 @@ -2,12 +2,12 @@ .\" Title: pam_localuser .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Date: 09/03/2021 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_LOCALUSER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_LOCALUSER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index cb507524..a9f2233c 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -45,92 +45,10 @@ #include <unistd.h> #include <security/pam_modules.h> +#include <security/pam_modutil.h> #include <security/pam_ext.h> #include "pam_inline.h" -static int -check_user_in_passwd(pam_handle_t *pamh, const char *user_name, - const char *file_name) -{ - int rc; - size_t user_len; - FILE *fp; - char line[BUFSIZ]; - - /* Validate the user name. */ - if ((user_len = strlen(user_name)) == 0) { - pam_syslog(pamh, LOG_NOTICE, "user name is not valid"); - return PAM_SERVICE_ERR; - } - - if (user_len > sizeof(line) - sizeof(":")) { - pam_syslog(pamh, LOG_NOTICE, "user name is too long"); - return PAM_SERVICE_ERR; - } - - if (strchr(user_name, ':') != NULL) { - /* - * "root:x" is not a local user name even if the passwd file - * contains a line starting with "root:x:". - */ - return PAM_PERM_DENIED; - } - - /* Open the passwd file. */ - if (file_name == NULL) { - file_name = "/etc/passwd"; - } - if ((fp = fopen(file_name, "r")) == NULL) { - pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name); - return PAM_SERVICE_ERR; - } - - /* - * Scan the file using fgets() instead of fgetpwent_r() because - * the latter is not flexible enough in handling long lines - * in passwd files. - */ - rc = PAM_PERM_DENIED; - while (fgets(line, sizeof(line), fp) != NULL) { - size_t line_len; - const char *str; - - /* - * Does this line start with the user name - * followed by a colon? - */ - if (strncmp(user_name, line, user_len) == 0 && - line[user_len] == ':') { - rc = PAM_SUCCESS; - break; - } - /* Has a newline been read? */ - line_len = strlen(line); - if (line_len < sizeof(line) - 1 || - line[line_len - 1] == '\n') { - /* Yes, continue with the next line. */ - continue; - } - - /* No, read till the end of this line first. */ - while ((str = fgets(line, sizeof(line), fp)) != NULL) { - line_len = strlen(line); - if (line_len == 0 || - line[line_len - 1] == '\n') { - break; - } - } - if (str == NULL) { - /* fgets returned NULL, we are done. */ - break; - } - /* Continue with the next line. */ - } - - fclose(fp); - return rc; -} - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) @@ -173,7 +91,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, return rc == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rc; } - return check_user_in_passwd(pamh, user_name, file_name); + return pam_modutil_check_user_in_passwd(pamh, user_name, file_name); } int |