Relevant BUGIDs:

Purpose of commit: Commit summary: --------------- bugfix: Fix lot of compiler warnings new feature: add broken_shadow option to pam_unix (patch from Linux distributions)
author: Thorsten Kukuk <kukuk@thkukuk.de> 2004-09-24 09:18:21 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2004-09-24 09:18:21 +0000
commit: 128ded83a0d1d3b5a85b4c20a6c35d9481e23ce5 (patch)
tree: fdd298658b3808d85fe99fab062b911c9f2aeee6 /modules
parent: c485b54636a6d93bdc9c9d82051db97d7dd53c71 (diff)
8 files changed, 35 insertions, 25 deletions
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 0d7f2185..536446bd 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -311,7 +311,7 @@ static void process_limit(int source, const char *lim_type,
     int limit_item;
     int limit_type = 0;
     long limit_value;
-    const char **endptr = &lim_value;
+    char *endptr;
     const char *value_orig = lim_value;
 
     if (ctrl & PAM_DEBUG_ARG)
@@ -367,14 +367,10 @@ static void process_limit(int source, const char *lim_type,
         return;
     }
 
-    /*
-     * there is a warning here because the library prototype for this
-     * function is incorrect.
-     */
-    limit_value = strtol(lim_value, endptr, 10);
+    limit_value = strtol (lim_value, &endptr, 10);
 
     /* special case value when limiting logins */
-    if (limit_value == 0 && value_orig == *endptr) { /* no chars read */
+    if (limit_value == 0 && value_orig == endptr) { /* no chars read */
         if (strcmp(lim_value,"-") != 0) {
             _pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value);
             return;
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index 342637c1..11180444 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -4,10 +4,10 @@
    when the session begins. This allows users to be present in central
    database (such as nis, kerb or ldap) without using a distributed
    file system or pre-creating a large number of directories.
-   
+
    Here is a sample /etc/pam.d/login file for Debian GNU/Linux
    2.1:
-   
+
    auth       requisite  pam_securetty.so
    auth       sufficient pam_ldap.so
    auth       required   pam_pwdb.so
@@ -19,11 +19,11 @@
    session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
    session    required   pam_pwdb.so
    session    optional   pam_lastlog.so
-   password   required   pam_pwdb.so   
-   
+   password   required   pam_pwdb.so
+
    Released under the GNU LGPL version 2 or later
    Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999
-   Structure taken from pam_lastlogin by Andrew Morgan 
+   Structure taken from pam_lastlogin by Andrew Morgan
      <morgan@parc.power.net> 1996
  */
 
@@ -51,6 +51,8 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
+#include <security/_pam_modutil.h>
+
 
 /* argument parsing */
 #define MKHOMEDIR_DEBUG      020	/* keep quiet about things */
@@ -98,8 +100,8 @@ static int _pam_parse(int flags, int argc, const char **argv)
    return ctrl;
 }
 
-/* This common function is used to send a message to the applications 
-   conversion function. Our only use is to ask the application to print 
+/* This common function is used to send a message to the applications
+   conversion function. Our only use is to ask the application to print
    an informative message that we are creating a home directory */
 static int converse(pam_handle_t * pamh, int ctrl, int nargs
 		    ,struct pam_message **message
@@ -191,7 +193,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl,
    {
       _log_err(LOG_DEBUG, "unable to create directory %s",dest);
       return PAM_PERM_DENIED;
-   }   
+   }
    if (chmod(dest,0777 & (~UMask)) != 0 ||
        chown(dest,pwd->pw_uid,pwd->pw_gid) != 0)
    {
@@ -214,7 +216,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl,
    }
 
    for (Dir = readdir(D); Dir != 0; Dir = readdir(D))
-   {  
+   {
       int SrcFd;
       int DestFd;
       int Res;
@@ -344,7 +346,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc
    const char *user;
    const struct passwd *pwd;
    struct stat St;
-      
+
    /* Parse the flag values */
    ctrl = _pam_parse(flags, argc, argv);
 
@@ -373,7 +375,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc
 }
 
 /* Ignore */
-PAM_EXTERN 
+PAM_EXTERN
 int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc
 			 ,const char **argv)
 {
diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index d6b1f395..afeee3da 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -31,5 +31,7 @@ The following options are recognized:
 	nis		-	use NIS RPC for setting new password
 	remember=X	-	remember X old passwords, they are kept in
 				/etc/security/opasswd in MD5 crypted form
+	broken_shadow	-	ignore errors reading shadow information for
+				users in the account management module
 
 	invalid arguments are logged to syslog.
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 178b6037..58ba93c1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -129,6 +129,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 	}
 
 	if (!spent)
+		if (on(UNIX_BROKEN_SHADOW,ctrl))
+			return PAM_SUCCESS;
+
+	if (!spent)
 		return PAM_AUTHINFO_UNAVAIL;	/* Couldn't get username from shadow */
 
 	curdays = time(NULL) / (60 * 60 * 24);
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 3127e6b0..d9212c28 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -81,8 +81,10 @@ typedef struct {
 #define UNIX_LIKE_AUTH           19	/* need to auth for setcred to work */
 #define UNIX_REMEMBER_PASSWD     20	/* Remember N previous passwords */
 #define UNIX_NOREAP              21     /* don't reap child process */
+#define UNIX_BROKEN_SHADOW       22     /* ignore errors reading password aging
+					 * information during acct management */
 /* -------------- */
-#define UNIX_CTRLS_              22	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              23	/* number of ctrl arguments defined */
 
 
 static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
@@ -112,6 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_LIKE_AUTH */       {"likeauth",        _ALL_ON_,            01000000},
 /* UNIX_REMEMBER_PASSWD */ {"remember=",       _ALL_ON_,            02000000},
 /* UNIX_NOREAP */          {"noreap",          _ALL_ON_,            04000000},
+/* UNIX_BROKEN_SHADOW */   {"broken_shadow",   _ALL_ON_,           010000000},
 };
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 58dd059a..1f1e65a3 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -33,7 +33,7 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ident "$Id$"
+/* "$Id$" */
 
 #include "../../_pam_aconf.h"
 #include <sys/types.h>
diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c
index 28616337..1bbb2450 100644
--- a/modules/pammodutil/modutil_getlogin.c
+++ b/modules/pammodutil/modutil_getlogin.c
@@ -17,7 +17,8 @@
 const char *_pammodutil_getlogin(pam_handle_t *pamh)
 {
     int status;
-    const char *logname, *curr_tty;
+    char *logname;
+    const char *curr_tty;
     char *curr_user;
     struct utmp *ut, line;
 
diff --git a/modules/pammodutil/modutil_ioloop.c b/modules/pammodutil/modutil_ioloop.c
index 4176b658..a852a7b8 100644
--- a/modules/pammodutil/modutil_ioloop.c
+++ b/modules/pammodutil/modutil_ioloop.c
@@ -8,10 +8,13 @@
 #include <unistd.h>
 #include <errno.h>
 
+#include <security/pam_modules.h>
+#include "include/security/_pam_modutil.h"
+
 int _pammodutil_read(int fd, char *buffer, int count)
 {
        int block, offset = 0;
- 
+
        while (count > 0) {
                block = read(fd, &buffer[offset], count);
 
@@ -31,7 +34,7 @@ int _pammodutil_read(int fd, char *buffer, int count)
 int _pammodutil_write(int fd, const char *buffer, int count)
 {
        int block, offset = 0;
-                                                                                
+
        while (count > 0) {
                block = write(fd, &buffer[offset], count);
 
@@ -44,7 +47,6 @@ int _pammodutil_write(int fd, const char *buffer, int count)
                offset += block;
                count -= block;
        }
-                                                                                
+
        return offset;
 }
-
author	Thorsten Kukuk <kukuk@thkukuk.de>	2004-09-24 09:18:21 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2004-09-24 09:18:21 +0000
commit	128ded83a0d1d3b5a85b4c20a6c35d9481e23ce5 (patch)
tree	fdd298658b3808d85fe99fab062b911c9f2aeee6 /modules
parent	c485b54636a6d93bdc9c9d82051db97d7dd53c71 (diff)