summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_limits/pam_limits.c10
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.c24
-rw-r--r--modules/pam_unix/README2
-rw-r--r--modules/pam_unix/pam_unix_acct.c4
-rw-r--r--modules/pam_unix/support.h5
-rw-r--r--modules/pam_xauth/pam_xauth.c2
-rw-r--r--modules/pammodutil/modutil_getlogin.c3
-rw-r--r--modules/pammodutil/modutil_ioloop.c10
8 files changed, 35 insertions, 25 deletions
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 0d7f2185..536446bd 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -311,7 +311,7 @@ static void process_limit(int source, const char *lim_type,
int limit_item;
int limit_type = 0;
long limit_value;
- const char **endptr = &lim_value;
+ char *endptr;
const char *value_orig = lim_value;
if (ctrl & PAM_DEBUG_ARG)
@@ -367,14 +367,10 @@ static void process_limit(int source, const char *lim_type,
return;
}
- /*
- * there is a warning here because the library prototype for this
- * function is incorrect.
- */
- limit_value = strtol(lim_value, endptr, 10);
+ limit_value = strtol (lim_value, &endptr, 10);
/* special case value when limiting logins */
- if (limit_value == 0 && value_orig == *endptr) { /* no chars read */
+ if (limit_value == 0 && value_orig == endptr) { /* no chars read */
if (strcmp(lim_value,"-") != 0) {
_pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value);
return;
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index 342637c1..11180444 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -4,10 +4,10 @@
when the session begins. This allows users to be present in central
database (such as nis, kerb or ldap) without using a distributed
file system or pre-creating a large number of directories.
-
+
Here is a sample /etc/pam.d/login file for Debian GNU/Linux
2.1:
-
+
auth requisite pam_securetty.so
auth sufficient pam_ldap.so
auth required pam_pwdb.so
@@ -19,11 +19,11 @@
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_pwdb.so
session optional pam_lastlog.so
- password required pam_pwdb.so
-
+ password required pam_pwdb.so
+
Released under the GNU LGPL version 2 or later
Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999
- Structure taken from pam_lastlogin by Andrew Morgan
+ Structure taken from pam_lastlogin by Andrew Morgan
<morgan@parc.power.net> 1996
*/
@@ -51,6 +51,8 @@
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
+#include <security/_pam_modutil.h>
+
/* argument parsing */
#define MKHOMEDIR_DEBUG 020 /* keep quiet about things */
@@ -98,8 +100,8 @@ static int _pam_parse(int flags, int argc, const char **argv)
return ctrl;
}
-/* This common function is used to send a message to the applications
- conversion function. Our only use is to ask the application to print
+/* This common function is used to send a message to the applications
+ conversion function. Our only use is to ask the application to print
an informative message that we are creating a home directory */
static int converse(pam_handle_t * pamh, int ctrl, int nargs
,struct pam_message **message
@@ -191,7 +193,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl,
{
_log_err(LOG_DEBUG, "unable to create directory %s",dest);
return PAM_PERM_DENIED;
- }
+ }
if (chmod(dest,0777 & (~UMask)) != 0 ||
chown(dest,pwd->pw_uid,pwd->pw_gid) != 0)
{
@@ -214,7 +216,7 @@ static int create_homedir(pam_handle_t * pamh, int ctrl,
}
for (Dir = readdir(D); Dir != 0; Dir = readdir(D))
- {
+ {
int SrcFd;
int DestFd;
int Res;
@@ -344,7 +346,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc
const char *user;
const struct passwd *pwd;
struct stat St;
-
+
/* Parse the flag values */
ctrl = _pam_parse(flags, argc, argv);
@@ -373,7 +375,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc
}
/* Ignore */
-PAM_EXTERN
+PAM_EXTERN
int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc
,const char **argv)
{
diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index d6b1f395..afeee3da 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -31,5 +31,7 @@ The following options are recognized:
nis - use NIS RPC for setting new password
remember=X - remember X old passwords, they are kept in
/etc/security/opasswd in MD5 crypted form
+ broken_shadow - ignore errors reading shadow information for
+ users in the account management module
invalid arguments are logged to syslog.
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 178b6037..58ba93c1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -129,6 +129,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
}
if (!spent)
+ if (on(UNIX_BROKEN_SHADOW,ctrl))
+ return PAM_SUCCESS;
+
+ if (!spent)
return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
curdays = time(NULL) / (60 * 60 * 24);
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 3127e6b0..d9212c28 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -81,8 +81,10 @@ typedef struct {
#define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */
#define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */
#define UNIX_NOREAP 21 /* don't reap child process */
+#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging
+ * information during acct management */
/* -------------- */
-#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */
+#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
@@ -112,6 +114,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 58dd059a..1f1e65a3 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -33,7 +33,7 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ident "$Id$"
+/* "$Id$" */
#include "../../_pam_aconf.h"
#include <sys/types.h>
diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c
index 28616337..1bbb2450 100644
--- a/modules/pammodutil/modutil_getlogin.c
+++ b/modules/pammodutil/modutil_getlogin.c
@@ -17,7 +17,8 @@
const char *_pammodutil_getlogin(pam_handle_t *pamh)
{
int status;
- const char *logname, *curr_tty;
+ char *logname;
+ const char *curr_tty;
char *curr_user;
struct utmp *ut, line;
diff --git a/modules/pammodutil/modutil_ioloop.c b/modules/pammodutil/modutil_ioloop.c
index 4176b658..a852a7b8 100644
--- a/modules/pammodutil/modutil_ioloop.c
+++ b/modules/pammodutil/modutil_ioloop.c
@@ -8,10 +8,13 @@
#include <unistd.h>
#include <errno.h>
+#include <security/pam_modules.h>
+#include "include/security/_pam_modutil.h"
+
int _pammodutil_read(int fd, char *buffer, int count)
{
int block, offset = 0;
-
+
while (count > 0) {
block = read(fd, &buffer[offset], count);
@@ -31,7 +34,7 @@ int _pammodutil_read(int fd, char *buffer, int count)
int _pammodutil_write(int fd, const char *buffer, int count)
{
int block, offset = 0;
-
+
while (count > 0) {
block = write(fd, &buffer[offset], count);
@@ -44,7 +47,6 @@ int _pammodutil_write(int fd, const char *buffer, int count)
offset += block;
count -= block;
}
-
+
return offset;
}
-