| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
replacement, pam_passwdqc, is packaged separately.
|
| |
|
|
| |
in favor of pam_faillock. Closes: #569746, LP: #772121.
|
| | |
|
| |
|
|
| |
a deprecated alias for nullok.
|
| | |
|
| |
|
|
| |
#674857, #936071.
|
| | |
|
| | |
|
| |\ |
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
* maint/README-release: New file.
|
| | | |
| | |
| | |
| | | |
* maint/gen-tag-message: New script for preparing tag message.
|
| | | |
| | |
| | |
| | | |
* maint/make-dist: New script for preparing release tarballs.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Matthias Gerstner found the following issue:
<quote>
So this pam_setquota module iterates over all mounted file systems using
`setmntent()` and `getmntent()`. It tries to find the longest match of
a file system mounted on /home/$USER or above (except when the
fs=/some/path parameter is passed to the pam module).
The thing is that /home/$USER is owned by the unprivileged user. And
there exist tools like fusermount from libfuse which is by default
installed setuid-root for everybody. fusermount allows to mount a FUSE
file system using an arbitrary "source device name" as the unprivileged
user.
Thus considering the following use case:
1) there is only the root file system (/) or a file system is mounted on
/home, but not on /home/$USER.
2) the attacker mounts a fake FUSE file system over its own home directory:
```
user $ export _FUSE_COMMFD=0
user $ fusermount $HOME -ononempty,fsname=/dev/sda1
```
This will result in a mount entry in /proc/mounts looking like this:
```
/dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
```
3) when the attacker now logs in with pam_setquota configured then
pam_setquota will identify /dev/sda1 and the file system where
to apply the user's quota on.
As a result an unprivileged user has full control over onto which block
device the quota is applied.
</quote>
If the user's $HOME is on a separate partition, setting a quota on the
user's $HOME does not really make sense, so this patch skips mountpoints
equal to the user's $HOME, preventing the above mentioned bug as
a side-effect (or vice-versa).
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Co-authored-by: Tomáš Mráz <tmraz@redhat.com>
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves: https://github.com/linux-pam/linux-pam/pull/230
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pam_debug used to invoke pam_get_user and set PAM_USER to "nobody" when
pam_get_user returns an empty string as the user name. When either of
these functions returned an error value, it used to return that error
value. This hasn't been documented, and I couldn't find any rationale
for this behaviour.
* modules/pam_debug/pam_debug.c (pam_sm_authenticate): Do not invoke
pam_get_user and pam_set_item.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently translated at 100.0% (122 of 122 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_TW/
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_ERR to LOG_NOTICE.
* modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade
the syslog level for diagnostics of errors returned by
pam_modutil_getpwnam for users returned by pam_get_user
from LOG_WARNING to LOG_NOTICE.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade
the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise.
* modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise.
* modules/pam_group/pam_group.c (pam_sm_setcred): Likewise.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_nologin/pam_nologin.c (perform_check): Likewise.
* modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise.
* modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise.
* modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise.
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules/pam_userdb/pam_userdb.c (pam_sm_authenticate,
pam_sm_acct_mgmt): Likewise.
* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise.
* modules/pam_xauth/pam_xauth.c (pam_sm_open_session,
pam_sm_close_session): Likewise.
* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
Downgrade the syslog level for pam_get_user errors from LOG_WARNING
to LOG_NOTICE.
* modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_localuser/tst-pam_localuser-retval.c: New file.
* modules/pam_localuser/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_localuser_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_localuser/pam_localuser.c (check_user_in_passwd): New
function.
(pam_sm_authenticate): Use it.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Downgrade
the syslog level for errors related to pam_get_user from LOG_ERR to
LOG_NOTICE.
Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also, remove unused MODULE_NAME macro.
* modules/pam_localuser/pam_localuser.c: Stop including unused header
files.
(MODULE_NAME): Remove.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Starting with commit c2c601f5340a59c5c62193d55b555d384380ea38,
pam_get_user is guaranteed to return one of the following values:
PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not
replace non-PAM_CONV_AGAIN error values returned by pam_get_user with
PAM_SERVICE_ERR.
* modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document
new return values.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Give the application a chance to handle PAM_INCOMPLETE.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_INCOMPLETE instead of PAM_SERVICE_ERR when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document
it.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since user name is untrusted input, it should be validated earlier
rather than later.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Open
the passwd file after user name validation.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As BUFSIZ is the buffer size used in stdio, it must be an efficient size
for the line buffer. Also, it's larger than LINE_MAX used as the line
buffer size before this change, effectively raising the maximum user
name length supported by this module.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Replace
LINE_MAX with BUFSIZ.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Before this change, a long line in the passwd file used to be treated as
several lines which could potentially result to false match and,
consequently, to incorrect PAM_SUCCESS return value.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Handle
long lines in passwd files properly.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not
copy the user name into a temporary buffer, use the user name itself in
comparisons.
|
| | | |
| | |
| | |
| | |
| | | |
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Log
unrecognized options.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When passwd file cannot be opened or the user name either cannot be
obtained or is not valid, return PAM_SERVICE_ERR instead of
PAM_SYSTEM_ERR.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_SERVICE_ERR instead of PAM_SYSTEM_ERR.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Too long user names used to be truncated which could potentially result
to false match and, consequently, to incorrect PAM_SUCCESS return value.
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_SERVICE_ERR if the user name is too long.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
"root:x" is not a local user name even if the passwd file contains
a line starting with "root:x:".
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_PERM_DENIED if the user name contains a colon.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: New file.
* modules/pam_mkhomedir/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_mkhomedir_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_faildelay/tst-pam_faildelay-retval.c: New file.
* modules/pam_faildelay/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_faildelay_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_rootok/tst-pam_rootok-retval.c: New file.
* modules/pam_rootok/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_rootok_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_nologin/tst-pam_nologin-retval.c: New file.
* modules/pam_nologin/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_nologin_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_echo/tst-pam_echo-retval.c: New file.
* modules/pam_echo/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_echo_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_warn/tst-pam_warn-retval.c: New file.
* modules/pam_warn/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_warn_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_debug/tst-pam_debug-retval.c: New file.
* modules/pam_debug/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_debug_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_permit/tst-pam_permit-retval.c: New file.
* modules/pam_permit/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_permit_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_deny/tst-pam_deny-retval.c: New file.
* modules/pam_deny/Makefile.am (TESTS): Add $(check_PROGRAMS).
(check_PROGRAMS, tst_pam_deny_retval_LDADD): New variables.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduce a new internal header file for definitions of handy macros
providing convenient assertion testing functionality.
* libpam/include/test_assert.h: New file.
* libpam/Makefile.am (noinst_HEADERS): Add include/test_assert.h.
|
