summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* pam_unix: add nullresetok option to allow reset blank passwordsPavel Březina2020-02-18
| | | | | | | | | | Adding nullresetok to auth phase of pam_unix module will allow users with blank password to authenticate in order to immediatelly change their password even if nullok is not set. This allows to have blank password authentication disabled but still allows administrator to create new user accounts with expired blank password that must be change on the first login.
* pam_succeed_if: Add list support for group membership checksSerghei Anicheev2020-02-18
| | | | | | | | | | | | | Examples: account requisite pam_succeed_if.so user ingroup group1:group2 OR account requisite pam_succeed_if.so user notingroup group1:group2 OR account requisite pam_succeed_if.so user ingroup wheel OR account requisite pam_succeed_if.so user notingroup wheel Can be very convenient to grant access based on complex group memberships (LDAP, etc)
* Remove redundant header file inclusionMIZUTA Takeshi2020-02-18
| | | | | There are some source code including the same header file redundantly. We remove these redundant header file inclusion.
* pam_tally[2]: Updating man pages to indicate account leakage without silentedneville2020-01-29
| | | | | * modules/pam_tally/pam_tally.8.xml: Mention account leakage without silent * modules/pam_tally2/pam_tally2.8.xml: Mention account leakage without silent
* pam_keyinit.8: add missing commaJakub Wilk2020-01-29
|
* pam_usertype: new module to tell if uid is in login.defs rangesPavel Březina2020-01-28
| | | | | | | | | | | | | | This module will check if the user account type is system or regular based on its uid. To evaluate the condition it will use 0-99 reserved range together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`. If these values are not set, it uses configure-time defaults `--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page `SYS_UID_MAX` defaults to `UID_MIN - 1`. This information can be used to skip specific module in pam stack based on the account type. `pam_succeed_if uid < 1000` is used at the moment however it does not reflect changes to `login.defs`.
* configure.ac: add --enable-doc optionFabrice Fontaine2020-01-27
| | | | | | | | Allow the user to disable documentation through --disable-doc (enabled by default), this is especially useful when cross-compiling for embedded targets Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* Fix remaining -Wcast-qual compilation warningsDmitry V. Levin2020-01-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new internal header file with definitions of DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros, use them to temporary silence -Wcast-qual compilation warnings in various modules. * libpam/include/pam_cc_compat.h: New file. * libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h. * modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h". (create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h". (pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h". (nl_send): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h". (_unix_run_verify_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h". (_unix_run_update_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/passverify.c: Include "pam_cc_compat.h". (unix_update_shadow): Wrap the cast that discards ‘const’ qualifier in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_unix/support.c: Include "pam_cc_compat.h". (_unix_run_helper_binary): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL. * modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h". (run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* _pam_mkargv: add const qualifier to the first argumentDmitry V. Levin2020-01-20
| | | | | | | | | | | | | | | Also fix the following compilation warning: tests/tst-pam_mkargv.c:21:22: warning: initialization discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] char *argvstring = "user = XENDT\\userα user=XENDT\\user1"; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * libpam/pam_misc.c (_pam_mkargv): Add const qualifier to the first argument. * libpam/pam_private.h (_pam_mkargv): Likewise. * tests/tst-pam_mkargv.c (main): Convert argvstring from a pointer into a static const string, make argvresult array static const.
* Fix miscellaneous const issuesTomas Mraz2020-01-20
| | | | | | | | | | * libpam/pam_modutil_searchkey.c: Avoid assigning empty string literal to non-const char *. * modules/pam_filter/pam_filter.c: Avoid using const char **. * modules/pam_mkhomedir/pam_mkhomedir.c: Properly cast out const for execve(). * modules/pam_namespace/pam_namespace.c: Properly cast out const from pam data. * modules/pam_tally2/pam_tally2.c: String literal must be assigned to const char *.
* pam_unix: Return NULL instead of calling crypt_md5_wrapper().Björn Esser2020-01-17
| | | | | | | | | | | | | | | | | If the call to the crypt(3) function failed for some reason during hashing a new login passphrase, the wrapper function for computing a hash with the md5crypt method was called internally by the pam_unix module in previous versions of linux-pam. With CVE-2012-3287 in mind, the md5crypt method is not considered to be a safe nor recommended hashing method for a new login passphrase since at least 2012. Thus pam_unix should error out in case of a failure in crypt(3) instead of silently computing a hashed passphrase using a potentially unsafe method. * modules/pam_unix/pam_unix.8.xml: Update documentation. * modules/pam_unix/passverify.c (create_password_hash): Return NULL on error instead of silently invoke crypt_md5_wrapper().
* Changed variable salt to hashHulto2020-01-15
| | | helper_verify_password's variable salt is not just the salt but the whole hash. Renamed for clarity and conformity with the rest of the code.
* Add two missing va_end() callsJosef Moellers2020-01-15
| | | | | According to the man pages, "Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function."
* Further grammar fixesSteve Langasek2020-01-15
| | | | | | Signed-off-by: Russ Allbery <rra@debian.org> Bug-Debian: https://bugs.debian.org/651560
* Miscellaneous spelling fixesSteve Langasek2020-01-15
|
* Miscellaneous grammar fixesSteve Langasek2020-01-15
|
* pam_umask: document the 'nousergroups' optionAndreas Henriksson2020-01-10
| | | | | Add a short description of the nousergroups to the pam_umask(8) man-page.
* pam_umask: add new 'nousergroups' module argumentAndreas Henriksson2020-01-10
| | | | | | | | | | This is particularly useful when pam has been built with the new --enable-usergroups configure switch, allowing users to override the default-enabled state and disabling usergroups at runtime. This is synonymous but opposite to current and previous pam_umask default that could be changed to enabled at runtime with the usergroups argument.
* pam_umask: build-time usergroups option defaultAndreas Henriksson2020-01-10
| | | | | | | | | | This change adds a configure option to set the default value of the usergroups option (of the pam_umask module) at build-time. Distributions usually makes the decision if usergroups should be used or not. This allows them to control the built-in default value, without having to ship the value in a config file (cluttering up the view of actually relevant user/system configuration overrides).
* pam_access: Fix (IPv6) address prefix size matchingmsalle2020-01-02
| | | | | | | IPv6 address prefix sizes larger than 128 (i.e. not larger or equal to) should be discarded. Additionally, for IPv4 addresses, the largest valid prefix size should be 32. Fixes #161
* Do not use CFLAGS for warning flags set from configureTomas Mraz2019-12-18
| | | | | | | | To be able to set CFLAGS from make command-line but not to lose the warning flags. * configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS. * */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
* Return only PAM_IGNORE or error from pam_motdBalint Reczey2019-12-17
| | | | | Follow-up for c81280b16e1831ab0bdd0383486c7e2d1eaf1b5e. * modules/pam_motd/pam_motd.c: Return PAM_IGNORE if pam_putenv succeeds. * modules/pam_motd/pam_motd.8.xml: Document additional possible return values of the module.
* Add initial Travis CI supportDmitry V. Levin2019-12-16
| | | | | | | | | | | This runs "make distcheck" using gcc-9, gcc-8, gcc-7, and clang on x86_64, x86, x32, aarch64, s390x, and ppc64le architectures. * .travis.yml: New file. * ci/install-dependencies.sh: Likewise. * ci/run-build-and-tests.sh: Likewise. Resolves: https://github.com/linux-pam/linux-pam/issues/28
* pam_pwhistory: fix build when -lxcrypt is not availableDmitry V. Levin2019-12-16
| | | | | | | | | | | When xcrypt.h is available but -lxcrypt is not, pam_pwhistory fails to build with the following diagnostics: modules/pam_pwhistory/opasswd.c:111: undefined reference to `xcrypt_r' Fix this by using the same check for xcrypt as in other modules. * modules/pam_pwhistory/opasswd.c: Replace HAVE_XCRYPT_H with HAVE_LIBXCRYPT.
* Fix or suppress various warnings when compiling with -Wall -WextraTomas Mraz2019-12-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS. * doc/specs/Makefile.am: Likewise. * libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL. * modules/pam_access/pam_access.c: Avoid double const. * modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy() without copying the NUL byte. * modules/pam_group/pam_group.c: Mark switch fallthrough with comment. * modules/pam_time/pam_time.c: Likewise. * modules/pam_limits/pam_limits.c: Remove unused units variable. * modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers. * modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter. * modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead of hardcoded value. * modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing. * modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters. * modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly cast for comparison. * modules/pam_unix/support.c: Remove unused function.
* pam_motd: Export MOTD_SHOWN=pam after showing MOTDBalint Reczey2019-12-04
| | | | | | | | | | | This is a useful indication for update-motd profile.d snippet which can also try to show MOTD when it is not already shown. The use-case for that is showing MOTD in shells in containers without PAM being involved. * modules/pam_motd/pam_motd.c: Export MOTD_SHOWN=pam after showing MOTD * modules/pam_motd/pam_motd.8.xml: Mention setting MOTD_SHOWN=pam in the man page
* Adds an auth module to pam_keyinit (#150)ppkarwasz2019-11-28
| | | | | | | | | | | | | | Adds an auth module to pam_keyinit, whose implementation of pam_sm_setcred is identical to the implementation of pam_sm_open_session. It is useful with PAM applications, which call pam_setcred, before calling pam_open_session. * modules/pam_keyinit/pam_keyinit.c: Add an auth module to pam_keyinit. * modules/pam_keyinit/pam_keyinit.8.xml: Update the manpage to describe the new functionality.
* Lower "bad username" log priority (#154)Sophie Herold2019-11-28
| | | | | * modules/pam_unix/pam_unix_auth.c: Use LOG_NOTICE instead of LOG_ERR. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise.
* pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mountsTomas Mraz2019-11-04
| | | | | | | | | | * modules/pam_namespace/namespace.conf.5.xml: Add documentation for the noexec, nosuid, and nodev flags support. * modules/pam_namespace/pam_namespace.c (filter_mntopts): New function to filter out the flags. (parse_method): Call the function. (ns_setup): Apply the flags to the tmpfs mount. * modules/pam_namespace/pam_namespace.h: Add mount_flags to polydir_s struct.
* Optimize the checkgrouplist functionTomas Mraz2019-11-04
| | | | | | | | There is no point in rising the allocation size by doubling when we can allocate required memory size at once in the second pass. * libpam/pam_modutil_ingroup.c (checkgrouplist): Allocate some reasonable default size in first pass and required size in the second pass.
* doc: fix module type written in MODULE TYPES PROVIDEDMIZUTA Takeshi2019-10-15
|
* pam_unix: Add logging useful for debugging problemsTomas Mraz2019-10-14
| | | | | | | | | | | | | | | | Two messages added about obtaining the username are guarded by the debug option as these should not be normally logged - they can be useful for debugging but they do not indicate any special condition. The message about authenticating user with blank password is still just LOG_DEBUG priority but it is logged unconditionally because it is somewhat extraordinary condition to have an user with blank password. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace D() macro calls which are not enabled on production builds with regular pam_syslog() calls.
* pam_unix: Fix the spelling of Jan Rękorajski's name.Tomas Mraz2019-10-10
|
* doc: fix typo in manpageMIZUTA Takeshi2019-10-08
|
* pam_mkhomedir: Add debug option to pam_mkhomedir(8) man pageMIZUTA Takeshi2019-10-03
|
* Fixed missing quotes in configure scriptMarek Černocký2019-09-23
|
* Add support for a vendor directory and libeconf (#136)Thorsten Kukuk2019-09-16
| | | | | | | | | | With this, it is possible for Linux distributors to store their supplied default configuration files somewhere below /usr, while /etc only contains the changes made by the user. The new option --enable-vendordir defines where Linux-PAM should additional look for pam.d/*, login.defs and securetty if this files are not in /etc. libeconf is a key/value configuration file reading library, which handles the split of configuration files in different locations and merges them transparently for the application.
* pam_lastlog: document the 'unlimited' optionCarlos Santos2019-09-12
| | | | Signed-off-by: Carlos Santos <casantos@redhat.com>
* pam_lastlog: prevent crash due to reduced 'fsize' limitCarlos Santos2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It a reduced fsize limit is set in /etc/security/limits.conf and pam_limits is in use pam_lastlog may cause a crash, e.g. ----- begin /etc/pam.d/su ---- auth sufficient pam_rootok.so auth required pam_wheel.so use_uid auth required pam_env.so auth required pam_unix.so nullok account required pam_unix.so password required pam_unix.so nullok session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_lastlog.so ----- end /etc/pam.d/su ----- ----- begin /etc/security/limits.d/fsize.conf ----- * soft fsize 1710 * hard fsize 1710 ----- end /etc/security/limits.d/fsize.conf ----- # id user1 uid=1000(user1) gid=1000(user1) groups=1000(user1) # su - user1 Last login: Wed Sep 11 01:52:44 UTC 2019 on console $ exit # id user2 uid=60000(user2) gid=60000(user2) groups=60000(user2) # su - user2 File size limit exceeded This happens because pam_limits sets RLIMIT_FSIZE before pam_lastlog attempts to write /var/log/lastlog, leading to a SIGXFSZ signal. In order to fix this, and an 'unlimited' option, which leads to saving the 'fsize' limit and set it to unlimited before writing lastlog. After that, restore the saved value. If 'fsize' is already unlimited nothing is done. Failing to set the 'fsize' limit is not a fatal error. With luck the configured limit will suffice, so we try to write lastlog anyway, even under the risk of dying due to a SIGXFSZ. Failing to restore the 'fsize' limit is a fatal error, since we don't want to keep it unlimited. Signed-off-by: Carlos Santos <casantos@redhat.com>
* pam_unix_sess.c add uid for opening sessioned2019-09-11
| | | | | | This adds the UID of the target user to the session open log. Also fixing tabulation in pam_unix_sess.c.
* Fix the man page for "pam_fail_delay()"lifecrisis2019-09-09
| | | | | | | | | | | This man page contained the incorrect statement that setting the PAM_FAIL_DELAY item to NULL would disable any form of delay on authentication failure. I removed the incorrect statement and added a paragraph explaining how an application should properly avoid delays. Closes #137.
* Fix a typolifecrisis2019-09-06
| | | | There is an extra space where there should not be one.
* Update a function commentlifecrisis2019-09-06
| | | | | | | The function comment for "_pam_await_timer()" does not mention the intended behavior of prioritizing the "PAM_FAIL_DELAY" item. I updated the comment to make this intention clear.
* pwhistory: fix read of uninitialized data and memory leak when modifying opasswdMatt Cowell2019-09-02
| | | | | | | | | | | | | | | | | | | The glibc implementation of getline/getdelim does not guarantee a NUL terminator in lineptr if getline returns failure (-1). This occurs when the opasswd file exists but is empty. Since strdup is called immediately afterwards, this causes strdup to read uninitialized memory and possibly buffer overrun / crash. This also fixes a memory leak which always occurs when reading the last line of the opasswd file. Since the strdup is called before checking the return code from getline, getdelim, or fgets+strlen, it will duplicate and never free either: - The last successfully read line (for getline or getdelim) - Uninitialized data (if the file is empty) - A 0 byte string (for fgets+strlen) Fix by always checking the return code of getline, getdelim, or fgets+strlen before calling strdup.
* libpam/pam_modutil_sanitize.c: optimize the way to close fdsChristophe Besson2019-08-26
|
* pam_tty_audit: Manual page clarification about password loggingTomas Mraz2019-08-07
| | | | | * modules/pam_tty_audit/pam_tty_audit.8.xml: Explanation why passwords can be sometimes logged even when the option is not set.
* pam_get_authtok_verify: Avoid duplicate password verificationTomas Mraz2019-08-07
| | | | | | | | | | | | If password was already verified by previous modules in the stack it does not need to be verified by pam_get_authtok_verify either. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the authtok_verified appropriately. (pam_get_authtok_verify): Do not prompt if authtok_verified is set and set it when the password is verified. * libpam/pam_private.h: Add authtok_verified to the pam handle struct. * libpam/pam_start.c (pam_start): Initialize authtok_verified.
* Mention that ./autogen.sh is needeed to be run if you check out the sources ↵2*yo2019-07-16
| | | | from git
* pam_unix: Correct MAXPASS define name in the previous two commits.Tomas Mraz2019-06-27
| | | | | * modules/pam_unix/pam_unix_passwd.c: Change MAX_PASS to MAXPASS. * modules/pam_unix/support.c: Likewise.
* Restrict password length when changing passwordFlorian Best2019-06-27
|