| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_LIBCRACK with
COND_BUILD_PAM_CRACKLIB.
* modules/Makefile.am [COND_BUILD_PAM_CRACKLIB] (MAYBE_PAM_CRACKLIB):
Define.
(SUBDIRS): Replace pam_cracklib with $(MAYBE_PAM_CRACKLIB).
* modules/pam_cracklib/Makefile.am: Assume HAVE_LIBCRACK.
|
| |
|
|
|
| |
* configure.ac (AC_DEFINE, AC_SUBST): Remove unused HAVE_KEY_MANAGEMENT.
(AC_CHECK_DECL): Remove unused ENOKEY.
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_KEY_MANAGEMENT with
COND_BUILD_PAM_KEYINIT.
* modules/Makefile.am [COND_BUILD_PAM_KEYINIT] (MAYBE_PAM_KEYINIT):
Define.
(SUBDIRS): Replace pam_keyinit with $(MAYBE_PAM_KEYINIT).
* modules/pam_keyinit/Makefile.am: Assume HAVE_KEY_MANAGEMENT.
|
| |
|
|
| |
* configure.ac (AC_DEFINE): Remove unused HAVE_AUDIT_TTY_STATUS.
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_AUDIT_TTY_STATUS with
COND_BUILD_PAM_TTY_AUDIT.
* modules/Makefile.am [COND_BUILD_PAM_TTY_AUDIT] (MAYBE_PAM_TTY_AUDIT):
Define.
(SUBDIRS): Replace pam_tty_audit with $(MAYBE_PAM_TTY_AUDIT).
* modules/pam_tty_audit/Makefile.am: Assume HAVE_AUDIT_TTY_STATUS.
|
| |
|
|
| |
... and move them closer to the end of configure.ac.
|
| |
|
|
|
|
| |
Also list one element of SUBDIRS per line for the ease of maintenance.
* modules/Makefile.am (SUBDIRS): List one per line, sort.
|
| |
|
|
|
|
|
| |
* .github/workflows/ci.yml (gcc10-x86_64, gcc10-x86, gcc10-x32):
New jobs.
* .travis.yml (matrix): Add gcc-10 jobs on x86_64, x86, x32,
and ppc64le.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by gcc-10 -Warray-bounds:
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:197:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [260, 389] from the object at 'uts' is out of the bounds of referenced subobject 'version' with type 'char[65]' at offset 195 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:59:10: note: subobject 'version' declared here
59 | char version[_UTSNAME_VERSION_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:188:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [65, 389] from the object at 'uts' is out of the bounds of referenced subobject 'sysname' with type 'char[65]' at offset 0 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:51:10: note: subobject 'sysname' declared here
51 | char sysname[_UTSNAME_SYSNAME_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:194:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [195, 389] from the object at 'uts' is out of the bounds of referenced subobject 'release' with type 'char[65]' at offset 130 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:57:10: note: subobject 'release' declared here
57 | char release[_UTSNAME_RELEASE_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:191:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [130, 389] from the object at 'uts' is out of the bounds of referenced subobject 'nodename' with type 'char[65]' at offset 65 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:54:10: note: subobject 'nodename' declared here
54 | char nodename[_UTSNAME_NODENAME_LENGTH];
| ^~~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:200:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [325, 389] from the object at 'uts' is out of the bounds of referenced subobject 'machine' with type 'char[65]' at offset 260 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:62:10: note: subobject 'machine' declared here
62 | char machine[_UTSNAME_MACHINE_LENGTH];
| ^~~~~~~
* modules/pam_issue/pam_issue.c (read_issue_quoted): Rewrite to avoid
strncat from potentially not null-terminated string buffer fields
of struct utsname.
|
| |
|
|
|
|
|
|
|
|
|
| |
available
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Do not assign -1U to
dirscans_sizes[i] when scandir(motd_dir_path_split[i]) returns an error.
Resolves: https://bugzilla.altlinux.org/38389
Fixes: d57ab221 ("pam_motd: Cleanup the code and avoid unnecessary logging")
|
| |
|
|
|
|
|
|
|
|
| |
Apply the following calloc invocation idiom:
ptr = calloc(nmemb, sizeof(*ptr));
* modules/pam_motd/pam_motd.c (pam_split_string,
try_to_display_directories_with_overrides): Cleanup calloc invocations.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Do not access
elements of dirscans_sizes array if dirscans_sizes == NULL
due to an earlier memory allocation error.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove return statement
at the end of the function returning void.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
pam_syslog already does all the prefixing we need.
* modules/pam_motd/pam_motd.c (pam_split_string,
try_to_display_directories_with_overrides): Remove "pam_motd: " prefix
from strings passed to pam_syslog.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
pam_motd used to leak memory allocated for each motd file
successfully opened in try_to_display_directories_with_overrides.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Free abs_path.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Do not invoke calloc with the first argument equal to zero as the return
value can be NULL which is undistinguishable from memory allocation
error.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Skip if there are no
directory entries (dirscans_size_total == 0).
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
As dirnames_all is allocated with calloc, zeroing it out is pointless.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove redundant zeroing
of dirnames_all.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
| |
|
|
|
|
|
|
|
|
| |
As WITH_SELINUX is already AC_DEFINE'd in configure.ac,
there is no point in adding -DWITH_SELINUX to CFLAGS.
* libpam/Makefile.am [HAVE_LIBSELINUX] (AM_CFLAGS): Do not add
-DWITH_SELINUX.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
|
| |
|
|
| |
* configure.ac: replace "test ! -z" with "test -n".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by gcc-10 -Wstringop-overflow:
In file included from /usr/include/string.h:494,
from modules/pam_filter/pam_filter.c:14:
In function 'strcpy',
inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2,
inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=]
90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra':
modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here
128 | levp[0] = (char *) malloc(size);
| ^~~~~~~~~~~~
* modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap
buffer overflow in case of a filter without arguments (argc == 0).
|
| |
|
|
|
|
|
| |
In other modules they were removed by commit Linux-PAM-1.3.0~14.
* modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC
parts.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On ppc64le the compiler complains with the following diagnostics:
pam_setquota.c: In function 'debug':
pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:46: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:62: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:73: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:84: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
* modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64
to unsigned long long.
|
| |
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header
which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open
* modules/pam_timestamp/hmacsha1.c: Include "config.h".
|
| |
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header included by
libpamc.h, which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/libpamc.so.0.82.1: uses non-LFS functions: __xstat readdir
* libpamc/libpamc.h: Include "config.h".
|
| |
|
|
|
|
| |
All other modules already build with WARN_CFLAGS.
* modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix -Wunused-variable compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable]
173 | char *ep, *val, *mntdevice = NULL;
| ^~
pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable]
172 | unsigned long ul;
| ^~
Fix -Wunused-parameter compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter]
169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c: In function 'pam_sm_close_session':
pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~~~~~~~~~~~^~~~
pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~
pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter]
383 | const char **argv) {
| ~~~~~~~~~~~~~^~~~
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark
'flags' parameter as unused. Remove unused 'ep' and 'ul' variables.
(pam_sm_close_session): Mark all parameters as unused.
|
| |
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
Resolves: https://github.com/linux-pam/linux-pam/pull/214
|
| |
|
|
|
|
|
| |
This makes disk quotas usable with central user databases, such as MySQL or
LDAP.
Resolves: https://github.com/linux-pam/linux-pam/issues/92
|
| |
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (netgroup_match): Place the code
that calls getdomainname under HAVE_GETDOMAINNAME guard.
* modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/43
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/or/
|
| |
|
|
|
|
|
| |
According to crypt(5), md5 should not be used for new hashes. Let's
give a modern example with yescrypt.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/
Resolves: https://github.com/linux-pam/linux-pam/pull/207
|
| |
|
|
|
|
| |
* .travis.yml: Remove faulty gcc-9 jobs on aarch64 and s390x,
gcc-9 became uninstallable on these platforms several days ago
and hasn't been fixed yet.
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Somewhat similar to Travis CI, this runs "make distcheck" on Ubuntu
18.04 using gcc-9, gcc-8, gcc, clang-9, clang-8, and clang on x86_64,
x86, and x32 architectures.
Compared with Travis CI, GitHub Actions service currently provides
a significantly better parallelism as well as (unsurprisingly)
better integration with github.
However, GitHub Actions cannot replace Travis CI completely yet as
the latter can build on aarch64, s390x, and ppc64le architectures.
* .github/workflows/whitespace-errors-check.yml: Remove
* .github/workflows/ci.yml: New file.
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/
|
| |
|
|
|
|
|
|
|
| |
_PATH_VARRUN already provides trailing slash for building paths
Fixes:
$ strings /usr/lib64/security/pam_timestamp.so | grep /run/
/var/run//pam_timestamp
/var/run//pam_timestamp/_pam_timestamp_key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems
that use the unix_chkpwd helper.
The reason is that in unix_chkpwd.c, towards the end of main(), if
helper_verify_password() does not return PAM_SUCCESS, main() ignores
the actual error that helper_verify_password() returned and instead
returns PAM_AUTH_ERR.
This commit corrects this behavior. Specifically, if
helper_verify_password() returns PAM_USER_UNKNOWN, which it does
when /etc/passwd entry indicates that shadow information is present
but the /etc/shadow entry is missing, the unix_chkpwd now exits
with PAM_AUTHINFO_UNAVAIL. For any other error from
helper_verify_password(), unix_chkpwd continues to exit with
PAM_AUTH_ERR.
* modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL
when helper_verify_password() returns PAM_USER_UNKNOWN.
|
| | |
|
| |
|
|
| |
Complements: 4daceedd ("pam_get_authtok: fix i18n of default prompts")
|
| |
|
|
|
|
|
| |
* libpam/pam_handlers.c (_pam_load_module): Reorganize $ISA handling
to reduce redundancy.
Resolves: https://github.com/linux-pam/linux-pam/pull/198
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/163
Resolves: https://github.com/linux-pam/linux-pam/pull/191
|
| |
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
| |
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| | |
|
| | |
|
| |
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| | |
|
