| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
| |
(Ticket#24 and #29)
* modules/pam_env/pam_env.c: Replace @{HOME} and @{SHELL} with passwd entries
* modules/pam_env/pam_env.conf.5.xml: Document @{HOME} and @{SHELL}
* modules/pam_env/pam_env.8.xml: Enhance documentation
|
|
|
|
|
|
|
|
|
| |
(Ticket #39)
* modules/pam_access/access.conf.5.xml
* modules/pam_access/pam_access.8.xml
Signed-off-by: Karl O. Pinc <kop at meme.com>
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.c: Change default timestamp directory.
|
|
|
|
| |
* modules/pam_group/group.conf.5.xml: Enhance example by logic group entry.
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.8.xml: Add timestampdir option.
|
|
|
|
|
| |
* libpam/pam_delay.c: Change 25% in comment to 50% as used in code.
* doc/man/pam_fail_delay.3.xml: Change 25% to 50%
|
|
|
|
| |
* po/*.po: Updated translations from Transifex.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Raise gettext requirement to the latest oldstable version 0.18.3.
This fixes the following automake warning:
configure.ac:581: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
configure.ac:581: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
configure.ac:581: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
* configure.ac (AM_GNU_GETTEXT_VERSION): Raise from 0.15 to 0.18.3.
* po/Makevars: Update from gettext-0.18.3.
|
|
|
|
|
|
|
| |
Enable all automake warning flags except for the portability issues,
since non portable features are used among the makefiles.
* configure.ac (AM_INIT_AUTOMAKE): Add -Wall -Wno-portability.
|
|
|
|
|
|
|
| |
This fixes the following automake warning:
aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in'
* configure.in: Rename to configure.ac.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These files are part of GNU gettext; we have not modified them, they are
installed by autopoint which is called by autoreconf, so they had to be
removed from this repository along with ABOUT-NLS, config.rpath, and
mkinstalldirs files that were removed by commit
Linux-PAM-1_1_5-7-g542ec8b.
* po/Makefile.in.in: Remove.
* po/Rules-quot: Likewise.
* po/boldquot.sed: Likewise.
* po/en@boldquot.header: Likewise.
* po/en@quot.header: Likewise.
* po/insert-header.sin: Likewise.
* po/quot.sed: Likewise.
* po/remove-potcdate.sin: Likewise.
* po/.gitignore: Ignore these files.
|
|
|
|
| |
* .gitignore: Ignore *.log and *.trs files.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_get_authtok() may be used any time that a password needs to be entered,
unlike pam_get_authtok_{no,}verify(), which may only be used when
changing a password; yet when the user aborts, it prints "Password change
aborted." whether or not that was the operation being performed.
This bug was non-obvious because none of the modules distributed with
Linux-PAM use it for anything but changing passwords; pam_unix has its
own utility function that it uses instead. As an example, the
nss-pam-ldapd package uses it in pam_sm_authenticate().
libpam/pam_get_authtok.c (pam_get_authtok_internal): check that the
password is trying to be changed before printing a message about the
password change being aborted.
|
|
|
|
|
|
|
|
|
|
| |
Use BUILD_CPPFLAGS variable to override CPPFLAGS where necessary in
case of cross compiling, in addition to CC_FOR_BUILD, BUILD_CFLAGS,
and BUILD_LDFLAGS variables introduced earlier to override CC,
CFLAGS, and LDFLAGS, respectively.
* configure.in (BUILD_CPPFLAGS): Define.
* doc/specs/Makefile.am (CPPFLAGS): Define to @BUILD_CPPFLAGS@.
|
|
|
|
|
|
|
|
|
|
|
| |
Our scanners do not really use yywrap. Explicitly disable yywrap
so that no references to yywrap will be generated and no LEXLIB
would be needed.
* conf/pam_conv1/Makefile.am (pam_conv1_LDADD): Remove.
* conf/pam_conv1/pam_conv_l.l: Enable noyywrap option.
* doc/specs/Makefile.am (padout_LDADD): Remove.
* doc/specs/parse_l.l: Enable noyywrap option.
|
|
|
|
| |
* doc/man/pam_authenticate.3.xml: Fix a typo in PAM_AUTHINFO_UNAVAIL.
|
|
|
|
| |
* doc/man/pam_authenticate.3.xml: Fix typo.
|
|
|
|
|
| |
modules/pam_succeed_if/pam_succeed_if.c (evaluate): Use PAM_RHOST
and PAM_TTY properly for the rhost and tty values.
|
|
|
|
|
|
|
|
|
| |
The currently used long with additional conversion to int is
too small for uids and gids.
modules/pam_succeed_if/pam_succeed_if.c (evaluate_num): Replace
strtol() with strtoll() and int with long long in the parameters
of comparison functions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The grantor field gives audit trail of PAM modules which granted access
for successful return from libpam calls. In case of failed return
the grantor field is set to '?'.
libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call.
libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise.
libpam/pam_password.c (pam_chauthtok): Likewise.
libpam/pam_session.c (pam_open_session, pam_close_session): Likewise.
libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter,
add grantor= field to the message if grantors is set.
(_pam_list_grantors): New function creating the string with grantors list.
(_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors()
to list the grantors from the handler list.
(_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call.
(pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog().
libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate.
(_pam_clear_grantors): New function to clear grantor field of handler.
(_pam_dispatch): Call _pam_clear_grantors() before executing the stack.
Call _pam_auditlog() when appropriate.
libpam/pam_handlers.c (extract_modulename): Do not allow empty module name
or just "?" to avoid confusing audit trail.
(_pam_add_handler): Test for NULL return from extract_modulename().
Clear grantor field of handler.
libpam/pam_private.h: Add grantor field to struct handler, add handler pointer
parameter to _pam_auditlog().
|
|
|
|
|
| |
modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous
stat() call.
|
|
|
|
|
| |
modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to
STDOUT_FILENO if needed.
|
|
|
|
| |
modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails.
|
|
|
|
| |
modules/pam_filter/pam_filter.c (set_filter): Close descriptors when fork() fails.
|
|
|
|
| |
modules/pam_echo/pam_echo.c (pam_echo): Close fd in error cases.
|
|
|
|
|
| |
modules/pam_tty_audit/pam_tty_audit.c (nl_recv): Initialize also
msg_flags.
|
|
|
|
|
|
| |
Problem found by Robin Hack <rhack@redhat.com>.
modules/pam_tally2/pam_tally2.c (get_tally): Do not depend on file size
just try to read it.
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (login_access): Reorder condition
so line is not accessed when uninitialized.
|
|
|
|
|
| |
modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login
structure before use.
|
|
|
|
|
|
|
| |
* modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields
in opasswd entry and return error.
* modules/pam_unix/passverify.c (save_old_password): Test for missing fields
in opasswd entry and skip it.
|
|
|
|
|
| |
* doc/man/Makefile.am [ENABLE_REGENERATE_MAN]: Add dependencies for
pam_verror.3, pam_vinfo.3, pam_vprompt.3, and pam_vsyslog.3 soelim stubs.
|
|
|
|
|
|
|
|
| |
* doc/adg/Makefile.am (install-data-local, releasedocs): Fall back
to srcdir if documentation files haven't been found in builddir.
(releasedocs): Treat missing documentation files as an error.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a typo due to which sag-*.html files might be installed instead of
adg-*.html and mwg-*.html files.
* doc/adg/Makefile.am (install-data-local): Install adg-*.html instead
of sag-*.html.
* doc/mwg/Makefile.am (install-data-local): Install mwg-*.html instead
of sag-*.html.
Patch-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
| |
modules/pam_limits/limits.conf.5.xml: Correct documentation of nofile limit.
modules/pam_limits/limits.conf: Likewise.
|
|
|
|
|
| |
modules/pam_limits/limits.conf.5.xml: clarify documentation of
maxlogins and maxsyslogins limits.
|
|
|
|
|
| |
modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for
NULL return from Goodcrypt_md5().
|
|
|
|
| |
* modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc().
|
|
|
|
|
| |
modules/pam_loginuid/pam_loginuid.8.xml: Document one more possible case
of PAM_IGNORE return value.
|
|
|
|
|
| |
modules/pam_loginuid/pam_loginuid.8.xml: Document the possible return
values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
the timestamp pathname it creates, so extra care should be taken to
avoid potential directory traversal issues.
* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
"." and ".." tty values as invalid.
(get_ruser): Treat "." and ".." ruser values, as well as any ruser
value containing '/', as invalid.
Fixes CVE-2014-2583.
Reported-by: Sebastian Krahmer <krahmer@suse.de>
|
|
|
|
|
| |
modules/pam_userdb/pam_userdb.8.xml: Document that .db suffix
should not be used and correct the example.
|
|
|
|
|
|
| |
SELinux expects canonical user name for example without domain component.
* modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
|
|
|
|
|
|
|
|
| |
As a side effect of commit Linux-PAM-1_1_8-11-g3fa23ce, tarball name
changed accidentally from "Linux-PAM" to "linux-pam".
This change brings it back to "Linux-PAM".
* configure.in (AC_INIT): Explicitly specify TARNAME argument.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
|
|
|
|
|
|
| |
Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.
* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process,
close the read end of input pipe after writing to its write end.
|
|
|
|
|
| |
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors
during /proc/self/loginuid update that are not ignored.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no need to copy strings passed as arguments to execve,
the only potentially noticeable effect of using strdup/x_strdup
would be a malformed argument list in case of memory allocation error.
Also, x_strdup, being a thin wrapper around strdup, is of no benefit
when its argument is known to be non-NULL, and should not be used in
such cases.
* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
instead of x_strdup, the latter is of no benefit in this case.
* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
x_strdup for strings passed as arguments to execve.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
(_unix_verify_password): Use strdup instead of x_strdup, the latter
is of no benefit in this case.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
strings passed as arguments to execv.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
passwords support in pam_userdb, hashes are compared case-insensitively.
This bug leads to accepting hashes for completely different passwords in
addition to those that should be accepted.
Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
modern password hashes with different lengths and settings, did not
update the hash comparison accordingly, which leads to accepting
computed hashes longer than stored hashes when the latter is a prefix
of the former.
* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
hash whose length differs from the stored hash length.
Compare computed and stored hashes case-sensitively.
Fixes CVE-2013-7041.
Bug-Debian: http://bugs.debian.org/731368
|
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe()
and fork() calls.
|
|
|
|
|
| |
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid
buffer initialization closer to its first use.
|