| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header
which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open
* modules/pam_timestamp/hmacsha1.c: Include "config.h".
|
| |
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header included by
libpamc.h, which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/libpamc.so.0.82.1: uses non-LFS functions: __xstat readdir
* libpamc/libpamc.h: Include "config.h".
|
| |
|
|
|
|
| |
All other modules already build with WARN_CFLAGS.
* modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix -Wunused-variable compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable]
173 | char *ep, *val, *mntdevice = NULL;
| ^~
pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable]
172 | unsigned long ul;
| ^~
Fix -Wunused-parameter compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter]
169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c: In function 'pam_sm_close_session':
pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~~~~~~~~~~~^~~~
pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~
pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter]
383 | const char **argv) {
| ~~~~~~~~~~~~~^~~~
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark
'flags' parameter as unused. Remove unused 'ep' and 'ul' variables.
(pam_sm_close_session): Mark all parameters as unused.
|
| |
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
Resolves: https://github.com/linux-pam/linux-pam/pull/214
|
| |
|
|
|
|
|
| |
This makes disk quotas usable with central user databases, such as MySQL or
LDAP.
Resolves: https://github.com/linux-pam/linux-pam/issues/92
|
| |
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (netgroup_match): Place the code
that calls getdomainname under HAVE_GETDOMAINNAME guard.
* modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/43
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/or/
|
| |
|
|
|
|
|
| |
According to crypt(5), md5 should not be used for new hashes. Let's
give a modern example with yescrypt.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ca/
Resolves: https://github.com/linux-pam/linux-pam/pull/207
|
| |
|
|
|
|
| |
* .travis.yml: Remove faulty gcc-9 jobs on aarch64 and s390x,
gcc-9 became uninstallable on these platforms several days ago
and hasn't been fixed yet.
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Somewhat similar to Travis CI, this runs "make distcheck" on Ubuntu
18.04 using gcc-9, gcc-8, gcc, clang-9, clang-8, and clang on x86_64,
x86, and x32 architectures.
Compared with Travis CI, GitHub Actions service currently provides
a significantly better parallelism as well as (unsurprisingly)
better integration with github.
However, GitHub Actions cannot replace Travis CI completely yet as
the latter can build on aarch64, s390x, and ppc64le architectures.
* .github/workflows/whitespace-errors-check.yml: Remove
* .github/workflows/ci.yml: New file.
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/da/
|
| |
|
|
|
|
|
|
|
| |
_PATH_VARRUN already provides trailing slash for building paths
Fixes:
$ strings /usr/lib64/security/pam_timestamp.so | grep /run/
/var/run//pam_timestamp
/var/run//pam_timestamp/_pam_timestamp_key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems
that use the unix_chkpwd helper.
The reason is that in unix_chkpwd.c, towards the end of main(), if
helper_verify_password() does not return PAM_SUCCESS, main() ignores
the actual error that helper_verify_password() returned and instead
returns PAM_AUTH_ERR.
This commit corrects this behavior. Specifically, if
helper_verify_password() returns PAM_USER_UNKNOWN, which it does
when /etc/passwd entry indicates that shadow information is present
but the /etc/shadow entry is missing, the unix_chkpwd now exits
with PAM_AUTHINFO_UNAVAIL. For any other error from
helper_verify_password(), unix_chkpwd continues to exit with
PAM_AUTH_ERR.
* modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL
when helper_verify_password() returns PAM_USER_UNKNOWN.
|
| | |
|
| |
|
|
| |
Complements: 4daceedd ("pam_get_authtok: fix i18n of default prompts")
|
| |
|
|
|
|
|
| |
* libpam/pam_handlers.c (_pam_load_module): Reorganize $ISA handling
to reduce redundancy.
Resolves: https://github.com/linux-pam/linux-pam/pull/198
|
| |
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/163
Resolves: https://github.com/linux-pam/linux-pam/pull/191
|
| |
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
| |
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| | |
|
| | |
|
| |
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| | |
|
| |
|
|
|
|
|
|
| |
`security_context_t` is a legacy typedef to `char *`, substitute all usage.
See
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
|
| |
|
|
|
|
|
| |
Currently translated at 90.8% (109 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fi/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/sk/
Translated using Weblate (Czech)
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/cs/
Translated using Weblate (French)
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/uk/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/tr/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/nl/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/fr/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/ru/
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt_BR/
Translated using Weblate (Portuguese)
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pt/
Translated using Weblate (German)
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/de/
|
| |
|
|
|
|
|
| |
Currently translated at 100.0% (120 of 120 strings)
Translation: linux-pam/master
Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pl/
|
| |
|
|
|
|
| |
* modules/pam_userdb/pam_userdb.c: Include "pam_inline.h".
(_pam_parse, user_lookup): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_umask/pam_umask.c: Include "pam_inline.h".
(parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h".
(parse_option): Use pam_str_skip_icase_prefix instead of ugly
strncasecmp invocations.
|
| |
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Every time I see a code like
if (strncasecmp(argv, "remember=", 9) == 0)
options->remember = strtol(&argv[9], NULL, 10);
my eyes are bleeding.
Similar to pam_str_skip_prefix_len() and pam_str_skip_prefix(),
introduce a new helper inline function pam_str_skip_icase_prefix_len()
and a new macro pam_str_skip_icase_prefix() on top of it, to be used
in subsequent commits to cleanup the ugliness.
* libpam/include/pam_inline.h (pam_str_skip_icase_prefix_len): New
function.
(pam_str_skip_icase_prefix): New macro.
|
| |
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(pam_sm_open_session, pam_sm_close_session): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_wheel/pam_wheel.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.
squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
|
| |
|
|
|
|
| |
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_timestamp/pam_timestamp.c: Include "pam_inline.h".
(check_tty, get_timestamp_name, pam_sm_authenticate): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally/pam_tally.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_tally2/pam_tally2.c: Include "pam_inline.h".
(tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_selinux/pam_selinux.c: Include "pam_inline.h".
(compute_exec_context, compute_tty_context): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
