summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* releasing package pam version 1.4.0-2HEADdebian/1.4.0-2archive/debian/1.4.0-2masterSteve Langasek2020-12-28
|
* Restart services on upgrade to 1.4.0. Closes: #978555.Steve Langasek2020-12-28
|
* releasing package pam version 1.4.0-1debian/1.4.0-1archive/debian/1.4.0-1Steve Langasek2020-12-28
|
* Add hardening+=bindnow to build options, per lintian.Steve Langasek2020-08-12
|
* Refresh lintian overrides for changes to available pam modules.Steve Langasek2020-08-12
|
* Update symbols file for new symbols.Steve Langasek2020-08-12
|
* Continue building pam_cracklib, which is deprecated upstream; the ↵Steve Langasek2020-08-12
| | | | replacement, pam_passwdqc, is packaged separately.
* Drop pam_tally and pam_tally2 modules, which have been deprecated upstream ↵Steve Langasek2020-08-12
| | | | in favor of pam_faillock. Closes: #569746, LP: #772121.
* debian/pam-configs/unix: use nullok, not nullok_secure.Steve Langasek2020-08-12
|
* debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as ↵Steve Langasek2020-08-12
| | | | a deprecated alias for nullok.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.Steve Langasek2020-08-12
|
* Drop patches to implement "nullok_secure" option for pam_unix. Closes: ↵Steve Langasek2020-08-12
| | | | #674857, #936071.
* Refresh patchesSteve Langasek2020-08-12
|
* fix changelog maintainer fieldSteve Langasek2020-08-11
|
* Merge upstream version 1.4.0Steve Langasek2020-08-11
|\
| * New upstream version 1.4.0Steve Langasek2020-08-11
| |\
| | * maint: document release procedureDmitry V. Levin2020-06-04
| | | | | | | | | | | | * maint/README-release: New file.
| | * maint: introduce gen-tag-messageDmitry V. Levin2020-06-04
| | | | | | | | | | | | * maint/gen-tag-message: New script for preparing tag message.
| | * maint: introduce make-distDmitry V. Levin2020-06-04
| | | | | | | | | | | | * maint/make-dist: New script for preparing release tarballs.
| | * gitlog-to-changelog: update from gnulibDmitry V. Levin2020-06-03
| | |
| | * pam_setquota: skip mountpoints equal to the user's $HOMEJosef Möllers2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Matthias Gerstner found the following issue: <quote> So this pam_setquota module iterates over all mounted file systems using `setmntent()` and `getmntent()`. It tries to find the longest match of a file system mounted on /home/$USER or above (except when the fs=/some/path parameter is passed to the pam module). The thing is that /home/$USER is owned by the unprivileged user. And there exist tools like fusermount from libfuse which is by default installed setuid-root for everybody. fusermount allows to mount a FUSE file system using an arbitrary "source device name" as the unprivileged user. Thus considering the following use case: 1) there is only the root file system (/) or a file system is mounted on /home, but not on /home/$USER. 2) the attacker mounts a fake FUSE file system over its own home directory: ``` user $ export _FUSE_COMMFD=0 user $ fusermount $HOME -ononempty,fsname=/dev/sda1 ``` This will result in a mount entry in /proc/mounts looking like this: ``` /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) ``` 3) when the attacker now logs in with pam_setquota configured then pam_setquota will identify /dev/sda1 and the file system where to apply the user's quota on. As a result an unprivileged user has full control over onto which block device the quota is applied. </quote> If the user's $HOME is on a separate partition, setting a quota on the user's $HOME does not really make sense, so this patch skips mountpoints equal to the user's $HOME, preventing the above mentioned bug as a side-effect (or vice-versa). Reported-by: Matthias Gerstner <mgerstner@suse.de> Co-authored-by: Tomáš Mráz <tmraz@redhat.com> Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: https://github.com/linux-pam/linux-pam/pull/230
| | * pam_debug: do not invoke pam_get_user and do not set PAM_USERDmitry V. Levin2020-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pam_debug used to invoke pam_get_user and set PAM_USER to "nobody" when pam_get_user returns an empty string as the user name. When either of these functions returned an error value, it used to return that error value. This hasn't been documented, and I couldn't find any rationale for this behaviour. * modules/pam_debug/pam_debug.c (pam_sm_authenticate): Do not invoke pam_get_user and pam_set_item.
| | * Translated using Weblate (Chinese (Traditional))Yi-Jyun Pan2020-05-24
| | | | | | | | | | | | | | | | | | | | | Currently translated at 100.0% (122 of 122 strings) Translation: linux-pam/master Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/zh_TW/
| | * modules: downgrade syslog level for errors related to pam_get_userDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade the syslog level for diagnostics of errors returned by pam_modutil_getpwnam for users returned by pam_get_user from LOG_ERR to LOG_NOTICE. * modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade the syslog level for diagnostics of errors returned by pam_modutil_getpwnam for users returned by pam_get_user from LOG_WARNING to LOG_NOTICE. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
| | * modules: downgrade syslog level for pam_get_user errorsDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Downgrade the syslog level for pam_get_user errors from LOG_WARNING to LOG_NOTICE. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
| | * pam_localuser: add a test for return valuesDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | * modules/pam_localuser/tst-pam_localuser-retval.c: New file. * modules/pam_localuser/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_localuser_retval_LDADD): New variables.
| | * pam_localuser: refactor pam_sm_authenticateDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | * modules/pam_localuser/pam_localuser.c (check_user_in_passwd): New function. (pam_sm_authenticate): Use it.
| | * pam_localuser: downgrade syslog level for errors related to user inputDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Downgrade the syslog level for errors related to pam_get_user from LOG_ERR to LOG_NOTICE. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
| | * pam_localuser: re-format pam_sm_* function declarationsDmitry V. Levin2020-05-21
| | |
| | * pam_localuser: remove unused includesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Also, remove unused MODULE_NAME macro. * modules/pam_localuser/pam_localuser.c: Stop including unused header files. (MODULE_NAME): Remove.
| | * pam_localuser: forward error values returned by pam_get_userDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Starting with commit c2c601f5340a59c5c62193d55b555d384380ea38, pam_get_user is guaranteed to return one of the following values: PAM_SUCCESS, PAM_BUF_ERR, PAM_CONV_AGAIN, or PAM_CONV_ERR. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not replace non-PAM_CONV_AGAIN error values returned by pam_get_user with PAM_SERVICE_ERR. * modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document new return values.
| | * pam_localuser: return PAM_INCOMPLETE when pam_get_user returns PAM_CONV_AGAINDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Give the application a chance to handle PAM_INCOMPLETE. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return PAM_INCOMPLETE instead of PAM_SERVICE_ERR when pam_get_user returns PAM_CONV_AGAIN. * modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document it.
| | * pam_localuser: open the passwd file after user name validationDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Since user name is untrusted input, it should be validated earlier rather than later. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Open the passwd file after user name validation.
| | * pam_localuser: use BUFSIZ as the line buffer sizeDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As BUFSIZ is the buffer size used in stdio, it must be an efficient size for the line buffer. Also, it's larger than LINE_MAX used as the line buffer size before this change, effectively raising the maximum user name length supported by this module. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Replace LINE_MAX with BUFSIZ.
| | * pam_localuser: handle long lines in passwd files properlyDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, a long line in the passwd file used to be treated as several lines which could potentially result to false match and, consequently, to incorrect PAM_SUCCESS return value. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Handle long lines in passwd files properly.
| | * pam_localuser: get rid of a temporary bufferDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not copy the user name into a temporary buffer, use the user name itself in comparisons.
| | * pam_localuser: log unrecognized optionsDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Log unrecognized options.
| | * pam_localuser: return PAM_SERVICE_ERR instead of PAM_SYSTEM_ERRDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | When passwd file cannot be opened or the user name either cannot be obtained or is not valid, return PAM_SERVICE_ERR instead of PAM_SYSTEM_ERR. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return PAM_SERVICE_ERR instead of PAM_SYSTEM_ERR.
| | * pam_localuser: reject user names that are too longDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Too long user names used to be truncated which could potentially result to false match and, consequently, to incorrect PAM_SUCCESS return value. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return PAM_SERVICE_ERR if the user name is too long.
| | * pam_localuser: reject user names containing a colonDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | "root:x" is not a local user name even if the passwd file contains a line starting with "root:x:". * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return PAM_PERM_DENIED if the user name contains a colon.
| | * pam_mkhomedir: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c: New file. * modules/pam_mkhomedir/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_mkhomedir_retval_LDADD): New variables.
| | * pam_faildelay: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_faildelay/tst-pam_faildelay-retval.c: New file. * modules/pam_faildelay/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_faildelay_retval_LDADD): New variables.
| | * pam_rootok: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_rootok/tst-pam_rootok-retval.c: New file. * modules/pam_rootok/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_rootok_retval_LDADD): New variables.
| | * pam_nologin: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_nologin/tst-pam_nologin-retval.c: New file. * modules/pam_nologin/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_nologin_retval_LDADD): New variables.
| | * pam_echo: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_echo/tst-pam_echo-retval.c: New file. * modules/pam_echo/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_echo_retval_LDADD): New variables.
| | * pam_warn: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_warn/tst-pam_warn-retval.c: New file. * modules/pam_warn/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_warn_retval_LDADD): New variables.
| | * pam_debug: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_debug/tst-pam_debug-retval.c: New file. * modules/pam_debug/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_debug_retval_LDADD): New variables.
| | * pam_permit: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_permit/tst-pam_permit-retval.c: New file. * modules/pam_permit/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_permit_retval_LDADD): New variables.
| | * pam_deny: add a test for return valuesDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | * modules/pam_deny/tst-pam_deny-retval.c: New file. * modules/pam_deny/Makefile.am (TESTS): Add $(check_PROGRAMS). (check_PROGRAMS, tst_pam_deny_retval_LDADD): New variables.
| | * Introduce test_assert.hDmitry V. Levin2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Introduce a new internal header file for definitions of handy macros providing convenient assertion testing functionality. * libpam/include/test_assert.h: New file. * libpam/Makefile.am (noinst_HEADERS): Add include/test_assert.h.