| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
|
| |
|
|
|
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Save the SIGCHLD handler and
reset it to the default before calling fork, restore the handler after
waitpid returns.
Resolves: https://github.com/linux-pam/linux-pam/issues/405
|
| |
|
|
|
|
|
|
|
| |
In the child process, freeing memory right before pam_syslog()
followed by _exit(ENOMEM) is useless.
* modules/pam_exec/pam_exec.c (call_exec): Do not call free(envlist).
Resolves: https://github.com/linux-pam/linux-pam/issues/444
|
| |
|
|
|
|
|
|
|
|
| |
In the child process, the elements of argv[] are not modified, so there
is no need to copy strings.
* modules/pam_exec/pam_exec.c (call_exec): Do not call strdup on argv[]
elements during arggv[] initialization.
Resolves: https://github.com/linux-pam/linux-pam/pull/446
|
| |
|
|
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Implement quiet_log option.
* modules/pam_exec/pam_exec.8.xml: Document it.
Resolves: https://github.com/linux-pam/linux-pam/issues/334
|
| |
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
| |
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x)
which is less error-prone and implements an additional type check.
* libpam/pam_handlers.c: Include "pam_inline.h".
(_pam_open_config_file): Use PAM_ARRAY_SIZE.
* modules/pam_exec/pam_exec.c: Include "pam_inline.h".
(call_exec): Use PAM_ARRAY_SIZE.
* modules/pam_namespace/pam_namespace.c: Include "pam_inline.h".
(filter_mntopts): Use PAM_ARRAY_SIZE.
* modules/pam_timestamp/hmacfile.c: Include "pam_inline.h".
(testvectors): Use PAM_ARRAY_SIZE.
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE.
* tests/tst-pam_get_item.c: Include "pam_inline.h".
(main): Use PAM_ARRAY_SIZE.
* tests/tst-pam_set_item.c: Likewise.
* xtests/tst-pam_pwhistory1.c: Likewise.
* xtests/tst-pam_time1.c: Likewise.
|
| |
|
|
|
|
| |
glibc only. A static string is better.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix a null pointer dereference when pam_prompt returns PAM_SUCCESS
but the response is set to NULL.
* modules/pam_exec/pam_exec.c (call_exec): Do not invoke strndupa
with a null pointer.
Closes: https://github.com/linux-pam/linux-pam/pull/2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fix: CVE-2015-3238
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise
|
| |
|
|
|
| |
modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to
STDOUT_FILENO if needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces pam_modutil_sanitize_helper_fds - a new function
that redirects standard descriptors and closes all other descriptors.
pam_modutil_sanitize_helper_fds supports three types of input and output
redirection:
- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
- PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented
by creating a pipe, closing its write end, and redirecting stdin to
its read end. Likewise, for stdout/stderr it is implemented by
creating a pipe, closing its read end, and redirecting to its write
end. Unlike stdin redirection, stdout/stderr redirection to a pipe
has a side effect that a process writing to such descriptor should be
prepared to handle SIGPIPE appropriately.
- PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is
implemented via PAM_MODUTIL_PIPE_FD because there is no functional
difference. For stdout/stderr, it is classic redirection to
/dev/null.
PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
security restrictions, but when the helper process might be writing to
the corresponding descriptor and termination of the helper process by
SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
* libpam/pam_modutil_sanitize.c: New file.
* libpam/Makefile.am (libpam_la_SOURCES): Add it.
* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
pam_modutil_sanitize_helper_fds): New declarations.
* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
* modules/pam_exec/pam_exec.c (call_exec): Use
pam_modutil_sanitize_helper_fds.
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_unix/support.h (MAX_FD_NO): Remove.
|
| |
|
|
|
| |
* modules/pam_exec/pam_exec.c: Add stdout and type= option
* modules/pam_exec/pam_exec.8.xml: Document new options
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
in child process with call to _exit(2).
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
exit(3) in child process with calls to _exit(2).
* modules/pam_filter/pam_filter.c (set_filter): Likewise.
* modules/pam_namespace/pam_namespace.c (inst_init,
cleanup_tmpdirs): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-09-03 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c: Expose authtok if requested,
provide environment variable containing service type.
* modules/pam_exec/pam_exec.8.xml: Document new option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: feature
Commit summary:
---------------
2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c (call_exec): Move all variable
declaration to begin of a block (#1976310).
* xtests/tst-pam_group1.c (run_test): Move no_grps declaration
to begin of function (#1976310).
|
| |
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
code check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-04 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c: Set PAM environment variables and
add 'quiet' option.
* modules/pam_exec/pam_exec.8.xml: Document new behavior.
Patch from Julien Lecomte <julien@lecomte.at>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-11-06 Thorsten Kukuk <kukuk@thkukuk.de>
* xtests/tst-pam_group1.c: Include stdlib.h
* xtests/tst-pam_succeed_if1.c: Likewise.
* xtests/tst-pam_limits1.c: Likewise.
* xtests/tst-pam_access1.c: Likewise.
* xtests/tst-pam_access2.c: Likewise.
* xtests/tst-pam_access3.c: Likewise.
* xtests/tst-pam_access4.c: Likewise.
* xtests/tst-pam_unix1.c: Likewise.
* xtests/tst-pam_unix2.c: Likewise.
* xtests/tst-pam_unix3.c: Likewise.
* xtests/tst-pam_cracklib1.c: Likewise.
* xtests/tst-pam_cracklib2.c: Likewise.
2007-10-30 Peter Breitenlohner <peb@mppmu.mpg.de>
* modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
misplaced parenthesis.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
dngettext() when NLS is disabled.
* modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
* doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
avoid gcc warning.
* modules/pam_wheel/pam_wheel.c: Remove excessive initializer
elements.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-29 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_exec/pam_exec.c (call_exec): Add required third
argument to open() call with O_CREAT flag set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
* examples/vpass.c: UID is unsigned on Linux.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_unix/pam_unix_acct.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
* modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
* modules/pam_succeed_if/README: Regenerated.
|
|
|
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2006-01-24 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Add modules/pam_exec.
* modules/Makefile.am: Add pam_exec subdirectory.
* modules/pam_exec/README: New.
* modules/pam_exec/Makefile.am: New.
* modules/pam_exec/pam_exec.8: New.
* modules/pam_exec/pam_exec.c: New.
* modules/pam_exec/pam_exec.8.xml: New.
* po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
* po/*.po: Merge new pam_exec strings.
|
