| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
| |
Patch for Debian bug #180310
Generate some (low-severity) log information whenever setrlimit() fails,
for debugging purposes.
Authors: Sam Hartman <hartmans@debian.org>
Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
Gbp-Pq: Name 040_pam_limits_log_failure
|
|
|
|
|
| |
===================================================================
Gbp-Pq: Name 008_modules_pam_limits_chroot
|
|
|
|
|
|
|
|
|
|
|
|
| |
setrlimit will sometimes return EPERM for example if you try to increase the
number of open files too much. This is not something we want to consider
fatal. This also happens if you use non-root and try to decrease a limit.
Running PAM as non-root is not so great.
Authors: ?
Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net>
Gbp-Pq: Name 032_pam_limits_EPERM_NOT_FATAL
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since
larger values can cause problems with fd_set overflow and systemd sets
itself higher.
See:
https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html
http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/
https://sourceware.org/bugzilla/show_bug.cgi?id=10352
https://github.com/systemd/systemd/commit/4096d6f5879aef73e20dd7b62a01f447629945b0
pam_limits reads the default limits from /proc/1/limits. Previously,
using upstart, this resulted in a 1024 nofile soft limit on Ubuntu
systems by default. Using systemd, this results in a limit of 65536
instead. This is not the intention of systemd upstream. See systemd
commit 4096d6f for an explanation of systemd's behaviour.
If we want to make such a change to the default distribution soft limit
in PAM, we should do it deliberately and carefully, not accidentally. A
change should consider what uses select(2) and might inadvertently (and
incorrectly) assume that file descriptors will always fit into an
fd_set, what vulnerabilities or crashes the change could consequently
create, and whether the protection now present with FORTIFY_SOURCE is
suitably enabled in all relevant builds.
So this keeps the soft limit at 1024 for now. The hard limit will rise
to 65536 along with systemd. Anything that knows that it will not be
buggy with respect to fd_set and FD_SETSIZE, such as by using poll(2) or
epoll(7) instead of select(2), can always raise the soft limit itself
without issue.
20:54 <rbasak> slangasek: [...] I'm also not sure how to go about
upstreaming this as pam_limits seems to be heavily patched already.
Forwarded: no
Reviewed-by: Adam Conrad <adconrad@ubuntu.com>
Reviewed-by: Martin Pitt <martin.pitt@ubuntu.com>
Last-Update: 2015-04-22
Gbp-Pq: Name pam-limits-nofile-fd-setsize-cap
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug-Debian: http://bugs.debian.org/63230
When crossing session boundaries (such as when su'ing from one user to
another), if the target account has no limit specified in limits.conf we
want to use the default, not the current value configured for the
source account.
If /proc/1/limits is unavailable, fall back to a set of hard-coded values
that shadow the currently known defaults on Linux.
Also, don't apply wildcard limits to the root account; only apply limits to
root that reference root by name.
===================================================================
Gbp-Pq: Name 027_pam_limits_better_init_allow_explicit_root
|
|
|
|
|
|
|
|
| |
GCC and Clang only define the macro `linux` when using the GNU dialect
of C (e.g. -std=gnu11 instead of -std=c11). Since `linux` is also not
in a reserved namespace it might be target of collisions.
Use the canonical macro `__linux__` instead (already used in
pam_limits.c).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc-12 insists on issuing the following warning:
In file included from /usr/include/string.h:535,
from pam_limits.c:24:
In function 'strncat',
inlined from 'check_logins' at pam_limits.c:287:6,
inlined from 'setup_limits' at pam_limits.c:1066:13,
inlined from 'pam_sm_open_session' at pam_limits.c:1267:14:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:138:10: error: '__builtin___strncat_chk' argument 2 declared attribute 'nonstring' [-Werror=stringop-overread]
138 | return __builtin___strncat_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
139 | __glibc_objsize (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/utmp.h:29,
from pam_limits.c:37:
/usr/include/x86_64-linux-gnu/bits/utmp.h: In function 'pam_sm_open_session':
/usr/include/x86_64-linux-gnu/bits/utmp.h:66:8: note: argument 'ut_user' declared here
66 | char ut_user[UT_NAMESIZE]
| ^~~~~~~
* modules/pam_limits/pam_limits.c (check_logins): Use memcpy instead of
strncat to pacify the compiler.
|
|
|
|
|
|
|
|
| |
Use the vendor directory as fallback for a distribution provided default
config if there is no configuration in /etc.
pam_limits.c: Take care about the fallback configuration in vendor directory.
pam_limits.8.xml: Add description for vendor directory.
|
|
|
|
|
| |
* modules/pam_limits/pam_limits.c (parse_config_file): Use
VENDOR_SCONFIGDIR macro instead of VENDORDIR.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source code
Since SCONFIGDIR macro is available, the is no need to define macros
based on SCONFIGDIR in Makefile.am files.
* modules/pam_access/Makefile.am (AM_CFLAGS): Move definitions of
PAM_ACCESS_CONFIG and ACCESS_CONF_GLOB macros ...
* modules/pam_access/pam_access.c: ... here.
* modules/pam_env/Makefile.am (AM_CFLAGS): Move definition of
DEFAULT_CONF_FILE macro ...
* modules/pam_env/pam_env.c: ... here.
* modules/pam_group/Makefile.am (AM_CFLAGS): Move definition of
PAM_GROUP_CONF macro ...
* modules/pam_group/pam_group.c: ... here.
* modules/pam_limits/Makefile.am (AM_CFLAGS): Move definition of
LIMITS_FILE macro ...
* modules/pam_limits/pam_limits.c: ... here.
* modules/pam_sepermit/Makefile.am (AM_CFLAGS): Move definition of
SEPERMIT_CONF_FILE macro ...
* modules/pam_sepermit/pam_sepermit.c: ... here.
* modules/pam_time/Makefile.am (AM_CFLAGS): Move definition of
PAM_TIME_CONF macro ...
* modules/pam_time/pam_time.c: ... here.
|
|
|
|
|
|
|
|
|
| |
LIMITS_FILE_DIR used to define a glob pattern instead of a directory
name, fix that inconsistency.
* modules/pam_limits/Makefile.am (AM_CFLAGS): Move "/*.conf" ending of
LIMITS_FILE_DIR macro ...
* modules/pam_limits/pam_limits.c (LIMITS_CONF_GLOB): ... here.
|
|
|
|
| |
A config with only comments or an empty one is completely fine for
pam_limits. So don't complain about missing config files either.
|
|
|
|
|
|
|
|
|
|
|
|
| |
As PR_SET_NO_NEW_PRIVS was introduced by Linux kernel commit
v3.5-rc1~161^2~37, provide a fallback definition to fix build
with older Linux kernel headers.
* modules/pam_limits/pam_limits.c [!PR_SET_NO_NEW_PRIVS]
(PR_SET_NO_NEW_PRIVS): New macro.
Resolves: https://github.com/linux-pam/linux-pam/issues/406
Fixes: dd9cf929 ("modules/pam_limits: add support for nonewprivs")
|
|
|
| |
* Use vendor specific limits.conf as fallback
|
|
|
|
|
|
|
|
| |
Replace it with a value obtained from /proc/sys/fs/nr_open
* modules/pam_limits/limits.conf.5.xml: Document the replacement.
* modules/pam_limits/pam_limits.c: Replace unlimited RLIMIT_NOFILE
value with a value obtained from /proc/sys/fs/nr_open
|
|
|
|
|
|
|
|
|
|
| |
* NEWS: Replace "an user" with "a user".
* modules/pam_faillock/pam_faillock.8.xml: Likewise.
* modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_sepermit/sepermit.conf: Likewise.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expose prctl(PR_SET_NO_NEW_PRIVS) as "nonewprivs" item.
The valid values are a boolean toggle 0/1 to keep semi-consistent
with the other numeric limits. It's slightly awkward as this is
an oddball relative to the other items in pam_limits but outside
of the item value itself this does seem at home in pam_limits.
Resolves: https://github.com/linux-pam/linux-pam/issues/224
Resolves: https://github.com/linux-pam/linux-pam/pull/225
|
|
|
|
|
|
| |
Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
|
| |
|
|
|
|
|
|
| |
* modules/pam_limits/pam_limits.c: Include "pam_inline.h".
(_pam_parse, parse_kernel_limits): Use pam_str_skip_prefix instead of
ugly strncmp invocations.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* conf/pam_conv1/Makefile.am: Add -Wno-unused-function -Wno-sign-compare to CFLAGS.
* doc/specs/Makefile.am: Likewise.
* libpamc/include/security/pam_client.h: Explicitly compare old_p with NULL.
* modules/pam_access/pam_access.c: Avoid double const.
* modules/pam_filter/pam_filter.c: Avoid arbitrary constants. Avoid strncpy()
without copying the NUL byte.
* modules/pam_group/pam_group.c: Mark switch fallthrough with comment.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_limits/pam_limits.c: Remove unused units variable.
* modules/pam_listfile/pam_listfile.c: Avoid unnecessary strncpy, use pointers.
* modules/pam_rootok/pam_rootok.c (log_callback): Mark unused parameter.
* modules/pam_selinux/pam_selinux.c: Use string_to_security_class() instead
of hardcoded value.
* modules/pam_sepermit/pam_sepermit.c: Properly cast when comparing.
* modules/pam_succeed_if/pam_succeed_if.c: Mark unused parameters.
* modules/pam_unix/pam_unix_passwd.c: Remove unused variables and properly
cast for comparison.
* modules/pam_unix/support.c: Remove unused function.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn into proper sentences those messages that are printed without
further modifications using pam_prompt in contexts where proper
sentences are expected.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar
of the message passed to pam_error.
* modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise.
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
grammar of error messages passed to pam_error.
* modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message
passed to pam_info.
* modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise.
* modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix
grammar of messages passed to pam_prompt.
* modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages
passed to pam_info.
* modules/pam_tally2/pam_tally2.c (tally_check): Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar
of messages passed to _make_remark.
* modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass,
pam_sm_chauthtok): Likewise.
* po/Linux-PAM.pot: Regenerate.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
|
|
|
|
|
|
|
|
| |
ut_user member of struct utmp is a string that is not necessarily
null-terminated, so extra care should be taken when using it.
* modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to
a null-terminated string and consistently use it where a null-terminated
string is expected.
|
|
|
|
|
|
|
|
| |
Original idea by Christopher Hailey
* modules/pam_limits/pam_limits.c (check_logins): Use kill() to
detect if pid of the utmp entry is still running and ignore the entry
if it is not.
|
|
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
|
|
|
|
|
|
|
| |
* modules/pam_limits/pam_limits.c: Add set_all option,
read limits from PID one if no limit is specified and set_all
is set.
* modules/pam_limits/pam_limits.8.xml: Document set_all option.
Based on Patch by Kees Cook.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-12-14 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (parse_uid_range): New function
to parse the range of uids or gids.
(parse_config_file): Call parse_uid_range() and if uid/gid range
is identified, setup the limits if the range matches. New parameters
containing user's uid and primary gid.
(pam_sm_open_session): Pass the user's uid and primary gid to
parse_config_file().
* modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2010-11-18 Tomas Mraz <tm@t8m.info>
* modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session):
Drop obsolete and broken option change_uid.
* modules/pam_limits/pam_limits.8.xml: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: enhancement
Commit summary:
---------------
2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/limits.conf.5.xml: Document that the kernel
can refuse values out of range for the local system.
* modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit
fails.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature and cleanup
Commit summary:
---------------
2007-12-07 Tomas Mraz <t8m@centrum.cz>
* libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
* libpam/pam_audit.c: Add _pam_audit_open() and
pam_modutil_audit_write().
(_pam_auditlog): Call _pam_audit_open().
* libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
* modules/pam_access/pam_access.8.xml: Add noaudit option.
Document auditing.
* modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
only_new_group_syntax variables to struct login_info. Add noaudit
member.
(_parse_args): Adjust for the move of variables and add support for
noaudit option.
(group_match): Add debug parameter.
(string_match): Likewise.
(network_netmask_match): Likewise.
(login_access): Adjust for the move of variables. Add nonall_match.
Add call to pam_modutil_audit_write().
(list_match): Adjust for the move of variables.
(user_match): Likewise.
(from_match): Likewise.
(pam_sm_authenticate): Call _parse_args() earlier.
* modules/pam_limits/pam_limits.8.xml: Add noaudit option.
Document auditing.
* modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
(setup_limits): Call pam_modutil_audit_write().
* modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
Document auditing.
* modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
and pam_syslog() on login denials.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/cleanup
Commit summary:
---------------
2007-09-03 Steve Langasek <vorlon@debian.org>
* modules/pam_limits/pam_limits.c: remove a number of unnecessary
string manipulations, including a strncpy() that was acting on
overlapping memory.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: portability
Commit summary:
---------------
2007-08-27 Steve Langasek <vorlon@debian.org>
* modules/pam_limits/pam_limits.c: when building on non-Linux
systems, give a warning only, not an error; no one seems to
remember why this error was here in the first place, but leave
something in that might still grab the attention of non-Linux
users.
Patch from Michal Suchanek <hramrach_l@centrum.cz>.
* configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
the presence of net/if.h before using, required for Hurd
compatibility.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_limits/pam_limits.c: conditionalize the use of
RLIMIT_AS, which is not present on the Hurd.
Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
* modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
a static buffer when available; fixes the build on systems
without MAXHOSTNAMELEN (i.e., the Hurd).
* modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
before using it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix/new feature
Commit summary:
---------------
2007-07-10 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Add --with-db-uniquename option to support
db libraries and functions with unique name extension.
Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.
* modules/pam_limits/pam_limits.c: Include locale.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-06-26 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/pam_limits.c (process_limit): Check upper and
lower limit of nice value, fix off-by-one in conversation to rlim_t.
* xtests/Makefile.am: Add new pam_limits test case.
* xtests/limits.conf: New, config file for test case.
* xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
* xtests/pam_limits1.sh: Likewise.
* xtests/pam_limits1.pamd: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-06-22 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
better error message if /proc/self/loginuid cannot be opened.
* modules/pam_limits/pam_limits.c (process_limit): Check for
variable overflow after multiplication [bnc#283001].
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
* modules/pam_limits/Makefile.am: Define limits.d dir and install it.
* modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
* modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
(pam_parse): conf_file is now ptr.
(pam_sm_open_session): Add parsing files from limits.d subdir using
glob, change pl to pointer.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-08-05 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
pam_modutil_getpwnam instead of getpwnam.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfixes
Commit summary:
---------------
2006-07-24 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Add uninstall and distclean rules.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
2006-07-08 Daniel Richard G. <skunk@iskunk.org>
* conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
* conf/pam_conv1/pam_conv.lex: Rename to ...
* conf/pam_conv1/pam_conv_l.l: ... this.
* conf/pam_conv1/pam_conv.y: Rename to ...
* conf/pam_conv1/pam_conv_y.y: ... this.
* configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
calls.
* doc/Makefile.am: Fix rule to install index.html.
* doc/adg/Makefile.am: Fix test usage.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
* doc/specs/Makefile.am: Fix rules for lex and yacc files.
* specs/parse.lex: Rename to ...
* doc/specs/parse_l.l: ... this.
* doc/specs/parse.y: Rename to ...
* doc/specs/parse_y.y: ... this.
* libpam/pam_account.c: Fix #if vs. #ifdef.
* libpam/pam_audit.c: Likewise.
* libpam/pam_auth.c: Likewise.
* libpam/pam_password.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_session.c: Likewise.
* libpam/pam_start.c: Likewise.
* libpam/pam_static.c: Fix "empty sourcefile" warning.
* modules/pam_limits/pam_limits.c: Check for __linux, too.
* modules/pam_userdb/Makefile.am: Don't run test if no
libdb available.
* tests/tst-dlopen.c: Include config.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Bring implementation in sync with documentation:
2006-06-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/pam_limits.c (setup_limits): Don't
reset priority for root.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2006-06-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_limits/Makefile.am: Include Make.xml.rules.
* modules/pam_limits/limits.conf.5: New, generated from xml file.
* modules/pam_limits/limits.conf.5.xml: New.
* modules/pam_limits/pam_limits.8: New, generated from xml file.
* modules/pam_limits/pam_limits.8.xml: New.
* modules/pam_limits/README.xml: New.
* modules/pam_limits/README: Regenerated from README.xml.
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Moved functions from pammodutil to libpam.
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
cleanup from ldv (forgot to commit...)
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
values for other limits are applied) patch by Anton Guda
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Use pam_syslog instead of _pam_log
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Change major version number back to "0".
Add more patches from ALT-Linux/OWL:
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
Big "automake/autoconf/libtool" commit
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
Rename _pam_aconf.h to config.h.
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
Don't lowercase login names. Using uppercase login names is a bad idea,
but people are doing it.
|