| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
14:01:59 +0100 Subject: pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations Origin: https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb Bug-Debian: https://bugs.debian.org/1061097 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-22365
Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs
being placed in user controlled directories, causing the PAM module to
block indefinitely during `openat()`.
Pass O_DIRECTORY to cause the `openat()` to fail if the path does not
refer to a directory.
With this the check whether the final path element is a directory
becomes unnecessary, drop it.
Gbp-Pq: Name pam_namespace_o_directory
|
| |
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (inst_init): Make sure
the SIGCHLD handler is not reset too early by moving the sigaction
call right before the fork call.
|
| |
|
|
|
|
|
|
|
|
| |
Use the vendor directory as fallback for a distribution provided default
config and scripts if there is no configuration in /etc.
pam_namespace.c: Take care about the fallback configuration in vendor directory.
pam_namespace.h: Define vendor specific files and directories.
pam_namespace.8.xml: Add description for vendor directories and files.
namespace.conf.5.xml: Add description for vendor directories and files.
|
| |
|
|
|
|
|
|
|
|
| |
Check for the unlikely case string_to_security_class() does not find the
associated SELinux security class.
This will only happen if the loaded SELinux policy does not define the
class "dir" (which no sane policy does) or querying the selinuxfs
fails.
Suggested by #309
|
| |
|
|
|
|
|
| |
These retrieved contexts are just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
|
| |
|
|
|
| |
The matchpathcon family is deprecated.
Use the selabel family.
|
| |
|
|
|
| |
libselinux 3.1 deprecated the typedef security_context_t.
Use the underlaying type.
|
| |
|
|
|
|
|
|
|
|
|
| |
[ldv: rewrote commit message]
* modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Close just
opened file descriptor "srcfd" in an unlikely case when it cannot be
fstat'ed.
* modules/pam_namespace/pam_namespace.c (create_instance): Close just
opened file descriptor "fd" in an unlikely case when it cannot be
fstat'ed.
|
| | |
|
| |
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (root_shared): Use
pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x)
which is less error-prone and implements an additional type check.
* libpam/pam_handlers.c: Include "pam_inline.h".
(_pam_open_config_file): Use PAM_ARRAY_SIZE.
* modules/pam_exec/pam_exec.c: Include "pam_inline.h".
(call_exec): Use PAM_ARRAY_SIZE.
* modules/pam_namespace/pam_namespace.c: Include "pam_inline.h".
(filter_mntopts): Use PAM_ARRAY_SIZE.
* modules/pam_timestamp/hmacfile.c: Include "pam_inline.h".
(testvectors): Use PAM_ARRAY_SIZE.
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE.
* tests/tst-pam_get_item.c: Include "pam_inline.h".
(main): Use PAM_ARRAY_SIZE.
* tests/tst-pam_set_item.c: Likewise.
* xtests/tst-pam_pwhistory1.c: Likewise.
* xtests/tst-pam_time1.c: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new internal header file with definitions of
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros,
use them to temporary silence -Wcast-qual compilation warnings
in various modules.
* libpam/include/pam_cc_compat.h: New file.
* libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h.
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h".
(create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h".
(pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h".
(nl_send): Wrap the cast that discards ‘const’ qualifier in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h".
(_unix_run_verify_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h".
(_unix_run_update_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/passverify.c: Include "pam_cc_compat.h".
(unix_update_shadow): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/support.c: Include "pam_cc_compat.h".
(_unix_run_helper_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h".
(run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
|
| |
|
|
|
|
|
|
|
|
| |
* libpam/pam_modutil_searchkey.c: Avoid assigning empty string literal to
non-const char *.
* modules/pam_filter/pam_filter.c: Avoid using const char **.
* modules/pam_mkhomedir/pam_mkhomedir.c: Properly cast out const for execve().
* modules/pam_namespace/pam_namespace.c: Properly cast out const from pam data.
* modules/pam_tally2/pam_tally2.c: String literal must be assigned to
const char *.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for the
noexec, nosuid, and nodev flags support.
* modules/pam_namespace/pam_namespace.c (filter_mntopts): New function to
filter out the flags.
(parse_method): Call the function.
(ns_setup): Apply the flags to the tmpfs mount.
* modules/pam_namespace/pam_namespace.h: Add mount_flags to polydir_s struct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libpam/pam_handlers.c: Make memory allocation failures LOG_CRIT.
* libpam/pam_modutil_priv.c: Make memory allocation failures LOG_CRIT.
* modules/pam_echo/pam_echo.c: Make memory allocation failures LOG_CRIT.
* modules/pam_env/pam_env.c: Make memory allocation failures LOG_CRIT.
* modules/pam_exec/pam_exec.c: Make memory allocation failures LOG_CRIT.
* modules/pam_filter/pam_filter.c: Make all non-memory call errors LOG_ERR.
* modules/pam_group/pam_group.c: Make memory allocation failures LOG_CRIT.
* modules/pam_issue/pam_issue.c: Make memory allocation failures LOG_CRIT.
* modules/pam_lastlog/pam_lastlog.c: The lastlog file creation is syslogged
with LOG_NOTICE, memory allocation errors with LOG_CRIT, other errors
with LOG_ERR.
* modules/pam_limits/pam_limits.c: User login limit messages are syslogged
with LOG_NOTICE, stale utmp entry with LOG_INFO, non-memory errors with
LOG_ERR.
* modules/pam_listfile/pam_listfile.c: Rejection of user is syslogged
with LOG_NOTICE.
* modules/pam_namespace/pam_namespace.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_nologin/pam_nologin.c: Make memory allocation failures
LOG_CRIT, other errors LOG_ERR.
* modules/pam_securetty/pam_securetty.c: Rejection of access is syslogged
with LOG_NOTICE, non-memory errors with LOG_ERR.
* modules/pam_selinux/pam_selinux.c: Make memory allocation failures LOG_CRIT.
* modules/pam_succeed_if/pam_succeed_if.c: Make all non-memory call errors
LOG_ERR.
* modules/pam_time/pam_time.c: Make memory allocation failures LOG_CRIT.
* modules/pam_timestamp/pam_timestamp.c: Make memory allocation failures
LOG_CRIT.
* modules/pam_unix/pam_unix_acct.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/pam_unix_passwd.c: Make memory allocation failures LOG_CRIT,
other errors LOG_ERR.
* modules/pam_unix/pam_unix_sess.c: Make all non-memory call errors LOG_ERR.
* modules/pam_unix/passverify.c: Unknown user is syslogged with LOG_NOTICE.
* modules/pam_unix/support.c: Unknown user is syslogged with LOG_NOTICE and
max retries ignorance by application likewise.
* modules/pam_unix/unix_chkpwd.c: Make all non-memory call errors LOG_ERR.
* modules/pam_userdb/pam_userdb.c: Password authentication error is syslogged
with LOG_NOTICE.
* modules/pam_xauth/pam_xauth.c: Make memory allocation failures LOG_CRIT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux-PAM. It was never official supported and was broken since years.
* configure.ac: Remove --enable-static-modules option.
* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
* doc/man/pam_sm_authenticate.3.xml: Likewise.
* doc/man/pam_sm_chauthtok.3.xml: Likewise.
* doc/man/pam_sm_close_session.3.xml: Likewise.
* doc/man/pam_sm_open_session.3.xml: Likewise.
* doc/man/pam_sm_setcred.3.xml: Likewise.
* libpam/Makefile.am: Remove STATIC_MODULES cases.
* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
* libpam/pam_dynamic.c: Likewise.
* libpam/pam_handlers.c: Likewise.
* libpam/pam_private.h: Likewise.
* libpam/pam_static.c: Remove file.
* libpam/pam_static_modules.h: Remove header file.
* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
* modules/pam_cracklib/pam_cracklib.c: Likewise.
* modules/pam_debug/pam_debug.c: Likewise.
* modules/pam_deny/pam_deny.c: Likewise.
* modules/pam_echo/pam_echo.c: Likewise.
* modules/pam_env/pam_env.c: Likewise.
* modules/pam_exec/pam_exec.c: Likewise.
* modules/pam_faildelay/pam_faildelay.c: Likewise.
* modules/pam_filter/pam_filter.c: Likewise.
* modules/pam_ftp/pam_ftp.c: Likewise.
* modules/pam_group/pam_group.c: Likewise.
* modules/pam_issue/pam_issue.c: Likewise.
* modules/pam_keyinit/pam_keyinit.c: Likewise.
* modules/pam_lastlog/pam_lastlog.c: Likewise.
* modules/pam_limits/pam_limits.c: Likewise.
* modules/pam_listfile/pam_listfile.c: Likewise.
* modules/pam_localuser/pam_localuser.c: Likewise.
* modules/pam_loginuid/pam_loginuid.c: Likewise.
* modules/pam_mail/pam_mail.c: Likewise.
* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
* modules/pam_motd/pam_motd.c: Likewise.
* modules/pam_namespace/pam_namespace.c: Likewise.
* modules/pam_nologin/pam_nologin.c: Likewise.
* modules/pam_permit/pam_permit.c: Likewise.
* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
* modules/pam_rhosts/pam_rhosts.c: Likewise.
* modules/pam_rootok/pam_rootok.c: Likewise.
* modules/pam_securetty/pam_securetty.c: Likewise.
* modules/pam_selinux/pam_selinux.c: Likewise.
* modules/pam_sepermit/pam_sepermit.c: Likewise.
* modules/pam_shells/pam_shells.c: Likewise.
* modules/pam_stress/pam_stress.c: Likewise.
* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
* modules/pam_tally/pam_tally.c: Likewise.
* modules/pam_tally2/pam_tally2.c: Likewise.
* modules/pam_time/pam_time.c: Likewise.
* modules/pam_timestamp/pam_timestamp.c: Likewise.
* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
* modules/pam_umask/pam_umask.c: Likewise.
* modules/pam_userdb/pam_userdb.c: Likewise.
* modules/pam_warn/pam_warn.c: Likewise.
* modules/pam_wheel/pam_wheel.c: Likewise.
* modules/pam_xauth/pam_xauth.c: Likewise.
* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
* modules/pam_unix/pam_unix_auth.c: Likewise.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/pam_unix_sess.c: Likewise.
* modules/pam_unix/pam_unix_static.c: Removed.
* modules/pam_unix/pam_unix_static.h: Removed.
* po/POTFILES.in: Remove removed files.
* tests/tst-dlopen.c: Remove PAM_STATIC part.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c: call setuid() before execing the
namespace init script, so that scripts run with maximum privilege regardless
of the shell implementation.
* modules/pam_namespace/namespace.init: drop the '-p' bashism from the
shebang line
This is not a POSIX standard option, it's a bashism. The bash manpage says
that it's used to prevent the effective user id from being reset to the real
user id on startup, and to ignore certain unsafe variables from the
environment.
In the case of pam_namespace, the -p is not necessary for environment
sanitizing because the PAM module (properly) sanitizes the environment
before execing the script.
The stated reason given in CVS history for passing -p is to "preserve euid
when called from setuid apps (su, newrole)." This should be done more
portably, by calling setuid() before spawning the shell.
Signed-off-by: Steve Langasek <vorlon@debian.org>
Bug-Debian: http://bugs.debian.org/624842
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323
|
| |
|
|
|
|
|
|
|
| |
modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir
structure.
modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts.
(parse_method): Parse the mntopts flag.
(ns_setup): Pass the mount_opts to mount().
modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
|
| |
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize
the unmount_on_close option and make the default to be to not unmount.
* modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to
PAMNS_UNMOUNT_ON_CLOSE.
* modules/pam_namespace/pam_namespace.8.xml: Document the change.
|
| |
|
|
|
|
|
|
|
| |
* modules/pam_namespace/pam_namespace.c (protect_dir): Drop the always argument.
(check_inst_parent): Drop the always argument from protect_dir().
(create_polydir): Likewise.
(ns_setup): Likewise and do not mark the polydir with MS_PRIVATE.
(setup_namespace): Mark the / with MS_SLAVE|MS_REC.
* modules/pam_namespace/pam_namespace.8.xml: Reflect the change in docs.
|
| |
|
|
|
|
| |
Cleanup trailing whitespaces, indentation that uses spaces before tabs,
and blank lines at EOF. Make the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2011-03-18 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
* modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
(protect_dir): Guard for -1 passing to close().
(ns_setup): Likewise.
(pam_sm_open_session): Correctly test for SELinux enabled flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-22 Tomas Mraz <tm@t8m.info>
* modules/pam_namespace/pam_namespace.c (inst_init): Use execle()
to execute the init script with clean environment. (CVE-2010-3853)
(cleanup_tmpdirs): Likewise for executing rm.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-04-03 Dmitry V. Levin <ldv@altlinux.org>
* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
in child process with call to _exit(2).
* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
Likewise.
* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
Likewise.
* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
exit(3) in child process with calls to _exit(2).
* modules/pam_filter/pam_filter.c (set_filter): Likewise.
* modules/pam_namespace/pam_namespace.c (inst_init,
cleanup_tmpdirs): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2009-02-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
signal() with sigaction().
* modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
Likewise.
* modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
* modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
Likewise.
* modules/pam_unix/passverify.c(su_sighandler): Likewise.
* modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
* modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
for auxiliary functions.
* modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
option. Document new serialize option.
* modules/pam_tally2/pam_tally2.c: Add support for the new serialize
option.
(_cleanup, tally_set_data, tally_get_data): Add tally file handle to
tally PAM data. Needed for fcntl() locking.
(get_tally): Use low level file access instead of stdio buffered FILE.
If serialize option is used lock the tally file access.
(set_tally, tally_bump, tally_reset): Use low level file access instead
of stdio buffered FILE. Close the file handle only when it is not owned
by PAM data.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
file handle to tally_set_data(). Get it from tally_get_data().
(main): Use low level file access instead of stdio buffered FILE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-04-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c: New functions
unprotect_dirs(), cleanup_protect_data(), protect_mount(),
protect_dir() to protect directory by bind mount.
(cleanup_data): Renamed to cleanup_polydir_data().
(parse_create_params): Allow missing specification of mode
or owner.
(check_inst_parent): Call protect_dir() on the instance parent
directory. The directory is created when it doesn't exist.
(create_polydir): Protect and make the polydir by protect_dir(),
remove potential races.
(create_dirs): Renamed to create_instance(), remove call to
inst_init().
(ns_setup): Call protect_dir() on the polydir if it already exists.
Call inst_init() after the polydir is mounted.
(setup_namespace): Set the namespace protect data to be cleaned up
on pam_close_session()/pam_end().
(pam_sm_open_session): Initialize the protect_dirs.
(pam_sm_close_session): Cleanup namespace protect data.
* modules/pam_namespace/pam_namespace.h: Define struct for the
stack of protected dirs.
* modules/pam_namespace/pam_namespace.8.xml: Document when the
instance init script is called.
* modules/pam_namespace/namespace.conf.5.xml: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2008-03-20 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
method only when appropriate.
(setup_namespace): Do not umount when not mounted with RUSER.
* modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
freecontext() after the context is logged not before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2008-02-13 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
dir.
* modules/pam_namespace/argv_parse.c: New file.
* modules/pam_namespace/argv_parse.h: New file.
* modules/pam_namespace/namespace.conf.5.xml: Document new features.
* modules/pam_namespace/pam_namespace.8.xml: Likewise.
* modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
and polydir flags.
(polydir_s): Add rdir, replace exclusive with flags, add init_script,
owner, group, and mode.
(instance_data): Add ruser, gid, and ruid.
* modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
(add_polydir_entry): Add the entry directly, no copy.
(del_polydir): New function.
(del_polydir_list): Call del_polydir().
(expand_variables, parse_create_params, parse_iscript_params,
parse_method): New functions.
(process_line): Call expand_variables() on polydir and instance prefix.
Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
(parse_config_file): Parse .conf files from namespace.d dir after
namespace.conf.
(form_context): Call getcon() or get_default_context_with_level() when
appropriate flags are set.
(poly_name): Handle shared polydir flag.
(inst_init): Execute non-default init script when specified.
(create_polydir): New function.
(create_dirs): Remove the code which checks the polydir. Do not call
inst_init() when noinit flag is set.
(ns_setup): Check the polydir and eventually create it if the create flag
is set.
(setup_namespace): Use ruser uid from idata. Set the namespace polydir
pam data only when namespace was set up correctly. Unmount polydir
based on ruser.
(get_user_data): New function.
(pam_sm_open_session): Check for use_current_context and
use_default_context options. Call get_user_data().
(pam_sm_close_session): Call get_user_data().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2007-09-27 Tomas Mraz <t8m@centrum.cz>
* modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
operator rhbz #295151.
* modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
get context when SELinux is disabled rhbz #306901.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix, new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/README.xml: Avoid duplication of
documentation.
* modules/pam_namespace/namespace.conf: More real life example
from MLS support.
* modules/pam_namespace/namespace.conf.5.xml: Likewise plus
properly describe how instance directory names are formed.
* modules/pam_namespace/namespace.init: Preserve euid when
called from setuid apps (su, newrole).
* modules/pam_namespace/pam_namespace.8.xml: Added option
no_unmount_on_close.
* modules/pam_namespace/pam_namespace.c (process_line): Polyinst
methods are now user, level and context. Fix crash on unknown
override user in config file.
(ns_override): Add explicit uid parameter.
(form_context): Skip for user method. Implement level based
polyinstantiation.
(poly_name): Initialize contexts. Add level based polyinst,
remove 'both' metod. Use raw contexts for instance names,
truncate long instance names and add hash.
(ns_setup): Hashing moved to poly_name().
(setup_namespace): Handle correctly override users for
su (when unmnt_remnt is used).
(pam_sm_close_session): Added no_unmount_on_close option.
* modules/pam_namespace/pam_namespace.h: Added
no_unmount_on_close_option, level method, limit on instance
directory name length.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/pam_namespace.c: Reserve space for
trailing zero.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
instead of getpwnam().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: cleanup
Commit summary:
---------------
2006-07-24 David Quigley <dpquigl@tycho.nsa.gov>
* modules/pam_namespace/Makefile.am: Add pam_namespace.h.
* modules/pam_namespace/pam_namespace.c: Move includes and
data structure definitions from here ...
* modules/pam_namespace/pam_namespace.h: ... here. New file.
* modules/pam_namespace/pam_namespace.c: Move large sections
of code into new functions.
Acked by Janak Desai <janak@us.ibm.com>
|
|
|
Purpose of commit: new feature
Commit summary:
---------------
* modules/pam_namespace/pam_namespace.c: New module
originally written by Janak Desai.
* modules/pam_namespace/Makefile.am: New.
* modules/pam_namespace/README: New.
* modules/pam_namespace/md5.c: New.
* modules/pam_namespace/md5.h: New.
* modules/pam_namespace/namespace.conf: New.
* modules/pam_namespace/namespace.conf.5: New.
* modules/pam_namespace/namespace.conf.5.xml: New.
* modules/pam_namespace/namespace.init: New.
* modules/pam_namespace/pam_namespace.8: New.
* modules/pam_namespace/pam_namespace.8.xml: New.
* modules/Makefile.am: Added pam_namespace.
* configure.in: Added pam_namespace, test for unshare
library call.
|
