summaryrefslogtreecommitdiff
path: root/modules/pam_tally/pam_tally.c
Commit message (Collapse)AuthorAge
* modules: downgrade syslog level for errors related to pam_get_userDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_faillock/pam_faillock.c (get_pam_user): Downgrade the syslog level for diagnostics of errors returned by pam_modutil_getpwnam for users returned by pam_get_user from LOG_ERR to LOG_NOTICE. * modules/pam_keyinit/pam_keyinit.c (do_keyinit): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_sepermit/pam_sepermit.c (sepermit_lock): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Downgrade the syslog level for diagnostics of errors returned by pam_modutil_getpwnam for users returned by pam_get_user from LOG_WARNING to LOG_NOTICE. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
* modules: downgrade syslog level for pam_get_user errorsDmitry V. Levin2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_access/pam_access.c (pam_sm_authenticate): Downgrade the syslog level for pam_get_user errors from LOG_ERR to LOG_NOTICE. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Likewise. * modules/pam_ftp/pam_ftp.c (pam_sm_authenticate): Likewise. * modules/pam_group/pam_group.c (pam_sm_setcred): Likewise. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Likewise. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_nologin/pam_nologin.c (perform_check): Likewise. * modules/pam_rhosts/pam_rhosts.c (pam_sm_authenticate): Likewise. * modules/pam_sepermit/pam_sepermit.c (pam_sm_authenticate): Likewise. * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Likewise. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate, pam_sm_acct_mgmt): Likewise. * modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Likewise. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session, pam_sm_close_session): Likewise. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Downgrade the syslog level for pam_get_user errors from LOG_WARNING to LOG_NOTICE. * modules/pam_stress/pam_stress.c (pam_sm_authenticate): Likewise. Suggested-by: Tomáš Mráz <tmraz@fedoraproject.org>
* modules: do not check user name for emptyness before passing it to ↵Dmitry V. Levin2020-05-16
| | | | | | | | | | | | | | | | pam_modutil_getpwnam pam_modutil_getpwnam is perfectly capable of handling empty strings as user names, no need to double check that. * modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check the user name for emptyness before passing it to pam_modutil_getpwnam. * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise. * modules/pam_shells/pam_shells.c (perform_check): Likewise. * modules/pam_tally/pam_tally.c (pam_get_uid): Likewise. * modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise. * modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
* modules: remove PAM_SM_* macrosDmitry V. Levin2020-05-03
| | | | | | Starting with commit a684595c0bbd88df71285f43fb27630e3829121e aka Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support from Linux-PAM), PAM_SM_* macros have no effect.
* Fix various typos found using codespell toolDmitry V. Levin2020-03-28
|
* modules/pam_tally: use pam_str_skip_prefixDmitry V. Levin2020-03-19
| | | | | | * modules/pam_tally/pam_tally.c: Include "pam_inline.h". (tally_parse_args, getopts): Use pam_str_skip_prefix instead of ugly strncmp invocations.
* modules/pam_tally, modules/pam_tally2: fix compilation warningsDmitry V. Levin2020-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the following compilation warnings reported by gcc when sizeof(time_t) > sizeof(long), e.g. on x32: modules/pam_tally/pam_tally.c:541:7: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] 541 | _("The account is temporarily locked (%ld seconds left)."), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ modules/pam_tally/pam_tally.c:546:40: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] 546 | "user %s (%lu) has time limit [%lds left]" | ~~^ | | | long int | %lld ...... 549 | oldtime+lock_time-time(NULL)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | time_t {aka long long int} modules/pam_tally2/pam_tally2.c:592:27: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] 592 | pam_info(pamh, _("The account is temporarily locked (%ld seconds left)."), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ modules/pam_tally2/pam_tally2.c:597:50: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=] 597 | "user %s (%lu) has time limit [%lds left]" | ~~^ | | | long int | %lld ...... 600 | oldtime+opts->lock_time-time(NULL)); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | time_t {aka long long int} This change doesn't attempt to fix handling of 64-bit time_t on 32-bit systems in these modules. * modules/pam_tally/pam_tally.c (tally_check): Cast time_t expressions to long int before passing them to pam_info and pam_syslog. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise.
* pam_tally, pam_tally2: fix grammar and spelling (#54)Dmitry V. Levin2018-06-22
| | | | | | | | | | * modules/pam_tally/pam_tally.c (tally_check): Replace "Account is temporary locked" with "The account is temporarily locked" in translated messages. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * po/Linux-PAM.pot: Update pam_tally and pam_tally2 messages. Closes: https://github.com/linux-pam/linux-pam/issues/54
* Fix grammar of messages printed via pam_promptDmitry V. Levin2018-06-19
| | | | | | | | | | | | | | | | | | | | | | | | | Turn into proper sentences those messages that are printed without further modifications using pam_prompt in contexts where proper sentences are expected. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix grammar of the message passed to pam_error. * modules/pam_limits/pam_limits.c (pam_sm_open_session): Likewise. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix grammar of error messages passed to pam_error. * modules/pam_mail/pam_mail.c (report_mail): Fix grammar of a message passed to pam_info. * modules/pam_timestamp/pam_timestamp.c (verbose_success): Likewise. * modules/pam_selinux/pam_selinux.c (config_context, send_text): Fix grammar of messages passed to pam_prompt. * modules/pam_tally/pam_tally.c (tally_check): Fix grammar of messages passed to pam_info. * modules/pam_tally2/pam_tally2.c (tally_check): Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Fix grammar of messages passed to _make_remark. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass, pam_sm_chauthtok): Likewise. * po/Linux-PAM.pot: Regenerate.
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* Fix whitespace issuesDmitry V. Levin2011-10-26
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs:Tomas Mraz2008-09-25
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-09-25 Tomas Mraz <t8m@centrum.cz> * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message. (tally_check): Open faillog read only. Close file descriptor. Fix typos in messages.
* Relevant BUGIDs:Thorsten Kukuk2008-07-09
| | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/pam_tally.c: Add support for silent and no_log_info options. * modules/pam_tally/pam_tally.8.xml: Document silent and no_log_info options.
* Relevant BUGIDs: 1822779Thorsten Kukuk2007-11-20
| | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't link pam_tally application against libpam, if linked static, libpam is not yet available. 2007-11-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/pam_tally.c (tally_log): Map pam_modutil_getpwnam to getpwnam if we don't compile as module. * modules/pam_tally/Makefile.am: Don't link pam_tally_app against libpam (#1822779).
* Relevant BUGIDs: Debian bug #446327Steve Langasek2007-10-25
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2007-10-25 Steve Langasek <vorlon@debian.org> * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT to be octal instead of decimal, so that it works properly in a bit field instead of forcing the "even_deny_root_account" and "no_reset" options to on. Patch from Corey Wright <undefined@pobox.com>.
* Relevant BUGIDs:Thorsten Kukuk2006-06-14
| | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-06-14 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Remove --enable-memory-debug, add option to disable prelude if installed. * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise. * modules/pam_unix/unix_chkpwd.c: Likewise. * libpam/include/security/_pam_types.h: Likewise. * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export. * libpam/pam_malloc.c: Remove file. * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.
* Relevant BUGIDs: 1490956,1489818,1489808,1489792,1489804,1489658,1489634Thorsten Kukuk2006-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfixes Commit summary: --------------- 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix memory leaks, [#1490956] found by Coverity. * modules/pam_tally/pam_tally.c (pam_get_uid): Check return value of pam_get_user(). (tally_get_data): Check if oldtime is not NULL. [#1489818] found by Coverity. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't ignore return value of stat(). [#1489808] found by Coverity. * modules/pam_mail/pam_mail.c (get_folder): Fix a potential NULL pointer dereference. [#1489792] found by Coverity. * libpam/Makefile.am: bump release number of libpam.so. * libpam/pam_misc.c (_pam_mkargv): Fix memory leak, [#1489804] found by Coverity. * modules/pam_echo/pam_echo.c (replace_and_print): Initialize str, [#1489658] found by Coverity. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix a potential NULL pointer dereference. (pam_sm_chauthtok): Remove dead code. [#1489634] found by Coverity.
* Relevant BUGIDs:Thorsten Kukuk2006-05-15
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-05-04 Thorsten Kukuk <kukuk@suse.de> * configure.in: Check for fseeko. * modules/pam_tally/pam_tally.c: Use fseeko if available (Based on patch by IBM).
* Relevant BUGIDs: 1427738Thorsten Kukuk2006-05-02
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-05-02 Thorsten Kukuk <kukuk@suse.de> * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use different strings for plural or not [#1427738] * po/*.po: Adjust for pam_unix.so translation fix.
* Relevant BUGIDs: 1478180Thorsten Kukuk2006-05-02
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2006-05-02 Thorsten Kukuk <kukuk@suse.de> * modules/pam_tally/pam_tally.c: Always close file handle in error case, don't close it depending on *TALLY value [#1478180]
* Relevant BUGIDs:Tomas Mraz2005-09-21
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs:Tomas Mraz2005-09-15
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Use the new pam_syslog and pam_prompt helper functions. Patches by ldv.
* Relevant BUGIDs: noneThorsten Kukuk2005-07-20
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Mark message strings for translation
* Relevant BUGIDs: noneThorsten Kukuk2005-07-20
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Rename _pam_aconf.h to config.h.
* Relevant BUGIDs: noneThorsten Kukuk2005-06-09
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Fix all occurrence of dereferencing type-punned pointer will break strict-aliasing rules warnings
* Relevant BUGIDs: noneThorsten Kukuk2005-04-29
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix some compiler warnings
* Relevant BUGIDs:Tomas Mraz2005-04-04
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Test for NULL data before dereferencing them
* Relevant BUGIDs: noneTomas Mraz2005-01-24
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Fix possible segfault in the last patch to pam_tally.
* Fixed string issue for backward compatibility (pointed out by Yoann ↵Sebastien Tricaud2005-01-19
| | | | Vandoorselaere)
* Audit option addedSebastien Tricaud2005-01-16
|
* Relevant BUGIDs: Red Hat bz 60930Tomas Mraz2005-01-07
| | | | | | | | Purpose of commit: bugfix, new feature Commit summary: --------------- major rewrite of the pam_tally module
* Relevant BUGIDs:Thorsten Kukuk2004-09-24
| | | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: 440107: Add various patches from Linux Distibutors to make PAM modules reentrant.
* Relevant BUGIDs:Thorsten Kukuk2004-09-22
| | | | | | | | | Purpose of commit: Commit summary: --------------- bugfix: Add rest of Steve Grubb's resource leak and other fixes
* Relevant BUGIDs: 485454Andrew G. Morgan2001-12-09
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- The malloc debugging stuff appears to have had a few residual issues that I've fixed (trying to resolve another checkin!).
* Relevant BUGIDs: 476985Andrew G. Morgan2001-11-13
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Nalin's fix to do a better job of not corrupting the lastlog file.
* Relevant BUGIDs: 436432Steve Langasek2001-06-27
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- nix unneeded #include line from pam_tally.c. Keep things as minimalistic as possible until we /know/ it's needed for something.
* Relevant BUGIDs: 436432Andrew G. Morgan2001-06-27
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- small changes inspired by reading a red hat diff.
* Relevant BUGIDs: 117434Andrew G. Morgan2001-01-20
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Appear to have left these fixes out with last commit to resolve 117434.
* Relevant BUGIDs: 117434Andrew G. Morgan2000-12-10
| | | | | | | | Purpose of commit: bugfix Commit summary: --------------- removed static variables from pam_tally - should be thread safe now.
* Relevant BUGIDs: 124394Jan Rekorajski2000-12-04
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- * pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing to faillog
* Relevant BUGIDs: task 15788, bugs 108297, 117476, 117474Andrew G. Morgan2000-11-19
| | | | | | | | | | | | | | Purpose of commit: autoconf support for Linux-PAM Commit summary: --------------- This is a merge of the autoconf support that was developed against a 0-72 branch. [Note, because CVS has some issues, this is actually only 95% of the actual commit. The other files were actually committed when the preparation branch Linux-PAM-0-73pre-autoconf was updated. Hopefully, this will complete the merge.]
* Initial revisionAndrew G. Morgan2000-06-20