summaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAge
...
* pam_mkhomedir: check and create home directory for the same user (ticket #22)Dmitry V. Levin2014-01-20
| | | | | | | | | | | | | | | | | | | | | Before pam_mkhomedir helper was introduced in commit 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for existance and creating the same directory - the home directory of the user NAME returned by pam_get_item(PAM_USER). The change in behaviour accidentally introduced along with mkhomedir_helper is not consistent: while the module still checks for getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily the same as the directory being checked. This change brings check and creation back in sync, both handling getpwnam(NAME)->pw_dir. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace "struct passwd *" argument with user's name and home directory. Pass user's name to MKHOMEDIR_HELPER. (pam_sm_open_session): Update create_homedir call.
* pam_limits: detect and ignore stale utmp entriesTomas Mraz2014-01-20
| | | | | | | | Original idea by Christopher Hailey * modules/pam_limits/pam_limits.c (check_logins): Use kill() to detect if pid of the utmp entry is still running and ignore the entry if it is not.
* pam_loginuid: Always return PAM_IGNORE in usernsStéphane Graber2014-01-18
| | | | | | | | | | | | | | | | | | | | | | | | | The previous patch to support user namespaces works fine with containers that are started from a desktop/terminal session but fails when dealing with containers that were started from a remote session such as ssh. I haven't looked at the exact reason for that in the kernel but on the userspace side of things, the difference is that containers started from an ssh session will happily let pam open /proc/self/loginuid read-write, will let it read its content but will then fail with EPERM when trying to write to it. So to make the userns support bullet proof, this commit moves the userns check earlier in the function (which means a small performance impact as it'll now happen everytime on kernels that have userns support) and will set rc = PAM_IGNORE instead of rc = PAM_ERROR. The rest of the code is still executed in the event that PAM is run on a future kernel where we have some kind of audit namespace that includes a working loginuid. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Signed-off-by: Steve Langasek <vorlon@debian.org> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_namespace: don't use bashisms in default namespace.init scriptSteve Langasek2014-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | * modules/pam_namespace/pam_namespace.c: call setuid() before execing the namespace init script, so that scripts run with maximum privilege regardless of the shell implementation. * modules/pam_namespace/namespace.init: drop the '-p' bashism from the shebang line This is not a POSIX standard option, it's a bashism. The bash manpage says that it's used to prevent the effective user id from being reset to the real user id on startup, and to ignore certain unsafe variables from the environment. In the case of pam_namespace, the -p is not necessary for environment sanitizing because the PAM module (properly) sanitizes the environment before execing the script. The stated reason given in CVS history for passing -p is to "preserve euid when called from setuid apps (su, newrole)." This should be done more portably, by calling setuid() before spawning the shell. Signed-off-by: Steve Langasek <vorlon@debian.org> Bug-Debian: http://bugs.debian.org/624842 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323
* pam_loginuid: Ignore failure in user namespacesStéphane Graber2014-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running pam_loginuid in a container using the user namespaces, even uid 0 isn't allowed to set the loginuid property. This change catches the EACCES from opening loginuid, checks if the user is in the host namespace (by comparing the uid_map with the host's one) and only if that's the case, sets rc to 1. Should uid_map not exist or be unreadable for some reason, it'll be assumed that the process is running on the host's namespace. The initial reason behind this change was failure to ssh into an unprivileged container (using a 3.13 kernel and current LXC) when using a standard pam profile for sshd (which requires success from pam_loginuid). I believe this solution doesn't have any drawback and will allow people to use unprivileged containers normally. An alternative would be to have all distros set pam_loginuid as optional but that'd be bad for any of the other potential failure case which people may care about. There has also been some discussions to get some of the audit features tied with the user namespaces but currently none of that has been merged upstream and the currently proposed implementation doesn't cover loginuid (nor is it clear how this should even work when loginuid is set as immutable after initial write). Signed-off-by: Steve Langasek <vorlon@debian.org> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not existDmitry V. Levin2014-01-10
| | | | | | | | | | | | | When /proc/self/loginuid does not exist, return PAM_IGNORE instead of PAM_SUCCESS, so that we can distinguish between "loginuid set successfully" and "loginuid not set, but this is expected". Suggested by Steve Langasek. * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid does not exist, PAM_SESSION_ERR in case of any other error. (_pam_loginuid): Forward the PAM error code returned by set_loginuid.
* pam_access: fix debug level logging (ticket #19)Dmitry V. Levin2013-11-20
| | | | | * modules/pam_access/pam_access.c (group_match): Log the group token passed to the function, not an uninitialized data on the stack.
* pam_warn: log flags passed to the module (ticket #25)Dmitry V. Levin2013-11-20
| | | | | | | | * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and log it using pam_syslog. (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass "flags" argument to log_items.
* pam_securetty: check return value of fgetsDmitry V. Levin2013-11-20
| | | | | | | | Checking return value of fgets not only silences the warning from glibc but also leads to a cleaner code. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Check return value of fgets.
* pam_lastlog: fix format stringDmitry V. Levin2013-11-20
| | | | | | | | gcc -Wformat justly complains: format '%d' expects argument of type 'int', but argument 5 has type 'time_t' * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format string.
* If the correct loginuid is set already, skip writing it.Darren Tucker2013-11-20
| | | | | modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid and skip writing if already correctly set.
* Always ask for old password if changing NIS accountThorsten Kukuk2013-11-11
| | | | | * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask for old password if NIS account.
* Allow DES as compatibility option for /etc/login.defsThorsten Kukuk2013-11-08
| | | | * modules/pam_unix/support.h: Add UNIX_DES
* Make pam_tty_audit work with old kernels not supporting log_passwd.Tomas Mraz2013-10-14
| | | | | | | modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros if message is short from older kernel. Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
* Fix pam_tty_audit log_passwd support and regression.Tomas Mraz2013-09-25
| | | | | modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. (pam_sm_open_session): Always copy the old status as initialization of new.
* Check return value of setuid to remove glibc warnings.Thorsten Kukuk2013-09-16
| | | | | * modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise.
* Write to *rounds only if non-NULL.Tomas Mraz2013-09-13
| | | | modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
* Add missing ')'Tomas Mraz2013-09-13
| | | | modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
* Extend pam_exec by stdout and type= options (ticket #8):Thorsten Kukuk2013-09-04
| | | | | * modules/pam_exec/pam_exec.c: Add stdout and type= option * modules/pam_exec/pam_exec.8.xml: Document new options
* Fix compile errorThorsten Kukuk2013-08-30
| | | | * modules/pam_unix/pam_unix_acct.c: fix last change
* Restart waitpid if it returns with EINTR (ticket #17)Thorsten Kukuk2013-08-29
| | | | | | * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c: Likewise.
* Apply the exclusive check in pam_sepermit only when loginuid not set.Tomas Mraz2013-08-23
| | | | | | * modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from /proc (sepermit_match): Apply the exclusive check only when loginuid not set.
* pam_rootok: fix linking in --enable-audit modeDmitry V. Levin2013-07-01
| | | | | | | pam_rootok.c explicitly uses functions from libaudit, so the module has to be linked with the library. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@.
* pam_tty_audit: fix a typo that crept in during patch reviewRichard Guy Briggs2013-07-01
| | | | | | | | | | * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD. * configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
* pam_tty_audit: add an option to control logging of passwords: log_passwdRichard Guy Briggs2013-06-21
| | | | | | | | | | | | | | | | | | Most commands are entered one line at a time and processed as complete lines in non-canonical mode. Commands that interactively require a password, enter canonical mode with echo set to off to do this. This feature (icanon and !echo) can be used to avoid logging passwords by audit while still logging the rest of the command. Adding a member to the struct audit_tty_status passed in by pam_tty_audit allows control of logging passwords per task. * configure.in: autoconf bits to conditionally add support at compile time depending on struct audit_tty_status kernel header version. * modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module log_passwd option. * modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added "log_passwd" option parsing. Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
* Man page fix - unix_update runs in the permissive mode as well.Tomas Mraz2013-06-20
| | | | | modules/pam_unix/unix_update.8.xml: unix_update helper runs in the permissive mode as well.
* Use hash from /etc/login.defs as default if noThorsten Kukuk2013-06-18
| | | | | | | | | other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. * modules/pam_umask/pam_umask.c: Add missing NULL pointer check
* pam_access: better not change the default function used to get domain name.Tomas Mraz2013-04-12
| | | | | | modules/pam_access/pam_access.c (netgroup_match): As we did not use yp_get_default_domain() in the 1.1 branch due to typo in ifdef we should use it only as fallback.
* Fix strict aliasing issue in MD5 implementations.Tomas Mraz2013-03-28
| | | | | modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment. modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
* pam_lastlog: Do not fail on short read if btmp is corrupted.Tomas Mraz2013-03-22
| | | | | modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail on short read or read error.
* pam_rootok: Allow proper logging of the user AVC if access disallowed by SELinuxTomas Mraz2013-03-22
| | | | | modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions. (check_for_root): Use the selinux_check_root() instead of checkPasswdAccess.
* Add checks for crypt() returning NULL.Tomas Mraz2013-02-08
| | | | | modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
* pam_userdb: Allow also modern password hashes supported by crypt().Tomas Mraz2013-02-07
| | | | | modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes longer than 13 characters and long salt.
* pam_access: fix typo in ifdefWalter de Jong2013-01-18
| | | | | modules/pam_access/pam_access.c (netgroup_match): Fix typo in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN.
* pam_cracklib: Mention checks that are not run for root.Tomas Mraz2012-12-20
| | | | | modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks when run as root.
* pam_selinux: Drop obsolete and unsupported manual context selection.Tomas Mraz2012-11-30
| | | | | modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call.
* pam_limits: fix grammatical mistake.Tomas Mraz2012-11-23
| | | | modules/pam_limits/limits.conf: Fix grammatical mistake.
* pam_unix: fix build in --enable-selinux modeDmitry V. Levin2012-10-10
| | | | | | | | | | | | | | | glibc's <sys/wait.h> starting with commit http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467 does not include <sys/resource.h> for POSIX 2008 conformance reasons, so when pam is being built with SELinux support enabled, pam_unix_passwd.c uses getrlimit(2) and therefore should include <sys/resource.h> without relying on other headers. * modules/pam_unix/pam_unix_passwd.c: Include <sys/resource.h>. Reported-by: Guido Trentalancia <guido@trentalancia.com> Reported-by: "Jory A. Pratt" <anarchy@gentoo.org> Reported-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
* pam_namespace: add mntopts flag for tmpfs mount optionsTomas Mraz2012-10-10
| | | | | | | | | modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir structure. modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts. (parse_method): Parse the mntopts flag. (ns_setup): Pass the mount_opts to mount(). modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
* pam_selinux, pam_tally2: Add tty and rhost to audit data.Tomas Mraz2012-09-06
| | | | | | | | modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit.
* Add missing $(DESTDIR) when making directories on install.Tomas Mraz2012-08-17
| | | | | | | modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making $(namespaceddir) on install. modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making $(sepermitlockdir) on install.
* Small documentation and define fixesThorsten Kukuk2012-08-16
| | | | | | | modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary modules/pam_pwhistory/pam_pwhistory.c: Document how the module works modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
* Document limits.d also in the limits.conf manpage.Tomas Mraz2012-08-09
| | | | modules/pam_limits/limits.conf.5.xml: Document the limits.d existence.
* New autotools do not create empty directories on install.Tomas Mraz2012-07-23
| | | | | | | modules/pam_namespace/Makefile.am: Add install-data-local target to create namespaceddir. modules/pam_sepermit/Makefile.am: Add install-data-local target to create sepermitlockdir.
* RLIMIT_* variables are no longer defined unless you explicitly includeStevan Bajić2012-07-09
| | | | | | | | sys/resource.h. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu> modules/pam_unix/pam_unix_acct.c: Include sys/resource.h.
* pam_umask: correct the documentation of GECOS field parsingTomas Mraz2012-06-27
| | | | | modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field parsing.
* pam_cracklib: Add monotonic character sequence checking.Tomas Mraz2012-06-22
| | | | | | | modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option. (sequence): New function to check for too long monotonic sequence of characters. (password_check): Call the sequence(). modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check.
* pam_timestamp: Fix copy&paste error in manpage.Tomas Mraz2012-06-01
| | | | modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section.
* pam_pwhistory: Always record the old password even when root changes it.Tomas Mraz2012-05-28
| | | | | | modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Use the UID of the process instead of the target user UID (same as in pam_cracklib) to check for root. Always record old password.
* pam_cracklib: Add enforce_for_root option.Tomas Mraz2012-05-24
| | | | | | modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option. (pam_sm_chauthtok): Enforce errors for root with the option. modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option.