| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The change was prepared using the following script:
git grep -l '^TESTS = tst-pam_' modules/ |while read m; do
t="$(sed '/^TESTS = tst-pam_/!d;s/^TESTS = //;q' -- "$m")"
sed -i "/^EXTRA_DIST =/ s/$t\\>/\$(TESTS)/" -- "$m"
done
* modules/pam_access/Makefile.am (EXTRA_DIST): Replace tst-pam_access
with $(TESTS).
* modules/pam_cracklib/Makefile.am (EXTRA_DIST): Replace
tst-pam_cracklib with $(TESTS).
* modules/pam_debug/Makefile.am (EXTRA_DIST): Replace tst-pam_debug with
$(TESTS).
* modules/pam_deny/Makefile.am (EXTRA_DIST): Replace tst-pam_deny with
$(TESTS).
* modules/pam_echo/Makefile.am (EXTRA_DIST): Replace tst-pam_echo with
$(TESTS).
* modules/pam_env/Makefile.am (EXTRA_DIST): Replace tst-pam_env with
$(TESTS).
* modules/pam_exec/Makefile.am (EXTRA_DIST): Replace tst-pam_exec with
$(TESTS).
* modules/pam_faildelay/Makefile.am (EXTRA_DIST): Replace
tst-pam_faildelay with $(TESTS).
* modules/pam_filter/Makefile.am (EXTRA_DIST): Replace tst-pam_filter
with $(TESTS).
* modules/pam_ftp/Makefile.am (EXTRA_DIST): Replace tst-pam_ftp with
$(TESTS).
* modules/pam_group/Makefile.am (EXTRA_DIST): Replace tst-pam_group with
$(TESTS).
* modules/pam_issue/Makefile.am (EXTRA_DIST): Replace tst-pam_issue with
$(TESTS).
* modules/pam_keyinit/Makefile.am (EXTRA_DIST): Replace tst-pam_keyinit
with $(TESTS).
* modules/pam_lastlog/Makefile.am (EXTRA_DIST): Replace tst-pam_lastlog
with $(TESTS).
* modules/pam_limits/Makefile.am (EXTRA_DIST): Replace tst-pam_limits
with $(TESTS).
* modules/pam_listfile/Makefile.am (EXTRA_DIST): Replace
tst-pam_listfile with $(TESTS).
* modules/pam_localuser/Makefile.am (EXTRA_DIST): Replace
tst-pam_localuser with $(TESTS).
* modules/pam_loginuid/Makefile.am (EXTRA_DIST): Replace
tst-pam_loginuid with $(TESTS).
* modules/pam_mail/Makefile.am (EXTRA_DIST): Replace tst-pam_mail with
$(TESTS).
* modules/pam_mkhomedir/Makefile.am (EXTRA_DIST): Replace
tst-pam_mkhomedir with $(TESTS).
* modules/pam_motd/Makefile.am (EXTRA_DIST): Replace tst-pam_motd with
$(TESTS).
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace
tst-pam_namespace with $(TESTS).
* modules/pam_nologin/Makefile.am (EXTRA_DIST): Replace tst-pam_nologin
with $(TESTS).
* modules/pam_permit/Makefile.am (EXTRA_DIST): Replace tst-pam_permit
with $(TESTS).
* modules/pam_pwhistory/Makefile.am (EXTRA_DIST): Replace
tst-pam_pwhistory with $(TESTS).
* modules/pam_rhosts/Makefile.am (EXTRA_DIST): Replace tst-pam_rhosts
with $(TESTS).
* modules/pam_rootok/Makefile.am (EXTRA_DIST): Replace tst-pam_rootok
with $(TESTS).
* modules/pam_securetty/Makefile.am (EXTRA_DIST): Replace
tst-pam_securetty with $(TESTS).
* modules/pam_sepermit/Makefile.am (EXTRA_DIST): Replace
tst-pam_sepermit with $(TESTS).
* modules/pam_setquota/Makefile.am (EXTRA_DIST): Replace
tst-pam_setquota with $(TESTS).
* modules/pam_shells/Makefile.am (EXTRA_DIST): Replace tst-pam_shells
with $(TESTS).
* modules/pam_stress/Makefile.am (EXTRA_DIST): Replace tst-pam_stress
with $(TESTS).
* modules/pam_succeed_if/Makefile.am (EXTRA_DIST): Replace
tst-pam_succeed_if with $(TESTS).
* modules/pam_tally/Makefile.am (EXTRA_DIST): Replace tst-pam_tally with
$(TESTS).
* modules/pam_tally2/Makefile.am (EXTRA_DIST): Replace tst-pam_tally2
with $(TESTS).
* modules/pam_time/Makefile.am (EXTRA_DIST): Replace tst-pam_time with
$(TESTS).
* modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Replace
tst-pam_tty_audit with $(TESTS).
* modules/pam_umask/Makefile.am (EXTRA_DIST): Replace tst-pam_umask with
$(TESTS).
* modules/pam_userdb/Makefile.am (EXTRA_DIST): Replace tst-pam_userdb
with $(TESTS).
* modules/pam_usertype/Makefile.am (EXTRA_DIST): Replace
tst-pam_usertype with $(TESTS).
* modules/pam_warn/Makefile.am (EXTRA_DIST): Replace tst-pam_warn with
$(TESTS).
* modules/pam_wheel/Makefile.am (EXTRA_DIST): Replace tst-pam_wheel with
$(TESTS).
* modules/pam_xauth/Makefile.am (EXTRA_DIST): Replace tst-pam_xauth with
$(TESTS).
|
|
|
|
| |
* modules/pam_namespace/Makefile.am: Merge MAN5 and MAN8 into man_MANS.
|
|
|
|
|
|
|
|
|
|
|
| |
Manual pages already belong to man_MANS, listing them also
in noinst_DATA does not help in any way.
* modules/pam_cracklib/Makefile.am (noinst_DATA): Remove pam_cracklib.8.
* modules/pam_selinux/Makefile.am (noinst_DATA): Remove pam_selinux.8.
* modules/pam_sepermit/Makefile.am (noinst_DATA): Remove pam_sepermit.8
and sepermit.conf.5.
* modules/pam_userdb/Makefile.am (noinst_DATA): Remove pam_userdb.8.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_ARG_ENABLE): Add tally and tally2.
(AM_CONDITIONAL): Add COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2.
* modules/Makefile.am [COND_BUILD_PAM_TALLY] (MAYBE_PAM_TALLY): Define.
[COND_BUILD_PAM_TALLY2] (MAYBE_PAM_TALLY2): Likewise.
(SUBDIRS): Replace pam_tally with $(COND_BUILD_PAM_TALLY), pam_tally2
with $(COND_BUILD_PAM_TALLY2).
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_LIBSELINUX with
COND_BUILD_PAM_SELINUX and COND_BUILD_PAM_SEPERMIT.
* modules/Makefile.am [COND_BUILD_PAM_SELINUX] (MAYBE_PAM_SELINUX):
Define.
[COND_BUILD_PAM_SEPERMIT] (MAYBE_PAM_SEPERMIT): Likewise.
(SUBDIRS): Replace pam_selinux with $(MAYBE_PAM_SELINUX),
pam_sepermit with MAYBE_PAM_SEPERMIT.
* modules/pam_selinux/Makefile.am: Assume HAVE_LIBSELINUX.
* modules/pam_sepermit/Makefile.am: Likewise.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_UNSHARE with
COND_BUILD_PAM_NAMESPACE.
* modules/Makefile.am [COND_BUILD_PAM_NAMESPACE] (MAYBE_PAM_NAMESPACE):
Define.
(SUBDIRS): Replace pam_namespace with $(MAYBE_PAM_NAMESPACE).
* modules/pam_namespace/Makefile.am: Assume HAVE_UNSHARE.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_LIBDB with
COND_BUILD_PAM_USERDB.
* modules/Makefile.am [COND_BUILD_PAM_USERDB] (MAYBE_PAM_USERDB):
Define.
(SUBDIRS): Replace pam_userdb with $(MAYBE_PAM_USERDB).
* modules/pam_userdb/Makefile.am: Assume HAVE_LIBDB.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_LIBCRACK with
COND_BUILD_PAM_CRACKLIB.
* modules/Makefile.am [COND_BUILD_PAM_CRACKLIB] (MAYBE_PAM_CRACKLIB):
Define.
(SUBDIRS): Replace pam_cracklib with $(MAYBE_PAM_CRACKLIB).
* modules/pam_cracklib/Makefile.am: Assume HAVE_LIBCRACK.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_KEY_MANAGEMENT with
COND_BUILD_PAM_KEYINIT.
* modules/Makefile.am [COND_BUILD_PAM_KEYINIT] (MAYBE_PAM_KEYINIT):
Define.
(SUBDIRS): Replace pam_keyinit with $(MAYBE_PAM_KEYINIT).
* modules/pam_keyinit/Makefile.am: Assume HAVE_KEY_MANAGEMENT.
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_CONDITIONAL): Replace HAVE_AUDIT_TTY_STATUS with
COND_BUILD_PAM_TTY_AUDIT.
* modules/Makefile.am [COND_BUILD_PAM_TTY_AUDIT] (MAYBE_PAM_TTY_AUDIT):
Define.
(SUBDIRS): Replace pam_tty_audit with $(MAYBE_PAM_TTY_AUDIT).
* modules/pam_tty_audit/Makefile.am: Assume HAVE_AUDIT_TTY_STATUS.
|
|
|
|
|
|
| |
Also list one element of SUBDIRS per line for the ease of maintenance.
* modules/Makefile.am (SUBDIRS): List one per line, sort.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by gcc-10 -Warray-bounds:
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:197:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [260, 389] from the object at 'uts' is out of the bounds of referenced subobject 'version' with type 'char[65]' at offset 195 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:59:10: note: subobject 'version' declared here
59 | char version[_UTSNAME_VERSION_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:188:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [65, 389] from the object at 'uts' is out of the bounds of referenced subobject 'sysname' with type 'char[65]' at offset 0 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:51:10: note: subobject 'sysname' declared here
51 | char sysname[_UTSNAME_SYSNAME_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:194:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [195, 389] from the object at 'uts' is out of the bounds of referenced subobject 'release' with type 'char[65]' at offset 130 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:57:10: note: subobject 'release' declared here
57 | char release[_UTSNAME_RELEASE_LENGTH];
| ^~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:191:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [130, 389] from the object at 'uts' is out of the bounds of referenced subobject 'nodename' with type 'char[65]' at offset 65 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:54:10: note: subobject 'nodename' declared here
54 | char nodename[_UTSNAME_NODENAME_LENGTH];
| ^~~~~~~~
In file included from /usr/include/string.h:494,
from modules/pam_issue/pam_issue.c:19:
In function 'strncat',
inlined from 'read_issue_quoted' at modules/pam_issue/pam_issue.c:200:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:136:10: error: '__builtin___strncat_chk' offset [325, 389] from the object at 'uts' is out of the bounds of referenced subobject 'machine' with type 'char[65]' at offset 260 [-Werror=array-bounds]
136 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from modules/pam_issue/pam_issue.c:26:
modules/pam_issue/pam_issue.c: In function 'read_issue_quoted':
/usr/include/x86_64-linux-gnu/sys/utsname.h:62:10: note: subobject 'machine' declared here
62 | char machine[_UTSNAME_MACHINE_LENGTH];
| ^~~~~~~
* modules/pam_issue/pam_issue.c (read_issue_quoted): Rewrite to avoid
strncat from potentially not null-terminated string buffer fields
of struct utsname.
|
|
|
|
|
|
|
|
|
|
|
| |
available
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Do not assign -1U to
dirscans_sizes[i] when scandir(motd_dir_path_split[i]) returns an error.
Resolves: https://bugzilla.altlinux.org/38389
Fixes: d57ab221 ("pam_motd: Cleanup the code and avoid unnecessary logging")
|
|
|
|
|
|
|
|
|
|
| |
Apply the following calloc invocation idiom:
ptr = calloc(nmemb, sizeof(*ptr));
* modules/pam_motd/pam_motd.c (pam_split_string,
try_to_display_directories_with_overrides): Cleanup calloc invocations.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Do not access
elements of dirscans_sizes array if dirscans_sizes == NULL
due to an earlier memory allocation error.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
| |
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove return statement
at the end of the function returning void.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
|
| |
pam_syslog already does all the prefixing we need.
* modules/pam_motd/pam_motd.c (pam_split_string,
try_to_display_directories_with_overrides): Remove "pam_motd: " prefix
from strings passed to pam_syslog.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
|
| |
pam_motd used to leak memory allocated for each motd file
successfully opened in try_to_display_directories_with_overrides.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Free abs_path.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not invoke calloc with the first argument equal to zero as the return
value can be NULL which is undistinguishable from memory allocation
error.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Skip if there are no
directory entries (dirscans_size_total == 0).
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
|
| |
As dirnames_all is allocated with calloc, zeroing it out is pointless.
* modules/pam_motd/pam_motd.c
(try_to_display_directories_with_overrides): Remove redundant zeroing
of dirnames_all.
Fixes: f9c9c721 ("pam_motd: Support multiple motd paths specified, with filename overrides (#69)")
|
|
|
|
|
|
|
|
|
|
| |
As WITH_SELINUX is already AC_DEFINE'd in configure.ac,
there is no point in adding -DWITH_SELINUX to CFLAGS.
* libpam/Makefile.am [HAVE_LIBSELINUX] (AM_CFLAGS): Do not add
-DWITH_SELINUX.
* modules/pam_rootok/Makefile.am: Likewise.
* modules/pam_unix/Makefile.am: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by gcc-10 -Wstringop-overflow:
In file included from /usr/include/string.h:494,
from modules/pam_filter/pam_filter.c:14:
In function 'strcpy',
inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2,
inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=]
90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra':
modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here
128 | levp[0] = (char *) malloc(size);
| ^~~~~~~~~~~~
* modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap
buffer overflow in case of a filter without arguments (argc == 0).
|
|
|
|
|
|
|
| |
In other modules they were removed by commit Linux-PAM-1.3.0~14.
* modules/pam_setquota/pam_setquota.c: Remove PAM_EXTERN and PAM_STATIC
parts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On ppc64le the compiler complains with the following diagnostics:
pam_setquota.c: In function 'debug':
pam_setquota.c:48:59: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:75: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 7 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ~~~^
| |
| long long unsigned int
| %lu
......
51 | p->dqb_bsoftlimit, p->dqb_bhardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 8 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:46: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 9 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
52 | p->dqb_isoftlimit, p->dqb_ihardlimit,
| ~~~~~~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:62: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 10 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:73: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
pam_setquota.c:48:31: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type '__u64' {aka 'const long unsigned int'} [-Wformat=]
48 | pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
53 | p->dqb_btime, p->dqb_itime);
| ~~~~~~~~~~~~
| |
| __u64 {aka const long unsigned int}
pam_setquota.c:49:84: note: format string is defined here
49 | "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
| ~~~^
| |
| long long unsigned int
| %lu
* modules/pam_setquota/pam_setquota.c (debug): Cast fields of type __u64
to unsigned long long.
|
|
|
|
|
|
|
|
|
| |
This ensures "config.h" is included before any system header
which fixes the following bug reported by ALT diagnostics:
verify-elf: ERROR: ./lib/security/pam_timestamp.so: uses non-LFS functions: __fxstat open
* modules/pam_timestamp/hmacsha1.c: Include "config.h".
|
|
|
|
|
|
| |
All other modules already build with WARN_CFLAGS.
* modules/pam_setquota/Makefile.am (AM_CFLAGS): Add $(WARN_CFLAGS).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix -Wunused-variable compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:173:9: warning: unused variable 'ep' [-Wunused-variable]
173 | char *ep, *val, *mntdevice = NULL;
| ^~
pam_setquota.c:172:17: warning: unused variable 'ul' [-Wunused-variable]
172 | unsigned long ul;
| ^~
Fix -Wunused-parameter compilation warnings:
pam_setquota.c: In function 'pam_sm_open_session':
pam_setquota.c:169:60: warning: unused parameter 'flags' [-Wunused-parameter]
169 | PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c: In function 'pam_sm_close_session':
pam_setquota.c:382:40: warning: unused parameter 'pamh' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~~~~~~~~~~~^~~~
pam_setquota.c:382:50: warning: unused parameter 'flags' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~~
pam_setquota.c:382:61: warning: unused parameter 'argc' [-Wunused-parameter]
382 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
| ~~~~^~~~
pam_setquota.c:383:39: warning: unused parameter 'argv' [-Wunused-parameter]
383 | const char **argv) {
| ~~~~~~~~~~~~~^~~~
* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Mark
'flags' parameter as unused. Remove unused 'ep' and 'ul' variables.
(pam_sm_close_session): Mark all parameters as unused.
|
|
|
|
|
|
|
| |
This makes disk quotas usable with central user databases, such as MySQL or
LDAP.
Resolves: https://github.com/linux-pam/linux-pam/issues/92
|
|
|
|
|
|
|
|
| |
* modules/pam_access/pam_access.c (netgroup_match): Place the code
that calls getdomainname under HAVE_GETDOMAINNAME guard.
* modules/pam_issue/pam_issue.c (read_issue_quoted): Likewise.
Resolves: https://github.com/linux-pam/linux-pam/issues/43
|
|
|
|
|
|
|
| |
According to crypt(5), md5 should not be used for new hashes. Let's
give a modern example with yescrypt.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/issues/65
Resolves: https://github.com/linux-pam/linux-pam/pull/199
|
|
|
|
|
|
|
|
|
| |
_PATH_VARRUN already provides trailing slash for building paths
Fixes:
$ strings /usr/lib64/security/pam_timestamp.so | grep /run/
/var/run//pam_timestamp
/var/run//pam_timestamp/_pam_timestamp_key
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pam_unix.so will never return PAM_AUTHINFO_UNAVAIL on systems
that use the unix_chkpwd helper.
The reason is that in unix_chkpwd.c, towards the end of main(), if
helper_verify_password() does not return PAM_SUCCESS, main() ignores
the actual error that helper_verify_password() returned and instead
returns PAM_AUTH_ERR.
This commit corrects this behavior. Specifically, if
helper_verify_password() returns PAM_USER_UNKNOWN, which it does
when /etc/passwd entry indicates that shadow information is present
but the /etc/shadow entry is missing, the unix_chkpwd now exits
with PAM_AUTHINFO_UNAVAIL. For any other error from
helper_verify_password(), unix_chkpwd continues to exit with
PAM_AUTH_ERR.
* modules/pam_unix/unix_chkpwd.c (main): Return PAM_AUTHINFO_UNAVAIL
when helper_verify_password() returns PAM_USER_UNKNOWN.
|
| |
|
|
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/163
Resolves: https://github.com/linux-pam/linux-pam/pull/191
|
|
|
|
|
|
|
|
|
|
| |
pam_exec module can be called when a user name has not been prompted
yet. And thus the command is called without a user name available.
This fix asks PAM for the user name to ensure it is ready or to force
the prompt.
Resolves: https://github.com/linux-pam/linux-pam/issues/131
Resolves: https://github.com/linux-pam/linux-pam/pull/195
|
|
|
|
| |
Resolves: https://github.com/linux-pam/linux-pam/pull/194
|
| |
|
| |
|
|
|
|
|
| |
The result is nowhere checked and other logging functions like
pam_syslog are also not checked.
|
| |
|
|
|
|
|
|
|
|
| |
`security_context_t` is a legacy typedef to `char *`, substitute all usage.
See
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9
https://github.com/SELinuxProject/selinux/blob/f8c110c8a615eb640510eab39640a0957a6ba19c/libselinux/include/selinux/selinux.h#L16
|
|
|
|
|
|
| |
* modules/pam_userdb/pam_userdb.c: Include "pam_inline.h".
(_pam_parse, user_lookup): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
|
|
|
|
|
| |
* modules/pam_umask/pam_umask.c: Include "pam_inline.h".
(parse_option, setup_limits_from_gecos): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
|
|
|
|
|
| |
* modules/pam_pwhistory/pam_pwhistory.c: Include "pam_inline.h".
(parse_option): Use pam_str_skip_icase_prefix instead of ugly
strncasecmp invocations.
|
|
|
|
|
| |
* modules/pam_exec/pam_exec.c (call_exec): Use pam_str_skip_icase_prefix
instead of ugly strncasecmp invocations.
|
|
|
|
|
|
| |
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(pam_sm_open_session, pam_sm_close_session): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
|
|
|
|
|
| |
* modules/pam_wheel/pam_wheel.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modules/pam_unix/passverify.c: Include "pam_inline.h".
(verify_pwd_hash): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
* modules/pam_unix/support.c: Include "pam_inline.h".
(_set_ctrl): Use pam_str_skip_prefix_len instead of hardcoding string
lengths.
* modules/pam_unix/md5_crypt.c: Include "pam_inline.h".
(crypt_md5): Use pam_str_skip_prefix_len.
squash! modules/pam_unix: use pam_str_skip_prefix and pam_str_skip_prefix_len
|
|
|
|
|
|
| |
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|