| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
* modules/pam_motd/pam_motd.c: Include "pam_inline.h".
(pam_sm_open_session): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_mail/pam_mail.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_localuser/pam_localuser.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_listfile/pam_listfile.c: Include "pam_inline.h".
(pam_sm_authenticate): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
|
| |
* modules/pam_limits/pam_limits.c: Include "pam_inline.h".
(_pam_parse, parse_kernel_limits): Use pam_str_skip_prefix instead of
ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_lastlog/pam_lastlog.c: Include "pam_inline.h".
(_pam_auth_parse, get_tty): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_issue/pam_issue.c: Include "pam_inline.h".
(pam_sm_authenticate, read_issue_quoted): Use pam_str_skip_prefix
instead of ugly strncmp invocations.
|
| |
|
|
|
| |
* modules/pam_ftp/pam_ftp.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_env/pam_env.c: Include "pam_inline.h".
(_pam_parse, _parse_line): Use pam_str_skip_prefix instead of ugly
strncmp invocations.
|
| |
|
|
|
| |
* modules/pam_echo/pam_echo.c: Include "pam_inline.h".
(pam_echo): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
| |
* modules/pam_cracklib/pam_cracklib.c: Include "pam_inline.h".
(_pam_parse): Use pam_str_skip_prefix instead of ugly strncmp
invocations.
|
| |
|
|
|
| |
* modules/pam_access/pam_access.c: Include "pam_inline.h".
(parse_args): Use pam_str_skip_prefix instead of ugly strncmp invocations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace all instances of sizeof(x) / sizeof(*x) with PAM_ARRAY_SIZE(x)
which is less error-prone and implements an additional type check.
* libpam/pam_handlers.c: Include "pam_inline.h".
(_pam_open_config_file): Use PAM_ARRAY_SIZE.
* modules/pam_exec/pam_exec.c: Include "pam_inline.h".
(call_exec): Use PAM_ARRAY_SIZE.
* modules/pam_namespace/pam_namespace.c: Include "pam_inline.h".
(filter_mntopts): Use PAM_ARRAY_SIZE.
* modules/pam_timestamp/hmacfile.c: Include "pam_inline.h".
(testvectors): Use PAM_ARRAY_SIZE.
* modules/pam_xauth/pam_xauth.c: Include "pam_inline.h".
(run_coprocess, pam_sm_open_session): Use PAM_ARRAY_SIZE.
* tests/tst-pam_get_item.c: Include "pam_inline.h".
(main): Use PAM_ARRAY_SIZE.
* tests/tst-pam_set_item.c: Likewise.
* xtests/tst-pam_pwhistory1.c: Likewise.
* xtests/tst-pam_time1.c: Likewise.
|
| |
|
|
|
|
|
|
|
| |
Prefix match for options without arguments such as use_first_pass
is not correct, there has to be an exact match for these options.
* modules/pam_cracklib/pam_cracklib.c (_pam_parse): Fix parsing
of reject_username, gecoscheck, enforce_for_root, use_authtok,
use_first_pass, and try_first_pass options.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN
macros, use them to silence remaining clang -Wcast-align compilation
warnings.
* libpam/include/pam_cc_compat.h (DIAG_PUSH_IGNORE_CAST_ALIGN,
DIAG_POP_IGNORE_CAST_ALIGN): New macros.
* modules/pam_access/pam_access.c: Include "pam_cc_compat.h".
(from_match, network_netmask_match): Wrap inet_ntop invocations
in DIAG_PUSH_IGNORE_CAST_ALIGN and DIAG_POP_IGNORE_CAST_ALIGN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike gcc, clang is not smart enough to infer the alignment
of structure fields, so add some alignment hints to the code.
* libpam/include/pam_cc_compat.h (PAM_ATTRIBUTE_ALIGNED): New macro.
* modules/pam_namespace/md5.h: Include "pam_cc_compat.h".
(struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field.
* modules/pam_namespace/md5.c [!(__i386__ || __x86_64__)]
(uint8_aligned): New type.
[!(__i386__ || __x86_64__)] (byteReverse): Use it instead of
unsigned char.
* modules/pam_timestamp/sha1.h: Include "pam_cc_compat.h".
(struct sha1_context): Add PAM_ATTRIBUTE_ALIGNED to pending field.
* modules/pam_unix/md5.h: Include "pam_cc_compat.h".
(struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field.
* modules/pam_unix/md5.c [!HIGHFIRST] (uint8_aligned): New type.
[!HIGHFIRST] (byteReverse): Use it instead of unsigned char.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warnings reported by gcc
when sizeof(time_t) > sizeof(long), e.g. on x32:
modules/pam_tally/pam_tally.c:541:7: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
541 | _("The account is temporarily locked (%ld seconds left)."),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_tally/pam_tally.c:546:40: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
546 | "user %s (%lu) has time limit [%lds left]"
| ~~^
| |
| long int
| %lld
......
549 | oldtime+lock_time-time(NULL));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
modules/pam_tally2/pam_tally2.c:592:27: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
592 | pam_info(pamh, _("The account is temporarily locked (%ld seconds left)."),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_tally2/pam_tally2.c:597:50: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 6 has type ‘time_t’ {aka ‘long long int’} [-Wformat=]
597 | "user %s (%lu) has time limit [%lds left]"
| ~~^
| |
| long int
| %lld
......
600 | oldtime+opts->lock_time-time(NULL));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| time_t {aka long long int}
This change doesn't attempt to fix handling of 64-bit time_t on 32-bit
systems in these modules.
* modules/pam_tally/pam_tally.c (tally_check): Cast time_t expressions
to long int before passing them to pam_info and pam_syslog.
* modules/pam_tally2/pam_tally2.c (tally_check): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warnings reported by gcc on ilp32 platforms:
modules/pam_timestamp/hmacfile.c: In function ‘testvectors’:
modules/pam_timestamp/hmacfile.c:121:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
121 | printf("Incorrect result for vector %lu\n", i + 1);
| ~~^ ~~~~~
| | |
| | size_t {aka unsigned int}
| long unsigned int
| %u
modules/pam_timestamp/hmacfile.c:128:30: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
128 | printf("Error in vector %lu.\n", i + 1);
| ~~^ ~~~~~
| | |
| | size_t {aka unsigned int}
| long unsigned int
| %u
In function ‘strncpy’,
inlined from ‘pam_sm_open_session’ at modules/pam_timestamp/pam_timestamp.c:584:4:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output may be truncated copying between 1 and 4095 bytes from a string of length 4095 [-Wstringop-truncation]
* modules/pam_timestamp/hmacfile.c (testvectors): Cast the argument
of type size_t to unsigned long before passing it to printf.
* modules/pam_timestamp/pam_timestamp.c (pam_sm_open_session): Use
memcpy instead of strncpy as the source is not NUL-terminated, add an
extra check to ensure that iterator stays inside bounds.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setreuid() fails, there is no way to proceed any further: either
the process credentials are unchanged but inappropriate, or they are
in an inconsistent state and nothing good could be made out of it.
This fixes the following compilation warnings:
modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result]
* modules/pam_unix/passverify.c (get_account_info) [HELPER_COMPILE]:
Always check setreuid return code and return PAM_CRED_INSUFFICIENT
if setreuid failed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following compilation warning reported by gcc
when HAVE_LIBAUDIT is not set:
modules/pam_access/pam_access.c: In function ‘login_access’:
modules/pam_access/pam_access.c:338:13: warning: variable ‘nonall_match’ set but not used [-Wunused-but-set-variable]
338 | int nonall_match = NO;
| ^~~~~~~~~~~~
* modules/pam_access/pam_access.c (login_access): Enclose nonall_match
variable with HAVE_LIBAUDIT #ifdef's.
|
| |
|
|
|
|
|
|
|
|
|
| |
modules/pam_timestamp/pam_timestamp.c:807:17: warning: logical not
is only applied to the left hand side of this comparison
[-Wlogical-not-parentheses]
} else if (!timestamp_good(st.st...
^
* modules/pam_timestamp/pam_timestamp.c (main): Change timestamp_good
return code check to a more traditional form.
|
| |
|
|
|
| |
* modules/pam_timestamp/Makefile.am (EXTRA_DIST): Replace "$(man_MANS)"
with "$(MANS)" as the former is conditional on HAVE_DOC.
|
| |
|
|
|
|
| |
* modules/pam_namespace/Makefile.am (EXTRA_DIST): Replace
"$(MAN5) $(MAN8)" with "$(MANS)" as the former is conditional
on HAVE_DOC.
|
| |
|
|
|
|
|
| |
* modules/pam_usertype/Makefile.am (man_MANS): Make conditional
on HAVE_DOC.
Resolves: https://github.com/linux-pam/linux-pam/pull/193
|
| |
|
|
|
|
| |
* modules/pam_namespace/.gitignore: New file.
Resolves: https://github.com/linux-pam/linux-pam/pull/192
|
| |
|
|
|
|
| |
Explanation: check whether unknown object classes or permissions are allowed or denied in the current policy
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1680961
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the build is configured using --disable-nis option, gcc complains:
pam_unix_passwd.c: In function '_do_setpass':
pam_unix_passwd.c:398:8: warning: unused variable 'master' [-Wunused-variable]
support.c: In function '_unix_getpwnam':
support.c:305:21: warning: parameter 'nis' set but not used [-Wunused-but-set-parameter]
* modules/pam_unix/pam_unix_passwd.c (_do_setpass): Move the definition
of "master" variable to [HAVE_NIS].
* modules/pam_unix/support.c (_unix_getpwnam) [!(HAVE_YP_GET_DEFAULT_DOMAIN
&& HAVE_YP_BIND && HAVE_YP_MATCH && HAVE_YP_UNBIND)]: Do not assign
the unused parameter but mark it as used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove trailing whitespace introduced by commit
f9c9c72121eada731e010ab3620762bcf63db08f.
Remove blank lines at EOF introduced by commit
65d6735c5949ec233df9813f734e918a93fa36cf.
This makes the project free of warnings reported by
git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* doc/custom-html.xsl: Remove blank line at EOF.
* doc/custom-man.xsl: Likewise.
* modules/pam_motd/pam_motd.c: Remove trailing whitespace.
|
| |
|
|
|
|
| |
If kernel audit is disabled the socket open will return
EPROTONOSUPPORT.
Return PAM_IGNORE from pam_tty_audit and log a warning
in this situation so login is not blocked by the module.
|
| |
|
|
| |
u_intX_t is a glibcism this fixes the issue of compiling against musl libc.
|
| |
|
|
|
| |
* modules/pam_group/group.conf.5.xml: Replace bare & with &.
* modules/pam_time/time.conf.5.xml: Likewise.
|
| | |
|
| |
|
|
|
|
|
|
| |
* modules/pam_group/group.conf.5.xml: Document what logic list means.
* modules/pam_time/time.conf.5.xml: Likewise.
* modules/pam_group/pam_group.c (logic_field): Clear the not operator for the
further operations.
* modules/pam_time/pam_time.c (logic_field): Likewise.
|
| |
|
|
|
|
| |
If the shell is empty in /etc/passwd entry it means /bin/sh.
* modules/pam_shells/pam_shells.c (perform_check): Use /bin/sh as default shell.
|
| |
|
|
|
| |
* modules/pam_env/pam_env.8.xml: Document the change.
* modules/pam_env/pam_env.c: Set DEFAULT_USER_READ_ENVFILE to 0.
|
| |
|
|
|
|
|
|
|
| |
Raise BUF_SIZE to 8192 bytes.
* modules/pam_env/pam_env.c (_parse_env_file): Ignore lines starting with '='.
(_assemble_line): Detect long lines and binary files.
(_check_var): Avoid overwriting global variable.
(_expand_arg): Avoid repeated strlen calls.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using polyinstantiation for /tmp and/or /var/tmp, pam_namespace
creates subdirectories with fixed name tmp-inst. These paths should be
secured as early as possible to avoid that somehow these directories
could created and controlled by for example a malicious user or
service.
Ship a systemd service, which creates the directories early in
boot sequence with correct permissions and ownership.
Closes #111.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| |
|
|
|
| |
* modules/pam_succeed_if/pam_succeed_if.c: Fix const issues.
* modules/pam_usertype/pam_usertype.c: Avoid maybe used uninitialized warning.
|
| |
|
|
|
|
|
|
|
|
| |
Adding nullresetok to auth phase of pam_unix module will allow users
with blank password to authenticate in order to immediatelly change
their password even if nullok is not set.
This allows to have blank password authentication disabled but still
allows administrator to create new user accounts with expired blank
password that must be change on the first login.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Examples:
account requisite pam_succeed_if.so user ingroup group1:group2
OR
account requisite pam_succeed_if.so user notingroup group1:group2
OR
account requisite pam_succeed_if.so user ingroup wheel
OR
account requisite pam_succeed_if.so user notingroup wheel
Can be very convenient to grant access based on complex group memberships (LDAP, etc)
|
| |
|
|
|
| |
There are some source code including the same header file redundantly.
We remove these redundant header file inclusion.
|
| |
|
|
|
| |
* modules/pam_tally/pam_tally.8.xml: Mention account leakage without silent
* modules/pam_tally2/pam_tally2.8.xml: Mention account leakage without silent
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module will check if the user account type is system or regular based
on its uid. To evaluate the condition it will use 0-99 reserved range
together with `SYS_UID_MIN` and `SYS_UID_MAX` values from `/etc/login.defs`.
If these values are not set, it uses configure-time defaults
`--with-sys-uid-min` and `--with-uid-min` (according to `login.defs` man page
`SYS_UID_MAX` defaults to `UID_MIN - 1`.
This information can be used to skip specific module in pam stack
based on the account type. `pam_succeed_if uid < 1000` is used at the moment
however it does not reflect changes to `login.defs`.
|
| |
|
|
|
|
|
|
| |
Allow the user to disable documentation through --disable-doc (enabled
by default), this is especially useful when cross-compiling for embedded
targets
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new internal header file with definitions of
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL macros,
use them to temporary silence -Wcast-qual compilation warnings
in various modules.
* libpam/include/pam_cc_compat.h: New file.
* libpam/Makefile.am (noinst_HEADERS): Add include/pam_cc_compat.h.
* modules/pam_mkhomedir/pam_mkhomedir.c: Include "pam_cc_compat.h".
(create_homedir): Wrap execve invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_namespace/pam_namespace.c: Include "pam_cc_compat.h".
(pam_sm_close_session): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_tty_audit/pam_tty_audit.c: Include "pam_cc_compat.h".
(nl_send): Wrap the cast that discards ‘const’ qualifier in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_acct.c: Include "pam_cc_compat.h".
(_unix_run_verify_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/pam_unix_passwd.c: Include "pam_cc_compat.h".
(_unix_run_update_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/passverify.c: Include "pam_cc_compat.h".
(unix_update_shadow): Wrap the cast that discards ‘const’ qualifier
in DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_unix/support.c: Include "pam_cc_compat.h".
(_unix_run_helper_binary): Wrap execve invocation in
DIAG_PUSH_IGNORE_CAST_QUAL and DIAG_POP_IGNORE_CAST_QUAL.
* modules/pam_xauth/pam_xauth.c: Include "pam_cc_compat.h".
(run_coprocess): Wrap execv invocation in DIAG_PUSH_IGNORE_CAST_QUAL
and DIAG_POP_IGNORE_CAST_QUAL.
|
| |
|
|
|
|
|
|
|
|
| |
* libpam/pam_modutil_searchkey.c: Avoid assigning empty string literal to
non-const char *.
* modules/pam_filter/pam_filter.c: Avoid using const char **.
* modules/pam_mkhomedir/pam_mkhomedir.c: Properly cast out const for execve().
* modules/pam_namespace/pam_namespace.c: Properly cast out const from pam data.
* modules/pam_tally2/pam_tally2.c: String literal must be assigned to
const char *.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the call to the crypt(3) function failed for some reason during
hashing a new login passphrase, the wrapper function for computing
a hash with the md5crypt method was called internally by the pam_unix
module in previous versions of linux-pam.
With CVE-2012-3287 in mind, the md5crypt method is not considered to
be a safe nor recommended hashing method for a new login passphrase
since at least 2012. Thus pam_unix should error out in case of a
failure in crypt(3) instead of silently computing a hashed passphrase
using a potentially unsafe method.
* modules/pam_unix/pam_unix.8.xml: Update documentation.
* modules/pam_unix/passverify.c (create_password_hash): Return NULL
on error instead of silently invoke crypt_md5_wrapper().
|
| |
|
| |
helper_verify_password's variable salt is not just the salt but the whole hash. Renamed for clarity and conformity with the rest of the code.
|
